diff --git a/.github/ISSUE_TEMPLATE/metal_driver.md b/.github/ISSUE_TEMPLATE/metal_driver.md deleted file mode 100644 index 1e4e58d96..000000000 --- a/.github/ISSUE_TEMPLATE/metal_driver.md +++ /dev/null @@ -1,26 +0,0 @@ ---- -name: bare metal variant - driver request -about: Request a driver to be added to the metal variant of Bottlerocket -labels: status/needs-triage, area/metal, type/enhancement ---- - - - -**What I'd like:** - -**Device type (e.g. network interface, disk controller):** - -**Device vendor:** - -**Device model:** - -**Driver used on other Linux distribition:** - -**Any alternatives you've considered:** - diff --git a/.github/ISSUE_TEMPLATE/image.md b/.github/ISSUE_TEMPLATE/package.md similarity index 87% rename from .github/ISSUE_TEMPLATE/image.md rename to .github/ISSUE_TEMPLATE/package.md index b61e72ada..6da8db36e 100644 --- a/.github/ISSUE_TEMPLATE/image.md +++ b/.github/ISSUE_TEMPLATE/package.md @@ -1,5 +1,5 @@ --- -name: Bug report - Bottlerocket image +name: Bug report - Bottlerocket package about: Let us know about a problem with Bottlerocket labels: status/needs-triage, type/bug --- @@ -11,7 +11,7 @@ Tips: - Please include any error messages you received, with any required context. --> -**Image I'm using:** +**Package I'm using:** diff --git a/.github/actions/list-variants/action.yml b/.github/actions/list-variants/action.yml deleted file mode 100644 index a6e800c76..000000000 --- a/.github/actions/list-variants/action.yml +++ /dev/null @@ -1,24 +0,0 @@ -name: "List active variants" -description: "Dynamically determines current Bottlerocket variants based on repo contents." -outputs: - variants: - description: A list of all variants defined in the repo - value: ${{ steps.get-variants.outputs.variants }} - aarch-enemies: - description: Variants that should not run for aarch64 - value: ${{ steps.get-variants.outputs.aarch-enemies }} -runs: - using: "composite" - steps: - - uses: actions/checkout@v4 - - id: get-variants - name: Determine variants - shell: bash - run: | - cd variants - output="variants=$(ls -d */ | cut -d'/' -f 1 | grep -vE '^(shared|target)$' | sort | awk '$0 != x "-nvidia" && NR>1 {print x} {x=$0} END {print}' | jq -R -s -c 'split("\n")[:-1]')" - echo $output - echo $output >> $GITHUB_OUTPUT - output="aarch-enemies=$(ls -d */ | cut -d'/' -f 1 | grep -E '(^(metal|vmware)|\-dev$)' | jq -R -s -c 'split("\n")[:-1] | [ .[] | {"variant": ., "arch": "aarch64"}]')" - echo $output - echo $output >> $GITHUB_OUTPUT diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 2cffc5532..4f9c66da8 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -17,41 +17,22 @@ on: - '**.tpl' # Sample config files and OpenAPI docs - '**.yaml' - # Other files that don't affect the build - - 'packages/os/eni-max-pods' concurrency: group: ${{ github.ref }} cancel-in-progress: true jobs: - list-variants: - # This needs to be its own job since the build job needs its output before - # it can initialize - if: github.repository == 'bottlerocket-os/bottlerocket' - name: "Determine variants" - runs-on: ubuntu-latest - outputs: - variants: ${{ steps.get-variants.outputs.variants }} - aarch-enemies: ${{ steps.get-variants.outputs.aarch-enemies }} - steps: - - uses: actions/checkout@v4 - - uses: ./.github/actions/list-variants - id: get-variants - build: - needs: list-variants runs-on: group: bottlerocket labels: bottlerocket_ubuntu-latest_32-core continue-on-error: true strategy: matrix: - variant: ${{ fromJson(needs.list-variants.outputs.variants) }} arch: [x86_64, aarch64] - exclude: ${{ fromJson(needs.list-variants.outputs.aarch-enemies) }} fail-fast: false - name: "Build ${{ matrix.variant }}-${{ matrix.arch }}" + name: "Build ${{ matrix.arch }}" steps: - name: Random delay run: | @@ -61,23 +42,11 @@ jobs: - uses: actions/checkout@v4 - name: Preflight step to set up the runner uses: ./.github/actions/setup-node - - if: contains(matrix.variant, 'nvidia') - run: | - cat <<-EOF > Licenses.toml - [nvidia] - spdx-id = "LICENSE-LicenseRef-NVIDIA-Customer" - licenses = [ - { path = "NVIDIA", license-url = "https://www.nvidia.com/en-us/drivers/nvidia-license/" } - ] - EOF - run: rustup component add rustfmt - - run: cargo make -e BUILDSYS_VARIANT=${{ matrix.variant }} unit-tests - - run: cargo make -e BUILDSYS_VARIANT=${{ matrix.variant }} check-fmt + - run: make twoliter unit-tests + # TODO: fixme please! # Avoid running Go lint check via `cargo make check-lints` since there's a separate golangci-lint workflow - - run: cargo make -e BUILDSYS_VARIANT=${{ matrix.variant }} check-clippy - - run: cargo make -e BUILDSYS_VARIANT=${{ matrix.variant }} check-shell - - run: | - cargo make -e BUILDSYS_VARIANT=${{ matrix.variant }} \ - -e BUILDSYS_ARCH=${{ matrix.arch }} \ - -e BUILDSYS_JOBS=12 \ - -e BUILDSYS_UPSTREAM_LICENSE_FETCH="${{ contains(matrix.variant, 'nvidia') }}" + # - run: make twoliter check-fmt + # - run: make twoliter check-clippy + - run: make twoliter check-shell + - run: make ARCH="${{ matrix.arch }}" diff --git a/.github/workflows/cache.yml b/.github/workflows/cache.yml index 2b66cc020..174a27241 100644 --- a/.github/workflows/cache.yml +++ b/.github/workflows/cache.yml @@ -7,12 +7,12 @@ on: paths: - '.github/**' - 'sources/Cargo.lock' - - 'tools/pubsys*/**' - - '!tools/pubsys/policies/**' - - '!tools/pubsys/**.example' + - 'Twoliter.toml' + - 'Twoliter.lock' + - 'Makefile' jobs: cache: - if: github.repository == 'bottlerocket-os/bottlerocket' + if: github.repository == 'bottlerocket-os/bottlerocket-core-kit' runs-on: group: bottlerocket labels: bottlerocket_ubuntu-latest_8-core diff --git a/.github/workflows/weekly.yml b/.github/workflows/weekly.yml deleted file mode 100644 index 125e554f3..000000000 --- a/.github/workflows/weekly.yml +++ /dev/null @@ -1,65 +0,0 @@ -# This is basically a duplicate of the main "build" workflow, but uses GOPROXY=direct -# to try to catch errors close to their introduction due to yanked Go modules. These -# could otherwise be covered up by caching and not discovered until much later when -# bypassing the main cache. -name: Weekly -on: - schedule: - # Run Monday at 02:15 UTC. Randomly chosen as a "quiet" time for this to run. - # See syntax for format details: https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#onschedule - - cron: '15 2 * * 1' - -env: - # When Go packages are built, buildsys will vendor in dependent Go code for - # that package and bundle it up in a tarball. This env variable is consumed - # and used to configure Go to directly download code from its upstream source. - # This is a useful early signal during GitHub actions to see if there are - # upstream Go code problems. - GOPROXY: direct - -jobs: - list-variants: - # This needs to be its own job since the build job needs its output before - # it can initialize - if: github.repository == 'bottlerocket-os/bottlerocket' - name: "Determine variants" - runs-on: ubuntu-latest - outputs: - variants: ${{ steps.get-variants.outputs.variants }} - aarch-enemies: ${{ steps.get-variants.outputs.aarch-enemies }} - steps: - - uses: actions/checkout@v4 - - uses: ./.github/actions/list-variants - id: get-variants - - build: - needs: list-variants - runs-on: - group: bottlerocket - labels: bottlerocket_ubuntu-latest_32-core - continue-on-error: false - strategy: - matrix: - variant: ${{ fromJson(needs.list-variants.outputs.variants) }} - arch: [x86_64, aarch64] - exclude: ${{ fromJson(needs.list-variants.outputs.aarch-enemies) }} - fail-fast: false - name: "Build ${{ matrix.variant }}-${{ matrix.arch }}" - steps: - - uses: actions/checkout@v4 - - name: Preflight step to set up the runner - uses: ./.github/actions/setup-node - - if: contains(matrix.variant, 'nvidia') - run: | - cat <<-EOF > Licenses.toml - [nvidia] - spdx-id = "LICENSE-LicenseRef-NVIDIA-Customer" - licenses = [ - { path = "NVIDIA", license-url = "https://www.nvidia.com/en-us/drivers/nvidia-license/" } - ] - EOF - - run: | - cargo make -e BUILDSYS_VARIANT=${{ matrix.variant }} \ - -e BUILDSYS_ARCH=${{ matrix.arch }} \ - -e BUILDSYS_JOBS=12 \ - -e BUILDSYS_UPSTREAM_LICENSE_FETCH="${{ contains(matrix.variant, 'nvidia') }}" diff --git a/CHANGELOG.md b/CHANGELOG.md deleted file mode 100644 index f4c6d912a..000000000 --- a/CHANGELOG.md +++ /dev/null @@ -1,3495 +0,0 @@ -# v1.20.2 (2024-06-12) - -## OS Changes -* Update kernel to 5.10.217 [#4039] -* Mount static kmod as /usr/local/sbin/modprobe [#4037] - -[#4037]: https://github.com/bottlerocket-os/bottlerocket/pull/4037 -[#4039]: https://github.com/bottlerocket-os/bottlerocket/pull/4039 - -# v1.20.1 (2024-06-04) - -## OS Changes -* Update kernels to 6.1.90, 5.15.158, and 5.10.216 ([#3976], [#3972]) -* Include statically linked version of kmod ([#3981]) -* Specify AWS EULA as license for kmod-*-nvidia packages ([#3991]) -* Update source for Fabric Manager binaries ([#4015]) -* Update NVIDIA driver versions to 470.256.02 and 535.183.01 ([#4029]) - -[#3972]: https://github.com/bottlerocket-os/bottlerocket/pull/3972 -[#3976]: https://github.com/bottlerocket-os/bottlerocket/pull/3976 -[#3981]: https://github.com/bottlerocket-os/bottlerocket/pull/3981 -[#3991]: https://github.com/bottlerocket-os/bottlerocket/pull/3991 -[#4015]: https://github.com/bottlerocket-os/bottlerocket/pull/4015 -[#4029]: https://github.com/bottlerocket-os/bottlerocket/pull/4029 - -# v1.20.0 (2024-05-13) - -## OS Changes -* Update third party packages ([#3939]) -* Enable file system encryption in 5.15 and 6.1 kernels ([#3906], [#3908]) -* Backport fix for loading SELinux modules ([#3907]) -* Add Fabric Manager support ([#3873]) -* Update host containers ([#3947]) -* Add setting to configure ntp options ([#3852] thanks @domgoodwin) -* Include swap utilities ([#3829]) -* Update kernels to 6.1.87, 5.15.156, 5.10.215 ([#3934], [#3930]) - -## Orchestrator Changes - -### Kubernetes -* Drop Kubernetes 1.25 Metal and VMware variants ([#3896]) -* Add Kubernetes 1.30 variants ([#3859], [#3936]) -* Add container-runtime settings to `aws-k8s-*-nvidia` variants ([#3945]) - -### ECS -* Update ecs-agent to 1.82.3 ([#3939]) -* Use systemd drop-ins to configure the ECS agent ([#3834]) - -## Build Changes -* Update twoliter and the SDK ([#3938], [#3885]) -* Remove liblzma and libbzip2 ([#3861], [#3944]) -* Pessimize Rust builds that require the AWS SDK ([#3892]) -* Reduce variant matrix in CI/CD ([#3863]) -* Document package build tools for go dependencies ([#3882]) -* Update Go lints in CI/CD ([#3884]) -* Out-of-tree build enablement - * systemd: use build defaults and kernel parameters for unified cgroups ([#3886], [#3935]) - * early-boot-config: Use standalone provider binaries to fetch user data ([#3637], [#3890]) - * logdog: retrieve settings via API client ([#3946]) - * netdog: remove conditional compilation, add hostname helpers ([#3700], [#3898]) - * schnauzer: add if_not_null template helper ([#3838]) - * static-pods: remove conditional compilation, switch to config file ([#3891], [#3927], [#3913]) - * host-containers: switch to config file ([#3777], [#3842]) - * bootstrap-containers: switch to config file ([#3724]) - * corndog: switch to config file ([#3715]) - * prairiedog: switch to config file ([#3713], [#3814], [#3836]) - * thar-be-updates: switch to config file ([#3721]) - * updog: use modeled types ([#3901]) - * kernel: remove variant sensitivity ([#3897], [#3905], [#3932]) -* FIPS enablement - * add FIPS report to the API ([#3894]) - * add release-fips package for FIPS functionality ([#3893]) - * build Go binaries for FIPS and non-FIPS ([#3887]) - -[#3637]: https://github.com/bottlerocket-os/bottlerocket/pull/3637 -[#3700]: https://github.com/bottlerocket-os/bottlerocket/pull/3700 -[#3713]: https://github.com/bottlerocket-os/bottlerocket/pull/3713 -[#3715]: https://github.com/bottlerocket-os/bottlerocket/pull/3715 -[#3721]: https://github.com/bottlerocket-os/bottlerocket/pull/3721 -[#3724]: https://github.com/bottlerocket-os/bottlerocket/pull/3724 -[#3777]: https://github.com/bottlerocket-os/bottlerocket/pull/3777 -[#3814]: https://github.com/bottlerocket-os/bottlerocket/pull/3814 -[#3829]: https://github.com/bottlerocket-os/bottlerocket/pull/3829 -[#3834]: https://github.com/bottlerocket-os/bottlerocket/pull/3834 -[#3836]: https://github.com/bottlerocket-os/bottlerocket/pull/3836 -[#3838]: https://github.com/bottlerocket-os/bottlerocket/pull/3838 -[#3842]: https://github.com/bottlerocket-os/bottlerocket/pull/3842 -[#3852]: https://github.com/bottlerocket-os/bottlerocket/pull/3852 -[#3859]: https://github.com/bottlerocket-os/bottlerocket/pull/3859 -[#3861]: https://github.com/bottlerocket-os/bottlerocket/pull/3861 -[#3863]: https://github.com/bottlerocket-os/bottlerocket/pull/3863 -[#3873]: https://github.com/bottlerocket-os/bottlerocket/pull/3873 -[#3882]: https://github.com/bottlerocket-os/bottlerocket/pull/3882 -[#3884]: https://github.com/bottlerocket-os/bottlerocket/pull/3884 -[#3885]: https://github.com/bottlerocket-os/bottlerocket/pull/3885 -[#3886]: https://github.com/bottlerocket-os/bottlerocket/pull/3886 -[#3887]: https://github.com/bottlerocket-os/bottlerocket/pull/3887 -[#3890]: https://github.com/bottlerocket-os/bottlerocket/pull/3890 -[#3891]: https://github.com/bottlerocket-os/bottlerocket/pull/3891 -[#3892]: https://github.com/bottlerocket-os/bottlerocket/pull/3892 -[#3893]: https://github.com/bottlerocket-os/bottlerocket/pull/3893 -[#3894]: https://github.com/bottlerocket-os/bottlerocket/pull/3894 -[#3896]: https://github.com/bottlerocket-os/bottlerocket/pull/3896 -[#3897]: https://github.com/bottlerocket-os/bottlerocket/pull/3897 -[#3898]: https://github.com/bottlerocket-os/bottlerocket/pull/3898 -[#3901]: https://github.com/bottlerocket-os/bottlerocket/pull/3901 -[#3905]: https://github.com/bottlerocket-os/bottlerocket/pull/3905 -[#3906]: https://github.com/bottlerocket-os/bottlerocket/pull/3906 -[#3907]: https://github.com/bottlerocket-os/bottlerocket/pull/3907 -[#3908]: https://github.com/bottlerocket-os/bottlerocket/pull/3908 -[#3913]: https://github.com/bottlerocket-os/bottlerocket/pull/3913 -[#3927]: https://github.com/bottlerocket-os/bottlerocket/pull/3927 -[#3930]: https://github.com/bottlerocket-os/bottlerocket/pull/3930 -[#3932]: https://github.com/bottlerocket-os/bottlerocket/pull/3932 -[#3934]: https://github.com/bottlerocket-os/bottlerocket/pull/3934 -[#3935]: https://github.com/bottlerocket-os/bottlerocket/pull/3935 -[#3936]: https://github.com/bottlerocket-os/bottlerocket/pull/3936 -[#3938]: https://github.com/bottlerocket-os/bottlerocket/pull/3938 -[#3939]: https://github.com/bottlerocket-os/bottlerocket/pull/3939 -[#3944]: https://github.com/bottlerocket-os/bottlerocket/pull/3944 -[#3945]: https://github.com/bottlerocket-os/bottlerocket/pull/3945 -[#3946]: https://github.com/bottlerocket-os/bottlerocket/pull/3946 -[#3947]: https://github.com/bottlerocket-os/bottlerocket/pull/3947 - - -# v1.19.5 (2024-05-01) - -## OS Changes -* Update kernel to 5.10.214, 5.15.153, 6.1.84 [#3906] -* Update third party packages ([#3910], [#3914]) -* Update host containers (#[3911]) - -## Orchestrator Changes - -### Kubernetes -* Provide runtime cgroup to kubelet ([#3804]) - -## Build Changes -* Update twoliter to v0.1.1 ([#3880], [#3900]) -* Update ecs-gpu-init, amazon-ssm-agent, and nvidia-k8s-device-plugin builds for new SDK ([#3920], [#3921], [#3924]) - -[#3804]: https://github.com/bottlerocket-os/bottlerocket/pull/3804 -[#3880]: https://github.com/bottlerocket-os/bottlerocket/pull/3880 -[#3900]: https://github.com/bottlerocket-os/bottlerocket/pull/3900 -[#3906]: https://github.com/bottlerocket-os/bottlerocket/pull/3906 -[#3910]: https://github.com/bottlerocket-os/bottlerocket/pull/3910 -[#3911]: https://github.com/bottlerocket-os/bottlerocket/pull/3911 -[#3914]: https://github.com/bottlerocket-os/bottlerocket/pull/3914 -[#3920]: https://github.com/bottlerocket-os/bottlerocket/pull/3920 -[#3921]: https://github.com/bottlerocket-os/bottlerocket/pull/3921 -[#3924]: https://github.com/bottlerocket-os/bottlerocket/pull/3924 - -# v1.19.4 (2024-04-06) - -## OS Changes -* Update kernel to 5.10.213, 5.15.152, 6.1.82 ([#3865]) -* Update containerd to 1.6.31 ([#3869]) - -[#3865]: https://github.com/bottlerocket-os/bottlerocket/pull/3865 -[#3869]: https://github.com/bottlerocket-os/bottlerocket/pull/3869 - -# v1.19.3 (2024-03-26) - -## OS Changes -* Update kernel to 5.10.210, 5.15.149, 6.1.79 ([#3853]) -* Update third party packages ([#3793], [#3832]) -* Update host containers ([#3837]) -* Support auditctl in bootstrap containers ([#3831]) - -## Orchestrator Changes - -### Kubernetes -* Add latest instance types to eni-max-pods mapping ([#3824]) - -### ECS - -## Build Changes -* Update Rust dependencies ([#3830]) -* Update Go dependencies ([#3830]) -* twoliter updated to v0.0.7 ([#3839]) - -[#3793]: https://github.com/bottlerocket-os/bottlerocket/pull/3793 -[#3824]: https://github.com/bottlerocket-os/bottlerocket/pull/3824 -[#3832]: https://github.com/bottlerocket-os/bottlerocket/pull/3832 -[#3830]: https://github.com/bottlerocket-os/bottlerocket/pull/3830 -[#3831]: https://github.com/bottlerocket-os/bottlerocket/pull/3831 -[#3837]: https://github.com/bottlerocket-os/bottlerocket/pull/3837 -[#3839]: https://github.com/bottlerocket-os/bottlerocket/pull/3839 -[#3853]: https://github.com/bottlerocket-os/bottlerocket/pull/3853 - -# v1.19.2 (2024-02-26) - -## OS Changes -* Update third party packages ([#3789]) -* Update kernel to 5.10.209, 5.15.148, 6.1.77 ([#3797]) -* Add AWS settings extension ([#3738], [#3770]) -* Allow CSI helpers in the SELinux policy ([#3779]) -* Update to latest NVIDIA drivers ([#3798]) - -## Orchestrator Changes - -### Kubernetes -* Enable NVIDIA GPU isolation using volume mounts ([#3718] thanks @chiragjn , [#3790]) -* Clean up CNI results cache on boot ([#3792]) - -### ECS -* Add `settings.ecs.enable-container-metadata` ([#3782]) - -## Build Changes -* Adjust certdog to utilize a configuration file instead of the API server ([#3706], [#3778], [#3787]) -* Don't use parallel make for shim package ([#3771]) -* Renumber unit files in release package ([#3769]) -* Ignore EKS patches for k8s-1.23 in Git ([#3774]) - -[#3706]: https://github.com/bottlerocket-os/bottlerocket/pull/3706 -[#3718]: https://github.com/bottlerocket-os/bottlerocket/pull/3718 -[#3738]: https://github.com/bottlerocket-os/bottlerocket/pull/3738 -[#3769]: https://github.com/bottlerocket-os/bottlerocket/pull/3769 -[#3770]: https://github.com/bottlerocket-os/bottlerocket/pull/3770 -[#3771]: https://github.com/bottlerocket-os/bottlerocket/pull/3771 -[#3774]: https://github.com/bottlerocket-os/bottlerocket/pull/3774 -[#3778]: https://github.com/bottlerocket-os/bottlerocket/pull/3778 -[#3779]: https://github.com/bottlerocket-os/bottlerocket/pull/3779 -[#3782]: https://github.com/bottlerocket-os/bottlerocket/pull/3782 -[#3787]: https://github.com/bottlerocket-os/bottlerocket/pull/3787 -[#3789]: https://github.com/bottlerocket-os/bottlerocket/pull/3789 -[#3790]: https://github.com/bottlerocket-os/bottlerocket/pull/3790 -[#3792]: https://github.com/bottlerocket-os/bottlerocket/pull/3792 -[#3797]: https://github.com/bottlerocket-os/bottlerocket/pull/3797 -[#3798]: https://github.com/bottlerocket-os/bottlerocket/pull/3798 - -# v1.19.1 (2024-02-06) - -## OS Changes -* Update kernel to 5.10.209, 5.15.148 ([#3765]) -* Update host containers ([#3763]) - -## Orchestrator Changes - -### Kubernetes -* Mark pause container image as "pinned" to prevent garbage collection ([#3757]) - -### ECS -* Update Docker engine and Docker CLI to v25.0.2 ([#3759]) -* Update ECS agent to 1.81.0 ([#3759]) -* Update AWS SSM agent to 3.2.2222.0 ([#3762]) - -[#3765]: https://github.com/bottlerocket-os/bottlerocket/pull/3765 -[#3763]: https://github.com/bottlerocket-os/bottlerocket/pull/3763 -[#3757]: https://github.com/bottlerocket-os/bottlerocket/pull/3757 -[#3759]: https://github.com/bottlerocket-os/bottlerocket/pull/3759 -[#3762]: https://github.com/bottlerocket-os/bottlerocket/pull/3762 - -# v1.19.0 (2024-02-01) - -## OS Changes -* Adjust unit dependencies for systemd-sysusers ([#3720]) -* Update third party packages ([#3722], [#3750]) -* Add kernel settings extension ([#3727]) -* Update kernel to 5.10.205, 5.15.145, 6.1.72 ([#3734]) -* Update runc to 1.1.12 and containerd to 1.6.28 ([#3751]) - -## Orchestrator Changes - -### Kubernetes -* Add latest instance types to eni-max-pods mapping ([#3741]) -* Drop Kubernetes 1.24 Metal and VMware variants ([#3742]) - -### ECS -* Add additional ECS settings for ECS_BACKEND_HOST and ECS_AWSVPC_BLOCK_IMDS ([#3749]) - -## Build Changes -* twoliter updated to v0.0.6 ([#3744]) - -[#3720]: https://github.com/bottlerocket-os/bottlerocket/pull/3720 -[#3722]: https://github.com/bottlerocket-os/bottlerocket/pull/3722 -[#3727]: https://github.com/bottlerocket-os/bottlerocket/pull/3727 -[#3734]: https://github.com/bottlerocket-os/bottlerocket/pull/3734 -[#3741]: https://github.com/bottlerocket-os/bottlerocket/pull/3741 -[#3742]: https://github.com/bottlerocket-os/bottlerocket/pull/3742 -[#3744]: https://github.com/bottlerocket-os/bottlerocket/pull/3744 -[#3749]: https://github.com/bottlerocket-os/bottlerocket/pull/3749 -[#3750]: https://github.com/bottlerocket-os/bottlerocket/pull/3750 -[#3751]: https://github.com/bottlerocket-os/bottlerocket/pull/3751 - -# v1.18.0 (2024-01-16) - -## OS Changes - -* Remove unused runc SELinux policy rule ([#3673]) -* Update third party packages ([#3692]) -* Fix creation of kprobes using unqualified names ([#3699], [#3708]) -* Update host containers ([#3704]) -* Update kernel to 5.10.205, 5.15.145, 6.1.66 ([#3686], [#3708]) -* Add container-registry settings extension ([#3674]) -* Add updates settings extension ([#3689]) - -## Orchestrator Changes - -### Kubernetes - -* Add Kubernetes 1.29 variants ([#3628]) -* Update Kubernetes 1.23 to release 33 ([#3692]) -* Add latest instance types to eni-max-pods mapping ([#3695]) - -### ECS - -* Update ecs-agent to 1.79.2 ([#3692]) - -## Build Changes - -* Export symbols for packages that include dynamically linked Go binaries ([#3680]) -* Update to Bottlerocket SDK v0.37.0 ([#3690]) - + Upgrades to Go 1.21.5 - -[#3628]: https://github.com/bottlerocket-os/bottlerocket/pull/3628 -[#3673]: https://github.com/bottlerocket-os/bottlerocket/pull/3673 -[#3674]: https://github.com/bottlerocket-os/bottlerocket/pull/3674 -[#3680]: https://github.com/bottlerocket-os/bottlerocket/pull/3680 -[#3686]: https://github.com/bottlerocket-os/bottlerocket/pull/3686 -[#3689]: https://github.com/bottlerocket-os/bottlerocket/pull/3689 -[#3690]: https://github.com/bottlerocket-os/bottlerocket/pull/3690 -[#3692]: https://github.com/bottlerocket-os/bottlerocket/pull/3692 -[#3695]: https://github.com/bottlerocket-os/bottlerocket/pull/3695 -[#3699]: https://github.com/bottlerocket-os/bottlerocket/pull/3699 -[#3704]: https://github.com/bottlerocket-os/bottlerocket/pull/3704 -[#3708]: https://github.com/bottlerocket-os/bottlerocket/pull/3708 - -# v1.17.0 (2023-12-12) - -## OS Changes - -* Generate valid hostname when IPv6 reverse lookup fails ([#3592]) -* Avoid mounting the EFI system partition at `/boot` ([#3591]) -* Update kernel to 5.10.201, 5.15.139, 6.1.61 ([#3611], [#3643]) -* Switch to async `tough` ([#3566]) -* Update host containers ([#3646]) -* Move template migrations to `schnauzer` v2 ([#3633]) -* Handle proxy credentials properly in `pluto` ([#3639], [#3667]) -* Update third party packages ([#3612], [#3642]) - -## Orchestrator Changes - -### Kubernetes - -* Update `nvidia-k8s-device-plugin` to address CVEs ([#3612]) -* Update to Kubernetes 1.28.4 ([#3612]) -* Update to Kubernetes 1.27.8 ([#3612]) -* Update to Kubernetes 1.26.11 ([#3612]) -* Update to Kubernetes 1.25.16 ([#3612]) - - -### ECS - -* Update `ecs-agent` to address CVEs ([#3612]) - -## Build Changes - -* Update to Bottlerocket SDK v0.36.1 ([#3640], [#3670]) - -[#3566]: https://github.com/bottlerocket-os/bottlerocket/pull/3566 -[#3591]: https://github.com/bottlerocket-os/bottlerocket/pull/3591 -[#3592]: https://github.com/bottlerocket-os/bottlerocket/pull/3592 -[#3611]: https://github.com/bottlerocket-os/bottlerocket/pull/3611 -[#3612]: https://github.com/bottlerocket-os/bottlerocket/pull/3612 -[#3633]: https://github.com/bottlerocket-os/bottlerocket/pull/3633 -[#3639]: https://github.com/bottlerocket-os/bottlerocket/pull/3639 -[#3640]: https://github.com/bottlerocket-os/bottlerocket/pull/3640 -[#3642]: https://github.com/bottlerocket-os/bottlerocket/pull/3642 -[#3643]: https://github.com/bottlerocket-os/bottlerocket/pull/3643 -[#3646]: https://github.com/bottlerocket-os/bottlerocket/pull/3646 -[#3667]: https://github.com/bottlerocket-os/bottlerocket/pull/3667 -[#3670]: https://github.com/bottlerocket-os/bottlerocket/pull/3670 - -# v1.16.1 (2023-11-13) - -## OS Changes - -* Update open-vm-tools to 12.3.5 to address CVE-2023-34058 and CVE-2023-34059 ([#3553]) -* Update NVIDIA drivers to 470.223.02 and 535.129.03 to address CVE‑2023‑31022 and CVE‑2023‑31018 ([#3561]) -* Improvements to Bottlerocket CIS benchmark checks ([#3552] [#3562] [#3564]) -* Regenerate updog proxy configuration when settings.network.proxy gets updated ([#3578]) -* kernel: Update to 5.10.198, 5.15.136, and 6.1.59 ([#3572]) - -## Orchestrator Changes - -### Kubernetes -* Update Kubernetes versions to address HTTP v2 x/net CVE-2023-39325 ([#3581]) -* Avoid specifying `hostname-override` kubelet option if `cloud-provider` is set to `aws` ([#3582]) - -[#3552]: https://github.com/bottlerocket-os/bottlerocket/pull/3552 -[#3553]: https://github.com/bottlerocket-os/bottlerocket/pull/3553 -[#3561]: https://github.com/bottlerocket-os/bottlerocket/pull/3561 -[#3562]: https://github.com/bottlerocket-os/bottlerocket/pull/3562 -[#3564]: https://github.com/bottlerocket-os/bottlerocket/pull/3564 -[#3572]: https://github.com/bottlerocket-os/bottlerocket/pull/3572 -[#3578]: https://github.com/bottlerocket-os/bottlerocket/pull/3578 -[#3581]: https://github.com/bottlerocket-os/bottlerocket/pull/3581 -[#3582]: https://github.com/bottlerocket-os/bottlerocket/pull/3582 - -# v1.16.0 (2023-10-25) - -## OS Changes - -* Adjust netlink timeout to prevent interfaces from entering a failed state ([#3520]) -* Update third-party packages ([#3535]) -* Add XFS CLI utilities for managing XFS-formatted storage ([#3444]) -* Add facilities to auto-load kernel modules ([#3460]) -* Update to kernels 5.10.197, 5.15.134, and 6.1.55 ([#3509] [#3542]) -* Fix reporting for Bottlerocket CIS Benchmark 4.1.2 ([#3547]) -* Update systemd to 252.18 ([#3533]) -* Allow fanotify permission events for trusted subjects in SELinux policy ([#3540]) - -## Orchestrator Changes - -### Kubernetes - -* Drop Kubernetes 1.23 Metal and VMware variants ([#3531]) - -### ECS - -* Update ecs-agent ([#3535]) - -## Build Changes - -* Update to Bottlerocket SDK v0.35.0 ([#3528]) - -[#3444]: https://github.com/bottlerocket-os/bottlerocket/pull/3444 -[#3460]: https://github.com/bottlerocket-os/bottlerocket/pull/3460 -[#3509]: https://github.com/bottlerocket-os/bottlerocket/pull/3509 -[#3520]: https://github.com/bottlerocket-os/bottlerocket/pull/3520 -[#3528]: https://github.com/bottlerocket-os/bottlerocket/pull/3528 -[#3531]: https://github.com/bottlerocket-os/bottlerocket/pull/3531 -[#3533]: https://github.com/bottlerocket-os/bottlerocket/pull/3533 -[#3535]: https://github.com/bottlerocket-os/bottlerocket/pull/3535 -[#3540]: https://github.com/bottlerocket-os/bottlerocket/pull/3540 -[#3542]: https://github.com/bottlerocket-os/bottlerocket/pull/3542 -[#3547]: https://github.com/bottlerocket-os/bottlerocket/pull/3547 - -# v1.15.1 (2023-10-9) - -## OS Changes - -* Allow older ext4 snapshot volumes to be mounted in newer variants that default to xfs ([#3499]) -* Update `apiclient` Rust dependencies ([#3491]) -* Update `pluto` Rust dependencies ([#3439]) -* Patch glibc to address CVE-2023-4806, CVE-2023-4911, and CVE-2023-5156 ([#3501]) -* Update open-vm-tools to 12.3.0 to address CVE-2023-20900 ([#3500]) - -## Build Changes - -* Update `twoliter` to v0.0.4 ([#3480]) - -[#3439]: https://github.com/bottlerocket-os/bottlerocket/pull/3439 -[#3480]: https://github.com/bottlerocket-os/bottlerocket/pull/3480 -[#3491]: https://github.com/bottlerocket-os/bottlerocket/pull/3491 -[#3499]: https://github.com/bottlerocket-os/bottlerocket/pull/3499 -[#3500]: https://github.com/bottlerocket-os/bottlerocket/pull/3500 -[#3501]: https://github.com/bottlerocket-os/bottlerocket/pull/3501 - -# v1.15.0 (2023-09-18) - -## Major Features - -This release brings support for Secure Boot on platforms using UEFI boot; the Linux 6.1 kernel; systemd-networkd and systemd-resolved for host networking; and XFS as the filesystem for local storage. - -These features are enabled by default in the new variants. Existing variants will continue to use earlier kernels, `wicked` for host networking, and EXT4 as the filesystem for local storage. - -## Known Incompatibilities - -* Variants using the 6.1 kernel (`aws-ecs-2`/`aws-ecs-2-nvidia`, `aws-k8s-1.28`/`aws-k8s-1.28-nvidia`, `vmware-k8s-1.28`, and `metal-k8s-1.28`) do not support [LustreFS](https://aws.amazon.com/fsx/lustre/) ([#3459]) - -## Deprecation Notice - -The functionality to apply a hotpatch for log4j CVE-2021-44228 has been removed. The corresponding setting, `settings.oci-hooks.log4j-hotpatch-enabled`, is still available for backwards compatibility. However, it has no effect beyond printing a deprecation warning to the system logs. ([#3401]) - -## OS Changes - -* Add kernel 6.1 ([#3121], [#3441]) -* Update admin and control containers ([#3368]) -* Update third party packages and dependencies ([#3362], [#3369], [#3330], [#3339], [#3355], [#3441], [#3456]) -* Updated to systemd 252 ([#3290]) -* Add support for Secure Boot ([#3097]) -* Add support for XFS ([#3198]) -* Add `apiclient report` command ([#3258]) and Bottlerocket CIS benchmark report ([#2881]) -* Add resource-limit settings for OCI defaults ([#3206]) -* Use `systemd-networkd` and `systemd-resolved` instead of `wicked` for `aws-k8s-1.28`, `aws-ecs-2`, and `*-dev` variants ([#3134], [#3232], [#3266], [#3311], [#3394], [#3395], [#3451], [#3455]) - -## Orchestrator Changes - -### ECS - -* Add `aws-ecs-2` variants ([#3273]) - * Enables Secure Boot, systemd-networkd, and XFS for the data partition -* Add support for AppMesh ([#3267]) - -### Kubernetes - -* Add Kubernetes 1.28 variants ([#3329]) - * Enables Secure Boot, systemd-networkd, and XFS for the data partition -* Drop Kubernetes 1.22 variants ([#2988]) -* Update to Kubernetes 1.27.4 ([#3319]) -* Update to Kubernetes 1.26.7 ([#3320]) -* Update to Kubernetes 1.25.12 ([#3321]) -* Update to Kubernetes 1.24.16 ([#3322]) -* Add support for SeccompDefault setting for k8s 1.25+ ([#3334]) -* Add Kubernetes CIS benchmark report ([#3239]) - -## Platform Changes - -### AWS -* Retry on empty PrivateDnsName from EC2 ([#3364]) - -### Metal -* Enable Intel VMD driver ([#3419]) -* Add linux-firmware ([#3296], [#3418]) -* Add aws-iam-authenticator to k8s variants ([#3357]) - -## Build Changes - -* Upgrade to Bottlerocket SDK v0.34.1 ([#3445]) -* Use [Twoliter] to enable work on [out-of-tree builds]. Most `tools` have moved to [Twoliter] ([#3379], [#3429], [#3392], [#3342]) -* Only limit concurrency while building RPMs ([#3343]) - - -[Twoliter]: https://github.com/bottlerocket-os/twoliter -[out-of-tree builds]: https://github.com/bottlerocket-os/bottlerocket/issues/2669 -[#2881]: https://github.com/bottlerocket-os/bottlerocket/pull/2881 -[#2988]: https://github.com/bottlerocket-os/bottlerocket/pull/2988 -[#3075]: https://github.com/bottlerocket-os/bottlerocket/pull/3075 -[#3097]: https://github.com/bottlerocket-os/bottlerocket/pull/3097 -[#3121]: https://github.com/bottlerocket-os/bottlerocket/pull/3121 -[#3134]: https://github.com/bottlerocket-os/bottlerocket/pull/3134 -[#3198]: https://github.com/bottlerocket-os/bottlerocket/pull/3198 -[#3206]: https://github.com/bottlerocket-os/bottlerocket/pull/3206 -[#3232]: https://github.com/bottlerocket-os/bottlerocket/pull/3232 -[#3239]: https://github.com/bottlerocket-os/bottlerocket/pull/3239 -[#3258]: https://github.com/bottlerocket-os/bottlerocket/pull/3258 -[#3266]: https://github.com/bottlerocket-os/bottlerocket/pull/3266 -[#3267]: https://github.com/bottlerocket-os/bottlerocket/pull/3267 -[#3273]: https://github.com/bottlerocket-os/bottlerocket/pull/3273 -[#3290]: https://github.com/bottlerocket-os/bottlerocket/pull/3290 -[#3296]: https://github.com/bottlerocket-os/bottlerocket/pull/3296 -[#3311]: https://github.com/bottlerocket-os/bottlerocket/pull/3311 -[#3319]: https://github.com/bottlerocket-os/bottlerocket/pull/3319 -[#3320]: https://github.com/bottlerocket-os/bottlerocket/pull/3320 -[#3321]: https://github.com/bottlerocket-os/bottlerocket/pull/3321 -[#3322]: https://github.com/bottlerocket-os/bottlerocket/pull/3322 -[#3329]: https://github.com/bottlerocket-os/bottlerocket/pull/3329 -[#3330]: https://github.com/bottlerocket-os/bottlerocket/pull/3330 -[#3334]: https://github.com/bottlerocket-os/bottlerocket/pull/3334 -[#3339]: https://github.com/bottlerocket-os/bottlerocket/pull/3339 -[#3342]: https://github.com/bottlerocket-os/bottlerocket/pull/3342 -[#3342]: https://github.com/bottlerocket-os/bottlerocket/pull/3342 -[#3343]: https://github.com/bottlerocket-os/bottlerocket/pull/3343 -[#3355]: https://github.com/bottlerocket-os/bottlerocket/pull/3355 -[#3357]: https://github.com/bottlerocket-os/bottlerocket/pull/3357 -[#3362]: https://github.com/bottlerocket-os/bottlerocket/pull/3362 -[#3364]: https://github.com/bottlerocket-os/bottlerocket/pull/3364 -[#3366]: https://github.com/bottlerocket-os/bottlerocket/pull/3366 -[#3368]: https://github.com/bottlerocket-os/bottlerocket/pull/3368 -[#3369]: https://github.com/bottlerocket-os/bottlerocket/pull/3369 -[#3379]: https://github.com/bottlerocket-os/bottlerocket/pull/3379 -[#3392]: https://github.com/bottlerocket-os/bottlerocket/pull/3392 -[#3394]: https://github.com/bottlerocket-os/bottlerocket/pull/3394 -[#3395]: https://github.com/bottlerocket-os/bottlerocket/pull/3395 -[#3401]: https://github.com/bottlerocket-os/bottlerocket/pull/3401 -[#3418]: https://github.com/bottlerocket-os/bottlerocket/pull/3418 -[#3419]: https://github.com/bottlerocket-os/bottlerocket/pull/3419 -[#3429]: https://github.com/bottlerocket-os/bottlerocket/pull/3429 -[#3441]: https://github.com/bottlerocket-os/bottlerocket/pull/3441 -[#3445]: https://github.com/bottlerocket-os/bottlerocket/pull/3445 -[#3451]: https://github.com/bottlerocket-os/bottlerocket/pull/3451 -[#3455]: https://github.com/bottlerocket-os/bottlerocket/pull/3455 -[#3456]: https://github.com/bottlerocket-os/bottlerocket/pull/3456 -[#3459]: https://github.com/bottlerocket-os/bottlerocket/issues/3459 - -# v1.14.3 (2023-08-10) - -## OS Changes - -* Apply patches to 5.10 and 5.15 kernels to address CVE-2023-20593 ([#3300]) -* Update admin and control containers ([#3307]) -* Update eni-max-pods with new instance types ([#3324]) - -## Orchestrator Changes - -### Kubernetes - -* Update Kubernetes v1.23.17 to include latest EKS-D patches ([#3323]) - -[#3300]: https://github.com/bottlerocket-os/bottlerocket/pull/3300 -[#3307]: https://github.com/bottlerocket-os/bottlerocket/pull/3307 -[#3323]: https://github.com/bottlerocket-os/bottlerocket/pull/3323 -[#3324]: https://github.com/bottlerocket-os/bottlerocket/pull/3324 - -# v1.14.2 (2023-07-06) - -## OS Changes - -* Improve the reliability of acquiring a DHCPv6 lease ([#3211], [#3212]) -* Update kernel-5.10 to 5.10.184 and kernel-5.15 to 5.15.117 ([#3238]) -* Update eni-max-pods with new instance types ([#3193]) -* Make `pluto` outbound API requests more resilient to intermittent network errors ([#3214]) -* Update runc to 1.1.6 ([#3249]) - -## Orchestrator Changes - -### ECS - -* Add image cleanup settings to control task image cleanup frequency ([#3231]) - -### Kubernetes - -* Update to Kubernetes v1.24.15 ([#3234]) -* Update to Kubernetes v1.25.11 ([#3235]) -* Update to Kubernetes v1.26.6 ([#3236]) -* Update to Kubernetes v1.27.3 ([#3237]) - -## Build Changes - -* Updated Bottlerocket SDK version to v0.33.0 ([#3213]) - -[#3211]: https://github.com/bottlerocket-os/bottlerocket/pull/3211 -[#3212]: https://github.com/bottlerocket-os/bottlerocket/pull/3212 -[#3213]: https://github.com/bottlerocket-os/bottlerocket/pull/3213 -[#3214]: https://github.com/bottlerocket-os/bottlerocket/pull/3214 -[#3231]: https://github.com/bottlerocket-os/bottlerocket/pull/3231 -[#3234]: https://github.com/bottlerocket-os/bottlerocket/pull/3234 -[#3235]: https://github.com/bottlerocket-os/bottlerocket/pull/3235 -[#3236]: https://github.com/bottlerocket-os/bottlerocket/pull/3236 -[#3237]: https://github.com/bottlerocket-os/bottlerocket/pull/3237 -[#3238]: https://github.com/bottlerocket-os/bottlerocket/pull/3238 -[#3193]: https://github.com/bottlerocket-os/bottlerocket/pull/3193 -[#3249]: https://github.com/bottlerocket-os/bottlerocket/pull/3249 - -# v1.14.1 (2023-05-31) - -## OS Changes - -* Apply patches to 5.10 and 5.15 kernels to address CVE-2023-32233 ([#3128]) -* Add fallback container image source parsing for regions not yet supported by the `aws-go-sdk` in `host-ctr` ([#3138]) -* Increase default `max_dgram_qlen` sysctl value to `512` for both 5.10 and 5.15 kernels ([#3139]) - -## Orchestrator Changes - -### Kubernetes - -* Kubernetes package updates - * Update Kubernetes v1.22.17 to include latest EKS-D patches ([#3108]) - * Update Kubernetes v1.23.17 to include latest EKS-D patches ([#3119]) - * Update to Kubernetes v1.24.14 ([#3119]) - * Update to Kubernetes v1.25.9 ([#3119]) - * Update to Kubernetes v1.26.4 ([#3119]) - * Update Kubernetes v1.27.1 to include latest EKS-D patches ([#3119]) -* Change `nvidia-k8s-device-plugin` service dependency on `kubelet` ([#3141]) - -## Build Changes - -* Fix `pubsys` bug preventing multiple SSM parameter promotions in `promote-ssm` Makefile target ([#3137]) - -[#3108]: https://github.com/bottlerocket-os/bottlerocket/pull/3108 -[#3119]: https://github.com/bottlerocket-os/bottlerocket/pull/3119 -[#3128]: https://github.com/bottlerocket-os/bottlerocket/pull/3128 -[#3137]: https://github.com/bottlerocket-os/bottlerocket/pull/3137 -[#3138]: https://github.com/bottlerocket-os/bottlerocket/pull/3138 -[#3139]: https://github.com/bottlerocket-os/bottlerocket/pull/3139 -[#3141]: https://github.com/bottlerocket-os/bottlerocket/pull/3141 - -# v1.14.0 (2023-05-11) - -## OS Changes - -* Update kernel-5.10 to 5.10.178 and kernel-5.15 to 5.15.108 ([#3077]) -* Update admin and control containers ([#3090]) -* Update third party packages and dependencies ([#2991], [#3082]) -* Enable `SCSI_VIRTIO` driver for better hypervisor support ([#3047]) -* Disable panic on hung task for kernel 5.15 ([#3091]) -* Create symlink to `inventory` path using Storewolf ([#3035]) - -## Orchestrator Changes - -### ECS - -* Add support for ECS Exec ([#3075]) - -### Kubernetes - -* Add Kubernetes 1.27 variants ([#3046]) - * Switch to using Kubernetes default values for `kube-api-burst` and `kube-api-qps` ([#3094]) -* Add more Kubernetes settings ([#2930], [#2986]) - * Soft eviction policy - * Graceful shutdown - * CPU quota enforcement - * Memory manager policy - * CPU manager policy -* Fix Kubernetes 1.26 credential provider apiVersion ([#3070]) -* Add ability to pass environment variables to image credential providers ([#2934]) - -## Build Changes - -* Upgrade to Bottlerocket SDK v0.32.0 ([#3071]) -* Add AMI validation to PubSys ([#3020]) -* Add SSM parameter validation to PubSys ([#2969]) -* Add `validate-ami` and `validate-ssm` Makefile targets ([#3043]) -* Add `check-migrations` Makefile target to check for common migration problems ([#3051]) - -## Testing Changes - -* Update testsys to v0.0.7 ([#3065]) -* Add support for node provisioning with Karpenter ([#3067]) -* Enable using custom Sonobuoy images ([#3068]) - -[#3077]: https://github.com/bottlerocket-os/bottlerocket/pull/3077 -[#3090]: https://github.com/bottlerocket-os/bottlerocket/pull/3090 -[#2991]: https://github.com/bottlerocket-os/bottlerocket/pull/2991 -[#3082]: https://github.com/bottlerocket-os/bottlerocket/pull/3082 -[#3047]: https://github.com/bottlerocket-os/bottlerocket/pull/3047 -[#3091]: https://github.com/bottlerocket-os/bottlerocket/pull/3091 -[#3071]: https://github.com/bottlerocket-os/bottlerocket/pull/3071 -[#3035]: https://github.com/bottlerocket-os/bottlerocket/pull/3035 -[#3075]: https://github.com/bottlerocket-os/bottlerocket/pull/3075 -[#3046]: https://github.com/bottlerocket-os/bottlerocket/pull/3046 -[#3094]: https://github.com/bottlerocket-os/bottlerocket/pull/3094 -[#2930]: https://github.com/bottlerocket-os/bottlerocket/pull/2930 -[#2986]: https://github.com/bottlerocket-os/bottlerocket/pull/2986 -[#3070]: https://github.com/bottlerocket-os/bottlerocket/pull/3070 -[#2934]: https://github.com/bottlerocket-os/bottlerocket/pull/2934 -[#3051]: https://github.com/bottlerocket-os/bottlerocket/pull/3051 -[#3020]: https://github.com/bottlerocket-os/bottlerocket/pull/3020 -[#2969]: https://github.com/bottlerocket-os/bottlerocket/pull/2969 -[#3043]: https://github.com/bottlerocket-os/bottlerocket/pull/3043 -[#3065]: https://github.com/bottlerocket-os/bottlerocket/pull/3065 -[#3067]: https://github.com/bottlerocket-os/bottlerocket/pull/3067 -[#3068]: https://github.com/bottlerocket-os/bottlerocket/pull/3068 - -# v1.13.5 (2023-05-01) - -## OS Changes - -* Revert `runc` update to move back to 1.1.5 ([#3054]) - -[#3054]: https://github.com/bottlerocket-os/bottlerocket/pull/3054 - -# v1.13.4 (2023-04-24) - -## OS Changes - -* Ensure the first hostname is used when a VPC DHCP option set has multiple domains ([#3032]) -* Update `runc` to version 1.1.6 ([#3037]) - -## Orchestrator Changes - -### Kubernetes - -* Generate and pass `--hostname-override` flag to kubelet in `aws-k8s-1.26` variants ([#3033]) - -[#3032]: https://github.com/bottlerocket-os/bottlerocket/pull/3032 -[#3033]: https://github.com/bottlerocket-os/bottlerocket/pull/3033 -[#3037]: https://github.com/bottlerocket-os/bottlerocket/pull/3037 - -# v1.13.3 (2023-04-17) - -## OS Changes - -* Update kernel-5.10 to 5.10.173 and kernel-5.15 to 5.15.102 ([#2948], [#3002]) -* Fix check for rule existence in ip6tables v1.8.9 ([#3001]) -* Backport systemd fixes for skipped udevd events ([#2999]) -* Check platform-specific mechanisms for hostname first ([#3021]) - -## Orchestrator Changes - -### Kubernetes - -* Generate 'provider-id' setting for aws-k8s variants ([#3026]) - -[#2948]: https://github.com/bottlerocket-os/bottlerocket/pull/2948 -[#2999]: https://github.com/bottlerocket-os/bottlerocket/pull/2999 -[#3001]: https://github.com/bottlerocket-os/bottlerocket/pull/3001 -[#3002]: https://github.com/bottlerocket-os/bottlerocket/pull/3002 -[#3021]: https://github.com/bottlerocket-os/bottlerocket/pull/3021 -[#3026]: https://github.com/bottlerocket-os/bottlerocket/pull/3026 - -# v1.13.2 (2023-04-04) - -## OS Changes - -* Update `runc` to version 1.1.5 ([#2946]) - -## Orchestrator Changes - -### Kubernetes - -* Update to Kubernetes v1.26.2 ([#2929]) -* Update `aws-iam-authenticator` package to v0.6.8 ([#2965]) - -[#2946]: https://github.com/bottlerocket-os/bottlerocket/pull/2946 -[#2929]: https://github.com/bottlerocket-os/bottlerocket/pull/2929 -[#2965]: https://github.com/bottlerocket-os/bottlerocket/pull/2965 - -# v1.13.1 (2023-03-23) - -## OS Changes - -* Improve logic around repartitioning and disk expansion by using symlinks to differentiate "fallback" and "preferred" data partitions ([#2935]) -* Add `keyutils` package to enable mounting CIFS shares ([#2907]) - -## Orchestrator Changes - -### Kubernetes - -* Fix AWS profile rendering in credential provider ([#2904]) -* Change CredentialProviderConfig api version to `v1beta1` for Kubernetes 1.25 variants ([#2906]) - -[#2904]: https://github.com/bottlerocket-os/bottlerocket/pull/2904 -[#2906]: https://github.com/bottlerocket-os/bottlerocket/pull/2906 -[#2907]: https://github.com/bottlerocket-os/bottlerocket/pull/2907 -[#2935]: https://github.com/bottlerocket-os/bottlerocket/pull/2935 - -# v1.13.0 (2023-03-15) - -## OS Changes - -* Add `ethtool` to Bottlerocket ([#2829]) -* Improve logging in `migrator` to track ongoing migrations ([#2751]) -* Improve random-access read performance of root volume on some devices ([#2863]) -* Add `CAP_SYS_MODULE` and `CAP_CHROOT` to bootstrap containers ([#2772]) -* Add support for cgroup v2 ([#2875], [#2802]) -* Disable IA and SafeSetID LSM for kernel-5.15 ([#2789]) -* Update kernel-5.10 to 5.10.165 and kernel-5.15 to 5.15.90 ([#2795]) -* Allow `=` in bootconfig values ([#2806]) -* Include `systemd-analyze plot` for `logdog` ([#2880]) -* Update host containers ([#2864]) -* Update third party packages ([#2825], [#2842]) - -## Orchestrator Changes - -### Kubernetes - -* **Remove Kubernetes 1.21 variants ([#2700])** -* Add Kubernetes 1.26 variants ([#2771], ([#2876]) -* Change `kubelet` service to have restart policy `always` ([#2774]) -* Update to Kubernetes v1.25.6 ([#2782]) -* Update to Kubernetes v1.24.10 ([#2790]) -* Update to Kubernetes v1.23.16 ([#2791]) -* Update Kubernetes 1.22.17 to include latest EKS-D patches ([#2792]) - -### ECS - -* Enable FireLens capability in `aws-ecs-1` variant ([#2819]) - -## Platform Changes - -### AWS - -* Set NVMe IO request timeouts for EBS according to AWS recommendations ([#2820]) -* Support an alternate data partition on EC2 instances launched with a single volume ([#2807], [#2879], [#2873]) -* Update `eni-max-pod` mappings to include the latest AWS instance types ([#2818]) - -### VMware - -* Remove `k8s.gcr.io` in favor of `public.ecr.aws` ([#2861], ([#2786]) -* Disable UDP offload for primary interface ([#2850]) - -## Build Changes - -* Ensure empty build/rpms directory is included in build context ([#2784]) -* Add image feature flag for cgroup v2 ([#2845]) -* Enable `systemd-networkd` development via build flag ([#2741], [#2832], [#2750]) -* Fix `clippy` linter warnings in source files and add `clippy` CI coverage ([#2745]) -* Use `clippy` provided in SDK image ([#2793]) ([#2868]) -* Remove unnecessary `time` 0.1.x dependency ([#2748], [#2851]) -* Remove unnecessary patch from `containerd` ([#2755]) -* Update Bottlerocket SDK to v0.30.2 ([#2866], [#2857], [#2836]) -* Remove outdated `rust_2018_idioms` enforcement ([#2837]) -* Update Rust edition to `2021` ([#2835]) -* Upgraded Rust code dependencies ([#2816], [#2869], [#2851], [#2736], [#2895]) -* Upgraded Go code dependencies ([#2828], [#2826], [#2813]) -* Rename `ncurses` to `libncurses` ([#2769]) -* Update schnauzer's registry map ([#2867]) - -## Testing Changes - -* Add support for Kubernetes workloads in `testsys` ([#2830]) -* Add support for a `tests` directory ([#2737], [#2775]) -* Provide advanced config controls to `testsys` ([#2799]) -* Fix incorrect migration starting image for VMware testing in `testsys` ([#2804]) -* Use testsys v0.0.6 ([#2865]) - -## Documentation Changes - -* Add boot sequence documentation ([#2735]) -* Update Bottlerocket version in provisioning step in `PROVISIONING-METAL.md` ([#2785]) -* Add user-data example for setting container registry credentials in `README.md` ([#2803]) -* Fix missing trailing backslashes on `ami` commands in `TESTING.md` ([#2838]) - -[#2700]: https://github.com/bottlerocket-os/bottlerocket/pull/2700 -[#2735]: https://github.com/bottlerocket-os/bottlerocket/pull/2735 -[#2736]: https://github.com/bottlerocket-os/bottlerocket/pull/2736 -[#2737]: https://github.com/bottlerocket-os/bottlerocket/pull/2737 -[#2741]: https://github.com/bottlerocket-os/bottlerocket/pull/2741 -[#2745]: https://github.com/bottlerocket-os/bottlerocket/pull/2745 -[#2748]: https://github.com/bottlerocket-os/bottlerocket/pull/2748 -[#2749]: https://github.com/bottlerocket-os/bottlerocket/pull/2749 -[#2750]: https://github.com/bottlerocket-os/bottlerocket/pull/2750 -[#2751]: https://github.com/bottlerocket-os/bottlerocket/pull/2751 -[#2755]: https://github.com/bottlerocket-os/bottlerocket/pull/2755 -[#2769]: https://github.com/bottlerocket-os/bottlerocket/pull/2769 -[#2771]: https://github.com/bottlerocket-os/bottlerocket/pull/2771 -[#2772]: https://github.com/bottlerocket-os/bottlerocket/pull/2772 -[#2774]: https://github.com/bottlerocket-os/bottlerocket/pull/2774 -[#2775]: https://github.com/bottlerocket-os/bottlerocket/pull/2775 -[#2782]: https://github.com/bottlerocket-os/bottlerocket/pull/2782 -[#2784]: https://github.com/bottlerocket-os/bottlerocket/pull/2784 -[#2785]: https://github.com/bottlerocket-os/bottlerocket/pull/2785 -[#2786]: https://github.com/bottlerocket-os/bottlerocket/pull/2786 -[#2789]: https://github.com/bottlerocket-os/bottlerocket/pull/2789 -[#2790]: https://github.com/bottlerocket-os/bottlerocket/pull/2790 -[#2791]: https://github.com/bottlerocket-os/bottlerocket/pull/2791 -[#2792]: https://github.com/bottlerocket-os/bottlerocket/pull/2792 -[#2793]: https://github.com/bottlerocket-os/bottlerocket/pull/2793 -[#2795]: https://github.com/bottlerocket-os/bottlerocket/pull/2795 -[#2797]: https://github.com/bottlerocket-os/bottlerocket/pull/2797 -[#2799]: https://github.com/bottlerocket-os/bottlerocket/pull/2799 -[#2802]: https://github.com/bottlerocket-os/bottlerocket/pull/2802 -[#2803]: https://github.com/bottlerocket-os/bottlerocket/pull/2803 -[#2804]: https://github.com/bottlerocket-os/bottlerocket/pull/2804 -[#2806]: https://github.com/bottlerocket-os/bottlerocket/pull/2806 -[#2807]: https://github.com/bottlerocket-os/bottlerocket/pull/2807 -[#2813]: https://github.com/bottlerocket-os/bottlerocket/pull/2813 -[#2816]: https://github.com/bottlerocket-os/bottlerocket/pull/2816 -[#2818]: https://github.com/bottlerocket-os/bottlerocket/pull/2818 -[#2819]: https://github.com/bottlerocket-os/bottlerocket/pull/2819 -[#2820]: https://github.com/bottlerocket-os/bottlerocket/pull/2820 -[#2825]: https://github.com/bottlerocket-os/bottlerocket/pull/2825 -[#2826]: https://github.com/bottlerocket-os/bottlerocket/pull/2826 -[#2828]: https://github.com/bottlerocket-os/bottlerocket/pull/2828 -[#2829]: https://github.com/bottlerocket-os/bottlerocket/pull/2829 -[#2830]: https://github.com/bottlerocket-os/bottlerocket/pull/2830 -[#2832]: https://github.com/bottlerocket-os/bottlerocket/pull/2832 -[#2835]: https://github.com/bottlerocket-os/bottlerocket/pull/2835 -[#2836]: https://github.com/bottlerocket-os/bottlerocket/pull/2836 -[#2837]: https://github.com/bottlerocket-os/bottlerocket/pull/2837 -[#2838]: https://github.com/bottlerocket-os/bottlerocket/pull/2838 -[#2842]: https://github.com/bottlerocket-os/bottlerocket/pull/2842 -[#2845]: https://github.com/bottlerocket-os/bottlerocket/pull/2845 -[#2846]: https://github.com/bottlerocket-os/bottlerocket/pull/2846 -[#2850]: https://github.com/bottlerocket-os/bottlerocket/pull/2850 -[#2851]: https://github.com/bottlerocket-os/bottlerocket/pull/2851 -[#2857]: https://github.com/bottlerocket-os/bottlerocket/pull/2857 -[#2861]: https://github.com/bottlerocket-os/bottlerocket/pull/2861 -[#2863]: https://github.com/bottlerocket-os/bottlerocket/pull/2863 -[#2864]: https://github.com/bottlerocket-os/bottlerocket/pull/2864 -[#2865]: https://github.com/bottlerocket-os/bottlerocket/pull/2865 -[#2866]: https://github.com/bottlerocket-os/bottlerocket/pull/2866 -[#2867]: https://github.com/bottlerocket-os/bottlerocket/pull/2867 -[#2868]: https://github.com/bottlerocket-os/bottlerocket/pull/2868 -[#2869]: https://github.com/bottlerocket-os/bottlerocket/pull/2869 -[#2873]: https://github.com/bottlerocket-os/bottlerocket/pull/2873 -[#2875]: https://github.com/bottlerocket-os/bottlerocket/pull/2875 -[#2876]: https://github.com/bottlerocket-os/bottlerocket/pull/2876 -[#2879]: https://github.com/bottlerocket-os/bottlerocket/pull/2879 -[#2880]: https://github.com/bottlerocket-os/bottlerocket/pull/2880 -[#2895]: https://github.com/bottlerocket-os/bottlerocket/pull/2895 - -# v 1.12.0 (2023-01-24) - -## OS Changes - -* Disable strict aliasing for c-utf-8 library strict aliasing in dbus-broker ([#2730]) -* Add `/sys/firmware` to privileged mounts in host-ctr ([#2714]) -* Use user-provided registry credentials for public.ecr.aws in host-ctr ([#2676]) -* Build masked paths list dynamically in host-ctr ([#2637]) -* Enable EFI option in systemd ([#2714]) -* Allow simple enums as map keys in datastore ([#2687]) -* Improve reliability of `settings.network.hostname` generator ([#2647]) -* Add support for bonding and VLANS in `net.toml` ([#2596]) -* Keep only one intermediate datastore during migration ([#2589]) -* Widen access to filesystem relabel in SELinux policy ([#2738]) -* Update hotdog to 1.05 ([#2728]) -* Update systemd to 250.9 ([#2718]) -* Update third party packages and dependencies ([#2588], [#2717]) -* Update host containers ([#2739]) -* Update eksd ([#2690], [#2693], [#2694], thanks @rcrozean) - -## Orchestrator Changes - -### Kubernetes - -* Add support for Kubernetes 1.25 variants ([#2699]) -* Allow access to public kubelet certificates ([#2639]) -* During kubelet prestart, skip pause image pull if image exists ([#2587]) -* Delay kubelet.service until after warm-pool-wait service runs ([#2562]) -* Add OCI default spec and settings to containerd ([#2697]) - -## Platform Changes - -### VMware - -* Downgrade iopl warning when fetching guestinfo in `early-boot-config` ([#2732]) - -## Build Changes - -* Treat alias warning as errors ([#2730]) -* Suppress "missing changelog" warning in build ([#2730]) -* Update Bottlerocket SDK version to 0.29.0 ([#2730]) -* Improve error messages for publish-ami command ([#2695]) -* Disallow private AMIs in public SSM parameters ([#2680]) -* Rework `start-local-vm` image selection to use `latest` symlink ([#2696]) -* Improve integration testing through `cargo make test` ([#2560], [#2592], [#2618], [#2646], [#2653], [#2683], [#2674], [#2723], [#2724], [#2725]) - - -[#2560]: https://github.com/bottlerocket-os/bottlerocket/pull/2560 -[#2562]: https://github.com/bottlerocket-os/bottlerocket/pull/2562 -[#2587]: https://github.com/bottlerocket-os/bottlerocket/pull/2587 -[#2589]: https://github.com/bottlerocket-os/bottlerocket/pull/2589 -[#2592]: https://github.com/bottlerocket-os/bottlerocket/pull/2592 -[#2596]: https://github.com/bottlerocket-os/bottlerocket/pull/2596 -[#2618]: https://github.com/bottlerocket-os/bottlerocket/pull/2618 -[#2637]: https://github.com/bottlerocket-os/bottlerocket/pull/2637 -[#2639]: https://github.com/bottlerocket-os/bottlerocket/pull/2639 -[#2646]: https://github.com/bottlerocket-os/bottlerocket/pull/2646 -[#2647]: https://github.com/bottlerocket-os/bottlerocket/pull/2647 -[#2650]: https://github.com/bottlerocket-os/bottlerocket/pull/2650 -[#2653]: https://github.com/bottlerocket-os/bottlerocket/pull/2653 -[#2674]: https://github.com/bottlerocket-os/bottlerocket/pull/2674 -[#2676]: https://github.com/bottlerocket-os/bottlerocket/pull/2676 -[#2680]: https://github.com/bottlerocket-os/bottlerocket/pull/2680 -[#2683]: https://github.com/bottlerocket-os/bottlerocket/pull/2683 -[#2687]: https://github.com/bottlerocket-os/bottlerocket/pull/2687 -[#2690]: https://github.com/bottlerocket-os/bottlerocket/pull/2690 -[#2693]: https://github.com/bottlerocket-os/bottlerocket/pull/2693 -[#2694]: https://github.com/bottlerocket-os/bottlerocket/pull/2694 -[#2695]: https://github.com/bottlerocket-os/bottlerocket/pull/2695 -[#2696]: https://github.com/bottlerocket-os/bottlerocket/pull/2696 -[#2697]: https://github.com/bottlerocket-os/bottlerocket/pull/2697 -[#2699]: https://github.com/bottlerocket-os/bottlerocket/pull/2699 -[#2714]: https://github.com/bottlerocket-os/bottlerocket/pull/2714 -[#2717]: https://github.com/bottlerocket-os/bottlerocket/pull/2717 -[#2718]: https://github.com/bottlerocket-os/bottlerocket/pull/2718 -[#2723]: https://github.com/bottlerocket-os/bottlerocket/pull/2723 -[#2724]: https://github.com/bottlerocket-os/bottlerocket/pull/2724 -[#2725]: https://github.com/bottlerocket-os/bottlerocket/pull/2725 -[#2728]: https://github.com/bottlerocket-os/bottlerocket/pull/2728 -[#2730]: https://github.com/bottlerocket-os/bottlerocket/pull/2730 -[#2732]: https://github.com/bottlerocket-os/bottlerocket/pull/2732 -[#2738]: https://github.com/bottlerocket-os/bottlerocket/pull/2738 -[#2739]: https://github.com/bottlerocket-os/bottlerocket/pull/2739 - -# v1.11.1 (2022-11-28) - -## Security Fixes - -* Update NVIDIA driver for 5.10 and 5.15 to include recent security fixes ([74d2c5c13ab0][64f3967373a5]) -* Apply patch to systemd for CVE-2022-3821 ([#2611]) - -[74d2c5c13ab0]: https://github.com/bottlerocket-os/bottlerocket/commit/74d2c5c13ab0f6839b9849a9f058a70e82f6ffb8 -[64f3967373a5]: https://github.com/bottlerocket-os/bottlerocket/commit/64f3967373a53096219a73580fd81409c846266c -[#2611]: https://github.com/bottlerocket-os/bottlerocket/pull/2611 - -# v1.11.0 (2022-11-15) - -## OS Changes - -* Prevent a panic in `early-boot-config` when there is no IMDS region ([#2493]) -* Update grub to 2.06-42 ([#2503]) -* Bring back wicked support for matching interfaces via hardware address ([#2519]) -* Allow bootstrap containers to manage swap ([#2537]) -* Add `systemd-analyze` commands to troubleshooting log collection tool ([#2550]) -* Allow bootstrap containers to manage network configuration ([#2558]) -* Serialize bootconfig values correctly when the value is empty ([#2565]) -* Update zlib, libexpat, libdbus, docker-cli ([#2583]) -* Update host containers ([#2574]) -* Unmask /sys/firmware from host containers ([#2573]) - -## Orchestrator Changes - -### ECS - -* Add additional ECS API configurations ([#2527]) - * `ECS_CONTAINER_STOP_TIMEOUT` - * `ECS_ENGINE_TASK_CLEANUP_WAIT_DURATION` - * `ECS_TASK_METADATA_RPS_LIMIT` - * `ECS_RESERVED_MEMORY` - -### Kubernetes - -* Add a timeout when calling EKS for configuration values ([#2566]) -* Enable IAM Roles Anywhere with the k8s `ecr-credential-provider` plugin ([#2377], [#2553]) -* Kubernetes EKS-D updates - * v1.24.6 ([#2582]) - * v1.23.13 ([#2578]) - * v1.22.15 ([#2580], [#2490]) - -## Platform Changes - -### AWS - -* Add driver support for AWS variants in hybrid environments ([#2554]) - -## Build Changes - -* Add support for publishing to AWS organizations ([#2484]) -* Remove unnecessary dependencies when building grub ([#2495]) -* Switch to the latest Dockerfile frontend for builds ([#2496]) -* Prepare foundations for Secure Boot and image re-signing ([#2505]) -* Fix EFI file system to fit partition size ([#2528]) -* Add ShellCheck to `check-lints` for build scripts ([#2532]) -* Update the SDK to v0.28.0 ([#2543]) -* Use `rustls-native-certs` instead of `webpki-roots` ([#2551]) -* Handle absolute paths for output directory in kernel build script ([#2563]) - -## Documentation Changes - -* Add a Roadmap markdown file ([#2549]) - -[#2377]: https://github.com/bottlerocket-os/bottlerocket/pull/2377 -[#2484]: https://github.com/bottlerocket-os/bottlerocket/pull/2484 -[#2488]: https://github.com/bottlerocket-os/bottlerocket/pull/2488 -[#2490]: https://github.com/bottlerocket-os/bottlerocket/pull/2490 -[#2493]: https://github.com/bottlerocket-os/bottlerocket/pull/2493 -[#2495]: https://github.com/bottlerocket-os/bottlerocket/pull/2495 -[#2496]: https://github.com/bottlerocket-os/bottlerocket/pull/2496 -[#2503]: https://github.com/bottlerocket-os/bottlerocket/pull/2503 -[#2505]: https://github.com/bottlerocket-os/bottlerocket/pull/2505 -[#2519]: https://github.com/bottlerocket-os/bottlerocket/pull/2519 -[#2523]: https://github.com/bottlerocket-os/bottlerocket/pull/2523 -[#2527]: https://github.com/bottlerocket-os/bottlerocket/pull/2527 -[#2528]: https://github.com/bottlerocket-os/bottlerocket/pull/2528 -[#2532]: https://github.com/bottlerocket-os/bottlerocket/pull/2532 -[#2536]: https://github.com/bottlerocket-os/bottlerocket/pull/2536 -[#2537]: https://github.com/bottlerocket-os/bottlerocket/pull/2537 -[#2540]: https://github.com/bottlerocket-os/bottlerocket/pull/2540 -[#2541]: https://github.com/bottlerocket-os/bottlerocket/pull/2541 -[#2542]: https://github.com/bottlerocket-os/bottlerocket/pull/2542 -[#2543]: https://github.com/bottlerocket-os/bottlerocket/pull/2543 -[#2547]: https://github.com/bottlerocket-os/bottlerocket/pull/2547 -[#2549]: https://github.com/bottlerocket-os/bottlerocket/pull/2549 -[#2550]: https://github.com/bottlerocket-os/bottlerocket/pull/2550 -[#2551]: https://github.com/bottlerocket-os/bottlerocket/pull/2551 -[#2553]: https://github.com/bottlerocket-os/bottlerocket/pull/2553 -[#2554]: https://github.com/bottlerocket-os/bottlerocket/pull/2554 -[#2558]: https://github.com/bottlerocket-os/bottlerocket/pull/2558 -[#2563]: https://github.com/bottlerocket-os/bottlerocket/pull/2563 -[#2565]: https://github.com/bottlerocket-os/bottlerocket/pull/2565 -[#2566]: https://github.com/bottlerocket-os/bottlerocket/pull/2566 -[#2574]: https://github.com/bottlerocket-os/bottlerocket/pull/2574 -[#2573]: https://github.com/bottlerocket-os/bottlerocket/pull/2573 -[#2578]: https://github.com/bottlerocket-os/bottlerocket/pull/2578 -[#2580]: https://github.com/bottlerocket-os/bottlerocket/pull/2580 -[#2582]: https://github.com/bottlerocket-os/bottlerocket/pull/2582 -[#2583]: https://github.com/bottlerocket-os/bottlerocket/pull/2583 - -# v1.10.1 (2022-10-19) - -## OS Changes -* Support container runtime settings: enable-unprivileged-icmp, enable-unprivileged-ports, max-concurrent-downloads, max-container-log-line-size ([#2494]) -* Update EKS-D to 1.22-11 ([#2490]) -* Update EKS-D to 1.23-6 ([#2488]) - -[#2488]: https://github.com/bottlerocket-os/bottlerocket/pull/2488 -[#2490]: https://github.com/bottlerocket-os/bottlerocket/pull/2490 -[#2494]: https://github.com/bottlerocket-os/bottlerocket/pull/2494 - -# v1.10.0 (2022-10-10) - -## OS Changes -* Add optional settings to reboot into new kernel command line parameters ([#2375]) -* Support for static IP addressing ([#2204], [#2330], [#2445]) -* Add support for NVIDIA driver version 515 ([#2455]) -* Set mode for tmpfs mounts ([#2473]) -* Increase inotify default limits ([#2335]) -* Align `vm.max_map_count` with the EKS Optimized AMI ([#2344]) -* Add support for configuring DNS settings ([#2353]) -* Migrate `netdog` from `serde_xml_rs` to `quick-xml` ([#2311]) -* Support versioning for `net.toml` ([#2281]) -* Update admin and control container ([#2471], [#2472]) - -## Orchestrator Changes - -### ECS -* Add `cargo make` tasks for testing ECS variants ([#2348]) - -### Kubernetes - -* Add support for Kubernetes 1.24 variants ([#2437]) -* Remove Kubernetes aws-k8s-1.19 variants ([#2316]) -* Increase the kube-api-server QPS from 5/10 to 10/20 ([#2436], thanks @tzneal) -* Update eni-max-pods with new instance types ([#2416]) -* Add setting to change `kubelet`'s log level ([#2460], [#2470]) -* Add `cargo make` tasks to perform migration testing for Kubernetes variants in AWS ([#2273]) - -## Platform Changes - -### AWS -* Disable drivers for USB-attached network interfaces ([#2328]) - -### Metal -* Add driver support for Solarflare, Pensando, Myricom, Huawei, Emulex, Chelsio, Broadcom, AMD and Intel 10G+ network cards ([#2379]) - -## Build Changes -* Extend `external-files` to vendor go modules ([#2378], [#2403], [#2430]) -* Make `net_config` unit tests reusable across versions ([#2385]) -* Add `diff-kernel-config` to identify kernel config changes ([#2368]) -* Extended support for variants in buildsys ([#2339]) -* Clarify crossbeam license ([#2447]) -* Honor `BUILDSYS_ARCH` and `BUILDSYS_VARIANT` env variables when set ([#2425]) -* Use architecture specific json payloads in unit tests ([#2367], [#2363]) -* Add unified `check` target in `Makefile.toml` for review readiness ([#2384]) -* Update Go dependencies of first-party go projects ([#2424], [#2440], [#2450], [#2452], [#2456]) -* Update Rust dependencies ([#2458], [#2476]) -* Update third-party packages ([#2397], [#2398], [#2464], [#2465], thanks @kschumy) -* Update Bottlerocket SDK to 0.27.0 ([#2428]) -* Migrate `pubsys` and `infrasys` to the AWS SDK for Rust ([#2414], [#2415], [#2454]) -* Update `testsys` dependencies ([#2392]) -* Fix `hotdog`'s spec URL to the correct upstream link ([#2326]) -* Fix clippy warnings and enable lints on pull requests ([#2337], [#2346], [#2443]) -* Format issue field in PR template ([#2314]) - -## Documentation Changes -* Update checksum for new `root.json` ([#2405]) -* Mention that boot settings are available in Kubernetes 1.23 variants ([#2358]) -* Mention the need for AWS credentials in BUILDING.md and PUBLISHING-AWS.md ([#2334]) -* Add China to supported regions lists ([#2315]) -* Add community section to README.md ([#2305], [#2383]) -* Standardize `userdata.toml` as the filename used in different docs ([#2446]) -* Remove commit from image name in PROVISIONING-METAL.md ([#2312]) -* Add note to CONTRIBUTING.md that outlines filenames' casing ([#2306]) -* Fix typos in `Makefile.toml`, QUICKSTART-ECS.md, QUICKSTART-EKS.md, `netdog` and `prairiedog` ([#2318], thanks @kianmeng) -* Fix casing for GitHub and VMware in CHANGELOG.md ([#2329]) -* Fix typo in test setup command ([#2477]) -* Fix TESTING.md link typo ([#2438]) -* Fix positional `fetch-license` argument ([#2457]) - -[#2204]: https://github.com/bottlerocket-os/bottlerocket/pull/2204 -[#2273]: https://github.com/bottlerocket-os/bottlerocket/pull/2273 -[#2281]: https://github.com/bottlerocket-os/bottlerocket/pull/2281 -[#2305]: https://github.com/bottlerocket-os/bottlerocket/pull/2305 -[#2306]: https://github.com/bottlerocket-os/bottlerocket/pull/2306 -[#2311]: https://github.com/bottlerocket-os/bottlerocket/pull/2311 -[#2312]: https://github.com/bottlerocket-os/bottlerocket/pull/2312 -[#2314]: https://github.com/bottlerocket-os/bottlerocket/pull/2314 -[#2315]: https://github.com/bottlerocket-os/bottlerocket/pull/2315 -[#2316]: https://github.com/bottlerocket-os/bottlerocket/pull/2316 -[#2318]: https://github.com/bottlerocket-os/bottlerocket/pull/2318 -[#2326]: https://github.com/bottlerocket-os/bottlerocket/pull/2326 -[#2328]: https://github.com/bottlerocket-os/bottlerocket/pull/2328 -[#2329]: https://github.com/bottlerocket-os/bottlerocket/pull/2329 -[#2330]: https://github.com/bottlerocket-os/bottlerocket/pull/2330 -[#2334]: https://github.com/bottlerocket-os/bottlerocket/pull/2334 -[#2335]: https://github.com/bottlerocket-os/bottlerocket/pull/2335 -[#2337]: https://github.com/bottlerocket-os/bottlerocket/pull/2337 -[#2339]: https://github.com/bottlerocket-os/bottlerocket/pull/2339 -[#2344]: https://github.com/bottlerocket-os/bottlerocket/pull/2344 -[#2346]: https://github.com/bottlerocket-os/bottlerocket/pull/2346 -[#2348]: https://github.com/bottlerocket-os/bottlerocket/pull/2348 -[#2353]: https://github.com/bottlerocket-os/bottlerocket/pull/2353 -[#2358]: https://github.com/bottlerocket-os/bottlerocket/pull/2358 -[#2363]: https://github.com/bottlerocket-os/bottlerocket/pull/2363 -[#2367]: https://github.com/bottlerocket-os/bottlerocket/pull/2367 -[#2368]: https://github.com/bottlerocket-os/bottlerocket/pull/2368 -[#2375]: https://github.com/bottlerocket-os/bottlerocket/pull/2375 -[#2378]: https://github.com/bottlerocket-os/bottlerocket/pull/2378 -[#2379]: https://github.com/bottlerocket-os/bottlerocket/pull/2379 -[#2383]: https://github.com/bottlerocket-os/bottlerocket/pull/2383 -[#2384]: https://github.com/bottlerocket-os/bottlerocket/pull/2384 -[#2385]: https://github.com/bottlerocket-os/bottlerocket/pull/2385 -[#2392]: https://github.com/bottlerocket-os/bottlerocket/pull/2392 -[#2397]: https://github.com/bottlerocket-os/bottlerocket/pull/2397 -[#2398]: https://github.com/bottlerocket-os/bottlerocket/pull/2398 -[#2403]: https://github.com/bottlerocket-os/bottlerocket/pull/2403 -[#2405]: https://github.com/bottlerocket-os/bottlerocket/pull/2405 -[#2414]: https://github.com/bottlerocket-os/bottlerocket/pull/2414 -[#2415]: https://github.com/bottlerocket-os/bottlerocket/pull/2415 -[#2416]: https://github.com/bottlerocket-os/bottlerocket/pull/2416 -[#2424]: https://github.com/bottlerocket-os/bottlerocket/pull/2424 -[#2425]: https://github.com/bottlerocket-os/bottlerocket/pull/2425 -[#2428]: https://github.com/bottlerocket-os/bottlerocket/pull/2428 -[#2430]: https://github.com/bottlerocket-os/bottlerocket/pull/2430 -[#2436]: https://github.com/bottlerocket-os/bottlerocket/pull/2436 -[#2437]: https://github.com/bottlerocket-os/bottlerocket/pull/2437 -[#2438]: https://github.com/bottlerocket-os/bottlerocket/pull/2438 -[#2440]: https://github.com/bottlerocket-os/bottlerocket/pull/2440 -[#2443]: https://github.com/bottlerocket-os/bottlerocket/pull/2443 -[#2445]: https://github.com/bottlerocket-os/bottlerocket/pull/2445 -[#2446]: https://github.com/bottlerocket-os/bottlerocket/pull/2446 -[#2447]: https://github.com/bottlerocket-os/bottlerocket/pull/2447 -[#2450]: https://github.com/bottlerocket-os/bottlerocket/pull/2450 -[#2452]: https://github.com/bottlerocket-os/bottlerocket/pull/2452 -[#2454]: https://github.com/bottlerocket-os/bottlerocket/pull/2454 -[#2455]: https://github.com/bottlerocket-os/bottlerocket/pull/2455 -[#2456]: https://github.com/bottlerocket-os/bottlerocket/pull/2456 -[#2457]: https://github.com/bottlerocket-os/bottlerocket/pull/2457 -[#2458]: https://github.com/bottlerocket-os/bottlerocket/pull/2458 -[#2460]: https://github.com/bottlerocket-os/bottlerocket/pull/2460 -[#2464]: https://github.com/bottlerocket-os/bottlerocket/pull/2464 -[#2465]: https://github.com/bottlerocket-os/bottlerocket/pull/2465 -[#2470]: https://github.com/bottlerocket-os/bottlerocket/pull/2470 -[#2471]: https://github.com/bottlerocket-os/bottlerocket/pull/2471 -[#2472]: https://github.com/bottlerocket-os/bottlerocket/pull/2472 -[#2473]: https://github.com/bottlerocket-os/bottlerocket/pull/2473 -[#2476]: https://github.com/bottlerocket-os/bottlerocket/pull/2476 -[#2477]: https://github.com/bottlerocket-os/bottlerocket/pull/2477 - -# v1.9.2 (2022-08-31) - -## Build Changes - -* Archive old migrations ([#2357]) -* Update `runc` to version 1.1.4 ([#2380]) - -[#2357]: https://github.com/bottlerocket-os/bottlerocket/pull/2357 -[#2380]: https://github.com/bottlerocket-os/bottlerocket/pull/2380 - -# v1.9.1 (2022-08-17) - -## OS Changes - -* Change kernel module compression from zstd to xz ([#2323]) -* Update ECR registry map for new AWS regions ([#2336]) -* Add new regions to pause registry map ([#2349]) -* Update `tough` to v0.8.1 ([#2338]) - -[#2323]: https://github.com/bottlerocket-os/bottlerocket/pull/2323 -[#2336]: https://github.com/bottlerocket-os/bottlerocket/pull/2336 -[#2338]: https://github.com/bottlerocket-os/bottlerocket/pull/2338 -[#2349]: https://github.com/bottlerocket-os/bottlerocket/pull/2349 - -# v1.9.0 (2022-07-28) - -## OS Changes - -* SELinux policy now suppresses audit for tmpfs relabels ([#2222]) -* Restrict permissions for `/boot` and `System.map` ([#2223]) -* Remove unused crates `growpart` and `servicedog` ([#2238]) -* New mount in host containers for system logs ([#2295]) -* Apply strict mount options and enforce execution rules ([#2239]) -* Switch to a more commonly used syntax for disabling kernel config settings ([#2290]) -* Respect proxy settings when running setting generators ([#2227]) -* Add `NET_CAP_ADMIN` to bootstrap containers ([#2266]) -* Reduce log output for DHCP services ([#2260]) -* Fix invalid kernel config options ([#2269]) -* Improve support for container storage mounts ([#2240]) -* Disable uncommon filesystems and network protocols ([#2255]) -* Add support for blocking kernel modules ([#2274]) -* Fix `ntp` service restart when settings change ([#2270]) -* Add kernel 5.15 sources ([#2226]) -* Defer `squashfs` mounts to later in the boot process ([#2276]) -* Improve boot speed and rootfs size ([#2296]) -* Add "quiet" kernel parameter for some variants ([#2277]) - -## Orchestrator Changes - -### Kubernetes - -* Make new instance types available ([#2221] , thanks @cablespaghetti) -* Update Kubernetes versions ([#2230], [#2232], [#2262], [#2263], thanks @kschumy) -* Add kubelet image GC threshold settings ([#2219]) - -### ECS - -* Add iptables rules for ECS introspection server ([#2267]) - -## Platform Changes - -### AWS - -* Add support for AWS China regions ([#2224], [#2242], [#2247], [#2285]) -* Migrate to using `aws-sdk-rust` for first-party OS Rust packages ([#2300]) - -### VMware - -* Remove `console=ttyS0` from kernel params ([#2248]) - -### Metal - -* Enable Mellanox modules in 5.10 kernel ([#2241]) -* Add bnxt module for Broadcom 10/25Gb network adapters in 5.10 kernel ([#2243]) -* Split out baremetal specific config options ([#2264]) -* Add driver support for Cisco UCS platforms ([#2271]) -* Only build baremetal variant specific drivers for baremetal variants ([#2279]) -* Enable the metal-dev build for the ARM architecture ([#2272]) - -## Build Changes - -* Add Makefile targets to create and validate Boot Configuration ([#2189]) -* Create symlinks to images with friendly names ([#2215]) -* Add `start-local-vm` script ([#2194]) -* Add the testsys CLI and new cargo make tasks for testing aws-k8s variants ([#2165]) -* Update Rust and Go dependencies ([#2303], [#2299]) -* Update third-party packages ([#2309]) - -## Documentation Changes - -* Add NVIDIA ECS variant to README ([#2244]) -* Add documentation for metal variants ([#2205]) -* Add missing step in building packages guide ([#2259]) -* Add quickstart for running Bottlerocket in QEMU/KVM VMs ([#2280]) -* Address lints in README markdown caught by `markdownlint` ([#2283]) - -[#2165]: https://github.com/bottlerocket-os/bottlerocket/pull/2165 -[#2189]: https://github.com/bottlerocket-os/bottlerocket/pull/2189 -[#2194]: https://github.com/bottlerocket-os/bottlerocket/pull/2194 -[#2205]: https://github.com/bottlerocket-os/bottlerocket/pull/2205 -[#2215]: https://github.com/bottlerocket-os/bottlerocket/pull/2215 -[#2219]: https://github.com/bottlerocket-os/bottlerocket/pull/2219 -[#2221]: https://github.com/bottlerocket-os/bottlerocket/pull/2221 -[#2222]: https://github.com/bottlerocket-os/bottlerocket/pull/2222 -[#2223]: https://github.com/bottlerocket-os/bottlerocket/pull/2223 -[#2224]: https://github.com/bottlerocket-os/bottlerocket/pull/2224 -[#2226]: https://github.com/bottlerocket-os/bottlerocket/pull/2226 -[#2227]: https://github.com/bottlerocket-os/bottlerocket/pull/2227 -[#2230]: https://github.com/bottlerocket-os/bottlerocket/pull/2230 -[#2232]: https://github.com/bottlerocket-os/bottlerocket/pull/2232 -[#2238]: https://github.com/bottlerocket-os/bottlerocket/pull/2238 -[#2239]: https://github.com/bottlerocket-os/bottlerocket/pull/2239 -[#2240]: https://github.com/bottlerocket-os/bottlerocket/pull/2240 -[#2241]: https://github.com/bottlerocket-os/bottlerocket/pull/2241 -[#2242]: https://github.com/bottlerocket-os/bottlerocket/pull/2242 -[#2243]: https://github.com/bottlerocket-os/bottlerocket/pull/2243 -[#2244]: https://github.com/bottlerocket-os/bottlerocket/pull/2244 -[#2247]: https://github.com/bottlerocket-os/bottlerocket/pull/2247 -[#2248]: https://github.com/bottlerocket-os/bottlerocket/pull/2248 -[#2255]: https://github.com/bottlerocket-os/bottlerocket/pull/2255 -[#2259]: https://github.com/bottlerocket-os/bottlerocket/pull/2259 -[#2260]: https://github.com/bottlerocket-os/bottlerocket/pull/2260 -[#2262]: https://github.com/bottlerocket-os/bottlerocket/pull/2262 -[#2263]: https://github.com/bottlerocket-os/bottlerocket/pull/2263 -[#2264]: https://github.com/bottlerocket-os/bottlerocket/pull/2264 -[#2266]: https://github.com/bottlerocket-os/bottlerocket/pull/2266 -[#2267]: https://github.com/bottlerocket-os/bottlerocket/pull/2267 -[#2269]: https://github.com/bottlerocket-os/bottlerocket/pull/2269 -[#2270]: https://github.com/bottlerocket-os/bottlerocket/pull/2270 -[#2271]: https://github.com/bottlerocket-os/bottlerocket/pull/2271 -[#2272]: https://github.com/bottlerocket-os/bottlerocket/pull/2272 -[#2274]: https://github.com/bottlerocket-os/bottlerocket/pull/2274 -[#2276]: https://github.com/bottlerocket-os/bottlerocket/pull/2276 -[#2277]: https://github.com/bottlerocket-os/bottlerocket/pull/2277 -[#2279]: https://github.com/bottlerocket-os/bottlerocket/pull/2279 -[#2280]: https://github.com/bottlerocket-os/bottlerocket/pull/2280 -[#2283]: https://github.com/bottlerocket-os/bottlerocket/pull/2283 -[#2285]: https://github.com/bottlerocket-os/bottlerocket/pull/2285 -[#2290]: https://github.com/bottlerocket-os/bottlerocket/pull/2290 -[#2295]: https://github.com/bottlerocket-os/bottlerocket/pull/2295 -[#2296]: https://github.com/bottlerocket-os/bottlerocket/pull/2296 -[#2299]: https://github.com/bottlerocket-os/bottlerocket/pull/2299 -[#2300]: https://github.com/bottlerocket-os/bottlerocket/pull/2300 -[#2303]: https://github.com/bottlerocket-os/bottlerocket/pull/2303 -[#2309]: https://github.com/bottlerocket-os/bottlerocket/pull/2309 - -# v1.8.0 (2022-06-08) - -## OS Changes - -### General -* Update admin and control containers ([#2191]) -* Update to containerd 1.6.x ([#2158]) -* Restart container runtimes when certificates store changes ([#2076]) -* Add support for providing kernel parameters via Boot Configuration ([#1980]) -* Restart long-running systemd services on exit ([#2162]) -* Ignore zero blocks on dm-verity root ([#2169]) -* Add support for static DNS mappings in `/etc/hosts` ([#2129]) -* Enable network configuration generation via `netdog` ([#2066]) -* Add support for non-`eth0` default interfaces ([#2144]) -* Update to IMDS schema `2021-07-15` ([#2190]) - -### Kubernetes -* Add support for Kubernetes 1.23 variants ([#2188]) -* Improve Kubernetes pod start times by unsetting `configMapAndSecretChangeDetectionStrategy` in kubelet config ([#2166]) -* Add new setting for configuring kubelet's `provider-id` configuration ([#2192]) -* Add new setting for configuring kubelet's `podPidsLimit` configuration ([#2138]) -* Allow a list of IP addresses in `settings.kubernetes.cluster-dns-ip` ([#2176]) -* Set the default for `settings.kubernetes.cloud-provider` on metal variants to an empty string ([#2188]) -* Add c7g instance data for max pods calculation in AWS variants ([#2107], thanks, @lizthegrey!) - -### ECS -* Add aws-ecs-1-nvidia variant with Nvidia driver support ([#2128], [#2100], [#2098], [#2167], [#2097], [#2090], [#2099]) -* Add support for ECS ImagePullBehavior and WarmPoolsSupport ([#2063], thanks, @mello7tre!) - -### Hardware -* Build smartpqi driver for Microchip Smart Storage devices into 5.10 kernel ([#2184]) -* Add support for Broadcom ethernet cards in 5.10 kernel ([#2143]) -* Add support for MegaRAID SAS in 5.10 kernel ([#2133]) - -## Build Changes -* Remove aws-k8s-1.18 variant ([#2044], [#2092]) -* Update third-party packages ([#2178], [#2187], [#2145]) -* Update Rust and Go dependencies ([#2183], [#2181], [#2180], [#2085], [#2110], [#2068], [#2075], [#2074], [#2048], [#2059], [#2049], [#2036], [#2033]) -* Update Bottlerocket SDK to 0.26.0 ([#2157]) -* Speed up kernel builds by installing headers and modules in parallel ([#2185]) -* Removed unused patch from Docker CLI ([#2030], thanks, @thaJeztah!) - -## Documentation Changes -* Standardize README generation in buildsys ([#2134]) -* Clarify migration README ([#2141]) -* Fix typos in BUILDING.md and QUICKSTART-VMWARE.md ([#2159], thanks, @ryanrussell!) -* Add additional documentation for using GPUs with Kubernetes variants ([#2078]) -* Document examples for using `enter-admin-container` ([#2028]) - -[#1980]: https://github.com/bottlerocket-os/bottlerocket/pull/1980 -[#2028]: https://github.com/bottlerocket-os/bottlerocket/pull/2028 -[#2030]: https://github.com/bottlerocket-os/bottlerocket/pull/2030 -[#2033]: https://github.com/bottlerocket-os/bottlerocket/pull/2033 -[#2036]: https://github.com/bottlerocket-os/bottlerocket/pull/2036 -[#2044]: https://github.com/bottlerocket-os/bottlerocket/pull/2044 -[#2048]: https://github.com/bottlerocket-os/bottlerocket/pull/2048 -[#2049]: https://github.com/bottlerocket-os/bottlerocket/pull/2049 -[#2059]: https://github.com/bottlerocket-os/bottlerocket/pull/2059 -[#2063]: https://github.com/bottlerocket-os/bottlerocket/pull/2063 -[#2066]: https://github.com/bottlerocket-os/bottlerocket/pull/2066 -[#2068]: https://github.com/bottlerocket-os/bottlerocket/pull/2068 -[#2074]: https://github.com/bottlerocket-os/bottlerocket/pull/2074 -[#2075]: https://github.com/bottlerocket-os/bottlerocket/pull/2075 -[#2076]: https://github.com/bottlerocket-os/bottlerocket/pull/2076 -[#2078]: https://github.com/bottlerocket-os/bottlerocket/pull/2078 -[#2085]: https://github.com/bottlerocket-os/bottlerocket/pull/2085 -[#2090]: https://github.com/bottlerocket-os/bottlerocket/pull/2090 -[#2092]: https://github.com/bottlerocket-os/bottlerocket/pull/2092 -[#2097]: https://github.com/bottlerocket-os/bottlerocket/pull/2097 -[#2098]: https://github.com/bottlerocket-os/bottlerocket/pull/2098 -[#2099]: https://github.com/bottlerocket-os/bottlerocket/pull/2099 -[#2100]: https://github.com/bottlerocket-os/bottlerocket/pull/2100 -[#2107]: https://github.com/bottlerocket-os/bottlerocket/pull/2107 -[#2110]: https://github.com/bottlerocket-os/bottlerocket/pull/2110 -[#2128]: https://github.com/bottlerocket-os/bottlerocket/pull/2128 -[#2129]: https://github.com/bottlerocket-os/bottlerocket/pull/2129 -[#2133]: https://github.com/bottlerocket-os/bottlerocket/pull/2133 -[#2134]: https://github.com/bottlerocket-os/bottlerocket/pull/2134 -[#2138]: https://github.com/bottlerocket-os/bottlerocket/pull/2138 -[#2141]: https://github.com/bottlerocket-os/bottlerocket/pull/2141 -[#2142]: https://github.com/bottlerocket-os/bottlerocket/pull/2142 -[#2143]: https://github.com/bottlerocket-os/bottlerocket/pull/2143 -[#2144]: https://github.com/bottlerocket-os/bottlerocket/pull/2144 -[#2145]: https://github.com/bottlerocket-os/bottlerocket/pull/2145 -[#2146]: https://github.com/bottlerocket-os/bottlerocket/pull/2146 -[#2157]: https://github.com/bottlerocket-os/bottlerocket/pull/2157 -[#2158]: https://github.com/bottlerocket-os/bottlerocket/pull/2158 -[#2159]: https://github.com/bottlerocket-os/bottlerocket/pull/2159 -[#2162]: https://github.com/bottlerocket-os/bottlerocket/pull/2162 -[#2166]: https://github.com/bottlerocket-os/bottlerocket/pull/2166 -[#2167]: https://github.com/bottlerocket-os/bottlerocket/pull/2167 -[#2169]: https://github.com/bottlerocket-os/bottlerocket/pull/2169 -[#2176]: https://github.com/bottlerocket-os/bottlerocket/pull/2176 -[#2178]: https://github.com/bottlerocket-os/bottlerocket/pull/2178 -[#2180]: https://github.com/bottlerocket-os/bottlerocket/pull/2180 -[#2181]: https://github.com/bottlerocket-os/bottlerocket/pull/2181 -[#2183]: https://github.com/bottlerocket-os/bottlerocket/pull/2183 -[#2184]: https://github.com/bottlerocket-os/bottlerocket/pull/2184 -[#2185]: https://github.com/bottlerocket-os/bottlerocket/pull/2185 -[#2187]: https://github.com/bottlerocket-os/bottlerocket/pull/2187 -[#2188]: https://github.com/bottlerocket-os/bottlerocket/pull/2188 -[#2190]: https://github.com/bottlerocket-os/bottlerocket/pull/2190 -[#2191]: https://github.com/bottlerocket-os/bottlerocket/pull/2191 -[#2192]: https://github.com/bottlerocket-os/bottlerocket/pull/2192 - -# v1.7.2 (2022-04-22) - -## Security Fixes - -* Update kernel-5.4 to patch CVE-2022-1015, CVE-2022-1016, CVE-2022-25636, CVE-2022-26490, CVE-2022-27666, CVE-2022-28356 ([a3b4674f7108][a3b4674f7108]) -* Update kernel-5.10 to patch CVE-2022-1015, CVE-2022-1016, CVE-2022-25636, CVE-2022-1048, CVE-2022-26490, CVE-2022-27666, CVE-2022-28356 ([37095415bab6][37095415bab6]) - -## OS Changes - -* Update eni-max-pods with new instance types ([#2079]) -* Add support for AWS region ap-southeast-3: Jakarta ([#2080]) - -[a3b4674f7108]: https://github.com/bottlerocket-os/bottlerocket/commit/a3b4674f7108a7f69f108a011042be2a5b91e563 -[37095415bab6]: https://github.com/bottlerocket-os/bottlerocket/commit/37095415bab67a24240d95b59c7bf20a112d7ae1 -[#2079]: https://github.com/bottlerocket-os/bottlerocket/pull/2079 -[#2080]: https://github.com/bottlerocket-os/bottlerocket/pull/2080 - -# v1.7.1 (2022-04-05) - -## Security Fixes - -* Apply patch to hotdog for CVE-2022-0071 ([1a3f35b2fe8e][1a3f35b2fe8e]) - -## OS Changes - -* Enable checkpoint restore (`CONFIG_CHECKPOINT_RESTORE`) for aarch64 ([6e3d6ed4b83e][6e3d6ed4b83e]) - -[1a3f35b2fe8e]: https://github.com/bottlerocket-os/bottlerocket/commit/1a3f35b2fe8ed9a7078e43940545dc941c5de99f -[6e3d6ed4b83e]: https://github.com/bottlerocket-os/bottlerocket/commit/6e3d6ed4b83ecefa5de5885f8c4a30cd9df8b689 - -# v1.7.0 (2022-03-30) - -With this release, an inventory of software installed in Bottlerocket will now be reported to SSM if the control container is in use and inventorying has been enabled. - -## OS Changes - -* Generate host software inventory and make it available to host containers ([#1996]) -* Update admin and control containers ([#2014]) - -## Build Changes - -* Update third-party packages ([#1977], [#1983], [#1987], [#1992], [#2022]) -* Update Rust and Go dependencies ([#2016], [#2019]) -* Makefile: lock tuftool version ([#2009]) -* Fix tmpfilesd configuration for kmod-5.10-nvidia ([#2020]) - -## Documentation Changes - -* Fix tuftool download instruction in VMware Quickstart ([#1994]) -* Explain data partition extension ([#2013]) - -[#1977]: https://github.com/bottlerocket-os/bottlerocket/pull/1977 -[#1983]: https://github.com/bottlerocket-os/bottlerocket/pull/1983 -[#1987]: https://github.com/bottlerocket-os/bottlerocket/pull/1987 -[#1992]: https://github.com/bottlerocket-os/bottlerocket/pull/1992 -[#1994]: https://github.com/bottlerocket-os/bottlerocket/pull/1994 -[#1996]: https://github.com/bottlerocket-os/bottlerocket/pull/1996 -[#2009]: https://github.com/bottlerocket-os/bottlerocket/pull/2009 -[#2013]: https://github.com/bottlerocket-os/bottlerocket/pull/2013 -[#2014]: https://github.com/bottlerocket-os/bottlerocket/pull/2014 -[#2016]: https://github.com/bottlerocket-os/bottlerocket/pull/2016 -[#2019]: https://github.com/bottlerocket-os/bottlerocket/pull/2019 -[#2020]: https://github.com/bottlerocket-os/bottlerocket/pull/2020 -[#2022]: https://github.com/bottlerocket-os/bottlerocket/pull/2022 - -# v1.6.2 (2022-03-08) - -With this release, the vmware-k8s variants have graduated from preview status and are now generally available. -:tada: - -## Security Fixes - -* Update kernel-5.4 and kernel-5.10 to include recent security fixes ([a8e4a20ca7d1][a8e4a20ca7d1], [3d0c10abeecb][3d0c10abeecb]) - -## OS Changes - -* Add support for Kubernetes 1.22 variants ([#1962]) -* Add settings support for registry credentials ([#1955]) -* Add support for AWS CloudFormation signaling ([#1728], thanks, @mello7tre!) -* Add TCMU support to the kernel ([#1953], thanks, @cvlc!) -* Fix issue with closing frame construction in apiserver ([#1948]) - -## Build Changes - -* Fix dead code warning during build in netdog ([#1949]) - -## Documentation Changes - -* Correct variable name in bootstrap-containers/README.md ([#1959], thanks, @dangen-effy!) -* Add art to the console ([#1970]) - -[a8e4a20ca7d1]: https://github.com/bottlerocket-os/bottlerocket/commit/a8e4a20ca7d1dde4e8b5f679e4e11d9687b6ef09 -[3d0c10abeecb]: https://github.com/bottlerocket-os/bottlerocket/commit/3d0c10abeecb9f69b6ec598fd5137cb146a46b6e -[#1728]: https://github.com/bottlerocket-os/bottlerocket/pull/1728 -[#1948]: https://github.com/bottlerocket-os/bottlerocket/pull/1948 -[#1949]: https://github.com/bottlerocket-os/bottlerocket/pull/1949 -[#1953]: https://github.com/bottlerocket-os/bottlerocket/pull/1953 -[#1955]: https://github.com/bottlerocket-os/bottlerocket/pull/1955 -[#1959]: https://github.com/bottlerocket-os/bottlerocket/pull/1959 -[#1962]: https://github.com/bottlerocket-os/bottlerocket/pull/1962 -[#1970]: https://github.com/bottlerocket-os/bottlerocket/pull/1970 - -# v1.6.1 (2022-03-02) - -## Security Fixes - -* Apply patch to containerd for CVE-2022-23648 ([0de1b39efa64][0de1b39efa64]) -* Update kernel-5.4 and kernel-5.10 to include recent security fixes ([#1973]) - -[0de1b39efa64]: https://github.com/bottlerocket-os/bottlerocket/commit/0de1b39efa6437fa57388918e1554174ca2f02e4 -[#1973]: https://github.com/bottlerocket-os/bottlerocket/pull/1973 - -# v1.6.0 (2022-02-07) - -## Deprecation Notice - -The Kubernetes 1.18 variant, `aws-k8s-1.18`, will lose support in March 2022. -Kubernetes 1.18 is no longer receiving support upstream. -We recommend replacing `aws-k8s-1.18` nodes with a later variant, preferably `aws-k8s-1.21` if your cluster supports it. -See [this issue](https://github.com/bottlerocket-os/bottlerocket/issues/1942) for more details. - -## Security Fixes - -* Apply patch to the kernel for CVE-2022-0492 ([#1943]) - -## OS Changes -* Add aws-k8s-1.21-nvidia variant with Nvidia driver support ([#1859], [#1860], [#1861], [#1862], [#1900], [#1912], [#1915], [#1916], [#1928]) -* Add metal-k8s-1.21 variant with support for running on bare metal ([#1904]) -* Update host containers to the latest version ([#1939]) -* Add driverdog, a configuration-driven utility for linking kernel modules at runtime ([#1867]) -* Kubernetes: Fix a potential inconsistency with IPv6 node-ip comparisons ([#1932]) -* Allow setting multiple Kubernetes node taints with the same key ([#1906]) -* Fix a bug which would prevent Bottlerocket from booting when setting `container-registry` to an empty table ([#1910]) -* Add `/etc/bottlerocket-release` to host containers ([#1883]) -* Send grub output to the local console on BIOS systems ([#1894]) -* Fix minor issues with systemd units ([#1889]) - -## Build Changes -* Update third-party packages ([#1936]) -* Update Rust dependencies ([#1940]) -* Update Go dependencies of `host-ctr` ([#1938]) -* Add the ability to fetch licenses at build time ([#1901]) -* Pin tuftool to a specific version ([#1940]) - -## Documentation Changes -* Add a no-proxy setting example to the README ([#1765] thanks, @mrajashree!) -* Document variant `image-layout` options in the README ([#1896]) - - -[#1765]: https://github.com/bottlerocket-os/bottlerocket/pull/1765 -[#1859]: https://github.com/bottlerocket-os/bottlerocket/pull/1859 -[#1860]: https://github.com/bottlerocket-os/bottlerocket/pull/1860 -[#1861]: https://github.com/bottlerocket-os/bottlerocket/pull/1861 -[#1862]: https://github.com/bottlerocket-os/bottlerocket/pull/1862 -[#1867]: https://github.com/bottlerocket-os/bottlerocket/pull/1867 -[#1883]: https://github.com/bottlerocket-os/bottlerocket/pull/1883 -[#1889]: https://github.com/bottlerocket-os/bottlerocket/pull/1889 -[#1894]: https://github.com/bottlerocket-os/bottlerocket/pull/1894 -[#1896]: https://github.com/bottlerocket-os/bottlerocket/pull/1896 -[#1900]: https://github.com/bottlerocket-os/bottlerocket/pull/1900 -[#1901]: https://github.com/bottlerocket-os/bottlerocket/pull/1901 -[#1904]: https://github.com/bottlerocket-os/bottlerocket/pull/1904 -[#1906]: https://github.com/bottlerocket-os/bottlerocket/pull/1906 -[#1910]: https://github.com/bottlerocket-os/bottlerocket/pull/1910 -[#1912]: https://github.com/bottlerocket-os/bottlerocket/pull/1912 -[#1915]: https://github.com/bottlerocket-os/bottlerocket/pull/1915 -[#1916]: https://github.com/bottlerocket-os/bottlerocket/pull/1916 -[#1928]: https://github.com/bottlerocket-os/bottlerocket/pull/1928 -[#1932]: https://github.com/bottlerocket-os/bottlerocket/pull/1932 -[#1936]: https://github.com/bottlerocket-os/bottlerocket/pull/1936 -[#1938]: https://github.com/bottlerocket-os/bottlerocket/pull/1938 -[#1939]: https://github.com/bottlerocket-os/bottlerocket/pull/1939 -[#1940]: https://github.com/bottlerocket-os/bottlerocket/pull/1940 -[#1943]: https://github.com/bottlerocket-os/bottlerocket/pull/1943 - -# v1.5.3 (2022-01-25) - -## Security Fixes -* Update Bottlerocket SDK to 0.25.1 for Rust 1.58.1 ([#1918]) -* Update kernel-5.4 and kernel-5.10 to include recent security fixes ([#1921]) -* Migrate host-container to the latest version for vmware variants ([#1898]) - -## OS Changes -* Fix an issue which could impair nodes in Kubernetes 1.21 IPv6 clusters ([#1925]) - -[#1898]: https://github.com/bottlerocket-os/bottlerocket/pull/1898 -[#1918]: https://github.com/bottlerocket-os/bottlerocket/pull/1918 -[#1921]: https://github.com/bottlerocket-os/bottlerocket/pull/1921 -[#1925]: https://github.com/bottlerocket-os/bottlerocket/pull/1925 - -# v1.5.2 (2022-01-05) - -## Security Fixes -* Update containerd for CVE-2021-43816 ([8f085929588a][8f085929588a]) - -[8f085929588a]: https://github.com/bottlerocket-os/bottlerocket/commit/8f085929588a3f0cd575f865dd6f04f96a97e923 - -# v1.5.1 (2021-12-23) - -## Security Fixes -* Update hotdog to the latest release. Hotdog now mimics the permissions of the target JVM process ([#1884]) - -## OS Changes -* Updated host containers to the latest version ([#1881], [#1882]) - -[#1881]: https://github.com/bottlerocket-os/bottlerocket/pull/1881 -[#1882]: https://github.com/bottlerocket-os/bottlerocket/pull/1882 -[#1884]: https://github.com/bottlerocket-os/bottlerocket/pull/1884 - -# v1.5.0 (2021-12-17) - -## Security Enhancements -* Add the ability to hotpatch log4j for CVE-2021-44228 in running containers ([#1872], [#1871], [#1869]) - -## OS Changes -* Enable configuration for OCI hooks in the container lifecycle ([#1868]) -* Retry all failed requests to IMDS ([#1841]) -* Enable node feature discovery for Kubernetes device plugins ([#1863]) -* Add `apiclient get` subcommand for simple API retrieval ([#1836]) -* Add support for CPU microcode updates ([#1827]) -* Consistently support API prefix queries ([#1835]) - -## Build Changes -* Add support for custom image sizes ([#1826]) -* Add support for unifying the OS and data partitions on a single disk ([#1870]) - -## Documentation Changes -* Fixed typo in the README ([#1847] thanks, PascalBourdier!) - -[#1826]:https://github.com/bottlerocket-os/bottlerocket/pull/1826 -[#1827]:https://github.com/bottlerocket-os/bottlerocket/pull/1827 -[#1835]:https://github.com/bottlerocket-os/bottlerocket/pull/1835 -[#1836]:https://github.com/bottlerocket-os/bottlerocket/pull/1836 -[#1841]:https://github.com/bottlerocket-os/bottlerocket/pull/1841 -[#1847]:https://github.com/bottlerocket-os/bottlerocket/pull/1847 -[#1863]:https://github.com/bottlerocket-os/bottlerocket/pull/1863 -[#1868]:https://github.com/bottlerocket-os/bottlerocket/pull/1868 -[#1869]:https://github.com/bottlerocket-os/bottlerocket/pull/1869 -[#1870]:https://github.com/bottlerocket-os/bottlerocket/pull/1870 -[#1871]:https://github.com/bottlerocket-os/bottlerocket/pull/1871 -[#1872]:https://github.com/bottlerocket-os/bottlerocket/pull/1872 - -# v1.4.2 (2021-12-02) - -## Security Fixes - -* Update default [admin](https://github.com/bottlerocket-os/bottlerocket-admin-container/releases/tag/v0.7.3) and [control](https://github.com/bottlerocket-os/bottlerocket-control-container/releases/tag/v0.5.3) host containers to address CVE-2021-43527 ([#1852]) -* Update kernel-5.4 and kernel-5.10 to include recent security fixes. ([#1851]) - -## Build Changes - -* Update containerd (to v1.5.8) and Docker (to v20.10.11) ([#1851]) - -[#1851]: https://github.com/bottlerocket-os/bottlerocket/pull/1851 -[#1852]: https://github.com/bottlerocket-os/bottlerocket/pull/1852 - -# v1.4.1 (2021-11-18) - -## Security Fixes - -* Apply patches to docker and containerd for CVE-2021-41190 ([#1832], [#1833]) - -## Build Changes - -* Update Bottlerocket SDK to 0.23.1 ([#1831]) - -[#1831]: https://github.com/bottlerocket-os/bottlerocket/pull/1831 -[#1832]: https://github.com/bottlerocket-os/bottlerocket/pull/1832 -[#1833]: https://github.com/bottlerocket-os/bottlerocket/pull/1833 - - -# v1.4.0 (2021-11-12) - -## OS Changes - -* Add 'apiclient exec' for running commands in host containers ([#1802], [#1790]) -* Improve boot performance ([#1809]) -* Add support for wildcard container registry mirrors ([#1791], [#1818]) -* Wait up to 300s for a DHCP lease at boot ([#1800]) -* Retry if fetching the IMDS session token fails ([#1801]) -* Add ECR account IDs for pulling host containers in GovCloud ([#1793]) -* Filter sensitive API settings from `logdog` dump ([#1777]) -* Fix kubelet standalone mode ([#1783]) - -## Build Changes - -* Remove aws-k8s-1.17 variant ([#1807]) -* Update Bottlerocket SDK to 0.23 ([#1779]) -* Update third-party packages ([#1816]) -* Update Rust dependencies ([#1810]) -* Update Go dependencies of `host-ctr` ([#1775], [#1774]) -* Prevent spurious rebuilds of the model package ([#1808]) -* Add disk image files to TUF repo ([#1787]) -* Vendor wicked service units ([#1798]) -* Add CI check for Rust code formatting ([#1782]) -* Allow overriding the AMI data file suffix ([#1784]) - -## Documentation Changes - -* Update cargo-make commands to work with newest cargo-make ([#1797]) - -[#1774]: https://github.com/bottlerocket-os/bottlerocket/pull/1774 -[#1775]: https://github.com/bottlerocket-os/bottlerocket/pull/1775 -[#1777]: https://github.com/bottlerocket-os/bottlerocket/pull/1777 -[#1779]: https://github.com/bottlerocket-os/bottlerocket/pull/1779 -[#1782]: https://github.com/bottlerocket-os/bottlerocket/pull/1782 -[#1783]: https://github.com/bottlerocket-os/bottlerocket/pull/1783 -[#1784]: https://github.com/bottlerocket-os/bottlerocket/pull/1784 -[#1787]: https://github.com/bottlerocket-os/bottlerocket/pull/1787 -[#1790]: https://github.com/bottlerocket-os/bottlerocket/pull/1790 -[#1791]: https://github.com/bottlerocket-os/bottlerocket/pull/1791 -[#1793]: https://github.com/bottlerocket-os/bottlerocket/pull/1793 -[#1797]: https://github.com/bottlerocket-os/bottlerocket/pull/1797 -[#1798]: https://github.com/bottlerocket-os/bottlerocket/pull/1798 -[#1800]: https://github.com/bottlerocket-os/bottlerocket/pull/1800 -[#1801]: https://github.com/bottlerocket-os/bottlerocket/pull/1801 -[#1802]: https://github.com/bottlerocket-os/bottlerocket/pull/1802 -[#1807]: https://github.com/bottlerocket-os/bottlerocket/pull/1807 -[#1808]: https://github.com/bottlerocket-os/bottlerocket/pull/1808 -[#1809]: https://github.com/bottlerocket-os/bottlerocket/pull/1809 -[#1810]: https://github.com/bottlerocket-os/bottlerocket/pull/1810 -[#1816]: https://github.com/bottlerocket-os/bottlerocket/pull/1816 -[#1818]: https://github.com/bottlerocket-os/bottlerocket/pull/1818 - -# v1.3.0 (2021-10-06) - -## Deprecation Notice - -The Kubernetes 1.17 variant, `aws-k8s-1.17`, will lose support in November, 2021. -Kubernetes 1.17 is no longer receiving support upstream. -We recommend replacing `aws-k8s-1.17` nodes with a later variant, preferably `aws-k8s-1.21` if your cluster supports it. -See [this issue](https://github.com/bottlerocket-os/bottlerocket/issues/1772) for more details. - -## Security Fixes - -* Apply patches to docker and containerd for CVE-2021-41089, CVE-2021-41091, CVE-2021-41092, and CVE-2021-41103 ([#1769]) - -## OS Changes - -* Add MCS constraints to the SELinux policy ([#1733]) -* Support IPv6 in kubelet and pluto ([#1710]) -* Add region flag to aws-iam-authenticator command ([#1762]) -* Restart modified host containers ([#1722]) -* Add more detail to /etc/os-release ([#1749]) -* Add an entry to `/etc/hosts` for the current hostname ([#1713], [#1746]) -* Update default control container to v0.5.2 ([#1730]) -* Fix various SELinux policy issues ([#1729]) -* Update eni-max-pods with new instance types ([#1724], thanks @samjo-nyang!) -* Add cilium device filters to open-vm-tools ([#1718]) -* Implement hybrid boot support for x86_64 ([#1701]) -* Include `/var/log/kdump` in logdog tarballs ([#1695]) -* Use runtime.slice and system.slice cgroup settings in k8s variants ([#1684], thanks @cyrus-mc!) - -## Build Changes - -* Update third-party packages ([#1701], [#1716], [#1732], [#1755], [#1763], [#1767]) -* Update Rust dependencies ([#1707], [#1750], [#1751]) -* Add wave definition for slow deployment ([#1734]) -* Add 'infrasys' for creating TUF infra in AWS ([#1723]) -* Make OVF file first in the OVA bundle ([#1719]) -* Raise pubsys messages to 'warn' if AMI exists or repo doesn't ([#1708]) -* Add constants crate ([#1709]) -* Add release URLs to package definitions ([#1748]) -* Add *.src.rpm to packages/.gitignore ([#1768]) -* Archive old migrations ([#1699]) - -## Documentation Changes - -* Mention static pods in the security guidance around API access ([#1766]) -* Fix link to issue labels ([#1764], thanks @andrewhsu!) -* Fix broken link for TLS bootstrapping ([#1758]) -* Update hash for v3 root.json ([#1757]) -* Update example version to v1.2.0 in QUICKSTART-VMWARE ([#1741], thanks @yuvalk!) -* Clarify default kernel lockdown settings per variant ([#1704]) - -[#1684]: https://github.com/bottlerocket-os/bottlerocket/pull/1684 -[#1695]: https://github.com/bottlerocket-os/bottlerocket/pull/1695 -[#1699]: https://github.com/bottlerocket-os/bottlerocket/pull/1699 -[#1701]: https://github.com/bottlerocket-os/bottlerocket/pull/1701 -[#1701]: https://github.com/bottlerocket-os/bottlerocket/pull/1701 -[#1704]: https://github.com/bottlerocket-os/bottlerocket/pull/1704 -[#1707]: https://github.com/bottlerocket-os/bottlerocket/pull/1707 -[#1708]: https://github.com/bottlerocket-os/bottlerocket/pull/1708 -[#1709]: https://github.com/bottlerocket-os/bottlerocket/pull/1709 -[#1710]: https://github.com/bottlerocket-os/bottlerocket/pull/1710 -[#1713]: https://github.com/bottlerocket-os/bottlerocket/pull/1713 -[#1716]: https://github.com/bottlerocket-os/bottlerocket/pull/1716 -[#1718]: https://github.com/bottlerocket-os/bottlerocket/pull/1718 -[#1719]: https://github.com/bottlerocket-os/bottlerocket/pull/1719 -[#1722]: https://github.com/bottlerocket-os/bottlerocket/pull/1722 -[#1723]: https://github.com/bottlerocket-os/bottlerocket/pull/1723 -[#1724]: https://github.com/bottlerocket-os/bottlerocket/pull/1724 -[#1729]: https://github.com/bottlerocket-os/bottlerocket/pull/1729 -[#1730]: https://github.com/bottlerocket-os/bottlerocket/pull/1730 -[#1732]: https://github.com/bottlerocket-os/bottlerocket/pull/1732 -[#1733]: https://github.com/bottlerocket-os/bottlerocket/pull/1733 -[#1734]: https://github.com/bottlerocket-os/bottlerocket/pull/1734 -[#1741]: https://github.com/bottlerocket-os/bottlerocket/pull/1741 -[#1746]: https://github.com/bottlerocket-os/bottlerocket/pull/1746 -[#1748]: https://github.com/bottlerocket-os/bottlerocket/pull/1748 -[#1749]: https://github.com/bottlerocket-os/bottlerocket/pull/1749 -[#1750]: https://github.com/bottlerocket-os/bottlerocket/pull/1750 -[#1751]: https://github.com/bottlerocket-os/bottlerocket/pull/1751 -[#1755]: https://github.com/bottlerocket-os/bottlerocket/pull/1755 -[#1757]: https://github.com/bottlerocket-os/bottlerocket/pull/1757 -[#1758]: https://github.com/bottlerocket-os/bottlerocket/pull/1758 -[#1762]: https://github.com/bottlerocket-os/bottlerocket/pull/1762 -[#1763]: https://github.com/bottlerocket-os/bottlerocket/pull/1763 -[#1764]: https://github.com/bottlerocket-os/bottlerocket/pull/1764 -[#1766]: https://github.com/bottlerocket-os/bottlerocket/pull/1766 -[#1767]: https://github.com/bottlerocket-os/bottlerocket/pull/1767 -[#1768]: https://github.com/bottlerocket-os/bottlerocket/pull/1768 -[#1769]: https://github.com/bottlerocket-os/bottlerocket/pull/1769 - -# v1.2.1 (2021-09-16) - -## Security fixes - -* Update Kubernetes for CVE-2021-25741 ([#1753]) - -[#1753]: https://github.com/bottlerocket-os/bottlerocket/pull/1753 - -# v1.2.0 (2021-08-06) - -## OS Changes - -* Add settings for kubelet topologyManagerPolicy and topologyManagerScope ([#1659]) -* Add support for container image registry mirrors ([#1629]) -* Add support for custom CA certificates ([#1654]) -* Add a setting for configuring hostname ([#1664], [#1680], [#1693]) -* Avoid wildcard for applying rp_filter to interfaces ([#1677]) -* Update default admin container to v0.7.2 ([#1685]) - -## Build Changes - -* Add support for zstd compressed kernel ([#1668], [#1689]) -* Add support for uploading OVAs to VMware ([#1622]) -* Update default built variant to aws-k8s-1.21 ([#1686]) -* Remove aws-k8s-1.16 variant ([#1658]) -* Move migrations from v1.1.5 to v1.2.0 ([#1682]) -* Update third-party packages ([#1676]) -* Update host-ctr dependencies ([#1669]) -* Update Rust dependencies ([#1655], [#1683], [#1687]) - -## Documentation Changes - -* Fix typo in README ([#1652], **thanks @faultymonk!**) - -[#1622]: https://github.com/bottlerocket-os/bottlerocket/pull/1622 -[#1629]: https://github.com/bottlerocket-os/bottlerocket/pull/1629 -[#1652]: https://github.com/bottlerocket-os/bottlerocket/pull/1652 -[#1654]: https://github.com/bottlerocket-os/bottlerocket/pull/1654 -[#1655]: https://github.com/bottlerocket-os/bottlerocket/pull/1655 -[#1658]: https://github.com/bottlerocket-os/bottlerocket/pull/1658 -[#1659]: https://github.com/bottlerocket-os/bottlerocket/pull/1659 -[#1664]: https://github.com/bottlerocket-os/bottlerocket/pull/1664 -[#1668]: https://github.com/bottlerocket-os/bottlerocket/pull/1668 -[#1669]: https://github.com/bottlerocket-os/bottlerocket/pull/1669 -[#1676]: https://github.com/bottlerocket-os/bottlerocket/pull/1676 -[#1677]: https://github.com/bottlerocket-os/bottlerocket/pull/1677 -[#1680]: https://github.com/bottlerocket-os/bottlerocket/pull/1680 -[#1682]: https://github.com/bottlerocket-os/bottlerocket/pull/1682 -[#1683]: https://github.com/bottlerocket-os/bottlerocket/pull/1683 -[#1685]: https://github.com/bottlerocket-os/bottlerocket/pull/1685 -[#1686]: https://github.com/bottlerocket-os/bottlerocket/pull/1686 -[#1687]: https://github.com/bottlerocket-os/bottlerocket/pull/1687 -[#1689]: https://github.com/bottlerocket-os/bottlerocket/pull/1689 -[#1693]: https://github.com/bottlerocket-os/bottlerocket/pull/1693 - -# v1.1.4 (2021-07-23) - -## Security fixes - -* Update containerd to 1.4.8 ([#1661]) -* Update systemd to 247.8 ([#1662]) -* Update 5.4 and 5.10 kernels ([#1665]) -* Set permissions to root-only for /var/lib/systemd/random-seed ([#1656]) - -[#1656]: https://github.com/bottlerocket-os/bottlerocket/pull/1656 -[#1661]: https://github.com/bottlerocket-os/bottlerocket/pull/1661 -[#1662]: https://github.com/bottlerocket-os/bottlerocket/pull/1662 -[#1665]: https://github.com/bottlerocket-os/bottlerocket/pull/1665 - -# v1.1.3 (2021-07-12) - -Note: in the Bottlerocket v1.0.8 release, for the aws-k8s-1.20 and aws-k8s-1.21 variants, we set the default Kubernetes CPU manager policy to "static". -We heard from several users that this breaks usage of the Fluent Bit log processor. -In Bottlerocket v1.1.3, we've changed the default back to "none", but have added a setting so you can use the "static" policy if desired. -To do so, set `settings.kubernetes.cpu-manager-policy` to "static". -To do this in user data, for example, pass the following: - -```toml -[settings.kubernetes] -cpu-manager-policy = "static" -``` - -## OS Changes - -* Fix parsing of lists of values in domain name search field of DHCP option sets ([#1646], **thanks @hypnoce!**) -* Add setting for configuring Kubernetes CPU manager policy and reconcile policy ([#1638]) - -## Build Changes - -* Update SDK to 0.22.0 ([#1640]) -* Store build artifacts per architecture ([#1630]) - -## Documentation Changes - -* Update references to the ECS variant for GA release ([#1637]) - -[#1630]: https://github.com/bottlerocket-os/bottlerocket/pull/1630 -[#1637]: https://github.com/bottlerocket-os/bottlerocket/pull/1637 -[#1638]: https://github.com/bottlerocket-os/bottlerocket/pull/1638 -[#1640]: https://github.com/bottlerocket-os/bottlerocket/pull/1640 -[#1646]: https://github.com/bottlerocket-os/bottlerocket/pull/1646 - -# v1.1.2 (2021-06-25) - -With this release, the aws-ecs-1 variant has graduated from preview status and is now generally available. -It's been updated to include Docker 20.10. -The new [Bottlerocket ECS Updater](https://github.com/bottlerocket-os/bottlerocket-ecs-updater/) is available to help provide automated updates. -:tada: - -## OS Changes - -* Add aws-k8s-1.21 variant with Kubernetes 1.21 support ([#1612]) -* Add settings for configuring kubelet containerLogMaxFiles and containerLogMaxSize ([#1589]) (Thanks, @samjo-nyang!) -* Add settings for configuring kubelet systemReserved ([#1606]) -* Add kdump support, enabled by default in VMware variants ([#1596]) -* In host containers, allow mount propagations from privileged containers ([#1601]) -* Mark ipv6 lease as optional for eth0 ([#1602]) -* Add recommended device filters to open-vm-tools ([#1603]) -* In host container definitions, default "enabled" and "superpowered" to false ([#1580]) -* Allow pubsys refresh-repo to use default key path ([#1575]) -* Update default host containers ([#1609]) - -## Build Changes - -* Add grep package to all variants ([#1562]) -* Update Rust dependencies ([#1623], [#1574]) -* Update third-party packages ([#1619], [#1616], [#1625]) -* In GitHub Actions, pin rust toolchain to match version in SDK ([#1621]) -* Add imdsclient library for querying IMDS ([#1372], [#1598], [#1610]) -* Remove reqwest proxy workaround in metricdog and updog ([#1592]) -* Simplify conditional compilation in early-boot-config ([#1576]) -* Only build shibaken for aws variants ([#1591]) -* Silence tokio mut warning in thar-be-settings ([#1593]) -* Refactor package and variant dependencies ([#1549]) -* Add derive attributes at start of list in model-derive ([#1572]) -* Limit threads during pubsys validate-repo ([#1564]) - -## Documentation Changes - -* Document the deprecation of the aws-k8s-1.16 variant ([#1600]) -* Update README for VMware and add a QUICKSTART-VMWARE ([#1559]) -* Add ap-northeast-3 to supported region list ([#1566]) -* Add details about the two default Bottlerocket volumes to README ([#1588]) -* Document webpki-roots version in webpki-roots-shim ([#1565]) - -[#1372]: https://github.com/bottlerocket-os/bottlerocket/pull/1372 -[#1549]: https://github.com/bottlerocket-os/bottlerocket/pull/1549 -[#1559]: https://github.com/bottlerocket-os/bottlerocket/pull/1559 -[#1562]: https://github.com/bottlerocket-os/bottlerocket/pull/1562 -[#1564]: https://github.com/bottlerocket-os/bottlerocket/pull/1564 -[#1565]: https://github.com/bottlerocket-os/bottlerocket/pull/1565 -[#1566]: https://github.com/bottlerocket-os/bottlerocket/pull/1566 -[#1572]: https://github.com/bottlerocket-os/bottlerocket/pull/1572 -[#1574]: https://github.com/bottlerocket-os/bottlerocket/pull/1574 -[#1575]: https://github.com/bottlerocket-os/bottlerocket/pull/1575 -[#1576]: https://github.com/bottlerocket-os/bottlerocket/pull/1576 -[#1580]: https://github.com/bottlerocket-os/bottlerocket/pull/1580 -[#1588]: https://github.com/bottlerocket-os/bottlerocket/pull/1588 -[#1589]: https://github.com/bottlerocket-os/bottlerocket/pull/1589 -[#1591]: https://github.com/bottlerocket-os/bottlerocket/pull/1591 -[#1592]: https://github.com/bottlerocket-os/bottlerocket/pull/1592 -[#1593]: https://github.com/bottlerocket-os/bottlerocket/pull/1593 -[#1596]: https://github.com/bottlerocket-os/bottlerocket/pull/1596 -[#1598]: https://github.com/bottlerocket-os/bottlerocket/pull/1598 -[#1600]: https://github.com/bottlerocket-os/bottlerocket/pull/1600 -[#1601]: https://github.com/bottlerocket-os/bottlerocket/pull/1601 -[#1602]: https://github.com/bottlerocket-os/bottlerocket/pull/1602 -[#1603]: https://github.com/bottlerocket-os/bottlerocket/pull/1603 -[#1606]: https://github.com/bottlerocket-os/bottlerocket/pull/1606 -[#1609]: https://github.com/bottlerocket-os/bottlerocket/pull/1609 -[#1610]: https://github.com/bottlerocket-os/bottlerocket/pull/1610 -[#1612]: https://github.com/bottlerocket-os/bottlerocket/pull/1612 -[#1616]: https://github.com/bottlerocket-os/bottlerocket/pull/1616 -[#1619]: https://github.com/bottlerocket-os/bottlerocket/pull/1619 -[#1621]: https://github.com/bottlerocket-os/bottlerocket/pull/1621 -[#1623]: https://github.com/bottlerocket-os/bottlerocket/pull/1623 -[#1625]: https://github.com/bottlerocket-os/bottlerocket/pull/1625 - -# v1.1.1 (2021-05-19) - -## Security fixes - -* Patch runc for CVE-2021-30465 ([232c5741ecec][232c5741ecec]) - -[232c5741ecec]: https://github.com/bottlerocket-os/bottlerocket/commit/232c5741ecec1b903df3e56922bda03eecb2c02a - -# v1.1.0 (2021-05-07) - -## Deprecation Notice - -The Kubernetes 1.16 variant, `aws-k8s-1.16`, will lose support in July, 2021. -Kubernetes 1.16 is no longer receiving support upstream. -We recommend replacing `aws-k8s-1.16` nodes with a later variant, preferably `aws-k8s-1.19` if your cluster supports it. -See [this issue](https://github.com/bottlerocket-os/bottlerocket/issues/1552) for more details. - -## Important Notes - -### New variants with new defaults - -This release introduces two new variants, `aws-k8s-1.20` and `vmware-k8s-1.20`. -We plan for all new variants, including these, to contain the following changes: -* The kernel is Linux 5.10 rather than 5.4. -* The kernel lockdown mode is set to "integrity" rather than "none". - -The ECS preview variant, `aws-ecs-1`, has also been updated with these changes. - -Existing `aws-k8s` variants will not receive these changes as they could affect existing workloads. - -### ECS task networking - -The `aws-ecs-1` variant now supports the `awsvpc` mode of [ECS task networking](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-networking.html). -This allocates an elastic network interface and private IP address to each task. - -## OS Changes - -* Add Linux kernel 5.10 for use in new variants ([#1526]) -* Add aws-k8s-1.20 variant with Kubernetes 1.20 support ([#1437], [#1533]) -* Add vmware-k8s-1.20 variant with Kubernetes 1.20 for VMware ([#1511], [#1529], [#1523], [#1502], [#1554]) -* Remove aws-k8s-1.15 variant ([#1487], [#1492]) -* Constrain ephemeral port range ([#1560]) -* Support awsvpc networking mode in ECS ([#1246]) -* Add settings for QPS and burst limits of Kubernetes registry pulls, event records, and API ([#1527], [#1532], [#1541]) -* Add setting to allow configuration of Kubernetes TLS bootstrap ([#1485]) -* Add setting for configuring Kubernetes cloudProvider to allow usage outside AWS ([#1494]) -* Make Kubernetes cluster-dns-ip optional to support usage outside of AWS ([#1482]) -* Change parameters to support healthy CIS scan ([#1295]) (Thanks, @felipeac!) -* Generate stable machine IDs for VMware and ARM KVM guests ([#1506], [#1537]) -* Enable "integrity" kernel lockdown mode for aws-ecs-1 preview variant ([#1530]) -* Remove override for default service start timeout ([#1483]) -* Restrict access to bootstrap container user data with SELinux ([#1496]) -* Split SELinux policy rules for trusted subjects ([#1558]) -* Add symlink to allow usage of secrets store CSI drivers ([#1544]) -* Prevent bootstrap containers from restarting ([#1508]) -* Add udev rules to mount CD-ROM only when media is present ([#1516]) -* Add resize2fs binary to sbin ([#1519]) (Thanks, @samjo-nyang!) -* Only restart a host container if affected by settings change ([#1480]) -* Support file patterns when specifying log files in logdog ([#1509]) -* Daemonize thar-be-settings to avoid zombie processes ([#1507]) -* Add support for AWS region ap-northeast-3: Osaka ([#1504]) -* Generate pause container URI with standard template variables ([#1551]) -* Get cluster DNS IP from cluster when available ([#1547]) - -## Build Changes - -* Use kernel 5.10 in aws-ecs-1 variant ([#1555]) -* Build only the packages needed for the current variant ([#1408], [#1520]) -* Use a friendly name for VMware OVA files in build outputs ([#1535]) -* Update SDK to 0.21.0 ([#1497], [#1529]) -* Allow variants to specify extra kernel parameters ([#1491]) -* Move kernel console settings to variant definitions ([#1513]) -* Update vmw_backdoor dependency ([#1498]) (Thanks, @lucab!) -* Archive old migrations ([#1540]) -* Refactor default settings and containerd configs to shared files ([#1538], [#1542]) -* Check cargo version at start of build so we have a clear error when it's too low ([#1503]) -* Fix concurrency issue in validate-repo that led to hangs ([#1521]) -* Update third-party package dependencies ([#1543], [#1556]) -* Update Rust dependencies in the tools/ workspace ([#1548]) -* Update tokio-related Rust dependencies in the sources/ workspace ([#1479]) -* Add upstream runc patches addressing container scheduling failure ([#1546]) -* Retry builds on known BuildKit internal errors ([#1557], [#1561]) - -## Documentation Changes - -* Document the deprecation of the aws-k8s-1.15 variant ([#1476]) -* Document the need to quote most Kubernetes labels/taints ([#1550]) (Thanks, @ellistarn!) -* Fix VMware spelling and document user data sources ([#1534]) - -[#1246]: https://github.com/bottlerocket-os/bottlerocket/pull/1246 -[#1295]: https://github.com/bottlerocket-os/bottlerocket/pull/1295 -[#1408]: https://github.com/bottlerocket-os/bottlerocket/pull/1408 -[#1437]: https://github.com/bottlerocket-os/bottlerocket/pull/1437 -[#1476]: https://github.com/bottlerocket-os/bottlerocket/pull/1476 -[#1477]: https://github.com/bottlerocket-os/bottlerocket/pull/1477 -[#1479]: https://github.com/bottlerocket-os/bottlerocket/pull/1479 -[#1480]: https://github.com/bottlerocket-os/bottlerocket/pull/1480 -[#1482]: https://github.com/bottlerocket-os/bottlerocket/pull/1482 -[#1483]: https://github.com/bottlerocket-os/bottlerocket/pull/1483 -[#1485]: https://github.com/bottlerocket-os/bottlerocket/pull/1485 -[#1486]: https://github.com/bottlerocket-os/bottlerocket/pull/1486 -[#1487]: https://github.com/bottlerocket-os/bottlerocket/pull/1487 -[#1491]: https://github.com/bottlerocket-os/bottlerocket/pull/1491 -[#1492]: https://github.com/bottlerocket-os/bottlerocket/pull/1492 -[#1494]: https://github.com/bottlerocket-os/bottlerocket/pull/1494 -[#1496]: https://github.com/bottlerocket-os/bottlerocket/pull/1496 -[#1497]: https://github.com/bottlerocket-os/bottlerocket/pull/1497 -[#1498]: https://github.com/bottlerocket-os/bottlerocket/pull/1498 -[#1502]: https://github.com/bottlerocket-os/bottlerocket/pull/1502 -[#1503]: https://github.com/bottlerocket-os/bottlerocket/pull/1503 -[#1504]: https://github.com/bottlerocket-os/bottlerocket/pull/1504 -[#1506]: https://github.com/bottlerocket-os/bottlerocket/pull/1506 -[#1507]: https://github.com/bottlerocket-os/bottlerocket/pull/1507 -[#1508]: https://github.com/bottlerocket-os/bottlerocket/pull/1508 -[#1509]: https://github.com/bottlerocket-os/bottlerocket/pull/1509 -[#1511]: https://github.com/bottlerocket-os/bottlerocket/pull/1511 -[#1513]: https://github.com/bottlerocket-os/bottlerocket/pull/1513 -[#1516]: https://github.com/bottlerocket-os/bottlerocket/pull/1516 -[#1519]: https://github.com/bottlerocket-os/bottlerocket/pull/1519 -[#1520]: https://github.com/bottlerocket-os/bottlerocket/pull/1520 -[#1521]: https://github.com/bottlerocket-os/bottlerocket/pull/1521 -[#1523]: https://github.com/bottlerocket-os/bottlerocket/pull/1523 -[#1526]: https://github.com/bottlerocket-os/bottlerocket/pull/1526 -[#1527]: https://github.com/bottlerocket-os/bottlerocket/pull/1527 -[#1529]: https://github.com/bottlerocket-os/bottlerocket/pull/1529 -[#1530]: https://github.com/bottlerocket-os/bottlerocket/pull/1530 -[#1532]: https://github.com/bottlerocket-os/bottlerocket/pull/1532 -[#1533]: https://github.com/bottlerocket-os/bottlerocket/pull/1533 -[#1534]: https://github.com/bottlerocket-os/bottlerocket/pull/1534 -[#1535]: https://github.com/bottlerocket-os/bottlerocket/pull/1535 -[#1537]: https://github.com/bottlerocket-os/bottlerocket/pull/1537 -[#1538]: https://github.com/bottlerocket-os/bottlerocket/pull/1538 -[#1540]: https://github.com/bottlerocket-os/bottlerocket/pull/1540 -[#1541]: https://github.com/bottlerocket-os/bottlerocket/pull/1541 -[#1542]: https://github.com/bottlerocket-os/bottlerocket/pull/1542 -[#1543]: https://github.com/bottlerocket-os/bottlerocket/pull/1543 -[#1544]: https://github.com/bottlerocket-os/bottlerocket/pull/1544 -[#1546]: https://github.com/bottlerocket-os/bottlerocket/pull/1546 -[#1547]: https://github.com/bottlerocket-os/bottlerocket/pull/1547 -[#1548]: https://github.com/bottlerocket-os/bottlerocket/pull/1548 -[#1550]: https://github.com/bottlerocket-os/bottlerocket/pull/1550 -[#1551]: https://github.com/bottlerocket-os/bottlerocket/pull/1551 -[#1554]: https://github.com/bottlerocket-os/bottlerocket/pull/1554 -[#1555]: https://github.com/bottlerocket-os/bottlerocket/pull/1555 -[#1556]: https://github.com/bottlerocket-os/bottlerocket/pull/1556 -[#1557]: https://github.com/bottlerocket-os/bottlerocket/pull/1557 -[#1558]: https://github.com/bottlerocket-os/bottlerocket/pull/1558 -[#1560]: https://github.com/bottlerocket-os/bottlerocket/pull/1560 -[#1561]: https://github.com/bottlerocket-os/bottlerocket/pull/1561 - -# v1.0.8 (2021-04-12) - -## Deprecation Notice - -Bottlerocket 1.0.8 is the last release where we plan to support the Kubernetes 1.15 variant, `aws-k8s-1.15`. -Kubernetes 1.15 is no longer receiving support upstream. -We recommend replacing `aws-k8s-1.15` nodes with a later variant, preferably `aws-k8s-1.19` if your cluster supports it. -See [this issue](https://github.com/bottlerocket-os/bottlerocket/issues/1478) for more details. - -## OS Changes - -* Support additional kubelet arguments: kube-reserved, eviction-hard, cpu-manager-policy, and allow-unsafe-sysctls ([#1388], [#1472], [#1465]) -* Expand file and process restrictions in the SELinux policy ([#1464]) -* Add support for bootstrap containers ([#1387], [#1423]) -* Make host containers inherit proxy env vars ([#1432]) -* Allow gzip compression of user data ([#1366]) -* Add 'apply' mode to apiclient for applying settings from URIs ([#1391]) -* Add compat symlink for kubelet volume plugins ([#1417]) -* Remove bottlerocket.version attribute from ECS agent settings ([#1395]) -* Make Kubernetes taint values optional ([#1406]) -* Add guestinfo to available VMware user data retrieval methods ([#1393]) -* Include source of invalid base64 data in error messages ([#1469]) -* Update eni-max-pods data file ([#1468]) -* Update default host container versions ([#1443], [#1441], [#1466]) -* Fix avc denial for dbus-broker ([#1434]) -* Fix case of outputted JSON keys in host container user data ([#1439]) -* Set mode of host container persistent storage directory after creation ([#1463]) -* Add "current" persistent storage location for host containers ([#1416]) -* Write static-pods manifest to tempfile before persisting it ([#1409]) - -## Build Changes - -* Update default variant to aws-k8s-1.19 ([#1394]) -* Update third-party packages ([#1460]) -* Update Rust dependencies ([#1461], [#1462]) -* Update dependencies of host-ctr ([#1371]) -* Add support for specifying a variant's supported architectures ([#1431]) -* Build OVA packages and include them in repos ([#1428]) -* Add support for qcow2 as an image format ([#1425]) (Thanks, @mikalstill!) -* Prevent unneeded artifacts from being copied through build process ([#1426]) -* Change image format for vmware-dev variant to vmdk ([#1397]) -* Remove tough dependency from update_metadata ([#1390]) -* Remove generate_constants logic from build.rs of parse-datetime ([#1376]) -* In the tools workspace, update to tokio v1, reqwest v0.11, and tough v0.11 ([#1370]) -* Run static and non-static Rust builds in parallel ([#1368]) -* Disable CMDLINE_EXTEND kernel configuration ([#1473]) - -## Documentation Changes - -* Document metrics settings in README ([#1449]) -* Fix broken links for symlinked files in models README ([#1444]) -* Document `apiclient update` as primary CLI update method ([#1421]) -* Use `apiclient set` in introductory documentation, explain raw mode separately ([#1418]) -* Prefer resolve:ssm: parameters for simplicity in QUICKSTART ([#1363]) -* Update quickstart guides to have arm64 examples ([#1360]) -* Document the deprecation of the aws-k8s-1.15 variant ([#1476]) - -[#1360]: https://github.com/bottlerocket-os/bottlerocket/pull/1360 -[#1363]: https://github.com/bottlerocket-os/bottlerocket/pull/1363 -[#1366]: https://github.com/bottlerocket-os/bottlerocket/pull/1366 -[#1368]: https://github.com/bottlerocket-os/bottlerocket/pull/1368 -[#1370]: https://github.com/bottlerocket-os/bottlerocket/pull/1370 -[#1371]: https://github.com/bottlerocket-os/bottlerocket/pull/1371 -[#1376]: https://github.com/bottlerocket-os/bottlerocket/pull/1376 -[#1387]: https://github.com/bottlerocket-os/bottlerocket/pull/1387 -[#1388]: https://github.com/bottlerocket-os/bottlerocket/pull/1388 -[#1390]: https://github.com/bottlerocket-os/bottlerocket/pull/1390 -[#1391]: https://github.com/bottlerocket-os/bottlerocket/pull/1391 -[#1393]: https://github.com/bottlerocket-os/bottlerocket/pull/1393 -[#1394]: https://github.com/bottlerocket-os/bottlerocket/pull/1394 -[#1395]: https://github.com/bottlerocket-os/bottlerocket/pull/1395 -[#1397]: https://github.com/bottlerocket-os/bottlerocket/pull/1397 -[#1406]: https://github.com/bottlerocket-os/bottlerocket/pull/1406 -[#1409]: https://github.com/bottlerocket-os/bottlerocket/pull/1409 -[#1416]: https://github.com/bottlerocket-os/bottlerocket/pull/1416 -[#1417]: https://github.com/bottlerocket-os/bottlerocket/pull/1417 -[#1418]: https://github.com/bottlerocket-os/bottlerocket/pull/1418 -[#1421]: https://github.com/bottlerocket-os/bottlerocket/pull/1421 -[#1423]: https://github.com/bottlerocket-os/bottlerocket/pull/1423 -[#1425]: https://github.com/bottlerocket-os/bottlerocket/pull/1425 -[#1426]: https://github.com/bottlerocket-os/bottlerocket/pull/1426 -[#1428]: https://github.com/bottlerocket-os/bottlerocket/pull/1428 -[#1431]: https://github.com/bottlerocket-os/bottlerocket/pull/1431 -[#1432]: https://github.com/bottlerocket-os/bottlerocket/pull/1432 -[#1434]: https://github.com/bottlerocket-os/bottlerocket/pull/1434 -[#1439]: https://github.com/bottlerocket-os/bottlerocket/pull/1439 -[#1441]: https://github.com/bottlerocket-os/bottlerocket/pull/1441 -[#1443]: https://github.com/bottlerocket-os/bottlerocket/pull/1443 -[#1444]: https://github.com/bottlerocket-os/bottlerocket/pull/1444 -[#1449]: https://github.com/bottlerocket-os/bottlerocket/pull/1449 -[#1460]: https://github.com/bottlerocket-os/bottlerocket/pull/1460 -[#1461]: https://github.com/bottlerocket-os/bottlerocket/pull/1461 -[#1462]: https://github.com/bottlerocket-os/bottlerocket/pull/1462 -[#1463]: https://github.com/bottlerocket-os/bottlerocket/pull/1463 -[#1464]: https://github.com/bottlerocket-os/bottlerocket/pull/1464 -[#1465]: https://github.com/bottlerocket-os/bottlerocket/pull/1465 -[#1466]: https://github.com/bottlerocket-os/bottlerocket/pull/1466 -[#1468]: https://github.com/bottlerocket-os/bottlerocket/pull/1468 -[#1469]: https://github.com/bottlerocket-os/bottlerocket/pull/1469 -[#1472]: https://github.com/bottlerocket-os/bottlerocket/pull/1472 -[#1473]: https://github.com/bottlerocket-os/bottlerocket/pull/1473 -[#1476]: https://github.com/bottlerocket-os/bottlerocket/pull/1476 - -# v1.0.7 (2021-03-17) - -## Security fixes - -* containerd: update to 1.4.4 ([#1401]) - -## OS Changes - -* systemd: update to 247.4 to fix segfault in some cases ([#1400]) -* apiserver: reap exited child processes ([#1384]) -* host-ctr: specify non-colliding runc root ([#1359]) -* updog: update signal-hook dependency ([#1328]) - -[#1328]: https://github.com/bottlerocket-os/bottlerocket/pull/1328 -[#1359]: https://github.com/bottlerocket-os/bottlerocket/pull/1359 -[#1384]: https://github.com/bottlerocket-os/bottlerocket/pull/1384 -[#1400]: https://github.com/bottlerocket-os/bottlerocket/pull/1400 -[#1401]: https://github.com/bottlerocket-os/bottlerocket/pull/1401 - -# v1.0.6 (2021-03-02) - -## OS Changes - -* Add metricdog to support sending anonymous metrics ([#1006], [#1322]) -* Add a vmware-dev variant ([#1292], [#1288], [#1290]) -* Add Kubernetes static pods support ([#1317]) -* Add high-level 'set' subcommand for changing settings using apiclient ([#1278]) -* Allow admin container to use SSH public keys from user data ([#1331], [#1358], [#19]) -* Add support for kubelet in standalone mode and TLS auth ([#1338]) -* Add https-proxy and no-proxy settings to updog ([#1324]) -* Add support for pulling host-containers from ECR Public ([#1296]) -* Add network proxy support to aws-k8s-1.19 ([#1337]) -* Modify default SELinux label for containers to align with upstream ([#1318]) -* Add aliases for container-selinux types to align with community ([#1316]) -* Update default versions of admin and control containers ([#1347], [#1344]) -* Update ecs-agent to 1.50.2 ([#1353]) -* logdog: Add eni logs for Kubernetes ([#1327]) - -## Build Changes - -* Add the ability to output vmdk via qemu-img ([#1289]) -* Add support for kmod kits to ease building of third-party kernel modules ([#1287], [#1286], [#1285], [#1357]) -* storewolf: Declare dependencies on model and defaults files ([#1319]) -* storewolf: Refactor default settings files to allow sharing ([#1303], [#1329]) -* Switch from TermLogger to SimpleLogger ([#1282], **thanks @hencrice!**) -* Allow overriding the "pretty" name of the OS inside the image ([#1330]) -* Specify bash in link-variant task for use of bash features ([#1323]) -* Fix invalid symlinks when the BUILDSYS_NAME variable is set ([#1312]) -* Track and clean output files for builds ([#1291]) -* Update third-party software packages ([#1340], [#1336], [#1334], [#1333], [#1335], [#1190], [#1265], [#1315], [#1352], [#1356]) - -## Documentation Changes - -* Add lockdown notes to SECURITY_GUIDANCE.md ([#1281]) -* Clarify use case for update repos ([#1339]) -* Fix broken link from API docs to top-level docs ([#1306]) - -[#1006]: https://github.com/bottlerocket-os/bottlerocket/pull/1006 -[#1190]: https://github.com/bottlerocket-os/bottlerocket/pull/1190 -[#1265]: https://github.com/bottlerocket-os/bottlerocket/pull/1265 -[#1278]: https://github.com/bottlerocket-os/bottlerocket/pull/1278 -[#1281]: https://github.com/bottlerocket-os/bottlerocket/pull/1281 -[#1282]: https://github.com/bottlerocket-os/bottlerocket/pull/1282 -[#1285]: https://github.com/bottlerocket-os/bottlerocket/pull/1285 -[#1286]: https://github.com/bottlerocket-os/bottlerocket/pull/1286 -[#1287]: https://github.com/bottlerocket-os/bottlerocket/pull/1287 -[#1288]: https://github.com/bottlerocket-os/bottlerocket/pull/1288 -[#1289]: https://github.com/bottlerocket-os/bottlerocket/pull/1289 -[#1290]: https://github.com/bottlerocket-os/bottlerocket/pull/1290 -[#1291]: https://github.com/bottlerocket-os/bottlerocket/pull/1291 -[#1292]: https://github.com/bottlerocket-os/bottlerocket/pull/1292 -[#1296]: https://github.com/bottlerocket-os/bottlerocket/pull/1296 -[#1303]: https://github.com/bottlerocket-os/bottlerocket/pull/1303 -[#1306]: https://github.com/bottlerocket-os/bottlerocket/pull/1306 -[#1312]: https://github.com/bottlerocket-os/bottlerocket/pull/1312 -[#1315]: https://github.com/bottlerocket-os/bottlerocket/pull/1315 -[#1316]: https://github.com/bottlerocket-os/bottlerocket/pull/1316 -[#1317]: https://github.com/bottlerocket-os/bottlerocket/pull/1317 -[#1318]: https://github.com/bottlerocket-os/bottlerocket/pull/1318 -[#1319]: https://github.com/bottlerocket-os/bottlerocket/pull/1319 -[#1322]: https://github.com/bottlerocket-os/bottlerocket/pull/1322 -[#1323]: https://github.com/bottlerocket-os/bottlerocket/pull/1323 -[#1324]: https://github.com/bottlerocket-os/bottlerocket/pull/1324 -[#1327]: https://github.com/bottlerocket-os/bottlerocket/pull/1327 -[#1329]: https://github.com/bottlerocket-os/bottlerocket/pull/1329 -[#1330]: https://github.com/bottlerocket-os/bottlerocket/pull/1330 -[#1331]: https://github.com/bottlerocket-os/bottlerocket/pull/1331 -[#1333]: https://github.com/bottlerocket-os/bottlerocket/pull/1333 -[#1334]: https://github.com/bottlerocket-os/bottlerocket/pull/1334 -[#1335]: https://github.com/bottlerocket-os/bottlerocket/pull/1335 -[#1336]: https://github.com/bottlerocket-os/bottlerocket/pull/1336 -[#1337]: https://github.com/bottlerocket-os/bottlerocket/pull/1337 -[#1338]: https://github.com/bottlerocket-os/bottlerocket/pull/1338 -[#1339]: https://github.com/bottlerocket-os/bottlerocket/pull/1339 -[#1340]: https://github.com/bottlerocket-os/bottlerocket/pull/1340 -[#1344]: https://github.com/bottlerocket-os/bottlerocket/pull/1344 -[#1347]: https://github.com/bottlerocket-os/bottlerocket/pull/1347 -[#1352]: https://github.com/bottlerocket-os/bottlerocket/pull/1352 -[#1353]: https://github.com/bottlerocket-os/bottlerocket/pull/1353 -[#1356]: https://github.com/bottlerocket-os/bottlerocket/pull/1356 -[#1357]: https://github.com/bottlerocket-os/bottlerocket/pull/1357 -[#1358]: https://github.com/bottlerocket-os/bottlerocket/pull/1358 -[#19]: https://github.com/bottlerocket-os/bottlerocket-admin-container/pull/19 - -# v1.0.5 (2021-01-15) - -**Note for aws-ecs-1 variant**: due to a change in the ECS agent's data store schema, the aws-ecs-1 variant cannot be downgraded after updating to v1.0.5. -Attempts to downgrade may result in inconsistencies between ECS and the Bottlerocket container instance. - -## OS Changes - -* Add aws-k8s-1.19 variant with Kubernetes 1.19 ([#1256]) -* Update ecs-agent to 1.48.1 ([#1201]) -* Add high-level update subcommands to apiclient ([#1219], [#1232]) -* Add kernel lockdown settings ([#1223], [#1279]) -* Add restart-commands for docker, kubelet, containerd ([#1231], [#1262], [#1258]) -* Add proper restarts for host-containers ([#1230], [#1235], [#1242], [#1258]) -* Fix SELinux policy ([#1236]) -* Set version and revision strings for containerd ([#1248]) -* Add host-container user-data setting ([#1244], [#1247]) -* Add network proxy settings ([#1204], [#1262], [#1258]) -* Update kernel to 5.4.80-40.140 ([#1257]) -* Update third-party software packages ([#1264]) -* Update Rust dependencies ([#1267]) - -## Build Changes - -* Improve support for out-of-tree kernel modules ([#1220]) -* Fix message in partition size check condition ([#1233], **thanks @pranavek!**) -* Split the datastore module into its own crate ([#1249]) -* Update SDK to v0.15.0 ([#1263]) -* Update GitHub Actions to ignore changes that only include .md files ([#1274]) - -## Documentation Changes - -* Add documentation comments to Dockerfile ([#1254]) -* Add a note about CPU usage during builds ([#1266]) -* Update README to point to discussions ([#1273]) - -[#1201]: https://github.com/bottlerocket-os/bottlerocket/pull/1201 -[#1204]: https://github.com/bottlerocket-os/bottlerocket/pull/1204 -[#1219]: https://github.com/bottlerocket-os/bottlerocket/pull/1219 -[#1220]: https://github.com/bottlerocket-os/bottlerocket/pull/1220 -[#1223]: https://github.com/bottlerocket-os/bottlerocket/pull/1223 -[#1230]: https://github.com/bottlerocket-os/bottlerocket/pull/1230 -[#1231]: https://github.com/bottlerocket-os/bottlerocket/pull/1231 -[#1232]: https://github.com/bottlerocket-os/bottlerocket/pull/1232 -[#1233]: https://github.com/bottlerocket-os/bottlerocket/pull/1233 -[#1235]: https://github.com/bottlerocket-os/bottlerocket/pull/1235 -[#1236]: https://github.com/bottlerocket-os/bottlerocket/pull/1236 -[#1242]: https://github.com/bottlerocket-os/bottlerocket/pull/1242 -[#1244]: https://github.com/bottlerocket-os/bottlerocket/pull/1244 -[#1247]: https://github.com/bottlerocket-os/bottlerocket/pull/1247 -[#1248]: https://github.com/bottlerocket-os/bottlerocket/pull/1248 -[#1249]: https://github.com/bottlerocket-os/bottlerocket/pull/1249 -[#1254]: https://github.com/bottlerocket-os/bottlerocket/pull/1254 -[#1256]: https://github.com/bottlerocket-os/bottlerocket/pull/1256 -[#1257]: https://github.com/bottlerocket-os/bottlerocket/pull/1257 -[#1258]: https://github.com/bottlerocket-os/bottlerocket/pull/1258 -[#1259]: https://github.com/bottlerocket-os/bottlerocket/pull/1259 -[#1262]: https://github.com/bottlerocket-os/bottlerocket/pull/1262 -[#1263]: https://github.com/bottlerocket-os/bottlerocket/pull/1263 -[#1264]: https://github.com/bottlerocket-os/bottlerocket/pull/1264 -[#1266]: https://github.com/bottlerocket-os/bottlerocket/pull/1266 -[#1267]: https://github.com/bottlerocket-os/bottlerocket/pull/1267 -[#1273]: https://github.com/bottlerocket-os/bottlerocket/pull/1273 -[#1274]: https://github.com/bottlerocket-os/bottlerocket/pull/1274 -[#1279]: https://github.com/bottlerocket-os/bottlerocket/pull/1279 - -# v1.0.4 (2020-11-30) - -## Security fixes - -* Patch containerd for CVE-2020-15257 ([f3677c1406][f3677c1406]) - -[f3677c1406]: https://github.com/bottlerocket-os/bottlerocket/commit/f3677c1406139240d2bca6b275799953ced5a5f - -# v1.0.3 (2020-11-19) - -## OS Changes -* Support setting Linux kernel parameters (sysctl) via settings (see README) ([#1158], [#1171]) -* Create links under `/dev/disk/ephemeral` for ephemeral storage devices ([#1173]) -* Set default RLIMIT_NOFILE in CRI to 65536 soft limit and a 1048576 hard limit ([#1180]) -* Add rtcsync directive to chrony config file ([#1184], **thanks @errm!**) -* Add `/etc/ssl/certs` symlink to the CA certificate bundle for compatibility with the cluster autoscaler ([#1207]) -* Add procps dependency to docker-engine so that `docker top` works ([#1210]) - -## Build Changes -* Align optimization level for crate and dependency builds ([#1155]) -* pubsys no longer requires an Infra.toml file for basic usage ([#1166]) -* Makefile: Check that $BUILDSYS_ARCH has a supported value ([#1167]) -* Build migrations in parallel ([#1192]) -* Allow file URLs for role in pubsys-setup ([#1194]) -* Update Rust dependencies ([#1196]) -* Update SDK to v0.14.0 ([#1198]) -* Fix an occasional issue with KMS signing in pubsys ([#1205]) -* Backport selected fixes from containerd 1.4 ([#1216]) -* Update third-party package dependencies ([#1176], [#1195]) -* Switch to SDK v0.14.0 ([#1198]) - -## Documentation Changes -* Nits and fixes ([#1170], [#1179]) -* Add missing prerequisites for building Bottlerocket ([#1191]) - -[#1158]: https://github.com/bottlerocket-os/bottlerocket/pull/1158 -[#1171]: https://github.com/bottlerocket-os/bottlerocket/pull/1171 -[#1173]: https://github.com/bottlerocket-os/bottlerocket/pull/1173 -[#1176]: https://github.com/bottlerocket-os/bottlerocket/pull/1176 -[#1180]: https://github.com/bottlerocket-os/bottlerocket/pull/1180 -[#1184]: https://github.com/bottlerocket-os/bottlerocket/pull/1184 -[#1195]: https://github.com/bottlerocket-os/bottlerocket/pull/1195 -[#1207]: https://github.com/bottlerocket-os/bottlerocket/pull/1207 -[#1155]: https://github.com/bottlerocket-os/bottlerocket/pull/1155 -[#1166]: https://github.com/bottlerocket-os/bottlerocket/pull/1166 -[#1167]: https://github.com/bottlerocket-os/bottlerocket/pull/1167 -[#1192]: https://github.com/bottlerocket-os/bottlerocket/pull/1192 -[#1194]: https://github.com/bottlerocket-os/bottlerocket/pull/1194 -[#1196]: https://github.com/bottlerocket-os/bottlerocket/pull/1196 -[#1198]: https://github.com/bottlerocket-os/bottlerocket/pull/1198 -[#1205]: https://github.com/bottlerocket-os/bottlerocket/pull/1205 -[#1170]: https://github.com/bottlerocket-os/bottlerocket/pull/1170 -[#1179]: https://github.com/bottlerocket-os/bottlerocket/pull/1179 -[#1191]: https://github.com/bottlerocket-os/bottlerocket/pull/1191 -[#1210]: https://github.com/bottlerocket-os/bottlerocket/pull/1210 -[#1216]: https://github.com/bottlerocket-os/bottlerocket/pull/1216 -[#1198]: https://github.com/bottlerocket-os/bottlerocket/pull/1198 - -# v1.0.2 (2020-10-13) - -## Breaking changes (for build process only) - -* pubsys: automate setup of role and key ([#1133], [#1146]) -* Store repos under repo name so you can build multiple ([#1135]) - -**Note:** these changes do not impact users of Bottlerocket AMIs or repos, only those who build Bottlerocket themselves. -If you use an `Infra.toml` file to automate publishing, you'll need to update the format of the file. -The root role and signing key definitions now live inside a repo definition, rather than at the top level of the file. -Please see the updated [Infra.toml.example](tools/pubsys/Infra.toml.example) file for a commented explanation of the new role and key configuration. - -## OS changes - -* Add aws-k8s-1.18 variant with Kubernetes 1.18 ([#1150]) -* Update kernel to 5.4.50-25.83 ([#1148]) -* Update glibc to 2.32 ([#1092]) -* Add e2fsprogs ([#1147]) -* pluto: add regional map of pause container source accounts ([#1142]) -* Add option to enable spot instance draining ([#1100], **thanks @mkulke!**) -* Add 2.root.json + pubsys KMS support ([#1122]) -* docker: add default nofiles ulimits for containers ([#1119]) -* Fix AVC denial for`docker run --init` ([#1085]) - -## Build changes - -* Pass Go module proxy variables through docker-go ([#1121]) -* Set buildmode to pie and drop pie and debuginfo patches for Kubernetes ([#1103], **thanks @bnrjee!**) -* pubsys: use requested size for volume, keeping snapshot to minimum size ([#1118]) -* Switch to SDK v0.13.0 ([#1092]) -* Add `cargo make grant-ami` and `revoke-ami` tasks ([#1087]) -* Allow specifying AMI name with PUBLISH_AMI_NAME ([#1091]) -* Makefile.toml: clean up clean actions ([#1089]) -* pubsys: check for copied AMIs in parallel ([#1086]) - -## Documentation changes - -* Add PUBLISHING.md guide explaining pubsys and related tools ([#1138]) -* README: relocate update API instructions and example ([#1124], [#1127]) -* Fix grammar issues in README.md ([#1098], **thanks @jweissig!**) -* Add documentation for the aws-ecs-1 variant ([#1053]) -* Update suggested Kubernetes version in sample eksctl config files ([#1090]) -* Update BUILDING.md to incorporate dependencies ([#1107], **thanks @troyaws!**) - - -[#1053]: https://github.com/bottlerocket-os/bottlerocket/pull/1053 -[#1084]: https://github.com/bottlerocket-os/bottlerocket/pull/1084 -[#1085]: https://github.com/bottlerocket-os/bottlerocket/pull/1085 -[#1086]: https://github.com/bottlerocket-os/bottlerocket/pull/1086 -[#1087]: https://github.com/bottlerocket-os/bottlerocket/pull/1087 -[#1089]: https://github.com/bottlerocket-os/bottlerocket/pull/1089 -[#1090]: https://github.com/bottlerocket-os/bottlerocket/pull/1090 -[#1091]: https://github.com/bottlerocket-os/bottlerocket/pull/1091 -[#1092]: https://github.com/bottlerocket-os/bottlerocket/pull/1092 -[#1094]: https://github.com/bottlerocket-os/bottlerocket/pull/1094 -[#1098]: https://github.com/bottlerocket-os/bottlerocket/pull/1098 -[#1100]: https://github.com/bottlerocket-os/bottlerocket/pull/1100 -[#1103]: https://github.com/bottlerocket-os/bottlerocket/pull/1103 -[#1107]: https://github.com/bottlerocket-os/bottlerocket/pull/1107 -[#1109]: https://github.com/bottlerocket-os/bottlerocket/pull/1109 -[#1118]: https://github.com/bottlerocket-os/bottlerocket/pull/1118 -[#1119]: https://github.com/bottlerocket-os/bottlerocket/pull/1119 -[#1121]: https://github.com/bottlerocket-os/bottlerocket/pull/1121 -[#1122]: https://github.com/bottlerocket-os/bottlerocket/pull/1122 -[#1124]: https://github.com/bottlerocket-os/bottlerocket/pull/1124 -[#1127]: https://github.com/bottlerocket-os/bottlerocket/pull/1127 -[#1133]: https://github.com/bottlerocket-os/bottlerocket/pull/1133 -[#1135]: https://github.com/bottlerocket-os/bottlerocket/pull/1135 -[#1138]: https://github.com/bottlerocket-os/bottlerocket/pull/1138 -[#1142]: https://github.com/bottlerocket-os/bottlerocket/pull/1142 -[#1146]: https://github.com/bottlerocket-os/bottlerocket/pull/1146 -[#1147]: https://github.com/bottlerocket-os/bottlerocket/pull/1147 -[#1148]: https://github.com/bottlerocket-os/bottlerocket/pull/1148 -[#1149]: https://github.com/bottlerocket-os/bottlerocket/pull/1149 -[#1150]: https://github.com/bottlerocket-os/bottlerocket/pull/1150 - -# v1.0.1 (2020-09-03) - -## Security fixes - -* Patch kernel for CVE-2020-14386 ([#1108]) - -[#1108]: https://github.com/bottlerocket-os/bottlerocket/pull/1108 - -# v1.0.0 (2020-08-31) - -Welcome to Bottlerocket 1.0! -Since the first public preview, we've added new variants for Amazon ECS and Kubernetes 1.16 and 1.17, support for ARM instances and more EC2 regions, along with many new features and security improvements. -We appreciate all the feedback and contributions so far and look forward to working with the community on even wider support. - -:partying_face: :smile_cat: - -## Security fixes - -* Update to chrony 3.5.1 ([#1057]) -* Isolate host containers and limit access to API socket ([#1056]) - -## OS changes - -* The `aws-ecs-1` variant is now available as a preview. - * ecs-agent: upgrade to v1.43.0 ([#1043]) - * aws-ecs-1: add ecs.loglevel setting ([#1062]) - * aws-ecs-1: remove unsupported capabilities ([#1052]) - * aws-ecs-1: constrain ephemeral port range ([#1051]) - * aws-ecs-1: enable awslogs execution role support ([#1044]) - * ecs-agent: don't start if not configured ([#1049]) - * ecs-agent: bind introspection to localhost ([#1071]) - * Update logdog to pull ECS-related log files ([#1054]) - * Add documentation for the aws-ecs-1 variant ([#1053]) -* apiclient: accept -s for --socket-path, as per usage message ([#1069]) -* Fix growpart to avoid race in partition table reload ([#1058]) -* Added patch for EC2 IMDSv2 support in Docker ([#1055]) -* schnauzer: add a helper for ecr repos ([#1032]) - -## Build changes - -* Add `cargo make ami-public` and `ami-private` targets ([#1033], [#1065], [#1064]) -* Add `cargo make ssm` and `promote-ssm` targets for publishing parameters ([#1060], [#1070], [#1067], [#1066]) -* Use per-checkout cache directories for builds ([#1050]) -* Fix rust build caching and tune rpm compression ([#1045]) -* Add official builds in 16 more EC2 regions. ([aws/containers-roadmap#827](https://github.com/aws/containers-roadmap/issues/827)) - -## Documentation changes - -* Revise security guidance ([#1072]) -* README: add supported architectures ([#1048]) -* Update supported region list after 0.5.0 release ([#1046]) -* Removed aws-cli v1 requirement in docs ([#1073]) -* Update BUILDING.md for new coldsnap-based amiize.sh ([#1047]) - - -[#1073]: https://github.com/bottlerocket-os/bottlerocket/pull/1073 -[#1072]: https://github.com/bottlerocket-os/bottlerocket/pull/1072 -[#1071]: https://github.com/bottlerocket-os/bottlerocket/pull/1071 -[#1070]: https://github.com/bottlerocket-os/bottlerocket/pull/1070 -[#1069]: https://github.com/bottlerocket-os/bottlerocket/pull/1069 -[#1067]: https://github.com/bottlerocket-os/bottlerocket/pull/1067 -[#1066]: https://github.com/bottlerocket-os/bottlerocket/pull/1066 -[#1065]: https://github.com/bottlerocket-os/bottlerocket/pull/1065 -[#1064]: https://github.com/bottlerocket-os/bottlerocket/pull/1064 -[#1062]: https://github.com/bottlerocket-os/bottlerocket/pull/1062 -[#1060]: https://github.com/bottlerocket-os/bottlerocket/pull/1060 -[#1058]: https://github.com/bottlerocket-os/bottlerocket/pull/1058 -[#1057]: https://github.com/bottlerocket-os/bottlerocket/pull/1057 -[#1056]: https://github.com/bottlerocket-os/bottlerocket/pull/1056 -[#1055]: https://github.com/bottlerocket-os/bottlerocket/pull/1055 -[#1054]: https://github.com/bottlerocket-os/bottlerocket/pull/1054 -[#1053]: https://github.com/bottlerocket-os/bottlerocket/pull/1053 -[#1052]: https://github.com/bottlerocket-os/bottlerocket/pull/1052 -[#1051]: https://github.com/bottlerocket-os/bottlerocket/pull/1051 -[#1050]: https://github.com/bottlerocket-os/bottlerocket/pull/1050 -[#1049]: https://github.com/bottlerocket-os/bottlerocket/pull/1049 -[#1048]: https://github.com/bottlerocket-os/bottlerocket/pull/1048 -[#1047]: https://github.com/bottlerocket-os/bottlerocket/pull/1047 -[#1046]: https://github.com/bottlerocket-os/bottlerocket/pull/1046 -[#1045]: https://github.com/bottlerocket-os/bottlerocket/pull/1045 -[#1044]: https://github.com/bottlerocket-os/bottlerocket/pull/1044 -[#1043]: https://github.com/bottlerocket-os/bottlerocket/pull/1043 -[#1033]: https://github.com/bottlerocket-os/bottlerocket/pull/1033 -[#1032]: https://github.com/bottlerocket-os/bottlerocket/pull/1032 - - -# v0.5.0 (2020-08-14) - -Special thanks to first-time contributor @spoonofpower ([#988])! - -## Breaking changes - -* Remove support for unsigned datastore migrations ([#976]) - -## OS changes - -* Add `aws-ecs-1` variant prototype for running containers in ECS clusters ([#946], [#1005], [#1007], [#1008], [#1009], [#1017]) -* Configurable `clusterDomain` kubelet setting via `settings.kubernetes.cluster-domain` ([#988], [#1036]) -* Make update position within waves consistent ([#993]) -* Fix kubelet configuration for `MaxPods` ([#994]) -* Update `eni-max-pods` with new instance types ([#994]) -* Fix `max_versions` unit test in `updata` ([#998]) -* Remove injection of `label:disable` option for privileged containers in Docker ([#1013]) -* Add `policycoreutils` and related tools ([#1016]) -* Update third-party software packages ([#1018], [#1023], [#1025], [#1026]) -* Update Rust dependencies ([#1019], [#1021]) -* Update `host-ctr`'s dependencies ([#1020]) -* Update the host-containers' default versions ([#1030], [#1040]) -* Allow access to all device nodes for superpowered host-containers ([#1037]) - -## Build changes - -* Add `pubsys` (`cargo make repo`, `cargo make ami`) for repo and AMI creation ([#964], [#1010], [#1028], [#1034]) -* Require `updata init` before creating a new repo manifest ([#991]) -* Exclude README.md files from cargo change tracking ([#995], [#996]) -* Build `aws-k8s-1.17` variant by default with `cargo make` ([#1002]) -* Update comments to be more accurate in Infra.toml ([#1004]) -* Update `amiize` to use `coldsnap` ([#1012]) -* Update Bottlerocket SDK to v0.12.0 ([#1014]) -* Fix warnings for use of deprecated items in `common_migrations` ([#1022]) - -## Documentation changes - -* Removed instructions to manually apply the manifest for aws-vpc-cni-k8s ([#1029]) - -[#946]: https://github.com/bottlerocket-os/bottlerocket/pull/946 -[#964]: https://github.com/bottlerocket-os/bottlerocket/pull/964 -[#976]: https://github.com/bottlerocket-os/bottlerocket/pull/976 -[#988]: https://github.com/bottlerocket-os/bottlerocket/pull/988 -[#991]: https://github.com/bottlerocket-os/bottlerocket/pull/991 -[#993]: https://github.com/bottlerocket-os/bottlerocket/pull/993 -[#994]: https://github.com/bottlerocket-os/bottlerocket/pull/994 -[#995]: https://github.com/bottlerocket-os/bottlerocket/pull/995 -[#996]: https://github.com/bottlerocket-os/bottlerocket/pull/996 -[#998]: https://github.com/bottlerocket-os/bottlerocket/pull/998 -[#1002]: https://github.com/bottlerocket-os/bottlerocket/pull/1002 -[#1004]: https://github.com/bottlerocket-os/bottlerocket/pull/1004 -[#1005]: https://github.com/bottlerocket-os/bottlerocket/pull/1005 -[#1007]: https://github.com/bottlerocket-os/bottlerocket/pull/1007 -[#1008]: https://github.com/bottlerocket-os/bottlerocket/pull/1008 -[#1009]: https://github.com/bottlerocket-os/bottlerocket/pull/1009 -[#1010]: https://github.com/bottlerocket-os/bottlerocket/pull/1010 -[#1012]: https://github.com/bottlerocket-os/bottlerocket/pull/1012 -[#1013]: https://github.com/bottlerocket-os/bottlerocket/pull/1013 -[#1014]: https://github.com/bottlerocket-os/bottlerocket/pull/1014 -[#1016]: https://github.com/bottlerocket-os/bottlerocket/pull/1016 -[#1017]: https://github.com/bottlerocket-os/bottlerocket/pull/1017 -[#1018]: https://github.com/bottlerocket-os/bottlerocket/pull/1018 -[#1019]: https://github.com/bottlerocket-os/bottlerocket/pull/1019 -[#1020]: https://github.com/bottlerocket-os/bottlerocket/pull/1020 -[#1021]: https://github.com/bottlerocket-os/bottlerocket/pull/1021 -[#1022]: https://github.com/bottlerocket-os/bottlerocket/pull/1022 -[#1023]: https://github.com/bottlerocket-os/bottlerocket/pull/1023 -[#1025]: https://github.com/bottlerocket-os/bottlerocket/pull/1025 -[#1026]: https://github.com/bottlerocket-os/bottlerocket/pull/1026 -[#1028]: https://github.com/bottlerocket-os/bottlerocket/pull/1028 -[#1029]: https://github.com/bottlerocket-os/bottlerocket/pull/1029 -[#1030]: https://github.com/bottlerocket-os/bottlerocket/pull/1030 -[#1034]: https://github.com/bottlerocket-os/bottlerocket/pull/1034 -[#1036]: https://github.com/bottlerocket-os/bottlerocket/pull/1036 -[#1037]: https://github.com/bottlerocket-os/bottlerocket/pull/1037 -[#1040]: https://github.com/bottlerocket-os/bottlerocket/pull/1040 - -# v0.4.1 (2020-07-13) - -## Security fixes - -* Patch Kubernetes for CVE-2020-8558 ([#977]) -* Update `tough` to 0.7.1 to patch CVE-2020-15093 ([#979]) - -## OS changes - -* Add a new `aws-k8s-1.17` variant for Kubernetes 1.17 ([#973]) -* Confine `chrony`, `wicked`, and `dbus-broker` via SELinux, and persist their state to disk ([#970]) -* Persist `systemd` journal to disk ([#970]) -* Add an API for OS updates ([#942], [#959], [#986]) -* Add migration helpers to add / remove multiple settings at once ([#958]) -* Fix SELinux policy to allow CSI driver mounts and transition used by Kaniko ([#983]) -* Update to new repo URL via migration to ensure signed migration support ([#980]) - -## Build changes - -* Fix environment variable override for build output directory ([#963]) -* Update `.dockerignore` to account for the new build output directory structure ([#967]) -* Remove the `preview-docs` task from `Makefile` ([#969]) - -## Documentation changes - -* Document new update APIs and add associated diagrams ([#962]) -* Add `ap-south-1` to supported regions ([#965]) -* Fix `storewolf`'s documentation and usage message as it expects a semver value ([#957]) - -[#942]: https://github.com/bottlerocket-os/bottlerocket/pull/942 -[#957]: https://github.com/bottlerocket-os/bottlerocket/pull/957 -[#958]: https://github.com/bottlerocket-os/bottlerocket/pull/958 -[#959]: https://github.com/bottlerocket-os/bottlerocket/pull/959 -[#962]: https://github.com/bottlerocket-os/bottlerocket/pull/962 -[#963]: https://github.com/bottlerocket-os/bottlerocket/pull/963 -[#965]: https://github.com/bottlerocket-os/bottlerocket/pull/965 -[#967]: https://github.com/bottlerocket-os/bottlerocket/pull/967 -[#969]: https://github.com/bottlerocket-os/bottlerocket/pull/969 -[#970]: https://github.com/bottlerocket-os/bottlerocket/pull/970 -[#973]: https://github.com/bottlerocket-os/bottlerocket/pull/973 -[#977]: https://github.com/bottlerocket-os/bottlerocket/pull/977 -[#979]: https://github.com/bottlerocket-os/bottlerocket/pull/979 -[#980]: https://github.com/bottlerocket-os/bottlerocket/pull/980 -[#983]: https://github.com/bottlerocket-os/bottlerocket/pull/983 -[#986]: https://github.com/bottlerocket-os/bottlerocket/pull/986 - -# v0.4.0 (2020-06-25) - -## Breaking changes - -* Remove all permissive types from the SELinux policy ([#945]). Actions that were not allowed by the SELinux policy now fail instead of only being logged. - -## OS changes - -* Use update repository metadata and signatures to run settings migrations ([#930]) -* Mount debugfs in superpowered host containers, such as the admin container, to support tools like `bcc` and `bpftrace` ([#934]) -* Protect container snapshot layers in SELinux policy ([#935]) -* Add `POST /actions/reboot` API path ([#936]) -* Update `tough` to v0.6.0 ([#944]) -* Fix behavior of `signpost cancel-upgrade` ([#950]) -* Update to kernel 5.4.46 ([#953]) - -## Build changes - -* Canonicalize architecture names in amiize.sh ([#932]) -* Split build output directories by variant and architecture ([#948]) -* Move intermediate RPM output from `build/packages` to `build/rpms` ([#948]) -* Fix `chmod` usage for building on macOS ([#951]) - -## Documentation changes - -* Document platform-specific settings in README.md ([#941]) - -[#930]: https://github.com/bottlerocket-os/bottlerocket/pull/930 -[#932]: https://github.com/bottlerocket-os/bottlerocket/pull/932 -[#934]: https://github.com/bottlerocket-os/bottlerocket/pull/934 -[#935]: https://github.com/bottlerocket-os/bottlerocket/pull/935 -[#936]: https://github.com/bottlerocket-os/bottlerocket/pull/936 -[#941]: https://github.com/bottlerocket-os/bottlerocket/pull/941 -[#944]: https://github.com/bottlerocket-os/bottlerocket/pull/944 -[#945]: https://github.com/bottlerocket-os/bottlerocket/pull/945 -[#948]: https://github.com/bottlerocket-os/bottlerocket/pull/948 -[#950]: https://github.com/bottlerocket-os/bottlerocket/pull/950 -[#951]: https://github.com/bottlerocket-os/bottlerocket/pull/951 -[#953]: https://github.com/bottlerocket-os/bottlerocket/pull/953 - -# v0.3.4 (2020-05-27) - -## OS changes - -* Add a new Kubernetes 1.16 variant ([#919]) -* Use SELinux to restrict datastore modifications ([#917]) -* Add variant override to updog arguments ([#923]) - -## Build changes - -* Update systemd to v245 ([#916]) -* Update build SDK to v0.11.0 ([#926]) -* Allow specifying a start time for waves in updata ([#927]) -* Update `tough` dependencies to v0.5.0 ([#928]) - -[#916]: https://github.com/bottlerocket-os/bottlerocket/pull/916 -[#917]: https://github.com/bottlerocket-os/bottlerocket/pull/917 -[#919]: https://github.com/bottlerocket-os/bottlerocket/pull/919 -[#923]: https://github.com/bottlerocket-os/bottlerocket/pull/923 -[#926]: https://github.com/bottlerocket-os/bottlerocket/pull/926 -[#927]: https://github.com/bottlerocket-os/bottlerocket/pull/927 -[#928]: https://github.com/bottlerocket-os/bottlerocket/pull/928 - -# v0.3.3 (2020-05-14) - -## OS changes - -* Security: update kernel to 5.4.38 ([#924]) - -[#924]: https://github.com/bottlerocket-os/bottlerocket/pull/924 - -# v0.3.2 (2020-04-20) - -Special thanks to our first contributors, @inductor ([#853]), @smoser ([#871]), and @gliptak ([#870])! - -## OS changes - -* Update kernel to 5.4.20 ([#898]) -* Expand SELinux policy to include all classes and actions in 5.4 kernel ([#888]) -* Include error messages in apiserver error responses ([#897]) -* Add "logdog" to help users collect debug logs ([#880]) -* Include objtool in kernel-devel for compiling external modules ([#874]) -* Ignore termination signals in updog right before initiating reboot ([#869]) -* Pass `--containerd` flag to kubelet to specify containerd socket path, fixing some cAdvisor metrics ([#868]) -* Fix delay on reboot or power off ([#859]) -* Add `systemd.log_color=0` to remove ANSI color escapes from console log ([#836]) -* Reduce containerd logging when no errors have occurred ([#886]) -* Update admin container to v0.5.0 ([#903]) - -## Build changes - -* Set up GitHub Actions to test OS builds for PRs ([#837]) -* Update SDK to v0.10.1 ([#866]) -* Move built RPMs to `build/packages` ([#863]) -* Bump cargo-make to 0.30.0 ([#870]) -* Pass proxy environment variables through to docker containers ([#871]) -* Add parse-datetime crate ([#875]) -* Update third-party software packages ([#895]) -* Update Rust dependencies ([#896]) -* Remove unused Rust dependencies ([#894]) -* Add upstream fix for arm64 in coreutils ([#879]) -* Add ability to add waves using TOML files ([#883]) -* Add default wave files ([#881]) -* Fix migrations builds ([#906]) - -## Documentation changes - -* QUICKSTART: Clarify which setup is optional ([#902]) -* QUICKSTART: add easier setup instructions using new eksctl release ([#849]) -* QUICKSTART: add note about allowing SSH access ([#839]) -* QUICKSTART: add section on finding AMIs through SSM parameters ([#838]) -* QUICKSTART: Add supported region list ([73d120c9]) -* QUICKSTART: Add info about persistent volume CSI plugin ([#899]) -* QUICKSTART and README: Add appropriate ECR policy guidance ([#856]) -* README: Fix feedback link to point at existing section ([#833]) -* README: Add sentence about preview phase with feedback link ([#832]) -* README: Fixes and updates ([#831]) -* Update name of early-boot-config in API system diagram ([#840]) -* Fix updater README's reference to data store version ([#844]) -* Fix example wave files ([#908]) - -[#831]: https://github.com/bottlerocket-os/bottlerocket/pull/831 -[#832]: https://github.com/bottlerocket-os/bottlerocket/pull/832 -[#833]: https://github.com/bottlerocket-os/bottlerocket/pull/833 -[#836]: https://github.com/bottlerocket-os/bottlerocket/pull/836 -[#837]: https://github.com/bottlerocket-os/bottlerocket/pull/837 -[#838]: https://github.com/bottlerocket-os/bottlerocket/pull/838 -[#839]: https://github.com/bottlerocket-os/bottlerocket/pull/839 -[#840]: https://github.com/bottlerocket-os/bottlerocket/pull/840 -[#844]: https://github.com/bottlerocket-os/bottlerocket/pull/844 -[#849]: https://github.com/bottlerocket-os/bottlerocket/pull/849 -[#853]: https://github.com/bottlerocket-os/bottlerocket/pull/853 -[#856]: https://github.com/bottlerocket-os/bottlerocket/pull/856 -[#859]: https://github.com/bottlerocket-os/bottlerocket/pull/859 -[#860]: https://github.com/bottlerocket-os/bottlerocket/pull/860 -[#863]: https://github.com/bottlerocket-os/bottlerocket/pull/863 -[#866]: https://github.com/bottlerocket-os/bottlerocket/pull/866 -[#868]: https://github.com/bottlerocket-os/bottlerocket/pull/868 -[#869]: https://github.com/bottlerocket-os/bottlerocket/pull/869 -[#870]: https://github.com/bottlerocket-os/bottlerocket/pull/870 -[#871]: https://github.com/bottlerocket-os/bottlerocket/pull/871 -[#874]: https://github.com/bottlerocket-os/bottlerocket/pull/874 -[#875]: https://github.com/bottlerocket-os/bottlerocket/pull/875 -[#879]: https://github.com/bottlerocket-os/bottlerocket/pull/879 -[#880]: https://github.com/bottlerocket-os/bottlerocket/pull/880 -[#881]: https://github.com/bottlerocket-os/bottlerocket/pull/881 -[#883]: https://github.com/bottlerocket-os/bottlerocket/pull/883 -[#886]: https://github.com/bottlerocket-os/bottlerocket/pull/886 -[#888]: https://github.com/bottlerocket-os/bottlerocket/pull/888 -[#894]: https://github.com/bottlerocket-os/bottlerocket/pull/894 -[#895]: https://github.com/bottlerocket-os/bottlerocket/pull/895 -[#896]: https://github.com/bottlerocket-os/bottlerocket/pull/896 -[#897]: https://github.com/bottlerocket-os/bottlerocket/pull/897 -[#898]: https://github.com/bottlerocket-os/bottlerocket/pull/898 -[#899]: https://github.com/bottlerocket-os/bottlerocket/pull/899 -[#902]: https://github.com/bottlerocket-os/bottlerocket/pull/902 -[#903]: https://github.com/bottlerocket-os/bottlerocket/pull/903 -[#906]: https://github.com/bottlerocket-os/bottlerocket/pull/906 -[#908]: https://github.com/bottlerocket-os/bottlerocket/pull/908 -[73d120c9]: https://github.com/bottlerocket-os/bottlerocket/commit/73d120c9 - -# v0.3.1 (2020-03-10) - -## OS changes - -* Log migration errors to console ([#795]) -* Enable BTF debug info (`CONFIG_DEBUG_INFO_BTF`) ([#799]) -* Move migrations from private partition to data partition ([#818]) -* Add top-level model struct ([#824]) -* Update ca-certificates, cni-plugins, coreutils, dbus-broker, iproute, kmod, libcap, libxcrypt, ncurses, socat, and wicked ([#826]) - -## Build changes - -* Update Rust dependencies ([#798], [#806], [#809], [#810]) -* Add additional cleanup steps to amiize.sh ([#804]) -* Work around warnings for unused licenses ([#827]) - -## Documentation changes - -* Add [GLOSSARY.md](GLOSSARY.md), [SECURITY_FEATURES.md](SECURITY_FEATURES.md), and [SECURITY_GUIDANCE.md](SECURITY_GUIDANCE.md) ([#800], [#807], [#821]) -* Add additional information to top section of [README.md](README.md) ([#802]) -* Add license information to OpenAPI specification ([#803]) -* Add description of source mirroring ([#817]) -* Update [CHARTER.md](CHARTER.md) wording ([#823]) - -[#795]: https://github.com/bottlerocket-os/bottlerocket/pull/795 -[#798]: https://github.com/bottlerocket-os/bottlerocket/pull/798 -[#799]: https://github.com/bottlerocket-os/bottlerocket/pull/799 -[#800]: https://github.com/bottlerocket-os/bottlerocket/pull/800 -[#802]: https://github.com/bottlerocket-os/bottlerocket/pull/802 -[#803]: https://github.com/bottlerocket-os/bottlerocket/pull/803 -[#804]: https://github.com/bottlerocket-os/bottlerocket/pull/804 -[#806]: https://github.com/bottlerocket-os/bottlerocket/pull/806 -[#807]: https://github.com/bottlerocket-os/bottlerocket/pull/807 -[#809]: https://github.com/bottlerocket-os/bottlerocket/pull/809 -[#810]: https://github.com/bottlerocket-os/bottlerocket/pull/810 -[#817]: https://github.com/bottlerocket-os/bottlerocket/pull/817 -[#818]: https://github.com/bottlerocket-os/bottlerocket/pull/818 -[#821]: https://github.com/bottlerocket-os/bottlerocket/pull/821 -[#823]: https://github.com/bottlerocket-os/bottlerocket/pull/823 -[#824]: https://github.com/bottlerocket-os/bottlerocket/pull/824 -[#826]: https://github.com/bottlerocket-os/bottlerocket/pull/826 -[#827]: https://github.com/bottlerocket-os/bottlerocket/pull/827 - -# v0.3.0 (2020-02-27) - -Welcome to Bottlerocket! -Bottlerocket is the new name for the OS. - -In preparation for public preview, v0.3.0 includes a number of breaking changes that mean upgrades from previous versions are not possible. -This is not done lightly, but had to be done to accommodate all we've learned during private preview. - -## Breaking Changes - -* Rename to Bottlerocket ([#722], [#740]). -* Change partition labels to `BOTTLEROCKET-*` ([#726]). -* Switch to new updates repository URIs under `updates.bottlerocket.aws` ([#778]). -* Update Kubernetes to 1.15 ([#749]). -* Rename aws-k8s variant to aws-k8s-1.15 to enable versioning ([#785]). -* Update Linux kernel to 5.4.16-8.72.amzn2 ([#731]). -* Rename `settings.target-base-url` to `settings.targets-base-url` ([#788]). - -## OS Changes - -* Mount kernel modules and development headers into containers from a squashfs file on the host ([#701]). -* Include third-party licenses at `/usr/share/licenses` ([#723]). -* Add initial implementation of SELinux ([#683], [#724]). -* Support transactions in the API ([#715], [#727]). -* Add support for platform-specific settings like AWS region ([#636]). -* Support templated settings with new tool 'schnauzer' ([#637]). -* Generate container image URIs with parameterized regions using schnauzer ([#638]). -* Respect update release waves when using `updog check-updates` ([#615]). -* Fix an issue with failed updates through certain https connections ([#730]). -* Add support for EC2 IMDSv2 ([#705], [#706], [#709]). -* Remove update-checking boot service ([#772]). -* Remove old migrations and mitigations that no longer apply ([#774]). -* Add /os API to expose variant, arch, version, etc. ([#777]). -* Update host container packages ([#707]). -* Allow removing settings in migrations ([#644]). -* Create abstractions for creating common migrations ([#712], [#717]). -* Remove the datastore version, instead use Bottlerocket version ([#760]). -* Improve datastore migration naming convention and build migrations during cargo make ([#704], [#716]). -* Update dependencies of third-party packages in base OS ([#691], [#696], [#698], [#699], [#700], [#708], [#728], [#786]). -* Update dependencies of Rust packages ([#738], [#730]). -* Rename `moondog` to `early-boot-config` ([#757]). -* Update admin and control containers to v0.4.0 ([#789]). -* Update container runtime socket path to more common `/run/dockershim.sock` ([#796]) - -## Documentation - -* Add copyright statement and Bottlerocket license ([#746]). -* General documentation improvements ([#681], [#693], [#736], [#761], [#762]). -* Added READMEs for [packages](packages/) and [variants](variants/) ([#773]). -* Split INSTALL guide into BUILDING and QUICKSTART ([#780]). -* Update CNI plugin in documentation and conformance test scripts ([#739]). - -## Build Changes - -* General improvements to third-party license scanning ([#686], [#719], [#768]). -* Add policycoreutils, secilc, and squashfs-tools to SDK ([#678], [#690]). -* Update to Rust 1.41 and Go 1.13.8 ([#711], [#733]). -* Disallow upstream source fallback by default ([#735]). -* Move host, operator, and SDK containers to their own git repos ([#743], [#751], [#775]). - * [SDK Container](https://github.com/bottlerocket-os/bottlerocket-sdk) - * [Admin Container](https://github.com/bottlerocket-os/bottlerocket-admin-container) - * [Control Container](https://github.com/bottlerocket-os/bottlerocket-control-container) - * [Bottlerocket Update Operator](https://github.com/bottlerocket-os/bottlerocket-update-operator) -* Improve the syntax of migrations listed in Release.toml ([#687]). -* Add arm64 builds for host-containers ([#694]). -* Build stable image paths using symlinks in `build/latest/` ([#767]). -* Add a `set-migrations` subcommand to the `updata` tool ([#756]). -* Remove `rpm_crashtraceback` tag from go builds ([#779]). -* Rename built artifacts to specify variant before arch ([#776]). -* Update SDK to v0.9.0 ([#790]). -* Fix architecture conditional in glibc spec ([#787]). -* Rename the `workspaces` directory to `sources` and the `workspaces` package to `os`. ([#770]). - -[#615]: https://github.com/bottlerocket-os/bottlerocket/pull/615 -[#636]: https://github.com/bottlerocket-os/bottlerocket/pull/636 -[#637]: https://github.com/bottlerocket-os/bottlerocket/pull/637 -[#638]: https://github.com/bottlerocket-os/bottlerocket/pull/638 -[#644]: https://github.com/bottlerocket-os/bottlerocket/pull/644 -[#678]: https://github.com/bottlerocket-os/bottlerocket/pull/678 -[#681]: https://github.com/bottlerocket-os/bottlerocket/pull/681 -[#683]: https://github.com/bottlerocket-os/bottlerocket/pull/683 -[#686]: https://github.com/bottlerocket-os/bottlerocket/pull/686 -[#687]: https://github.com/bottlerocket-os/bottlerocket/pull/687 -[#690]: https://github.com/bottlerocket-os/bottlerocket/pull/690 -[#691]: https://github.com/bottlerocket-os/bottlerocket/pull/691 -[#693]: https://github.com/bottlerocket-os/bottlerocket/pull/693 -[#694]: https://github.com/bottlerocket-os/bottlerocket/pull/694 -[#696]: https://github.com/bottlerocket-os/bottlerocket/pull/696 -[#698]: https://github.com/bottlerocket-os/bottlerocket/pull/698 -[#699]: https://github.com/bottlerocket-os/bottlerocket/pull/699 -[#700]: https://github.com/bottlerocket-os/bottlerocket/pull/700 -[#701]: https://github.com/bottlerocket-os/bottlerocket/pull/701 -[#704]: https://github.com/bottlerocket-os/bottlerocket/pull/704 -[#705]: https://github.com/bottlerocket-os/bottlerocket/pull/705 -[#706]: https://github.com/bottlerocket-os/bottlerocket/pull/706 -[#707]: https://github.com/bottlerocket-os/bottlerocket/pull/707 -[#708]: https://github.com/bottlerocket-os/bottlerocket/pull/708 -[#709]: https://github.com/bottlerocket-os/bottlerocket/pull/709 -[#711]: https://github.com/bottlerocket-os/bottlerocket/pull/711 -[#712]: https://github.com/bottlerocket-os/bottlerocket/pull/712 -[#715]: https://github.com/bottlerocket-os/bottlerocket/pull/715 -[#716]: https://github.com/bottlerocket-os/bottlerocket/pull/716 -[#717]: https://github.com/bottlerocket-os/bottlerocket/pull/717 -[#719]: https://github.com/bottlerocket-os/bottlerocket/pull/719 -[#722]: https://github.com/bottlerocket-os/bottlerocket/pull/722 -[#723]: https://github.com/bottlerocket-os/bottlerocket/pull/723 -[#724]: https://github.com/bottlerocket-os/bottlerocket/pull/724 -[#726]: https://github.com/bottlerocket-os/bottlerocket/pull/726 -[#727]: https://github.com/bottlerocket-os/bottlerocket/pull/727 -[#728]: https://github.com/bottlerocket-os/bottlerocket/pull/728 -[#730]: https://github.com/bottlerocket-os/bottlerocket/pull/730 -[#731]: https://github.com/bottlerocket-os/bottlerocket/pull/731 -[#733]: https://github.com/bottlerocket-os/bottlerocket/pull/733 -[#735]: https://github.com/bottlerocket-os/bottlerocket/pull/735 -[#736]: https://github.com/bottlerocket-os/bottlerocket/pull/736 -[#738]: https://github.com/bottlerocket-os/bottlerocket/pull/738 -[#739]: https://github.com/bottlerocket-os/bottlerocket/pull/739 -[#740]: https://github.com/bottlerocket-os/bottlerocket/pull/740 -[#743]: https://github.com/bottlerocket-os/bottlerocket/pull/743 -[#746]: https://github.com/bottlerocket-os/bottlerocket/pull/746 -[#749]: https://github.com/bottlerocket-os/bottlerocket/pull/749 -[#751]: https://github.com/bottlerocket-os/bottlerocket/pull/751 -[#756]: https://github.com/bottlerocket-os/bottlerocket/pull/756 -[#757]: https://github.com/bottlerocket-os/bottlerocket/pull/757 -[#758]: https://github.com/bottlerocket-os/bottlerocket/pull/758 -[#760]: https://github.com/bottlerocket-os/bottlerocket/pull/760 -[#761]: https://github.com/bottlerocket-os/bottlerocket/pull/761 -[#762]: https://github.com/bottlerocket-os/bottlerocket/pull/762 -[#767]: https://github.com/bottlerocket-os/bottlerocket/pull/767 -[#768]: https://github.com/bottlerocket-os/bottlerocket/pull/768 -[#770]: https://github.com/bottlerocket-os/bottlerocket/pull/770 -[#772]: https://github.com/bottlerocket-os/bottlerocket/pull/772 -[#773]: https://github.com/bottlerocket-os/bottlerocket/pull/773 -[#774]: https://github.com/bottlerocket-os/bottlerocket/pull/774 -[#775]: https://github.com/bottlerocket-os/bottlerocket/pull/775 -[#776]: https://github.com/bottlerocket-os/bottlerocket/pull/776 -[#777]: https://github.com/bottlerocket-os/bottlerocket/pull/777 -[#778]: https://github.com/bottlerocket-os/bottlerocket/pull/778 -[#779]: https://github.com/bottlerocket-os/bottlerocket/pull/779 -[#780]: https://github.com/bottlerocket-os/bottlerocket/pull/780 -[#782]: https://github.com/bottlerocket-os/bottlerocket/pull/782 -[#785]: https://github.com/bottlerocket-os/bottlerocket/pull/785 -[#786]: https://github.com/bottlerocket-os/bottlerocket/pull/786 -[#787]: https://github.com/bottlerocket-os/bottlerocket/pull/787 -[#788]: https://github.com/bottlerocket-os/bottlerocket/pull/788 -[#789]: https://github.com/bottlerocket-os/bottlerocket/pull/789 -[#790]: https://github.com/bottlerocket-os/bottlerocket/pull/790 -[#796]: https://github.com/bottlerocket-os/bottlerocket/pull/796 - -# v0.2.1 (2020-01-20) - -## OS changes - -* Make `signpost` usage clearer to avoid updating into empty partition ([#444]). -* Fix handling of wave bounds in `updog` that could result in seeing an update but not accepting it ([#539]). -* Add support for query parameters in repo requests to allow for basic telemetry ([#542]). -* Enable support for SELinux in OS packages (not yet enforcing) ([#579]). -* Make grub reboot when config or kernel loading fails so it can try other partition sets ([#585]). -* Add support for image "variants" with separate API models ([#578], [#588], [#589], [#591], [#597], [#613], [#625], [#626], [#627], [#653]). - The default variant is "aws-k8s" for Kubernetes usage, and an "aws-dev" variant can be built that has a local Docker daemon and debug tools. -* Remove unused cri-tools package ([#602]). -* Update Linux kernel to 4.19.75-28.73.amzn2 ([#622]). -* Make containerd.service stop containerd-shims to fix shutdown/reboot delay ([#652]). -* Ensure `updog` only removes known extensions from migration filenames ([#662]). -* Add OS version to "pretty name" so it's visible in console log ([#663]). - -## Documentation changes - -* Reorganize "getting started" documentation for clarity ([#581]). -* Fix formatting of kube-proxy options in install guide ([#584]). -* Specify compatible cargo-deny version in install guide ([#631]). -* Fix typos and improve clarity of install guide ([#639]). - -## Build changes - -* Add scripts to ease Kubernetes conformance testing through Sonobuoy ([#530]). -* Add release metadata file to be used in future automation ([#556], [#594]). -* Update dependencies of third-party packages in base OS ([#595]). -* Update dependencies of Rust packages ([#598]). -* Update SDK container to include Rust 1.40.0, GCC 9.2, and other small fixes ([#603], [#628]). -* Fix aarch64 build failure for libcap ([#621]). -* Add initial container definitions and scripts for CI process ([#619], [#624], [#633], [#646], [#647], [#651], [#654], [#658]). - -[#444]: ../../pull/444 -[#530]: ../../pull/530 -[#539]: ../../pull/539 -[#542]: ../../pull/542 -[#556]: ../../pull/556 -[#578]: ../../pull/578 -[#579]: ../../pull/579 -[#581]: ../../pull/581 -[#584]: ../../pull/584 -[#585]: ../../pull/585 -[#588]: ../../pull/588 -[#589]: ../../pull/589 -[#591]: ../../pull/591 -[#594]: ../../pull/594 -[#595]: ../../pull/595 -[#597]: ../../pull/597 -[#598]: ../../pull/598 -[#602]: ../../pull/602 -[#603]: ../../pull/603 -[#613]: ../../pull/613 -[#619]: ../../pull/619 -[#621]: ../../pull/621 -[#622]: ../../pull/622 -[#624]: ../../pull/624 -[#625]: ../../pull/625 -[#626]: ../../pull/626 -[#627]: ../../pull/627 -[#628]: ../../pull/628 -[#631]: ../../pull/631 -[#633]: ../../pull/633 -[#639]: ../../pull/639 -[#646]: ../../pull/646 -[#647]: ../../pull/647 -[#651]: ../../pull/651 -[#652]: ../../pull/652 -[#653]: ../../pull/653 -[#654]: ../../pull/654 -[#658]: ../../pull/658 -[#662]: ../../pull/662 -[#663]: ../../pull/663 - -# v0.2.0 (2019-12-09) - -## Breaking changes - -* Several settings now have added validation for their contents. Upgrades from v0.1 that use invalid settings values will result in a broken system. - * Host container names (e.g. `admin` in `settings.host-containers.admin`) are restricted to ASCII alphanumeric characters and hyphens ([#450]). - * `settings.kubernetes.api-server`, `settings.updates.metadata-base-url` and `target-base-url`, `settings.host-containers.*.sources`, and `settings.ntp.time-servers` are now validated to be URIs ([#549]). - * `settings.kubernetes.cluster_name`, `settings.kubernetes.node-labels`, and `settings.kubernetes.node-taints` are now verified to fit Kubernetes naming conventions ([#549]). - * Most settings values disallow multi-line strings ([#453], [#483]). -* Additional characters are permitted in API keys; for example, dots and slashes in Kubernetes labels. Downgrades from v0.2 that use dots and slashes in API keys will result in a broken system ([#511]). - -## OS changes - -* Add `dogswatch`, a Kubernetes operator for managing OS upgrades ([#239]). -* More accurately represent data type of update seed ([#430]). -* Retry host container pulls with exponential backoff ([#433]). -* Better model startup dependencies in systemd units ([#442]). -* Enable panic on disk corruption detected with dm_verity ([#445]). -* Add persistent storage for host containers, mapped to `/.bottlerocket/host-containers/[CONTAINER_NAME]` ([#450], [#555]). -* Persist SSH host keys for admin container ([#450]). -* Use admin container v0.2 by default ([#450], [#536]). -* Use control container v0.2 by default ([#472], [#536]). -* Print most critical errors to the console to aid debugging ([#476], [#479], [#546]). -* Update Linux kernel to 4.19.75-27.58.amzn2 ([#478]). -* Updated partitions are marked `successful` after services start ([#481]). -* Kernel config is available at `/proc/config.gz` ([#482]). -* Prepare `tough` for separate release, including: - * Allow library consumers to override the transport mechanism ([#488]). - * Merge `tough_schema` back into `tough` ([#496]). - * Add locking around tough datastore write operations ([#497]). -* Simplify representation of default metadata ([#491]). -* `apiclient` (available via the host containers) exits non-zero on HTTP response errors ([#498]). -* `apiclient` builds as a static binary ([#552]). -* `/proc/kheaders.tar.xz` is enabled in the kernel ([#557]). -* `settings-committer` no longer errors at boot when there are no changes to commit ([#559]). -* `migrator` and `updog` set migrations executable before running to work around a v0.1.6 bug ([#561], [#567]). - -## Documentation changes - -* Document how to use Bottlerocket's default for the `nf_conntrack_max` kernel parameter when using `kube-proxy` ([#391]). -* Fix example user data for enabling admin container ([#448]). -* Update build documentation for using Docker instead of `buildkitd` ([#506]). -* Update recommended CNI plugin version ([#507]). -* Document `settings.ntp.time-servers` ([#550]). -* Update INSTALL.md to use the instance role created by `eksctl` instead of creating a new one ([#569]). - -## Build changes - -* Add `updata` tool, which builds update repository metadata ([#265]). -* Create versioned symlinks to output images ([#434]). -* Add code and CloudFormation template for TUF repository canary ([#490]). -* Move the TUF client library, `tough`, to [its own repository](https://github.com/awslabs/tough) and [crates.io packages](https://crates.io/crates/tough) ([#499]). -* Remove build dependency on the BuildKit daemon ([#506]). -* Switch to SDK container as toolchain for builds, rather than requiring local build of toolchain ([#525]). -* Turn `buildsys` into a binary and remove the `cascade` feature ([#562]). - -[#239]: ../../pull/239 -[#265]: ../../pull/265 -[#391]: ../../pull/391 -[#430]: ../../pull/430 -[#433]: ../../pull/433 -[#434]: ../../pull/434 -[#442]: ../../pull/442 -[#445]: ../../pull/445 -[#448]: ../../pull/448 -[#450]: ../../pull/450 -[#453]: ../../pull/453 -[#472]: ../../pull/472 -[#476]: ../../pull/476 -[#478]: ../../pull/478 -[#479]: ../../pull/479 -[#481]: ../../pull/481 -[#482]: ../../pull/482 -[#483]: ../../pull/483 -[#488]: ../../pull/488 -[#490]: ../../pull/490 -[#491]: ../../pull/491 -[#496]: ../../pull/496 -[#497]: ../../pull/497 -[#498]: ../../pull/498 -[#499]: ../../pull/499 -[#506]: ../../pull/506 -[#507]: ../../pull/507 -[#511]: ../../pull/511 -[#525]: ../../pull/525 -[#536]: ../../pull/536 -[#546]: ../../pull/546 -[#549]: ../../pull/549 -[#550]: ../../pull/550 -[#552]: ../../pull/552 -[#555]: ../../pull/555 -[#557]: ../../pull/557 -[#559]: ../../pull/559 -[#561]: ../../pull/561 -[#562]: ../../pull/562 -[#567]: ../../pull/567 -[#569]: ../../pull/569 - -# v0.1.6 (2019-10-21) - -## OS changes - -* The system fetches the pause container from ECR before starting `kubelet` ([#382]). -* New settings: `settings.kubernetes.node-labels` and `settings.kubernetes.node-taints` ([#390], [#408]). -* The control container has an `enable-admin-container` helper ([#405], [#413]). Made default in v0.2.0 ([#472]). -* Rust dependencies updated ([#410]). -* `thar-be-settings` added trace-level messages in the client module ([#411]). -* `updog` no longer checks for migrations from new root images ([#416]). -* `pluto` was cleaned up to create an HTTP connection more consistently ([#419]). -* Settings that are usually generated may have defaults, and `settings.kubernetes.max-pods` defaults to `110` if the EC2 instance type cannot be determined ([#420]). -* The admin container MOTD is clearer about where the host's filesystem is mounted ([#424]). -* `block-party` (used in `growpart` and `signpost`) errors are better structured ([#425]). -* `thar-be-settings` logs render errors when running in `--all` mode ([#427]). -* [Recommended `sysctl` settings from the Kernel Self Protection Project](https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project/Recommended_Settings#sysctls) are now used ([#435]). -* `acpid` is enabled by default to handle power button signals sent by EC2 on stop/restart/terminate events ([#437]). -* `host-ctr` correctly fetches images from non-ECR registries ([#439]; this regression occurred after v0.1.5). - -## Build changes - -* amiize uses a short connection timeout when testing SSH connectivity ([#409]). -* `tuftool` only downloads an arbitrary `root.json` with `--allow-root-download` ([#421]). -* BuildKit updated to v0.6.2 ([#423], [#429]). -* First-party Rust code is built in the same `rpmbuild` invocation to improve build times ([#428]). -* `tuftool` correctly uses the `--timestamp-{version,expires}` arguments instead of the `--snapshot-{version,expires}` arguments in the timestamp role ([#438]). -* `tuftool` accepts relative dates ([#438]). - -## Documentation changes - -* The `sources/updater` crates are better documented ([#381]). -* INSTALL.md's subnet selection documentation is improved ([#422]). - -[#381]: ../../pull/381 -[#382]: ../../pull/382 -[#390]: ../../pull/390 -[#405]: ../../pull/405 -[#408]: ../../pull/408 -[#409]: ../../pull/409 -[#410]: ../../pull/410 -[#411]: ../../pull/411 -[#413]: ../../pull/413 -[#416]: ../../pull/416 -[#419]: ../../pull/419 -[#420]: ../../pull/420 -[#421]: ../../pull/421 -[#422]: ../../pull/422 -[#423]: ../../pull/423 -[#424]: ../../pull/424 -[#425]: ../../pull/425 -[#427]: ../../pull/427 -[#428]: ../../pull/428 -[#429]: ../../pull/429 -[#435]: ../../pull/435 -[#437]: ../../pull/437 -[#438]: ../../pull/438 -[#439]: ../../pull/439 diff --git a/CHARTER.md b/CHARTER.md deleted file mode 100644 index 712e89ebd..000000000 --- a/CHARTER.md +++ /dev/null @@ -1,32 +0,0 @@ -# Bottlerocket Charter - -## Tenets (unless you know better ones) - -These tenets guide Bottlerocket's development. -They let you know what we value and what we're working toward, even if not every feature is ready yet. - -### Secure - -Bottlerocket is **secure** so it can become a quiet piece of a platform you trust. -It uses a variety of mechanisms to provide defense-in-depth, and enables automatic updates by default. -It protects itself from persistent threats. -It enables kernel features that allow users to assert their own policies for locking down workloads. - -### Open - -Bottlerocket is **open** because the best OS can only be built through collaboration. -It is developed in full view of the world using open source tools and public infrastructure services. -It is not a Kubernetes distro, nor an Amazon distro. -We obsess over shared components like the kernel, and work within the community to support new orchestrators and platforms. - -### Small - -Bottlerocket is **small** because a few big ideas scale better than many small ones. -It includes only the core set of components needed for development and for use at runtime. -Anything we ship, we must be prepared to fix, so our goal is to ship as little as possible while staying useful. - -### Simple - -Bottlerocket is **simple** because simple lasts. -Users can pick the image they want, tweak a handful of settings, and then forget about it. -We favor settings that convey high-level intent over those that provide low-level control over specific details, because it is easier to preserve intent across months and years of automatic updates. diff --git a/variants/Cargo.lock b/Cargo.lock similarity index 68% rename from variants/Cargo.lock rename to Cargo.lock index a8fa849aa..ba3489599 100644 --- a/variants/Cargo.lock +++ b/Cargo.lock @@ -17,321 +17,154 @@ dependencies = [ ] [[package]] -name = "aws-dev" +name = "aws-iam-authenticator" version = "0.1.0" dependencies = [ - "chrony", - "docker-cli", - "docker-engine", - "docker-init", - "iputils", - "kernel-6_1", - "login", - "release", - "socat", - "soci-snapshotter", - "strace", + "glibc", ] [[package]] -name = "aws-ecs-1" +name = "aws-signing-helper" version = "0.1.0" dependencies = [ - "docker-cli", - "docker-engine", - "docker-init", - "ecs-agent", - "kernel-5_10", - "release", + "glibc", ] [[package]] -name = "aws-ecs-1-nvidia" +name = "bash" version = "0.1.0" dependencies = [ - "docker-cli", - "docker-engine", - "docker-init", - "ecs-agent", - "ecs-gpu-init", - "kernel-5_10", - "kmod-5_10-nvidia", - "nvidia-container-toolkit", - "release", + "glibc", + "libncurses", + "readline", ] [[package]] -name = "aws-ecs-2" +name = "binutils" version = "0.1.0" dependencies = [ - "docker-cli", - "docker-engine", - "docker-init", - "ecs-agent", - "kernel-6_1", - "release", + "glibc", + "libz", ] [[package]] -name = "aws-ecs-2-nvidia" +name = "bottlerocket-core-kit" version = "0.1.0" dependencies = [ + "acpid", + "amazon-ssm-agent", + "aws-iam-authenticator", + "aws-signing-helper", + "bash", + "binutils", + "chrony", + "cni", + "cni-plugins", + "conntrack-tools", + "containerd", + "coreutils", + "dbus-broker", "docker-cli", "docker-engine", "docker-init", + "e2fsprogs", + "early-boot-config", + "ecr-credential-provider", + "ecr-credential-provider-1_27", + "ecr-credential-provider-1_29", + "ecr-credential-provider-1_30", "ecs-agent", "ecs-gpu-init", - "kernel-6_1", - "kmod-6_1-nvidia", - "nvidia-container-toolkit", - "release", -] - -[[package]] -name = "aws-iam-authenticator" -version = "0.1.0" -dependencies = [ + "ethtool", + "filesystem", + "findutils", "glibc", -] - -[[package]] -name = "aws-k8s-1_23" -version = "0.1.0" -dependencies = [ - "aws-iam-authenticator", - "cni", - "cni-plugins", - "kernel-5_10", - "kubernetes-1_23", - "release", -] - -[[package]] -name = "aws-k8s-1_23-nvidia" -version = "0.1.0" -dependencies = [ - "aws-iam-authenticator", - "cni", - "cni-plugins", + "grep", + "grub", + "host-ctr", + "iproute", + "iptables", + "iputils", "kernel-5_10", - "kmod-5_10-nvidia", - "kubernetes-1_23", - "nvidia-container-toolkit", - "nvidia-k8s-device-plugin", - "release", -] - -[[package]] -name = "aws-k8s-1_24" -version = "0.1.0" -dependencies = [ - "aws-iam-authenticator", - "cni", - "cni-plugins", - "kernel-5_15", - "kubernetes-1_24", - "release", -] - -[[package]] -name = "aws-k8s-1_24-nvidia" -version = "0.1.0" -dependencies = [ - "aws-iam-authenticator", - "cni", - "cni-plugins", "kernel-5_15", + "kernel-6_1", + "kexec-tools", + "keyutils", + "kmod", + "kmod-5_10-nvidia", "kmod-5_15-nvidia", + "kmod-6_1-nvidia", + "kubernetes-1_23", "kubernetes-1_24", - "nvidia-container-toolkit", - "nvidia-k8s-device-plugin", - "release", -] - -[[package]] -name = "aws-k8s-1_25" -version = "0.1.0" -dependencies = [ - "aws-iam-authenticator", - "cni", - "cni-plugins", - "kernel-5_15", "kubernetes-1_25", - "release", -] - -[[package]] -name = "aws-k8s-1_25-nvidia" -version = "0.1.0" -dependencies = [ - "aws-iam-authenticator", - "cni", - "cni-plugins", - "kernel-5_15", - "kmod-5_15-nvidia", - "kubernetes-1_25", - "nvidia-container-toolkit", - "nvidia-k8s-device-plugin", - "release", -] - -[[package]] -name = "aws-k8s-1_26" -version = "0.1.0" -dependencies = [ - "aws-iam-authenticator", - "cni", - "cni-plugins", - "kernel-5_15", - "kubernetes-1_26", - "release", -] - -[[package]] -name = "aws-k8s-1_26-nvidia" -version = "0.1.0" -dependencies = [ - "aws-iam-authenticator", - "cni", - "cni-plugins", - "kernel-5_15", - "kmod-5_15-nvidia", "kubernetes-1_26", - "nvidia-container-toolkit", - "nvidia-k8s-device-plugin", - "release", -] - -[[package]] -name = "aws-k8s-1_27" -version = "0.1.0" -dependencies = [ - "aws-iam-authenticator", - "cni", - "cni-plugins", - "kernel-5_15", - "kubernetes-1_27", - "release", -] - -[[package]] -name = "aws-k8s-1_27-nvidia" -version = "0.1.0" -dependencies = [ - "aws-iam-authenticator", - "cni", - "cni-plugins", - "kernel-5_15", - "kmod-5_15-nvidia", "kubernetes-1_27", - "nvidia-container-toolkit", - "nvidia-k8s-device-plugin", - "release", -] - -[[package]] -name = "aws-k8s-1_28" -version = "0.1.0" -dependencies = [ - "aws-iam-authenticator", - "cni", - "cni-plugins", - "kernel-6_1", "kubernetes-1_28", - "release", -] - -[[package]] -name = "aws-k8s-1_28-nvidia" -version = "0.1.0" -dependencies = [ - "aws-iam-authenticator", - "cni", - "cni-plugins", - "kernel-6_1", - "kmod-6_1-nvidia", - "kubernetes-1_28", - "nvidia-container-toolkit", - "nvidia-k8s-device-plugin", - "release", -] - -[[package]] -name = "aws-k8s-1_29" -version = "0.1.0" -dependencies = [ - "aws-iam-authenticator", - "cni", - "cni-plugins", - "kernel-6_1", "kubernetes-1_29", - "release", -] - -[[package]] -name = "aws-k8s-1_29-nvidia" -version = "0.1.0" -dependencies = [ - "aws-iam-authenticator", - "cni", - "cni-plugins", - "kernel-6_1", - "kmod-6_1-nvidia", - "kubernetes-1_29", - "nvidia-container-toolkit", - "nvidia-k8s-device-plugin", - "release", -] - -[[package]] -name = "aws-k8s-1_30" -version = "0.1.0" -dependencies = [ - "aws-iam-authenticator", - "cni", - "cni-plugins", - "kernel-6_1", - "kubernetes-1_30", - "release", -] - -[[package]] -name = "aws-k8s-1_30-nvidia" -version = "0.1.0" -dependencies = [ - "aws-iam-authenticator", - "cni", - "cni-plugins", - "kernel-6_1", - "kmod-6_1-nvidia", "kubernetes-1_30", + "libacl", + "libattr", + "libaudit", + "libcap", + "libdbus", + "libelf", + "libexpat", + "libffi", + "libgcc", + "libglib", + "libinih", + "libiw", + "libkcapi", + "libmnl", + "libncurses", + "libnetfilter_conntrack", + "libnetfilter_cthelper", + "libnetfilter_cttimeout", + "libnetfilter_queue", + "libnfnetlink", + "libnftnl", + "libnl", + "libnvidia-container", + "libnvme", + "libpcre", + "libseccomp", + "libselinux", + "libsemanage", + "libsepol", + "libstd-rust", + "libtirpc", + "liburcu", + "libxcrypt", + "libz", + "libzstd", + "linux-firmware", + "login", + "makedumpfile", + "mdadm", + "microcode", + "netdog", "nvidia-container-toolkit", "nvidia-k8s-device-plugin", - "release", -] - -[[package]] -name = "aws-signing-helper" -version = "0.1.0" -dependencies = [ - "glibc", -] - -[[package]] -name = "bash" -version = "0.1.0" -dependencies = [ - "glibc", - "libncurses", + "nvme-cli", + "oci-add-hooks", + "open-vm-tools", + "os", + "pigz", + "policycoreutils", + "procps", "readline", -] - -[[package]] -name = "binutils" -version = "0.1.0" -dependencies = [ - "glibc", - "libz", + "release", + "runc", + "selinux-policy", + "shim", + "socat", + "soci-snapshotter", + "static-pods", + "strace", + "systemd", + "util-linux", + "wicked", + "xfsprogs", ] [[package]] @@ -616,6 +449,13 @@ dependencies = [ "kernel-5_15", ] +[[package]] +name = "kmod-6_1-neuron" +version = "0.1.0" +dependencies = [ + "kernel-6_1", +] + [[package]] name = "kmod-6_1-nvidia" version = "0.1.0" @@ -999,59 +839,6 @@ dependencies = [ "systemd", ] -[[package]] -name = "metal-dev" -version = "0.1.0" -dependencies = [ - "chrony", - "docker-cli", - "docker-engine", - "docker-init", - "iputils", - "kernel-6_1", - "linux-firmware", - "login", - "release", - "strace", -] - -[[package]] -name = "metal-k8s-1_27" -version = "0.1.0" -dependencies = [ - "aws-iam-authenticator", - "cni", - "cni-plugins", - "kernel-6_1", - "kubernetes-1_27", - "linux-firmware", - "release", -] - -[[package]] -name = "metal-k8s-1_28" -version = "0.1.0" -dependencies = [ - "aws-iam-authenticator", - "cni", - "cni-plugins", - "kernel-6_1", - "kubernetes-1_28", - "release", -] - -[[package]] -name = "metal-k8s-1_29" -version = "0.1.0" -dependencies = [ - "aws-iam-authenticator", - "cni", - "cni-plugins", - "kernel-6_1", - "kubernetes-1_29", - "release", -] - [[package]] name = "microcode" version = "0.1.0" @@ -1110,8 +897,6 @@ name = "os" version = "0.1.0" dependencies = [ "glibc", - "settings-defaults", - "settings-plugins", ] [[package]] @@ -1203,20 +988,6 @@ dependencies = [ name = "selinux-policy" version = "0.1.0" -[[package]] -name = "settings-defaults" -version = "0.1.0" -dependencies = [ - "glibc", -] - -[[package]] -name = "settings-plugins" -version = "0.1.0" -dependencies = [ - "glibc", -] - [[package]] name = "shim" version = "0.1.0" @@ -1276,70 +1047,6 @@ dependencies = [ "libxcrypt", ] -[[package]] -name = "vmware-dev" -version = "0.1.0" -dependencies = [ - "chrony", - "docker-cli", - "docker-engine", - "docker-init", - "iputils", - "kernel-6_1", - "login", - "open-vm-tools", - "release", - "strace", -] - -[[package]] -name = "vmware-k8s-1_27" -version = "0.1.0" -dependencies = [ - "cni", - "cni-plugins", - "kernel-6_1", - "kubernetes-1_27", - "open-vm-tools", - "release", -] - -[[package]] -name = "vmware-k8s-1_28" -version = "0.1.0" -dependencies = [ - "cni", - "cni-plugins", - "kernel-6_1", - "kubernetes-1_28", - "open-vm-tools", - "release", -] - -[[package]] -name = "vmware-k8s-1_29" -version = "0.1.0" -dependencies = [ - "cni", - "cni-plugins", - "kernel-6_1", - "kubernetes-1_29", - "open-vm-tools", - "release", -] - -[[package]] -name = "vmware-k8s-1_30" -version = "0.1.0" -dependencies = [ - "cni", - "cni-plugins", - "kernel-6_1", - "kubernetes-1_30", - "open-vm-tools", - "release", -] - [[package]] name = "wicked" version = "0.1.0" diff --git a/Cargo.toml b/Cargo.toml new file mode 100644 index 000000000..89da1d61b --- /dev/null +++ b/Cargo.toml @@ -0,0 +1,120 @@ +[workspace] +resolver = "2" +members = [ + "kits/bottlerocket-core-kit", + "packages/acpid", + "packages/amazon-ssm-agent", + "packages/aws-iam-authenticator", + "packages/aws-signing-helper", + "packages/bash", + "packages/binutils", + "packages/chrony", + "packages/cni", + "packages/cni-plugins", + "packages/conntrack-tools", + "packages/containerd", + "packages/coreutils", + "packages/dbus-broker", + "packages/docker-cli", + "packages/docker-engine", + "packages/docker-init", + "packages/e2fsprogs", + "packages/early-boot-config", + "packages/ecr-credential-provider", + "packages/ecr-credential-provider-1.27", + "packages/ecr-credential-provider-1.29", + "packages/ecr-credential-provider-1.30", + "packages/ecs-agent", + "packages/ecs-gpu-init", + "packages/ethtool", + "packages/filesystem", + "packages/findutils", + "packages/glibc", + "packages/grep", + "packages/grub", + "packages/host-ctr", + "packages/iproute", + "packages/iptables", + "packages/iputils", + "packages/kernel-5.10", + "packages/kernel-5.15", + "packages/kernel-6.1", + "packages/kexec-tools", + "packages/keyutils", + "packages/kmod", + "packages/kmod-5.10-nvidia", + "packages/kmod-5.15-nvidia", + "packages/kmod-6.1-neuron", + "packages/kmod-6.1-nvidia", + "packages/kubernetes-1.23", + "packages/kubernetes-1.24", + "packages/kubernetes-1.25", + "packages/kubernetes-1.26", + "packages/kubernetes-1.27", + "packages/kubernetes-1.28", + "packages/kubernetes-1.29", + "packages/kubernetes-1.30", + "packages/libacl", + "packages/libattr", + "packages/libaudit", + "packages/libcap", + "packages/libdbus", + "packages/libelf", + "packages/libexpat", + "packages/libffi", + "packages/libgcc", + "packages/libglib", + "packages/libinih", + "packages/libiw", + "packages/libkcapi", + "packages/libmnl", + "packages/libncurses", + "packages/libnetfilter_conntrack", + "packages/libnetfilter_cthelper", + "packages/libnetfilter_cttimeout", + "packages/libnetfilter_queue", + "packages/libnfnetlink", + "packages/libnftnl", + "packages/libnl", + "packages/libnvidia-container", + "packages/libnvme", + "packages/libpcre", + "packages/libseccomp", + "packages/libselinux", + "packages/libsemanage", + "packages/libsepol", + "packages/libstd-rust", + "packages/libtirpc", + "packages/liburcu", + "packages/libxcrypt", + "packages/libz", + "packages/libzstd", + "packages/linux-firmware", + "packages/login", + "packages/makedumpfile", + "packages/mdadm", + "packages/microcode", + "packages/netdog", + "packages/nvidia-container-toolkit", + "packages/nvidia-k8s-device-plugin", + "packages/nvme-cli", + "packages/oci-add-hooks", + "packages/open-vm-tools", + "packages/os", + "packages/pigz", + "packages/policycoreutils", + "packages/procps", + "packages/readline", + "packages/release", + "packages/runc", + "packages/selinux-policy", + "packages/shim", + "packages/socat", + "packages/soci-snapshotter", + "packages/static-pods", + "packages/strace", + "packages/systemd", + "packages/util-linux", + "packages/wicked", + "packages/xfsprogs" +] diff --git a/Makefile b/Makefile new file mode 100644 index 000000000..7e0ce3993 --- /dev/null +++ b/Makefile @@ -0,0 +1,52 @@ +TOP := $(dir $(abspath $(firstword $(MAKEFILE_LIST)))) +TOOLS_DIR := $(TOP)tools +TWOLITER_DIR := $(TOOLS_DIR)/twoliter +TWOLITER := $(TWOLITER_DIR)/twoliter +CARGO_HOME := $(TOP).cargo +VERSION := $(shell awk '/^release-version = /{ print $$3 }' $(TOP)Twoliter.toml) +GIT_HASH := $(shell git describe --always --dirty --exclude '*' || echo 00000000 ) + +TWOLITER_VERSION ?= "0.3.0" +KIT ?= bottlerocket-core-kit +ARCH ?= $(shell uname -m) +VENDOR ?= bottlerocket + +all: build + +prep: + @mkdir -p $(TWOLITER_DIR) + @mkdir -p $(CARGO_HOME) + @$(TOOLS_DIR)/install-twoliter.sh \ + --repo "https://github.com/bottlerocket-os/twoliter" \ + --version v$(TWOLITER_VERSION) \ + --directory $(TWOLITER_DIR) \ + --reuse-existing-install \ + --allow-binary-install \ + --allow-from-source + +update: prep + @$(TWOLITER) update + +fetch: prep + @$(TWOLITER) fetch --arch $(ARCH) + +build: fetch + @$(TWOLITER) build kit $(KIT) --arch $(ARCH) + +publish: prep + @$(TWOLITER) publish kit $(KIT) $(VENDOR) v$(VERSION)-$(GIT_HASH) + +TWOLITER_MAKE = $(TWOLITER) make --cargo-home $(CARGO_HOME) --arch $(ARCH) + +# Treat any targets after "make twoliter" as arguments to "twoliter make". +ifeq (twoliter,$(firstword $(MAKECMDGOALS))) + TWOLITER_MAKE_ARGS := $(wordlist 2,$(words $(MAKECMDGOALS)),$(MAKECMDGOALS)) + $(eval $(TWOLITER_MAKE_ARGS):;@:) +endif + +# Transform "make twoliter" into "twoliter make", for access to tasks that are +# only available through the embedded Makefile.toml. +twoliter: prep + @$(TWOLITER_MAKE) $(TWOLITER_MAKE_ARGS) + +.PHONY: prep update fetch build publish twoliter diff --git a/Makefile.toml b/Makefile.toml deleted file mode 100644 index 0349d7cc5..000000000 --- a/Makefile.toml +++ /dev/null @@ -1,567 +0,0 @@ -[config] -skip_core_tasks = true - -[env] -BUILDSYS_ROOT_DIR = "${CARGO_MAKE_WORKING_DIRECTORY}" - -# For binary installation, this should be a released version (prefixed with a v, -# for example v0.1.0). For the git sourcecode installation method, this can be -# any git rev, e.g. a tag, sha, or branch name. -TWOLITER_VERSION = "v0.2.0" - -# For binary installation, this is the GitHub repository that has binary release artifacts attached -# to it, for example https://github.com/bottlerocket-os/twoliter. For git sourcecode installation, -# this is any URI that can be used in a git clone command. -TWOLITER_REPO = "https://github.com/bottlerocket-os/twoliter" - -# Skip installing Twoliter if it is already installed and its version -# matches the requested version. -TWOLITER_REUSE_EXISTING_INSTALL="true" - -# Allow Twoliter to be installed from a binary distribution if binaries are expected to exist for -# the host OS and architecture. -TWOLITER_ALLOW_BINARY_INSTALL="true" - -# Allow Twoliter to be installed by building from sourcecode. -TWOLITER_ALLOW_SOURCE_INSTALL="true" - -# If you know the version string returned by Twoliter will not match TWOLITER_VERSION (e.g. when you -# are testing changes to Twoliter itself), set this to true to prevent re-installation. -TWOLITER_SKIP_VERSION_CHECK="false" - -# Where Twoliter will be installed. -TWOLITER_INSTALL_DIR = "${BUILDSYS_ROOT_DIR}/tools/twoliter" - -# The logging verbosity for Twoliter: error, warn, info, debug, trace -TWOLITER_LOG_LEVEL = "info" - -# The project file that configures Twoliter. -TWOLITER_PROJECT = "${BUILDSYS_ROOT_DIR}/Twoliter.toml" - -BUILDSYS_ARCH = { script = ['echo "${BUILDSYS_ARCH:-$(uname -m)}"'] } -BUILDSYS_BUILD_DIR = "${BUILDSYS_ROOT_DIR}/build" -BUILDSYS_PACKAGES_DIR = "${BUILDSYS_BUILD_DIR}/rpms" -BUILDSYS_STATE_DIR = "${BUILDSYS_BUILD_DIR}/state" -BUILDSYS_IMAGES_DIR = "${BUILDSYS_BUILD_DIR}/images" -BUILDSYS_TOOLS_DIR = "${BUILDSYS_ROOT_DIR}/tools" -BUILDSYS_SOURCES_DIR = "${BUILDSYS_ROOT_DIR}/sources" -BUILDSYS_SBKEYS_DIR = "${BUILDSYS_ROOT_DIR}/sbkeys" -BUILDSYS_SBKEYS_PROFILE = { script = ['echo "${BUILDSYS_SBKEYS_PROFILE:-local}"'] } -BUILDSYS_TIMESTAMP = { script = ["date +%s"] } -BUILDSYS_VERSION_BUILD = { script = ["git describe --always --dirty --exclude '*' || echo 00000000"] } -# For now, release config path can't be overridden with -e, because it's used -# later in this section. You have to edit the path here in Makefile.toml to -# use a different Release.toml. -BUILDSYS_RELEASE_CONFIG_PATH = "${BUILDSYS_ROOT_DIR}/Release.toml" -BUILDSYS_VERSION_IMAGE = { script = ["awk -F '[ =\"]+' '$1 == \"version\" {print $2}' ${BUILDSYS_RELEASE_CONFIG_PATH}"] } -# This can be overridden with -e to build a different variant from the variants/ directory -BUILDSYS_VARIANT = { script = ['echo "${BUILDSYS_VARIANT:-aws-k8s-1.24}"'] } -# Product name used for file and directory naming -BUILDSYS_NAME = "bottlerocket" -# "Pretty" name used to identify OS in os-release, bootloader, etc. -# If you're building a Bottlerocket remix, you'd want to set this to something like -# "Bottlerocket Remix by ${CORP}" or "${CORP}'s Bottlerocket Remix" -BUILDSYS_PRETTY_NAME = "Bottlerocket OS" - -# These can be overridden with -e to change configuration for pubsys (`cargo -# make repo`). In addition, you can set RELEASE_START_TIME to determine when -# update waves and repo metadata expiration times will start, instead of -# starting now. (This can be an RFC3339 date, or an offset like "in X -# hours/days/weeks".) -PUBLISH_EXPIRATION_POLICY_PATH = "${BUILDSYS_ROOT_DIR}/tools/pubsys/policies/repo-expiration/2w-2w-1w.toml" -PUBLISH_WAVE_POLICY_PATH = "${BUILDSYS_ROOT_DIR}/sources/updater/waves/default-waves.toml" -PUBLISH_INFRA_CONFIG_PATH = "${BUILDSYS_ROOT_DIR}/Infra.toml" -# Default repo to read from PUBLISH_INFRA_CONFIG_PATH -PUBLISH_REPO = "default" -# The version of tuftool (without the 'v') that we will install and use for -# publishing-related steps -PUBLISH_TUFTOOL_VERSION="0.10.0" - -# This can be overridden with -e to change the path to the file containing SSM -# parameter templates. This file determines the parameter names and values -# that will be published to SSM when you run `cargo make ssm`. See -# tools/pubsys/policies/ssm/README.md for more information. -PUBLISH_SSM_TEMPLATES_PATH = "${BUILDSYS_ROOT_DIR}/tools/pubsys/policies/ssm/defaults.toml" - -# This can be overridden with -e to change the source path -# for the Licenses.toml file -BUILDSYS_LICENSES_CONFIG_PATH = "${BUILDSYS_ROOT_DIR}/Licenses.toml" - -# Specifies whether to validate all targets when validating TUF repositories -REPO_VALIDATE_TARGETS = "true" -# Specifies the timeframe to look for upcoming repository metadata expirations -REPO_METADATA_EXPIRING_WITHIN = "3 days" -# When refreshing repositories, you can set REPO_UNSAFE_REFRESH=true to refresh repositories that have expired metadata files. - -# You can also set PUBLISH_REGIONS to override the list of regions from -# Infra.toml for AMI and SSM commands; it's a comma-separated list like -# "us-west-2,us-east-1". -# You can set NO_PROGRESS=true to not print progress bars during snapshot upload. -# You can use ALLOW_CLOBBER=true with the `ssm` task to make it overwrite existing values. -# (This is not required with `promote-ssm` because the intent of promotion is overwriting.) - -# This can be overridden to provide a custom import spec for a VMware OVA. -# Using configuration from Infra.toml, we substitute the correct value for -# network, and whether or not to mark a VM as a template -VMWARE_IMPORT_SPEC_PATH = "${BUILDSYS_ROOT_DIR}/tools/pubsys/support/vmware/import_spec.template" - -# You can set VMWARE_DATACENTERS to override the list of datacenters from -# Infra.toml for VMware commands; it's a comma-separated list like -# "datacenter1,datacenter2" - -# Disallow pulling directly Upstream URLs when lookaside cache results in MISSes as a fallback. -# To use the upstream source as fallback, override this on the command line and set it to 'true' -BUILDSYS_UPSTREAM_SOURCE_FALLBACK = "false" - -# We require license checks to pass to build an image. If you're working on a -# local change and don't have license information yet, you can run with `-e -# BUILDSYS_ALLOW_FAILED_LICENSE_CHECK=true` to allow the build to continue even -# if the license check fails. -BUILDSYS_ALLOW_FAILED_LICENSE_CHECK = "false" - -# Disallow pulling licenses from Upstream URLs. To fetch licenses from the upstream source, -# override this on the command line and set it to 'true' -BUILDSYS_UPSTREAM_LICENSE_FETCH= "false" - -# This controls how many `docker build` commands we'll invoke at once. -BUILDSYS_JOBS = "8" - -CARGO_HOME = "${BUILDSYS_ROOT_DIR}/.cargo" -# This needs to end with pkg/mod so that we can mount the parent of pkg/mod as GOPATH. -GO_MOD_CACHE = "${BUILDSYS_ROOT_DIR}/.gomodcache/pkg/mod" -GO_MODULES = "ecs-gpu-init host-ctr" -DOCKER_BUILDKIT = "1" - -# This is the filename suffix for operations that write out AMI information to -# file. It can be overridden with -e in situations where a user is using -# multiple `Infra.toml` files for publishing to different places, and wants to -# write AMI information to specifically named files. -AMI_DATA_FILE_SUFFIX = "amis.json" - -# This is the filename suffix for operations that write out SSM parameter information -# to file. It can be overridden with -e. -SSM_DATA_FILE_SUFFIX = "ssm-params.json" - -# The type of testsys test that should be run. -# `quick` will run a quick test which usually tests that the instances are reachable. -# `conformance` will run a certified conformance test, these tests may take up to 3 hrs. -# `migration` will run an upgrade downgrade test including: -# 1: an initial `quick` test -# 2: a migration from TESTSYS_STARTING_VERSION to BUILDSYS_FULL_VERSION -# 3: a `quick` test on the migrated instances -# 4: a migration from BUILDSYS_FULL_VERSION back to TESTSYS_STARTING_VERSION -# 5: a final `quick` test on the downgraded instances -# TESTSYS_STARTING_IMAGE_ID can be used to provide the correct starting image for migration tests. -TESTSYS_TEST = "quick" -# The default path to the testsys cluster's kubeconfig file. This is used for all testsys calls. -CARGO_MAKE_DEFAULT_TESTSYS_KUBECONFIG_PATH = "${BUILDSYS_ROOT_DIR}/testsys.kubeconfig" -# The last released version of bottlerocket. -TESTSYS_STARTING_VERSION = { script = ["git tag --list --sort=version:refname 'v*' | tail -1"] } -# The commit for the last release of bottlerocket. -TESTSYS_STARTING_COMMIT = { script = ["git describe --tag ${TESTSYS_STARTING_VERSION} --always --exclude '*' || echo 00000000"] } -TESTSYS_TESTS_DIR = "${BUILDSYS_ROOT_DIR}/tests" -TESTSYS_TEST_CONFIG_PATH = "${BUILDSYS_ROOT_DIR}/Test.toml" - -[env.development] -# Certain variables are defined here to allow us to override a component value -# on the command line. - -TWOLITER = "${TWOLITER_INSTALL_DIR}/twoliter" - -# Depends on ${BUILDSYS_JOBS}. -CARGO_MAKE_CARGO_LIMIT_JOBS = "--jobs ${BUILDSYS_JOBS}" -CARGO_MAKE_CARGO_ARGS = "--offline --locked" - -# Depends on ${BUILDSYS_ARCH} and ${BUILDSYS_VARIANT}. -BUILDSYS_OUTPUT_DIR = "${BUILDSYS_IMAGES_DIR}/${BUILDSYS_ARCH}-${BUILDSYS_VARIANT}" - -# Depends on a number of variables defined above, and each other. -BUILDSYS_VERSION_FULL="${BUILDSYS_VERSION_IMAGE}-${BUILDSYS_VERSION_BUILD}" -# These names are used as prefixes for build and repo steps. -BUILDSYS_NAME_VARIANT="${BUILDSYS_NAME}-${BUILDSYS_VARIANT}-${BUILDSYS_ARCH}" -BUILDSYS_NAME_VERSION="${BUILDSYS_NAME}-${BUILDSYS_VERSION_FULL}" -BUILDSYS_NAME_FULL="${BUILDSYS_NAME_VARIANT}-${BUILDSYS_VERSION_FULL}" -# This name does not include the build short SHA -BUILDSYS_NAME_FRIENDLY = "${BUILDSYS_NAME_VARIANT}-v${BUILDSYS_VERSION_IMAGE}" - -# For variant build artifacts. -BUILDSYS_VARIANT_DIR = "${BUILDSYS_OUTPUT_DIR}/${BUILDSYS_VERSION_FULL}" - -# Depends on ${BUILDSYS_SBKEYS_DIR} and ${BUILDSYS_SBKEYS_PROFILE}. -BUILDSYS_SBKEYS_PROFILE_DIR = "${BUILDSYS_SBKEYS_DIR}/${BUILDSYS_SBKEYS_PROFILE}" - -# Path to repo-specific root role. -PUBLISH_REPO_ROOT_JSON = "${BUILDSYS_ROOT_DIR}/roles/${PUBLISH_REPO}.root.json" -# If you don't specify a signing key in Infra.toml, we generate one at this path. -PUBLISH_REPO_KEY = "${BUILDSYS_ROOT_DIR}/keys/${PUBLISH_REPO}.pem" -# Repo directories have subdirectories for variant/arch, so we only want version here. -PUBLISH_REPO_BASE_DIR = "${BUILDSYS_BUILD_DIR}/repos" -PUBLISH_REPO_OUTPUT_DIR = "${PUBLISH_REPO_BASE_DIR}/${PUBLISH_REPO}/${BUILDSYS_NAME_VERSION}" -# The default name of registered AMIs; override by setting PUBLISH_AMI_NAME. -PUBLISH_AMI_NAME_DEFAULT = "${BUILDSYS_NAME}-${BUILDSYS_VARIANT}-${BUILDSYS_ARCH}-v${BUILDSYS_VERSION_IMAGE}-${BUILDSYS_VERSION_BUILD}" - -# The name of the kmod kit archive, used to ease building out-of-tree kernel modules. -BUILDSYS_KMOD_KIT = "${BUILDSYS_VARIANT}-${BUILDSYS_ARCH}-kmod-kit-v${BUILDSYS_VERSION_IMAGE}.tar.xz" -BUILDSYS_KMOD_KIT_PATH = "${BUILDSYS_VARIANT_DIR}/${BUILDSYS_KMOD_KIT}" - -# The name of the OVA bundle that will be built if the current variant builds VMDK artifacts -BUILDSYS_OVA = "${BUILDSYS_NAME_VARIANT}-v${BUILDSYS_VERSION_IMAGE}.ova" -BUILDSYS_OVA_PATH = "${BUILDSYS_VARIANT_DIR}/${BUILDSYS_OVA}" -BUILDSYS_OVF_TEMPLATE = "${BUILDSYS_ROOT_DIR}/variants/${BUILDSYS_VARIANT}/template.ovf" - -# The default name of uploaded OVAs; override by setting VMWARE_VM_NAME -VMWARE_VM_NAME_DEFAULT = "${BUILDSYS_NAME}-${BUILDSYS_VARIANT}-${BUILDSYS_ARCH}-v${BUILDSYS_VERSION_IMAGE}-${BUILDSYS_VERSION_BUILD}" - -# Config file for Boot Configuration initrd generation -BOOT_CONFIG_INPUT = "${BUILDSYS_ROOT_DIR}/bootconfig-input" -# Boot Configuration initrd -BOOT_CONFIG = "${BUILDSYS_ROOT_DIR}/bootconfig.data" - -# Determines the kubeconfig that should be used by testsys. If no kubeconfig was provided and the -# default kubeconfig location does not exist, use the users default kubeconfig. -CARGO_MAKE_TESTSYS_KUBECONFIG_ARG = {script = [ -''' -if ! [ -n "${TESTSYS_KUBECONFIG}" ] && [ -s "${TESTSYS_TESTS_DIR}/testsys.kubeconfig" ] && [ -s "${CARGO_MAKE_DEFAULT_TESTSYS_KUBECONFIG_PATH}" ];then - echo "No kubeconfig was specified and a kubeconfig was found in 2 possible locations: '${TESTSYS_TESTS_DIR}/testsys.kubeconfig' and '${CARGO_MAKE_DEFAULT_TESTSYS_KUBECONFIG_PATH}'" - exit 1 -fi -if [ -n "${TESTSYS_KUBECONFIG}" ]; then - # If the user provides a kubeconfig path it should be used. - echo "--kubeconfig ${TESTSYS_KUBECONFIG}" -elif [ -s "${TESTSYS_TESTS_DIR}/testsys.kubeconfig" ]; then - # If the kubeconfig is in the TESTSYS_TESTS_DIR it should be used. - echo "--kubeconfig ${TESTSYS_TESTS_DIR}/testsys.kubeconfig" -elif [ -s "${CARGO_MAKE_DEFAULT_TESTSYS_KUBECONFIG_PATH}" ]; then - # If the default kubeconfig exists it should be used. - echo "--kubeconfig ${CARGO_MAKE_DEFAULT_TESTSYS_KUBECONFIG_PATH}" -fi -''' -]} - -# Args that will be passed into all testsys invocations. -CARGO_MAKE_TESTSYS_ARGS = "${CARGO_MAKE_TESTSYS_KUBECONFIG_ARG}" - -TESTSYS_TEST_CONFIG_PATH = { script = [ -''' -if [ -s "${TESTSYS_TEST_CONFIG_PATH}" ] && [ -s "${TESTSYS_TESTS_DIR}/Test.toml" ];then - echo "There can only be 1 config file. 2 config files were found: '${TESTSYS_TEST_CONFIG_PATH}' and '${TESTSYS_TESTS_DIR}/Test.toml'" - exit 1 -fi -if [ -s "${TESTSYS_TEST_CONFIG_PATH}" ]; then - # If the config path exists - echo "${TESTSYS_TEST_CONFIG_PATH}" -elif [ -s "${TESTSYS_TESTS_DIR}/Test.toml" ]; then - # If the test config is in the TESTSYS_TESTS_DIR it should be used. - echo "${TESTSYS_TESTS_DIR}/Test.toml" -else - echo "${TESTSYS_TEST_CONFIG_PATH}" -fi -''' -] } - -[tasks.install-twoliter] -script_runner = "bash" -script = [ -''' -declare -a flags - -if [ "${TWOLITER_REUSE_EXISTING_INSTALL}" = "true" ]; then - flags+=("--reuse-existing-install") -fi - -if [ "${TWOLITER_ALLOW_BINARY_INSTALL}" = "true" ]; then - flags+=("--allow-binary-install") -fi - -if [ "${TWOLITER_ALLOW_SOURCE_INSTALL}" = "true" ]; then - flags+=("--allow-from-source") -fi - -if [ "${TWOLITER_SKIP_VERSION_CHECK}" = "true" ]; then - flags+=("--skip-version-check") -fi - -"${BUILDSYS_TOOLS_DIR}/install-twoliter.sh" \ - --repo "${TWOLITER_REPO}" \ - --version "${TWOLITER_VERSION}" \ - --directory "${TWOLITER_INSTALL_DIR}" \ - "${flags[@]}" -''' -] - -[tasks.run-twoliter] -dependencies = ["install-twoliter"] -command = "${TWOLITER}" -args = [ - "--log-level=${TWOLITER_LOG_LEVEL}", - "make", - "${CARGO_MAKE_TASK}", - "--project-path=${TWOLITER_PROJECT}", - "--cargo-home=${CARGO_HOME}", - "--", - "${@}", -] - -[tasks.deprecated] -dependencies = ["install-twoliter"] -script_runner = "bash" -script = [ -''' -echo "The '${CARGO_MAKE_TASK}' task is deprecated." -echo "All it does is ensure that Twoliter is installed." -echo "You should do this with 'cargo make install-twoliter' instead.", -''' -] - -[tasks.setup] -run_task = "run-twoliter" - -[tasks.setup-build] -run_task = "run-twoliter" - -[tasks.fetch] -run_task = "run-twoliter" - -[tasks.fetch-sdk] -run_task = "run-twoliter" - -[tasks.fetch-toolchain] -run_task = "run-twoliter" - -[tasks.fetch-sources] -run_task = "run-twoliter" - -[tasks.fetch-vendored] -run_task = "run-twoliter" - -[tasks.unit-tests] -run_task = "run-twoliter" - -# A top level target for devs to ensure review and patch readiness -[tasks.check] -run_task = "run-twoliter" - -[tasks.check-fmt] -run_task = "run-twoliter" - -[tasks.check-lints] -run_task = "run-twoliter" - -[tasks.check-clippy] -run_task = "run-twoliter" - -[tasks.check-shell] -run_task = "run-twoliter" - -[tasks.check-golangci-lint] -run_task = "run-twoliter" - -[tasks.check-migrations] -run_task = "run-twoliter" - -[tasks.build-tools] -run_task = "deprecated" - -# Note: this is separate from publish-tools because publish-tools takes a while -# to build and isn't needed to build an image. -[tasks.publish-setup-tools] -run_task = "deprecated" - -[tasks.publish-tools] -run_task = "deprecated" - -[tasks.build-sbkeys] -run_task = "run-twoliter" - -# We need Cargo version 1.51 or higher in order to build a workspace's -# dependency during build-package -[tasks.check-cargo-version] -run_task = "run-twoliter" - -[tasks.boot-config] -run_task = "run-twoliter" - -[tasks.validate-boot-config] -run_task = "run-twoliter" - -# Builds a package including its build-time and runtime dependency packages. -[tasks.build-package] -run_task = "run-twoliter" - -[tasks.build-variant] -run_task = "run-twoliter" - -[tasks.repack-variant] -run_task = "run-twoliter" - -[tasks.fetch-variant] -run_task = "run-twoliter" - -[tasks.fetch-friendly-variant] -run_task = "run-twoliter" - -[tasks.fetch-ova] -run_task = "run-twoliter" - -[tasks.check-licenses] -run_task = "run-twoliter" - -[tasks.fetch-licenses] -run_task = "run-twoliter" - -[tasks.build] -run_task = "run-twoliter" - -[tasks.tuftool] -run_task = "deprecated" - -[tasks.publish-setup] -run_task = "run-twoliter" - -[tasks.publish-setup-without-key] -run_task = "run-twoliter" - -# Builds a local repository based on the 'latest' built targets. Uses pubsys -# to create a repo under /build/repos, named after the arch/variant/version, -# containing subdirectories for the repo metadata and targets. -[tasks.repo] -run_task = "run-twoliter" - -[tasks.validate-repo] -run_task = "run-twoliter" - -[tasks.check-repo-expirations] -run_task = "run-twoliter" - -[tasks.refresh-repo] -run_task = "run-twoliter" - -[tasks.ami] -run_task = "run-twoliter" - -[tasks.ami-public] -run_task = "run-twoliter" - -[tasks.ami-private] -run_task = "run-twoliter" - -[tasks.grant-ami] -run_task = "run-twoliter" - -[tasks.revoke-ami] -run_task = "run-twoliter" - -[tasks.validate-ami] -run_task = "run-twoliter" - -[tasks.ssm] -run_task = "run-twoliter" - -[tasks.promote-ssm] -run_task = "run-twoliter" - -[tasks.validate-ssm] -run_task = "run-twoliter" - -[tasks._upload-ova-base] -run_task = "run-twoliter" - -# This task runs `_upload-ova-base` which will upload the OVA and *not* mark it -# as a template -[tasks.upload-ova] -run_task = "run-twoliter" - -# This task runs `_upload-ova-base` with the environment variable -# `MARK_OVA_AS_TEMPLATE` set, which will upload the OVA *and* mark it as a -# template -[tasks.vmware-template] -run_task = "run-twoliter" - -[tasks.clean] -run_task = "run-twoliter" - -[tasks.clean-sources] -run_task = "run-twoliter" - -[tasks.clean-packages] -run_task = "run-twoliter" - -[tasks.clean-images] -run_task = "run-twoliter" - -[tasks.clean-repos] -run_task = "run-twoliter" - -[tasks.clean-state] -run_task = "run-twoliter" - -# Deletes cached code used for Bottlerocket builds -[tasks.purge-cache] -run_task = "run-twoliter" - -# This task will delete vendored Go code, primarily, the Go module cache. -# The Go module cache is intentionally readonly and does not have writable -# subdirectories or files. So, we first need to perform the `chmod` in order to -# have permissions to delete it. -# See for more context: https://github.com/golang/go/issues/27455 -[tasks.purge-go-vendor] -run_task = "run-twoliter" - -# This task will remove all the cached Rust code found in the cargo home dir -[tasks.purge-cargo] -run_task = "run-twoliter" - -[tasks.test-tools] -run_task = "deprecated" - -[tasks.setup-test] -run_task = "run-twoliter" - -# This task is used to test bottlerocket build artifacts. By default the region first listed in Infra.toml -# is used for testing; however, `TESTSYS_REGION` can be used to test in a different region. -[tasks.test] -run_task = "run-twoliter" - -# This task will clear all tests from the testsys cluster. -# To delete all passed tests use `cargo make clean-test --passed` -# To delete all failed tests use `cargo make clean-test --failed` -# To delete all incomplete tests use `cargo make clean-test --running` -[tasks.clean-test] -run_task = "run-twoliter" - -# This task will clear all tests and resources from the testsys cluster. -[tasks.reset-test] -run_task = "run-twoliter" - -# This task will clear all testsys components from the testsys cluster. -[tasks.uninstall-test] -run_task = "run-twoliter" - -# This task will clear all testsys components from the testsys cluster. -[tasks.purge-test] -run_task = "run-twoliter" - -# This task will call watch on the `status` testsys command to show the results of all tests. -# To see all passed tests use `cargo make watch-test --passed` -# To see all failed tests use `cargo make watch-test --failed` -# To see all incomplete tests use `cargo make watch-test --running` -[tasks.watch-test] -run_task = "run-twoliter" - -# This task will call watch on the `status` testsys command to show the results of all tests and -# resources. -# To see all incomplete crds use `cargo make watch-test-all --running` -[tasks.watch-test-all] -run_task = "run-twoliter" - -# This task will retrieve testsys logs from a test. You can add `--follow` to continue to receive -# logs as they come in. -[tasks.log-test] -run_task = "run-twoliter" - -# This task is useful for using the current tree's testsys without symlinks -[tasks.testsys] -run_task = "run-twoliter" - -[tasks.default] -alias = "build" diff --git a/PROVISIONING-METAL.md b/PROVISIONING-METAL.md deleted file mode 100644 index da828870a..000000000 --- a/PROVISIONING-METAL.md +++ /dev/null @@ -1,354 +0,0 @@ -# Provisioning Bottlerocket on metal - -This guide will describe what is needed to properly provision Bottlerocket on bare metal. -Provisioning Bottlerocket on metal is different than provisioning other general-purpose distros. -Since Bottlerocket has a `dm-verity`-checked boot and root partition, and is immutable at runtime, a user cannot provision an image and directly write configuration files. -Bottlerocket requires a few files to be generated and written to disk at provisioning time in order to boot properly; these files are described below. - -For more information about the hardware that Bottlerocket for bare metal is currently tested on, see [SUPPORTED-HARDWARE](SUPPORTED-HARDWARE.md). - -## High level provisioning steps - -The high level steps to provision Bottlerocket images for bare metal to your host are below. -Most provisioning systems provide methods to achieve the following: - -* Decompress (`unlz4`) and write the Bottlerocket image to the desired disk -* Mount the `BOTTLEROCKET-PRIVATE` partition (partition 12) -* Write the below files to the mounted partition (these files are further described below): - * (Required) [`user-data.toml`](#user-data) - * (Required) [`net.toml`](#network-interface-configuration) - * (Optional, recommended) [`bootconfig.data`](#boot-configuration) -* Reboot - -### Fetch the Bottlerocket image for bare metal - -The Bottlerocket image for bare metal is signed and uploaded alongside the rest of the Bottlerocket release artifacts. - -You first need the Bottlerocket root role, which is used by `tuftool` to verify the image. -The following will download and verify the root role itself: - -```shell -curl -O "https://cache.bottlerocket.aws/root.json" -sha512sum -c <<<"a3c58bc73999264f6f28f3ed9bfcb325a5be943a782852c7d53e803881968e0a4698bd54c2f125493f4669610a9da83a1787eb58a8303b2ee488fa2a3f7d802f root.json" -``` - -Next, set your desired version and variant, and use `tuftool` to download the image: -To install `tuftool` you'll need to install Rust (via [rustup](https://rustup.rs/) or the official site), and then you can run `cargo install tuftool`. -The VERSION corresponds to the [Bottlerocket version](https://github.com/bottlerocket-os/bottlerocket/releases/latest), the latest release is almost always what you want. -You might need to install `jq` to fetch the VERSION. - -```shell -ARCH="x86_64" -VERSION=$(curl -s https://api.github.com/repos/bottlerocket-os/bottlerocket/releases/latest | jq -r '.name') -VARIANT="metal-k8s-1.28" -IMAGE="bottlerocket-${VARIANT}-${ARCH}-${VERSION}.img.lz4" -OUTDIR="${VARIANT}-${VERSION}" - -tuftool download "${OUTDIR}" --target-name "${IMAGE}" \ - --root ./root.json \ - --metadata-url "https://updates.bottlerocket.aws/2020-07-07/${VARIANT}/x86_64/" \ - --targets-url "https://updates.bottlerocket.aws/targets/" -``` - -### User data - -Bottlerocket for bare metal expects a TOML-formatted file named `user-data.toml` that contains user data settings. -Acceptable settings can be found in the [settings docs](https://github.com/bottlerocket-os/bottlerocket#settings). - -If you're just getting started and want to provision a host without connecting to a Kubernetes cluster, you can use the following example user data which will start `kubelet` in standalone mode. - -```toml -[settings.kubernetes] -standalone-mode = true -``` - -For remote access to your running Bottlerocket hosts, you will need to add user data to enable host containers. -The Bottlerocket images for bare metal don't enable any host containers by default. -You can use our [admin](https://github.com/bottlerocket-os/bottlerocket-admin-container) and/or [control](https://github.com/bottlerocket-os/bottlerocket-control-container) containers, but they need to be configured first. -Full configuration details are covered in the [admin container documentation](https://github.com/bottlerocket-os/bottlerocket-admin-container#authenticating-with-the-admin-container) and the [control container documentation](https://github.com/bottlerocket-os/bottlerocket-control-container#connecting-to-aws-systems-manager-ssm). - -### Network interface configuration - -Bottlerocket for bare metal provides the means to configure the physical network interfaces in the system via TOML-formatted file `net.toml`. - -`net.toml` is read at boot time and generates the proper configuration files in the correct format for each interface described; no default configuration is provided. -If no network configuration is provided, boot-time services like host containers, `containerd`, and `kubelet` will fail to start. -When these services fail, your machine will not connect to any cluster and will be unreachable via host containers. - -#### `net.toml` structure - -The configuration file must be valid TOML and have the filename `net.toml`. -The first and required top level key in the file is `version`; the latest is version `3`. -The rest of the file is a map of interface name or MAC address to supported settings. -Interface names are expected to be correct as per `udevd` naming, no interface naming or matching is supported. -(See the note below regarding `udevd` interface naming.) - -#### Supported interface settings - -* `primary` (boolean): Use this interface as the primary network interface. `kubelet` will use this interface's IP when joining the cluster. If none of the interfaces has `primary` set, the first interface in the file is used as the primary interface. -* `dhcp4` (boolean or map): Turns on DHCP4 for the interface. If additional DHCP4 configuration is required, the following settings are supported and may be provided as a map with the following keys: - * `enabled` (boolean, required): Enables DHCP4. - * `route-metric` (integer): Prioritizes routes by setting values for preferred interfaces. - * `optional` (boolean): the system will request a lease using this protocol, but will not wait for a valid lease to consider this interface configured. -* `dhcp6` (boolean or map): Turns on DHCP6 for the interface. If additional DHCP6 configuration is required, the following settings are supported and may be provided as a map with the following keys: - * `enabled` (boolean, required): Enables DHCP6. - * `optional` (boolean): the system will request a lease using this protocol, but will not wait for a valid lease to consider this interface configured. - -As of version `2` static addressing with simple routes is supported via the below settings. -Please keep in mind that when using static addresses, DNS information must be supplied to the system via user data: [`settings.dns`](https://github.com/bottlerocket-os/bottlerocket#network-settings). - -* `static4` (map): IPv4 static address settings. - * `addresses` (list of quoted IPv4 address including prefix): The desired IPv4 IP addresses, including prefix i.e. `["192.168.14.2/24"]`. The first IP in the list will be used as the primary IP which `kubelet` will use when joining the cluster. If IPv4 and IPv6 static addresses exist, the first IPv4 address is used. -* `static6` (map): IPv6 static address settings. - * `addresses` (list of quoted IPv6 address including prefix): The desired IPv6 IP addresses, including prefix i.e. `["2001:dead:beef::2/64"]`. The first IP in the list will be used as the primary IP which `kubelet` will use when joining the cluster. If IPv4 and IPv6 static addresses exist, the first IPv4 address is used. - -* `route` (map): Static route; multiple routes can be added. (cannot be used in conjunction with DHCP) - * `to` (`"default"` or IP address with prefix, required): Destination address. - * `from` (IP address): Source IP address. - * `via` (IP address): Gateway IP address. If no gateway is provided, a scope of `link` is assumed. - * `route-metric` (integer): Relative route priority. - -Version `3` adds support for bonding, vlan tagging, and the ability to use a MAC address (colon or dash separated) as the identifier for an interface. -MAC address identification is limited to interface configuration *only* and may not be used in conjunction with bonds or vlans. -[Bonding](https://www.kernel.org/doc/Documentation/networking/bonding.txt) support is limited to mode `1` (`active-backup`). -Future support may include other bonding options - pull requests are welcome! -Version `3` adds the concept of virtual network devices in addition to interfaces. -The default type of device is an interface and the syntax is the same as previous versions. -The name of an interface must match an existing interface on the system such as `eno1` or `enp0s16`. -For virtual network devices, a `kind` is required. -If no `kind` is specified, it is assumed to be an interface. -Currently, `bond` and `vlan` are the two supported `kind`s. -Virtual network devices are created, and therefore a name has to be chosen. - -Names for virtual network devices must conform to kernel naming restrictions: -* Names must not have line terminators in them -* Names must be between 1-15 characters -* Names must not contain `.`, `/` or whitespace - -Bonding configuration creates a virtual network device across several other devices: - -* Bonding configuration (map): - * `kind = "bond"`: This setting is required to specify a bond device. Required. - * `interfaces` (list of quoted strings of interface names, not MAC addresses): Which interfaces should be added to the bond (i.e. `["eno1"]`). The first in the list is considered the default `primary`. These interfaces are "consumed" so no other configuration can refer to them. Required. - * `mode` (string): Currently `active-backup` is the only supported option. Required. - * `min-links` (integer): Number of links required to bring up the device - * `monitoring` (map): Values m ust all be of `miimon` or `arpmon` type. - The user must choose one type of monitoring and configure it fully in order for the bond to properly function. - See [section 7](https://www.kernel.org/doc/Documentation/networking/bonding.txt) for more background on what to choose. - * `miimon-frequency-ms` (integer): MII Monitoring frequency in milliseconds - * `miimon-updelay-ms` (integer): MII Monitoring delay before the link is enabled after link is detected in milliseconds - * `miimon-downdelay-ms` (integer): MII Monitoring delay before the link is disabled after link is no longer detected in milliseconds - * `arpmon-interval-ms` (integer): Number of milliseconds between intervals to determine link status, must be greater than 0 - * `arpmon-validate` (one of `all`, `none`, `active`, or `backup`): What packets should be used to validate link - * `arpmon-targets` (list of quoted IPv4 address including prefix): List of targets to use for validating ARP. Min = 1, Max = 16 - -Vlan tagging is configured as a new virtual network device stacked on another device: - -* Vlan configuration (map): - * `kind = "vlan"`: This setting is required to specify a vlan device. - * `device` (string for device name, not MAC address): Defines the device the vlan should be configured on. - If VLAN tagging is required, this device should receive all IP address configuration instead of the underlying device. - * `id` (integer): Number between 0 and 4096 specifying the vlan tag on the device - -Example `net.toml` version `3` with comments: - -```toml -version = 3 - -# "eno1" is the interface name -[eno1] -# Users may turn on dhcp4 and dhcp6 via boolean -dhcp4 = true -dhcp6 = true -primary = true - -# "eno2" is the second interface in this example -[eno2.dhcp4] -# `enabled` is a boolean and is a required key when -# setting up DHCP this way -enabled = true -# Route metric may be supplied for IPv4 -route-metric = 200 - -[eno2.dhcp6] -enabled = true -optional = true - -[eno3.static4] -addresses = ["10.0.0.10/24", "11.0.0.11/24"] - -# Multiple routes may be configured -[[eno3.route]] -to = "default" -via = "10.0.0.1" -route-metric = 100 - -[[eno3.route]] -to = "default" -via = "11.0.0.1" -route-metric = 200 - -[eno4.static4] -addresses = ["192.168.14.5/24"] - -# Using a source IP and non-default route -[[eno4.route]] -to = "10.10.10.0/24" -from = "192.168.14.5" -via = "192.168.14.25" - -# Interfaces may be configured using their MAC address rather than the interface name. -# The MAC address must be quoted and colon or dash separated -["0e:b3:69:44:b6:33"] -dhcp4 = true - -["3e:03:69:49:e6:31".static4] -addresses = ["10.0.0.15/24"] - -[["3e:03:69:49:e6:31".route]] -to = "default" -via = "10.0.0.1" - -# A bond is a network device that is of `kind` `bond` -[bond0] -kind = "bond" -# Currently `active-backup` is the only supported option -mode = "active-backup" -# In this case, the vlan will have addressing, the bond is simply there for use in the vlan -dhcp4 = false -dhcp6 = false -# The first interface in the array is considered `primary` by default, this list may not contain MAC addresses. -interfaces = ["eno11", "eno12"] - -[bond0.monitoring] -miimon-frequency-ms = 100 # 100 milliseconds -miimon-updelay-ms = 200 # 200 milliseconds -miimon-downdelay-ms = 200 # 200 milliseconds - -[bond1] -kind = "bond" -mode = "active-backup" -interfaces = ["eno51" , "eno52", "eno53"] -min-links = 2 # Optional min-links -dhcp4 = true - -[bond1.monitoring] -arpmon-interval-ms = 200 # 200 milliseconds -arpmon-validate = "all" -arpmon-targets = ["192.168.1.1", "10.0.0.2"] - -# A vlan is a network device that is of `kind` `vlan` -# VLAN42 is the name of the device, can be anything that is a valid network interface name -[VLAN42] -kind = "vlan" -# `device` may not contain a MAC address. -device = "bond0" -id = 42 -dhcp4 = true - -[internal_vlan] -kind = "vlan" -device = "eno2" -id = 1234 -dhcp6 = true -``` - -#### **An additional note on network device names** - -Interface name policies are [specified in this file](https://github.com/bottlerocket-os/bottlerocket/blob/develop/packages/release/80-release.link#L6); with name precedence in the following order: onboard, slot, path. -Typically on-board devices are named `eno*`, hot-plug devices are named `ens*`, and if neither of those names are able to be generated, the “path” name is given, i.e `enp*s*f*`. - -#### Networking configuration versions and Releases - -Older networking configuration versions (such as `1` or `2`) are supported in newer releases. In order to use a newer version, the following table provides guidance on what release first enabled the version. - -| Network Configuration Version | First Release | -|-------------------------------|---------------------------------------------------------------------------------| -| Version 1 | [v1.9.0](https://github.com/bottlerocket-os/bottlerocket/releases/tag/v1.9.0) | -| Version 2 | [v1.10.0](https://github.com/bottlerocket-os/bottlerocket/releases/tag/v1.10.0) | -| Version 3 | [v1.12.0](https://github.com/bottlerocket-os/bottlerocket/releases/tag/v1.12.0) | - -### Boot Configuration - -Bottlerocket for bare metal uses a feature of the Linux kernel called [Boot Configuration](https://www.kernel.org/doc/html/latest/admin-guide/bootconfig.html), which allows a user to pass additional arguments to the kernel command line at runtime. -An immediate use of this feature for most users is setting `console` settings so boot messages can be seen on the appropriate consoles. - -In order to make use of this feature, an initrd is created with the desired settings encoded inside it. -The initrd is empty save for the encoded boot config data. -To create the initrd, you must first create a configuration file containing key value pairs for the settings you would like to pass to kernel / init. -Full syntax is described in the [Boot Config documentation](https://www.kernel.org/doc/html/latest/admin-guide/bootconfig.html#config-file-syntax), but a simple example is provided below that shows the format of console settings as well as an example `systemd` parameter. - -The two acceptable prefixes to settings are `kernel` and `init`. -Settings prefixed with `kernel` are added to the beginning of the kernel command line. -Settings prefixed with `init` are added to the kernel command line after the `--`, but before any existing init parameters. - -In the example below, two console devices are set up, and `systemd`'s log level is set to `debug`. - -Example Boot Configuration: - -``` -kernel { - console = tty0, "ttyS1,115200n8" -} -init { - systemd.log_level = debug -} -``` - -The Bottlerocket SDK provides the `bootconfig` CLI tool, which is used to create a Boot Configuration initrd. -To create the Boot Configuration initrd, create a config file named `bootconfig-input` containing your desired key/value pair kernel and init arguments. - -Then run the following (you will need Docker installed): - -```shell -ARCH=$(uname -m) -SDK_VERSION="v0.26.0" -SDK_IMAGE="public.ecr.aws/bottlerocket/bottlerocket-sdk-${ARCH}:${SDK_VERSION}" - -touch $(pwd)/bootconfig.data - -docker run --rm \ - --network=none \ - --user "$(id -u):$(id -g)" \ - --security-opt label=disable \ - -v $(pwd)/bootconfig-input:/tmp/bootconfig-input \ - -v $(pwd)/bootconfig.data:/tmp/bootconfig.data \ - "${SDK_IMAGE}" \ - bootconfig -a /tmp/bootconfig-input /tmp/bootconfig.data -``` - -The above command will create the properly named initrd `bootconfig.data` in your current directory. -This is the file you will write to disk during provisioning. - -You can list a `bootconfig.data`'s contents, which also validates its format, by running: - -```shell -ARCH=$(uname -m) -SDK_VERSION="v0.26.0" -SDK_IMAGE="public.ecr.aws/bottlerocket/bottlerocket-sdk-${ARCH}:${SDK_VERSION}" - -docker run --rm \ - --network=none \ - --user "$(id -u):$(id -g)" \ - --security-opt label=disable \ - -v $(pwd)/bootconfig.data:/tmp/bootconfig.data \ - "${SDK_IMAGE}" \ - bootconfig -l /tmp/bootconfig.data -``` - -### Enable Secure Boot - -Starting with metal-k8s-1.28, the Bottlerocket images for bare metal support Secure Boot when used on a platform with UEFI firmware. -UEFI boot mode must be used, rather than legacy BIOS boot mode, and Secure Boot must be enabled. -The UEFI firmware may provide a Compatibility Support Module (CSM) option to enable legacy BIOS emulation. -The CSM option must not be enabled. -These options can be set in the firmware setup menu, which can be accessed during boot by pressing a certain key (such as F2 or F12). - -Many Linux distros ship a copy of the [shim](https://github.com/rhboot/shim) bootloader signed by Microsoft with a key that is trusted by default. -Although Bottlerocket also uses `shim`, its copy is not signed by Microsoft and will not be trusted without additional configuration. -After installing Bottlerocket, the appropriate vendor certificate can be found on the EFI System Partition (ESP). -The firmware setup menu should provide an option to import a new vendor certificate by selecting a file on the ESP. -Either the PEM format (`db.crt`) or DER format (`db.cer`) certificate can be imported, depending on what the firmware supports. - -The firmware setup menu should be password-protected to prevent unauthorized changes to the Secure Boot configuration. -Please refer to the documentation from your hardware vendor for more information on this procedure. diff --git a/PUBLISHING-AWS.md b/PUBLISHING-AWS.md deleted file mode 100644 index 486ccdb98..000000000 --- a/PUBLISHING-AWS.md +++ /dev/null @@ -1,148 +0,0 @@ -# Publishing Bottlerocket on AWS - -This guide will walk you through some AWS-specific details around publishing an AMI, granting access to said AMI, as well as making it easy for others to find your AMI via SSM parameters. - -### Register an AMI - -The [BUILDING](BUILDING.md#register-an-ami) guide covers the process of making an AMI, and has you specify `PUBLISH_REGIONS` to decide where the AMI will live. -You can also specify this in your `Infra.toml` file: - -```toml -[aws] -regions = ["us-west-2", "us-east-1", "us-east-2"] -``` - -Note: several commands work with AWS services, so there's some shared configuration related to AWS accounts and AWS IAM roles. -For example, you can specify a role to assume before any API calls are made, and a role to assume before any API calls in a specific region. -This can be useful if you want to use roles to control access to the accounts that own AMIs, for example. -See the commented [example Infra.toml](tools/pubsys/Infra.toml.example) for details. - -If you specify multiple regions, an AMI will be registered in the first region and then copied to the other regions. - -After putting this in `Infra.toml`, you can make an AMI more easily: - -```shell -cargo make ami -``` - -If you want to change the name or description of your AMI, you can add on `-e PUBLISH_AMI_NAME=my-name` or `-e PUBLISH_AMI_DESCRIPTION=my-desc`. - -> Note: the AMI registration process creates a JSON file describing the AMIs in a directory under `build/images/`. -> This file is used by the steps below when granting access to the AMIs or setting parameters in SSM. - -### Granting access to your AMI - -If you use different accounts to make and test your AMIs, you can grant access to specific accounts like this: - -```shell -cargo make -e GRANT_TO_USERS=0123456789,9876543210 grant-ami -``` - -(Later, if you need to revoke access, you can do this:) - -```shell -cargo make -e REVOKE_FROM_USERS=0123456789,9876543210 revoke-ami -``` - -> Note: similar to `cargo make ami`, you can specify `PUBLISH_REGIONS` on the command line if you don't want to make an `Infra.toml` config. - -### Making your AMIs discoverable with SSM parameters - -After you've made AMIs and a repo, you may want to make it easier to find your AMIs, particularly as you make new versions over time. - -One way to do this is to store the AMI IDs in [AWS SSM Parameters](https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-parameter-store.html). -These are simple names like `/my/ami/id` that you can use in many places instead of specific AMI IDs. -For example, you can launch EC2 instances using [RunInstances](https://docs.aws.amazon.com/systems-manager/latest/userguide/parameter-store-ec2-aliases.html) or [in a CloudFormation stack](https://aws.amazon.com/blogs/mt/integrating-aws-cloudformation-with-aws-systems-manager-parameter-store/) using a parameter name rather than an AMI ID. -You can also use the same parameter names across regions, so you don't have to deal with region-specific AMI IDs. - -> Note: SSM parameters are private to your account. -> They let you use consistent names instead of tracking AMI IDs, but they don't currently let you share with other accounts. - -The `cargo make ssm` task can set SSM parameters based on the AMIs you built [above](#register-an-ami). -For this to work, you have to specify a parameter prefix in your `Infra.toml`. -This setting lives in the same `[aws]` section you used above to list the regions where you want to register AMIs. -(The same region list will be used to determine where to publish SSM parameters.) - -Here's an example configuration for regions and the SSM prefix: - -```toml -[aws] -regions = ["us-west-2", "us-east-1", "us-east-2"] -ssm_prefix = "/your/prefix/here" -``` - -This prefix forms the start of the name of each SSM parameter we set. -The rest of the name comes from parameter templates. - -Parameter templates determine the name and value of each parameter we want to set for each AMI we've built. -The [default template](tools/pubsys/policies/ssm/defaults.toml) creates parameters that let users find the AMI ID and the image version for each of your AMIs. -The templates have access to the name of the current variant, architecture, etc., so they can create unique parameter names for each build. -For more information on how templates work, check out [their documentation](tools/pubsys/policies/ssm/). - -If you're happy with the default template, you can set SSM parameters like this: - -```shell -cargo make ssm -``` - -This will create versioned parameters, meaning that the parameter name has the image version in it. -This isn't very discoverable yet, but it's useful for testing. - -As an example, a parameter might look like this: - -``` -/your/prefix/here/aws-k8s-1.24/x86_64/1.11.0-b530f30/image_id -``` - -Once you're satisfied with your image and parameters, you can promote the parameters to simpler names (for example, "latest") using the [instructions below](#promoting-ssm-parameters). - -Note: if you want to customize the SSM parameters that get set, you can copy and modify the existing template file, then point to your file like this: - -```shell -cargo make -e PUBLISH_SSM_TEMPLATES_PATH=/my/template/path ssm -``` - -### Making your AMIs public - -We talked about [granting AMI access](#granting-access-to-your-ami) to specific AWS accounts. -This is useful for testing, and for sharing private AMIs with specific accounts. - -If you want to make your AMIs public to the world, there's a shortcut: - -```shell -cargo make ami-public -``` - -(Later, if you need to make the AMIs private again, you can do this. - The AMIs will then only be accessible to account IDs you've specifically granted.) - -```shell -cargo make ami-private -``` - -### Promoting SSM parameters - -[Above](#making-your-amis-discoverable-with-ssm-parameters), we set SSM parameters based on our AMIs. -The SSM parameter names include version numbers, which is handy for testing, but makes them hard to find. -Once we're satisfied, we can promote the SSM parameters to simpler names. - -```shell -cargo make -e SSM_TARGET=latest promote-ssm -``` - -This will copy the fully versioned parameter from earlier, something like: - -``` -/your/prefix/here/aws-k8s-1.24/x86_64/1.11.0-b530f30/image_id -``` - -...to a simpler parameter name: - -``` -/your/prefix/here/aws-k8s-1.24/x86_64/latest/image_id -``` - -You can then use this parameter name to get the latest AMI ID. - -> Note: if you use a custom parameter template, you need to have an `{image_version}` component in the parameter name for promotion to work. -> The `SSM_TARGET` you specify above becomes the `image_version` in the template. diff --git a/PUBLISHING-VMWARE.md b/PUBLISHING-VMWARE.md deleted file mode 100644 index 4cf8aa8fb..000000000 --- a/PUBLISHING-VMWARE.md +++ /dev/null @@ -1,75 +0,0 @@ -# Publishing a Bottlerocket OVA on VMware - -This guide will walk through some VMware specific details around making your OVA available as a VM or VM template in one or more software defined datacenters. - -### Configuration details - -As mentioned in the [PUBLISHING](PUBLISHING.md) guide, the process uses a configuration file called `Infra.toml`. -For VMware, you can specify details about your various vSphere instances and datacenters in `Infra.toml`, as well as configuration that may be common between datacenters. - -It's important to note that we use [`govc`](https://github.com/vmware/govmomi/tree/master/govc) under the hood for interactions with vSphere, so at runtime **all datacenter configuration in `Infra.toml` is overridden by `GOVC_` environment variables.** -`govc` is run in a container, so you do not need to install it on your machine. -We first check for environment variables, then use `Infra.toml` for datacenter specific configuration, and finally common configuration. -The following `GOVC_` environment variables are supported: -* `GOVC_URL` -* `GOVC_DATACENTER` -* `GOVC_DATASTORE` -* `GOVC_NETWORK` -* `GOVC_FOLDER` -* `GOVC_RESOURCE_POOL` -* `GOVC_USERNAME` -* `GOVC_PASSWORD` - -Credentials for your various datacenters may be stored at `~/.config/pubsys/vsphere-credentials.toml`. -The format of the file is below; each datacenter gets its own `[datacenter.NAME]` block, where `NAME` corresponds to a datacenter name in `Infra.toml` -Similar to other datacenter configuration, at runtime we first check for the environment variables `GOVC_USERNAME` and `GOVC_PASSWORD` and use one or both of them if they are set. - -```toml -[datacenter.foo] -username = "username" -password = "password" - -[datacenter.bar] -username = "bar" -password = "baz" -``` - -### Uploading a Bottlerocket OVA - -You can specify the datacenters to which you would like to upload your OVA in `Infra.toml`. - -```toml -[vmware] -datacenters = ["foo", "bar"] -``` - -Then you can easily upload your OVA, specifying the variant you wish to upload (currently only VMware variants). - -```shell -cargo make -e BUILDSYS_VARIANT=vmware-k8s-1.24 upload-ova -``` - -If you would like to upload your OVA as a VM template, you can do this in a single step: - -```shell -cargo make -e BUILDSYS_VARIANT=vmware-k8s-1.24 vmware-template -``` - -You can override the list of datacenters to upload to by specifying `VMWARE_DATACENTERS`: - -```shell -cargo make vmware-template \ - -e BUILDSYS_VARIANT=vmware-k8s-1.24 \ - -e VMWARE_DATACENTERS="foo,bar" -``` - -If you would like to override the name of the VM, you can add on `-e VMWARE_VM_NAME=my-name`. - -You can also override the import spec used when uploading the OVA by specifying `VMWARE_IMPORT_SPEC_PATH`. -Our [import spec template](tools/pubsys/support/vmware/import_spec.template) can be used as a starting point for further customization. - -```shell -cargo make vmware-template \ - -e BUILDSYS_VARIANT=vmware-k8s-1.24 \ - -e VMWARE_IMPORT_SPEC_PATH=/path/to/my/spec.toml -``` diff --git a/PUBLISHING.md b/PUBLISHING.md deleted file mode 100644 index d80f2475b..000000000 --- a/PUBLISHING.md +++ /dev/null @@ -1,274 +0,0 @@ -# Publishing Bottlerocket - -This guide will walk you through deploying a Bottlerocket image, and if desired, sharing it with others. -It currently focuses on deploying to AWS and VMware, though the tooling is built to support other platforms in the future. - -Remember to look at the [TRADEMARKS](TRADEMARKS.md) guide to understand naming concerns. -You can pass `-e BUILDSYS_NAME=my-name` to `cargo make` commands to change the default "short" name, which is used in file and AMI names. -You can pass `-e BUILDSYS_PRETTY_NAME="My Name"` to `cargo make` commands to change the default "pretty" name, which is used in the os-release file and some menus. - -We'll assume you've been through the [BUILDING](BUILDING.md) guide to make an image. - -### Configuring the publishing process - -The publishing process uses a configuration file called `Infra.toml`. -The relevant sections of this file will be introduced as needed below. -You can also see an [example file](tools/pubsys/Infra.toml.example) where each section is commented. - -When you make your own `Infra.toml`, you put it in the root of the Bottlerocket code repo, wherever you have it checked out. -(If you want to keep it elsewhere, you can pass `-e "PUBLISH_INFRA_CONFIG_PATH=/my/path"` to subsequent `cargo make` commands.) - -Note: several commands work with AWS services, so there's some shared configuration related to AWS accounts and AWS IAM roles. -For example, you can specify a role to assume before any API calls are made, and a role to assume before any API calls in a specific region. -This can be useful if you want to use roles to control access to the accounts that own AMIs, for example. -See the commented [example Infra.toml](tools/pubsys/Infra.toml.example) for details. - -### Variants and architectures - -If you [built your image](BUILDING.md) for a different variant or architecture, you can pass the same variant and architecture arguments to any of the `cargo make` commands in this document. -For example, if you built your image like this: - -```shell -cargo make -e BUILDSYS_VARIANT=my-variant -e BUILDSYS_ARCH=my-arch -``` - -...then you can then build a repo for it like this: - -```shell -cargo make -e BUILDSYS_VARIANT=my-variant -e BUILDSYS_ARCH=my-arch repo -``` - -## Publishing your image - -For details on publishing your image on AWS or VMware, please see the respective [PUBLISHING-AWS](PUBLISHING-AWS.md) or [PUBLISHING-VMWARE](PUBLISHING-VMWARE.md) guides. - -## Build a repo - -> NOTE: If you intend to replace hosts rather than update them, you don't need to build an update repository. - -Bottlerocket uses [TUF repositories](https://theupdateframework.io/overview/) to make system updates available to hosts. -You can read more about how Bottlerocket uses TUF in the [updater README](sources/updater/README.md#tuf-and-tough). - -Initially, the repo will only contain the image you just built. -Later, when you build updates, you can [add them to the repo](#configuring-your-repo-location), which allows your hosts to update to new versions. -(If you don't have an `Infra.toml` file, it will always try to build a brand new repo.) - -### Build process - -To build a repo, run: - -```shell -cargo make repo -``` - -#### Picking a release time - -If you're preparing the release of a new version in advance (see [waves](#waves) for why you may want to) you can specify the start time for the release. -You'll need the time in ISO 8601 format. -You can use the `date` command to get the formatted time using a simple description of your desired start. -For example, if you want your release to start at 10:00 AM on Monday: - -```shell -RELEASE_START_TIME="$(date '+%Y-%m-%dT%H:%M:%S%:z' -d 'Monday 10am')" -``` - -Now we can create the repo using that time: - -```shell -cargo make -e "RELEASE_START_TIME=${RELEASE_START_TIME}" repo -``` - -### Roles and keys - -#### Background on roles and keys - -TUF repos use [signed metadata](https://theupdateframework.io/metadata/) to ensure the repo content is secure and consistent. -Bottlerocket images contain a signed root role that verifies the data in the update repo they talk to. - -If you run the `cargo make repo` command above without any configuration, it will generate a root role file and a signing key for you. - -The generated role and key are functional, but a bit basic. -There's only a single key, and a "signing threshold" of 1, meaning only 1 key needs to sign replacement keys. -For production use, you should consider having multiple root keys with a higher signing threshold. -The benefit is that if someone compromises a single root key, TUF libraries won't trust any new keys they try to issue. - -It's also a good idea to keep your key somewhere safer than your local disk. -This helps guard against loss of the key, which would leave you unable to update your repo. -We currently support storing keys in local files, in [AWS SSM Parameters](https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-parameter-store.html), and in [AWS KMS](https://aws.amazon.com/kms/). -SSM supports encrypted "SecureString" parameters for cases like this, and you can upload an existing private key into a parameter. -KMS is even stronger in that private keys can never be uploaded or read - they're held in secure hardware. - -Another improvement is to separate your root key from your "publication" key, where the publication key controls the snapshot, targets, and timestamp roles. -Those three roles are updated a lot more frequently. -The benefit is that even if the publication key is compromised, you still control the root key, and can replace the publication key. - -To use a separate publication key, you can generate two keys using [tuftool](https://github.com/awslabs/tough/tree/develop/tuftool). -Assuming you have a root.json from `tuftool root init`, you can create keys like this: - -```shell -tuftool root gen-rsa-key /path/to/root.json /path/to/my-new-root-key.pem --role root -tuftool root gen-rsa-key /path/to/root.json /path/to/my-new-publication-key.pem --role snapshot --role targets --role timestamp -``` - -If you're using keys in SSM or KMS, then you can add them to your root role with a similar command. -For example, with a KMS key, instead of `gen-rsa-key` you'd run `add-key` like this: - -```shell -tuftool root add-key /path/to/root.json aws-kms:///abc-def-123 --role root -tuftool root add-key /path/to/root.json aws-kms:///456-cba-fed --role snapshot --role targets --role timestamp -``` - -#### Role and key configuration - -You can specify your own root role and your own key in `Infra.toml`. -Root roles and keys are associated with a specific named repo. -The publishing system assumes a repo named "default", so it's easiest to get started by using that name. -(You can also pass `-e PUBLISH_REPO=myrepo` to `cargo make` commands to use a different name.) - -Here's an example repo configuration in `Infra.toml`: - -```toml -[repo.default] -root_role_url = "https://example.com/root.json" -root_role_sha512 = "0123456789abcdef" -signing_keys = { file = { path = "/home/user/key.pem" } } -``` - -If you have your own root role, you specify it by URL; this can be a `file://` URL for a local file. -You also specify the SHA512 checksum, to confirm that the file is the one you expect, in case we're downloading it from a remote URL. -There's nothing secret in a root role file, so if you have a way of storing it remotely, a URL can be more convenient. - -The `signing_keys` portion above references a local file path. -If you want to use an SSM or KMS key, you'd write it like this, instead: - -```toml -signing_keys = { kms = { key_id = "abc-def-123" } } -``` - -...or... - -```toml -signing_keys = { ssm = { parameter = "/my/parameter" } } -``` - -### Repo location - -#### Uploading your repo - -Your repo needs to be accessible to your hosts by URL. -One good place to store repos is S3; this is how Bottlerocket's official repos are stored. -(If you want, you can put a CloudFront distribution on top of this to make it accessible even more quickly around the world.) -You can also store your repo behind any HTTP server; the key part is that the repo is accessible from your host. -This could mean it's publicly accessible, or only accessible inside a VPC, or something similar. - -Let's assume you're using an S3 bucket. -You just need to sync the built repo, like this. -(If you're using a repo other than `default`, make sure you change the repo name.) - -```shell -aws s3 sync build/repos/default/latest/ s3://my-bucket/ -``` - -This syncs the metadata and targets directories of the repo into the root of your bucket. -You can also sync to a subdirectory of your bucket if desired, for example if you use the bucket for other purposes. -Just make sure you include that subdirectory in the URL in the next step. - -> Note: for production repos, it's safer to sync the targets directory before the metadata directory so that clients aren't pointed to targets they can't download yet. - -#### Configuring your repo location - -After your repo is uploaded, you can add the location into the repo configuration in your `Infra.toml`. -This will allow you to use `cargo make repo` to update your existing repo in the future, rather than creating a new one from scratch every time. -This is important so that your hosts can see all available updates in the repo, not just the latest one. - -Inside the repo section of your `Infra.toml` (for example, underneath `[repo.default]`) you'd add something like this: - -```toml -metadata_base_url = "https://example.com/" -targets_url = "https://example.com/targets/" -``` - -(You can use a `file://` URL if you want to update a repo based on one you keep locally.) - -The variant and architecture are automatically added onto the metadata URL, matching the format of the directories inside `build/repos/default/latest`. -(The targets directories is shared for all variants and architectures, since target files are prefixed with a checksum.) - -### Using your repo from a Bottlerocket host - -By default, Bottlerocket hosts talk to the project's official repos. -There are two ways to point your hosts at your own repo - at build time or at run time. - -If you're maintaining your own fork of Bottlerocket, you'd probably want to change the settings at build time, so you don't have to change settings for every host you launch. -If you're just running a few hosts, or don't want to maintain a fork, then it's easier to change settings at run time. - -To change your repo URLs at build time, you would change the `settings.updates.targets-base-url` and `metadata.settings.updates.metadata-base-url.template` settings. - -The default settings are defined in TOML files. -First, open the directory for your variant under [sources/models/src/](sources/models/src/). -Then, open the `defaults.d` directory. -Here, you can have any number of TOML files, or symlinks to shared TOML files, that define your default settings. -Later files override earlier ones. -For an example, take a look at the [aws-ecs-1 defaults](sources/models/src/aws-ecs-1/defaults.d/). - -These default settings will be applied to your hosts at startup, meaning any host you run would already know to look at your repo. -(You'll probably want to commit your changes into your fork of the repo; we're working on ways of making it easier to maintain your own model and settings without a fork.) - -The easiest way to change your repo URLs at run time is to include the settings changes in user data. -This method is covered [in README](README.md#using-user-data). -For example, if you built the `aws-k8s-1.24` variant for `x86_64` and uploaded to the public S3 bucket `my-bucket`, your URLs could look like: - -```toml -[settings.updates] -targets-base-url = "https://my-bucket.s3-us-west-2.amazonaws.com/targets/" -metadata-base-url = "https://my-bucket.s3-us-west-2.amazonaws.com/aws-k8s-1.24/x86_64/" -``` - -### Waves - -When you release a new version, you may want to make your update available to a small number of hosts in the beginning, then gradually expand. -This can help mitigate the risk of the change and give you more time to detect issues before they're widespread. - -The Bottlerocket update system uses the concept of 'waves' of updates. -For example, you can say that you want: -* one hour before updates start, so you can prepare -* 1% of hosts to get the update within 4 hours -* 5% of hosts to get the update within 1 day -* 15% of hosts to get the update within 2 days -* 40% of hosts to get the update within 4 days -* 60% of hosts to get the update within 5 days -* 90% of hosts to get the update within 6 days -* 100% of hosts to get the update after 6 days - -This provides a gradual ramp-up so you can watch the status of your deployment more easily. -And, in fact, this is the default wave policy! - -The policy above is defined in [default-waves](sources/updater/waves/default-waves.toml). -There's also an [accelerated schedule](sources/updater/waves/accelerated-waves.toml) for more urgent deployments, and an ["oh no" schedule](sources/updater/waves/ohno.toml) for emergencies. - -If you want to use a different policy, pass `-e PUBLISH_WAVE_POLICY_PATH=sources/updater/waves/chosen-policy.toml` when building your repo. -For example, to use the accelerated schedule: - -```shell -cargo make -e PUBLISH_WAVE_POLICY_PATH=sources/updater/waves/accelerated-waves.toml repo -``` - -To learn more about waves, check out the [README](sources/updater/waves). - -### Expiration policy - -Each piece of signed metadata in a TUF repo expires after a specific length of time, meaning that repos need to re-signed regularly. -This lets users know that the repo has been verified recently by the owner. - -The [default policy](tools/pubsys/policies/repo-expiration/2w-2w-1w.toml) sets the timestamp expiration relatively short, [as recommended by TUF](https://theupdateframework.io/metadata/#timestamp-metadata-timestampjson), with the snapshot and targets expirations a bit longer. -If you want to use different expiration policy, you can copy and modify the existing policy, then point to your file like this: - -```shell -cargo make -e PUBLISH_EXPIRATION_POLICY_PATH=/my/policy/path repo -``` - -**Note:** remember to update your repo before the expiration date. -If you forget, your hosts won't be able to talk to the repo until you update it. -(Don't worry, they're not lost forever.) - -Currently, to refresh an existing repo, you would use the [tuftool update](https://github.com/awslabs/tough/tree/develop/tuftool) command without specifying any new targets. -We're working on ways to make this easier, and integrated into the `cargo make` system. diff --git a/QUICKSTART-ECS.md b/QUICKSTART-ECS.md deleted file mode 100644 index b642cf5f5..000000000 --- a/QUICKSTART-ECS.md +++ /dev/null @@ -1,220 +0,0 @@ -# Using a Bottlerocket AMI with Amazon ECS - -[Amazon Elastic Container Service (Amazon ECS)](https://ecs.aws) is a highly scalable, fast container management service that makes it easy to run, stop, and manage containers on a cluster. -Your containers are defined in a task definition which you use to run individual tasks or as a service. - -This quickstart will walk through setting up an Amazon ECS cluster with Bottlerocket container instances (using the EC2 launch type). -Check out the [Amazon ECS developer guide](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/Welcome.html) for an overview of ECS. - -## Prerequisites - -Before you begin, be sure that you've completed the steps in -[Setting up with Amazon ECS](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/get-set-up-for-amazon-ecs.html) -and that your AWS user has either the [`AdministratorAccess`](https://console.aws.amazon.com/iam/home#policies/arn:aws:iam::aws:policy/AdministratorAccess) policy -or the permissions specified in the [Amazon ECS First Run Wizard Permissions](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/security_iam_id-based-policy-examples.html#first-run-permissions) IAM policy example. - -You'll also need [aws-cli](https://aws.amazon.com/cli/) set up to interact with AWS. - - -## Create a cluster - -An Amazon ECS cluster is a logical grouping of tasks, services, and container instances. -For more information about clusters, see -[Amazon ECS clusters](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/clusters.html). - -You can create a cluster with the AWS CLI as follows: - -```shell -aws ecs --region us-west-2 create-cluster --cluster-name bottlerocket -``` - -> Note: The command above and subsequent examples include the AWS region, so change it from `us-west-2` if you operate in another region. - -## Finding an AMI - -The official AMI IDs are stored in [public SSM parameters](https://docs.aws.amazon.com/systems-manager/latest/userguide/parameter-store-public-parameters.html). -The parameter names look like this: `/aws/service/bottlerocket/aws-ecs-1/x86_64/latest/image_id` - -Just change the variant (`aws-ecs-1`) and architecture (`x86_64`) to the ones you want to use. -Supported variants and architectures are described in the [README](README.md#variants). -For the purposes of SSM parameters, the valid architecture names are `x86_64` and `arm64` (also known as `aarch64`). -Also, if you know a specific Bottlerocket version you'd like to use, for example `1.0.6`, you can replace `latest` with that version. - -Bottlerocket ECS variants with NVIDIA support append `-nvidia` to the variant name. -For instance, the NVIDIA variant corresponding to `aws-ecs-2` is `aws-ecs-2-nvidia`. - -Once you have the parameter name you want to use, the easiest way to use it is to pass it directly to EC2. -Just prefix the parameter name with `resolve:ssm:` and EC2 will fetch the current value for you. -(You can also use this method for CloudFormation and other services that launch EC2 instances for you.) - -For example, to use the parameter above, you would pass this as the AMI ID in your launch request: `resolve:ssm:/aws/service/bottlerocket/aws-ecs-1/x86_64/latest/image_id` - -#### Manually querying SSM - -If you prefer to fetch the AMI ID yourself, you can use [aws-cli](https://aws.amazon.com/cli/) on the command line. -To fetch the example parameter above, for the us-west-2 region, you could run this: - -```shell -aws ssm get-parameter --region us-west-2 --name "/aws/service/bottlerocket/aws-ecs-1/x86_64/latest/image_id" --query Parameter.Value --output text -``` - -If you have `jq` installed and would like a bit more information, try this: - -```shell -aws ssm get-parameters --region us-west-2 \ - --names "/aws/service/bottlerocket/aws-ecs-1/x86_64/latest/image_id" \ - "/aws/service/bottlerocket/aws-ecs-1/x86_64/latest/image_version" \ - --output json | jq -r '.Parameters | .[] | "\(.Name): \(.Value) (updated \(.LastModifiedDate | gmtime | strftime("%c")) UTC)"' -``` - -## Launching your first instance - -In order to launch a Bottlerocket instance into your ECS cluster, you'll first need some information about the resources in your AWS account. - -### Subnet info - -You should either have a default virtual private cloud (VPC) or have already -[created a VPC](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/get-set-up-for-amazon-ecs.html#create-a-vpc) -in your account. - -To find your default VPC, run this command. -(If you use an AWS region other than "us-west-2", make sure to change that.) - -```shell -aws ec2 describe-vpcs \ - --region us-west-2 \ - --filters=Name=isDefault,Values=true \ - | jq --raw-output '.Vpcs[].VpcId' -``` - -If you want to use a different VPC you created, run this to get the ID for your VPC. -Make sure to change VPC_NAME to the name of the VPC you created. -(If you use an EC2 region other than "us-west-2", make sure to change that too.) - -```shell -aws ec2 describe-vpcs \ - --region us-west-2 \ - --filters=Name=tag:Name,Values=VPC_NAME \ - | jq --raw-output '.Vpcs[].VpcId' -``` - -Next, run this to get information about the subnets in your VPC. -It will give you a list of the subnets and tell you whether each is public or private. -Make sure to change VPC_ID to the value you received from the previous command. -(If you use an EC2 region other than "us-west-2", make sure to change that too.) - -```shell -aws ec2 describe-subnets \ - --region us-west-2 \ - --filter=Name=vpc-id,Values=VPC_ID \ - | jq '.Subnets[] | {id: .SubnetId, public: .MapPublicIpOnLaunch, az: .AvailabilityZone}' -``` - -You'll want to pick one and save it for the launch command later. - -You can choose whether you want public or private. -* Choose private for production deployments to get maximum isolation of instances. -* Choose public to more easily debug your instance. - These subnets have an Internet Gateway, so if you add a public IP address to your instance, you can talk to it. - (You can manually add an Internet Gateway to a private subnet later, so this is a reversible decision.) - -Note that if you choose to use the public subnet, you'll need your instance to have a publicly accessible IP address. -That either means adding `--associate-public-ip-address` to the launch command below, or attaching an Elastic IP address after launch. -There will be a reminder about this when we talk about the launch command. - -Finally, note that if you want to launch in a specific availability zone, make sure you pick a subnet that matches; the AZ is listed right below the public/private status. - -### IAM role - -The instance we launch needs to be associated with an IAM role that allows for communication with ECS. - -ECS provides a -[managed policy](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs_managed_policies.html#AmazonEC2ContainerServiceforEC2Role) -with all of the appropriate permissions. -If you've used ECS before, you may already have an appropriate role in your account called `ecsInstanceRole`. -If you do not, you can -[follow the instructions in the ECS Developer Guide to create a role](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/instance_IAM_role.html). - -Note down the instance role name in your account for the instructions below. - -#### Enabling SSM - -If you add SSM permissions, you can use Bottlerocket's default SSM agent to get a shell session on the instance. - -To attach the role policy for SSM permissions, run the following (replacing INSTANCE_ROLE_NAME with the name of your instance role): - -```shell -aws iam attach-role-policy \ - --role-name INSTANCE_ROLE_NAME \ - --policy-arn arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore -``` - -Next, to retrieve the instance profile name used to launch instances, run this: - -```shell -aws iam list-instance-profiles-for-role --role-name INSTANCE_ROLE_NAME --query "InstanceProfiles[*].InstanceProfileName" --output text -``` - -Note this down as the INSTANCE_PROFILE_NAME for the final launch command. - -### Connecting to your cluster - -For the instance to be able to communicate with ECS, we need to make sure to configure the instance with the name of the cluster. - -Create a file called `user-data.toml` with the following contents, where CLUSTER_NAME is the name of the cluster you created above (for example, "bottlerocket"). - -```toml -[settings.ecs] -cluster = "CLUSTER_NAME" -``` - -If you want to customize the behavior of your instance further, you can find the full set of supported settings [here](README.md#settings). - -### Launch! - -Now we can launch a Bottlerocket instance in our cluster! - -There are a few values to make sure you change in this command: -* YOUR_KEY_NAME: your SSH key pair name, as registered with EC2 -* SUBNET_ID: the subnet you selected earlier - * If you chose a public subnet, either add `--associate-public-ip-address` to the command, or attach an Elastic IP afterward. -* BOTTLEROCKET_AMI_ID: the Amazon-provided AMI ID you found above, or the ID of an AMI you registered -* user-data.toml: the path to the user data file you created earlier -* INSTANCE_PROFILE_NAME: the IAM instance profile you created, e.g. `ecsInstanceRole` - -```shell -aws ec2 run-instances --key-name YOUR_KEY_NAME \ - --subnet-id SUBNET_ID \ - --image-id BOTTLEROCKET_AMI_ID \ - --instance-type c3.large \ - --region us-west-2 \ - --tag-specifications 'ResourceType=instance,Tags=[{Key=bottlerocket,Value=quickstart}]' \ - --user-data file://user-data.toml \ - --iam-instance-profile Name=INSTANCE_PROFILE_NAME -``` - -And remember, if you used a public subnet, add `--associate-public-ip-address` or attach an Elastic IP after launch. - -Once it launches, you should be able to run tasks on your Bottlerocket instance using the ECS API and console. - - -### aws-ecs-*-nvidia variants - -The `aws-ecs-*-nvidia` variants include the required packages and configurations to leverage NVIDIA GPUs. -They come with the [NVIDIA Tesla driver](https://docs.nvidia.com/datacenter/tesla/drivers/index.html) along with the libraries required by the [CUDA toolkit](https://developer.nvidia.com/cuda-toolkit) included in your ECS tasks. -In hosts with multiple GPUs (ex. EC2 `g4dn` instances) you can assign one or multiple GPUs per container by specifying the resource requirements in your container definitions as described in the [official ECS documentation](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-gpu.html): - -```json -{ - "containerDefinitions": [ - { - "resourceRequirements" : [ - { - "type" : "GPU", - "value" : "2" - } - ] - } - ] -} -``` diff --git a/QUICKSTART-EKS.md b/QUICKSTART-EKS.md deleted file mode 100644 index cffad9b4a..000000000 --- a/QUICKSTART-EKS.md +++ /dev/null @@ -1,379 +0,0 @@ -# Using a Bottlerocket AMI with Amazon EKS - -The first release of Bottlerocket focuses on Kubernetes, in particular serving as the host OS for Kubernetes pods. - -One easy way to get started is to use Amazon EKS, a service that manages a Kubernetes control plane for you. -This document will focus on EKS to make it easy to follow a single path. -There's nothing that limits Bottlerocket to EKS or AWS, though. - -Most of this is one-time setup, and yes, we plan to automate more of it! -Once you have a cluster, you can skip to the last step, [Launch!](#launch) - -## Dependencies - -EKS has a command-line tool called `eksctl` that makes cluster setup easy. -Versions of eksctl starting with 0.15.0-rc.2 support Bottlerocket natively. -We recommend that you download the [latest version of eksctl](https://github.com/weaveworks/eksctl/releases) to get this support. - -You'll also need to [install kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/) to augment `eksctl` during setup, and to run pods afterward. - -Finally, you'll need [aws-cli](https://aws.amazon.com/cli/) set up to interact with AWS. -(You'll need a [recent v1 release](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-install.html#install-tool-bundled) with EKS support.) - -## Automated setup - -If you have a recent `eksctl`, as mentioned above, most of Bottlerocket setup for EKS is automated. - -### Cluster setup - -#### Cluster setup configuration file - -eksctl can use a configuration file to simplify setup. -We have sample configuration files in the repo: -* [`sample-eksctl.yaml`](sample-eksctl.yaml) - recommended for most setups. -* [`sample-eksctl-ssh.yaml`](sample-eksctl-ssh.yaml) - for test clusters where you know you'll want SSH access. Make sure to change the `publicKeyName` setting to the name of the SSH key pair you have registered with EC2. - -Pick the file most appropriate for you and make a copy, for example `my-eksctl.yaml`. -In this file you can change your desired numbered of nodes and even set Bottlerocket settings in advance if you like. The 'settings' section under 'bottlerocket' can include any [Bottlerocket settings](https://github.com/bottlerocket-os/bottlerocket#description-of-settings). - -Note that the configuration file includes the AWS region, so change it from `us-west-2` if you operate in another region. - -To learn more about eksctl configuration files, you can look at the [full schema](https://eksctl.io/usage/schema/) or [official examples](https://github.com/weaveworks/eksctl/tree/master/examples). - -#### Cluster creation - -You can set up a new cluster like this, pointing to the file you created in the last step: - -```shell -eksctl create cluster --config-file ./my-eksctl.yaml -``` - -This will take a few minutes to create the EKS cluster and spin up your Bottlerocket worker nodes. - -#### Optional cluster configuration - -##### CSI plugin - -If you want to create a [persistent volume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) on a Bottlerocket host, you will need to use the [EBS CSI Plugin](https://github.com/kubernetes-sigs/aws-ebs-csi-driver). -This is because the default EBS driver relies on file system tools that are not included with Bottlerocket. -A walk-through of creating a storage class using the driver is available [here](https://docs.aws.amazon.com/eks/latest/userguide/ebs-csi.html). - -##### conntrack configuration - -By default `kube-proxy` will set the `nf_conntrack_max` kernel parameter to a default value that may differ from what Bottlerocket originally sets at boot. -If you prefer to keep Bottlerocket's [default setting](packages/release/release-sysctl.conf), edit the kube-proxy configuration details with: - -```shell -kubectl edit -n kube-system daemonset kube-proxy -``` - -Add `--conntrack-max-per-core` and `--conntrack-min` to the kube-proxy arguments like so (a setting of 0 implies no change): - -```yaml - containers: - - command: - - kube-proxy - - --v=2 - - --config=/var/lib/kube-proxy-config/config - - --conntrack-max-per-core=0 - - --conntrack-min=0 - -``` - -### Done! - -Bottlerocket instances are launched in an autoscaling group, up to the number specified in your eksctl configuration file. -(You can change this number after creation by [configuring the ASG](https://console.aws.amazon.com/ec2/autoscaling/home#AutoScalingGroups:view=details), the same way you might change other ASGs.) - -The Bottlerocket instances will automatically register into the EKS cluster created by eksctl. -You can now use normal Kubernetes tools like `kubectl` to manage your cluster and the Bottlerocket nodes. - -For example, to run a simple busybox pod: -`kubectl run -i -t busybox --image=busybox --restart=Never` - -## Manual setup - -If you'd like even more control over your setup, something that eksctl can't (yet) provide, or you just want to see what's involved, you can follow these steps. - -### Finding an AMI - -The official AMI IDs are stored in [public SSM parameters](https://docs.aws.amazon.com/systems-manager/latest/userguide/parameter-store-public-parameters.html). -The parameter names look like this: `/aws/service/bottlerocket/aws-k8s-1.24/x86_64/latest/image_id` - -Just change the variant (`aws-k8s-1.24`) and architecture (`x86_64`) to the ones you want to use. -Supported variants and architectures are described in the [README](README.md#variants). -For the purposes of SSM parameters, the valid architecture names are `x86_64` and `arm64` (also known as `aarch64`). -Also, if you know a specific Bottlerocket version you'd like to use, for example `1.11.0`, you can replace `latest` with that version. - -Bottlerocket EKS variants with NVIDIA support append `-nvidia` to the variant name. -For instance, the variant for Kubernetes version 1.28 with NVIDIA support is `aws-k8s-1.28-nvidia`. - -Once you have the parameter name you want to use, the easiest way to use it is to pass it directly to EC2. -(You can also use this method for CloudFormation and other services that launch EC2 instances for you.) -Just prefix the parameter name with `resolve:ssm:` and EC2 will fetch the current value for you. - -For example, to use the parameter above, you would pass this as the AMI ID in your launch request: `resolve:ssm:/aws/service/bottlerocket/aws-k8s-1.24/x86_64/latest/image_id` - -#### Manually querying SSM - -If you prefer to fetch the AMI ID yourself, you can use [aws-cli](https://aws.amazon.com/cli/) on the command line. -To fetch the example parameter above, for the us-west-2 region, you could run this: - -```shell -aws ssm get-parameter --region us-west-2 --name "/aws/service/bottlerocket/aws-k8s-1.24/x86_64/latest/image_id" --query Parameter.Value --output text -``` - -If you have `jq` installed and would like a bit more information, try this: - -```shell -aws ssm get-parameters --region us-west-2 \ - --names "/aws/service/bottlerocket/aws-k8s-1.24/x86_64/latest/image_id" \ - "/aws/service/bottlerocket/aws-k8s-1.24/x86_64/latest/image_version" \ - --output json | jq -r '.Parameters | .[] | "\(.Name): \(.Value) (updated \(.LastModifiedDate | gmtime | strftime("%c")) UTC)"' -``` - -### Cluster setup - -*Note:* most commands will have a region argument; make sure to change it if you don't want to set up in us-west-2. -Also be aware that when operating in GovCloud the IAM ARNs will need to be updated to the following: `arn:aws-us-gov`. -For example, `arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy` must be updated to -`arn:aws-us-gov:iam::aws:policy/AmazonEKSWorkerNodePolicy`. - -You can set up a new cluster like this: - -```shell -eksctl create cluster --region us-west-2 --name bottlerocket -``` - -This will automatically add a "context" so `kubectl` knows how to interact with your cluster, and it'll set that context as your default. -You can see your contexts (clusters) using `kubectl config get-contexts` and change your current one with `kubectl config use-context 'NEW-CONTEXT-HERE'`. - -### Cluster info - -This section helps you determine some of the cluster information needed later by the instance launch command. - -#### Kubernetes cluster info - -Bottlerocket uses a TOML-formatted configuration file as user data. -This can include the configuration of the Kubernetes cluster we just created. - -Run this to generate the configuration file with the relevant cluster config, including the API endpoint and base64-encoded certificate authority. - -```shell -eksctl get cluster --region us-west-2 --name bottlerocket -o json \ - | jq --raw-output '.[] | "[settings.kubernetes]\napi-server = \"" + .Endpoint + "\"\ncluster-certificate =\"" + .CertificateAuthority.Data + "\"\ncluster-name = \"bottlerocket\""' > user-data.toml -``` - -This will save the TOML-formatted configuration data into a file named `user-data.toml`. -This will be used at the end, in the instance launch command. - -#### Subnet info - -Next, run this to get information about the subnets that eksctl created. -It will give you a list of the subnets and tell you whether each is public or private. -(If you use an EC2 region other than "us-west-2", make sure to change that.) - -```shell -aws ec2 describe-subnets \ - --subnet-ids $(eksctl get cluster --region us-west-2 --name bottlerocket -o json | jq --raw-output '.[].ResourcesVpcConfig.SubnetIds[]') \ - --region us-west-2 \ - --query "Subnets[].[SubnetId, Tags[?Key=='aws:cloudformation:logical-id'].Value]" \ - | xargs -L2 -``` - -You'll want to pick one and save it for the launch command later. - -You can choose whether you want public or private. -* Choose private for production deployments to get maximum isolation of worker nodes. -* Choose public to more easily debug your instance. These subnets have an Internet Gateway, so if you add a public IP address to your instance, you can talk to it. (You can manually add an Internet Gateway to a private subnet later, so this is a reversible decision.) - -Note that if you choose to use the public subnet, you'll need your instance to have a publicly accessible IP address. -That either means adding `--associate-public-ip-address` to the launch command below, or attaching an Elastic IP address after launch. -There will be a reminder about this when we talk about the launch command. - -Finally, note that if you want to launch in a specific availability zone, make sure you pick a subnet that matches; the AZ is listed right next to the public/private status. - -### IAM role - -The instance we launch needs to be associated with an IAM role that allows for communication with EKS and ECR. - -`eksctl` by default already creates such a role (and an instance profile that allows use of the role) as part of the cluster nodegroup. - -The ARN of the IAM role can be retrieved with: - -```shell -eksctl get iamidentitymapping --region us-west-2 --cluster bottlerocket -``` - -The output should look like this: - -``` -ARN USERNAME GROUPS -arn:aws:iam::YOUR_AWS_ACCOUNT_ID:role/INSTANCE_ROLE_NAME system:node:{{EC2PrivateDNSName}} system:bootstrappers,system:nodes -``` - -Note down the INSTANCE_ROLE_NAME for the instructions below. - -##### Enabling SSM - -If you add SSM permissions, you can use Bottlerocket's default SSM agent to get a shell session on the instance. - -To attach the role policy for SSM permissions, run the following: - -```shell -aws iam attach-role-policy \ - --role-name INSTANCE_ROLE_NAME \ - --policy-arn arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore -``` - -If you receive the following error, you need to truncate INSTANCE_ROLE_NAME to 64 characters. -(We are working on improving this.) - -``` -1 validation error detected: Value 'INSTANCE_ROLE_NAME' at 'role Name' failed to satisfy constraint: -Member must have length less than or equal to 64 -``` - -Next, to retrieve the instance profile name used to launch instances, run this: - -```shell -aws iam list-instance-profiles-for-role --role-name INSTANCE_ROLE_NAME --query "InstanceProfiles[*].InstanceProfileName" --output text -``` - -There should only be one that looks like: - -``` -eksctl-bottlerocket-nodegroup-ng-IDENTIFIER-NodeInstanceProfile-IDENTIFIER -``` - -Note this down as the `INSTANCE_PROFILE_NAME` for the final launch command. - -### kube-proxy settings - -By default `kube-proxy` will set the `nf_conntrack_max` kernel parameter to a default value that may differ from what Bottlerocket originally sets at boot. -If you prefer to keep Bottlerocket's [default setting](packages/release/release-sysctl.conf), edit the kube-proxy configuration details with: - -```shell -kubectl edit -n kube-system daemonset kube-proxy -``` - -Add `--conntrack-max-per-core` and `--conntrack-min` to the kube-proxy arguments like so (a setting of 0 implies no change): - -```yaml - containers: - - command: - - kube-proxy - - --v=2 - - --config=/var/lib/kube-proxy-config/config - - --conntrack-max-per-core=0 - - --conntrack-min=0 - -``` - -### Final launch details - -For the instance to be able to communicate with the EKS cluster control plane and other worker nodes, we need to make sure the instance is launched with the right security groups. - -Run the following command: - -```shell -aws ec2 describe-security-groups --region us-west-2 \ - --filters 'Name=tag:Name,Values=*bottlerocket*' \ - --query "SecurityGroups[*].{Name:GroupName,ID:GroupId}" -``` - -This will output several security group names and IDs. -You want to save the IDs for the `...ClusterSharedNodeSecurityGroup...` and `...nodegroup...` entries. - -Example: - -```json -[ - { - "Name": "eksctl-bottlerocket-cluster-ClusterSharedNodeSecurityGroup-IDENTIFIER", - "ID": "SECURITY_GROUP_ID_1" - }, - { - "Name": "eksctl-bottlerocket-cluster-ControlPlaneSecurityGroup-IDENTIFIER", - "ID": *ignore* - }, - { - "Name": "eksctl-bottlerocket-nodegroup-ng-IDENTIFIER-SG-IDENTIFIER", - "ID": "SECURITY_GROUP_ID_2" - } -] -``` - -If you chose a public subnet, and you plan to SSH to the instance (using the admin container), you'll also need to allow SSH traffic to your security group. -You can do that with a command like this - just make sure to insert a security group from the last command, and your source network CIDR. - -```shell -aws ec2 authorize-security-group-ingress --region us-west-2 \ - --group-id SECURITY_GROUP_ID_1 --cidr YOUR_NETWORK_CIDR \ - --protocol tcp --port 22 -``` - -If you chose a private subnet and you want to SSH in, you can do so from another instance in the same subnet and security group. - -### Launch! - -Now we can launch a Bottlerocket instance in our cluster! - -There are a few values to make sure you change in this command: -* YOUR_KEY_NAME: your SSH key pair name, as registered with EC2 -* SUBNET_ID: the subnet you selected earlier - * If you chose a public subnet, either add `--associate-public-ip-address` to the command, or attach an Elastic IP afterward. -* SECURITY_GROUP_ID_1, SECURITY_GROUP_ID_2: the two security groups you found earlier -* BOTTLEROCKET_AMI_ID: the ID of the AMI you registered, or an Amazon-provided AMI ID -* user-data.toml: the path to the user data file you created earlier -* INSTANCE_PROFILE_NAME: the instance profile created by `eksctl` for the cluster nodegroups. - -```shell -aws ec2 run-instances --key-name YOUR_KEY_NAME \ - --subnet-id SUBNET_ID \ - --security-group-ids SECURITY_GROUP_ID_1 SECURITY_GROUP_ID_2 \ - --image-id BOTTLEROCKET_AMI_ID \ - --instance-type c3.large \ - --region us-west-2 \ - --tag-specifications 'ResourceType=instance,Tags=[{Key=kubernetes.io/cluster/bottlerocket,Value=owned}]' \ - --user-data file://user-data.toml \ - --iam-instance-profile Name=INSTANCE_PROFILE_NAME -``` - -And remember, if you used a public subnet, add `--associate-public-ip-address` or attach an Elastic IP after launch. - -Once it launches, you should be able to run pods on your Bottlerocket instance using normal Kubernetes workflows. - -For example, to run busybox: -`kubectl run -i -t busybox --image=busybox --restart=Never` - -### aws-k8s-*-nvidia variants - -The `aws-k8s-*-nvidia` variants include the required packages and configurations to leverage NVIDIA GPUs. -They come with the [NVIDIA Tesla driver](https://docs.nvidia.com/datacenter/tesla/drivers/index.html) along with the libraries required by the [CUDA toolkit](https://developer.nvidia.com/cuda-toolkit) included in your orchestrated containers. -They also include the [NVIDIA k8s device plugin](https://github.com/NVIDIA/k8s-device-plugin). -If you already have a daemonset for the device plugin in your cluster, you may need to use taints and tolerations to keep it from running on Bottlerocket nodes. - -Additional NVIDIA tools such as [DCGM](https://github.com/NVIDIA/dcgm-exporter) and [GPU Feature Discovery](https://github.com/NVIDIA/gpu-feature-discovery) will work as expected. -You can install them in your cluster by following the `helm install` instructions provided for each project. - -The [GPU Operator](https://docs.nvidia.com/datacenter/cloud-native/gpu-operator/getting-started.html#install-nvidia-gpu-operator) can also be used to install these tools. -However, it is cumbersome to select the right subset of features to avoid conflicts with the software included in the variant. -Therefore we recommend installing the tools individually if they are required. - -In hosts with multiple GPUs (ex. EC2 `g4dn` instances) you can assign a GPU per container by specifying the resource in the containers' spec as described in the [official kubernetes documentation](https://kubernetes.io/docs/tasks/manage-gpus/scheduling-gpus/): - -```yaml -apiVersion: v1 -kind: Pod -metadata: - name: test -spec: - restartPolicy: OnFailure - containers: - - name: test - image: amazonlinux:2 - resources: - limits: - nvidia.com/gpu: 1 # requesting 1 GPU -``` diff --git a/QUICKSTART-LOCAL.md b/QUICKSTART-LOCAL.md deleted file mode 100644 index bdbea0a08..000000000 --- a/QUICKSTART-LOCAL.md +++ /dev/null @@ -1,170 +0,0 @@ -# Testing Bottlerocket in a local virtual machine - -This quickstart will walk through launching a Bottlerocket VM guest on a local machine using QEMU and KVM. -The VM will not join an ECS or Kubernetes cluster. -This way of running Bottlerocket is therefore best used for testing purposes when developing Bottlerocket components that do not need to integrate with any orchestrators or to just get a feel for what a Bottlerocket node looks from the inside. - - -## Prerequisites - -We assume you are following along on a machine running Fedora. -If you are using a cloud VM, ensure you can use hardware-assisted virtualization. -For example, on Amazon EC2 this requires the use of a .metal instance type. - -You need a clone of the main Bottlerocket repository and a build of the metal-dev variant. -Please refer to [`BUILDING.md`](https://github.com/bottlerocket-os/bottlerocket/blob/develop/BUILDING.md) for instructions on how to build a Bottlerocket image and ensure you pass `-e BUILDSYS_VARIANT=metal-dev` to `cargo make`. - -The use of QEMU requires extra packages which you may install using this dnf invocation: - -```shell -sudo dnf install qemu -``` - -If you'd (optionally) like to make use of the control container, you'll need an AWS account and AWS CLI. - - -## Configuring Bottlerocket - -Bottlerocket is configured [via an API](https://github.com/bottlerocket-os/bottlerocket/#using-the-api-client) or, if running in a cloud VM, [via user data](https://github.com/bottlerocket-os/bottlerocket/#using-user-data) upon boot. -For running a local VM, neither mechanism can be used to apply configuration on first boot: Bottlerocket is not yet running, making its API server unavailable, and the goal to have Bottlerocket running locally precludes use of the user data mechanism. -As an alternative, the `start-local-vm` wrapper script included in the `tools` directory of the main repository allows to inject configuration into well-known locations of the built image for Bottlerocket to find on boot. - - -### Set up networking - -The `start-local-vm` wrapper configures QEMU to provide one virtual network interface to the VM. -To enable this interface, create a file named `net.toml` containing the following TOML snippet: - -```toml -version = 1 - -[enp0s16] -dhcp4 = true -``` - -This will prompt [netdog](https://github.com/bottlerocket-os/bottlerocket/blob/develop/sources/netdog/README.md) to set up `enp0s16` as the primary network interface with IPv4 networking configured via DHCP. -No dedicated DHCP server needs to be running on the host as QEMU will act as one on the virtual network interface. -Note that for virtual machines launched with `start-local-vm`, the primary network interface will always be named `enp0s16`. -The name will differ when running on bare metal or in a cloud environment. - - -### Accessing your Bottlerocket guest via host containers - -When running a Bottlerocket development variant such as metal-dev locally, you can directly interact with the system via the serial console that `start-local-vm` connects you to. -For remote access to your running Bottlerocket VMs, you will need to provide additional configuration to enable host containers. -The Bottlerocket metal images don't include any host containers enabled by default. -But don't worry! -You can use our [admin](https://github.com/bottlerocket-os/bottlerocket-admin-container) and/or [control](https://github.com/bottlerocket-os/bottlerocket-control-container) containers, they just need to be configured first. -Information about the roles these host containers play can be found [here](https://github.com/bottlerocket-os/bottlerocket/#exploration). - - -#### Admin container - -If you would like to use the admin container, you will need to create some base64 encoded user data which will be passed to the container at runtime. -Full details are covered in the [admin container documentation](https://github.com/bottlerocket-os/bottlerocket-admin-container#authenticating-with-the-admin-container). -If we assume you have a public key at `${HOME}/.ssh/id_rsa.pub`, the below will add the correct user data to your `user-data.toml`. - -```shell -PUBKEY_FILE="${HOME}/.ssh/id_rsa.pub" -PUBKEY=$(< "${PUBKEY_FILE}") -ADMIN_USER_DATA="$(echo '{"ssh": {"authorized-keys": ["'"${PUBKEY}"'"]}}' | base64 -w 0)" - -cat <>user-data.toml -[settings.host-containers.admin] -enabled = true -superpowered = true -user-data = "${ADMIN_USER_DATA}" -source = "public.ecr.aws/bottlerocket/bottlerocket-admin:v0.11.1" -EOF -``` - - -#### Control container - -Enabling the control container is very similar to the admin container; you will create some base64 encoded user data that will be passed to the container at runtime. -This user data includes an activation ID and code retrieved from AWS SSM. -Full details can be found in the [control container documentation](https://github.com/bottlerocket-os/bottlerocket-control-container#connecting-to-aws-systems-manager-ssm). - -You'll first need an AWS account, and AWS CLI installed. -Then you'll create a service role in that account to [grant AWS STS trust to the AWS Systems Manager service](https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-service-role.html). - -```shell -cat < ssmservice-trust.json -{ - "Version": "2012-10-17", - "Statement": { - "Effect": "Allow", - "Principal": { - "Service": "ssm.amazonaws.com" - }, - "Action": "sts:AssumeRole" - } -} -EOF - -# Create the role using the above policy -aws iam create-role \ - --role-name SSMServiceRole \ - --assume-role-policy-document file://ssmservice-trust.json - -# Attach the policy enabling the role to create session tokens -aws iam attach-role-policy \ - --role-name SSMServiceRole \ - --policy-arn arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore -``` - -Once the above is created, we can use the role to create an activation code and ID. - -```shell -export SSM_ACTIVATION="$(aws ssm create-activation \ - --iam-role SSMServiceRole \ - --registration-limit 100 \ - --region us-west-2 \ - --output json)" -``` - -Using the above activation data we can create our user data to pass to the control container: - -```shell -SSM_ACTIVATION_ID="$(jq -r '.ActivationId' <<< ${SSM_ACTIVATION})" -SSM_ACTIVATION_CODE="$(jq -r '.ActivationCode' <<< ${SSM_ACTIVATION})" -CONTROL_USER_DATA="$(echo '{"ssm": {"activation-id": "'${SSM_ACTIVATION_ID}'", "activation-code": "'${SSM_ACTIVATION_CODE}'", "region": "us-west-2"}}' | base64 -w0)" - -cat <>user-data.toml -[settings.host-containers.control] -enabled = true -user-data = "${CONTROL_USER_DATA}" -source = "public.ecr.aws/bottlerocket/bottlerocket-control:v0.6.1" -EOF -``` - - -## Launch! - -We have now prepared all configuration we might need. -Assuming you are in the root of the main Bottlerocket repository, you can run - -```shell -./tools/start-local-vm --variant metal-dev --arch $(uname -m) --inject-file net.toml --inject-file user-data.toml -``` - -to start a local VM with the Bottlerocket image you built earlier. - -The `--inject-file` options add the listed files to the private partition of the image, where Bottlerocket's various services will find them on boot. -The final configuration files ending up in the image need to be named like in the examples above. -If you named yours differently, you can ensure they have the right name in the image by using a colon as the separator of local file name and file name in the image, e.g. `--inject-file admin-container-only.toml:user-data.toml`. -If you did not enable any host containers and thus have no `user-data.toml` you need to leave this option off. - -Once the VM launches, boot output will be visible in the terminal. -The `start-local-vm` script connects you to the serial console of the VM, which can also be used to interact with the system if you are running a development variant such as metal-dev. -When prompted to login, any username will do. - -The virtual serial console will capture most keyboard input, such as Ctrl-C. -If you want to terminate the VM, you can either instruct it to `systemctl poweroff` from within or exit QEMU via the Ctrl-A X shortcut. - -By default, the `start-local-vm` wrapper will forward the host's TCP port 2222 to the VM's port 22. -If you enabled the admin host container, the SSH server running in it will therefore be available by connecting to localhost's port 2222: - -```shell -ssh -p 2222 ec2-user@localhost -``` diff --git a/QUICKSTART-VMWARE.md b/QUICKSTART-VMWARE.md deleted file mode 100644 index fbba1550f..000000000 --- a/QUICKSTART-VMWARE.md +++ /dev/null @@ -1,282 +0,0 @@ -# Using Bottlerocket as a Kubernetes worker node with VMware - -This quickstart will walk through joining a Bottlerocket VM guest to an existing Kubernetes cluster running in VMware. - -## Prerequisites - -You must be able to access vSphere, via webUI or some type of client. -We will use the CLI tool [`govc`](https://github.com/vmware/govmomi/tree/master/govc) to communicate with vSphere in this guide. -`govc` can use [environment variables or take arguments](https://github.com/vmware/govmomi/tree/master/govc#usage) to specify needed parameters. -For the purposes of this guide we will assume that the following environment variables are set to the proper values in your environment: - -``` -GOVC_URL -GOVC_USERNAME -GOVC_PASSWORD -GOVC DATACENTER -GOVC_DATASTORE -GOVC_NETWORK -GOVC_RESOURCE_POOL -GOVC_FOLDER -``` - -This guide assumes you already have a functioning Kubernetes cluster running in VMware. -You'll need to have [`kubectl`](https://kubernetes.io/docs/tasks/tools/#kubectl) and [`kubeadm`](https://kubernetes.io/docs/tasks/tools/#kubeadm) installed, as well as a `kubeconfig` for your cluster. -These tools allow us to access information about your cluster to facilitate the joining of Bottlerocket nodes. - -You'll need to install [`tuftool`](https://github.com/awslabs/tough/blob/develop/tuftool/README.md) to assist you with fetching the signed Bottlerocket OVA from the Bottlerocket TUF repository. - -`jq` should also be installed. - -If you'd (optionally) like to make use of the control container, you'll need an AWS account and AWS CLI. - -## Fetch the OVA - -The Bottlerocket OVA is signed and uploaded alongside the rest of the Bottlerocket release artifacts. - -You first need the Bottlerocket root role, which is used by `tuftool` to verify the OVA. -The following will download and verify the root role itself: - -```shell -curl -O "https://cache.bottlerocket.aws/root.json" -sha512sum -c <<<"a3c58bc73999264f6f28f3ed9bfcb325a5be943a782852c7d53e803881968e0a4698bd54c2f125493f4669610a9da83a1787eb58a8303b2ee488fa2a3f7d802f root.json" -``` - -Next, set your desired version and variant, and download the OVA: - -```shell -VERSION="v1.6.1" -VARIANT="vmware-k8s-1.24" -OVA="bottlerocket-${VARIANT}-x86_64-${VERSION}.ova" -OUTDIR="${VARIANT}-${VERSION}" - -tuftool download "${OUTDIR}" --target-name "${OVA}" \ - --root ./root.json \ - --metadata-url "https://updates.bottlerocket.aws/2020-07-07/${VARIANT}/x86_64/" \ - --targets-url "https://updates.bottlerocket.aws/targets/" -``` - -## Upload the OVA - -Once you have downloaded the OVA, you can upload it to vSphere. - -The first command generates a spec file (`bottlerocket_spec.json` in this case) using the OVA and gives you few options for your deployment. - -```shell -govc import.spec "${OUTDIR}/${OVA}" > bottlerocket_spec.json -``` - -The spec will look similar to this: - -```json -{ - "DiskProvisioning": "flat", - "IPAllocationPolicy": "dhcpPolicy", - "IPProtocol": "IPv4", - "NetworkMapping": [ - { - "Name": "VM Network", - "Network": "" - } - ], - "MarkAsTemplate": false, - "PowerOn": false, - "InjectOvfEnv": false, - "WaitForIP": false, - "Name": null -} -``` - -We will use `$GOVC_NETWORK` to populate the value for `Network` in the file and use it to upload the OVA! - -```shell -VM_NAME="bottlerocket-quickstart-${VERSION}" - -jq --arg network "${GOVC_NETWORK}" \ - '.NetworkMapping[].Network = $network' \ - bottlerocket_spec.json > bottlerocket_spec_edit.json - -govc import.ova -options=bottlerocket_spec_edit.json -name="${VM_NAME}" "${OUTDIR}/${OVA}" -``` - -Since we intend to run multiple identical VMs, let's mark the OVA you just uploaded as a template. -You can think of a template as a "golden" image, allowing you to create many VMs without affecting the "golden" image. - -```shell -govc vm.markastemplate "${VM_NAME}" -``` - -Let's create 3 Bottlerocket VMs using the template. -The following will clone from the template, but leave the VMs turned off since we still need to set user data. - -```shell -for node in 1 2 3; do - govc vm.clone -vm "${VM_NAME}" -on=false "${VM_NAME}-${node}" -done -``` - -## Gathering cluster info - -This section will help you gather cluster information needed to configure Bottlerocket via user data. -The below commands assume a single cluster. - -#### API Server -This is the address (including port) of the control plane. - -```shell -export API_SERVER="$(kubectl config view -o jsonpath='{.clusters[0].cluster.server}')" -``` - -#### Cluster DNS IP -This is the IP address of the DNS pod/service. - -```shell -export CLUSTER_DNS_IP="$(kubectl -n kube-system get svc -l k8s-app=kube-dns -o=jsonpath='{.items[0].spec.clusterIP}')" -``` - -#### Bootstrap token -Nodes require a token to establish trust between the node and the control plane. -Tokens must be [used within 24 hours](https://kubernetes.io/docs/reference/setup-tools/kubeadm/kubeadm-token/), but once the node has booted and registered with the cluster, it isn't used again. - -```shell -export BOOTSTRAP_TOKEN="$(kubeadm token create)" -``` - -#### Cluster Certificate -This is the base64 encoded cluster certificate authority. - -```shell -export CLUSTER_CERTIFICATE="$(kubectl config view --raw -o=jsonpath='{.clusters[0].cluster.certificate-authority-data}')" -``` - -## Configuring Bottlerocket - -In order to join Bottlerocket to your cluster, it must be configured via user data. -There are multiple methods of passing user data to Bottlerocket in VMware; we will demonstrate all of them. - -Create a file called `user-data.toml` and populate it with the values you just retrieved. - -```shell -cat < user-data.toml -[settings.kubernetes] -api-server = "${API_SERVER}" -cluster-dns-ip = "${CLUSTER_DNS_IP}" -bootstrap-token = "${BOOTSTRAP_TOKEN}" -cluster-certificate = "${CLUSTER_CERTIFICATE}" -EOF -``` - -### Accessing your Bottlerocket guest via host containers -For remote access to your running Bottlerocket VMs, you will need to add additional user data to enable host containers. -The Bottlerocket VMware images don't include any host containers enabled by default. -But don't worry! -You can use our [admin](https://github.com/bottlerocket-os/bottlerocket-admin-container) and/or [control](https://github.com/bottlerocket-os/bottlerocket-control-container) containers, they just need to be configured first. - -#### Admin container -If you would like to use the admin container, you will need to create some base64 encoded user data which will be passed to the container at runtime. -Full details are covered in the [admin container documentation](https://github.com/bottlerocket-os/bottlerocket-admin-container#authenticating-with-the-admin-container). -If we assume you have a public key at `${HOME}/.ssh/id_rsa.pub`, the below will add the correct user data to your `user-data.toml`. - -```shell -PUBKEY="${HOME}/.ssh/id_rsa.pub" -ADMIN_USER_DATA="$(echo '{"ssh":{"authorized-keys":["'"$(cat ${PUBKEY})"'"]}}' | base64 -w 0)" - -cat <>user-data.toml -[settings.host-containers.admin] -enabled = true -user-data = "${ADMIN_USER_DATA}" -EOF -``` - -#### Control container -Enabling the control container is very similar to the admin container; you will create some base64 encoded user data that will be passed to the container at runtime. -This user data includes an activation ID and code retrieved from AWS SSM. -Full details can be found in the [control container documentation](https://github.com/bottlerocket-os/bottlerocket-control-container#connecting-to-aws-systems-manager-ssm). - -You'll first need an AWS account, and AWS CLI installed. -Then you'll create a service role in that account to [grant AWS STS trust to the AWS Systems Manager service](https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-service-role.html). - -```shell -cat < ssmservice-trust.json -{ - "Version": "2012-10-17", - "Statement": { - "Effect": "Allow", - "Principal": { - "Service": "ssm.amazonaws.com" - }, - "Action": "sts:AssumeRole" - } -} -EOF - -# Create the role using the above policy -aws iam create-role \ - --role-name SSMServiceRole \ - --assume-role-policy-document file://ssmservice-trust.json - -# Attach the policy enabling the role to create session tokens -aws iam attach-role-policy \ - --role-name SSMServiceRole \ - --policy-arn arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore -``` - -Once the above is created, we can use the role to create an activation code and ID. - -```shell -export SSM_ACTIVATION="$(aws ssm create-activation \ - --iam-role SSMServiceRole \ - --registration-limit 100 \ - --region us-west-2 \ - --output json)" -``` - -Using the above activation data we can create our user data to pass to the control container: - -```shell -SSM_ACTIVATION_ID="$(jq -r '.ActivationId' <<< ${SSM_ACTIVATION})" -SSM_ACTIVATION_CODE="$(jq -r '.ActivationCode' <<< ${SSM_ACTIVATION})" -CONTROL_USER_DATA="$(echo '{"ssm":{"activation-id":"'${SSM_ACTIVATION_ID}'","activation-code":"'${SSM_ACTIVATION_CODE}'","region":"us-west-2"}}' | base64 -w0)" - -cat <>user-data.toml -[settings.host-containers.control] -enabled = true -user-data = "${CONTROL_USER_DATA}" -EOF -``` - -### Setting user data via "guestinfo" interface -**Note: You must set these values before you start the VM for the first time!** - -VMware allows you to set some extended attributes of your VM, which your VM can then access via a "guestinfo" interface. -These extended attributes are `guestinfo.userdata` and `guestinfo.userdata.encoding`. - -`guestinfo.userdata` may be passed as base64, gzipped base64, or (least desirable) raw TOML. -Valid values for `guestinfo.userdata.encoding` are: `base64`, `b64`, `gzip+base64`, and `gz+b64`. - -Given the above file `user-data.toml`, base64 encode and set user data for your VM: -```shell -export BR_USERDATA=$(base64 -w0 user-data.toml) - -for node in 1 2 3; do - govc vm.change -vm "${VM_NAME}-${node}" \ - -e guestinfo.userdata="${BR_USERDATA}" \ - -e guestinfo.userdata.encoding="base64" -done -``` - -You can check that your user data was set; using node "1" as an example below: -```shell -govc vm.info -e -r -t "${VM_NAME}-1" -``` - -## Launch! -Once you've created your user data and given your VM a way to access it via guestinfo, you can launch all 3 Bottlerocket VMs in your cluster! -```shell -for node in 1 2 3; do - govc vm.power -on "${VM_NAME}-${node}" -done -``` - -Once it launches, you should be able to use your Bottlerocket instance using normal Kubernetes workflows. -All boot output should be visible in the vSphere console if you need to troubleshoot. diff --git a/README.md b/README.md deleted file mode 100644 index 7d347e5d9..000000000 --- a/README.md +++ /dev/null @@ -1,616 +0,0 @@ -# Bottlerocket OS - -Welcome to Bottlerocket! - -Bottlerocket is a free and open-source Linux-based operating system meant for hosting containers. - -To learn more about Bottlerocket, visit the [official Bottlerocket website and documentation](https://bottlerocket.dev/). -Otherwise, if you’re ready to jump right in, read one of our setup guides for running Bottlerocket in [Amazon EKS](QUICKSTART-EKS.md), [Amazon ECS](QUICKSTART-ECS.md), or [VMware](QUICKSTART-VMWARE.md). -If you're interested in running Bottlerocket on bare metal servers, please refer to the [provisioning guide](PROVISIONING-METAL.md) to get started. - -Bottlerocket focuses on security and maintainability, providing a reliable, consistent, and safe platform for container-based workloads. -This is a reflection of what we've learned building operating systems and services at Amazon. -You can read more about what drives us in [our charter](CHARTER.md). - -The base operating system has just what you need to run containers reliably, and is built with standard open-source components. -Bottlerocket-specific additions focus on reliable updates and on the API. -Instead of making configuration changes manually, you can change settings with an API call, and these changes are automatically migrated through updates. - -Some notable features include: - -* [API access](#api) for configuring your system, with secure out-of-band [access methods](#exploration) when you need them. -* [Updates](#updates) based on partition flips, for fast and reliable system updates. -* [Modeled configuration](#settings) that's automatically migrated through updates. -* [Security](#security) as a top priority. - -## Participate in the Community - -There are many ways to take part in the Bottlerocket community: - -- [Join us on Meetup](https://www.meetup.com/bottlerocket-community/) to hear about the latest Bottlerocket (virtual/in-person) events and community meetings. - Community meetings are typically every other week. - - Details can be found under the [Events section on Meetup](https://www.meetup.com/bottlerocket-community/events/), and you will receive email notifications if you become a member of the Meetup group. (It's free to join!) - -- [Start or join a discussion](https://github.com/bottlerocket-os/bottlerocket/discussions) if you have questions about Bottlerocket. -- If you're interested in contributing, thank you! - Please see our [contributor's guide](CONTRIBUTING.md). - -## Contact us - -If you find a security issue, please [contact our security team](https://github.com/bottlerocket-os/bottlerocket/security/policy) rather than opening an issue. - -We use GitHub issues to track other bug reports and feature requests. -You can look at [existing issues](https://github.com/bottlerocket-os/bottlerocket/issues) to see whether your concern is already known. - -If not, you can select from a few templates and get some guidance on the type of information that would be most helpful. -[Contact us with a new issue here.](https://github.com/bottlerocket-os/bottlerocket/issues/new/choose) - -We don't have other communication channels set up quite yet, but don't worry about making an issue or a discussion thread! -You can let us know about things that seem difficult, or even ways you might like to help. - -## Variants - -To start, we're focusing on the use of Bottlerocket as a host OS in AWS EKS Kubernetes clusters and Amazon ECS clusters. -We’re excited to get early feedback and to continue working on more use cases! - -Bottlerocket is architected such that different cloud environments and container orchestrators can be supported in the future. -A build of Bottlerocket that supports different features or integration characteristics is known as a 'variant'. -The artifacts of a build will include the architecture and variant name. -For example, an `x86_64` build of the `aws-k8s-1.24` variant will produce an image named `bottlerocket-aws-k8s-1.24-x86_64--.img`. - -The following variants support EKS, as described above: - -* `aws-k8s-1.23` -* `aws-k8s-1.24` -* `aws-k8s-1.25` -* `aws-k8s-1.26` -* `aws-k8s-1.27` -* `aws-k8s-1.28` -* `aws-k8s-1.29` -* `aws-k8s-1.30` -* `aws-k8s-1.23-nvidia` -* `aws-k8s-1.24-nvidia` -* `aws-k8s-1.25-nvidia` -* `aws-k8s-1.26-nvidia` -* `aws-k8s-1.27-nvidia` -* `aws-k8s-1.28-nvidia` -* `aws-k8s-1.29-nvidia` -* `aws-k8s-1.30-nvidia` - -The following variants support ECS: - -* `aws-ecs-1` -* `aws-ecs-1-nvidia` -* `aws-ecs-2` -* `aws-ecs-2-nvidia` - -We also have variants that are designed to be Kubernetes worker nodes in VMware: - -* `vmware-k8s-1.27` -* `vmware-k8s-1.28` -* `vmware-k8s-1.29` -* `vmware-k8s-1.30` - -The following variants are designed to be Kubernetes worker nodes on bare metal: - -* `metal-k8s-1.27` -* `metal-k8s-1.28` -* `metal-k8s-1.29` - -The following variants are no longer supported: - -* All Kubernetes variants using Kubernetes 1.22 and earlier -* Bare metal and VMware variants using Kubernetes 1.26 and earlier - -We recommend users replace nodes running these variants with the [latest variant compatible with their cluster](variants/). - -## Architectures - -Our supported architectures include `x86_64` and `aarch64` (written as `arm64` in some contexts). - -## Setup - -:walking: :running: - -Bottlerocket is best used with a container orchestrator. -To get started with Kubernetes in Amazon EKS, please see [QUICKSTART-EKS](QUICKSTART-EKS.md). -To get started with Kubernetes in VMware, please see [QUICKSTART-VMWARE](QUICKSTART-VMWARE.md). -To get started with Amazon ECS, please see [QUICKSTART-ECS](QUICKSTART-ECS.md). -These guides describe: - -* how to set up a cluster with the orchestrator, so your Bottlerocket instance can run containers -* how to launch a Bottlerocket instance in EC2 or VMware - -To see how to provision Bottlerocket on bare metal, see [PROVISIONING-METAL](PROVISIONING-METAL.md). - -To build your own Bottlerocket images, please see [BUILDING](BUILDING.md). -It describes: - -* how to build an image -* how to register an EC2 AMI from an image - -To publish your built Bottlerocket images, please see [PUBLISHING](PUBLISHING.md). -It describes: - -* how to make TUF repos including your image -* how to copy your AMI across regions -* how to mark your AMIs public or grant access to specific accounts -* how to make your AMIs discoverable using [SSM parameters](https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-parameter-store.html) - -## Exploration - -To improve security, there's no SSH server in a Bottlerocket image, and not even a shell. - -Don't panic! - -There are a couple out-of-band access methods you can use to explore Bottlerocket like you would a typical Linux system. -Either option will give you a shell within Bottlerocket. -From there, you can [change settings](#settings), manually [update Bottlerocket](#updates), debug problems, and generally explore. - -**Note:** These methods require that your instance has permission to access the ECR repository where these containers live; the appropriate policy to add to your instance's IAM role is `AmazonEC2ContainerRegistryReadOnly`. - -### Control container - -Bottlerocket has a ["control" container](https://github.com/bottlerocket-os/bottlerocket-control-container), enabled by default, that runs outside of the orchestrator in a separate instance of containerd. -This container runs the [AWS SSM agent](https://github.com/aws/amazon-ssm-agent) that lets you run commands, or start shell sessions, on Bottlerocket instances in EC2. -(You can easily replace this control container with your own just by changing the URI; see [Settings](#settings).) - -In AWS, you need to give your instance the SSM role for this to work; see the [setup guide](QUICKSTART-EKS.md#enabling-ssm). -Outside of AWS, you can use [AWS Systems Manager for hybrid environments](https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-managedinstances.html). -There's more detail about hybrid environments in the [control container documentation](https://github.com/bottlerocket-os/bottlerocket-control-container/#connecting-to-aws-systems-manager-ssm). - -Once the instance is started, you can start a session: - -* Go to AWS SSM's [Session Manager](https://console.aws.amazon.com/systems-manager/session-manager/sessions) -* Select "Start session" and choose your Bottlerocket instance -* Select "Start session" again to get a shell - -If you prefer a command-line tool, you can start a session with a recent [AWS CLI](https://aws.amazon.com/cli/) and the [session-manager-plugin](https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-working-with-install-plugin.html). -Then you'd be able to start a session using only your instance ID, like this: - -```shell -aws ssm start-session --target INSTANCE_ID -``` - -With the [default control container](https://github.com/bottlerocket-os/bottlerocket-control-container), you can make [API calls](#api) to configure and manage your Bottlerocket host. -To do even more, read the next section about the [admin container](#admin-container). -You can access the admin container from the control container like this: - -```shell -enter-admin-container -``` - -### Admin container - -Bottlerocket has an [administrative container](https://github.com/bottlerocket-os/bottlerocket-admin-container), disabled by default, that runs outside of the orchestrator in a separate instance of containerd. -This container has an SSH server that lets you log in as `ec2-user` using your EC2-registered SSH key. -Outside of AWS, you can [pass in your own SSH keys](https://github.com/bottlerocket-os/bottlerocket-admin-container#authenticating-with-the-admin-container). -(You can easily replace this admin container with your own just by changing the URI; see [Settings](#settings). - -To enable the container, you can change the setting in user data when starting Bottlerocket, for example EC2 instance user data: - -```toml -[settings.host-containers.admin] -enabled = true -``` - -If Bottlerocket is already running, you can enable the admin container from the default [control container](#control-container) like this: - -```shell -enable-admin-container -``` - -Or you can start an interactive session immediately like this: - -```shell -enter-admin-container -``` - -If you're using a custom control container, or want to make the API calls directly, you can enable the admin container like this instead: - -```shell -apiclient set host-containers.admin.enabled=true -``` - -Once you've enabled the admin container, you can either access it through SSH or execute commands from the control container like this: - -```shell -apiclient exec admin bash -``` - -Once you're in the admin container, you can run `sheltie` to get a full root shell in the Bottlerocket host. -Be careful; while you can inspect and change even more as root, Bottlerocket's filesystem and dm-verity setup will prevent most changes from persisting over a restart - see [Security](#security). - -## Updates - -Rather than a package manager that updates individual pieces of software, Bottlerocket downloads a full filesystem image and reboots into it. -It can automatically roll back if boot failures occur, and workload failures can trigger manual rollbacks. - -The update process uses images secured by [TUF](https://theupdateframework.github.io/). -For more details, see the [update system documentation](sources/updater/). - -### Update methods - -There are several ways of updating your Bottlerocket hosts. -We provide tools for automatically updating hosts, as well as an API for direct control of updates. - -#### Automated updates - -For EKS variants of Bottlerocket, we recommend using the [Bottlerocket update operator](https://github.com/bottlerocket-os/bottlerocket-update-operator) for automated updates. - -For the ECS variant of Bottlerocket, we recommend using the [Bottlerocket ECS updater](https://github.com/bottlerocket-os/bottlerocket-ecs-updater/) for automated updates. - -#### Update API - -The [Bottlerocket API](#api) includes methods for checking and starting system updates. -You can read more about the update APIs in our [update system documentation](sources/updater/README.md#update-api). - -apiclient knows how to handle those update APIs for you, and you can run it from the [control](#control-container) or [admin](#admin-container) containers. - -To see what updates are available: - -```shell -apiclient update check -``` - -If an update is available, it will show up in the `chosen_update` field. -The `available_updates` field will show the full list of available versions, including older versions, because Bottlerocket supports safely rolling back. - -To apply the latest update: - -```shell -apiclient update apply -``` - -The next time you reboot, you'll start up in the new version, and system configuration will be automatically [migrated](sources/api/migration/). -To reboot right away: - -```shell -apiclient reboot -``` - -If you're confident about updating, the `apiclient update apply` command has `--check` and `--reboot` flags to combine the above actions, so you can accomplish all of the above steps like this: - -```shell -apiclient update apply --check --reboot -``` - -See the [apiclient documentation](sources/api/apiclient/) for more details. - -### Update rollback - -The system will automatically roll back if it's unable to boot. -If the update is not functional for a given container workload, you can do a manual rollback: - -```shell -signpost rollback-to-inactive -reboot -``` - -This doesn't require any external communication, so it's quicker than `apiclient`, and it's made to be as reliable as possible. - -## Settings - -Here we'll describe the settings you can configure on your Bottlerocket instance, and how to do it. - -(API endpoints are defined in our [OpenAPI spec](sources/api/openapi.yaml) if you want more detail.) - -### Interacting with settings - -#### Using the API client - -You can see the current settings with an API request: - -```shell -apiclient get settings -``` - -This will return all of the current settings in JSON format. -For example, here's an abbreviated response: - -```json -{"motd": "...", {"kubernetes": {}}} -``` - -You can change settings like this: - -```shell -apiclient set motd="hi there" kubernetes.node-labels.environment=test -``` - -You can also use a JSON input mode to help change many related settings at once, and a "raw" mode if you want more control over how the settings are committed and applied to the system. -See the [apiclient README](sources/api/apiclient/) for details. - -#### Using user data - -If you know what settings you want to change when you start your Bottlerocket instance, you can send them in the user data. - -In user data, we structure the settings in TOML form to make things a bit simpler. -Here's the user data to change the message of the day setting, as we did in the last section: - -```toml -[settings] -motd = "my own value!" -``` - -If your user data is over the size limit of the platform (e.g. 16KiB for EC2) you can compress the contents with gzip. -(With [aws-cli](https://aws.amazon.com/cli/), you can use `--user-data fileb:///path/to/gz-file` to pass binary data.) - -### Description of settings - -Here we'll describe each setting you can change. - -**Note:** You can see the default values (for any settings that are not generated at runtime) by looking in the `defaults.d` directory for a variant, for example [aws-ecs-2](sources/models/src/aws-ecs-2/defaults.d/). - -When you're sending settings to the API, or receiving settings from the API, they're in a structured JSON format. -This allows modification of any number of keys at once. -It also lets us ensure that they fit the definition of the Bottlerocket data model - requests with invalid settings won't even parse correctly, helping ensure safety. - -Here, however, we'll use the shortcut "dotted key" syntax for referring to keys. -This is used in some API endpoints with less-structured requests or responses. -It's also more compact for our needs here. - -In this format, "settings.kubernetes.cluster-name" refers to the same key as in the JSON `{"settings": {"kubernetes": {"cluster-name": "value"}}}`. - -**NOTE:** [bottlerocket.dev](https://bottlerocket.dev/en/os/latest/#/api/settings/) now contains a complete, versioned setting reference. -This documents retains the headings below for existing link and bookmark compatability. -Please update your bookmarks and check out [bottlerocket.dev](https://bottlerocket.dev/) for future updates to the setting reference. - -#### Top-level settings - -See the [`settings.motd` reference](https://bottlerocket.dev/en/os/latest/#/api/settings/motd/). - -#### Kubernetes settings - -See the [`settings.kubernetes.*` reference](https://bottlerocket.dev/en/os/latest/#/api/settings/kubernetes/). - -#### Amazon ECS settings - -See the [`settings.ecs.*` reference](https://bottlerocket.dev/en/os/latest/#/api/settings/ecs/). - -#### CloudFormation signal helper settings - -See the [`settings.cloudformation.*` reference](https://bottlerocket.dev/en/os/latest/#/api/settings/cloudformation/). - -#### Auto Scaling group settings - -See the [`settings.autoscaling.*` reference](https://bottlerocket.dev/en/os/latest/#/api/settings/autoscaling/). - -#### OCI Hooks settings - -See the [`settings.oci-hooks.*` reference](https://bottlerocket.dev/en/os/latest/#/api/settings/oci-hooks/). - -#### OCI Defaults settings - -See the [`settings.oci-defaults.*` reference](https://bottlerocket.dev/en/os/latest/#/api/settings/oci-defaults/). - -##### OCI Defaults: Capabilities - -See the ["Capabilities Settings" section in the `settings.oci-defaults.*` reference](https://bottlerocket.dev/en/os/latest/#/api/settings/oci-defaults/). - -##### OCI Defaults: Resource Limits - -See the ["Resource Limits Settings" section in the `settings.oci-defaults.*` reference](https://bottlerocket.dev/en/os/latest/#/api/settings/oci-defaults/). - -#### Container image registry settings - -See the [`settings.container-registry.*` reference](https://bottlerocket.dev/en/os/latest/#/api/settings/container-registry/). - -#### Container runtime settings - -See the [`settings.container-runtime.*` reference](https://bottlerocket.dev/en/os/latest/#/api/settings/container-runtime/). - -#### Updates settings - -See the [`settings.updates.*` reference](https://bottlerocket.dev/en/os/latest/#/api/settings/updates/). - -#### Network settings - -See the [`settings.network.*` reference](https://bottlerocket.dev/en/os/latest/#/api/settings/network/). - -##### Proxy settings - -See the ["Proxy Settings" section in the `settings.networks.*` reference](https://bottlerocket.dev/en/os/latest/#/api/settings/network/). - -#### Metrics settings - -See the [`settings.metrics.*` reference](https://bottlerocket.dev/en/os/latest/#/api/settings/metrics/). - -#### Time settings - -See the [`settings.ntp.*` reference](https://bottlerocket.dev/en/os/latest/#/api/settings/ntp/). - -#### Kernel settings - -See the [`settings.kernel.*` reference](https://bottlerocket.dev/en/os/latest/#/api/settings/kernel/). - -#### Boot-related settings - -See the [`settings.boot.*` reference](https://bottlerocket.dev/en/os/latest/#/api/settings/boot/). - -#### Custom CA certificates settings - -See the [`settings.pki.*` reference](https://bottlerocket.dev/en/os/latest/#/api/settings/pki/). - -#### Host containers settings - -See the [`settings.host-containers.*` reference](https://bottlerocket.dev/en/os/latest/#/api/settings/host-containers/). - -##### Custom host containers - -See the [Host Containers documentation](https://bottlerocket.dev/en/os/latest/#/concepts/host-containers/). - -#### Bootstrap containers settings - -See the [`settings.bootstrap-containers.*` reference](https://bottlerocket.dev/en/os/latest/#/api/settings/bootstrap-containers/) as well as the [Bootstrap Containers documentation](https://bottlerocket.dev/en/os/latest/#/concepts/bootstrap-containers/) - -##### Mount propagations in bootstrap and superpowered containers - -Both bootstrap and superpowered host containers are configured with the `/.bottlerocket/rootfs/mnt` bind mount that points to `/mnt` in the host, which itself is a bind mount of `/local/mnt`. -This bind mount is set up with shared propagations, so any new mount point created underneath `/.bottlerocket/rootfs/mnt` in any bootstrap or superpowered host container will propagate across mount namespaces. -You can use this feature to configure ephemeral disks attached to your hosts that you may want to use on your workloads. - -#### Platform-specific settings - -Platform-specific settings are automatically set at boot time by [early-boot-config](sources/api/early-boot-config) based on metadata available on the running platform. -They can be overridden for testing purposes in [the same way as other settings](#interacting-with-settings). - -##### AWS-specific settings - -See the [`settings.aws.*` reference](https://bottlerocket.dev/en/os/latest/#/api/settings/aws/). - -### Logs - -You can use `logdog` through the [admin container](#admin-container) to obtain an archive of log files from your Bottlerocket host. - -For a list of what is collected, see the logdog [command list](sources/logdog/src/log_request.rs). - -#### Generating logs - -SSH to the Bottlerocket host or `apiclient exec admin bash` to access the admin container, then run: - -```shell -sudo sheltie -logdog -``` - -This will write an archive of the logs to `/var/log/support/bottlerocket-logs.tar.gz`. -This archive is accessible from host containers at `/.bottlerocket/support`. - -#### Fetching logs - -There are multiple methods to retrieve the generated log archive. - -- **Via SSH if already enabled** - - Once you have exited from the Bottlerocket host, run a command like: - - ```shell - ssh -i YOUR_KEY_FILE \ - ec2-user@YOUR_HOST \ - "cat /.bottlerocket/support/bottlerocket-logs.tar.gz" > bottlerocket-logs.tar.gz - ``` - -- **With `kubectl get` if running Kubernetes** - - ```shell - kubectl get --raw \ - "/api/v1/nodes/NODE_NAME/proxy/logs/support/bottlerocket-logs.tar.gz" > bottlerocket-logs.tar.gz - ``` - -- **Using [SSH over SSM](https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-getting-started-enable-ssh-connections.html) if your instance isn't accessible through SSH or Kubernetes** - -### Kdump Support - -Bottlerocket provides support to collect kernel crash dumps whenever the system kernel panics. -Once this happens, both the dmesg log and vmcore dump are stored at `/var/log/kdump`, and the system reboots. - -There are a few important caveats about the provided kdump support: - -* Currently, only vmware variants have kdump support enabled -* The system kernel will reserve 256MB for the crash kernel, only when the host has at least 2GB of memory; the reserved space won't be available for processes running in the host -* The crash kernel will only be loaded when the `crashkernel` parameter is present in the kernel's cmdline and if there is memory reserved for it - -### NVIDIA GPUs Support - -Bottlerocket's `nvidia` variants include the required packages and configurations to leverage NVIDIA GPUs. -Currently, the following NVIDIA driver versions are supported in Bottlerocket: - -* 470.X -* 515.X - -The official AMIs for these variants can be used with EC2 GPU-equipped instance types such as: `p2`, `p3`, `p4`, `g3`, `g4dn`, `g5` and `g5g`. -Note that older instance types, such as `p2`, are not supported by NVIDIA driver `515.X` and above. -You need to make sure you select the appropriate AMI depending on the instance type you are planning to use. -Please see [QUICKSTART-EKS](QUICKSTART-EKS.md#aws-k8s--nvidia-variants) for further details about Kubernetes variants, and [QUICKSTART-ECS](QUICKSTART-ECS.md#aws-ecs--nvidia-variants) for ECS variants. - -## Details - -### Security - -:shield: :crab: - -To learn more about security features in Bottlerocket, please see [SECURITY FEATURES](SECURITY_FEATURES.md). -It describes how we use features like [dm-verity](https://gitlab.com/cryptsetup/cryptsetup/wikis/DMVerity) and [SELinux](https://selinuxproject.org/) to protect the system from security threats. - -To learn more about security recommendations for Bottlerocket, please see [SECURITY GUIDANCE](SECURITY_GUIDANCE.md). -It documents additional steps you can take to secure the OS, and includes resources such as a [Pod Security Policy](https://kubernetes.io/docs/concepts/policy/pod-security-policy/) for your reference. - -In addition, almost all first-party components are written in [Rust](https://www.rust-lang.org/). -Rust eliminates some classes of memory safety issues, and encourages design patterns that help security. - -### Packaging - -Bottlerocket is built from source using a container toolchain. -We use RPM package definitions to build and install individual packages into an image. -RPM itself is not in the image - it's just a common and convenient package definition format. - -We currently package the following major third-party components: - -* Linux kernel ([background](https://en.wikipedia.org/wiki/Linux), [5.10 packaging](packages/kernel-5.10/), [5.15 packaging](packages/kernel-5.15/)) -* glibc ([background](https://www.gnu.org/software/libc/), [packaging](packages/glibc/)) -* Buildroot as build toolchain ([background](https://buildroot.org/), via the [SDK](https://github.com/bottlerocket-os/bottlerocket-sdk)) -* GRUB, with patches for partition flip updates ([background](https://www.gnu.org/software/grub/), [packaging](packages/grub/)) -* systemd as init ([background](https://en.wikipedia.org/wiki/Systemd), [packaging](packages/systemd/)) -* wicked for networking ([background](https://github.com/openSUSE/wicked), [packaging](packages/wicked/)) -* containerd ([background](https://containerd.io/), [packaging](packages/containerd/)) -* Kubernetes ([background](https://kubernetes.io/), [packaging](packages/kubernetes-1.24/)) -* aws-iam-authenticator ([background](https://github.com/kubernetes-sigs/aws-iam-authenticator), [packaging](packages/aws-iam-authenticator/)) -* Amazon ECS agent ([background](https://github.com/aws/amazon-ecs-agent), [packaging](packages/ecs-agent/)) - -For further documentation or to see the rest of the packages, see the [packaging directory](packages/). - -### Updates - -The Bottlerocket image has two identical sets of partitions, A and B. -When updating Bottlerocket, the partition table is updated to point from set A to set B, or vice versa. - -We also track successful boots, and if there are failures it will automatically revert back to the prior working partition set. - -The update process uses images secured by [TUF](https://theupdateframework.github.io/). -For more details, see the [update system documentation](sources/updater/). - -### API - -There are two main ways you'd interact with a production Bottlerocket instance. -(There are a couple more [exploration](#exploration) methods above for test instances.) - -The first method is through a container orchestrator, for when you want to run or manage containers. -This uses the standard channel for your orchestrator, for example a tool like `kubectl` for Kubernetes. - -The second method is through the Bottlerocket API, for example when you want to configure the system. - -There's an HTTP API server that listens on a local Unix-domain socket. -Remote access to the API requires an authenticated transport such as SSM's RunCommand or Session Manager, as described above. -For more details, see the [apiserver documentation](sources/api/apiserver/). - -The [apiclient](sources/api/apiclient/) can be used to make requests. -They're just HTTP requests, but the API client simplifies making requests with the Unix-domain socket. - -To make configuration easier, we have [early-boot-config](sources/api/early-boot-config/), which can send an API request for you based on instance user data. -If you start a virtual machine, like an EC2 instance, it will read TOML-formatted Bottlerocket configuration from user data and send it to the API server. -This way, you can configure your Bottlerocket instance without having to make API calls after launch. - -See [Settings](#settings) above for examples and to understand what you can configure. - -You can also access host containers through the API using [apiclient exec](sources/api/apiclient/README.md#exec-mode). - -The server and client are the user-facing components of the API system, but there are a number of other components that work together to make sure your settings are applied, and that they survive upgrades of Bottlerocket. - -For more details, see the [API system documentation](sources/api/). - -### Default Volumes - -Bottlerocket operates with two default storage volumes. - -* The root device, holds the active and passive [partition sets](#updates-1). - It also contains the bootloader, the dm-verity hash tree for verifying the [immutable root filesystem](SECURITY_FEATURES.md#immutable-rootfs-backed-by-dm-verity), and the data store for the Bottlerocket API. -* The data device is used as persistent storage for container images, container orchestration, [host-containers](#Custom-host-containers), and [bootstrap containers](#Bootstrap-containers-settings). - The operating system does not typically make changes to this volume during regular updates, though changes to upstream software such as containerd or kubelet could result in changes to their stored data. - This device (mounted to `/local` on the host) can be used for application storage for orchestrated workloads; however, we recommend using an additional volume if possible for such cases. - See [this section of the Security Guidance documentation](./SECURITY_GUIDANCE.md#limit-access-to-system-mounts) for more information. - -On boot Bottlerocket will increase the data partition size to use all of the data device. -If you increase the size of the device, you can reboot Bottlerocket to extend the data partition. -If you need to extend the data partition without rebooting, have a look at this [discussion](https://github.com/bottlerocket-os/bottlerocket/discussions/2011). diff --git a/ROADMAP.md b/ROADMAP.md deleted file mode 100644 index fd2088beb..000000000 --- a/ROADMAP.md +++ /dev/null @@ -1,34 +0,0 @@ -# Roadmap - -The Bottlerocket roadmap is public and hosted as a GitHub Project at the following URL: - -https://github.com/orgs/bottlerocket-os/projects/18 - -GitHub Projects allows for multiple views that represent different ways of looking at the same data. -In the case of Bottlerocket, there are four views (represented as tabs): - -* [All Items](https://github.com/orgs/bottlerocket-os/projects/18/views/1): a list of all the issues being actively worked on. -* [Upcoming Releases](https://github.com/orgs/bottlerocket-os/projects/18/views/2): the issues sorted into columns that represent an upcoming release. -* [Feature Highlights](https://github.com/orgs/bottlerocket-os/projects/18/views/4): selected issues sorted into columns that represent particular features. -* [Themes](https://github.com/orgs/bottlerocket-os/projects/18/views/5): selected issues sorted into columns as they align to overarching thematic changes. - -## What does the roadmap represent? - -The roadmap is best understood as a point-in-time snapshot of what is being worked on and the intentions for upcoming releases. -Each item on the roadmap links back to a GitHub issue; issues represent a problem (i.e. a bug) or a change from the current functional state (i.e. an enhancement). - -Both bug and enhancements can take a non-linear path to resolution. -The work to resolve these can take more or less effort than anticipated as paths are explored and complexity is thoughtfully considered. -Releases in Bottlerocket follow a loose release train model with each being spaced out about six weeks apart. -So, roadmap items are continuously reconsidered and roadmap adjustments may be required. - -## How do I follow a specific change to the roadmap? - -For individual items, the best way to find out more information is to subscribe to notifications on GitHub for the specific issues linked in the roadmap. -This will give you insight into both the development and any large changes to how the issue gets packaged into a release. -Additionally, you can ask questions, provide feedback, and, hopefully, contribute. - -## Can I see a log of all the changes to the roadmap? - -This was supported in [GitHub Projects classic](https://docs.github.com/en/issues/organizing-your-work-with-project-boards/tracking-work-with-project-boards/tracking-progress-on-your-project-board) however, Bottlerocket uses the newer version of this GitHub feature which lacks this particular log-like view. -In the future, it would be great to see this feature return to GitHub Projects or similar functionality through the [Bottlerocket website](https://github.com/bottlerocket-os/project-website) initiative. diff --git a/Release.toml b/Release.toml deleted file mode 100644 index ffbc6cf76..000000000 --- a/Release.toml +++ /dev/null @@ -1,323 +0,0 @@ -version = "1.21.0" - -[migrations] -"(0.3.1, 0.3.2)" = ["migrate_v0.3.2_admin-container-v0-5-0.lz4"] -"(0.3.2, 0.3.3)" = [] -"(0.3.3, 0.3.4)" = [] -"(0.3.4, 0.4.0)" = [] -"(0.4.0, 0.4.1)" = ["migrate_v0.4.1_add-version-lock-ignore-waves.lz4", "migrate_v0.4.1_pivot-repo-2020-07-07.lz4"] -"(0.4.1, 0.5.0)" = ["migrate_v0.5.0_add-cluster-domain.lz4", "migrate_v0.5.0_admin-container-v0-5-2.lz4", "migrate_v0.5.0_control-container-v0-4-1.lz4"] -"(0.5.0, 1.0.0)" = ["migrate_v1.0.0_ecr-helper-admin.lz4", "migrate_v1.0.0_ecr-helper-control.lz4"] -"(1.0.0, 1.0.1)" = [] -"(1.0.1, 1.0.2)" = ["migrate_v1.0.2_add-enable-spot-instance-draining.lz4"] -"(1.0.2, 1.0.3)" = ["migrate_v1.0.3_add-sysctl.lz4"] -"(1.0.3, 1.0.4)" = [] -"(1.0.4, 1.0.5)" = [ - "migrate_v1.0.5_add-lockdown.lz4", - "migrate_v1.0.5_sysctl-subcommand.lz4", - "migrate_v1.0.5_add-user-data.lz4", - "migrate_v1.0.5_add-network-settings.lz4", - "migrate_v1.0.5_add-proxy-restart.lz4", - "migrate_v1.0.5_add-proxy-services.lz4", -] -"(1.0.5, 1.0.6)" = [ - "migrate_v1.0.6_metricdog-init.lz4", - "migrate_v1.0.6_add-static-pods.lz4", - "migrate_v1.0.6_kubelet-standalone-tls-settings.lz4", - "migrate_v1.0.6_kubelet-standalone-tls-services.lz4", - "migrate_v1.0.6_control-container-v0-4-2.lz4", - "migrate_v1.0.6_add-shibaken.lz4", - "migrate_v1.0.6_admin-container-v0-6-0.lz4", -] -"(1.0.6, 1.0.7)" = [] -"(1.0.7, 1.0.8)" = [ - "migrate_v1.0.8_kubelet-eviction-hard.lz4", - "migrate_v1.0.8_kubelet-unsafe-sysctl-kube-reserved.lz4", - "migrate_v1.0.8_proxy-affect-host-containers.lz4", - "migrate_v1.0.8_control-container-v0-5-0.lz4", - "migrate_v1.0.8_admin-container-v0-7-0.lz4", - "migrate_v1.0.8_add-bootstrap-containers.lz4" -] -"(1.0.8, 1.1.0)" = [ - "migrate_v1.1.0_kubelet-server-tls-bootstrap.lz4", - "migrate_v1.1.0_kubelet-cloud-provider.lz4", - "migrate_v1.1.0_kubelet-registry-qps-registry-burst.lz4", - "migrate_v1.1.0_shared-containerd-configs.lz4", - "migrate_v1.1.0_kubelet-event-qps-event-burst.lz4", - "migrate_v1.1.0_schnauzer-paws.lz4", - "migrate_v1.1.0_kubelet-kube-api-qps-kube-api-burst.lz4", -] -"(1.1.0, 1.1.1)" = [] -"(1.1.1, 1.1.2)" = [ - "migrate_v1.1.2_kubelet-container-log.lz4", - "migrate_v1.1.2_kubelet-system-reserved.lz4", - "migrate_v1.1.2_admin-container-v0-7-1.lz4", - "migrate_v1.1.2_control-container-v0-5-1.lz4", -] -"(1.1.2, 1.1.3)" = [ - "migrate_v1.1.3_kubelet-cpu-manager-state.lz4", - "migrate_v1.1.3_kubelet-cpu-manager.lz4", -] -"(1.1.3, 1.1.4)" = [] -"(1.1.4, 1.2.0)" = [ - "migrate_v1.2.0_hostname-setting.lz4", - "migrate_v1.2.0_hostname-setting-metadata.lz4", - "migrate_v1.2.0_add-custom-certificates.lz4", - "migrate_v1.2.0_kubelet-topology-manager.lz4", - "migrate_v1.2.0_container-registry-mirrors.lz4", - "migrate_v1.2.0_container-registry-config-restarts.lz4", - "migrate_v1.2.0_admin-container-v0-7-2.lz4", -] -"(1.2.0, 1.2.1)" = [] -"(1.2.1, 1.3.0)" = [ - "migrate_v1.3.0_etc-hosts-service.lz4", - "migrate_v1.3.0_hostname-affects-etc-hosts.lz4", - "migrate_v1.3.0_control-container-v0-5-2.lz4", -] -"(1.3.0, 1.4.0)" = [ - "migrate_v1.4.0_registry-mirror-representation.lz4", -] -"(1.4.0, 1.4.1)" = [] -"(1.4.1, 1.4.2)" = [ - "migrate_v1.4.2_admin-container-v0-7-3.lz4", - "migrate_v1.4.2_control-container-v0-5-3.lz4", -] -"(1.4.2, 1.5.0)" = [ - "migrate_v1.5.0_oci-hooks-setting.lz4", - "migrate_v1.5.0_oci-hooks-setting-metadata.lz4", -] -"(1.5.0, 1.5.1)" = [ - "migrate_v1.5.1_control-container-v0-5-4.lz4", -] -"(1.5.1, 1.5.2)" = [] -"(1.5.2, 1.5.3)" = [ - "migrate_v1.5.3_vmware-host-containers.lz4", -] -"(1.5.3, 1.6.0)" = [ - "migrate_v1.6.0_node-taints-representation.lz4", - "migrate_v1.6.0_aws-admin-container-v0-7-4.lz4", - "migrate_v1.6.0_aws-control-container-v0-5-5.lz4", - "migrate_v1.6.0_public-admin-container-v0-7-4.lz4", - "migrate_v1.6.0_public-control-container-v0-5-5.lz4", -] -"(1.6.0, 1.6.1)" = [] -"(1.6.1, 1.6.2)" = [ - "migrate_v1.6.2_add-cfsignal.lz4", - "migrate_v1.6.2_container-registry-credentials.lz4", - "migrate_v1.6.2_container-registry-credentials-metadata.lz4", -] -"(1.6.2, 1.7.0)" = [ - "migrate_v1.7.0_aws-admin-container-v0-8-0.lz4", - "migrate_v1.7.0_aws-control-container-v0-6-0.lz4", - "migrate_v1.7.0_public-admin-container-v0-8-0.lz4", - "migrate_v1.7.0_public-control-container-v0-6-0.lz4", -] -"(1.7.0, 1.7.1)" = [] -"(1.7.1, 1.7.2)" = [] -"(1.7.2, 1.8.0)" = [ - "migrate_v1.8.0_boot-setting.lz4", - "migrate_v1.8.0_boot-setting-metadata.lz4", - "migrate_v1.8.0_kubelet-pod-pids-limit.lz4", - "migrate_v1.8.0_add-pull-behavior.lz4", - "migrate_v1.8.0_add-autoscaling.lz4", - "migrate_v1.8.0_etc-hosts.lz4", - "migrate_v1.8.0_etc-hosts-metadata.lz4", - "migrate_v1.8.0_cluster-dns-ip-list.lz4", - "migrate_v1.8.0_pki-affected-services.lz4", - "migrate_v1.8.0_kubelet-provider-id.lz4", - "migrate_v1.8.0_aws-admin-container-v0-9-0.lz4", - "migrate_v1.8.0_aws-control-container-v0-6-1.lz4", - "migrate_v1.8.0_public-admin-container-v0-9-0.lz4", - "migrate_v1.8.0_public-control-container-v0-6-1.lz4", -] -"(1.8.0, 1.9.0)" = [ - "migrate_v1.9.0_ntp-affected-services.lz4", - "migrate_v1.9.0_shibaken-admin-userdata-semantics.lz4", - "migrate_v1.9.0_shibaken-send-metrics.lz4", - "migrate_v1.9.0_image-gc-thresholds.lz4", - "migrate_v1.9.0_kernel-modules-setting.lz4", - "migrate_v1.9.0_kernel-modules-setting-metadata.lz4", - "migrate_v1.9.0_kubelet-no-daemon-reload.lz4", - "migrate_v1.9.0_updates-targets-base-url.lz4", -] -"(1.9.0, 1.9.1)" = [] -"(1.9.1, 1.9.2)" = [] -"(1.9.2, 1.10.0)" = [ - "migrate_v1.10.0_dns-settings.lz4", - "migrate_v1.10.0_dns-settings-metadata.lz4", - "migrate_v1.10.0_reboot-to-reconcile-setting.lz4", - "migrate_v1.10.0_kubelet-log-level.lz4", - "migrate_v1.10.0_aws-admin-container-v0-9-2.lz4", - "migrate_v1.10.0_public-admin-container-v0-9-2.lz4", - "migrate_v1.10.0_aws-control-container-v0-6-3.lz4", - "migrate_v1.10.0_public-control-container-v0-6-3.lz4" -] -"(1.10.0, 1.10.1)" = [ - "migrate_v1.10.1_container-runtime.lz4", - "migrate_v1.10.1_container-runtime-metadata.lz4" -] -"(1.10.1, 1.11.0)" = [ - "migrate_v1.11.0_aws-config-settings.lz4", - "migrate_v1.11.0_aws-creds.lz4", - "migrate_v1.11.0_aws-creds-metadata.lz4", - "migrate_v1.11.0_credential-providers.lz4", - "migrate_v1.11.0_kubelet-tls-config.lz4", - "migrate_v1.11.0_kubelet-tls-files.lz4", - "migrate_v1.11.0_kubelet-new-config-files.lz4", - "migrate_v1.11.0_ecs-additional-configurations.lz4", - "migrate_v1.11.0_aws-admin-container-v0-9-3.lz4", - "migrate_v1.11.0_public-admin-container-v0-9-3.lz4", - "migrate_v1.11.0_aws-control-container-v0-6-4.lz4", - "migrate_v1.11.0_public-control-container-v0-6-4.lz4", -] -"(1.11.0, 1.11.1)" = [] -"(1.11.1, 1.12.0)" = [ - "migrate_v1.12.0_k8s-private-pki-path.lz4", - "migrate_v1.12.0_add-k8s-autoscaling-warm-pool-setting.lz4", - "migrate_v1.12.0_add-k8s-autoscaling-warm-pool-setting-metadata.lz4", - "migrate_v1.12.0_oci-defaults-setting.lz4", - "migrate_v1.12.0_oci-defaults-setting-metadata.lz4", - "migrate_v1.12.0_aws-admin-container-v0-9-4.lz4", - "migrate_v1.12.0_public-admin-container-v0-9-4.lz4", - "migrate_v1.12.0_aws-control-container-v0-7-0.lz4", - "migrate_v1.12.0_public-control-container-v0-7-0.lz4", -] -"(1.12.0, 1.13.0)" = [ - "migrate_v1.13.0_k8s-registry.lz4", - "migrate_v1.13.0_aws-admin-container-v0-10-0.lz4", - "migrate_v1.13.0_public-admin-container-v0-10-0.lz4", - "migrate_v1.13.0_aws-control-container-v0-7-1.lz4", - "migrate_v1.13.0_public-control-container-v0-7-1.lz4", -] -"(1.13.0, 1.13.1)" = [ - "migrate_v1.13.1_aws-profile-cred-provider.lz4", -] -"(1.13.1, 1.13.2)" = [] -"(1.13.2, 1.13.3)" = [ - "migrate_v1.13.3_aws-k8s-provider-id-gen.lz4", -] -"(1.13.3, 1.13.4)" = [ - "migrate_v1.13.4_add-hostname-override.lz4", - "migrate_v1.13.4_add-hostname-override-metadata.lz4", -] -"(1.13.4, 1.13.5)" = [] -"(1.13.5, 1.14.0)" = [ - "migrate_v1.14.0_kubernetes-gc-percent-type-change.lz4", - "migrate_v1.14.0_kubelet-config-settings.lz4", - "migrate_v1.14.0_kubelet-prefix-config-settings.lz4", - "migrate_v1.14.0_k8s-services-mode.lz4", - "migrate_v1.14.0_aws-admin-container-v0-10-1.lz4", - "migrate_v1.14.0_public-admin-container-v0-10-1.lz4", - "migrate_v1.14.0_aws-control-container-v0-7-2.lz4", - "migrate_v1.14.0_public-control-container-v0-7-2.lz4", -] -"(1.14.0, 1.14.1)" = [] -"(1.14.1, 1.14.2)" = [ - "migrate_v1.14.2_ecs-images-cleanup.lz4", -] -"(1.14.2, 1.14.3)" = [ - "migrate_v1.14.3_aws-admin-container-v0-10-2.lz4", - "migrate_v1.14.3_public-admin-container-v0-10-2.lz4", - "migrate_v1.14.3_aws-control-container-v0-7-3.lz4", - "migrate_v1.14.3_public-control-container-v0-7-3.lz4", -] -"(1.14.3, 1.15.0)" = [ - "migrate_v1.15.0_oci-defaults-resource-setting.lz4", - "migrate_v1.15.0_oci-defaults-max-open-files.lz4", - "migrate_v1.15.0_seccomp-default-setting.lz4", - "migrate_v1.15.0_oci-defaults-docker-setting.lz4", - "migrate_v1.15.0_oci-defaults-docker-setting-metadata.lz4", - "migrate_v1.15.0_aws-admin-container-v0-11-0.lz4", - "migrate_v1.15.0_public-admin-container-v0-11-0.lz4", - "migrate_v1.15.0_aws-control-container-v0-7-4.lz4", - "migrate_v1.15.0_public-control-container-v0-7-4.lz4", - "migrate_v1.15.0_log4j-hotpatch-enabled-metadata.lz4", - "migrate_v1.15.0_deprecate-log4j-hotpatch-enabled.lz4", -] -"(1.15.0, 1.15.1)" = [] -"(1.15.1, 1.16.0)" = [ - "migrate_v1.16.0_kernel-modules-autoload-configs.lz4", - "migrate_v1.16.0_kernel-modules-autoload-files.lz4", - "migrate_v1.16.0_kernel-modules-autoload-restart.lz4", - "migrate_v1.16.0_kernel-modules-autoload-settings.lz4", - "migrate_v1.16.0_aws-admin-container-v0-11-1.lz4", - "migrate_v1.16.0_public-admin-container-v0-11-1.lz4", - "migrate_v1.16.0_aws-control-container-v0-7-5.lz4", - "migrate_v1.16.0_public-control-container-v0-7-5.lz4", - "migrate_v1.16.0_schnauzer-v2-generators.lz4", -] -"(1.16.0, 1.16.1)" = [ - "migrate_v1.16.1_updog-network-affected.lz4", -] -"(1.16.1, 1.17.0)" = [ - "migrate_v1.17.0_aws-admin-container-v0-11-2.lz4", - "migrate_v1.17.0_public-admin-container-v0-11-2.lz4", - "migrate_v1.17.0_aws-control-container-v0-7-6.lz4", - "migrate_v1.17.0_public-control-container-v0-7-6.lz4", -] -"(1.17.0, 1.18.0)" = [ - "migrate_v1.18.0_aws-admin-container-v0-11-3.lz4", - "migrate_v1.18.0_public-admin-container-v0-11-3.lz4", - "migrate_v1.18.0_aws-control-container-v0-7-7.lz4", - "migrate_v1.18.0_public-control-container-v0-7-7.lz4", -] -"(1.18.0, 1.19.0)" = [ - "migrate_v1.19.0_add-additional-ecs-settings.lz4", -] -"(1.19.0, 1.19.1)" = [ - "migrate_v1.19.1_aws-admin-container-v0-11-4.lz4", - "migrate_v1.19.1_public-admin-container-v0-11-4.lz4", - "migrate_v1.19.1_aws-control-container-v0-7-8.lz4", - "migrate_v1.19.1_public-control-container-v0-7-8.lz4", -] -"(1.19.1, 1.19.2)" = [ - "migrate_v1.19.2_certdog-config-file-v0-1-0.lz4", - "migrate_v1.19.2_certdog-service-cfg-v0-1-0.lz4", - "migrate_v1.19.2_add-ecs-enable-container-metadata.lz4", -] -"(1.19.2, 1.19.3)" = [ - "migrate_v1.19.3_aws-admin-container-v0-11-6.lz4", - "migrate_v1.19.3_public-admin-container-v0-11-6.lz4", - "migrate_v1.19.3_aws-control-container-v0-7-10.lz4", - "migrate_v1.19.3_public-control-container-v0-7-10.lz4", -] -"(1.19.3, 1.19.4)" = [] -"(1.19.4, 1.19.5)" = [ - "migrate_v1.19.5_aws-admin-container-v0-11-7.lz4", - "migrate_v1.19.5_public-admin-container-v0-11-7.lz4", - "migrate_v1.19.5_aws-control-container-v0-7-11.lz4", - "migrate_v1.19.5_public-control-container-v0-7-11.lz4", -] -"(1.19.5, 1.20.0)" = [ - "migrate_v1.20.0_prairiedog-config-file-v0-1-0.lz4", - "migrate_v1.20.0_prairiedog-services-cfg-v0-1-0.lz4", - "migrate_v1.20.0_thar-be-updates-config-file-v0-1-0.lz4", - "migrate_v1.20.0_thar-be-updates-affected-services-v0-1-0.lz4", - "migrate_v1.20.0_host-containers-config-file-v0-1-0.lz4", - "migrate_v1.20.0_host-containers-config-list-v0-1-0.lz4", - "migrate_v1.20.0_corndog-config-file-v0-1-0.lz4", - "migrate_v1.20.0_corndog-services-cfg-v0-1-0.lz4", - "migrate_v1.20.0_bootstrap-containers-config-file-v0-1-0.lz4", - "migrate_v1.20.0_bootstrap-containers-services-cfg-v0-1-0.lz4", - "migrate_v1.20.0_remove-ecs-settings-applier.lz4", - "migrate_v1.20.0_update-ecs-config-path.lz4", - "migrate_v1.20.0_update-ecs-config-template-path.lz4", - "migrate_v1.20.0_add-ntp-default-options-v0-1-0.lz4", - "migrate_v1.20.0_static-pods-add-prefix-v0-1-0.lz4", - "migrate_v1.20.0_static-pods-services-cfg-v0-1-0.lz4", - "migrate_v1.20.0_container-runtime-nvidia.lz4", - "migrate_v1.20.0_container-runtime-metadata-nvidia.lz4", - "migrate_v1.20.0_aws-admin-container-v0-11-8.lz4", - "migrate_v1.20.0_public-admin-container-v0-11-8.lz4", - "migrate_v1.20.0_aws-control-container-v0-7-12.lz4", - "migrate_v1.20.0_public-control-container-v0-7-12.lz4", -] -"(1.20.0, 1.20.1)" = [] -"(1.20.1, 1.20.2)" = [] -"(1.20.2, 1.21.0)" = [ - "migrate_v1.21.0_pluto-remove-generators-v0-1-0.lz4", - "migrate_v1.21.0_pod-infra-container-image-remove-settings-generator.lz4", - "migrate_v1.21.0_pod-infra-container-image-affected-services.lz4", - "migrate_v1.21.0_pod-infra-container-image-services.lz4", - "migrate_v1.21.0_k8s-reserved-cpus-v0-1-0.lz4", -] diff --git a/SECURITY.md b/SECURITY.md deleted file mode 100644 index e29eebd82..000000000 --- a/SECURITY.md +++ /dev/null @@ -1,4 +0,0 @@ -## Reporting a Vulnerability - -If you discover a potential security issue in this project, we ask that you notify AWS/Amazon Security via our [vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/) or directly via email to aws-security@amazon.com. -Please do **not** create a public GitHub issue. diff --git a/SECURITY_FEATURES.md b/SECURITY_FEATURES.md deleted file mode 100644 index b7d47182d..000000000 --- a/SECURITY_FEATURES.md +++ /dev/null @@ -1,186 +0,0 @@ -# Security Features - -## Goals - -Bottlerocket has the following high-level security goals. -They are listed in priority order. - -1. Harden the OS against persistent threats. -2. Mitigate the impact of vulnerabilities in the OS. -3. Protect containers from other containers. - -We will add and enhance security features over time based on these goals. - -## Overview - -| Feature | Version | -| :-------------------------------------------------------------------------------- | :------: | -| [Automated security updates](#automated-security-updates) | 0.3.0 | -| [Immutable rootfs backed by dm-verity](#immutable-rootfs-backed-by-dm-verity) | 0.3.0 | -| [Stateless tmpfs for /etc](#stateless-tmpfs-for-etc) | 0.3.0 | -| [No shell or interpreters installed](#no-shell-or-interpreters-installed) | 0.3.0 | -| [Executables built with hardening flags](#executables-built-with-hardening-flags) | 0.3.0 | -| [SELinux enabled in enforcing mode](#selinux-enabled-in-enforcing-mode) | 0.3.0 | -| [Kernel lockdown in integrity mode](#kernel-lockdown-in-integrity-mode) | 1.1.0 | -| [Secure Boot enabled](#secure-boot-enabled) | 1.15.0 | - -The version listed indicates the first release of Bottlerocket that included the feature. -Features may evolve or improve over time. - -## Details - -### Automated security updates - -Bottlerocket is designed for reliable security updates that can be applied through automation. - -This is achieved through the following mechanisms: -* Two partition sets and an active/passive flip to swap OS images -* Declarative API with modeled settings for runtime configuration -* Variants to silo backwards-incompatible or breaking changes - -Using partition sets and modeled settings removes the dependency on correct local state for reliable updates. -There is no package manager database or shared filesystem tree that can become corrupted and make the process non-deterministic. - -#### Update Policy - -Our philosophy for variants is that the right time for an unexpected major version update to the kernel or orchestrator agent is "never". -New variants can introduce newer LTS kernels or GPU drivers. -On release, variants peg to a kernel and GPU driver version and relevant security patches are applied. -However, in a situation where security patches are no longer available for the kernel or GPU driver, an existing variant may adopt a new version to address security vulnerabilities. - -##### Kubernetes variants - -Bottlerocket provides updates for each Kubernetes variant for approximately 14 months after the first release of each variant. -For `aws-k8s-*` variants, Bottlerocket follows the [Amazon EKS](https://docs.aws.amazon.com/eks/latest/userguide/kubernetes-versions.html) support policy, including extended support beyond the typical 12 months support period. - -We provide [a Kubernetes operator](https://github.com/bottlerocket-os/bottlerocket-update-operator) for automated updates to Bottlerocket. -We recommend deploying it on your Kubernetes clusters. - -##### ECS variant - -Bottlerocket provides updates for each ECS variant for at least one year after the first release of each variant. -Because the ECS agent is backwards compatible, there is no need to create new variants on a regular cadence. -ECS variants will be added as necessary to introduce newer LTS kernels or potentially breaking changes. - -We provide [an updater](https://github.com/bottlerocket-os/bottlerocket-ecs-updater) for automated updates to Bottlerocket. -We recommend deploying it on your ECS clusters. - -### Immutable rootfs backed by dm-verity - -Bottlerocket uses [dm-verity](https://www.kernel.org/doc/html/latest/admin-guide/device-mapper/verity.html) for its root filesystem image. -This provides transparent integrity checking of the underlying block device using a cryptographic digest. - -The root filesystem is marked as read-only and cannot be directly modified by userspace processes. -This protects against some container escape vulnerabilities such as [CVE-2019-5736](https://www.openwall.com/lists/oss-security/2019/02/11/2). - -The kernel is configured to restart if corruption is detected. -That allows the system to fail closed if the underlying block device is unexpectedly modified and the node is in an unknown state. -The uncontrolled reboot will disrupt running containers, which can trigger alarms and prompt administrators to investigate. - -Although this provides a powerful layer of protection, it is incomplete unless [Secure Boot is enabled](#secure-boot-enabled). -Otherwise, an attacker with full access to the block device could alter both the verity metadata and the contents of the root filesystem. - -### Stateless tmpfs for /etc - -Bottlerocket uses [tmpfs](https://www.kernel.org/doc/Documentation/filesystems/tmpfs.txt), a memory-backed filesystem, for `/etc`. - -Direct modification of system configuration files such as `/etc/resolv.conf` or `/etc/containerd/config.toml` is not supported. -This makes OS updates more reliable, as it is not necessary to account for local edits that might have changed the behavior of system services. -It also makes it harder for an attacker to modify these files in a way that persists across a reboot. - -There are two supported ways to configure the OS in the presence of these restrictions. - -The first is through the API. -Settings are persisted across reboot and migrated through OS upgrades. -They are used to render system configuration files from templates on every boot. - -The second is by using containers. -Specifications such as [CNI](https://github.com/containernetworking/cni) and [CSI](https://github.com/container-storage-interface/spec) provide ways to configure networking and storage devices. -Containers written to these specifications can be deployed to nodes using orchestrator-specific mechanisms like [DaemonSets](https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/). - -All variants will include a secondary filesystem for local storage. -It will be mounted at `/local` with bind mounts for `/var` and `/opt`. -Modifications to this area will survive an OS update or a reboot. - -### No shell or interpreters installed - -Bottlerocket does not have a shell installed in non-developer builds. -Interpreted languages such as Python are not installed or even available as packages. - -Shells and interpreters enable administrators to write code that combines other programs on the system in new ways. -However, these properties can also be exploited by an attacker to pivot from a vulnerability that grants local code execution. - -The lack of a shell also serves as a forcing function to ensure that new code for the OS is written in a preferred language such as Rust or Go. -These languages offer built-in protection against memory safety issues such as buffer overflows. - -### Executables built with hardening flags - -The GCC cross-compilers in the [Bottlerocket SDK](https://github.com/bottlerocket-os/bottlerocket-sdk) are built with these options: -* `--enable-default-pie` for `-fPIE` and `-pie` by default -* `--enable-default-ssp` for `-fstack-protector-strong` by default - -Position-independent executables (PIE) have their address space randomized on every execution. -This makes addresses harder to predict for an attacker that attempts to exploit a memory corruption vulnerability. - -The stack protector feature enables stack canaries to detect stack overflow and abort the program if it occurs. -The "strong" version enables it for additional functions. - -All C and C++ programs are compiled with the following options: -* `-Wall` to warn about questionable constructs -* `-Werror=format-security` to warn about unsafe uses of format functions -* `-Wp,-D_FORTIFY_SOURCE=2` for runtime error checks in libc -* `-Wp,-D_GLIBCXX_ASSERTIONS` for runtime error checks in libstdc++ -* `-fstack-clash-protection` for stack overflow detection - -Although C and C++ lack the memory safety of Go and Rust, these options add a layer of defense during build and execution. - -All binaries are linked with the following options: -* `-Wl,-z,relro` to mark segments read-only after relocation -* `-Wl,-z,now` to resolve all symbols at load time - -Together these enable [full RELRO support](https://www.redhat.com/en/blog/hardening-elf-binaries-using-relocation-read-only-relro) which makes [ROP](https://en.wikipedia.org/wiki/Return-oriented_programming) attacks more difficult to execute. - -**Note:** Certain variants, such as the ones for NVIDIA, include precompiled binaries that may not have been built with these hardening flags. - -### SELinux enabled in enforcing mode - -Bottlerocket enables SELinux by default, sets it to enforcing mode, and loads the policy during boot. -There is no way to disable it. - -SELinux is a Linux Security Module (LSM) that provides a mechanism for mandatory access control (MAC). -Processes that run as root with full capabilities are still subject to the mandatory policy restrictions. - -The policy in Bottlerocket has the following objectives: -1) Prevent most components from directly modifying the API settings. -2) Block most components from modifying the container archives saved on disk. -3) Stop containers from directly modifying the layers for other running containers. - -The policy is currently aimed at hardening the OS against persistent threats. -Future enhancements to the policy will focus on mitigating the impact of OS vulnerabilities, and protecting containers from other containers. - -### Kernel lockdown in integrity mode - -Bottlerocket enables Lockdown in "integrity" mode by default on most variants. - -Lockdown is a Linux Security Module (LSM) that blocks certain actions which could compromise the Linux kernel. -As with SELinux, even processes that run as root with full capabilities are subject to these restrictions. - -Certain variants such as `*-nvidia` need to load unsigned kernel modules at runtime. -This is prohibited by the "integrity" mode, but required for the hardware to work as expected. -On these variants, Lockdown is set to "none" instead. - -### Secure Boot enabled - -Bottlerocket enables Secure Boot for all new variants on platforms that support UEFI boot. - -The goal is to prevent unsigned, untrusted code from running at any point until containers are started. -This is achieved by establishing the following chain of trust: -1) The trusted platform firmware verifies that shim is signed correctly, then loads it. -2) shim verifies that grub is signed correctly, then loads it. -3) grub verifies that its grub.cfg is signed correctly, then loads it. -4) grub verifies that the Linux kernel is signed correctly, then loads it. -5) The Linux kernel verifies that the [immutable root filesystem](#immutable-rootfs-backed-by-dm-verity) has not been altered. - -Secure Boot only applies to platforms using UEFI firmware, and it is only enforced when the feature is enabled in the firmware. -Therefore, systems using the legacy BIOS boot mode cannot benefit from Secure Boot. -This includes Xen-based EC2 instance types, and bare metal machines configured to emulate the legacy BIOS boot mode. diff --git a/SECURITY_GUIDANCE.md b/SECURITY_GUIDANCE.md deleted file mode 100644 index 45be18a6d..000000000 --- a/SECURITY_GUIDANCE.md +++ /dev/null @@ -1,366 +0,0 @@ -# Security Guidance - -## Overview - -Bottlerocket adheres to the [Shared Responsibility Model](https://aws.amazon.com/compliance/shared-responsibility-model/) which defines security and compliance as a shared responsibility between the OS vendor and the customer. - -We provide these recommendations, along with [details](#details) and [examples](#examples), to help you create a configuration that meets your security and compliance requirements. - -| Recommendation | Priority | -| :-------------------------------------------------------------------------------------------------- | :-------- | -| [Enable automatic updates](#enable-automatic-updates) | Critical | -| [Avoid containers with elevated privileges](#avoid-containers-with-elevated-privileges) | Critical | -| [Restrict access to the host API socket](#restrict-access-to-the-host-api-socket) | Critical | -| [Restrict access to the container runtime socket](#restrict-access-to-the-container-runtime-socket) | Critical | -| [Design for host replacement](#design-for-host-replacement) | Important | -| [Enable kernel lockdown](#enable-kernel-lockdown) | Important | -| [Limit use of host containers](#limit-use-of-host-containers) | Important | -| [Limit use of privileged SELinux labels](#limit-use-of-privileged-selinux-labels) | Important | -| [Limit access to system mounts](#limit-access-to-system-mounts) | Important | -| [Limit access to host namespaces](#limit-access-to-host-namespaces) | Important | -| [Limit access to block devices](#limit-access-to-block-devices) | Important | -| [Do not run containers as UID 0](#do-not-run-containers-as-uid-0) | Moderate | - -## Details - -### Enable automatic updates - -Bottlerocket includes many [security features](SECURITY_FEATURES.md) to mitigate software vulnerabilities. -These countermeasures serve to reduce the reliability of exploits and to raise their cost. -However, it is always better to patch vulnerabilities than to rely on mitigations alone. - -For our Kubernetes variants, we provide [a Kubernetes operator](https://github.com/bottlerocket-os/bottlerocket-update-operator) for automated updates to Bottlerocket. -We recommend deploying it on your Kubernetes clusters. - -For our ECS variant, we provide [an updater](https://github.com/bottlerocket-os/bottlerocket-ecs-updater) for automated updates to Bottlerocket. -We recommend deploying it on your ECS clusters. - -### Avoid containers with elevated privileges - -Containers can be made more secure by limiting the capabilities they have, by filtering syscalls they can make, and by changing the SELinux labels they use. - -Capabilities are a way to split up the traditional powers of the `root` user so that a subset of the permissions can be granted instead. -For example, `CAP_NET_BIND_SERVICE` can be granted to allow binding to a low-numbered port. -Bottlerocket uses `runc` to execute containers with [a subset of Linux capabilities](https://github.com/opencontainers/runc/blob/master/libcontainer/SPEC.md#security). - -Syscalls are a way for userspace programs to request services from the kernel. -Seccomp filters can be used to allow access to a subset of syscalls. -Bottlerocket uses `containerd` as the container runtime which provides [a default seccomp profile](https://github.com/containerd/containerd/blob/master/contrib/seccomp/seccomp_default.go). - -SELinux labels are part of mandatory access controls, which impose constraints after discretionary access controls are checked. -Bottlerocket runs unprivileged containers with the restrictive `container_t` label. - -Orchestrators provide ways to disable these protections: -* Docker can run containers with the `--privileged` flag -* Kubernetes can run pods with `privileged: true` in the pod definition -* Amazon ECS can run tasks with `"privileged": true` in the task definition - -By default, Kubernetes also runs pods with no seccomp filter applied. -Pods can specify a seccomp profile, or you can apply a default profile using a [Pod Security Policy](https://kubernetes.io/docs/concepts/policy/pod-security-policy/). - -We recommend that you avoid containers with elevated privileges. -The default set of capabilities, the default seccomp filter, and the default SELinux labels should be used where possible. - -### Restrict access to the host API socket - -The Bottlerocket API server listens for requests on a Unix domain socket. -The canonical location of this socket is `/run/api.sock`. -It is owned by UID 0 (`root`) and GID 274 (`api`). -It is labeled `api_socket_t`, so only processes with privileged SELinux labels can use it. - -Write access to this socket will grant full control over system configuration. -This includes the ability to define an arbitrary source for a host container, and to run that container with "superpowers" that bypass other restrictions. -These "superpowers" are described [below](#limit-use-of-host-containers). -For Kubernetes variants, it also includes the ability to define and run static pods. -These are managed directly by `kubelet` and are not subject to admission controllers that enforce security policies for the cluster. - -We recommend blocking access to the API socket from containers managed by the orchestrator. -The "control" host container can be used to modify settings when needed. - -### Restrict access to the container runtime socket - -Different [variants](variants/) of Bottlerocket may have different container runtimes installed. -Each container runtime will have its own API and will listen for requests on a Unix domain socket. -The socket will usually be owned by UID 0 (`root`) and GID 0 (`root`). - -Some potential locations of container runtime sockets are: -* `/run/docker.sock` -* `/run/dockershim.sock` -* `/run/containerd/containerd.sock` -* `/run/host-containerd/host-containerd.sock` - -Write access to any of these sockets will grant full control over container execution. -This includes the ability to run containers with elevated privileges and with access to all filesystem locations. - -One common use case for mounting the container runtime socket is to perform container image builds. -Instead of mounting the socket, you can use an image build tool that does not require additional privileges. - -We recommend blocking access to the container runtime socket from containers managed by the orchestrator. - -### Design for host replacement - -One of the main security objectives of Bottlerocket is to harden the OS against persistent threats. -This is closely related to the support for automated, in-place updates. -Applying updates to the same host makes sense if you are confident that the underlying software can still be trusted. - -However, containers share the same kernel with the host. -The exposed kernel interface can be minimized through techniques such as seccomp filters, but it cannot be eliminated. -If the kernel is ever compromised through a local exploit, then other defenses may break down. - -We recommend designing for periodic host replacement even with automated updates enabled. - -### Enable kernel lockdown - -The security mechanisms in Bottlerocket ultimately depend on the kernel for enforcement. -This includes access controls such as capabilities and SELinux, and integrity checks such as dm-verity. -Modifications to the running kernel could bypass or subvert these mechanisms. - -Bottlerocket enables the Lockdown security module and offers settings to choose from one of three modes. - -The first mode, "none", effectively disables the protection. - -The second mode, "integrity", blocks most ways to overwrite the kernel's memory and modify its code. -Enabling this mode will prevent unsigned kernel modules from being loaded. - -The third mode, "confidentiality", stops most ways of reading the kernel's memory from userspace. -The goal is to protect secrets that may be stored in the kernel, such as keys used to detect modification while the system is offline. -Bottlerocket does not make use of the secrets that this mode is meant to protect. -Enabling this mode will break BPF, perf, and any other tools that rely on reading kernel memory. - -We recommend enabling kernel lockdown in "integrity" mode. - -### Limit use of host containers - -Bottlerocket offers host containers to provide out-of-band access to the underlying host OS. - -Host containers can be configured with an optional `superpowered` flag. -This causes the container to run with extra privileges, an unrestricted SELinux label, and additional mounts. -The current implementation can be found in [host-ctr](sources/host-ctr/cmd/host-ctr/main.go). - -Two host containers are defined in the default configuration. -The ["control" host container](README.md#control-container) is enabled by default unless otherwise specified. -It provides remote connectivity through the AWS SSM [Session Manager](https://console.aws.amazon.com/systems-manager/session-manager/sessions). -The ["admin" host container](README.md#admin-container) is disabled by default unless otherwise specified. -It can be enabled through the "control" host container, through instance user data, or by accessing the host API socket. - -We recommend leaving the "admin" host container disabled until it is necessary to use it. -The "control" host container can also be disabled if you are confident you will not need it. -**This could leave you with no way to access the API and change settings on an existing node!** - -If you define your own host container, avoid using `superpowered = true` unless your use case requires an extremely high level of privilege, such as loading an out-of-tree kernel module. - -### Limit use of privileged SELinux labels - -Bottlerocket enables SELinux in enforcing mode by default. -SELinux works by associating labels with subjects (processes) and objects (such as files). - -Labels are "sticky" by default: processes will receive the label of their parent process, and files will receive the label of the directory where they are created. -A process can change its own label or the label of a child process under certain circumstances. -These changes are called "transitions". -The SELinux policy for Bottlerocket defines special transition rules for container runtimes. - -A container runtime can transition a child processes to any of these labels: -* `container_t` (the default for ordinary containers) -* `control_t` (the default for privileged containers) -* `super_t` (opt-in for "superpowered" containers) - -The `control_t` and `super_t` labels allow writes to the API socket. -The `super_t` label allows modifications to any file or directory on the host OS. - -Some orchestrators allow SELinux labels to be defined in the container specification, including Kubernetes and Amazon ECS. -If `control_t` or `super_t` is specified in this way, it will override the default transition rules and the container will run with additional privileges. - -We recommend limiting access to any SELinux label other than `container_t`. - -### Limit access to system mounts - -Bottlerocket provides a read-only root filesystem, ephemeral mounts for system directories such as `/etc` and `/run`, and persistent storage under `/local`. - -The `/etc` directory contains system configuration files generated by the API. -These are regenerated when a setting changes, but otherwise not monitored. -If the contents of this directory are mounted into a privileged container, they can be modified in unexpected ways. -This is not supported and may interfere with the reliability of automated updates. - -The `/run` directory contains ephemeral files such as Unix domain sockets used by the API server and the container runtime. -If the contents of this directory are mounted into a privileged container, they can be used to bypass security protections. - -The `/local` directory is where persistent storage is mounted, with `/var` and `/opt` as subdirectories. -This is where cached container images, unpacked container layers, and files for host containers are stored. -If this directory or its subdirectories are mounted into a privileged container, the integrity of the system can be compromised. - -We recommend limiting access to all system mounts. - -### Limit access to host namespaces - -Namespaces are one of the key building blocks for Linux containers. - -Network namespaces provide isolation for network resources such as IP addresses, ports, and routing tables. -Containers that share the host network namespace can connect to services listening on the host loopback addresses `127.0.0.1` and `::1`. -These services are not otherwise reachable from the network. - -Sharing the network namespace also enables access to abstract sockets. -Containers that share the host network namespace can send messages to processes on the host which expose APIs over abstract sockets. -This can bypass intended restrictions for API access. - -PID namespaces provide isolation for the process ID number space. -Containers that share the host PID namespace can interact with processes running on the host. -This includes the ability to send signals to those processes, which may interfere with system functionality. - -Sharing the host PID namespace also enables access to the host filesystem through `/proc//root` links for host processes. -This can bypass intended restrictions for system mounts. - -We recommend limiting access to all host namespaces. - -### Limit access to block devices - -Direct access to block devices can be used to bypass abstractions such as filesystems and caches. -This is useful for databases and storage applications that want full control over the data layout on disk. - -The order in which the kernel enumerates block devices is inconsistent and subject to change. -To avoid referring to the wrong device, Linux distributions use links under `/dev/disk` to map predictable identifiers to specific devices. -Bottlerocket relies on partition type GUIDs and partition names to discover its devices. - -Orchestrators offer ways to associate block devices with containers. -For example, Kubernetes allows pods to claim a "block mode" volume and mount the device to a desired path. -Containers with direct access to a block device can alter the partition table or modify the filesystem metadata. -If the same partition type or partition name is used for another device, the `/dev/disk` link may point to the wrong device. -This could compromise the integrity of the host. - -We recommend limiting access to block devices. - -### Do not run containers as UID 0 - -Bottlerocket does not currently support user namespaces. -This means that UID 0 (`root`) inside the container is the same as UID 0 on the host. - -A process in a container that runs as UID 0 will have nearly unlimited access to the host if all of these are true: -* it uses a privileged SELinux label -* it has access to system mounts -* it shares the host namespaces -* it has elevated privileges, with all capabilities and no seccomp filter - -This is essentially the configuration that is used for a host container with "superpowers", where `superpowered = true` is set. - -We recommend that you do not run containers as UID 0. - -## Examples - -### Amazon EC2 - -These settings can passed as [user data](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/user-data.html) on EC2 instance launch. -They apply to any Bottlerocket variant. - -```toml -# Enable kernel lockdown in "integrity" mode. -# This prevents modifications to the running kernel, even by privileged users. -[settings.kernel] -lockdown = "integrity" - -# The admin host container provides SSH access and runs with "superpowers". -# It is disabled by default, but can be disabled explicitly. -[settings.host-containers.admin] -enabled = false - -# The control host container provides out-of-band access via SSM. -# It is enabled by default, and can be disabled if you do not expect to use SSM. -# This could leave you with no way to access the API and change settings on an existing node! -[settings.host-containers.control] -enabled = false -``` - -### Amazon ECS - -These settings can passed as [user data](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/user-data.html) on EC2 instance launch. -They are specific to the `aws-ecs-1` variant. - -```toml -# By default, this variant does not allow launching privileged containers. -# The feature can also be disabled explicitly. -[settings.ecs] -allow-privileged-containers = false -``` - -### Kubernetes - -The following [Pod Security Policy](https://kubernetes.io/docs/concepts/policy/pod-security-policy/) is based on our recommendations. -It can be used as a starting point for your own policy. - -```yaml ---- -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: restricted-psp - - # Ensure that the default seccomp filter is used. - annotations: - seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'runtime/default' - seccomp.security.alpha.kubernetes.io/defaultProfileName: 'runtime/default' - -spec: - # Do not allow containers to run as privileged. - privileged: false - - # Do not allow containers to gain new privileges. - allowPrivilegeEscalation: false - - # Remove all capabilities from the default set. - requiredDropCapabilities: - - ALL - - # Run all containers with the less privileged container_t label. - seLinux: - rule: 'MustRunAs' - seLinuxOptions: - user: system_u - role: system_r - type: container_t - level: s0 - - # Do not allow containers to run as any system user. - runAsUser: - rule: 'MustRunAs' - ranges: - - min: 1000 - max: 65535 - - # Do not allow containers to run as any system group. - runAsGroup: - rule: 'MustRunAs' - ranges: - - min: 1000 - max: 65535 - - # Do not allow containers to add other system groups. - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 1000 - max: 65535 - - # Do not allow containers to use other system groups for volumes. - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 1000 - max: 65535 - - # Do not allow containers to share host namespaces. - hostNetwork: false - hostIPC: false - hostPID: false - - # Do not allow containers to use or write to host paths. - allowedHostPaths: - - pathPrefix: "/tmp" - readOnly: true - - # Allow minimal set of core volume types. - volumes: - - 'configMap' - - 'emptyDir' - - 'projected' - - 'secret' - - 'downwardAPI' - - 'persistentVolumeClaim' -``` diff --git a/SUPPORTED-HARDWARE.md b/SUPPORTED-HARDWARE.md deleted file mode 100644 index 4caf8843f..000000000 --- a/SUPPORTED-HARDWARE.md +++ /dev/null @@ -1,48 +0,0 @@ -# Supported hardware for Bottlerocket on bare metal - -The Bottlerocket bare metal variant is intended to run Bottlerocket on targets outside of AWS or vmware clusters. -The vast diversity of available hardware poses a challenge. -The need to be compatible with as much hardware as possible out-of-the-box conflicts with Bottlerocket's core principles of keeping it small and simple. -To strike the right balance, the initial offering focuses on compatibility with common x86_64 server hardware. -The Bottlerocket kernel for metal is configured to include drivers for a wider spread of 10G+ Ethernet NICs in their base configuration (no model-specific FPGA offloading support and similar) as well as common RAID controllers. - -Beyond that, the number of drivers included in the Bottlerocket kernels has been reduced substantially comparing to common general purpose Linux distributions. -The aim is to keep Bottlerocket images as lean as possible, while trying to maintain a good out-of-the-box coverage. - -It is possible that Bottlerocket is missing drivers for your specific hardware. -Please [submit an issue](https://github.com/bottlerocket-os/bottlerocket/issues/new?assignees=&labels=&template=metal_driver.md) to open a discussion on inclusion of additional drivers. - -## Limitations of hardware support to be added - -Adding drivers that are part of the upstream Linux source tree is an easy fix for certain target platforms. -However, there are limitations of what to add to the Bottlerocket metal variant in order to accommodate Bottlerocket's core principles of keeping it small and simple. -If you want to create a custom variant that for example contains specific drivers, the current work towards out-of-tree builds will help you achieve that. -Work for that is currently underway and can be tracked in [issue #2669](https://github.com/bottlerocket-os/bottlerocket/issues/2669). -Until out-of-tree builds land the following limitations apply to the available Bottlerocket variants: - -* There is no plan to add out-of-tree drivers to Bottlerocket images. -* There is no plan to add additional CPU architectures. -* There is no plan to add drivers for embedded devices in the core images. - -If you have questions about these limitations or want to debate them, feel free to open an issue or start a discussion. - -## Testing - -The AWS Bottlerocket team does basic functional testing on a limited set of server configurations they have available (See [Hardware configurations confirmed to work](#hardware-configurations-confirmed-to-work)). -"Functional testing" means that machines are provisioned and base functionality of storage and network hardware is proven by a properly functioning distribution. - -With the vast diversity of hardware available community involvement in confirming hardware configurations work is key. -We are interested to learn about your success stories running Bottlerocket on other hardware platforms. -Feel free to report a working configuration below by opening a PR with the information. - -### Hardware configurations confirmed to work - -Bottlerocket is tested on and known to work with the hardware below. - -| Server model | CPU | BIOS/UEFI | Network Card | Disk | RAID/Storage controller | Entity confirming | -| --- | --- | --- | --- | --- | --- | --- | -| Supermicro SYS-E200-8D | Intel Xeon D-1528 | BIOS & UEFI | Intel i350 1G & 10G | SATA SSD, NVME | N/A | AWS Bottlerocket team | -| Dell R240 | Intel Xeon E2236 | BIOS & UEFI | Broadcom BCM5720 1G | SATA SSD (RAID0) | PERC H730P | AWS Bottlerocket team | -| Dell R620 | Intel Xeon E5-2660 | BIOS | Intel i350 1G | SATA HDD | PERC H710P | AWS Bottlerocket team | -| HP DL20 | Intel Xeon E2234 | BIOS | HPE 361i 1G | SATA SSD | HPE Smart Array S100i | AWS Bottlerocket team | - diff --git a/TESTING.md b/TESTING.md deleted file mode 100644 index 7f86005e1..000000000 --- a/TESTING.md +++ /dev/null @@ -1,519 +0,0 @@ -# Testing Bottlerocket - -🚧 👷 - -This section is under active development. -We are working on tooling for running Bottlerocket integration tests. -While the work is underway, there will be frequent changes to this document. - -## Unit Tests - -It is easy to execute unit tests, you can run them from the root of the repo with `cargo make unit-tests`. -Note that some code in Bottlerocket is conditionally compiled based on variant thus some tests won't be executed. -Unless you intend to test the default variant, it is best to pass the relevant variant and architecture like this: - -```shell -cargo make \ - -e BUILDSYS_VARIANT="aws-ecs-1" \ - -e BUILDSYS_ARCH="x86_64" \ - unit-tests -``` - -## Integration Tests - -Unit tests will only get us so far. -Ultimately we want to know if Bottlerocket runs correctly as a complete system. -We have created a [command line utility] and [testing system] to help us test Bottlerocket holistically. - -[command line utility]: ./tools/testsys -[testing system]: https://github.com/bottlerocket-os/bottlerocket-test-system - -The test system coordinates: -- the creation of a cluster (or re-use of an existing cluster), -- creation of Bottlerocket instances, -- running tests that target the created cluster and instances, -- terminating the Bottlerocket instances, -- terminating the Kubernetes cluster (if desired) - -Testsys uses a Kubernetes operator to test bottlerocket. -The operator runs in a cluster that is separate from the one where you are testing Bottlerocket nodes. -We call this control cluster the *testsys cluster*. -When you launch a Bottlerocket integration test, pods run in the testsys cluster to perform the steps described above. - -## Setup - -### EKS - -It is possible to run your testsys cluster anywhere so long as it has the necessary authorization and networking. -We have plans to make this easy to do in EKS by providing the instructions and role permissions you need. -However, some work is still needed on the roles, so check back for those instructions in the future! - -### Using a Temporary Kind Cluster - -For developer workflows, the quickest way to run a testsys cluster is using [kind]. - -[kind]: https://kind.sigs.k8s.io/ - -**Important:** only use `kind` for temporary testsys clusters that you will be using yourself. -Do not use `kind` for long-lived clusters or clusters that you will share with other users. - -Here are the steps to set up a testsys cluster using `kind`. - -Create a kind cluster (any name will suffice): - -```shell -kind create cluster --name testsys -``` - -If you want to store the kubeconfig file, set the `KUBECONFIG` variable to some path (there should be no pre-existing file there). -It doesn't really matter where this is, since this is a throwaway cluster and then write the -kubeconfig to that path. -The environment variable `TESTSYS_KUBECONFIG` is used by all testsys -related cargo make tasks. - -```shell -export TESTSYS_KUBECONFIG="${HOME}/testsys-kubeconfig.yaml" -kind get kubeconfig --name testsys > $TESTSYS_KUBECONFIG -``` - -Install the testsys cluster components: - -```shell -cargo make setup-test -``` - -Testsys containers will need AWS credentials. - -**Reminder**: this is for your developer workflow only, do not share this cluster with other users. - -```shell -cargo make testsys add secret map \ - --name "creds" \ - "access-key-id=$(aws configure get aws_access_key_id)" \ - "secret-access-key=$(aws configure get aws_secret_access_key)" -``` - -If you have a named profile you can use the following. -```shell -PROFILE= -cargo make testsys add secret map \ - --name "creds" \ - "access-key-id=$(aws configure get aws_access_key_id --profile ${PROFILE})" \ - "secret-access-key=$(aws configure get aws_secret_access_key --profile ${PROFILE})" -``` - -If you added a secret, you then need to pass the secret's name to testsys -through an environment variable: -```shell -export TESTSYS_AWS_SECRET_NAME="awsCredentials=" -``` - -### Conveniences - -All testsys commands can be run using cargo make to eliminate the chance of 2 different versions of -testsys being used. -Testsys requires the controller and the agent images to be of the same testsys version. - -```shell -cargo make testsys -``` - -The Bottlerocket components are found in the `testsys` Kubernetes namespace. - -## Run - -Now that you have the testsys cluster set up, it's time to run a Bottlerocket integration test! - -### Configuration - -There are many arguments that can be configured via environment variables with `cargo make`; however, it is possible to create a configuration file instead. -Check out the [example config file](tools/testsys/Test.toml.example) for a sample `Test.toml` file. - -For example, the instance type can be specified based on variant requirements: - -```toml -[aws-k8s] -# Set the default instance type for all `aws-k8s` variants -instance-type = "m5.xlarge" - -[aws-k8s-nvidia] -# Override the instance type for `nvidia` `aws-k8s` variants -instance-type = "g5g.2xlarge" -``` - -Since `aws-k8s-nvidia` is a `-` level configuration it will take precedence over `aws-k8s` which is `` level configuration. - -Tables can also be created for custom testing configurations. For a custom test type called `foo`, the config above can be updated: - -```toml -[aws-k8s] -# Set the default instance type for all `aws-k8s` variants -instance-type = "m5.xlarge" - -[aws-k8s.configuration.foo] -# Set the default instance type for all `aws-k8s` variants when `TESTSYS_TEST=foo` is set -instance-type = "m5.8xlarge" - -[aws-k8s-nvidia] -# Override the instance type for `nvidia` `aws-k8s` variants -instance-type = "g5g.2xlarge" - -[aws-k8s-nvidia.configuration.foo] -# Override the instance type for `nvidia` `aws-k8s` variants when `TESTSYS_TEST=foo` is set -instance-type = "g5g.8xlarge" -``` - -### Variants - -Different Bottlerocket variants require different implementations in the test system. -For example, to ensure that Kubernetes variants are working correctly, we use [Sonobuoy] to run through the K8s E2E conformance test suite. -For ECS, we run a [task] on Bottlerocket to make sure Bottlerocket is working. -We use EC2 and EKS for `aws-k8s` variants and vSphere for `vmware-k8s` variants, and so on. - -[Sonobuoy]: https://sonobuoy.io/ -[task]: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/welcome-features.html - -We have attempted use sensible defaults for these behaviors when calling the `cargo make test` command. - -### aws-k8s - -You need to [build](BUILDING.md) Bottlerocket and create an AMI before you can run a test. -Change the commands below to the desired `aws-k8s` variant and AWS region: - -**Caution**: An EKS cluster will be created for you. -Because these take a long time to create, the default testsys behavior is to leave this in place so you can re-use it. -You will need to delete the EKS cluster manually when you are done using it. -(EC2 instances are terminated automatically, but it's worth double-checking to make sure they were terminated.) - -```shell -cargo make \ - -e BUILDSYS_VARIANT="aws-k8s-1.24" \ - -e BUILDSYS_ARCH="x86_64" \ - build - -cargo make \ - -e BUILDSYS_VARIANT="aws-k8s-1.24" \ - -e BUILDSYS_ARCH="x86_64" \ - -e PUBLISH_REGIONS="us-west-2" \ - ami - -cargo make \ - -e BUILDSYS_VARIANT="aws-k8s-1.24" \ - -e BUILDSYS_ARCH="x86_64" \ - test -``` - -```shell -cargo make watch-test -``` - -**Note**: You can provision nodes with karpenter by specifying `resource-agent-type = "karpenter"` in `Test.toml`. -To follow the generic mapping, use the following configuration: - -```toml -[aws-k8s.configuration.karpenter] -test-type = "quick" -resource-agent-type = "karpenter" -block-device-mapping = [ - {name = "/dev/xvda", volumeType = "gp3", volumeSize = 4, deleteOnTermination = true}, - {name = "/dev/xvdb", volumeType = "gp3", volumeSize = 20, deleteOnTermination = true}, -] -``` - -This configuration creates a new test type for all `aws-k8s` variants called `karpenter` (the string following `.configuration` in the table heading). - - -Before launching nodes with karpenter you will need to add the karpenter role to your cluster's `aws-auth` config map. - -```bash -# Change to your clusters name -CLUSTER_NAME=my-cluster -ACCOUNT_ID=your-account-id -REGION=us-west-2 -eksctl create iamidentity mapping \ - -r ${REGION} \ - --cluster ${CLUSTER_NAME} \ - --arn arn:aws:iam::${ACCOUNT_ID}:role/KarpenterInstanceNodeRole \ - --username system:node:{{EC2PrivateDNSName}} \ - --group system:bootstrappers \ - --group system:nodes -``` - -You can run the test by calling, - -```bash -cargo make -e TESTSYS_TEST=karpenter test -``` - -### aws-ecs - -You need to [build](BUILDING.md) Bottlerocket and create an AMI before you can run a test. -The default instance type to be used is `m5.large` for `x86_64` and `m6g.large` for `aarch64`, but can be controlled by setting the environment variable `TESTSYS_INSTANCE_TYPE`. -This is useful while testing NVIDIA variants, since they require instance types with support for NVIDIA GPUs. -Change the commands below to the desired `aws-ecs` variant and AWS region: - -```shell -cargo make \ - -e BUILDSYS_VARIANT="aws-ecs-1" \ - -e BUILDSYS_ARCH="x86_64" \ - build - -cargo make \ - -e BUILDSYS_VARIANT="aws-ecs-1" \ - -e BUILDSYS_ARCH="x86_64" \ - -e PUBLISH_REGIONS="us-west-2" \ - ami - -cargo make \ - -e BUILDSYS_VARIANT="aws-ecs-1" \ - -e BUILDSYS_ARCH="x86_64" \ - test -``` - -```shell -cargo make watch-test -``` - -**Note:** For more information on publishing AMIs see [publishing](PUBLISHING.md). - -### vmware-k8s - -First, an initial management cluster needs to be created using [`EKS Anywhere`](https://anywhere.eks.amazonaws.com/docs/getting-started/production-environment/vsphere-getstarted/#create-an-initial-cluster). -You can then set `TESTSYS_MGMT_CLUSTER_KUBECONFIG` to the path to the management clusters kubeconfig. -You need to [build](BUILDING.md) Bottlerocket and a publicly accessible [TUF repository](https://github.com/bottlerocket-os/bottlerocket/blob/develop/PUBLISHING.md#repo-location) to test VMware variants. -Either `Infra.toml` or your environment need to be configured. -If using environment variables make sure to set the following environment variables: -- GOVC_URL -- GOVC_USERNAME -- GOVC_PASSWORD -- GOVC_DATACENTER -- GOVC_DATASTORE -- GOVC_NETWORK -- GOVC_RESOURCE_POOL -- GOVC_FOLDER - -Testsys will use the data center specified in `Test.toml` first. -If no data center is specified in `Test.toml`, testsys will use the first data center listed in `Infra.toml` -VMware testing also requires a `control-plane-endpoint` to be set in `Test.toml` for vSphere K8s cluster creation. -Change the commands below to the desired `vmware-k8s` variant: - -First, build the VMware variant you want to test. - -```shell -cargo make \ - -e BUILDSYS_VARIANT="vmware-k8s-1.23" \ - -e BUILDSYS_ARCH="x86_64" \ - build -``` - -Build the TUF repo containing the OVA templates. - -```shell -cargo make \ - -e BUILDSYS_VARIANT="vmware-k8s-1.23" \ - -e BUILDSYS_ARCH="x86_64" \ - repo -``` - -Sync TUF repos containing the VMware variant's metadata and targets. -Make sure the TUF repos are accessible via unauthenticated HTTP or HTTPS and match the URLs in `Infra.toml`. - -Now, you can run the test. - -```shell -cargo make \ - -e BUILDSYS_VARIANT="vmware-k8s-1.23" \ - -e BUILDSYS_ARCH="x86_64" \ - test \ - --mgmt-cluster-kubeconfig ${TESTSYS_MGMT_CLUSTER_KUBECONFIG} -``` - -You can monitor the tests with: - -```shell -cargo make watch-test -``` - -### metal-k8s - -First, an initial baremetal management cluster needs to be created using [`EKS Anywhere`](https://anywhere.eks.amazonaws.com/docs/getting-started/production-environment/baremetal-getstarted/#create-an-initial-cluster). -You can then set `TESTSYS_MGMT_CLUSTER_KUBECONFIG` to the path to the management clusters kubeconfig. -You need to [build](BUILDING.md) Bottlerocket and a publicly accessible [TUF repository](https://github.com/bottlerocket-os/bottlerocket/blob/develop/PUBLISHING.md#repo-location) to test metal variants. -In addition to the management cluster, you will need to [prepare a hardware CSV file](https://anywhere.eks.amazonaws.com/docs/reference/baremetal/bare-preparation/#prepare-hardware-inventory) containing all machines you want to provision and a [cluster config](https://anywhere.eks.amazonaws.com/docs/reference/clusterspec/baremetal/) for the cluster. -Create a directory in `tests/shared/clusters` with an identifier for this cluster, i.e cluster1 (`tests/shared/clusters/cluster1`). -In that directory create 2 files, `cluster.yaml` with the EKS Anywhere cluster config, and `hardware.csv`. -In `Test.toml` set `cluster-names = ["cluster1"]` to tell TestSys that we want the cluster config and hardware csv from the directory we just created. - -Metal testing also requires and additional manual step for testing. -The Bottlerocket build system compresses the metal images with lz4, but EKS Anywhere requires them to be gzipped, so before testing make sure to uncompress the lz4 image and gzip it. -Make sure it is downloadable from a URL accessible from the management cluster. -The directory used should be added to `Test.toml` as `os-image-dir`. - -Change the commands below to the desired `metal-k8s` variant: - -First, build the Metal variant you want to test. - -```shell -cargo make \ - -e BUILDSYS_VARIANT="metal-k8s-1.23" \ - -e BUILDSYS_ARCH="x86_64" \ - build -``` - -Build the TUF repo containing the metal images. - -```shell -cargo make \ - -e BUILDSYS_VARIANT="metal-k8s-1.23" \ - -e BUILDSYS_ARCH="x86_64" \ - repo -``` - -Make sure you gzip the metal image and add it to your `os-image-dir`. - -Now, you can run the test. - -```shell -cargo make \ - -e BUILDSYS_VARIANT="metal-k8s-1.23" \ - -e BUILDSYS_ARCH="x86_64" \ - -e TESTSYS_MGMT_CLUSTER_KUBECONFIG=${TESTSYS_MGMT_CLUSTER_KUBECONFIG} - test -``` - -You can monitor the tests with: - -```shell -cargo make watch-test -``` - -## Migration Testing - -Migration testing is used to ensure Bottlerocket can update from one version to a new version and back. -This involves launching Bottlerocket instances, upgrading them, and downgrading them. - -Migration testing launches instances of a starting Bottlerocket version, or a provided initial AMI and migrates instances to the target version. -In order to accomplish this a few artifacts need to be created: -* A publicly accessible TUF repository -* A previous release of Bottlerocket signed with available keys -* The AMI ID for the previous release -* Image artifacts and local TUF repos of said artifacts for current changes - -### The setup - -#### Prepare `Infra.toml` - -We need the URL of an accessible TUF repo so the Bottlerocket instances know where to retrieve the update metadata and targets. -Follow our [publishing guide](PUBLISHING.md#repo-location) to set up TUF repos. -`Infra.toml` is used by testsys to determine TUF repo locations, so `metadata_base_url` and `targets_base_url` need to be set based on the repo that was just created. -The examples below also assume that the default repo is being used in `Infra.toml`, but any repo can be used by setting the `PUBLISH_REPO` environment variable. - -#### Starting Bottlerocket images - -In this example we will use `v1.9.0` as our starting Bottlerocket version, but any tag from Bottlerocket will work. -The following bash script will checkout the proper branch from git and create the build images and TUF repos for testing. - -```shell -git checkout "v1.9.0" -cargo make -cargo make ami -cargo make repo -``` - -Remember to sync your TUF repos with the new metadata and targets. - -#### Target Bottlerocket images - -Now, it's time to create the Bottlerocket artifacts that need to be upgraded to. - -Switch to the working git branch that should be built from. - -```shell -WORKING_BRANCH="develop" -git checkout "${WORKING_BRANCH}" -``` - -Next, build Bottlerocket images and repos and sync TUF repos. -The architecture and variant can be configured with `BUILDSYS_ARCH` and `BUILDSYS_VARIANT`. - -```shell -cargo make -cargo make ami -cargo make repo -``` - -Now, sync your TUF repos with the new metadata and targets. - -This completes the setup and it is time to test migrations! - -### Testing Migrations - -The previous steps set up the artifacts necessary to perform migration testing using `testsys`. -Ensure all environment variables are still set and set them if they aren't. - -To run the migration test set `TESTSYS_TEST=migration` in the `cargo make test` call. -This will automatically determine the AMI that should be used by finding the latest released version of bottlerocket and checking the user's AMIs to find the correct starting AMI ID. -Remember to set the environment variables for the architecture and variant. - -```shell -cargo make -e TESTSYS_TEST=migration test -``` - -To see the state of the tests as they run use `cargo make watch-test`. - -### Testing Workloads - -Workload tests are tests designed to run as an orchestrated container. -A workload test is defined in `Test.toml` with a map named `workloads`. - -```toml -[aws-nvidia] -workloads = { = "" } -``` - -To run the workload test set `TESTSYS_TEST=workload` in the `cargo make test` call. - -```shell -cargo make -e TESTSYS_TEST=workload test -``` - -To see the state of the tests as they run use `cargo make watch-test`. - -For more information can be found in the [TestSys workload documentation](https://github.com/bottlerocket-os/bottlerocket-test-system/tree/develop/bottlerocket/tests/workload). - -### Custom Test Types - -Custom tests can be run with TestSys by calling `cargo make -e TESTSYS_TEST= test -f `. - -First, a test agent needs to be constructed. -The `test-agent-cli` provides an interface for creating bash based testing agents. -Checkout the [runbook](https://github.com/bottlerocket-os/bottlerocket-test-system/blob/develop/agent/test-agent-cli/design/RUNBOOK.md) for instructions on creating an agent. - -Once an agent has been created, the yaml template can be created. -Values from `Test.toml` can be inserted into a yaml manifest so that a single manifest can be used for all variants in a family. - -```yaml -apiVersion: {{api-version}} -kind: Test -metadata: - # The name of the crd created is dependent on the arch and variant for - # the test being run. - name: {{kube-arch}}-{{kube-variant}}-custom - namespace: {{namespace}} -spec: - retries: 5 - agent: - name: custom-test-agent - image: example-test-agent-cli:latest - keepRunning: false - configuration: - clusterName: {{cluster-name}} - instanceType: {{instance-type}} - resources: [] - dependsOn: [] - # The secrets will automatically be populated from the config file, - # no template is needed. - secrets: {} -``` - -After the agent has been build and the yaml file is created, the test can be run using `cargo make -e TESTSYS_TEST= test -f ` diff --git a/TRADEMARKS.md b/TRADEMARKS.md deleted file mode 100644 index c042da8d8..000000000 --- a/TRADEMARKS.md +++ /dev/null @@ -1,94 +0,0 @@ -# TRADEMARK POLICY - -Updated April 13, 2023 - -This Policy provides guidelines for use of the "Bottlerocket" name and logos (the "Bottlerocket Trademarks") to identify the Bottlerocket software. -Amazon.com, Inc. or its affiliates ("Amazon") strives to be a steward of the Bottlerocket brand for the entire Bottlerocket Community and is the owner of the Bottlerocket Trademarks. -As such, the law obligates us to police and protect the trademarks. -Therefore, we require use of the Bottlerocket Trademarks to be in accordance with this Policy. -Indeed, Amazon’s own use is designed to be consistent with this Policy. - -Our goal is to ensure, on behalf of the Bottlerocket Community, that the Bottlerocket Trademark remain reliable indicators of quality and security while also permitting community members, software distributors and others to discuss Bottlerocket and to accurately describe their products’ affiliation with Bottlerocket or the Bottlerocket Community, as well as exercise their rights given Bottlerocket’s open source nature. -Note that this Policy only applies to use of the Bottlerocket Trademarks. - -## Overall Guidelines - -You may use the Bottlerocket Trademarks to refer to the Bottlerocket software provided that your use is in compliance with this Policy. -Any other use of the Bottlerocket Trademarks requires prior written permission. -Overall, your use of the Bottlerocket Trademarks must not be confusing, misleading, false, or damaging to the Bottlerocket software, the Bottlerocket Community or to the Bottlerocket Trademarks themselves. - -People should always know who they are dealing with, and where the software they are downloading and using came from. -You may not use the Bottlerocket Trademarks in any manner that implies approval or endorsement by, or association with, the Bottlerocket project or the Bottlerocket Community. -When using the Bottlerocket Trademarks, your branding should be distinguishable from Bottlerocket trade dress. - -You may not use the Bottlerocket Trademarks in a manner that may diminish or otherwise damage the goodwill in the Bottlerocket Trademarks. -The "Bottlerocket" word mark should be used in its exact form, and not abbreviated or combined with any other word or words (e.g., "Bottlerocket" software rather than "BTLRKT" or "Bottlerocket-ified"). -Similarly, the Bottlerocket logos should not be modified or integrated with your logos or other designs. -You may create a lockup with your logo and a Bottlerocket logo side by side so long as your logo is not confusingly similar to the Bottlerocket logo and appears first and so long as your use complies with this policy. - -Your use of the Bottlerocket Trademarks does not transfer rights in the trademarks or goodwill to you. - -## Uses that do not require permission - -Provided your use complies with this Policy, you may use the Bottlerocket logos to link to the Bottlerocket website, to indicate that your software or service uses the Bottlerocket software, in architecture diagrams to show how your software or service integrates with Bottlerocket, and in presentations, social media posts (but not as your account image or avatar), whitepapers, blog posts, and similar content as a reference to the Bottlerocket project itself. -It should be clear what role the Bottlerocket project or software plays in the context of your software or services. -The Bottlerocket logos should not be more prominent than your own branding. - -Use the official versions of the Bottlerocket logos available for download [here](https://avatars.githubusercontent.com/u/61023959?s=200&v=4). -You may transform the file format itself for ease of use and modify the colors. - -![Original Bottlerocket Logo](https://avatars.githubusercontent.com/u/61023959?s=200&v=4) - -Provided your use complies with this Policy, you may use the "Bottlerocket" word mark to accurately reference the Bottlerocket software, including on your website, in presentations and publications, at events, in advertising and marketing material, etc., for commercial and noncommercial purposes. -You may use the "Bottlerocket" word mark and any logos we placed on the software in connection with a redistribution of an official distribution of the Bottlerocket software that has not been modified or changed in any way. - -Those taking full advantage of the open source nature of the Bottlerocket code may make modifications in accordance with the applicable open source license of Bottlerocket. -You may use the "Bottlerocket" word mark to refer to your modified version of Bottlerocket provided (a) you include an additional identifier indicating you as the source of the modified version (e.g., "Foocorp’s Bottlerocket Derivative"), (b) you clearly identify your modifications and indicate you are the source of the modifications, (c) your use does not suggest any affiliation between Bottlerocket or the Bottlerocket Community and you or your modified version of Bottlerocket, and (d) your use of the "Bottlerocket" word mark should not be more prominent than your additional identifier. - -Those taking advantage of the open source nature of the Bottlerocket code may also offer services for, or software that works with, Bottlerocket or modified versions of Bottlerocket, such as cloud management services. -Users should not be confused as to the source of your software or services. With that in mind, you may use the "Bottlerocket" word mark to refer to services for, or software that works with, Bottlerocket or modified versions of Bottlerocket provided (a) you include an additional identifier indicating you as the source of the software or services (e.g., "Foocorp’s Bottlerocket Tool" or "Foocorp Bottlerocket Service"), (b) if your services or software works with a modified version of Bottlerocket, you clearly identify the modifications and indicate the source of the modifications, (c) your use does not suggest any affiliation between Bottlerocket or the Bottlerocket Community and you or your work, and (d) your use of the "Bottlerocket" mark should not be more prominent than your additional identifier. - -You may also use the "Bottlerocket" word mark to make accurate statements about compatibility and interoperability using relational phrases such as "works with," "runs on," "compatible with," and the like (e.g., "Foocorp Software powered by Bottlerocket" or "Foocorp Software for Bottlerocket" or "Foocorp Software with Bottlerocket compatibility"). - -## Uses that require permission - -The following uses of the Bottlerocket Trademarks require our prior written approval: - -* Use of the Bottlerocket logos in any way other than as expressly authorized by this Policy; -* Use as part of a domain name, except that you may use the Bottlerocket Trademarks in a subdomain name provided your use otherwise complies with this Policy (e.g., Bottlerocket.foocorp.com); -* Use with non-software goods or services (e.g., physical products like devices or services that do not directly use the Bottlerocket software), except that you may use the Bottlerocket Trademarks with a limited number of swag or promotional items not for sale such as t-shirts, lanyards, stickers, mugs, or pens; and -* Use that does not comply with the terms of this Policy. - -You may not use the Bottlerocket Trademarks in connection with use or distribution of the Bottlerocket software, except as permitted by this Policy. - -## Questions - -If you are unsure whether your use of the Bottlerocket Trademarks is permitted under this Policy, feel free to contact us and ask. -If you have questions about these guidelines or use of any other Amazon trademark, please contact trademarks@amazon.com for assistance, or write to us at: - -```text -Amazon.com, Inc. -Attention: Trademarks -PO Box 81226 -Seattle, WA 98108-1226 -``` - -This Policy is based in part on the [open source trademark policy defined by the Mozilla organization](https://www.mozilla.org/en-US/foundation/trademarks/policy/), therefore, the text of this Policy (and not the Bottlerocket Trademarks themselves) is licensed under the Creative Commons "Attribution-ShareAlike 2.0" license. - -## FAQ - -**1. Can I create and redistribute my own builds of Bottlerocket?** - -If you build Bottlerocket from unmodified source and redistribute the results, you may use "Bottlerocket" only if it is clear in both the name of your distribution and the content associated with it that your distribution is your build of Bottlerocket and not the official build, and you must identify the commit from which it is built, including the commit date. - -**2. What OS changes do I need to make to a modified version of Bottlerocket to comply with this Policy?** - -You must modify the os-release file to either use Bottlerocket according to this Policy or to remove the Bottlerocket Trademarks. This can be done by modifying both `packages/release/release.spec` and `tools/rpm2img`. Names of the system root (e.g. `/x86_64-bottlerocket-linux-gnu/sys-root`), partition labels, directory paths, and service file descriptions do not need to be changed to comply with this Policy. - -**3. What can I do if I see abuse of the Bottlerocket Trademarks?** - -If you are aware of confusing or misleading use or other misuse of the Bottlerocket Trademarks, you may contact us as described above at trademarks@amazon.com so we can investigate further. - -**4. This Policy requires modifications and their source to be identified for modified versions of Bottlerocket, where should I put this information?** - -You may put this information in any location that is commonly used to convey differences from an upstream open source project, such as a NOTICE text or end-user documentation. diff --git a/Twoliter.lock b/Twoliter.lock new file mode 100644 index 000000000..19a5f96a5 --- /dev/null +++ b/Twoliter.lock @@ -0,0 +1,11 @@ +schema-version = 1 +release-version = "1.21.0" +kit = [] +digest = "E13P/vjin9ECU74VopEro90+xdiHBb7WkVXjO3jQNSk=" + +[sdk] +name = "bottlerocket-sdk" +version = "0.42.0" +vendor = "bottlerocket" +source = "public.ecr.aws/bottlerocket/bottlerocket-sdk:v0.42.0" +digest = "+Cu8yFgnaFYG5ZQ0eZWRndXxHTLEAR58EhZITbJinLI=" diff --git a/Twoliter.toml b/Twoliter.toml index 0f93e4c7d..cacc9c3c5 100644 --- a/Twoliter.toml +++ b/Twoliter.toml @@ -6,5 +6,5 @@ registry = "public.ecr.aws/bottlerocket" [sdk] name = "bottlerocket-sdk" -version = "0.41.0" +version = "0.42.0" vendor = "bottlerocket" diff --git a/docs/design/settings/extensions/modular-settings-extensions.md b/docs/design/settings/extensions/modular-settings-extensions.md deleted file mode 100644 index c7bb09301..000000000 --- a/docs/design/settings/extensions/modular-settings-extensions.md +++ /dev/null @@ -1,252 +0,0 @@ -# Out-of-Tree Builds and Modular Settings Extensions -## Overview -The settings API is a fundamental aspect of Bottlerocket as a Linux distribution. -Therefore, as a design requirement for out-of-tree Bottlerocket builds, variants must be able to extend Bottlerocket’s settings system with custom settings. -Rather than build a separate system for handling out-of-tree settings, Bottlerocket will move all settings to a modular system -- each setting will have a module installed on the host at runtime. -These modules will be called "Settings Extensions". -Extensions will allow the same ergonomics and features of settings in current Bottlerocket, including the ability to migrate data between versions, render data into service configuration files, and interact with system service restarts - -This document provides an overview of the overhauled settings system, including details about how settings data is stored and communicated between Bottlerocket components, and how settings extensions are developed. -Changes related to how settings extensions are packaged via RPM will be discussed in a separate document. - -## Requirements -In an out-of-tree builds world, settings extensions from multiple different sources (Bottlerocket's core, settings defined by other variants, or your own settings) must all work harmoniously in a built system. -This makes it crucial that all interactions with settings resources adhere to versioned APIs, and that dependencies between settings extensions must be modeled in the build system in a similar way to dependencies on dynamically linked libraries. -Behaviorally, settings changes in other repositories should not cause breaking changes to other variant source trees, since these would constitute an API change and be vended as a new version. -Most of the more specific requirements of the system fall out of these principles: - -* The settings API must support extensions through a series of stable, versioned, documented APIs that can be implemented by binaries and configurations maintained out-of-tree. -* Settings behavior must be determined dynamically at runtime based on the set of installed settings extensions. -* All autonomous interactions with the settings API must explicitly state the settings extension being interacted with, and at what version. -* Migrations between settings representations as we know them today must cease to exist -- settings extensions must independently expose settings at supported interface versions and implement data migrations between them. -* Settings extension interfaces, services, and configurations must all be represented in the build system, with the ability to express dependencies on these artifacts. - -## Settings Extensions -This document provides an overview on the following: -* Storage -* Validation -* Retrieval -* Model migrations -* System configuration via templating -* Defaults generation -* Extensions development with the Settings SDK - -### Setting Representation -Today, Bottlerocket's `apiserver` utilizes models to perform strict validation of settings inputs, which are then serialized to JSON and stored in Bottlerocket's datastore. -The models are defined using Rust structures and are statically compiled into the operating system, using Rust's type system and compiler to subsequently check interactions with these modelled objects. - -In principle, this will remain true -- Bottlerocket will continue to own settings objects which it stores as JSON, and changes will be validated against models on update. -A primary difference here is that the settings objects will be opaque to Bottlerocket's core. -Bottlerocket will understand that settings are JSON objects and be able to make modifications requested when, for example, calling `apiclient set`; however, the changes are then submitted to the settings extensions installed on the system in order to validate the proposed changes. - -### Extension Binaries -All settings in a Bottlerocket host will be described by their own settings extension, which are defined by a binary packaged onto the system and symlinked into a common directory, as well as a configuration file placed in a corresponding `settings.d`-style directory. -Extension binaries must respond to command line arguments following a specified protocol spoken by the Bottlerocket `apiserver`. -The protocol is versioned, so all commands to an extension binary begin with the protocol version (in this document, all commands fall under the initial `proto1` protocol version -- so-named to avoid conflation with settings versions, which will be explained later). -Command line arguments are used to signify the "request" being made of the extension. -Exit codes will be used to signal the status of the request, with formatted output being delivered on `stdout`, and logs delivered on `stderr`. - -As an example, suppose a user wants to set the "message of the day" for their instance: -```bash -$ apiclient set motd="Hello, Bottlerocket!" -``` - -The apiserver would load the current value of `motd` and then create a new object based on the inputted string. -It would then find the extension responsible for `motd` and make a request to determine whether or not the change should proceed: - -```bash -$ motd proto1 set --setting-version v1 --value '"Hello, Bottlerocket!"' # Values are passed as JSON, hence the quoting -``` - -### Extension Naming & Setting Ownership -Every top-level setting in Bottlerocket's API must be owned by a singular extension, and that extension will share a name with the setting. -This name will also be shared by the extension's configuration file and binary components. -This means that whenever the system must interact with a setting (be it via user action on the API, or rendering templates to be used as configuration files), Bottlerocket can identify the setting extension to invoke in order to satisfy that interaction. - -As an example, the following suggests the filesystem layout for a settings extension for the `settings.network` settings: - -``` -usr -└── lib - └── bottlerocket - └── settings - ├── config.d - │   └── network.toml - └── extensions.d - └── network -> /usr/bin/network-extension -``` - -#### Transactional Writes and Cross-Validation -Bottlerocket today is missing a mechanism for cross-validation of settings. -As an example, suppose we want to represent a range of integers in settings by allowing a `setting.min-value` and `setting.max-value` to be set -- it should be possible for settings extensions to set both simultaneously, while also verifying that the state from setting both is valid (`setting.min-value <= setting.max-value`). - -Let us cast this requirement in a different light: imagine an OS administrator wishes to restrict what values can be written to an existing setting -- for example, they may wish to only allow settings values to `network.hosts` so long as they include as a subset the entries mandated by their organization. -To allow this, settings extensions will be capable of registering themselves as a *validator* for any other setting on the host, including settings that they do not own. -When handling write requests for multiple settings in a single transaction, the `apiserver` will first gather the resulting writes that would occur under each settings extension involved in the writes. -Then the `apiserver` will provide the provisional settings state to each settings extension which has been registered as a validator of any of the target settings. -Any one settings extension has the power to halt the transaction by returning a non-zero exit-code on validation. - -Extensions must specify the setting which triggers the validation in their configuration file: - -```toml -# auditor.toml -- setting extension config file for `settings.auditor` -[extension.validates] -network = "v1" -``` - -It is technically valid for an extension to specify that it validates a setting which does not exist; however, such a specification can never be triggered. -In the case that the setting exists but the specified version does not, all validations will result in a failure. -Settings extensions should model their dependency requirements (including validations) in RPM so to avoid cases where the resulting system is missing settings extensions with the appropriate version. - -#### Datastore Layout -Once the `apiserver` has a target set of data to write for a given `set` request and it has been validated by all required validators, it must persist the new settings to the datastore. -Much like the current datastore, stored settings are stored to the filesystem via a particular pattern. - -```bash -datastore/ -└── motd - ├── v1 - │   └── motd.json - └── v2 - └── motd.json -``` -Any data written to directories created during a `set` transaction is moved into the datastore. -Despite only one version of the data being provided, the `apiserver` will populate all versions supported by the settings extension at this time by requesting that the settings extension perform all necessary migrations. -Failure to populate a version listed as "supported" will result in a failed transaction. -See the next section about migrations for more details. - -### Extension Versioning and Migrations -Bottlerocket's settings data model changes frequently: sometimes to support new features, or sometimes to correct mistaken model shapes. -In order to support changes to the settings model, settings must be capable of exposing versioning information about the settings extension, as well as providing faculties for migrating settings data to new versions. -Our versioning scheme will take heavy influence from Kubernetes' scheme for [versioning CustomResourceDefinitions](https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definition-versioning/). -Settings extension versioning information is surfaced through the extension config file: - -```toml -# hostname.toml -- setting extension config file for settings.hostname -[extension] -supported-versions = [ - "v1", - "v2" -] -default-version = "v2" -``` - -Any setting can be written or read at any of the `supported-versions` listed by the extension. -Unversioned requests to read or write this setting are assumed to be the `default-version` and should only take place when a user makes a request using the CLI -- all automated process *should* refer to an explicit version. -During a `set` transaction, the `apiserver` will consider the provided version to be the `canonical-version`, and will ask the settings extension to perform migrations from the `canonical` version to all supported versions using the `migrate` command. -These migrations always begin at the `canonical` version, and settings extensions are free to perform the migrations however they wish; however, Bottlerocket's Settings SDK will provide utilities to help settings developers support a series of linear setting upgrades and downgrades. -Read on for more information about the Settings SDK. - -All migrations are performed and stored at setting-write-time because Bottlerocket rollbacks may result in running an OS with a settings extension which does not support the version at which a given setting is stored. -If Bottlerocket boots and finds that a setting is stored at a value which is not supported by its installed setting extension, it will allow that version to persist unless a new value is `set` by the `apiserver`, at which point it is removed -- this is to attempt to prevent data loss in the case that the image can eventually update to a new image which supports the stored setting version. - -### Configuration Templating -Once Bottlerocket settings are stored in the datastore, they must somehow then be used to influence the behavior of the system. -Fetching settings from the Bottlerocket API/datastore is currently done via two mechanisms: -* Fetching data directly from the API using `apiclient` -* Rendering config files (or just strings) using `schnauzer` - -For open-source tools, Bottlerocket prefers the rendered config file approach, as it doesn't require patching upstream code in order to consume the Bottlerocket API. -First-party tools have no such constraints, and so today there exists tools that take either approach. - -Because settings are discovered at runtime on the system, and indeed may no longer be handled by models written in Rust, it will no longer be feasible to create an `apiclient` with the same strong typing as exists today. -It will instead be preferred that system services, including first-party services, all route their fetching of API settings through their own configuration files, which will be rendered by Bottlerocket whenever the related settings are changed. - -Today, configuration templates are rendered by `schnauzer` using [handlebars](https://handlebarsjs.com/) templates. -`schnauzer` fetches the entirety of the settings tree, defines some useful helper functions, and then uses these as context for rendering the template. -With the introduction of settings extensions, this will change such that templates specify `(name, version)` tuples for all extensions needed to render the template. -These extension specifications will be given within the template as "front matter" -- a TOML block specified at the head of the document and delineated with `+++` as such: - -```toml -+++ -[required-extensions] -hostname = v1 -kubernetes = v1 -+++ -# Below here the template is written as usual -``` - -This will allow Bottlerocket to find the owning extensions for the data needed to render the template. -It also tightly binds the template to a given implementation of the requisite settings, making it much more difficult to accidentally break "downstream" templates with "upstream" changes. - -`schnauzer` can also continue to be invoked as a standalone binary without the need for a templated configuration file. -In those circumstances, you are still required to list your extension dependencies and their version, but these can be done as command line arguments: - -```bash -$ schnauzer --required-extension 'hostname=v1' '{{ network.hostname }}' -``` - -#### Extending Handlebars Helpers -Handlebars has a few utilities for applying simple processes to data in order to format it appropriately for your document; however, you often need to implement your own "helpers" for more complex text formatting. -This is currently done in Bottlerocket by adding helper implementations to the `schnauzer` tool directly. -Bottlerocket settings extensions will expose versioned handlebar helpers: - -```bash -# hostname.toml setting extension config file -[templating.v1] # template helpers are versioned -helpers = [ - "localhost_aliases" -] - - -$ ./hostname proto1 template-helper --version v1 --helper localhost_aliases 'arg1' 'arg2' -# rendered output returned as a string on stdout -``` - -Within the handlerbars template, the helper name will be prepended with `$EXTENSION_NAME.` to avoid collisions with other settings extensions. -As an example, to use the `localhost_aliases` helper above from a template, your template may look something like this: - -``` -{{ hostname.localhost_aliases(arg1, arg2) }} -``` - -### Settings Generation -Some settings have default values which cannot be known statically and must be computed after the system is running. -Bottlerocket settings currently have the ability to compute a default value via something called a "settings generator". -During boot, settings extensions are given a chance to populate settings with default values that are then persisted, effectively determining the setting value for the lifetime of that instance. - -Settings generation often depends on the presence of other settings. -It's also possible for settings to have interdependencies on generation order, for example: - -* `foo.bar` depends on `baz.bot` -* `boz.blop` depends on `foo.bar` - -In order to resolve this, settings generators are allowed to require that they be provided whatever data is currently applied to dependent settings. -The generators are "re-entrant" in that they return a status dictating whether or not they are finished generating, or if they need more data to proceed. -Bottlerocket will iteratively invoke generators until all generation has completed, or in cases where it seems likely that a deadlock has occurred. - -```toml -# setting.toml requires the network and kubernetes settings before it can emit its own -[generation.required] -network = v1 -kubernetes = v2 -``` - -## Settings Extension Development and the Settings SDK -Settings extensions can be written in any programming language, so long as a symlink to a binary speaking the "extension protocol" lands in the right spot on the filesystem. -That said, many settings extensions need to tackle the same challenges: How do we represent and implement settings versions? Migrations? Validation? Template utilities? Rather than forcing all extensions to implement this in isolation, we will create a shared library, called the "Settings SDK", which will be published to crates.io. - -The goal of the settings SDK is to provide standard functions and macros for interfacing with the settings extension protocol. -While our model here provides quite a lot of power to settings extension developers, the SDK would allow us to exert some pressure in the form of opinions on simple ways to manage data or perform migrations. - -As an example, the SDK will provide a Rust trait which can be implemented for each model in order to adequately implement all settings extensions methods on a command line interface. -Once those traits are implemented, you might implement this CLI as such: - -```rust -fn main() -> Result<()> { - bottlerocket_settings_sdk::SettingsExtension::with_models(vec![ - BottlerocketSetting::::model(), - BottlerocketSetting::::model(), - ]) - .run_extension() - .context("Settings extension encountered an error.") -} -``` - -## Asked and Anticipated Questions -### Why not use some existing schema or modeling language to define the shape of settings? -Existing modeling languages are powerful, but even in our existing Bottlerocket settings we have validations which we have implemented as functions in the Rust code (or otherwise wished we had a simple way to do so.) Rather than strip power from settings extensions by dictating that they use one of these modeling languages, we leave it entirely up to the binary to decide how best to validate inputs. -In many cases, this may mean that the binaries carry with them their own implementation of a popular schema language, like JSONschema. - -### How will the `apiserver` handle concurrent requests in the face of transactional writes? -The `apiserver` will use a [filesystem-based](https://man7.org/linux/man-pages/man2/flock.2.html) reader-writer lock to ensure that the datastore is only accessed by concurrent readers or a single writer. Writes which are sent to the `apiserver` while the file is lock are placed in a queue. diff --git a/docs/design/settings/extensions/settings-extension-example.md b/docs/design/settings/extensions/settings-extension-example.md deleted file mode 100644 index caf834bd1..000000000 --- a/docs/design/settings/extensions/settings-extension-example.md +++ /dev/null @@ -1,159 +0,0 @@ -# Settings Extensions Example -This document walks through a typical use-case for Bottlerocket's settings extension system. -Technical details of the design of the settings extension system are described elsewhere. - -## Background -Suppose you are creating a Bottlerocket variant which adds some new daemon software that you've created. -The daemon is configured via a YAML configuration file with a web address. -When the daemon starts, it parses its configuration file for the target address and then begins periodically querying that address for updates. - -You'd like the following behavior to be accomplished: -* You can configure the daemon using the Bottlerocket settings API, the value will be stored in `settings.mydaemon.query-url`. -* Whenever the daemon is reconfigured using the Bottlerocket API, it is automatically restarted with the new configuration. - -In order to do this, we need to create the following resources in our Bottlerocket variant: -* A setting extension crate called `mydaemon-settings` to add the new value `settings.mydaemon.query-url` to the API. -* A `template` which will be rendered using the setting value and used as a configuration for the daemon. -* A `service` file, which tells Bottlerocket how to handle the lifecycle of our daemon process as its settings change. - -## Creating the Settings Extension -The easiest way to create an extension is to create a new Rust package in your project which utilizes the `bottlerocket-settings-sdk` crate. - -``` -├── packages -├── sources -│   └── mydaemon-settings -│   ├── Cargo.toml -│   └── src -│   └── main.rs -└── variants - - -# sources/mydaemon/Cargo.toml -[package] -name = "mydaemon-settings" -... -[dependencies] -bottlerocket-settings-sdk = 1.0 -... -``` - -Implementing the `bottlerocket_settings_sdk::Extension` trait provides a straightforward path to tell Bottlerocket how to validate and store the desired `query-url` setting. - -```rust -#[derive(Serialize, Deserialize, Debug, Default, PartialEq, Clone)] -struct MyDaemonSettingV1 { - query_url: Url, -} - -impl SettingsModel for MyDaemonSettingV1 { - fn get_version() -> &'static str { /* */ } - - fn set(current_value: Option, new_value: Self) -> Result { /* */ } - - // etc -} -``` - -You can then refer to this model when invoking the `SettingsExtension` entrypoint to the SDK: - -```rust -fn main() -> Result<()> { - bottlerocket_settings_sdk::SettingsExtension::with_models(vec![ - BottlerocketSetting::::model(), - ]) - .run_extension() - .context("Settings extension encountered an error.") -} -``` - - -## Configuration File Template -In your variant repository, you will need to create an RPM package which installs `mydaemon` into your custom Bottlerocket variant. -In this package, you will also want to include a templated configuration file, which is what the settings system interacts with: - -``` -├── packages -│ └── mydaemon -│ ├── build.rs -│ ├── Cargo.toml -│ ├── mydaemon.spec -│ ├── mydaemon.template.yaml -│ └── pkg.rs -├── sources -└── variants - -# mydaemon.template.toml ---- -[required-extensions] -mydaemon: v1 ---- -query-url: {{ mydaemon.query-url }} -``` -The configuration template includes "frontmatter" which informs the settings system to use settings values owned by the `mydaemon` extension, then the rest of the template is used to render the configuration file. - -## Service File -Changing settings typically results in changes to configuration file templates, which results in systemd services being restarted to trigger the change in behavior. -You should specify a `mydaemon.service` systemd service file which will be installed into the Bottlerocket system and used to manage the lifecycle of your daemon. - -``` -├── packages -│ └── mydaemon -│ └── ... -│ └── mydaemon.service -├── sources -└── variants -``` - -## Resulting Disk Layout -We've discussed constructing a setting, using a configuration file template, and associating that with a service. -The Bottlerocket build system must arrange these files on disk to produce an image file. -This section discusses how the various artifacts will be arranged on a running system. - -### Settings Extension Binaries -Extension binaries are stored under `sys-root/usr/libexec` and symlinked into `sys-root/usr/libexec/settings`. -`sys-root/usr/share/settings` will also hold the config file for the settings extensions, which will be named `${SETTING_NAME}.toml` -The setting owned by the extension will share a name with the symlink. - - -For example, the extension for `my-daemon` may be installed like so: -``` -sys-root -└── usr - ├── libexec - │   ├── my-daemon-settings-extension - │   └── settings - │   └── my-daemon -> ../my-daemon-settings-extension - └── share - └── settings - └── my-daemon.toml -``` - -In this case, Bottlerocket will use the extension symlinked to `sys-root/usr/libexec/settings/my-daemon` to control all settings named `my-daemon.$SETTING_NAME`. - -### Configuration Templates - -Templates will continue to be stored in their location in current Bottlerocket under `sys-root/usr/share/templates`; however, the format will change to support arbitrarily associating these templates to services. - -In the below case, the configuration file for `my-daemon` is templated into a file called `my-daemon-conf.template`. -We've configured, via symlink, the `my-daemon.service` service to be restarted whenever the `my-daemon-conf` template is re-rendered. - -``` -sys-root -└── usr - └── share - └── templates - ├── my-daemon-conf.template - ├── my-daemon-conf.template.affected-services - │    └── my-daemon.service -> /etc/systemd/system/my-daemon.service - └── my-daemon-conf.template.rendered-to -    └── render-my-daemon-conf.conf -``` - -`my-daemon-conf.template.rendered-to/render-my-daemon-conf.conf` contains instructions similar to `systemd-tmpfiles.d` explaining locations to which the rendered template will be placed. -The format of this file dictates the resulting file location, mode, UID, and GID of the resulting file: - -``` -/etc/mydaemon/mydaemon.json - - - -/etc/mydeamon.env 0755 root root -``` diff --git a/kits/bottlerocket-core-kit/Cargo.toml b/kits/bottlerocket-core-kit/Cargo.toml new file mode 100644 index 000000000..7b98334fa --- /dev/null +++ b/kits/bottlerocket-core-kit/Cargo.toml @@ -0,0 +1,128 @@ +[package] +name = "bottlerocket-core-kit" +version = "0.1.0" +edition = "2021" +publish = false +build = "../build.rs" + +[package.metadata.build-kit] +vendor = "bottlerocket" + +[lib] +path = "../kit.rs" + +[build-dependencies] +acpid = { path = "../../packages/acpid" } +amazon-ssm-agent = { path = "../../packages/amazon-ssm-agent" } +aws-iam-authenticator = { path = "../../packages/aws-iam-authenticator" } +aws-signing-helper = { path = "../../packages/aws-signing-helper" } +bash = { path = "../../packages/bash" } +binutils = { path = "../../packages/binutils" } +chrony = { path = "../../packages/chrony" } +cni = { path = "../../packages/cni" } +cni-plugins = { path = "../../packages/cni-plugins" } +conntrack-tools = { path = "../../packages/conntrack-tools" } +containerd = { path = "../../packages/containerd" } +coreutils = { path = "../../packages/coreutils" } +dbus-broker = { path = "../../packages/dbus-broker" } +docker-cli = { path = "../../packages/docker-cli" } +docker-engine = { path = "../../packages/docker-engine" } +docker-init = { path = "../../packages/docker-init" } +e2fsprogs = { path = "../../packages/e2fsprogs" } +early-boot-config = { path = "../../packages/early-boot-config" } +ecr-credential-provider-1_27 = { path = "../../packages/ecr-credential-provider-1.27" } +ecr-credential-provider-1_29 = { path = "../../packages/ecr-credential-provider-1.29" } +ecr-credential-provider-1_30 = { path = "../../packages/ecr-credential-provider-1.30" } +ecr-credential-provider = { path = "../../packages/ecr-credential-provider" } +ecs-agent = { path = "../../packages/ecs-agent" } +ecs-gpu-init = { path = "../../packages/ecs-gpu-init" } +ethtool = { path = "../../packages/ethtool" } +filesystem = { path = "../../packages/filesystem" } +findutils = { path = "../../packages/findutils" } +glibc = { path = "../../packages/glibc" } +grep = { path = "../../packages/grep" } +grub = { path = "../../packages/grub" } +host-ctr = { path = "../../packages/host-ctr" } +iproute = { path = "../../packages/iproute" } +iptables = { path = "../../packages/iptables" } +iputils = { path = "../../packages/iputils" } +kernel-5_10 = { path = "../../packages/kernel-5.10" } +kernel-5_15 = { path = "../../packages/kernel-5.15" } +kernel-6_1 = { path = "../../packages/kernel-6.1" } +kexec-tools = { path = "../../packages/kexec-tools" } +keyutils = { path = "../../packages/keyutils" } +kmod-5_10-nvidia = { path = "../../packages/kmod-5.10-nvidia" } +kmod-5_15-nvidia = { path = "../../packages/kmod-5.15-nvidia" } +kmod-6_1-nvidia = { path = "../../packages/kmod-6.1-nvidia" } +kmod = { path = "../../packages/kmod" } +kubernetes-1_23 = { path = "../../packages/kubernetes-1.23" } +kubernetes-1_24 = { path = "../../packages/kubernetes-1.24" } +kubernetes-1_25 = { path = "../../packages/kubernetes-1.25" } +kubernetes-1_26 = { path = "../../packages/kubernetes-1.26" } +kubernetes-1_27 = { path = "../../packages/kubernetes-1.27" } +kubernetes-1_28 = { path = "../../packages/kubernetes-1.28" } +kubernetes-1_29 = { path = "../../packages/kubernetes-1.29" } +kubernetes-1_30 = { path = "../../packages/kubernetes-1.30" } +libacl = { path = "../../packages/libacl" } +libattr = { path = "../../packages/libattr" } +libaudit = { path = "../../packages/libaudit" } +libcap = { path = "../../packages/libcap" } +libdbus = { path = "../../packages/libdbus" } +libelf = { path = "../../packages/libelf" } +libexpat = { path = "../../packages/libexpat" } +libffi = { path = "../../packages/libffi" } +libgcc = { path = "../../packages/libgcc" } +libglib = { path = "../../packages/libglib" } +libinih = { path = "../../packages/libinih" } +libiw = { path = "../../packages/libiw" } +libkcapi = { path = "../../packages/libkcapi" } +libmnl = { path = "../../packages/libmnl" } +libncurses = { path = "../../packages/libncurses" } +libnetfilter_conntrack = { path = "../../packages/libnetfilter_conntrack" } +libnetfilter_cthelper = { path = "../../packages/libnetfilter_cthelper" } +libnetfilter_cttimeout = { path = "../../packages/libnetfilter_cttimeout" } +libnetfilter_queue = { path = "../../packages/libnetfilter_queue" } +libnfnetlink = { path = "../../packages/libnfnetlink" } +libnftnl = { path = "../../packages/libnftnl" } +libnl = { path = "../../packages/libnl" } +libnvidia-container = { path = "../../packages/libnvidia-container" } +libnvme = { path = "../../packages/libnvme" } +libpcre = { path = "../../packages/libpcre" } +libseccomp = { path = "../../packages/libseccomp" } +libselinux = { path = "../../packages/libselinux" } +libsemanage = { path = "../../packages/libsemanage" } +libsepol = { path = "../../packages/libsepol" } +libstd-rust = { path = "../../packages/libstd-rust" } +libtirpc = { path = "../../packages/libtirpc" } +liburcu = { path = "../../packages/liburcu" } +libxcrypt = { path = "../../packages/libxcrypt" } +libz = { path = "../../packages/libz" } +libzstd = { path = "../../packages/libzstd" } +linux-firmware = { path = "../../packages/linux-firmware" } +login = { path = "../../packages/login" } +makedumpfile = { path = "../../packages/makedumpfile" } +mdadm = { path = "../../packages/mdadm" } +microcode = { path = "../../packages/microcode" } +netdog = {path = "../../packages/netdog" } +nvidia-container-toolkit = { path = "../../packages/nvidia-container-toolkit" } +nvidia-k8s-device-plugin = { path = "../../packages/nvidia-k8s-device-plugin" } +nvme-cli = { path = "../../packages/nvme-cli" } +oci-add-hooks = { path = "../../packages/oci-add-hooks" } +open-vm-tools = { path = "../../packages/open-vm-tools" } +os = { path = "../../packages/os" } +pigz = { path = "../../packages/pigz" } +policycoreutils = { path = "../../packages/policycoreutils" } +procps = { path = "../../packages/procps" } +readline = { path = "../../packages/readline" } +release = { path = "../../packages/release" } +runc = { path = "../../packages/runc" } +selinux-policy = { path = "../../packages/selinux-policy" } +shim = { path = "../../packages/shim" } +socat = { path = "../../packages/socat" } +soci-snapshotter = { path = "../../packages/soci-snapshotter" } +static-pods = { path = "../../packages/static-pods" } +strace = { path = "../../packages/strace" } +systemd = { path = "../../packages/systemd" } +util-linux = { path = "../../packages/util-linux" } +wicked = { path = "../../packages/wicked" } +xfsprogs = { path = "../../packages/xfsprogs" } diff --git a/variants/build.rs b/kits/build.rs similarity index 66% rename from variants/build.rs rename to kits/build.rs index d6a90e4df..669c934ee 100644 --- a/variants/build.rs +++ b/kits/build.rs @@ -1,7 +1,7 @@ use std::process::{exit, Command}; fn main() -> Result<(), std::io::Error> { - let ret = Command::new("buildsys").arg("build-variant").status()?; + let ret = Command::new("buildsys").arg("build-kit").status()?; if !ret.success() { exit(1); } diff --git a/variants/variants.rs b/kits/kit.rs similarity index 100% rename from variants/variants.rs rename to kits/kit.rs diff --git a/packages/os/Cargo.toml b/packages/os/Cargo.toml index f8f91bea5..536347ac3 100644 --- a/packages/os/Cargo.toml +++ b/packages/os/Cargo.toml @@ -33,12 +33,6 @@ glibc = { path = "../glibc" } # RPM Requires [dependencies] -# FIXME: this dependency will be removed when this package moves out of tree. -settings-plugins = { path = "../settings-plugins" } - -# FIXME: this dependency will also be removed -settings-defaults = { path = "../settings-defaults" } - # We depend on these packages at runtime, and are expected to be pulled in # by way of the `release` package. # `host-ctr` for host containers functionality diff --git a/packages/os/os.spec b/packages/os/os.spec index 7287d4968..d091701bc 100644 --- a/packages/os/os.spec +++ b/packages/os/os.spec @@ -194,11 +194,6 @@ Summary: Bottlerocket log extractor %description -n %{_cross_os}logdog use logdog to extract logs from the Bottlerocket host -%package -n %{_cross_os}migrations -Summary: Thar data store migrations -%description -n %{_cross_os}migrations -%{summary}. - %package -n %{_cross_os}prairiedog Summary: Tools for kdump support Requires: %{_cross_os}kexec-tools @@ -280,9 +275,8 @@ Summary: XFS progs cli %build mkdir bin -# We want to build some components statically: -# * apiclient, because it needs to run from containers that don't have the same libraries available. -# * migrations, because they need to run after a system update where available libraries can change. +# We want to build apiclient statically, because it needs to run from containers that don't have +# the same libraries available. # # Most of our components don't need to be static, though. This means we run cargo once for static # and once for non-static. There's a long tail of crate builds for each of these that can be @@ -290,13 +284,6 @@ mkdir bin # static build in the background, run the non-static (main) build in the foreground, and then wait # for the static build and print its output afterward. A failure of either will stop the build. -# For static builds, first we find the migrations in the source tree. We assume the directory name -# is the same as the crate name. -migrations=() -for migration in $(find %{_builddir}/sources/api/migration/migrations/v[0-9]* -mindepth 1 -maxdepth 1 -type d); do - migrations+=("-p $(basename ${migration})") -done - # Since RPM automatically logs the commands that run, and since we want to display those commands # along with the output from the background job, we do some file descriptor juggling below. # exec 3>&1 4>&2 - save stdout and stderr to fds 3 and 4 @@ -310,7 +297,6 @@ exec 1>"${static_output}" 2>&1 # Build static binaries in the background. %cargo_build_static --manifest-path %{_builddir}/sources/Cargo.toml \ -p apiclient \ - ${migrations[*]} \ & # Save the PID so we can wait for it later. static_pid="$!" @@ -458,22 +444,6 @@ for p in apiclient ; do install -p -m 0755 ${HOME}/.cache/.static/%{__cargo_target_static}/release/${p} %{buildroot}%{_cross_bindir} done -install -d %{buildroot}%{_cross_datadir}/migrations -for version_path in %{_builddir}/sources/api/migration/migrations/v[0-9]*; do - [ -e "${version_path}" ] || continue - for migration_path in "${version_path}"/*; do - [ -e "${migration_path}" ] || continue - - version="${version_path##*/}" - crate_name="${migration_path##*/}" - migration_binary_name="migrate_${version}_${crate_name#migrate-}" - built_path="${HOME}/.cache/.static/%{__cargo_target_static}/release/${crate_name}" - target_path="%{buildroot}%{_cross_datadir}/migrations/${migration_binary_name}" - - install -m 0555 "${built_path}" "${target_path}" - done -done - install -d %{buildroot}%{_cross_datadir}/bottlerocket install -d %{buildroot}%{_cross_sysusersdir} @@ -592,10 +562,6 @@ install -p -m 0644 %{S:400} %{S:401} %{S:402} %{buildroot}%{_cross_licensedir} %{_cross_bindir}/migrator %{_cross_tmpfilesdir}/migration.conf -%files -n %{_cross_os}migrations -%dir %{_cross_datadir}/migrations -%{_cross_datadir}/migrations - %files -n %{_cross_os}settings-committer %{_cross_bindir}/settings-committer diff --git a/packages/settings-defaults/Cargo.toml b/packages/settings-defaults/Cargo.toml deleted file mode 100644 index cb9809bc5..000000000 --- a/packages/settings-defaults/Cargo.toml +++ /dev/null @@ -1,21 +0,0 @@ -[package] -name = "settings-defaults" -version = "0.1.0" -edition = "2021" -publish = false -build = "../build.rs" - -[lib] -path = "../packages.rs" - -[package.metadata.build-package] -source-groups = [ - "settings-defaults" -] - -# RPM BuildRequires -[build-dependencies] -glibc = { path = "../glibc" } - -# RPM Requires -[dependencies] diff --git a/packages/settings-defaults/settings-defaults.spec b/packages/settings-defaults/settings-defaults.spec deleted file mode 100644 index 9b9d37748..000000000 --- a/packages/settings-defaults/settings-defaults.spec +++ /dev/null @@ -1,365 +0,0 @@ -%global _cross_first_party 1 -%undefine _debugsource_packages - -%global cargo_clean %{__cargo_cross_env} %{__cargo} clean - -%global _cross_defaultsdir %{_cross_datadir}/storewolf - -Name: %{_cross_os}settings-defaults -Version: 0.0 -Release: 0%{?dist} -Summary: Settings defaults -License: Apache-2.0 OR MIT -URL: https://github.com/bottlerocket-os/bottlerocket -BuildRequires: %{_cross_os}glibc-devel -Requires: %{_cross_os}settings-defaults(any) - -%description -%{summary}. - -%package aws-dev -Summary: Settings defaults for the aws-dev variant -Requires: %{_cross_os}variant(aws-dev) -Provides: %{_cross_os}settings-defaults(any) -Provides: %{_cross_os}settings-defaults(aws-dev) -Conflicts: %{_cross_os}settings-defaults(any) - -%description aws-dev -%{summary}. - -%package aws-ecs-1 -Summary: Settings defaults for the aws-ecs-1 variant -Requires: %{_cross_os}variant(aws-ecs-1) -Provides: %{_cross_os}settings-defaults(any) -Provides: %{_cross_os}settings-defaults(aws-ecs-1) -Conflicts: %{_cross_os}settings-defaults(any) - -%description aws-ecs-1 -%{summary}. - -%package aws-ecs-1-nvidia -Summary: Settings defaults for the aws-ecs-1-nvidia variant -Requires: %{_cross_os}variant(aws-ecs-1-nvidia) -Provides: %{_cross_os}settings-defaults(any) -Provides: %{_cross_os}settings-defaults(aws-ecs-1-nvidia) -Conflicts: %{_cross_os}settings-defaults(any) - -%description aws-ecs-1-nvidia -%{summary}. - -%package aws-ecs-2 -Summary: Settings defaults for the aws-ecs-2 variant -Requires: %{_cross_os}variant(aws-ecs-2) -Provides: %{_cross_os}settings-defaults(any) -Provides: %{_cross_os}settings-defaults(aws-ecs-2) -Conflicts: %{_cross_os}settings-defaults(any) - -%description aws-ecs-2 -%{summary}. - -%package aws-ecs-2-nvidia -Summary: Settings defaults for the aws-ecs-2-nvidia variant -Requires: %{_cross_os}variant(aws-ecs-2-nvidia) -Provides: %{_cross_os}settings-defaults(any) -Provides: %{_cross_os}settings-defaults(aws-ecs-2-nvidia) -Conflicts: %{_cross_os}settings-defaults(any) - -%description aws-ecs-2-nvidia -%{summary}. - -%package aws-k8s-1.24 -Summary: Settings defaults for the aws-k8s 1.23 and 1.24 variants -Requires: (%{_cross_os}variant(aws-k8s-1.23) or %{_cross_os}variant(aws-k8s-1.24)) -Provides: %{_cross_os}settings-defaults(any) -Provides: %{_cross_os}settings-defaults(aws-k8s-1.23) -Provides: %{_cross_os}settings-defaults(aws-k8s-1.24) -Conflicts: %{_cross_os}settings-defaults(any) - -%description aws-k8s-1.24 -%{summary}. - -%package aws-k8s-1.24-nvidia -Summary: Settings defaults for the aws-k8s 1.23 and 1.24 nvidia variants -Requires: (%{_cross_os}variant(aws-k8s-1.23-nvidia) or %{_cross_os}variant(aws-k8s-1.24-nvidia)) -Provides: %{_cross_os}settings-defaults(any) -Provides: %{_cross_os}settings-defaults(aws-k8s-1.23-nvidia) -Provides: %{_cross_os}settings-defaults(aws-k8s-1.24-nvidia) -Conflicts: %{_cross_os}settings-defaults(any) - -%description aws-k8s-1.24-nvidia -%{summary}. - -%package aws-k8s-1.25 -Summary: Settings defaults for the aws-k8s-1.25 variant -Requires: %{_cross_os}variant(aws-k8s-1.25) -Provides: %{_cross_os}settings-defaults(any) -Provides: %{_cross_os}settings-defaults(aws-k8s-1.25) -Conflicts: %{_cross_os}settings-defaults(any) - -%description aws-k8s-1.25 -%{summary}. - -%package aws-k8s-1.25-nvidia -Summary: Settings defaults for the aws-k8s-1.25-nvidia variant -Requires: %{_cross_os}variant(aws-k8s-1.25-nvidia) -Provides: %{_cross_os}settings-defaults(any) -Provides: %{_cross_os}settings-defaults(aws-k8s-1.25-nvidia) -Conflicts: %{_cross_os}settings-defaults(any) - -%description aws-k8s-1.25-nvidia -%{summary}. - -%package aws-k8s-1.26 -Summary: Settings defaults for the aws-k8s-1.26 variant -Requires: %{_cross_os}variant(aws-k8s-1.26) -Provides: %{_cross_os}settings-defaults(any) -Provides: %{_cross_os}settings-defaults(aws-k8s-1.26) -Conflicts: %{_cross_os}settings-defaults(any) - -%description aws-k8s-1.26 -%{summary}. - -%package aws-k8s-1.26-nvidia -Summary: Settings defaults for the aws-k8s-1.26-nvidia variant -Requires: %{_cross_os}variant(aws-k8s-1.26-nvidia) -Provides: %{_cross_os}settings-defaults(any) -Provides: %{_cross_os}settings-defaults(aws-k8s-1.26-nvidia) -Conflicts: %{_cross_os}settings-defaults(any) - -%description aws-k8s-1.26-nvidia -%{summary}. - -%package aws-k8s-1.30 -Summary: Settings defaults for the aws-k8s 1.27 through 1.30 variants -Requires: (%{shrink: - %{_cross_os}variant(aws-k8s-1.27) or - %{_cross_os}variant(aws-k8s-1.28) or - %{_cross_os}variant(aws-k8s-1.29) or - %{_cross_os}variant(aws-k8s-1.30) - %{nil}}) -Provides: %{_cross_os}settings-defaults(any) -Provides: %{_cross_os}settings-defaults(aws-k8s-1.27) -Provides: %{_cross_os}settings-defaults(aws-k8s-1.28) -Provides: %{_cross_os}settings-defaults(aws-k8s-1.29) -Provides: %{_cross_os}settings-defaults(aws-k8s-1.30) -Conflicts: %{_cross_os}settings-defaults(any) - -%description aws-k8s-1.30 -%{summary}. - -%package aws-k8s-1.30-nvidia -Summary: Settings defaults for the aws-k8s 1.27 through 1.30 nvidia variants -Requires: (%{shrink: - %{_cross_os}variant(aws-k8s-1.27-nvidia) or - %{_cross_os}variant(aws-k8s-1.28-nvidia) or - %{_cross_os}variant(aws-k8s-1.29-nvidia) or - %{_cross_os}variant(aws-k8s-1.30-nvidia) - %{nil}}) -Provides: %{_cross_os}settings-defaults(any) -Provides: %{_cross_os}settings-defaults(aws-k8s-1.27-nvidia) -Provides: %{_cross_os}settings-defaults(aws-k8s-1.28-nvidia) -Provides: %{_cross_os}settings-defaults(aws-k8s-1.29-nvidia) -Provides: %{_cross_os}settings-defaults(aws-k8s-1.30-nvidia) -Conflicts: %{_cross_os}settings-defaults(any) - -%description aws-k8s-1.30-nvidia -%{summary}. - -%package metal-dev -Summary: Settings defaults for the metal-dev variant -Requires: %{_cross_os}variant(metal-dev) -Provides: %{_cross_os}settings-defaults(any) -Provides: %{_cross_os}settings-defaults(metal-dev) -Conflicts: %{_cross_os}settings-defaults(any) - -%description metal-dev -%{summary}. - -%package metal-k8s-1.30 -Summary: Settings defaults for the metal-k8s 1.27 through 1.30 variants -Requires: (%{shrink: - %{_cross_os}variant(metal-k8s-1.27) or - %{_cross_os}variant(metal-k8s-1.28) or - %{_cross_os}variant(metal-k8s-1.29) or - %{_cross_os}variant(metal-k8s-1.30) - %{nil}}) -Provides: %{_cross_os}settings-defaults(any) -Provides: %{_cross_os}settings-defaults(metal-k8s-1.27) -Provides: %{_cross_os}settings-defaults(metal-k8s-1.28) -Provides: %{_cross_os}settings-defaults(metal-k8s-1.29) -Provides: %{_cross_os}settings-defaults(metal-k8s-1.30) -Conflicts: %{_cross_os}settings-defaults(any) - -%description metal-k8s-1.30 -%{summary}. - -%package vmware-dev -Summary: Settings defaults for the vmware-dev variant -Requires: %{_cross_os}variant(vmware-dev) -Provides: %{_cross_os}settings-defaults(any) -Provides: %{_cross_os}settings-defaults(vmware-dev) -Conflicts: %{_cross_os}settings-defaults(any) - -%description vmware-dev -%{summary}. - -%package vmware-k8s-1.30 -Summary: Settings defaults for the vmware-k8s 1.27 through 1.30 variants -Requires: (%{shrink: - %{_cross_os}variant(vmware-k8s-1.27) or - %{_cross_os}variant(vmware-k8s-1.28) or - %{_cross_os}variant(vmware-k8s-1.29) or - %{_cross_os}variant(vmware-k8s-1.30) - %{nil}}) -Provides: %{_cross_os}settings-defaults(any) -Provides: %{_cross_os}settings-defaults(vmware-k8s-1.27) -Provides: %{_cross_os}settings-defaults(vmware-k8s-1.28) -Provides: %{_cross_os}settings-defaults(vmware-k8s-1.29) -Provides: %{_cross_os}settings-defaults(vmware-k8s-1.30) -Conflicts: %{_cross_os}settings-defaults(any) - -%description vmware-k8s-1.30 -%{summary}. - -%prep -%setup -T -c -%cargo_prep - -%build -declare -a projects -for defaults in \ - aws-dev \ - aws-ecs-1 \ - aws-ecs-1-nvidia \ - aws-ecs-2 \ - aws-ecs-2-nvidia \ - aws-k8s-1.24 \ - aws-k8s-1.24-nvidia \ - aws-k8s-1.25 \ - aws-k8s-1.25-nvidia \ - aws-k8s-1.26 \ - aws-k8s-1.26-nvidia \ - aws-k8s-1.30 \ - aws-k8s-1.30-nvidia \ - metal-dev \ - metal-k8s-1.30 \ - vmware-dev \ - vmware-k8s-1.30 \ - ; -do - projects+=( "-p" "settings-defaults-$(echo "${defaults}" | sed -e 's,\.,_,g')" ) -done - -# Output is written to an unpredictable directory name, so clean it up first to -# avoid reusing any cached artifacts. -%cargo_clean --manifest-path %{_builddir}/sources/Cargo.toml \ - "${projects[@]}" \ - %{nil} - -%cargo_build --manifest-path %{_builddir}/sources/Cargo.toml \ - "${projects[@]}" \ - %{nil} - -%install -install -d %{buildroot}%{_cross_defaultsdir} -install -d %{buildroot}%{_cross_tmpfilesdir} - -for defaults in \ - aws-dev \ - aws-ecs-1 \ - aws-ecs-1-nvidia \ - aws-ecs-2 \ - aws-ecs-2-nvidia \ - aws-k8s-1.24 \ - aws-k8s-1.24-nvidia \ - aws-k8s-1.25 \ - aws-k8s-1.25-nvidia \ - aws-k8s-1.26 \ - aws-k8s-1.26-nvidia \ - aws-k8s-1.30 \ - aws-k8s-1.30-nvidia \ - metal-dev \ - metal-k8s-1.30 \ - vmware-dev \ - vmware-k8s-1.30 \ - ; -do - crate="$(echo "${defaults}" | sed -e 's,\.,_,g')" - for f in $(find "${HOME}/.cache" -name "settings-defaults-${crate}.toml") ; do - install -p -m 0644 "${f}" "%{buildroot}%{_cross_defaultsdir}/${defaults}.toml" - done - echo \ - "L+ /etc/storewolf/defaults.toml - - - - %{_cross_defaultsdir}/${defaults}.toml" > \ - "%{buildroot}%{_cross_tmpfilesdir}/storewolf-defaults-${defaults}.conf" -done - -%files -%dir %{_cross_defaultsdir} - -%files aws-dev -%{_cross_defaultsdir}/aws-dev.toml -%{_cross_tmpfilesdir}/storewolf-defaults-aws-dev.conf - -%files aws-ecs-1 -%{_cross_defaultsdir}/aws-ecs-1.toml -%{_cross_tmpfilesdir}/storewolf-defaults-aws-ecs-1.conf - -%files aws-ecs-1-nvidia -%{_cross_defaultsdir}/aws-ecs-1-nvidia.toml -%{_cross_tmpfilesdir}/storewolf-defaults-aws-ecs-1-nvidia.conf - -%files aws-ecs-2 -%{_cross_defaultsdir}/aws-ecs-2.toml -%{_cross_tmpfilesdir}/storewolf-defaults-aws-ecs-2.conf - -%files aws-ecs-2-nvidia -%{_cross_defaultsdir}/aws-ecs-2-nvidia.toml -%{_cross_tmpfilesdir}/storewolf-defaults-aws-ecs-2-nvidia.conf - -%files aws-k8s-1.24 -%{_cross_defaultsdir}/aws-k8s-1.24.toml -%{_cross_tmpfilesdir}/storewolf-defaults-aws-k8s-1.24.conf - -%files aws-k8s-1.24-nvidia -%{_cross_defaultsdir}/aws-k8s-1.24-nvidia.toml -%{_cross_tmpfilesdir}/storewolf-defaults-aws-k8s-1.24-nvidia.conf - -%files aws-k8s-1.25 -%{_cross_defaultsdir}/aws-k8s-1.25.toml -%{_cross_tmpfilesdir}/storewolf-defaults-aws-k8s-1.25.conf - -%files aws-k8s-1.25-nvidia -%{_cross_defaultsdir}/aws-k8s-1.25-nvidia.toml -%{_cross_tmpfilesdir}/storewolf-defaults-aws-k8s-1.25-nvidia.conf - -%files aws-k8s-1.26 -%{_cross_defaultsdir}/aws-k8s-1.26.toml -%{_cross_tmpfilesdir}/storewolf-defaults-aws-k8s-1.26.conf - -%files aws-k8s-1.26-nvidia -%{_cross_defaultsdir}/aws-k8s-1.26-nvidia.toml -%{_cross_tmpfilesdir}/storewolf-defaults-aws-k8s-1.26-nvidia.conf - -%files aws-k8s-1.30 -%{_cross_defaultsdir}/aws-k8s-1.30.toml -%{_cross_tmpfilesdir}/storewolf-defaults-aws-k8s-1.30.conf - -%files aws-k8s-1.30-nvidia -%{_cross_defaultsdir}/aws-k8s-1.30-nvidia.toml -%{_cross_tmpfilesdir}/storewolf-defaults-aws-k8s-1.30-nvidia.conf - -%files metal-dev -%{_cross_defaultsdir}/metal-dev.toml -%{_cross_tmpfilesdir}/storewolf-defaults-metal-dev.conf - -%files metal-k8s-1.30 -%{_cross_defaultsdir}/metal-k8s-1.30.toml -%{_cross_tmpfilesdir}/storewolf-defaults-metal-k8s-1.30.conf - -%files vmware-dev -%{_cross_defaultsdir}/vmware-dev.toml -%{_cross_tmpfilesdir}/storewolf-defaults-vmware-dev.conf - -%files vmware-k8s-1.30 -%{_cross_defaultsdir}/vmware-k8s-1.30.toml -%{_cross_tmpfilesdir}/storewolf-defaults-vmware-k8s-1.30.conf diff --git a/packages/settings-plugins/Cargo.toml b/packages/settings-plugins/Cargo.toml deleted file mode 100644 index 363cfac42..000000000 --- a/packages/settings-plugins/Cargo.toml +++ /dev/null @@ -1,21 +0,0 @@ -[package] -name = "settings-plugins" -version = "0.1.0" -edition = "2021" -publish = false -build = "../build.rs" - -[lib] -path = "../packages.rs" - -[package.metadata.build-package] -source-groups = [ - "settings-plugins" -] - -# RPM BuildRequires -[build-dependencies] -glibc = { path = "../glibc" } - -# RPM Requires -[dependencies] diff --git a/packages/settings-plugins/settings-plugins.spec b/packages/settings-plugins/settings-plugins.spec deleted file mode 100644 index 184b84ae8..000000000 --- a/packages/settings-plugins/settings-plugins.spec +++ /dev/null @@ -1,208 +0,0 @@ -%global _cross_first_party 1 -%undefine _debugsource_packages - -%global _cross_pluginsdir %{_cross_libdir}/settings-plugins - -Name: %{_cross_os}settings-plugins -Version: 0.0 -Release: 0%{?dist} -Summary: Settings plugins -License: Apache-2.0 OR MIT -URL: https://github.com/bottlerocket-os/bottlerocket -BuildRequires: %{_cross_os}glibc-devel -Requires: %{_cross_os}glibc-devel -Requires: %{_cross_os}settings-plugin(any) - -%description -%{summary}. - -%package aws-dev -Summary: Settings plugin for the aws-dev variant -Requires: %{_cross_os}variant(aws-dev) -Provides: %{_cross_os}settings-plugin(any) -Provides: %{_cross_os}settings-plugin(aws-dev) -Conflicts: %{_cross_os}settings-plugin(any) - -%description aws-dev -%{summary}. - -%package aws-ecs-1 -Summary: Settings plugin for the aws-ecs-1 variant -Requires: (%{_cross_os}variant(aws-ecs-1) or %{_cross_os}variant(aws-ecs-1-nvidia)) -Provides: %{_cross_os}settings-plugin(any) -Provides: %{_cross_os}settings-plugin(aws-ecs-1) -Provides: %{_cross_os}settings-plugin(aws-ecs-1-nvidia) -Conflicts: %{_cross_os}settings-plugin(any) - -%description aws-ecs-1 -%{summary}. - -%package aws-ecs-2 -Summary: Settings plugin for the aws-ecs-2 variant -Requires: (%{_cross_os}variant(aws-ecs-2) or %{_cross_os}variant(aws-ecs-2-nvidia)) -Provides: %{_cross_os}settings-plugin(any) -Provides: %{_cross_os}settings-plugin(aws-ecs-2) -Provides: %{_cross_os}settings-plugin(aws-ecs-2-nvidia) -Conflicts: %{_cross_os}settings-plugin(any) - -%description aws-ecs-2 -%{summary}. - -%package aws-k8s -Summary: Settings plugin for the aws-k8s variants -Requires: %{_cross_os}variant-family(aws-k8s) -Provides: %{_cross_os}settings-plugin(any) -Provides: %{_cross_os}settings-plugin(aws-k8s-1.23) -Provides: %{_cross_os}settings-plugin(aws-k8s-1.23-nvidia) -Provides: %{_cross_os}settings-plugin(aws-k8s-1.24) -Provides: %{_cross_os}settings-plugin(aws-k8s-1.24-nvidia) -Provides: %{_cross_os}settings-plugin(aws-k8s-1.25) -Provides: %{_cross_os}settings-plugin(aws-k8s-1.25-nvidia) -Provides: %{_cross_os}settings-plugin(aws-k8s-1.26) -Provides: %{_cross_os}settings-plugin(aws-k8s-1.26-nvidia) -Provides: %{_cross_os}settings-plugin(aws-k8s-1.27) -Provides: %{_cross_os}settings-plugin(aws-k8s-1.27-nvidia) -Provides: %{_cross_os}settings-plugin(aws-k8s-1.28) -Provides: %{_cross_os}settings-plugin(aws-k8s-1.28-nvidia) -Provides: %{_cross_os}settings-plugin(aws-k8s-1.29) -Provides: %{_cross_os}settings-plugin(aws-k8s-1.29-nvidia) -Provides: %{_cross_os}settings-plugin(aws-k8s-1.30) -Provides: %{_cross_os}settings-plugin(aws-k8s-1.30-nvidia) -Conflicts: %{_cross_os}settings-plugin(any) - -%description aws-k8s -%{summary}. - -%package metal-dev -Summary: Settings plugin for the metal-dev variant -Requires: %{_cross_os}variant(metal-dev) -Provides: %{_cross_os}settings-plugin(any) -Provides: %{_cross_os}settings-plugin(metal-dev) -Conflicts: %{_cross_os}settings-plugin(any) - -%description metal-dev -%{summary}. - -%package metal-k8s -Summary: Settings plugin for the metal-k8s variants -Requires: %{_cross_os}variant-family(metal-k8s) -Provides: %{_cross_os}settings-plugin(any) -Provides: %{_cross_os}settings-plugin(metal-k8s-1.27) -Provides: %{_cross_os}settings-plugin(metal-k8s-1.28) -Provides: %{_cross_os}settings-plugin(metal-k8s-1.29) -Provides: %{_cross_os}settings-plugin(metal-k8s-1.30) -Conflicts: %{_cross_os}settings-plugin(any) - -%description metal-k8s -%{summary}. - -%package vmware-dev -Summary: Settings plugin for the vmware-dev variant -Requires: %{_cross_os}variant(vmware-dev) -Provides: %{_cross_os}settings-plugin(any) -Provides: %{_cross_os}settings-plugin(vmware-dev) -Conflicts: %{_cross_os}settings-plugin(any) - -%description vmware-dev -%{summary}. - -%package vmware-k8s -Summary: Settings plugin for the vmware-k8s variants -Requires: %{_cross_os}variant-family(vmware-k8s) -Provides: %{_cross_os}settings-plugin(any) -Provides: %{_cross_os}settings-plugin(vmware-k8s-1.27) -Provides: %{_cross_os}settings-plugin(vmware-k8s-1.28) -Provides: %{_cross_os}settings-plugin(vmware-k8s-1.29) -Provides: %{_cross_os}settings-plugin(vmware-k8s-1.30) -Conflicts: %{_cross_os}settings-plugin(any) - -%description vmware-k8s -%{summary}. - -%prep -%setup -T -c -%cargo_prep - -%build -%cargo_build --manifest-path %{_builddir}/sources/Cargo.toml \ - -p settings-plugin-aws-dev \ - -p settings-plugin-aws-ecs-1 \ - -p settings-plugin-aws-ecs-2 \ - -p settings-plugin-aws-k8s \ - -p settings-plugin-metal-dev \ - -p settings-plugin-metal-k8s \ - -p settings-plugin-vmware-dev \ - -p settings-plugin-vmware-k8s \ - %{nil} - -%install -install -d %{buildroot}%{_cross_pluginsdir} -install -d %{buildroot}%{_cross_factorydir}%{_cross_sysconfdir}/ld.so.conf.d -install -d %{buildroot}%{_cross_tmpfilesdir} - -for plugin in \ - aws-dev \ - aws-ecs-1 \ - aws-ecs-2 \ - aws-k8s \ - metal-dev \ - metal-k8s \ - vmware-dev \ - vmware-k8s \ - ; -do - install -d "%{buildroot}%{_cross_pluginsdir}/${plugin}" - plugin_so="libsettings_$(echo "${plugin}" | sed -e 's,-,_,g' -e 's,\.,_,g').so" - install -p -m 0755 \ - "${HOME}/.cache/%{__cargo_target}/release/${plugin_so}" \ - "%{buildroot}%{_cross_pluginsdir}/${plugin}/libsettings.so" - echo \ - "%{_cross_pluginsdir}/${plugin}" > \ - "%{buildroot}%{_cross_factorydir}%{_cross_sysconfdir}/ld.so.conf.d/${plugin}.conf" - echo \ - "C /etc/ld.so.conf.d/${plugin}.conf" > \ - "%{buildroot}%{_cross_tmpfilesdir}/settings-plugin-${plugin}.conf" -done - -%files -%dir %{_cross_pluginsdir} - -%files aws-dev -%{_cross_pluginsdir}/aws-dev/libsettings.so -%{_cross_factorydir}%{_cross_sysconfdir}/ld.so.conf.d/aws-dev.conf -%{_cross_tmpfilesdir}/settings-plugin-aws-dev.conf - -%files aws-ecs-1 -%{_cross_pluginsdir}/aws-ecs-1/libsettings.so -%{_cross_factorydir}%{_cross_sysconfdir}/ld.so.conf.d/aws-ecs-1.conf -%{_cross_tmpfilesdir}/settings-plugin-aws-ecs-1.conf - -%files aws-ecs-2 -%{_cross_pluginsdir}/aws-ecs-2/libsettings.so -%{_cross_factorydir}%{_cross_sysconfdir}/ld.so.conf.d/aws-ecs-2.conf -%{_cross_tmpfilesdir}/settings-plugin-aws-ecs-2.conf - -%files aws-k8s -%{_cross_pluginsdir}/aws-k8s/libsettings.so -%{_cross_factorydir}%{_cross_sysconfdir}/ld.so.conf.d/aws-k8s.conf -%{_cross_tmpfilesdir}/settings-plugin-aws-k8s.conf - -%files metal-dev -%{_cross_pluginsdir}/metal-dev/libsettings.so -%{_cross_factorydir}%{_cross_sysconfdir}/ld.so.conf.d/metal-dev.conf -%{_cross_tmpfilesdir}/settings-plugin-metal-dev.conf - -%files metal-k8s -%{_cross_pluginsdir}/metal-k8s/libsettings.so -%{_cross_factorydir}%{_cross_sysconfdir}/ld.so.conf.d/metal-k8s.conf -%{_cross_tmpfilesdir}/settings-plugin-metal-k8s.conf - -%files vmware-dev -%{_cross_pluginsdir}/vmware-dev/libsettings.so -%{_cross_factorydir}%{_cross_sysconfdir}/ld.so.conf.d/vmware-dev.conf -%{_cross_tmpfilesdir}/settings-plugin-vmware-dev.conf - -%files vmware-k8s -%{_cross_pluginsdir}/vmware-k8s/libsettings.so -%{_cross_factorydir}%{_cross_sysconfdir}/ld.so.conf.d/vmware-k8s.conf -%{_cross_tmpfilesdir}/settings-plugin-vmware-k8s.conf diff --git a/sample-eksctl-ssh.yaml b/sample-eksctl-ssh.yaml deleted file mode 100644 index f033e28d6..000000000 --- a/sample-eksctl-ssh.yaml +++ /dev/null @@ -1,27 +0,0 @@ ---- -apiVersion: eksctl.io/v1alpha5 -kind: ClusterConfig - -metadata: - name: bottlerocket - region: us-west-2 - version: '1.24' - -nodeGroups: - - name: ng-bottlerocket - instanceType: m5.large - desiredCapacity: 4 - amiFamily: Bottlerocket - disableIMDSv1: true - iam: - attachPolicyARNs: - - arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy - - arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy - - arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly - - arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore - ssh: - allow: true - publicKeyName: YOUR_EC2_KEYPAIR_NAME - bottlerocket: - settings: - motd: "Hello from eksctl!" diff --git a/sample-eksctl.yaml b/sample-eksctl.yaml deleted file mode 100644 index ed874bd25..000000000 --- a/sample-eksctl.yaml +++ /dev/null @@ -1,24 +0,0 @@ ---- -apiVersion: eksctl.io/v1alpha5 -kind: ClusterConfig - -metadata: - name: bottlerocket - region: us-west-2 - version: '1.24' - -nodeGroups: - - name: ng-bottlerocket - instanceType: m5.large - desiredCapacity: 4 - amiFamily: Bottlerocket - disableIMDSv1: true - iam: - attachPolicyARNs: - - arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy - - arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy - - arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly - - arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore - bottlerocket: - settings: - motd: "Hello from eksctl!" diff --git a/sbkeys/README.md b/sbkeys/README.md deleted file mode 100644 index a39272408..000000000 --- a/sbkeys/README.md +++ /dev/null @@ -1,134 +0,0 @@ -# Secure Boot Keys for Bottlerocket - -This document describes the tools available to generate the files needed for Secure Boot support in Bottlerocket. - -## Background - -For Secure Boot support, many different keys, certificates, and configuration files are required for building and publishing images. -The [ArchWiki guide to Secure Boot](https://wiki.archlinux.org/title/Unified_Extensible_Firmware_Interface/Secure_Boot#Using_your_own_keys) covers the purpose of most of these files, along with sample commands to generate them. -To keep build logic simple, a complete set of these files must be present for each build, and the files must follow the expected naming conventions. - -Each set of files is referred to as a Secure Boot Keys ("sbkeys") profile. -The tools provided in this directory can be used to generate either a [local profile](#create-a-profile-with-local-resources) or an [AWS-based profile](#create-a-profile-with-aws-based-resources). -If your preferred solution for key management is not supported, a contribution that adds a new tool or profile type would be welcome. - -To streamline the process of building Bottlerocket with Secure Boot support, a local profile will be generated automatically. -This is done to minimize costs and to avoid requiring developers to set up infrastructure for key management ahead of time. -However, because these local profiles offer direct access to private key materials, they are **strongly discouraged** for any kind of production use. - -Different profiles can be [specified at build time](#specify-a-profile-at-build-time) to use a custom set of keys. - -## Create a profile with local resources - -The `generate-local-sbkeys` tool can be used to create a local Secure Boot Keys profile. - -It uses `openssl` to generate private keys and certificate authorities (CAs), and `gpg` to create a GPG private key. -It also uses [virt-fw-vars](https://pypi.org/project/virt-firmware/) to generate EFI variable data for the edk2 variable stores used by Amazon EC2 AMIs and QEMU. - -When specifying an SDK image, these dependencies are run within a container started from that image, and do not need to be installed on the host. - -```shell -ARCH="$(uname -m)" -SDK_VERSION="v0.29.0" -./generate-local-sbkeys \ - --sdk-image "public.ecr.aws/bottlerocket/bottlerocket-sdk-${ARCH}:${SDK_VERSION}" \ - --output-dir "${PWD}/my-local-profile" -``` - -## Create a profile with AWS-based resources - -The `generate-aws-sbkeys` tool can be used to create an AWS-based Secure Boot Keys profile. - -It uses the AWS CLI and [aws-kms-pkcs11](https://github.com/JackOfMostTrades/aws-kms-pkcs11) to obtain certificates, and the `virt-fw-vars` tool to generate EFI variable data. -It creates an `aws-kms-pkcs11` configuration file for subsequent signing operations. - -When specifying an SDK image, these dependencies are run within a container started from that image, and do not need to be installed on the host. - -The tool expects four [AWS Private CAs](https://docs.aws.amazon.com/privateca/latest/userguide/PcaWelcome.html) and three [AWS KMS asymmetric keys](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#asymmetric-keys-concept) to be available. -Note that the cost of these resources, **especially the private CAs**, is nontrivial. - -Although it is possible to use the same private CA and the same KMS key for all roles, doing so would weaken the security of the implementation, and is **strongly discouraged**. - -```shell -ARCH="$(uname -m)" -SDK_VERSION="v0.29.0" - -# AWS Private CAs -PK_CA="arn:aws:acm-pca:us-west-2:999999999999:certificate-authority/11111111-1111-1111-1111-111111111111" -KEK_CA="arn:aws:acm-pca:us-west-2:999999999999:certificate-authority/22222222-2222-2222-2222-222222222222" -DB_CA="arn:aws:acm-pca:us-west-2:999999999999:certificate-authority/33333333-3333-3333-3333-333333333333" -VENDOR_CA="arn:aws:acm-pca:us-west-2:999999999999:certificate-authority/44444444-4444-4444-4444-444444444444" - -# AWS KMS asymmetric keys -SHIM_SIGN_KEY="arn:aws:kms:us-west-2:999999999999:key/aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa" -CODE_SIGN_KEY="arn:aws:kms:us-west-2:999999999999:key/bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb" -CONFIG_SIGN_KEY="arn:aws:kms:us-west-2:999999999999:key/cccccccc-cccc-cccc-cccc-cccccccccccc" - -./generate-aws-sbkeys \ - --sdk-image "public.ecr.aws/bottlerocket/bottlerocket-sdk-${ARCH}:${SDK_VERSION}" \ - --aws-region us-west-2 \ - --pk-ca "${PK_CA}" \ - --kek-ca "${KEK_CA}" \ - --db-ca "${DB_CA}" \ - --vendor-ca "${VENDOR_CA}" \ - --shim-sign-key "${SHIM_SIGN_KEY}" \ - --code-sign-key "${CODE_SIGN_KEY}" \ - --config-sign-key "${CONFIG_SIGN_KEY}" \ - --output-dir "${PWD}/my-aws-profile" -``` - -To generate the profile, the IAM user or role should have a policy like this: - -```json -{ - "Version": "2012-10-17", - "Statement": [ - { - "Action": [ - "acm-pca:GetCertificate", - "acm-pca:GetCertificateAuthorityCertificate", - "acm-pca:IssueCertificate", - "kms:GetPublicKey", - "kms:Sign" - ], - "Effect": "Allow", - "Resource": "*" - } - ] -} -``` - -To use the profile to sign artifacts during the build process, the IAM user or role should have a policy like this: - -```json -{ - "Version": "2012-10-17", - "Statement": [ - { - "Action": [ - "kms:GetPublicKey", - "kms:Sign" - ], - "Effect": "Allow", - "Resource": "*" - } - ] -} -``` - -## Specify a profile at build time - -To use a custom Secure Boot Keys profile, set the `BUILDSYS_SBKEYS_PROFILE` variable at build time, like this: - -```shell -cargo make -e BUILDSYS_SBKEYS_PROFILE=my-custom-profile -``` - -Since all the files in a Secure Boot Keys profile are plain text and source-control friendly, you may wish to store them in a separate directory backed by Git or some other SCM. -To refer to profiles in a different directory, set the `BUILDSYS_SBKEYS_DIR` variable at build time, like this: - -```shell -cargo make \ - -e BUILDSYS_SBKEYS_DIR="${HOME}/my-sbkeys" \ - -e BUILDSYS_SBKEYS_PROFILE=my-custom-profile -``` diff --git a/sbkeys/generate-aws-sbkeys b/sbkeys/generate-aws-sbkeys deleted file mode 100755 index c94ec95ec..000000000 --- a/sbkeys/generate-aws-sbkeys +++ /dev/null @@ -1,348 +0,0 @@ -#!/usr/bin/env bash - -# Helper script for running commands to generate Secure Boot files. - -set -euo pipefail - -usage() { - cat >&2 <&2 - exit 2 - fi -} - -parse_args() { - while [ ${#} -gt 0 ] ; do - case "${1}" in - --help ) usage; exit 0 ;; - --sdk-image ) shift; SDK_IMAGE="${1}" ;; - --aws-region ) shift; AWS_REGION="${1}" ;; - --pk-ca ) shift; PK_CA="${1}" ;; - --kek-ca ) shift; KEK_CA="${1}" ;; - --db-ca ) shift; DB_CA="${1}" ;; - --vendor-ca ) shift; VENDOR_CA="${1}" ;; - --shim-sign-key ) shift; SHIM_SIGN_KEY="${1}" ;; - --code-sign-key ) shift; CODE_SIGN_KEY="${1}" ;; - --config-sign-key ) shift; CONFIG_SIGN_KEY="${1}" ;; - --output-dir ) shift; OUTPUT_DIR="${1}" ;; - *) ;; - esac - shift - done - - # Required arguments - required_arg "--aws-region" "${AWS_REGION:-}" - required_arg "--pk-ca" "${PK_CA:-}" - required_arg "--kek-ca" "${KEK_CA:-}" - required_arg "--db-ca" "${DB_CA:-}" - required_arg "--vendor-ca" "${VENDOR_CA:-}" - required_arg "--shim-sign-key" "${SHIM_SIGN_KEY:-}" - required_arg "--code-sign-key" "${CODE_SIGN_KEY:-}" - required_arg "--config-sign-key" "${CONFIG_SIGN_KEY:-}" - required_arg "--output-dir" "${OUTPUT_DIR:-}" -} - -parse_args "${@}" - -# To avoid needing separate scripts to parse args and launch the SDK container, -# the logic to generate the profile is found below the separator. Copy that to -# a temporary file so it can be executed using the desired method. -PRELUDE_END=$(awk '/=\^\.\.\^=/ { print NR+1; exit 0; }' "${0}") -SBKEYS_SCRIPT="$(mktemp)" -AWS_KMS_PKCS11_CONF="$(mktemp)" -cleanup() { - rm -f "${SBKEYS_SCRIPT}" "${AWS_KMS_PKCS11_CONF}" -} -trap 'cleanup' EXIT -tail -n +"${PRELUDE_END}" "${0}" >"${SBKEYS_SCRIPT}" -chmod +x "${SBKEYS_SCRIPT}" - -cat < "${AWS_KMS_PKCS11_CONF}" -{ - "slots": [ - { - "label": "shim-sign-key", - "kms_key_id": "${SHIM_SIGN_KEY}", - "aws_region": "${AWS_REGION}" - }, - { - "label": "code-sign-key", - "kms_key_id": "${CODE_SIGN_KEY}", - "aws_region": "${AWS_REGION}" - }, - { - "label": "config-sign-key", - "kms_key_id": "${CONFIG_SIGN_KEY}", - "aws_region": "${AWS_REGION}" - } - ] -} -EOF - -# Create the output directory with the current user, rather than letting Docker -# create it as a root-owned directory. -mkdir -p "${OUTPUT_DIR}" - -if [ -n "${SDK_IMAGE:-}" ] ; then - docker run -a stdin -a stdout -a stderr --rm \ - --network=host \ - --user "$(id -u):$(id -g)" \ - --security-opt label:disable \ - -v "${OUTPUT_DIR}":"${OUTPUT_DIR}" \ - -v "${SBKEYS_SCRIPT}":"${SBKEYS_SCRIPT}" \ - -v "${AWS_KMS_PKCS11_CONF}":"${AWS_KMS_PKCS11_CONF}" \ - ${AWS_ACCESS_KEY_ID:+-e AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID} \ - ${AWS_SECRET_ACCESS_KEY:+-e AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY} \ - ${AWS_SESSION_TOKEN:+-e AWS_SESSION_TOKEN=$AWS_SESSION_TOKEN} \ - -e AWS_REGION="${AWS_REGION}" \ - -e AWS_DEFAULT_REGION="${AWS_REGION}" \ - -e PK_CA="${PK_CA}" \ - -e KEK_CA="${KEK_CA}" \ - -e DB_CA="${DB_CA}" \ - -e VENDOR_CA="${VENDOR_CA}" \ - -e SHIM_SIGN_KEY="${SHIM_SIGN_KEY}" \ - -e CODE_SIGN_KEY="${CODE_SIGN_KEY}" \ - -e CONFIG_SIGN_KEY="${CONFIG_SIGN_KEY}" \ - -e AWS_KMS_PKCS11_CONF="${AWS_KMS_PKCS11_CONF}" \ - -e OUTPUT_DIR="${OUTPUT_DIR}" \ - -w /tmp \ - "${SDK_IMAGE}" bash "${SBKEYS_SCRIPT}" -else - export PK_CA KEK_CA DB_CA VENDOR_CA - export CODE_SIGN_KEY CONFIG_SIGN_KEY SHIM_SIGN_KEY - export AWS_REGION AWS_KMS_PKCS11_CONF OUTPUT_DIR - bash "${SBKEYS_SCRIPT}" -fi - -exit - -# =^..^= =^..^= =^..^= =^..^= =^..^= =^..^= =^..^= =^..^= =^..^= -set -euo pipefail - -WORKDIR="$(mktemp -d)" -cd "${WORKDIR}" -cleanup() { - rm -rf "${WORKDIR}" -} -trap 'cleanup' EXIT - -export XDG_CONFIG_HOME="${WORKDIR}/.config" -mkdir -p "${XDG_CONFIG_HOME}/aws-kms-pkcs11" -cp "${AWS_KMS_PKCS11_CONF}" "${XDG_CONFIG_HOME}/aws-kms-pkcs11/config.json" - -export AWS_DEFAULT_OUTPUT="text" -export AWS_KMS_PKCS11_DEBUG=1 -export PKCS11_MODULE_PATH="/usr/lib64/pkcs11/aws_kms_pkcs11.so" - -# Fetch CA certificates. -getcacert() { - local arn ca - arn="${1:?}" - ca="${2:?}" - aws acm-pca get-certificate-authority-certificate \ - --certificate-authority-arn "${arn}" \ - --query 'Certificate' > "${ca}.crt" -} - -getcacert "${PK_CA}" "PK" -getcacert "${KEK_CA}" "KEK" -getcacert "${DB_CA}" "db" -getcacert "${VENDOR_CA}" "vendor" - -# Add X.509 extension for code signing. -cat <<'EOF' > codesign.json -{ - "Extensions": { - "ExtendedKeyUsage": [ - { - "ExtendedKeyUsageType": "CODE_SIGNING" - }, - { - "ExtendedKeyUsageObjectIdentifier": "1.3.6.1.4.1.311.10.3.6" - } - ] - } -} -EOF - -gencert() { - local key token cn ca_arn cert_arn - key="${1:?}" - token="${2:?}" - cn="${3:?}" - ca_arn="${4:?}" - - openssl req -new \ - -key "pkcs11:token=${token}" -keyform engine -engine pkcs11 \ - -subj "/CN=${cn}/" \ - -out "${key}.csr" - - cert_arn="$(\ - aws acm-pca issue-certificate \ - --certificate-authority-arn "${ca_arn}" \ - --template-arn arn:aws:acm-pca:::template/BlankEndEntityCertificate_APICSRPassthrough/V1 \ - --csr "fileb://${key}.csr" \ - --api-passthrough "file://codesign.json" \ - --signing-algorithm "SHA256WITHRSA" \ - --validity Value=5,Type="YEARS" \ - --idempotency-token "${key}" \ - --query 'CertificateArn')" - - aws acm-pca wait certificate-issued \ - --certificate-authority-arn "${ca_arn}" \ - --certificate-arn "${cert_arn}" - - aws acm-pca get-certificate \ - --certificate-authority-arn "${ca_arn}" \ - --certificate-arn "${cert_arn}" \ - --query 'Certificate' \ - > "${key}.crt" -} - -# Sign shim, GRUB, kernel, and GRUB config signing keys. -gencert shim-sign "shim-sign-key" "Bottlerocket Shim Signing Key" "${DB_CA}" -gencert code-sign "code-sign-key" "Bottlerocket Code Signing Key" "${VENDOR_CA}" -gencert config-sign "config-sign-key" "Bottlerocket Config Signing Key" "${VENDOR_CA}" - -# Encode the certs for the PKCS11 helper. -SHIM_SIGN_CERT="$(openssl x509 -in shim-sign.crt -outform der | openssl base64 -A)" -CODE_SIGN_CERT="$(openssl x509 -in code-sign.crt -outform der | openssl base64 -A)" -CONFIG_SIGN_CERT="$(openssl x509 -in config-sign.crt -outform der | openssl base64 -A)" - -# Reconfigure the PKCS11 helper for GPG. -cat < "${XDG_CONFIG_HOME}/aws-kms-pkcs11/config.json" -{ - "slots": [ - { - "label": "config-sign-key", - "kms_key_id": "${CONFIG_SIGN_KEY}", - "aws_region": "${AWS_REGION}", - "certificate": "${CONFIG_SIGN_CERT}" - } - ] -} -EOF - -# Ensure a clean GPG state. -export GNUPGHOME="${WORKDIR}" - -# Configure the GPG agent and smartcard daemon. -cat <> "${GNUPGHOME}/gpg-agent.conf" -scdaemon-program /usr/bin/gnupg-pkcs11-scd -EOF - -cat <> "${GNUPGHOME}/gnupg-pkcs11-scd.conf" -providers kms -provider-kms-library /usr/lib64/pkcs11/aws_kms_pkcs11.so -log-file /dev/null -EOF - -# Have GPG agent discover the key. -gpg --card-status -KEYGRIP=$(\ - find "${GNUPGHOME}"/private-keys-*.d -type f -name '*.key' -printf '%P' \ - | cut -d '.' -f1 | head -n1) - -# Import the config signing key into GPG. -# 13 Existing key -# ${KEYGRIP} Which key to edit -# e Toggle the encrypt capability off -# q Finished -# 0 Key does not expire -# Bottlerocket ... Real name -# Email address -# Comment -gpg --no-tty --expert --full-generate-key --command-fd 0 < config-sign.key - -# Generate EFI vars for use with EC2 or others. -GUID="$(uuidgen --random)" -virt-fw-vars \ - --set-pk "${GUID}" PK.crt \ - --add-kek "${GUID}" KEK.crt \ - --add-db "${GUID}" db.crt \ - --secure-boot \ - --output-json "efi-vars.json" - -virt-fw-vars \ - --set-json "efi-vars.json" \ - --output-aws "efi-vars.aws" - -# Create the final PKCS11 helper config. -cat < "kms-sign.json" -{ - "slots": [ - { - "label": "shim-sign-key", - "kms_key_id": "${SHIM_SIGN_KEY}", - "aws_region": "${AWS_REGION}", - "certificate": "${SHIM_SIGN_CERT}" - }, - { - "label": "code-sign-key", - "kms_key_id": "${CODE_SIGN_KEY}", - "aws_region": "${AWS_REGION}", - "certificate": "${CODE_SIGN_CERT}" - }, - { - "label": "config-sign-key", - "kms_key_id": "${CONFIG_SIGN_KEY}", - "aws_region": "${AWS_REGION}", - "certificate": "${CONFIG_SIGN_CERT}" - } - ] -} -EOF - -# Copy all expected files out. -cp -t "${OUTPUT_DIR}" \ - PK.crt \ - KEK.crt \ - db.crt \ - vendor.crt \ - kms-sign.json \ - config-sign.key \ - efi-vars.{aws,json} diff --git a/sbkeys/generate-local-sbkeys b/sbkeys/generate-local-sbkeys deleted file mode 100755 index 620e47821..000000000 --- a/sbkeys/generate-local-sbkeys +++ /dev/null @@ -1,165 +0,0 @@ -#!/usr/bin/env bash - -# Helper script for running commands to generate Secure Boot files. - -set -euo pipefail - -usage() { - cat >&2 <&2 - exit 2 - fi -} - -parse_args() { - while [ ${#} -gt 0 ] ; do - case "${1}" in - --help ) usage; exit 0 ;; - --sdk-image ) shift; SDK_IMAGE="${1}" ;; - --output-dir ) shift; OUTPUT_DIR="${1}" ;; - *) ;; - esac - shift - done - - # Required arguments - required_arg "--output-dir" "${OUTPUT_DIR:-}" -} - -parse_args "${@}" - -# Create the output directory with the current user, rather than letting Docker -# create it as a root-owned directory. -mkdir -p "${OUTPUT_DIR}" - -# To avoid needing separate scripts to parse args and launch the SDK container, -# the logic to generate the profile is found below the separator. Copy that to -# a temporary file so it can be executed using the desired method. -PRELUDE_END=$(awk '/=\^\.\.\^=/ { print NR+1; exit 0; }' "${0}") -SBKEYS_SCRIPT="$(mktemp)" -cleanup() { - rm -f "${SBKEYS_SCRIPT}" -} -trap 'cleanup' EXIT -tail -n +"${PRELUDE_END}" "${0}" >"${SBKEYS_SCRIPT}" -chmod +x "${SBKEYS_SCRIPT}" - -if [ -n "${SDK_IMAGE:-}" ] ; then - docker run -a stdin -a stdout -a stderr --rm \ - --user "$(id -u):$(id -g)" \ - --security-opt label:disable \ - -v "${OUTPUT_DIR}":"${OUTPUT_DIR}" \ - -v "${SBKEYS_SCRIPT}":"${SBKEYS_SCRIPT}" \ - -e OUTPUT_DIR="${OUTPUT_DIR}" \ - "${SDK_IMAGE}" bash "${SBKEYS_SCRIPT}" -else - export OUTPUT_DIR - bash "${SBKEYS_SCRIPT}" -fi - -exit - -# =^..^= =^..^= =^..^= =^..^= =^..^= =^..^= =^..^= =^..^= =^..^= -set -euo pipefail - -WORKDIR="$(mktemp -d)" -cd "${WORKDIR}" -cleanup() { - rm -rf "${WORKDIR}" -} -trap 'cleanup' EXIT - -genca() { - local ca cn - ca="${1:?}" - cn="${2:?}" - openssl req -newkey rsa:2048 \ - -batch -noenc -new -x509 -sha256 -days 3650 \ - -subj "/CN=${cn}/" \ - -keyout "${ca}.key" -out "${ca}.crt" -} - -genkey() { - local ca key cn - ca="${1:?}" - key="${2:?}" - cn="${3:?}" - openssl genrsa -verbose \ - -out "${key}.key" 2048 - - openssl req -new \ - -key "${key}.key" \ - -subj "/CN=${cn}/" \ - -out "${key}.csr" - - openssl req \ - -in "${key}.csr" \ - -CA "${ca}.crt" -CAkey "${ca}.key" \ - -config /dev/null \ - -days 3650 -x509 -sha256 -copy_extensions none \ - -addext "basicConstraints=CA:FALSE" \ - -addext "extendedKeyUsage=codeSigning,1.3.6.1.4.1.311.10.3.6" \ - -out "${key}.crt" -} - -# Generate local EFI CAs and signing keys. -genca PK "Bottlerocket Secure Boot Platform CA" -genca KEK "Bottlerocket Secure Boot Key Exchange CA" -genca db "Bottlerocket Secure Boot Database CA" -genca vendor "Bottlerocket Secure Boot Vendor CA" - -genkey db shim-sign "Bottlerocket Shim Signing Key" -genkey vendor code-sign "Bottlerocket Code Signing Key" - -# Generate GPG key for signing grub.cfg. -export GNUPGHOME="${WORKDIR}" -gpg --gen-key --batch < config-sign.key - -# Generate EFI vars for use with EC2 or others. -GUID="$(uuidgen --random)" -virt-fw-vars \ - --set-pk "${GUID}" PK.crt \ - --add-kek "${GUID}" KEK.crt \ - --add-db "${GUID}" db.crt \ - --secure-boot \ - --output-json "efi-vars.json" - -virt-fw-vars \ - --set-json "efi-vars.json" \ - --output-aws "efi-vars.aws" - -# Copy all expected files out. -cp -t "${OUTPUT_DIR}" \ - PK.{key,crt} \ - KEK.{key,crt} \ - db.{key,crt} \ - vendor.{key,crt} \ - shim-sign.{key,crt} \ - code-sign.{key,crt} \ - config-sign.key \ - efi-vars.{aws,json} diff --git a/sources/Cargo.lock b/sources/Cargo.lock index 0a43370f2..23d4da665 100644 --- a/sources/Cargo.lock +++ b/sources/Cargo.lock @@ -1047,18 +1047,8 @@ dependencies = [ name = "bork" version = "0.1.0" dependencies = [ + "rand", "serde_json", - "settings-extension-updates", -] - -[[package]] -name = "bottlerocket-defaults-helper" -version = "0.1.0" -source = "git+https://github.com/bottlerocket-os/bottlerocket-settings-sdk?tag=bottlerocket-defaults-helper-v0.1.0#9cb0286b59cd4fcb5df9dd441aee8521ea5698e6" -dependencies = [ - "snafu", - "toml", - "walkdir", ] [[package]] @@ -1096,31 +1086,6 @@ dependencies = [ "serde_json", ] -[[package]] -name = "bottlerocket-settings-sdk" -version = "0.1.0" -source = "git+https://github.com/bottlerocket-os/bottlerocket-settings-sdk?tag=bottlerocket-settings-sdk-v0.1.0#9cb0286b59cd4fcb5df9dd441aee8521ea5698e6" -dependencies = [ - "argh", - "bottlerocket-template-helper", - "serde", - "serde_json", - "snafu", - "tracing", -] - -[[package]] -name = "bottlerocket-template-helper" -version = "0.1.0" -source = "git+https://github.com/bottlerocket-os/bottlerocket-settings-sdk?tag=bottlerocket-settings-sdk-v0.1.0#9cb0286b59cd4fcb5df9dd441aee8521ea5698e6" -dependencies = [ - "darling 0.20.8", - "proc-macro2", - "quote", - "serde_json", - "syn 2.0.66", -] - [[package]] name = "bottlerocket-variant" version = "0.1.0" @@ -2391,13 +2356,6 @@ dependencies = [ "wasm-bindgen", ] -[[package]] -name = "k8s-reserved-cpus-v0-1-0" -version = "0.1.0" -dependencies = [ - "migration-helpers", -] - [[package]] name = "language-tags" version = "0.3.2" @@ -2567,22 +2525,6 @@ dependencies = [ "url", ] -[[package]] -name = "migration-helpers" -version = "0.1.0" -dependencies = [ - "bottlerocket-release", - "datastore", - "handlebars", - "maplit", - "schnauzer", - "serde", - "serde_json", - "shlex", - "snafu", - "tokio", -] - [[package]] name = "migrator" version = "0.1.0" @@ -2686,24 +2628,6 @@ dependencies = [ "modeled-types", "serde", "serde_json", - "settings-extension-autoscaling", - "settings-extension-aws", - "settings-extension-bootstrap-containers", - "settings-extension-cloudformation", - "settings-extension-container-registry", - "settings-extension-container-runtime", - "settings-extension-dns", - "settings-extension-ecs", - "settings-extension-host-containers", - "settings-extension-kernel", - "settings-extension-metrics", - "settings-extension-motd", - "settings-extension-network", - "settings-extension-ntp", - "settings-extension-oci-defaults", - "settings-extension-oci-hooks", - "settings-extension-pki", - "settings-extension-updates", "toml", ] @@ -3084,34 +3008,6 @@ dependencies = [ "url", ] -[[package]] -name = "pluto-remove-generators-v0-1-0" -version = "0.1.0" -dependencies = [ - "migration-helpers", -] - -[[package]] -name = "pod-infra-container-image-affected-services" -version = "0.1.0" -dependencies = [ - "migration-helpers", -] - -[[package]] -name = "pod-infra-container-image-remove-settings-generator" -version = "0.1.0" -dependencies = [ - "migration-helpers", -] - -[[package]] -name = "pod-infra-container-image-services" -version = "0.1.0" -dependencies = [ - "migration-helpers", -] - [[package]] name = "powerfmt" version = "0.2.0" @@ -3638,564 +3534,6 @@ dependencies = [ "tokio", ] -[[package]] -name = "settings-defaults-aws-dev" -version = "0.1.0" -dependencies = [ - "bottlerocket-defaults-helper", -] - -[[package]] -name = "settings-defaults-aws-ecs-1" -version = "0.1.0" -dependencies = [ - "bottlerocket-defaults-helper", -] - -[[package]] -name = "settings-defaults-aws-ecs-1-nvidia" -version = "0.1.0" -dependencies = [ - "bottlerocket-defaults-helper", -] - -[[package]] -name = "settings-defaults-aws-ecs-2" -version = "0.1.0" -dependencies = [ - "bottlerocket-defaults-helper", -] - -[[package]] -name = "settings-defaults-aws-ecs-2-nvidia" -version = "0.1.0" -dependencies = [ - "bottlerocket-defaults-helper", -] - -[[package]] -name = "settings-defaults-aws-k8s-1_24" -version = "0.1.0" -dependencies = [ - "bottlerocket-defaults-helper", -] - -[[package]] -name = "settings-defaults-aws-k8s-1_24-nvidia" -version = "0.1.0" -dependencies = [ - "bottlerocket-defaults-helper", -] - -[[package]] -name = "settings-defaults-aws-k8s-1_25" -version = "0.1.0" -dependencies = [ - "bottlerocket-defaults-helper", -] - -[[package]] -name = "settings-defaults-aws-k8s-1_25-nvidia" -version = "0.1.0" -dependencies = [ - "bottlerocket-defaults-helper", -] - -[[package]] -name = "settings-defaults-aws-k8s-1_26" -version = "0.1.0" -dependencies = [ - "bottlerocket-defaults-helper", -] - -[[package]] -name = "settings-defaults-aws-k8s-1_26-nvidia" -version = "0.1.0" -dependencies = [ - "bottlerocket-defaults-helper", -] - -[[package]] -name = "settings-defaults-aws-k8s-1_30" -version = "0.1.0" -dependencies = [ - "bottlerocket-defaults-helper", -] - -[[package]] -name = "settings-defaults-aws-k8s-1_30-nvidia" -version = "0.1.0" -dependencies = [ - "bottlerocket-defaults-helper", -] - -[[package]] -name = "settings-defaults-metal-dev" -version = "0.1.0" -dependencies = [ - "bottlerocket-defaults-helper", -] - -[[package]] -name = "settings-defaults-metal-k8s-1_30" -version = "0.1.0" -dependencies = [ - "bottlerocket-defaults-helper", -] - -[[package]] -name = "settings-defaults-vmware-dev" -version = "0.1.0" -dependencies = [ - "bottlerocket-defaults-helper", -] - -[[package]] -name = "settings-defaults-vmware-k8s-1_30" -version = "0.1.0" -dependencies = [ - "bottlerocket-defaults-helper", -] - -[[package]] -name = "settings-extension-autoscaling" -version = "0.1.0" -dependencies = [ - "bottlerocket-settings-sdk", - "env_logger", - "model-derive", - "modeled-types", - "serde", - "serde_json", -] - -[[package]] -name = "settings-extension-aws" -version = "0.1.0" -dependencies = [ - "bottlerocket-settings-sdk", - "env_logger", - "model-derive", - "modeled-types", - "serde", - "serde_json", -] - -[[package]] -name = "settings-extension-bootstrap-containers" -version = "0.1.0" -dependencies = [ - "bottlerocket-settings-sdk", - "env_logger", - "model-derive", - "modeled-types", - "serde", - "serde_json", -] - -[[package]] -name = "settings-extension-cloudformation" -version = "0.1.0" -dependencies = [ - "bottlerocket-settings-sdk", - "env_logger", - "model-derive", - "modeled-types", - "serde", - "serde_json", -] - -[[package]] -name = "settings-extension-container-registry" -version = "0.1.0" -dependencies = [ - "bottlerocket-settings-sdk", - "env_logger", - "model-derive", - "modeled-types", - "serde", - "serde_json", -] - -[[package]] -name = "settings-extension-container-runtime" -version = "0.1.0" -dependencies = [ - "bottlerocket-settings-sdk", - "env_logger", - "model-derive", - "modeled-types", - "serde", - "serde_json", -] - -[[package]] -name = "settings-extension-dns" -version = "0.1.0" -dependencies = [ - "bottlerocket-settings-sdk", - "env_logger", - "model-derive", - "modeled-types", - "serde", - "serde_json", -] - -[[package]] -name = "settings-extension-ecs" -version = "0.1.0" -dependencies = [ - "bottlerocket-settings-sdk", - "env_logger", - "model-derive", - "modeled-types", - "serde", - "serde_json", -] - -[[package]] -name = "settings-extension-host-containers" -version = "0.1.0" -dependencies = [ - "bottlerocket-settings-sdk", - "env_logger", - "model-derive", - "modeled-types", - "serde", - "serde_json", -] - -[[package]] -name = "settings-extension-kernel" -version = "0.1.0" -dependencies = [ - "bottlerocket-settings-sdk", - "env_logger", - "model-derive", - "modeled-types", - "serde", - "serde_json", -] - -[[package]] -name = "settings-extension-metrics" -version = "0.1.0" -dependencies = [ - "bottlerocket-settings-sdk", - "env_logger", - "model-derive", - "modeled-types", - "serde", - "serde_json", -] - -[[package]] -name = "settings-extension-motd" -version = "0.1.0" -dependencies = [ - "bottlerocket-settings-sdk", - "serde", - "serde_json", - "string_impls_for", -] - -[[package]] -name = "settings-extension-network" -version = "0.1.0" -dependencies = [ - "bottlerocket-settings-sdk", - "env_logger", - "model-derive", - "modeled-types", - "serde", - "serde_json", -] - -[[package]] -name = "settings-extension-ntp" -version = "0.1.0" -dependencies = [ - "bottlerocket-settings-sdk", - "env_logger", - "model-derive", - "modeled-types", - "serde", - "serde_json", -] - -[[package]] -name = "settings-extension-oci-defaults" -version = "0.1.0" -dependencies = [ - "bottlerocket-settings-sdk", - "env_logger", - "model-derive", - "modeled-types", - "serde", - "serde_json", - "toml", -] - -[[package]] -name = "settings-extension-oci-hooks" -version = "0.1.0" -dependencies = [ - "bottlerocket-settings-sdk", - "env_logger", - "model-derive", - "modeled-types", - "serde", - "serde_json", -] - -[[package]] -name = "settings-extension-pki" -version = "0.1.0" -dependencies = [ - "bottlerocket-settings-sdk", - "env_logger", - "model-derive", - "modeled-types", - "serde", - "serde_json", -] - -[[package]] -name = "settings-extension-updates" -version = "0.1.0" -dependencies = [ - "bottlerocket-settings-sdk", - "env_logger", - "model-derive", - "modeled-types", - "rand", - "serde", - "serde_json", -] - -[[package]] -name = "settings-plugin-aws-dev" -version = "0.1.0" -dependencies = [ - "abi_stable", - "bottlerocket-settings-plugin", - "model-derive", - "modeled-types", - "models", - "serde", - "serde_json", - "settings-extension-aws", - "settings-extension-bootstrap-containers", - "settings-extension-cloudformation", - "settings-extension-container-registry", - "settings-extension-dns", - "settings-extension-host-containers", - "settings-extension-kernel", - "settings-extension-metrics", - "settings-extension-motd", - "settings-extension-network", - "settings-extension-ntp", - "settings-extension-oci-hooks", - "settings-extension-pki", - "settings-extension-updates", -] - -[[package]] -name = "settings-plugin-aws-ecs-1" -version = "0.1.0" -dependencies = [ - "abi_stable", - "bottlerocket-settings-plugin", - "model-derive", - "modeled-types", - "models", - "serde", - "serde_json", - "settings-extension-autoscaling", - "settings-extension-aws", - "settings-extension-bootstrap-containers", - "settings-extension-cloudformation", - "settings-extension-container-registry", - "settings-extension-dns", - "settings-extension-ecs", - "settings-extension-host-containers", - "settings-extension-kernel", - "settings-extension-metrics", - "settings-extension-motd", - "settings-extension-network", - "settings-extension-ntp", - "settings-extension-oci-defaults", - "settings-extension-oci-hooks", - "settings-extension-pki", - "settings-extension-updates", -] - -[[package]] -name = "settings-plugin-aws-ecs-2" -version = "0.1.0" -dependencies = [ - "abi_stable", - "bottlerocket-settings-plugin", - "model-derive", - "modeled-types", - "models", - "serde", - "serde_json", - "settings-extension-autoscaling", - "settings-extension-aws", - "settings-extension-bootstrap-containers", - "settings-extension-cloudformation", - "settings-extension-container-registry", - "settings-extension-dns", - "settings-extension-ecs", - "settings-extension-host-containers", - "settings-extension-kernel", - "settings-extension-metrics", - "settings-extension-motd", - "settings-extension-network", - "settings-extension-ntp", - "settings-extension-oci-defaults", - "settings-extension-oci-hooks", - "settings-extension-pki", - "settings-extension-updates", -] - -[[package]] -name = "settings-plugin-aws-k8s" -version = "0.1.0" -dependencies = [ - "abi_stable", - "bottlerocket-settings-plugin", - "model-derive", - "modeled-types", - "models", - "serde", - "serde_json", - "settings-extension-autoscaling", - "settings-extension-aws", - "settings-extension-bootstrap-containers", - "settings-extension-cloudformation", - "settings-extension-container-registry", - "settings-extension-container-runtime", - "settings-extension-dns", - "settings-extension-host-containers", - "settings-extension-kernel", - "settings-extension-metrics", - "settings-extension-motd", - "settings-extension-network", - "settings-extension-ntp", - "settings-extension-oci-defaults", - "settings-extension-oci-hooks", - "settings-extension-pki", - "settings-extension-updates", -] - -[[package]] -name = "settings-plugin-metal-dev" -version = "0.1.0" -dependencies = [ - "abi_stable", - "bottlerocket-settings-plugin", - "model-derive", - "modeled-types", - "models", - "serde", - "serde_json", - "settings-extension-bootstrap-containers", - "settings-extension-container-registry", - "settings-extension-dns", - "settings-extension-host-containers", - "settings-extension-kernel", - "settings-extension-metrics", - "settings-extension-motd", - "settings-extension-network", - "settings-extension-ntp", - "settings-extension-oci-hooks", - "settings-extension-pki", - "settings-extension-updates", -] - -[[package]] -name = "settings-plugin-metal-k8s" -version = "0.1.0" -dependencies = [ - "abi_stable", - "bottlerocket-settings-plugin", - "model-derive", - "modeled-types", - "models", - "serde", - "serde_json", - "settings-extension-aws", - "settings-extension-bootstrap-containers", - "settings-extension-container-registry", - "settings-extension-container-runtime", - "settings-extension-dns", - "settings-extension-host-containers", - "settings-extension-kernel", - "settings-extension-metrics", - "settings-extension-motd", - "settings-extension-network", - "settings-extension-ntp", - "settings-extension-oci-defaults", - "settings-extension-oci-hooks", - "settings-extension-pki", - "settings-extension-updates", -] - -[[package]] -name = "settings-plugin-vmware-dev" -version = "0.1.0" -dependencies = [ - "abi_stable", - "bottlerocket-settings-plugin", - "model-derive", - "modeled-types", - "models", - "serde", - "serde_json", - "settings-extension-bootstrap-containers", - "settings-extension-container-registry", - "settings-extension-dns", - "settings-extension-host-containers", - "settings-extension-kernel", - "settings-extension-metrics", - "settings-extension-motd", - "settings-extension-network", - "settings-extension-ntp", - "settings-extension-oci-hooks", - "settings-extension-pki", - "settings-extension-updates", -] - -[[package]] -name = "settings-plugin-vmware-k8s" -version = "0.1.0" -dependencies = [ - "abi_stable", - "bottlerocket-settings-plugin", - "model-derive", - "modeled-types", - "models", - "serde", - "serde_json", - "settings-extension-aws", - "settings-extension-bootstrap-containers", - "settings-extension-container-registry", - "settings-extension-container-runtime", - "settings-extension-dns", - "settings-extension-host-containers", - "settings-extension-kernel", - "settings-extension-metrics", - "settings-extension-motd", - "settings-extension-network", - "settings-extension-ntp", - "settings-extension-oci-defaults", - "settings-extension-oci-hooks", - "settings-extension-pki", - "settings-extension-updates", -] - [[package]] name = "sha1" version = "0.10.6" @@ -4298,13 +3636,8 @@ dependencies = [ "abi_stable", "bottlerocket-settings-plugin", "generate-readme", - "model-derive", - "modeled-types", - "models", "serde", "serde_json", - "settings-extension-motd", - "settings-extension-ntp", ] [[package]] diff --git a/sources/Cargo.toml b/sources/Cargo.toml index 0ca12eed0..606858136 100644 --- a/sources/Cargo.toml +++ b/sources/Cargo.toml @@ -17,19 +17,10 @@ members = [ "api/thar-be-updates", "api/settings-committer", "api/migration/migrator", - "api/migration/migration-helpers", "api/shibaken", "api/prairiedog", "api/simple-settings-plugin", - # "api/migration/migrations/vX.Y.Z/..." - # (all previous migrations archived; add new ones after this line) - "api/migration/migrations/v1.21.0/pluto-remove-generators-v0-1-0", - "api/migration/migrations/v1.21.0/pod-infra-container-image-affected-services", - "api/migration/migrations/v1.21.0/pod-infra-container-image-remove-settings-generator", - "api/migration/migrations/v1.21.0/pod-infra-container-image-services", - "api/migration/migrations/v1.21.0/k8s-reserved-cpus-v0-1-0", - "bloodhound", "bottlerocket-release", @@ -67,52 +58,6 @@ members = [ "models", - "settings-defaults/aws-dev", - "settings-defaults/aws-ecs-1", - "settings-defaults/aws-ecs-1-nvidia", - "settings-defaults/aws-ecs-2", - "settings-defaults/aws-ecs-2-nvidia", - "settings-defaults/aws-k8s-1.24", - "settings-defaults/aws-k8s-1.24-nvidia", - "settings-defaults/aws-k8s-1.25", - "settings-defaults/aws-k8s-1.25-nvidia", - "settings-defaults/aws-k8s-1.26", - "settings-defaults/aws-k8s-1.26-nvidia", - "settings-defaults/aws-k8s-1.30", - "settings-defaults/aws-k8s-1.30-nvidia", - "settings-defaults/metal-dev", - "settings-defaults/metal-k8s-1.30", - "settings-defaults/vmware-dev", - "settings-defaults/vmware-k8s-1.30", - - "settings-extensions/autoscaling", - "settings-extensions/aws", - "settings-extensions/bootstrap-containers", - "settings-extensions/cloudformation", - "settings-extensions/container-registry", - "settings-extensions/container-runtime", - "settings-extensions/dns", - "settings-extensions/ecs", - "settings-extensions/host-containers", - "settings-extensions/kernel", - "settings-extensions/metrics", - "settings-extensions/motd", - "settings-extensions/network", - "settings-extensions/ntp", - "settings-extensions/oci-defaults", - "settings-extensions/oci-hooks", - "settings-extensions/pki", - "settings-extensions/updates", - - "settings-plugins/aws-dev", - "settings-plugins/aws-ecs-1", - "settings-plugins/aws-ecs-2", - "settings-plugins/aws-k8s", - "settings-plugins/metal-dev", - "settings-plugins/metal-k8s", - "settings-plugins/vmware-dev", - "settings-plugins/vmware-k8s", - "static-pods", "parse-datetime", diff --git a/sources/api/bork/Cargo.toml b/sources/api/bork/Cargo.toml index cafa6d4ea..7277d28c6 100644 --- a/sources/api/bork/Cargo.toml +++ b/sources/api/bork/Cargo.toml @@ -9,7 +9,5 @@ publish = false exclude = ["README.md"] [dependencies] +rand = "0.8" serde_json = "1" - -# generation logic moved to updates settings extension -settings-extension-updates = { path = "../../settings-extensions/updates", version = "0.1" } diff --git a/sources/api/bork/src/main.rs b/sources/api/bork/src/main.rs index 1a3849a94..8799d67ea 100644 --- a/sources/api/bork/src/main.rs +++ b/sources/api/bork/src/main.rs @@ -1,5 +1,8 @@ +/// Generators for updates settings. +use rand::{thread_rng, Rng}; + fn main() { - let val = settings_extension_updates::generate::generate_seed(); + let val = generate_seed(); // sundog expects JSON-serialized output so that many types can be represented, allowing the // API model to use more accurate types. @@ -7,3 +10,8 @@ fn main() { println!("{}", output); } + +pub fn generate_seed() -> u32 { + let mut rng = thread_rng(); + rng.gen_range(0..2048) +} diff --git a/sources/api/migration/migration-helpers/Cargo.toml b/sources/api/migration/migration-helpers/Cargo.toml deleted file mode 100644 index 80f6b2d72..000000000 --- a/sources/api/migration/migration-helpers/Cargo.toml +++ /dev/null @@ -1,23 +0,0 @@ -[package] -name = "migration-helpers" -version = "0.1.0" -authors = ["Tom Kirchner "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -bottlerocket-release = { path = "../../../bottlerocket-release", version = "0.1" } -datastore = { path = "../../datastore", version = "0.1" } -handlebars = "4" -schnauzer = { path = "../../schnauzer", version = "0.1" } -serde = "1" -serde_json = "1" -shlex = "1" -snafu = "0.8" -tokio = { version = "~1.32", default-features = false, features = ["rt-multi-thread"] } - -[dev-dependencies] -maplit = "1" diff --git a/sources/api/migration/migration-helpers/src/args.rs b/sources/api/migration/migration-helpers/src/args.rs deleted file mode 100644 index 9a9854f54..000000000 --- a/sources/api/migration/migration-helpers/src/args.rs +++ /dev/null @@ -1,74 +0,0 @@ -//! Helpers for parsing arguments common to migrations. - -use std::env; -use std::process; - -use crate::{MigrationType, Result}; - -/// Stores user-supplied arguments. -pub struct Args { - pub source_datastore: String, - pub target_datastore: String, - pub migration_type: MigrationType, -} - -/// Informs the user about proper usage of the program and exits. -fn usage() -> ! { - let program_name = env::args().next().unwrap_or_else(|| "program".to_string()); - eprintln!( - r"Usage: {} - --source-datastore PATH - --target-datastore PATH - ( --forward | --backward )", - program_name - ); - process::exit(2); -} - -/// Prints a more specific message before exiting through usage(). -fn usage_msg>(msg: S) -> ! { - eprintln!("{}\n", msg.as_ref()); - usage(); -} - -/// Parses user arguments into an Args structure. -pub(crate) fn parse_args(args: env::Args) -> Result { - let mut migration_type = None; - let mut source_datastore = None; - let mut target_datastore = None; - - let mut iter = args.skip(1); - while let Some(arg) = iter.next() { - match arg.as_ref() { - "--source-datastore" => { - source_datastore = - Some(iter.next().unwrap_or_else(|| { - usage_msg("Did not give argument to --source-datastore") - })) - } - - "--target-datastore" => { - target_datastore = - Some(iter.next().unwrap_or_else(|| { - usage_msg("Did not give argument to --target-datastore") - })) - } - - "--forward" => migration_type = Some(MigrationType::Forward), - "--backward" => migration_type = Some(MigrationType::Backward), - - _ => usage(), - } - } - - // In no other case should they be the same; we use it for compatibility checks. - if source_datastore == target_datastore { - usage_msg("--source-datastore and --target-datastore cannot be the same"); - } - - Ok(Args { - source_datastore: source_datastore.unwrap_or_else(|| usage()), - target_datastore: target_datastore.unwrap_or_else(|| usage()), - migration_type: migration_type.unwrap_or_else(|| usage()), - }) -} diff --git a/sources/api/migration/migration-helpers/src/common_migrations.rs b/sources/api/migration/migration-helpers/src/common_migrations.rs deleted file mode 100644 index 12e278a1e..000000000 --- a/sources/api/migration/migration-helpers/src/common_migrations.rs +++ /dev/null @@ -1,1916 +0,0 @@ -use crate::{error, Migration, MigrationData, Result}; -use schnauzer::import::{json_settings::JsonSettingsResolver, StaticHelperResolver}; -use serde::Serialize; -use shlex::Shlex; -use snafu::{OptionExt, ResultExt}; -use std::collections::HashMap; - -/// We use this migration when we add settings and want to make sure they're removed before we go -/// back to old versions that don't understand them. -pub struct AddSettingsMigration<'a>(pub &'a [&'static str]); - -impl Migration for AddSettingsMigration<'_> { - /// New versions must either have a default for the settings or generate them; we don't need to - /// do anything. - fn forward(&mut self, input: MigrationData) -> Result { - println!( - "AddSettingsMigration({:?}) has no work to do on upgrade.", - self.0 - ); - Ok(input) - } - - /// Older versions don't know about the settings; we remove them so that old versions don't see - /// them and fail deserialization. (The settings must be defaulted or generated in new versions, - /// and safe to remove.) - fn backward(&mut self, mut input: MigrationData) -> Result { - for setting in self.0 { - if let Some(data) = input.data.remove(*setting) { - println!("Removed {}, which was set to '{}'", setting, data); - } else { - println!("Found no {} to remove", setting); - } - } - Ok(input) - } -} - -// =^..^= =^..^= =^..^= =^..^= =^..^= =^..^= =^..^= =^..^= =^..^= - -/// We use this migration when we add a cluster of settings under known prefixes and want to make -/// sure they're removed before we go back to old versions that don't understand them. Normally -/// you'd use AddSettingsMigration since you know the key names, but this is useful for -/// user-defined keys, for example in a map like settings.kernel.sysctl or -/// settings.host-containers. -pub struct AddPrefixesMigration(pub Vec<&'static str>); - -impl Migration for AddPrefixesMigration { - /// New versions must either have a default for the settings or generate them; we don't need to - /// do anything. - fn forward(&mut self, input: MigrationData) -> Result { - println!( - "AddPrefixesMigration({:?}) has no work to do on upgrade.", - self.0 - ); - Ok(input) - } - - /// Older versions don't know about the settings; we remove them so that old versions don't see - /// them and fail deserialization. (The settings must be defaulted or generated in new versions, - /// and safe to remove.) - fn backward(&mut self, mut input: MigrationData) -> Result { - let settings = input - .data - .keys() - .filter(|k| self.0.iter().any(|prefix| k.starts_with(prefix))) - .cloned() - .collect::>(); - for setting in settings { - if let Some(data) = input.data.remove(&setting) { - println!("Removed {}, which was set to '{}'", setting, data); - } - } - Ok(input) - } -} - -#[cfg(test)] -mod test_add_prefixes_migration { - use super::AddPrefixesMigration; - use crate::{Migration, MigrationData}; - use maplit::hashmap; - use std::collections::HashMap; - - #[test] - fn single() { - let data = MigrationData { - data: hashmap! { - "keep.me.a".into() => 0.into(), - "remove.me.b".into() => 0.into(), - "keep.this.c".into() => 0.into(), - "remove.me.d.e".into() => 0.into(), - }, - metadata: HashMap::new(), - }; - // Run backward, e.g. downgrade, to test that the right keys are removed - let result = AddPrefixesMigration(vec!["remove.me"]) - .backward(data) - .unwrap(); - assert_eq!( - result.data, - hashmap! { - "keep.me.a".into() => 0.into(), - "keep.this.c".into() => 0.into(), - } - ); - } - - #[test] - fn multiple() { - let data = MigrationData { - data: hashmap! { - "keep.me.a".into() => 0.into(), - "remove.me.b".into() => 0.into(), - "keep.this.c".into() => 0.into(), - "remove.this.d.e".into() => 0.into(), - }, - metadata: HashMap::new(), - }; - // Run backward, e.g. downgrade, to test that the right keys are removed - let result = AddPrefixesMigration(vec!["remove.me", "remove.this"]) - .backward(data) - .unwrap(); - assert_eq!( - result.data, - hashmap! { - "keep.me.a".into() => 0.into(), - "keep.this.c".into() => 0.into(), - } - ); - } - - #[test] - fn no_match() { - let data = MigrationData { - data: hashmap! { - "keep.me.a".into() => 0.into(), - "remove.me.b".into() => 0.into(), - "keep.this.c".into() => 0.into(), - "remove.this.d.e".into() => 0.into(), - }, - metadata: HashMap::new(), - }; - // Run backward, e.g. downgrade, to test that the right keys are removed - let result = AddPrefixesMigration(vec!["not.found", "nor.this"]) - .backward(data) - .unwrap(); - assert_eq!( - result.data, - hashmap! { - "keep.me.a".into() => 0.into(), - "remove.me.b".into() => 0.into(), - "keep.this.c".into() => 0.into(), - "remove.this.d.e".into() => 0.into(), - } - ); - } -} - -// =^..^= =^..^= =^..^= =^..^= =^..^= =^..^= =^..^= =^..^= =^..^= - -/// We use this migration when we remove settings from the model, so the new version doesn't see -/// them and error. -pub struct RemoveSettingsMigration<'a>(pub &'a [&'static str]); - -impl Migration for RemoveSettingsMigration<'_> { - /// Newer versions don't know about the settings; we remove them so that new versions don't see - /// them and fail deserialization. (The settings must be defaulted or generated in old versions, - /// and safe to remove.) - fn forward(&mut self, mut input: MigrationData) -> Result { - for setting in self.0 { - if let Some(data) = input.data.remove(*setting) { - println!("Removed {}, which was set to '{}'", setting, data); - } else { - println!("Found no {} to remove", setting); - } - } - Ok(input) - } - - /// Old versions must either have a default for the settings or generate it; we don't need to - /// do anything. - fn backward(&mut self, input: MigrationData) -> Result { - println!( - "RemoveSettingsMigration({:?}) has no work to do on downgrade.", - self.0 - ); - Ok(input) - } -} - -// =^..^= =^..^= =^..^= =^..^= =^..^= =^..^= =^..^= =^..^= =^..^= - -/// We use this migration when we replace a setting's old string value with a new string value. -pub struct ReplaceStringMigration { - pub setting: &'static str, - pub old_val: &'static str, - pub new_val: &'static str, -} - -impl Migration for ReplaceStringMigration { - fn forward(&mut self, mut input: MigrationData) -> Result { - if let Some(data) = input.data.get_mut(self.setting) { - match data { - serde_json::Value::String(data) => { - if data == self.old_val { - *data = self.new_val.to_owned(); - println!( - "Changed value of '{}' from '{}' to '{}' on upgrade", - self.setting, self.old_val, self.new_val - ); - } else { - println!( - "'{}' is not set to '{}', leaving alone", - self.setting, self.old_val - ); - } - } - _ => { - println!( - "'{}' is set to non-string value '{}'; ReplaceStringMigration only handles strings", - self.setting, data - ); - } - } - } else { - println!("Found no '{}' to change on upgrade", self.setting); - } - Ok(input) - } - - fn backward(&mut self, mut input: MigrationData) -> Result { - if let Some(data) = input.data.get_mut(self.setting) { - match data { - serde_json::Value::String(data) => { - if data == self.new_val { - *data = self.old_val.to_owned(); - println!( - "Changed value of '{}' from '{}' to '{}' on downgrade", - self.setting, self.new_val, self.old_val - ); - } else { - println!( - "'{}' is not set to '{}', leaving alone", - self.setting, self.new_val - ); - } - } - _ => { - println!( - "'{}' is set to non-string value '{}'; ReplaceStringMigration only handles strings", - self.setting, data - ); - } - } - } else { - println!("Found no '{}' to change on downgrade", self.setting); - } - Ok(input) - } -} - -// =^..^= =^..^= =^..^= =^..^= =^..^= =^..^= =^..^= =^..^= =^..^= - -/// We use this migration when we need to replace settings that contain lists of string values; -/// for example, when a release changes the list of configuration-files associated with a service. -// String is the only type we use today, and handling multiple value types is more complicated than -// we need at the moment. Allowing &[serde_json::Value] seems nice, but it would allow arbitrary -// data transformations that the API model would then fail to load. - -pub struct ListReplacement { - pub setting: &'static str, - pub old_vals: &'static [&'static str], - pub new_vals: &'static [&'static str], -} - -pub struct ReplaceListsMigration(pub Vec); - -impl Migration for ReplaceListsMigration { - fn forward(&mut self, mut input: MigrationData) -> Result { - for replacement in &self.0 { - if let Some(data) = input.data.get_mut(replacement.setting) { - match data { - serde_json::Value::Array(data) => { - // We only handle string lists; convert each value to a str we can compare. - let list: Vec<&str> = data - .iter() - .map(|v| v.as_str()) - .collect::>>() - .with_context(|| error::ReplaceListContentsSnafu { - setting: replacement.setting, - data: data.clone(), - })?; - - if list == replacement.old_vals { - // Convert back to the original type so we can store it. - *data = replacement.new_vals.iter().map(|s| (*s).into()).collect(); - println!( - "Changed value of '{}' from {:?} to {:?} on upgrade", - replacement.setting, replacement.old_vals, replacement.new_vals - ); - } else { - println!( - "'{}' is not set to {:?}, leaving alone", - replacement.setting, list - ); - } - } - _ => { - println!( - "'{}' is set to non-list value '{}'; ReplaceListsMigration only handles lists", - replacement.setting, data - ); - } - } - } else { - println!("Found no '{}' to change on upgrade", replacement.setting); - } - } - Ok(input) - } - - fn backward(&mut self, mut input: MigrationData) -> Result { - for replacement in &self.0 { - if let Some(data) = input.data.get_mut(replacement.setting) { - match data { - serde_json::Value::Array(data) => { - // We only handle string lists; convert each value to a str we can compare. - let list: Vec<&str> = data - .iter() - .map(|v| v.as_str()) - .collect::>>() - .with_context(|| error::ReplaceListContentsSnafu { - setting: replacement.setting, - data: data.clone(), - })?; - - if list == replacement.new_vals { - // Convert back to the original type so we can store it. - *data = replacement.old_vals.iter().map(|s| (*s).into()).collect(); - println!( - "Changed value of '{}' from {:?} to {:?} on downgrade", - replacement.setting, replacement.new_vals, replacement.old_vals - ); - } else { - println!( - "'{}' is not set to {:?}, leaving alone", - replacement.setting, list - ); - } - } - _ => { - println!( - "'{}' is set to non-list value '{}'; ReplaceListsMigration only handles lists", - replacement.setting, data - ); - } - } - } else { - println!("Found no '{}' to change on downgrade", replacement.setting); - } - } - Ok(input) - } -} - -#[cfg(test)] -mod test_replace_list { - use super::{ListReplacement, ReplaceListsMigration}; - use crate::{Migration, MigrationData}; - use maplit::hashmap; - use std::collections::HashMap; - - #[test] - fn single() { - let data = MigrationData { - data: hashmap! { - "hi".into() => vec!["there"].into(), - }, - metadata: HashMap::new(), - }; - let result = ReplaceListsMigration(vec![ListReplacement { - setting: "hi", - old_vals: &["there"], - new_vals: &["sup"], - }]) - .forward(data) - .unwrap(); - assert_eq!( - result.data, - hashmap! { - "hi".into() => vec!["sup"].into(), - } - ); - } - - #[test] - fn backward() { - let data = MigrationData { - data: hashmap! { - "hi".into() => vec!["there"].into(), - }, - metadata: HashMap::new(), - }; - let result = ReplaceListsMigration(vec![ListReplacement { - setting: "hi", - old_vals: &["sup"], - new_vals: &["there"], - }]) - .backward(data) - .unwrap(); - assert_eq!( - result.data, - hashmap! { - "hi".into() => vec!["sup"].into(), - } - ); - } - - #[test] - fn multiple() { - let data = MigrationData { - data: hashmap! { - "hi".into() => vec!["there", "you"].into(), - "hi2".into() => vec!["hey", "listen"].into(), - "ignored".into() => vec!["no", "change"].into(), - }, - metadata: HashMap::new(), - }; - let result = ReplaceListsMigration(vec![ - ListReplacement { - setting: "hi", - old_vals: &["there", "you"], - new_vals: &["sup", "hey"], - }, - ListReplacement { - setting: "hi2", - old_vals: &["hey", "listen"], - new_vals: &["look", "watch out"], - }, - ]) - .forward(data) - .unwrap(); - assert_eq!( - result.data, - hashmap! { - "hi".into() => vec!["sup", "hey"].into(), - "hi2".into() => vec!["look", "watch out"].into(), - "ignored".into() => vec!["no", "change"].into(), - } - ); - } - - #[test] - fn no_match() { - let data = MigrationData { - data: hashmap! { - "hi".into() => vec!["no", "change"].into(), - "hi2".into() => vec!["no", "change"].into(), - }, - metadata: HashMap::new(), - }; - let result = ReplaceListsMigration(vec![ListReplacement { - setting: "hi", - old_vals: &["there"], - new_vals: &["sup", "hey"], - }]) - .forward(data) - .unwrap(); - // No change - assert_eq!( - result.data, - hashmap! { - "hi".into() => vec!["no", "change"].into(), - "hi2".into() => vec!["no", "change"].into(), - } - ); - } - - #[test] - fn not_list() { - let data = MigrationData { - data: hashmap! { - "hi".into() => "just a string, not a list".into(), - }, - metadata: HashMap::new(), - }; - let result = ReplaceListsMigration(vec![ListReplacement { - setting: "hi", - old_vals: &["there"], - new_vals: &["sup", "hey"], - }]) - .forward(data) - .unwrap(); - // No change - assert_eq!( - result.data, - hashmap! { - "hi".into() => "just a string, not a list".into(), - } - ); - } - - #[test] - fn not_string() { - let data = MigrationData { - data: hashmap! { - "hi".into() => vec![0].into(), - }, - metadata: HashMap::new(), - }; - ReplaceListsMigration(vec![ListReplacement { - setting: "hi", - old_vals: &["there"], - new_vals: &["sup", "hey"], - }]) - .forward(data) - .unwrap_err(); - } -} - -// =^..^= =^..^= =^..^= =^..^= =^..^= =^..^= =^..^= =^..^= =^..^= - -/// We used this migration when we replaced an existing template for generating some setting. -/// -/// With schnauzer-v2, we now use `ReplaceSchnauzerMigration.` This code remains to build historical -/// migrations until they have been archived. -#[deprecated(note = "Please use `ReplaceSchnauzerMigration`")] -pub struct ReplaceTemplateMigration { - pub setting: &'static str, - pub old_template: &'static str, - pub new_template: &'static str, -} - -#[allow(deprecated)] -impl ReplaceTemplateMigration { - /// Helper to retrieve a setting's template - fn get_setting_template(&self, input: &MigrationData) -> Option { - if let Some(metadata) = input.metadata.get(self.setting) { - if let Some(template) = metadata.get("template") { - if let Some(template) = template.as_str() { - return Some(template.to_owned()); - } else { - eprintln!( - "'{}' has non-string template value '{}'", - self.setting, template - ) - } - } else { - eprintln!("'{}' has no 'template' key in metadata", self.setting); - } - } else { - eprintln!("'{}' has no metadata", self.setting); - } - None - } - - /// This handles the common behavior of the forward and backward migrations. - /// We get the setting's template and generate the old value to be sure the user hasn't changed - /// it, then generate the new value for our output. - fn update_template_and_data( - &self, - outgoing_setting_data: &str, - outgoing_template: &str, - incoming_template: &str, - input: &mut MigrationData, - ) -> Result<()> { - if let Some(template) = &self.get_setting_template(input) { - if template == outgoing_template { - println!( - "Changing template of '{}' from '{}' to '{}'", - self.setting, outgoing_template, incoming_template - ); - // Update the setting's template - let metadata = input.metadata.entry(self.setting.to_string()).or_default(); - metadata.insert( - "template".to_string(), - serde_json::Value::String(incoming_template.to_string()), - ); - let registry = schnauzer::v1::build_template_registry() - .context(error::BuildTemplateRegistrySnafu)?; - // Structure the input migration data into its hierarchical representation needed by render_template - let input_data = structure_migration_data_for_templates(&input.data)?; - // Generate settings data using the setting's outgoing template so we can confirm - // it matches our expected value; if not, the user has changed it and we should stop. - let generated_old_data = registry - .render_template(template, &input_data) - .context(error::RenderTemplateSnafu { template })?; - if generated_old_data == *outgoing_setting_data { - // Generate settings data using the setting's incoming template - let generated_new_data = registry - .render_template(incoming_template, &input_data) - .context(error::RenderTemplateSnafu { template })?; - println!( - "Changing value of '{}' from '{}' to '{}'", - self.setting, outgoing_setting_data, generated_new_data - ); - // Update settings value with new generated value - input.data.insert( - self.setting.to_string(), - serde_json::Value::String(generated_new_data), - ); - } else { - println!( - "'{}' is not set to '{}', leaving alone", - self.setting, generated_old_data - ); - } - } else { - println!( - "Template for '{}' is not set to '{}', leaving alone", - self.setting, outgoing_template - ); - } - } - - Ok(()) - } -} - -#[allow(deprecated)] -impl Migration for ReplaceTemplateMigration { - fn forward(&mut self, mut input: MigrationData) -> Result { - if let Some(input_value) = input.data.get(self.setting) { - let data = input_value - .as_str() - .context(error::NonStringSettingDataTypeSnafu { - setting: self.setting, - })?; - println!( - "Updating template and value of '{}' on upgrade", - self.setting - ); - self.update_template_and_data( - // Clone the input string; we need to give the function mutable access to - // the structure that contains the string, so we can't pass a reference into the structure. - #[allow(clippy::unnecessary_to_owned)] - &data.to_owned(), - self.old_template, - self.new_template, - &mut input, - )?; - } else { - println!("Found no '{}' to change on upgrade", self.setting); - } - Ok(input) - } - - fn backward(&mut self, mut input: MigrationData) -> Result { - if let Some(input_value) = input.data.get(self.setting) { - let data = input_value - .as_str() - .context(error::NonStringSettingDataTypeSnafu { - setting: self.setting, - })?; - println!( - "Updating template and value of '{}' on downgrade", - self.setting - ); - self.update_template_and_data( - // Clone the input string; we need to give the function mutable access to - // the structure that contains the string, so we can't pass a reference into the structure. - #[allow(clippy::unnecessary_to_owned)] - &data.to_owned(), - self.new_template, - self.old_template, - &mut input, - )?; - } else { - println!("Found no '{}' to change on downgrade", self.setting); - } - Ok(input) - } -} - -// =^..^= =^..^= =^..^= =^..^= =^..^= =^..^= =^..^= =^..^= =^..^= - -/// We use this migration when we replace an existing template for generating some setting. -pub struct ReplaceSchnauzerMigration { - pub setting: &'static str, - pub old_schnauzer_cmdline: &'static str, - pub new_schnauzer_cmdline: &'static str, -} - -/// This helper function takes `MigrationData.data`, which is a mapping of dotted keys -> -/// scalar values, and converts it into the hierarchical representation needed by handlebars templates. -fn structure_migration_data_for_templates( - input: &HashMap, -) -> Result { - let mut datastore: HashMap = HashMap::new(); - for (k, v) in input.iter() { - // The prefixes we want to make available; these each have to be deserialized below. - if k.starts_with("settings.") || k.starts_with("os.") { - datastore.insert( - datastore::Key::new(datastore::KeyType::Data, k).context(error::NewKeySnafu)?, - // We want the serialized form here, to work with the datastore deserialization code. - // to_string on a Value gives the serialized form. - v.to_string(), - ); - } - } - // Note this is a workaround because we don't have a top level model structure that encompasses 'settings'. - // We need to use `from_map_with_prefix` because we don't have a struct; it strips away the - // "settings" layer, which we then add back on with a wrapping HashMap. - let settings_data: HashMap = - datastore::deserialization::from_map_with_prefix(Some("settings".to_string()), &datastore) - .context(error::DeserializeDatastoreSnafu)?; - // Same for "os.*" - let os_data: HashMap = - datastore::deserialization::from_map_with_prefix(Some("os".to_string()), &datastore) - .context(error::DeserializeDatastoreSnafu)?; - - let mut structured_data = HashMap::new(); - structured_data.insert("settings", settings_data); - structured_data.insert("os", os_data); - - Ok(structured_data) -} - -/// Schnauzer's renderer requires a `TemplateImporter` which tells the renderer how to find settings -/// and helpers. We define our own importer which uses our in-memory copy of the datastore to find -/// settings, and the current static set of helpers. -#[derive(Debug, Clone)] -struct SchnauzerMigrationTemplateImporter { - settings_resolver: JsonSettingsResolver, - helper_resolver: StaticHelperResolver, -} - -impl SchnauzerMigrationTemplateImporter { - fn new(settings: serde_json::Value) -> Self { - Self { - settings_resolver: JsonSettingsResolver::new(settings), - helper_resolver: StaticHelperResolver, - } - } -} - -schnauzer::impl_template_importer!( - SchnauzerMigrationTemplateImporter, - JsonSettingsResolver, - StaticHelperResolver -); - -impl ReplaceSchnauzerMigration { - fn get_setting_schnauzer_cmdline(&self, input: &MigrationData) -> Option { - input - .metadata - .get(self.setting) - .or_else(|| { - eprintln!("'{}' has no metadata", self.setting); - None - }) - .and_then(|metadata| { - let setting_generator = metadata.get("setting-generator"); - if setting_generator.is_none() { - eprintln!( - "'{}' has no 'setting-generator' key in metadata", - self.setting - ); - } - setting_generator - }) - .and_then(|setting_generator_value| { - let setting_generator = setting_generator_value.as_str(); - if setting_generator.is_none() { - eprintln!( - "'{}' has non-string setting-generator value '{}'", - self.setting, setting_generator_value - ); - } - setting_generator - }) - .and_then(|schnauzer_cmdline| { - if !schnauzer_cmdline.trim().starts_with("schnauzer-v2") { - eprintln!( - "'{}' has non-schnauzer setting-generator value '{}'", - self.setting, schnauzer_cmdline - ); - None - } else { - Some(schnauzer_cmdline.to_string()) - } - }) - } - - fn update_schnauzer_cmdline_and_data( - &self, - current_schnauzer_cmdline: &str, - outgoing_setting_data: &str, - outgoing_schnauzer_cmdline: &str, - incoming_schnauzer_cmdline: &str, - input: &mut MigrationData, - ) -> Result<()> { - if current_schnauzer_cmdline == outgoing_schnauzer_cmdline { - println!( - "Updating schnauzer cmdline of '{}' from '{}' to '{}'", - self.setting, outgoing_schnauzer_cmdline, incoming_schnauzer_cmdline - ); - // Update the schnauzer cmdline - let metadata = input.metadata.entry(self.setting.to_string()).or_default(); - metadata.insert( - "setting-generator".to_string(), - serde_json::Value::String(incoming_schnauzer_cmdline.to_string()), - ); - - let input_data = structure_migration_data_for_templates(&input.data)?; - let input_data = - serde_json::to_value(input_data).context(error::SerializeTemplateDataSnafu)?; - - // Generate settings data using the setting's outgoing template so we can confirm - // it matches our expected value; if not, the user has changed it and we should stop. - let template_importer = SchnauzerMigrationTemplateImporter::new(input_data); - let outgoing_command_args = Shlex::new(outgoing_schnauzer_cmdline); - - let tokio_runtime = tokio::runtime::Builder::new_multi_thread() - .enable_all() - .build() - .context(error::CreateTokioRuntimeSnafu)?; - - let generated_old_data = tokio_runtime - .block_on(async { - schnauzer::v2::cli::run_with_args(outgoing_command_args, &template_importer) - .await - }) - .with_context(|_| error::RenderSchnauzerV2TemplateSnafu { - cmdline: outgoing_schnauzer_cmdline.to_string(), - })?; - - if generated_old_data == *outgoing_setting_data { - // Generate settings data using the setting's incoming template - let incoming_command_args = Shlex::new(incoming_schnauzer_cmdline); - let generated_new_data = tokio_runtime - .block_on(async { - schnauzer::v2::cli::run_with_args(incoming_command_args, &template_importer) - .await - }) - .with_context(|_| error::RenderSchnauzerV2TemplateSnafu { - cmdline: incoming_schnauzer_cmdline.to_string(), - })?; - println!( - "Changing value of '{}' from '{}' to '{}'", - self.setting, outgoing_setting_data, generated_new_data - ); - // Update settings value with new generated value - input.data.insert( - self.setting.to_string(), - serde_json::Value::String(generated_new_data), - ); - } else { - println!( - "'{}' is not set to '{}', leaving alone", - self.setting, generated_old_data - ); - } - } - - Ok(()) - } -} - -impl Migration for ReplaceSchnauzerMigration { - fn forward(&mut self, mut input: MigrationData) -> Result { - if let Some(input_value) = input.data.get(self.setting) { - let data = input_value - .as_str() - .context(error::NonStringSettingDataTypeSnafu { - setting: self.setting, - })?; - println!( - "Updating schnauzer template and value of '{}' on upgrade", - self.setting - ); - if let Some(schnauzer_cmdline) = &self.get_setting_schnauzer_cmdline(&input) { - if schnauzer_cmdline == self.old_schnauzer_cmdline { - self.update_schnauzer_cmdline_and_data( - schnauzer_cmdline, - // Clone the input string; we need to give the function mutable access to - // the structure that contains the string, so we can't pass a reference into the - // structure. - #[allow(clippy::unnecessary_to_owned)] - &data.to_owned(), - self.old_schnauzer_cmdline, - self.new_schnauzer_cmdline, - &mut input, - )?; - } else { - println!( - "Generator for '{}' is not set to '{}', leaving alone", - self.setting, self.old_schnauzer_cmdline - ); - } - } - } else { - println!("Found no '{}' to change on upgrade", self.setting); - } - - Ok(input) - } - - fn backward(&mut self, mut input: MigrationData) -> Result { - if let Some(input_value) = input.data.get(self.setting) { - let data = input_value - .as_str() - .context(error::NonStringSettingDataTypeSnafu { - setting: self.setting, - })?; - println!( - "Updating schnauzer template and value of '{}' on downgrade", - self.setting - ); - if let Some(schnauzer_cmdline) = &self.get_setting_schnauzer_cmdline(&input) { - self.update_schnauzer_cmdline_and_data( - schnauzer_cmdline, - // Clone the input string; we need to give the function mutable access to - // the structure that contains the string, so we can't pass a reference into the - // structure. - #[allow(clippy::unnecessary_to_owned)] - &data.to_owned(), - self.new_schnauzer_cmdline, - self.old_schnauzer_cmdline, - &mut input, - )?; - } - } else { - println!("Found no '{}' to change on downgrade", self.setting); - } - - Ok(input) - } -} - -#[cfg(test)] -mod test_replace_schnauzer_migration { - use super::ReplaceSchnauzerMigration; - use crate::{Migration, MigrationData}; - use maplit::hashmap; - use serde_json::json; - - #[test] - fn test_replaces_data_and_generator() { - // Given a schnauzer migration where the settings generator and generated data are both set - // to the input values, - // When the ReplaceSchnauzerMigration is performed, - // Both the generator and data are updated. - let mut migration = ReplaceSchnauzerMigration { - setting: "settings.output", - old_schnauzer_cmdline: - "schnauzer-v2 render --requires 'input@v1' --template '{{ settings.input }}'", - new_schnauzer_cmdline: - "schnauzer-v2 render --requires 'input@v1' --template '{{ settings.input }}, world'", - }; - - let input = MigrationData { - data: hashmap! { - "settings.input".into() => json!("hello"), - "settings.output".into() => json!("hello"), - "os".into() => json!({}), - }, - metadata: hashmap! { - "settings.output".into() => hashmap!{"setting-generator".into() => migration.old_schnauzer_cmdline.into()} - }, - }; - - let forward_result = migration.forward(input.clone()); - println!("{:?}", forward_result); - let forward_result = forward_result.unwrap(); - - assert_eq!( - forward_result - .data - .get("settings.output") - .unwrap() - .as_str() - .unwrap(), - "hello, world" - ); - assert_eq!( - forward_result - .metadata - .get("settings.output") - .unwrap() - .get("setting-generator") - .unwrap(), - migration.new_schnauzer_cmdline - ); - - let backward_result = migration.backward(forward_result); - println!("{:?}", backward_result); - let backward_result = backward_result.unwrap(); - - assert_eq!( - backward_result - .data - .get("settings.output") - .unwrap() - .as_str() - .unwrap(), - "hello" - ); - assert_eq!( - backward_result - .metadata - .get("settings.output") - .unwrap() - .get("setting-generator") - .unwrap(), - migration.old_schnauzer_cmdline - ); - } - - #[test] - fn test_replaces_generator_not_data() { - // Given a schnauzer migration where the settings generator is the same but the generated - // setting has changed, - // When the ReplaceSchnauzerMigration is performed, - // Only the generator is updated. The overwritten data remains. - let mut migration = ReplaceSchnauzerMigration { - setting: "settings.output", - old_schnauzer_cmdline: - "schnauzer-v2 render --requires 'input@v1' --template '{{ settings.input }}, world'", - new_schnauzer_cmdline: - "schnauzer-v2 render --requires 'input@v1' --template '{{ settings.input }}'", - }; - - let input = MigrationData { - data: hashmap! { - "settings.input".into() => json!("hello"), - "settings.output".into() => json!("overwritten!"), - "os".into() => json!({}), - }, - metadata: hashmap! { - "settings.output".into() => hashmap!{"setting-generator".into() => migration.old_schnauzer_cmdline.into()} - }, - }; - - let forward_result = migration.forward(input.clone()); - println!("{:?}", forward_result); - let forward_result = forward_result.unwrap(); - - assert_eq!( - forward_result - .data - .get("settings.output") - .unwrap() - .as_str() - .unwrap(), - "overwritten!" - ); - assert_eq!( - forward_result - .metadata - .get("settings.output") - .unwrap() - .get("setting-generator") - .unwrap(), - migration.new_schnauzer_cmdline - ); - - let backward_result = migration.backward(forward_result); - println!("{:?}", backward_result); - let backward_result = backward_result.unwrap(); - - assert_eq!( - backward_result - .data - .get("settings.output") - .unwrap() - .as_str() - .unwrap(), - "overwritten!" - ); - assert_eq!( - backward_result - .metadata - .get("settings.output") - .unwrap() - .get("setting-generator") - .unwrap(), - migration.old_schnauzer_cmdline - ); - } - - #[test] - fn test_replaces_nothing() { - // Given a schnauzer migration where the settings generator is not what's expected, - // When the ReplaceSchnauzerMigration is performed, - // Then nothing is changed, leaving user settings intact. - let mut migration = ReplaceSchnauzerMigration { - setting: "settings.output", - old_schnauzer_cmdline: - "schnauzer-v2 render --requires 'input@v1' --template '{{ settings.input }}, world'", - new_schnauzer_cmdline: - "schnauzer-v2 render --requires 'input@v1' --template '{{ settings.input }}'", - }; - - let overwritten_cmdline = "schnauzer-v2 render --template 'something new!'"; - - let input = MigrationData { - data: hashmap! { - "settings.input".into() => json!("hello"), - "settings.output".into() => json!("something new!"), - "os".into() => json!({}), - }, - metadata: hashmap! { - "settings.output".into() => hashmap!{ - "setting-generator".into() => overwritten_cmdline.into() - } - }, - }; - - let forward_result = migration.forward(input.clone()); - println!("{:?}", forward_result); - let forward_result = forward_result.unwrap(); - - assert_eq!( - forward_result - .data - .get("settings.output") - .unwrap() - .as_str() - .unwrap(), - "something new!" - ); - assert_eq!( - forward_result - .metadata - .get("settings.output") - .unwrap() - .get("setting-generator") - .unwrap(), - overwritten_cmdline - ); - - let backward_result = migration.backward(forward_result); - println!("{:?}", backward_result); - let backward_result = backward_result.unwrap(); - - assert_eq!( - backward_result - .data - .get("settings.output") - .unwrap() - .as_str() - .unwrap(), - "something new!" - ); - assert_eq!( - backward_result - .metadata - .get("settings.output") - .unwrap() - .get("setting-generator") - .unwrap(), - overwritten_cmdline - ); - } -} - -// =^..^= =^..^= =^..^= =^..^= =^..^= =^..^= =^..^= =^..^= =^..^= - -/// We use this migration when we add metadata and want to make sure they're removed before we go -/// back to old versions that don't understand them. -#[derive(Debug)] -pub struct SettingMetadata { - pub setting: &'static str, - pub metadata: &'static [&'static str], -} - -pub struct AddMetadataMigration(pub &'static [SettingMetadata]); - -impl Migration for AddMetadataMigration { - /// New versions must have the metadata already defined in defaults. - fn forward(&mut self, input: MigrationData) -> Result { - println!( - "AddMetadataMigration({:?}) has no work to do on upgrade.", - &self.0 - ); - Ok(input) - } - - /// Older versions might break with certain settings metadata (such as with setting-generators) - /// so we need to remove them. - fn backward(&mut self, mut input: MigrationData) -> Result { - for setting_metadata in self.0 { - if let Some(found_metadata) = input.metadata.get_mut(setting_metadata.setting) { - for metadata in setting_metadata.metadata { - if let Some(metadata_value) = found_metadata.remove(*metadata) { - println!( - "Removed {}, which was set to '{}'", - metadata, metadata_value - ); - } else { - println!( - "Found no metadata '{}' to remove on setting '{}'", - metadata, setting_metadata.setting - ); - } - } - } else { - println!( - "Found no metadata for '{}' setting", - setting_metadata.setting - ); - } - } - Ok(input) - } -} - -#[cfg(test)] -mod test_add_metadata { - use super::{AddMetadataMigration, SettingMetadata}; - use crate::{Migration, MigrationData}; - use maplit::hashmap; - use std::collections::HashMap; - - #[test] - fn backward() { - let data = MigrationData { - data: HashMap::new(), - metadata: hashmap! { - "hi".into() => hashmap!{"there".into() => "whatever".into()}, - }, - }; - let result = AddMetadataMigration(&[SettingMetadata { - setting: "hi", - metadata: &["there"], - }]) - .backward(data) - .unwrap(); - assert_eq!( - result.metadata, - hashmap! { - "hi".into() => HashMap::new(), - } - ); - } - - #[test] - fn backward_noop() { - let data = MigrationData { - data: HashMap::new(), - metadata: hashmap! { - "hi".into() => hashmap!{"sup".into() => "wassup".into()}, - }, - }; - let result = AddMetadataMigration(&[SettingMetadata { - setting: "hi", - metadata: &["there"], - }]) - .backward(data) - .unwrap(); - assert_eq!( - result.metadata, - hashmap! { - "hi".into() => hashmap!{"sup".into() => "wassup".into()}, - } - ); - } -} - -// =^..^= =^..^= =^..^= =^..^= =^..^= =^..^= =^..^= =^..^= =^..^= - -/// We use this migration when we remove metadata -pub struct RemoveMetadataMigration(pub &'static [SettingMetadata]); - -impl Migration for RemoveMetadataMigration { - fn forward(&mut self, mut input: MigrationData) -> Result { - for setting_metadata in self.0 { - if let Some(found_metadata) = input.metadata.get_mut(setting_metadata.setting) { - for metadata in setting_metadata.metadata { - if let Some(metadata_value) = found_metadata.remove(*metadata) { - println!( - "Removed {}, which was set to '{}'", - metadata, metadata_value - ); - } else { - println!( - "Found no metadata '{}' to remove on setting '{}'", - metadata, setting_metadata.setting - ); - } - } - } else { - println!( - "Found no metadata for '{}' setting", - setting_metadata.setting - ); - } - } - Ok(input) - } - - fn backward(&mut self, input: MigrationData) -> Result { - println!( - "RemoveMetadataMigration({:?}) has no work to do on downgrade.", - &self.0 - ); - Ok(input) - } -} - -#[cfg(test)] -mod test_remove_metadata { - use super::{RemoveMetadataMigration, SettingMetadata}; - use crate::{Migration, MigrationData}; - use maplit::hashmap; - use std::collections::HashMap; - - #[test] - fn forward() { - let data = MigrationData { - data: HashMap::new(), - metadata: hashmap! { - "hi".into() => hashmap!{"there".into() => "whatever".into() }, - }, - }; - let result = RemoveMetadataMigration(&[SettingMetadata { - setting: "hi", - metadata: &["there"], - }]) - .forward(data) - .unwrap(); - assert_eq!(result.metadata, hashmap! { "hi".into() => HashMap::new() }); - } - - #[test] - fn forward_noop() { - let data = MigrationData { - data: HashMap::new(), - metadata: hashmap! { - "hi".into() => hashmap!{"there".into() => "whatever".into() }, - }, - }; - let result = RemoveMetadataMigration(&[SettingMetadata { - setting: "hi", - metadata: &["which"], - }]) - .forward(data) - .unwrap(); - assert_eq!( - result.metadata, - hashmap! { "hi".into() => hashmap!{"there".into() => "whatever".into() } } - ); - } - - #[test] - fn backward() { - let data = MigrationData { - data: HashMap::new(), - metadata: hashmap! { - "hi".into() => hashmap!{"there".into() => "whatever".into()}, - }, - }; - let result = RemoveMetadataMigration(&[SettingMetadata { - setting: "hi", - metadata: &["there"], - }]) - .backward(data) - .unwrap(); - assert_eq!( - result.metadata, - hashmap! { - "hi".into() => hashmap!{"there".into() => "whatever".into()}, - } - ); - } -} - -// =^..^= =^..^= =^..^= =^..^= =^..^= =^..^= =^..^= =^..^= =^..^= - -/// We use this migration when we need to replace metadata that contain lists of string values; -/// for example, when a release changes the list of 'affected-services' associated with a setting. -// String is the only type we use today, and handling multiple value types is more complicated than -// we need at the moment. Allowing &[serde_json::Value] seems nice, but it would allow arbitrary -// data transformations that the API model would then fail to load. - -pub struct MetadataListReplacement { - pub setting: &'static str, - pub metadata: &'static str, - pub old_vals: &'static [&'static str], - pub new_vals: &'static [&'static str], -} - -pub struct ReplaceMetadataListsMigration(pub Vec); - -impl Migration for ReplaceMetadataListsMigration { - fn forward(&mut self, mut input: MigrationData) -> Result { - for replacement in &self.0 { - if let Some(found_metadata) = input.metadata.get_mut(replacement.setting) { - if let Some(metadata_data) = found_metadata.get_mut(replacement.metadata) { - match metadata_data { - serde_json::Value::Array(data) => { - // We only handle string lists; convert each value to a str we can compare. - let list: Vec<&str> = data - .iter() - .map(|v| v.as_str()) - .collect::>>() - .with_context(|| error::ReplaceMetadataListContentsSnafu { - setting: replacement.setting, - metadata: replacement.metadata, - data: data.clone(), - })?; - - if list == replacement.old_vals { - // Convert back to the original type so we can store it. - *data = replacement.new_vals.iter().map(|s| (*s).into()).collect(); - println!( - "Changed value of metadata '{}' for setting '{}' from {:?} to {:?} on upgrade", - replacement.metadata, - replacement.setting, - replacement.old_vals, - replacement.new_vals - ); - } else { - println!( - "Metadata '{}' for setting '{}' is not set to {:?}, leaving alone", - replacement.metadata, replacement.setting, list - ); - } - } - _ => { - println!( - "'Metadata '{}' for setting '{}' is set to non-list value '{}'; ReplaceMetadataListsMigration only handles lists", - replacement.metadata, replacement.setting, metadata_data - ); - } - } - } else { - println!( - "Found no metadata '{}' for setting '{}'", - replacement.metadata, replacement.setting - ); - } - } else { - println!("Found no metadata for '{}' setting", replacement.setting); - } - } - Ok(input) - } - - fn backward(&mut self, mut input: MigrationData) -> Result { - for replacement in &self.0 { - if let Some(found_metadata) = input.metadata.get_mut(replacement.setting) { - if let Some(metadata_data) = found_metadata.get_mut(replacement.metadata) { - match metadata_data { - serde_json::Value::Array(data) => { - // We only handle string lists; convert each value to a str we can compare. - let list: Vec<&str> = data - .iter() - .map(|v| v.as_str()) - .collect::>>() - .with_context(|| error::ReplaceMetadataListContentsSnafu { - setting: replacement.setting, - metadata: replacement.metadata, - data: data.clone(), - })?; - - if list == replacement.new_vals { - // Convert back to the original type so we can store it. - *data = replacement.old_vals.iter().map(|s| (*s).into()).collect(); - println!( - "Changed value of metadata '{}' for setting '{}' from {:?} to {:?} on downgrade", - replacement.metadata, - replacement.setting, - replacement.new_vals, - replacement.old_vals - ); - } else { - println!( - "Metadata '{}' for setting '{}' is not set to {:?}, leaving alone", - replacement.metadata, replacement.setting, list - ); - } - } - _ => { - println!( - "'Metadata '{}' for setting '{}' is set to non-list value '{}'; ReplaceMetadataListsMigration only handles lists", - replacement.metadata, replacement.setting, metadata_data - ); - } - } - } else { - println!( - "Found no metadata '{}' for setting '{}'", - replacement.metadata, replacement.setting - ); - } - } else { - println!("Found no metadata for '{}' setting", replacement.setting); - } - } - Ok(input) - } -} - -#[cfg(test)] -mod test_replace_metadata_list { - use super::{MetadataListReplacement, ReplaceMetadataListsMigration}; - use crate::{Migration, MigrationData}; - use maplit::hashmap; - use std::collections::HashMap; - - #[test] - fn single_forward() { - let data = MigrationData { - data: HashMap::new(), - metadata: hashmap! { - "sunny".into() => hashmap!{"affected-service".into() => vec!["ice", "cube"].into()}, - }, - }; - let result = ReplaceMetadataListsMigration(vec![MetadataListReplacement { - setting: "sunny", - metadata: "affected-service", - old_vals: &["ice", "cube"], - new_vals: &["warm", "water"], - }]) - .forward(data) - .unwrap(); - assert_eq!( - result.metadata, - hashmap! { - "sunny".into() =>hashmap!{"affected-service".into() => vec!["warm", "water"].into()}, - } - ); - } - - #[test] - fn single_backward() { - let data = MigrationData { - data: HashMap::new(), - metadata: hashmap! { - "freezing".into() => hashmap!{"affected-service".into() => vec!["warm", "water"].into()}, - }, - }; - let result = ReplaceMetadataListsMigration(vec![MetadataListReplacement { - setting: "freezing", - metadata: "affected-service", - old_vals: &["ice", "cube"], - new_vals: &["warm", "water"], - }]) - .backward(data) - .unwrap(); - assert_eq!( - result.metadata, - hashmap! { - "freezing".into() =>hashmap!{"affected-service".into() => vec!["ice", "cube"].into()}, - } - ); - } - - #[test] - fn multiple_forward() { - let data = MigrationData { - data: HashMap::new(), - metadata: hashmap! { - "greeting".into() => hashmap!{"hi".into() => vec!["konichiwa", "privet"].into()}, - "goodbye".into() => hashmap!{"bye".into() => vec!["spokoynoy nochi", "do svidaniya"].into()}, - "ignored".into() => hashmap!{"sad".into() => vec!["no", "change"].into()}, - }, - }; - let result = ReplaceMetadataListsMigration(vec![ - MetadataListReplacement { - setting: "greeting", - metadata: "hi", - old_vals: &["konichiwa", "privet"], - new_vals: &["aloha", "annyeong"], - }, - MetadataListReplacement { - setting: "goodbye", - metadata: "bye", - old_vals: &["spokoynoy nochi", "do svidaniya"], - new_vals: &["annyeong", "aloha"], - }, - ]) - .forward(data) - .unwrap(); - assert_eq!( - result.metadata, - hashmap! { - "greeting".into() => hashmap!{"hi".into() => vec!["aloha", "annyeong"].into()}, - "goodbye".into() => hashmap!{"bye".into() => vec!["annyeong", "aloha"].into()}, - "ignored".into() => hashmap!{"sad".into() => vec!["no", "change"].into()}, - } - ); - } - - #[test] - fn no_match() { - let data = MigrationData { - data: HashMap::new(), - metadata: hashmap! { - "hi1".into() => hashmap!{"hello?".into() => vec!["konichiwa", "privet"].into()}, - "hi2".into() => hashmap!{"goodbye?".into() => vec!["spokoynoy nochi", "do svidaniya"].into()}, - }, - }; - let result = ReplaceMetadataListsMigration(vec![ - MetadataListReplacement { - setting: "hi1", - metadata: "not hello", - old_vals: &["hey?"], - new_vals: &["whats", "up"], - }, - MetadataListReplacement { - setting: "hi1", - metadata: "hello?", - old_vals: &["goodbye", "not match"], - new_vals: &["whats", "up"], - }, - MetadataListReplacement { - setting: "hi3", - metadata: "no", - old_vals: &["goodbye", "not match"], - new_vals: &["whats", "up"], - }, - ]) - .forward(data) - .unwrap(); - // No change - assert_eq!( - result.metadata, - hashmap! { - "hi1".into() => hashmap!{"hello?".into() => vec!["konichiwa", "privet"].into()}, - "hi2".into() => hashmap!{"goodbye?".into() => vec!["spokoynoy nochi", "do svidaniya"].into()}, - } - ); - } - - #[test] - fn not_list() { - let data = MigrationData { - data: HashMap::new(), - metadata: hashmap! { - "hi".into() => hashmap!{"whats going on".into() => "just a string, not a list".into()}, - }, - }; - let result = ReplaceMetadataListsMigration(vec![MetadataListReplacement { - setting: "hi", - metadata: "whats going on", - old_vals: &["there"], - new_vals: &["sup", "hey"], - }]) - .forward(data) - .unwrap(); - // No change - assert_eq!( - result.metadata, - hashmap! { - "hi".into() => hashmap!{"whats going on".into() => "just a string, not a list".into()}, - } - ); - } - - #[test] - fn not_string() { - let data = MigrationData { - data: HashMap::new(), - metadata: hashmap! { - "hi".into() => hashmap!{"whats going on".into() => vec![0].into()}, - }, - }; - ReplaceMetadataListsMigration(vec![MetadataListReplacement { - setting: "hi", - metadata: "whats going on", - old_vals: &["why"], - new_vals: &["sup", "hey"], - }]) - .forward(data) - .unwrap_err(); - } -} - -// =^..^= =^..^= =^..^= =^..^= =^..^= =^..^= =^..^= =^..^= =^..^= - -/// We use this migration when we need to replace a single metadata value; -/// for example, what a release changes the `setting-generator` associated with a setting. -// String is the only type we use today, and handling multiple value types is more complicated than -// we need at the moment. Allowing &[serde_json::Value] seems nice, but it would allow arbitrary -// data transformations that the API model would then fail to load. - -#[derive(Debug, Clone)] -pub struct MetadataReplacement { - pub setting: &'static str, - pub metadata: &'static str, - pub old_val: &'static str, - pub new_val: &'static str, -} - -impl MetadataReplacement { - /// Executes the metadata replacement on given datastore. - /// - /// State which prevents the replacement from being performed results in messages to stdout. - /// Returns whether or not the migration performed changes. - fn perform_replacement(&self, input: &mut MigrationData) -> bool { - input - .metadata - .get_mut(self.setting) - .or_else(|| { - println!("Found no setting '{}'", self.setting); - None - }) - .and_then(|found_metadata| { - let metadata_value = found_metadata.get_mut(self.metadata); - if metadata_value.is_none() { - println!( - "Found no metadata '{}' for setting '{}'", - self.metadata, self.setting - ); - } - metadata_value - }) - .and_then(|metadata| { - // If we have a matching string, replace it with our new value - match metadata { - serde_json::Value::String(data) => { - Some(data) - }, - _ => { - println!( - "Metadata '{}' for setting '{}' is set to non-string value {}; ReplaceMetadataMigration only handles strings.", - self.metadata, self.setting, metadata - ); - None - } - } - }) - .and_then(|data| { - if data == self.old_val { - *data = self.new_val.to_owned(); - println!( - "Changed value of metadata '{}' for setting '{}' from '{}' to '{}'.", - self.metadata, - self.setting, - self.old_val, - self.new_val - ); - Some(data) - } else { - println!( - "Metadata '{}' for setting '{}' is not set to {}, leaving alone", - self.metadata, self.setting, self.old_val - ); - None - } - }) - .is_some() - } -} - -pub struct ReplaceMetadataMigration(pub Vec); - -impl Migration for ReplaceMetadataMigration { - fn forward(&mut self, mut input: MigrationData) -> Result { - self.0.iter().for_each(|replacement| { - replacement.perform_replacement(&mut input); - }); - Ok(input) - } - - fn backward(&mut self, mut input: MigrationData) -> Result { - self.0.iter().for_each(|replacement| { - // Invert our forward migrations, then run them against the data store. - let mut backwards_replacement = replacement.clone(); - backwards_replacement.old_val = replacement.new_val; - backwards_replacement.new_val = replacement.old_val; - - backwards_replacement.perform_replacement(&mut input); - }); - Ok(input) - } -} - -#[cfg(test)] -mod test_replace_metadata { - use super::{MetadataReplacement, ReplaceMetadataMigration}; - use crate::{Migration, MigrationData}; - use maplit::hashmap; - use std::collections::HashMap; - - #[test] - fn test_forward() { - let data = MigrationData { - data: HashMap::new(), - metadata: hashmap! { - "hiking".into() => hashmap!{"setting-generator".into() => "weather-is-sunny".into()} - }, - }; - let result = ReplaceMetadataMigration(vec![MetadataReplacement { - setting: "hiking", - metadata: "setting-generator", - old_val: "weather-is-sunny", - new_val: "/bin/true", - }]) - .forward(data) - .unwrap(); - - assert_eq!( - result.metadata, - hashmap! { - "hiking".into() => hashmap!{"setting-generator".into() => "/bin/true".into()} - } - ); - } - - #[test] - fn test_backward() { - let data = MigrationData { - data: HashMap::new(), - metadata: hashmap! { - "favorite-dog-park".into() => hashmap!{"setting-generator".into() => "closest-lake".into()} - }, - }; - let result = ReplaceMetadataMigration(vec![MetadataReplacement { - setting: "favorite-dog-park", - metadata: "setting-generator", - old_val: "closest-beach", - new_val: "closest-lake", - }]) - .backward(data) - .unwrap(); - - assert_eq!( - result.metadata, - hashmap! { - "favorite-dog-park".into() => hashmap!{"setting-generator".into() => "closest-beach".into()} - } - ); - } - - #[test] - fn no_match() { - let data = MigrationData { - data: HashMap::new(), - metadata: hashmap! { - "hi1".into() => hashmap!{"hello?".into() => "konichiwa".into()}, - "hi2".into() => hashmap!{"goodbye?".into() => "spokoynoy nochi".into()}, - }, - }; - let result = ReplaceMetadataMigration(vec![ - MetadataReplacement { - setting: "hi1", - metadata: "not hello", - old_val: "hey?", - new_val: "whats up", - }, - MetadataReplacement { - setting: "hi1", - metadata: "hello?", - old_val: "goodbye", - new_val: "whats up", - }, - MetadataReplacement { - setting: "hi3", - metadata: "no", - old_val: "goodbye", - new_val: "whats up", - }, - ]) - .forward(data) - .unwrap(); - // No change - assert_eq!( - result.metadata, - hashmap! { - "hi1".into() => hashmap!{"hello?".into() => "konichiwa".into()}, - "hi2".into() => hashmap!{"goodbye?".into() => "spokoynoy nochi".into()}, - } - ); - } - - #[test] - fn not_string() { - let data = MigrationData { - data: HashMap::new(), - metadata: hashmap! { - "dirtywave".into() => hashmap!{"qualities".into() => vec!["synthesizer", "sequencer"].into()} - }, - }; - let result = ReplaceMetadataMigration(vec![MetadataReplacement { - setting: "dirtywave", - metadata: "qualities", - old_val: "sequencer", - new_val: "tracker", - }]) - .forward(data) - .unwrap(); - // No change - assert_eq!( - result.metadata, - hashmap! { - "dirtywave".into() => hashmap!{"qualities".into() => vec!["synthesizer", "sequencer"].into()} - } - ); - } -} - -// =^..^= =^..^= =^..^= =^..^= =^..^= =^..^= =^..^= =^..^= =^..^= - -/// When we add conditional migrations that can only run for specific variants, we need to run this -/// migration helper for cases where the migration does NOT apply so migrator will still create a valid -/// intermediary datastore that the host can transition to. -#[derive(Debug)] -pub struct NoOpMigration; - -impl Migration for NoOpMigration { - /// No work to do on forward migrations, copy the same datastore - fn forward(&mut self, input: MigrationData) -> Result { - println!("NoOpMigration has no work to do on upgrade.",); - Ok(input) - } - - /// No work to do on backward migrations, copy the same datastore - fn backward(&mut self, input: MigrationData) -> Result { - println!("NoOpMigration has no work to do on downgrade.",); - Ok(input) - } -} diff --git a/sources/api/migration/migration-helpers/src/datastore_helper.rs b/sources/api/migration/migration-helpers/src/datastore_helper.rs deleted file mode 100644 index cfb31685e..000000000 --- a/sources/api/migration/migration-helpers/src/datastore_helper.rs +++ /dev/null @@ -1,123 +0,0 @@ -//! This module contains the functions that interact with the data store, retrieving data to -//! migrate and writing back migrated data. - -use bottlerocket_release::BottlerocketRelease; -use snafu::ResultExt; -use std::collections::HashMap; - -use crate::{error, MigrationData, Result}; -use datastore::{ - deserialize_scalar, serialization::to_pairs_with_prefix, serialize_scalar, Committed, - DataStore, Key, KeyType, -}; - -// To get input data from the existing data store, we use datastore methods, because we assume -// breaking changes in the basic data store API would be a major-version migration of the data -// store, and that would be handled separately. This method is private to the crate, so we can -// reconsider as needed. -/// Retrieves data from the specified data store in a consistent format for easy modification. -pub(crate) fn get_input_data( - datastore: &D, - committed: &Committed, -) -> Result { - let raw_data = datastore - .get_prefix("", committed) - .with_context(|_| error::GetDataSnafu { - committed: committed.clone(), - })?; - - let mut data = HashMap::new(); - for (data_key, value_str) in raw_data.into_iter() { - // Store keys with just their name, rather than the full Key, so that migrations are easier - // to write, and we don't tie migrations to any specific data store version. Migrations - // shouldn't need to link against data store code. - let key_name = data_key.name(); - // Deserialize values to Value so there's a consistent input type. (We can't specify item - // types because we'd have to know the model structure.) - let value = - deserialize_scalar(&value_str).context(error::DeserializeSnafu { input: value_str })?; - data.insert(key_name.clone(), value); - } - - // We also want to make "os.*" values, like variant and arch, available to migrations. - let release = BottlerocketRelease::new().context(error::BottlerocketReleaseSnafu)?; - let os_pairs = to_pairs_with_prefix("os", &release).context(error::SerializeReleaseSnafu)?; - for (data_key, value_str) in os_pairs.into_iter() { - let value = - deserialize_scalar(&value_str).context(error::DeserializeSnafu { input: value_str })?; - data.insert(data_key.name().clone(), value); - } - - // Metadata isn't committed, it goes live immediately, so we only populate the metadata - // output for Committed::Live. - let mut metadata = HashMap::new(); - if let Committed::Live = committed { - let raw_metadata = datastore - .get_metadata_prefix("", &None as &Option<&str>) - .context(error::GetMetadataSnafu)?; - for (data_key, meta_map) in raw_metadata.into_iter() { - // See notes above about storing key Strings and Values. - let data_key_name = data_key.name(); - let data_entry = metadata - .entry(data_key_name.clone()) - .or_insert_with(HashMap::new); - for (metadata_key, value_str) in meta_map.into_iter() { - let metadata_key_name = metadata_key.name(); - let value = deserialize_scalar(&value_str) - .context(error::DeserializeSnafu { input: value_str })?; - data_entry.insert(metadata_key_name.clone(), value); - } - } - } - - Ok(MigrationData { data, metadata }) -} - -// Similar to get_input_data, we use datastore methods here; please read the comment on -// get_input_data. This method is also private to the crate, so we can reconsider as needed. -/// Updates the given data store with the given (migrated) data. -pub(crate) fn set_output_data( - datastore: &mut D, - input: &MigrationData, - committed: &Committed, -) -> Result<()> { - // Prepare serialized data - let mut data = HashMap::new(); - for (data_key_name, raw_value) in &input.data { - // See notes above about storing key Strings and Values. - let data_key = Key::new(KeyType::Data, data_key_name).context(error::InvalidKeySnafu { - key_type: KeyType::Data, - key: data_key_name, - })?; - let value = serialize_scalar(raw_value).context(error::SerializeSnafu)?; - data.insert(data_key, value); - } - - // This is one of the rare cases where we want to set keys directly in the datastore: - // * We're operating on a temporary copy of the datastore, so no concurrency issues - // * We're either about to reboot or just have, and the settings applier will run afterward - datastore - .set_keys(&data, committed) - .context(error::DataStoreWriteSnafu)?; - - // Set metadata in a loop (currently no batch API) - for (data_key_name, meta_map) in &input.metadata { - let data_key = Key::new(KeyType::Data, data_key_name).context(error::InvalidKeySnafu { - key_type: KeyType::Data, - key: data_key_name, - })?; - for (metadata_key_name, raw_value) in meta_map.iter() { - let metadata_key = - Key::new(KeyType::Meta, metadata_key_name).context(error::InvalidKeySnafu { - key_type: KeyType::Meta, - key: metadata_key_name, - })?; - let value = serialize_scalar(&raw_value).context(error::SerializeSnafu)?; - datastore - .set_metadata(&metadata_key, &data_key, value) - .context(error::DataStoreWriteSnafu)?; - } - } - - Ok(()) -} diff --git a/sources/api/migration/migration-helpers/src/error.rs b/sources/api/migration/migration-helpers/src/error.rs deleted file mode 100644 index 2abd5bc62..000000000 --- a/sources/api/migration/migration-helpers/src/error.rs +++ /dev/null @@ -1,137 +0,0 @@ -//! Contains the Error and Result types used by the migration helper functions and migrations. - -use snafu::Snafu; -use std::path::PathBuf; - -/// Error contains the errors that can happen in the migration helper functions and in migrations. -#[derive(Debug, Snafu)] -#[snafu(visibility(pub))] -pub enum Error { - #[snafu(display("Unable to get system release data: {}", source))] - BottlerocketRelease { source: bottlerocket_release::Error }, - - #[snafu(display("Unable to get {:?} data for migration: {}", committed, source))] - GetData { - committed: datastore::Committed, - #[snafu(source(from(datastore::Error, Box::new)))] - source: Box, - }, - - #[snafu(display("Unable to get metadata for migration: {}", source))] - GetMetadata { - #[snafu(source(from(datastore::Error, Box::new)))] - source: Box, - }, - - #[snafu(display("Unable to deserialize to Value from '{}': {}", input, source))] - Deserialize { - input: String, - source: datastore::ScalarError, - }, - - #[snafu(display("Unable to serialize Value: {}", source))] - Serialize { source: datastore::ScalarError }, - - #[snafu(display("Unable to serialize datastore for rendering templates: {}", source))] - SerializeTemplateData { source: serde_json::Error }, - - #[snafu(display("Unable to serialize release data: {}", source))] - SerializeRelease { - source: datastore::serialization::Error, - }, - - #[snafu(display("Unable to write to data store: {}", source))] - DataStoreWrite { - #[snafu(source(from(datastore::Error, Box::new)))] - source: Box, - }, - - #[snafu(display("Unable to remove key '{}' from data store: {}", key, source))] - DataStoreRemove { - key: String, - #[snafu(source(from(datastore::Error, Box::new)))] - source: Box, - }, - - #[snafu(display("Migrated data failed validation: {}", msg))] - Validation { msg: String }, - - // Generic error variant for migration authors - #[snafu(display("Migration returned error: {}", msg))] - Migration { msg: String }, - - // More specific error variants for migration authors to handle common cases - #[snafu(display("Migration requires missing key: {}", key))] - MissingData { key: String }, - - #[snafu(display("Migration used invalid {:?} key '{}': {}", key_type, key, source))] - InvalidKey { - key_type: datastore::KeyType, - key: String, - #[snafu(source(from(datastore::Error, Box::new)))] - source: Box, - }, - - #[snafu(display("Unable to list transactions in data store: {}", source))] - ListTransactions { - #[snafu(source(from(datastore::Error, Box::new)))] - source: Box, - }, - - #[snafu(display("Unable to build handlebar template registry: {}", source))] - BuildTemplateRegistry { source: schnauzer::v1::error::Error }, - - #[snafu(display("Unable to render template string '{}': {}", template, source))] - RenderTemplate { - template: String, - #[snafu(source(from(handlebars::RenderError, Box::new)))] - source: Box, - }, - - #[snafu(display("Unable to render template command '{}': {}", cmdline, source))] - RenderSchnauzerV2Template { - cmdline: String, - source: schnauzer::v2::cli::CLIError, - }, - - #[snafu(display("'{}' is set to non-string value", setting))] - NonStringSettingDataType { setting: String }, - - #[snafu(display("Unable to deserialize datastore data: {}", source))] - DeserializeDatastore { - source: datastore::deserialization::Error, - }, - - #[snafu(display("Unable to create new key: {}", source))] - NewKey { source: datastore::error::Error }, - - #[snafu(display("Setting '{}' contains non-string item: {:?}", setting, data))] - ReplaceListContents { - setting: String, - data: Vec, - }, - - #[snafu(display( - "Metadata '{}' for setting '{}' contains non-string item: {:?}", - metadata, - setting, - data - ))] - ReplaceMetadataListContents { - setting: String, - metadata: String, - data: Vec, - }, - - #[snafu(display("Failed to delete file '{}': '{}'", path.display(), source))] - RemoveFile { - path: PathBuf, - source: std::io::Error, - }, - - #[snafu(display("Failed to create async runtime: {}", source))] - CreateTokioRuntime { source: std::io::Error }, -} - -/// Result alias containing our Error type. -pub type Result = std::result::Result; diff --git a/sources/api/migration/migration-helpers/src/lib.rs b/sources/api/migration/migration-helpers/src/lib.rs deleted file mode 100644 index 3a1787bc0..000000000 --- a/sources/api/migration/migration-helpers/src/lib.rs +++ /dev/null @@ -1,137 +0,0 @@ -//! This module aims to make it as easy as possible to migrate a data store between minor -//! versions. Migration authors just implement one trait, and can then use helper methods to take -//! care of everything else in their main function. -//! -//! Note that you must still name your migration binary according to spec for it to be handled -//! properly by the migration runner. - -// Note that migrations must be run serially; technically, this is because the data store isn't -// locked, and also because migration authors are given an interface for ordering via migration -// name, and running in parallel would violate that. - -mod args; -pub mod common_migrations; -mod datastore_helper; -pub mod error; - -use snafu::ResultExt; -use std::collections::HashMap; -use std::env; -use std::fmt; - -use datastore::{Committed, Value}; -pub use datastore::{DataStore, FilesystemDataStore}; - -use args::{parse_args, Args}; -use datastore_helper::{get_input_data, set_output_data}; -pub use error::Result; - -/// The data store implementation currently in use. Used by the simpler `migrate` interface; can -/// be overridden by using the `run_migration` interface. -type DataStoreImplementation = FilesystemDataStore; - -/// Migrations must implement this trait, and can then use the migrate method to let this module -/// do the rest of the work. -/// -/// Migrations must implement forward and backward methods so changes can be rolled back as -/// necessary. -/// -/// Migrations must not assume any key will exist because they're run on pending data as well as -/// live, and pending transactions usually do not impact all keys. For the same reason, migrations -/// must not add a key in all cases if it's missing, because you could be adding the key to an -/// unrelated pending transaction. Instead, make sure you're adding a key to an existing -/// structure. -pub trait Migration { - /// Migrates data forward from the prior version to the version specified in the migration - /// name. - fn forward(&mut self, input: MigrationData) -> Result; - - /// Migrates data backward from the version specified in the migration name to the prior - /// version. - fn backward(&mut self, input: MigrationData) -> Result; -} - -/// Mapping of metadata key name to arbitrary value. Each data key can have a Metadata describing -/// its metadata keys. -pub type Metadata = HashMap; - -/// MigrationData holds all data that can be migrated in a migration, and serves as the input and -/// output format of migrations. A serde Value type is used to hold the arbitrary data of each -/// key because we can't represent types when they could change in the migration. -#[derive(Debug, Clone, PartialEq, Eq)] -pub struct MigrationData { - /// Mapping of data key names to their arbitrary values. - pub data: HashMap, - /// Mapping of data key names to their metadata. - pub metadata: HashMap, -} - -/// Returns the default settings for a given path so you can easily replace a given section of the -/// datastore with new defaults. For example, you could request "settings" to get all new default -/// settings, or "settings.serviceX.subsection" to scope it down. -pub fn defaults_for>(_path: S) -> Result { - unimplemented!() -} - -/// Ensures we can use the migrated data in the new data store. Can use this result to stop the -/// migration process before saving any data. -fn validate_migrated_data(_migrated: &MigrationData) -> Result<()> { - // No validations yet. - // You can check the migrated data and throw error::Validation if anything seems wrong. - Ok(()) -} - -/// If you need a little more control over a migration than with migrate, or you're using this -/// module as a library, you can call run_migration directly with the arguments that would -/// normally be parsed from the migration binary's command line. -pub fn run_migration(mut migration: impl Migration, args: &Args) -> Result<()> { - let source = DataStoreImplementation::new(&args.source_datastore); - let mut target = DataStoreImplementation::new(&args.target_datastore); - - // Run for live data and for each pending transaction - let mut committeds = vec![Committed::Live]; - let transactions = source - .list_transactions() - .context(error::ListTransactionsSnafu)?; - committeds.extend(transactions.into_iter().map(|tx| Committed::Pending { tx })); - - for committed in committeds { - let input = get_input_data(&source, &committed)?; - - let mut migrated = input.clone(); - migrated = match args.migration_type { - MigrationType::Forward => migration.forward(migrated), - MigrationType::Backward => migration.backward(migrated), - }?; - - validate_migrated_data(&migrated)?; - - set_output_data(&mut target, &migrated, &committed)?; - } - Ok(()) -} - -/// Represents the type of migration, so we know which Migration trait method to call. -#[derive(Debug, Copy, Clone)] -pub enum MigrationType { - Forward, - Backward, -} - -impl fmt::Display for MigrationType { - fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { - match self { - MigrationType::Forward => write!(f, "forward"), - MigrationType::Backward => write!(f, "backward"), - } - } -} - -/// This is the primary entry point for migration authors. When you've implemented the Migration -/// trait, you should just be able to pass it to this function from your main function and let it -/// take care of the rest. The migration runner will pass in the appropriate datastore paths and -/// migration type. -pub fn migrate(migration: impl Migration) -> Result<()> { - let args = parse_args(env::args())?; - run_migration(migration, &args) -} diff --git a/sources/api/migration/migrations/.keep b/sources/api/migration/migrations/.keep deleted file mode 100644 index e69de29bb..000000000 diff --git a/sources/api/migration/migrations/archived/v0.3.2/migrate-admin-container-v0-5-0/Cargo.toml b/sources/api/migration/migrations/archived/v0.3.2/migrate-admin-container-v0-5-0/Cargo.toml deleted file mode 100644 index d7fc1156b..000000000 --- a/sources/api/migration/migrations/archived/v0.3.2/migrate-admin-container-v0-5-0/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "migrate-admin-container-v0-5-0" -version = "0.1.0" -authors = ["Erikson Tung "] -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers" } diff --git a/sources/api/migration/migrations/archived/v0.3.2/migrate-admin-container-v0-5-0/src/main.rs b/sources/api/migration/migrations/archived/v0.3.2/migrate-admin-container-v0-5-0/src/main.rs deleted file mode 100644 index 21d01992c..000000000 --- a/sources/api/migration/migrations/archived/v0.3.2/migrate-admin-container-v0-5-0/src/main.rs +++ /dev/null @@ -1,27 +0,0 @@ -use migration_helpers::common_migrations::ReplaceTemplateMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -const OLD_ADMIN_CTR_TEMPLATE: &str = - "328549459982.dkr.ecr.{{ settings.aws.region }}.amazonaws.com/bottlerocket-admin:v0.4.0"; -const NEW_ADMIN_CTR_TEMPLATE: &str = - "328549459982.dkr.ecr.{{ settings.aws.region }}.amazonaws.com/bottlerocket-admin:v0.5.0"; - -/// We bumped the version of the default admin container from v0.4.0 to v0.5.0 -fn run() -> Result<()> { - migrate(ReplaceTemplateMigration { - setting: "settings.host-containers.admin.source", - old_template: OLD_ADMIN_CTR_TEMPLATE, - new_template: NEW_ADMIN_CTR_TEMPLATE, - }) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v0.4.1/add-version-lock-ignore-waves/Cargo.toml b/sources/api/migration/migrations/archived/v0.4.1/add-version-lock-ignore-waves/Cargo.toml deleted file mode 100644 index 9d01ef465..000000000 --- a/sources/api/migration/migrations/archived/v0.4.1/add-version-lock-ignore-waves/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "add-version-lock-ignore-waves" -version = "0.1.0" -authors = ["Erikson Tung "] -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers" } diff --git a/sources/api/migration/migrations/archived/v0.4.1/add-version-lock-ignore-waves/src/main.rs b/sources/api/migration/migrations/archived/v0.4.1/add-version-lock-ignore-waves/src/main.rs deleted file mode 100644 index 4a8aa15f9..000000000 --- a/sources/api/migration/migrations/archived/v0.4.1/add-version-lock-ignore-waves/src/main.rs +++ /dev/null @@ -1,21 +0,0 @@ -use migration_helpers::common_migrations::AddSettingsMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -/// We added two new settings, `updates.version-lock` and `updates.ignore-waves` -fn run() -> Result<()> { - migrate(AddSettingsMigration(&[ - "settings.updates.version-lock", - "settings.updates.ignore-waves", - ])) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v0.4.1/pivot-repo-2020-07-07/Cargo.toml b/sources/api/migration/migrations/archived/v0.4.1/pivot-repo-2020-07-07/Cargo.toml deleted file mode 100644 index 429d784d8..000000000 --- a/sources/api/migration/migrations/archived/v0.4.1/pivot-repo-2020-07-07/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "pivot-repo-2020-07-07" -version = "0.1.0" -authors = ["Jamie Anderson Result<()> { - migrate(ReplaceTemplateMigration { - setting: "settings.updates.metadata-base-url", - old_template: BEFORE_PIVOT_REPO_URL, - new_template: AFTER_PIVOT_REPO_URL, - }) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v0.5.0/add-cluster-domain/Cargo.toml b/sources/api/migration/migrations/archived/v0.5.0/add-cluster-domain/Cargo.toml deleted file mode 100644 index 33134969c..000000000 --- a/sources/api/migration/migrations/archived/v0.5.0/add-cluster-domain/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "add-cluster-domain" -version = "0.1.0" -authors = ["Erikson Tung "] -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers" } diff --git a/sources/api/migration/migrations/archived/v0.5.0/add-cluster-domain/src/main.rs b/sources/api/migration/migrations/archived/v0.5.0/add-cluster-domain/src/main.rs deleted file mode 100644 index c7288d96b..000000000 --- a/sources/api/migration/migrations/archived/v0.5.0/add-cluster-domain/src/main.rs +++ /dev/null @@ -1,20 +0,0 @@ -use migration_helpers::common_migrations::AddSettingsMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -/// We added a new setting, `kubernetes.cluster-domain` -fn run() -> Result<()> { - migrate(AddSettingsMigration(&[ - "settings.kubernetes.cluster-domain", - ])) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v0.5.0/migrate-admin-container-v0-5-2/Cargo.toml b/sources/api/migration/migrations/archived/v0.5.0/migrate-admin-container-v0-5-2/Cargo.toml deleted file mode 100644 index c0f3a6baa..000000000 --- a/sources/api/migration/migrations/archived/v0.5.0/migrate-admin-container-v0-5-2/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "migrate-admin-container-v0-5-2" -version = "0.1.0" -authors = ["Erikson Tung "] -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers" } diff --git a/sources/api/migration/migrations/archived/v0.5.0/migrate-admin-container-v0-5-2/src/main.rs b/sources/api/migration/migrations/archived/v0.5.0/migrate-admin-container-v0-5-2/src/main.rs deleted file mode 100644 index 546320faf..000000000 --- a/sources/api/migration/migrations/archived/v0.5.0/migrate-admin-container-v0-5-2/src/main.rs +++ /dev/null @@ -1,27 +0,0 @@ -use migration_helpers::common_migrations::ReplaceTemplateMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -const OLD_ADMIN_CTR_TEMPLATE: &str = - "328549459982.dkr.ecr.{{ settings.aws.region }}.amazonaws.com/bottlerocket-admin:v0.5.0"; -const NEW_ADMIN_CTR_TEMPLATE: &str = - "328549459982.dkr.ecr.{{ settings.aws.region }}.amazonaws.com/bottlerocket-admin:v0.5.2"; - -/// We bumped the version of the default admin container from v0.5.0 to v0.5.2 -fn run() -> Result<()> { - migrate(ReplaceTemplateMigration { - setting: "settings.host-containers.admin.source", - old_template: OLD_ADMIN_CTR_TEMPLATE, - new_template: NEW_ADMIN_CTR_TEMPLATE, - }) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v0.5.0/migrate-control-container-v0-4-1/Cargo.toml b/sources/api/migration/migrations/archived/v0.5.0/migrate-control-container-v0-4-1/Cargo.toml deleted file mode 100644 index eb352390a..000000000 --- a/sources/api/migration/migrations/archived/v0.5.0/migrate-control-container-v0-4-1/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "migrate-control-container-v0-4-1" -version = "0.1.0" -authors = ["Erikson Tung "] -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers" } diff --git a/sources/api/migration/migrations/archived/v0.5.0/migrate-control-container-v0-4-1/src/main.rs b/sources/api/migration/migrations/archived/v0.5.0/migrate-control-container-v0-4-1/src/main.rs deleted file mode 100644 index 12f395178..000000000 --- a/sources/api/migration/migrations/archived/v0.5.0/migrate-control-container-v0-4-1/src/main.rs +++ /dev/null @@ -1,27 +0,0 @@ -use migration_helpers::common_migrations::ReplaceTemplateMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -const OLD_CONTROL_CTR_TEMPLATE: &str = - "328549459982.dkr.ecr.{{ settings.aws.region }}.amazonaws.com/bottlerocket-control:v0.4.0"; -const NEW_CONTROL_CTR_TEMPLATE: &str = - "328549459982.dkr.ecr.{{ settings.aws.region }}.amazonaws.com/bottlerocket-control:v0.4.1"; - -/// We bumped the version of the default control container from v0.4.0 to v0.4.1 -fn run() -> Result<()> { - migrate(ReplaceTemplateMigration { - setting: "settings.host-containers.control.source", - old_template: OLD_CONTROL_CTR_TEMPLATE, - new_template: NEW_CONTROL_CTR_TEMPLATE, - }) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.0.0/ecr-helper-admin/Cargo.toml b/sources/api/migration/migrations/archived/v1.0.0/ecr-helper-admin/Cargo.toml deleted file mode 100644 index fc777658b..000000000 --- a/sources/api/migration/migrations/archived/v1.0.0/ecr-helper-admin/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "ecr-helper-admin" -version = "0.1.0" -authors = ["Matt Briggs "] -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers" } diff --git a/sources/api/migration/migrations/archived/v1.0.0/ecr-helper-admin/src/main.rs b/sources/api/migration/migrations/archived/v1.0.0/ecr-helper-admin/src/main.rs deleted file mode 100644 index 460e67377..000000000 --- a/sources/api/migration/migrations/archived/v1.0.0/ecr-helper-admin/src/main.rs +++ /dev/null @@ -1,27 +0,0 @@ -use migration_helpers::common_migrations::ReplaceTemplateMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -const OLD_ADMIN_CTR_TEMPLATE: &str = - "328549459982.dkr.ecr.{{ settings.aws.region }}.amazonaws.com/bottlerocket-admin:v0.5.2"; -const NEW_ADMIN_CTR_TEMPLATE: &str = - "{{ ecr-prefix settings.aws.region }}/bottlerocket-admin:v0.5.2"; - -/// We added a helper to lookup an ECR registry number by region. -fn run() -> Result<()> { - migrate(ReplaceTemplateMigration { - setting: "settings.host-containers.admin.source", - old_template: OLD_ADMIN_CTR_TEMPLATE, - new_template: NEW_ADMIN_CTR_TEMPLATE, - }) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.0.0/ecr-helper-control/Cargo.toml b/sources/api/migration/migrations/archived/v1.0.0/ecr-helper-control/Cargo.toml deleted file mode 100644 index 08ec7a19a..000000000 --- a/sources/api/migration/migrations/archived/v1.0.0/ecr-helper-control/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "ecr-helper-control" -version = "0.1.0" -authors = ["Matt Briggs "] -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers" } diff --git a/sources/api/migration/migrations/archived/v1.0.0/ecr-helper-control/src/main.rs b/sources/api/migration/migrations/archived/v1.0.0/ecr-helper-control/src/main.rs deleted file mode 100644 index 2242256c7..000000000 --- a/sources/api/migration/migrations/archived/v1.0.0/ecr-helper-control/src/main.rs +++ /dev/null @@ -1,27 +0,0 @@ -use migration_helpers::common_migrations::ReplaceTemplateMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -const OLD_CONTROL_CTR_TEMPLATE: &str = - "328549459982.dkr.ecr.{{ settings.aws.region }}.amazonaws.com/bottlerocket-control:v0.4.1"; -const NEW_CONTROL_CTR_TEMPLATE: &str = - "{{ ecr-prefix settings.aws.region }}/bottlerocket-control:v0.4.1"; - -/// We added a helper to lookup an ECR registry number by region. -fn run() -> Result<()> { - migrate(ReplaceTemplateMigration { - setting: "metadata.settings.host-containers.control.source", - old_template: OLD_CONTROL_CTR_TEMPLATE, - new_template: NEW_CONTROL_CTR_TEMPLATE, - }) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.0.2/add-enable-spot-instance-draining/Cargo.toml b/sources/api/migration/migrations/archived/v1.0.2/add-enable-spot-instance-draining/Cargo.toml deleted file mode 100644 index d10b663ac..000000000 --- a/sources/api/migration/migrations/archived/v1.0.2/add-enable-spot-instance-draining/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "add-enable-spot-instance-draining" -version = "0.1.0" -authors = ["Magnus Kulke "] -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers" } diff --git a/sources/api/migration/migrations/archived/v1.0.2/add-enable-spot-instance-draining/src/main.rs b/sources/api/migration/migrations/archived/v1.0.2/add-enable-spot-instance-draining/src/main.rs deleted file mode 100644 index 25099c745..000000000 --- a/sources/api/migration/migrations/archived/v1.0.2/add-enable-spot-instance-draining/src/main.rs +++ /dev/null @@ -1,20 +0,0 @@ -use migration_helpers::common_migrations::AddSettingsMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -/// We added a new setting, `ecs.enable-spot-instance-draining` -fn run() -> Result<()> { - migrate(AddSettingsMigration(&[ - "settings.ecs.enable-spot-instance-draining", - ])) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.0.3/add-sysctl/Cargo.toml b/sources/api/migration/migrations/archived/v1.0.3/add-sysctl/Cargo.toml deleted file mode 100644 index de7be71ca..000000000 --- a/sources/api/migration/migrations/archived/v1.0.3/add-sysctl/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "add-sysctl" -version = "0.1.0" -authors = ["Tom Kirchner "] -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers" } diff --git a/sources/api/migration/migrations/archived/v1.0.3/add-sysctl/src/main.rs b/sources/api/migration/migrations/archived/v1.0.3/add-sysctl/src/main.rs deleted file mode 100644 index 7fb58ea25..000000000 --- a/sources/api/migration/migrations/archived/v1.0.3/add-sysctl/src/main.rs +++ /dev/null @@ -1,22 +0,0 @@ -use migration_helpers::common_migrations::AddPrefixesMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -/// We added the ability to set sysctl keys via API settings. We don't want to track all possible -/// Linux sysctl keys, so we remove the whole prefix if we downgrade. -fn run() -> Result<()> { - migrate(AddPrefixesMigration(vec![ - "settings.kernel.sysctl", - "services.sysctl", - ])) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.0.5/add-lockdown/Cargo.toml b/sources/api/migration/migrations/archived/v1.0.5/add-lockdown/Cargo.toml deleted file mode 100644 index 895ec56ec..000000000 --- a/sources/api/migration/migrations/archived/v1.0.5/add-lockdown/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "add-lockdown" -version = "0.1.0" -authors = ["Tom Kirchner "] -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers" } diff --git a/sources/api/migration/migrations/archived/v1.0.5/add-lockdown/src/main.rs b/sources/api/migration/migrations/archived/v1.0.5/add-lockdown/src/main.rs deleted file mode 100644 index 37ccebe96..000000000 --- a/sources/api/migration/migrations/archived/v1.0.5/add-lockdown/src/main.rs +++ /dev/null @@ -1,22 +0,0 @@ -use migration_helpers::common_migrations::AddPrefixesMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -/// We added the ability to set kernel lockdown mode through a setting, so on downgrade we need to -/// remove the setting and the associated settings for the service that writes out changes. -fn run() -> Result<()> { - migrate(AddPrefixesMigration(vec![ - "settings.kernel.lockdown", - "services.lockdown", - ])) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.0.5/add-network-settings/Cargo.toml b/sources/api/migration/migrations/archived/v1.0.5/add-network-settings/Cargo.toml deleted file mode 100644 index cb703a252..000000000 --- a/sources/api/migration/migrations/archived/v1.0.5/add-network-settings/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "add-network-settings" -version = "0.1.0" -authors = ["Erikson Tung "] -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers" } diff --git a/sources/api/migration/migrations/archived/v1.0.5/add-network-settings/src/main.rs b/sources/api/migration/migrations/archived/v1.0.5/add-network-settings/src/main.rs deleted file mode 100644 index 4c92b682e..000000000 --- a/sources/api/migration/migrations/archived/v1.0.5/add-network-settings/src/main.rs +++ /dev/null @@ -1,23 +0,0 @@ -use migration_helpers::common_migrations::AddPrefixesMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -/// We added a set of settings for configuring service network behavior and their associated -/// configuration file. Remove the whole `settings.network`, `configuration-files.proxy-env` prefix -/// if we downgrade. -fn run() -> Result<()> { - migrate(AddPrefixesMigration(vec![ - "settings.network", - "configuration-files.proxy-env", - ])) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.0.5/add-proxy-restart/Cargo.toml b/sources/api/migration/migrations/archived/v1.0.5/add-proxy-restart/Cargo.toml deleted file mode 100644 index d7cf669e3..000000000 --- a/sources/api/migration/migrations/archived/v1.0.5/add-proxy-restart/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "add-proxy-restart" -version = "0.1.0" -authors = ["Erikson Tung "] -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers" } diff --git a/sources/api/migration/migrations/archived/v1.0.5/add-proxy-restart/src/main.rs b/sources/api/migration/migrations/archived/v1.0.5/add-proxy-restart/src/main.rs deleted file mode 100644 index 58453fdf4..000000000 --- a/sources/api/migration/migrations/archived/v1.0.5/add-proxy-restart/src/main.rs +++ /dev/null @@ -1,51 +0,0 @@ -use migration_helpers::common_migrations::{ListReplacement, ReplaceListsMigration}; -use migration_helpers::{migrate, Result}; -use std::process; - -/// We updated the restart-commands and configuration-files settings for several existing services. -/// We need to replace them upon downgrades and upgrades -fn run() -> Result<()> { - migrate(ReplaceListsMigration(vec![ - ListReplacement { - setting: "services.containerd.configuration-files", - old_vals: &["containerd-config-toml"], - new_vals: &["containerd-config-toml", "proxy-env"], - }, - ListReplacement { - setting: "services.containerd.restart-commands", - old_vals: &[], - new_vals: &["/bin/systemctl try-restart containerd.service"], - }, - ListReplacement { - setting: "services.kubernetes.configuration-files", - old_vals: &[ - "kubelet-env", - "kubelet-config", - "kubelet-kubeconfig", - "kubernetes-ca-crt", - ], - new_vals: &[ - "kubelet-env", - "kubelet-config", - "kubelet-kubeconfig", - "kubernetes-ca-crt", - "proxy-env", - ], - }, - ListReplacement { - setting: "services.kubernetes.restart-commands", - old_vals: &[], - new_vals: &["/bin/systemctl try-restart kubelet.service"], - }, - ])) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.0.5/add-proxy-services/Cargo.toml b/sources/api/migration/migrations/archived/v1.0.5/add-proxy-services/Cargo.toml deleted file mode 100644 index 4632dd391..000000000 --- a/sources/api/migration/migrations/archived/v1.0.5/add-proxy-services/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "add-proxy-services" -version = "0.1.0" -authors = ["Erikson Tung "] -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers" } diff --git a/sources/api/migration/migrations/archived/v1.0.5/add-proxy-services/src/main.rs b/sources/api/migration/migrations/archived/v1.0.5/add-proxy-services/src/main.rs deleted file mode 100644 index 307c6c070..000000000 --- a/sources/api/migration/migrations/archived/v1.0.5/add-proxy-services/src/main.rs +++ /dev/null @@ -1,22 +0,0 @@ -use migration_helpers::common_migrations::AddPrefixesMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -/// We added new configuration files and restart commands for docker and host-containerd. -/// On downgrade we need to remove all settings under these services -fn run() -> Result<()> { - migrate(AddPrefixesMigration(vec![ - "services.docker", - "services.host-containerd", - ])) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.0.5/add-user-data/Cargo.toml b/sources/api/migration/migrations/archived/v1.0.5/add-user-data/Cargo.toml deleted file mode 100644 index 55d14aa94..000000000 --- a/sources/api/migration/migrations/archived/v1.0.5/add-user-data/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "add-user-data" -version = "0.1.0" -authors = ["Tom Kirchner "] -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers" } diff --git a/sources/api/migration/migrations/archived/v1.0.5/add-user-data/src/main.rs b/sources/api/migration/migrations/archived/v1.0.5/add-user-data/src/main.rs deleted file mode 100644 index 156caebcc..000000000 --- a/sources/api/migration/migrations/archived/v1.0.5/add-user-data/src/main.rs +++ /dev/null @@ -1,43 +0,0 @@ -use migration_helpers::{migrate, Migration, MigrationData, Result}; -use std::process; - -/// This migration removes host-container user data settings when downgrading to versions that -/// don't understand them. -pub struct AddUserDataMigration; - -impl Migration for AddUserDataMigration { - /// There's no user data by default, it's just left empty on upgrade. - fn forward(&mut self, input: MigrationData) -> Result { - println!("AddUserDataMigration has no work to do on upgrade."); - Ok(input) - } - - /// Older versions don't know about the user-data settings; we remove them so that old versions - /// don't see them and fail deserialization. - fn backward(&mut self, mut input: MigrationData) -> Result { - for setting in input.data.clone().keys() { - // We don't currently have structured data available to migrations, and we don't want - // to re-parse keys. We know no other keys could match these basic patterns. - if setting.starts_with("settings.host-containers.") && setting.ends_with(".user-data") { - if let Some(data) = input.data.remove(setting) { - println!("Removed {}, which was set to '{}'", setting, data); - } - } - } - Ok(input) - } -} - -fn run() -> Result<()> { - migrate(AddUserDataMigration) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.0.5/sysctl-subcommand/Cargo.toml b/sources/api/migration/migrations/archived/v1.0.5/sysctl-subcommand/Cargo.toml deleted file mode 100644 index 94cb36c87..000000000 --- a/sources/api/migration/migrations/archived/v1.0.5/sysctl-subcommand/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "sysctl-subcommand" -version = "0.1.0" -authors = ["Tom Kirchner "] -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers" } diff --git a/sources/api/migration/migrations/archived/v1.0.5/sysctl-subcommand/src/main.rs b/sources/api/migration/migrations/archived/v1.0.5/sysctl-subcommand/src/main.rs deleted file mode 100644 index 7ac58c2f6..000000000 --- a/sources/api/migration/migrations/archived/v1.0.5/sysctl-subcommand/src/main.rs +++ /dev/null @@ -1,23 +0,0 @@ -use migration_helpers::common_migrations::{ListReplacement, ReplaceListsMigration}; -use migration_helpers::{migrate, Result}; -use std::process; - -/// We changed corndog to use subcommands so it can handle different kernel settings without having -/// to apply them all every time. -fn run() -> Result<()> { - migrate(ReplaceListsMigration(vec![ListReplacement { - setting: "services.sysctl.restart-commands", - old_vals: &["/usr/bin/corndog"], - new_vals: &["/usr/bin/corndog sysctl"], - }])) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.0.6/add-shibaken/Cargo.toml b/sources/api/migration/migrations/archived/v1.0.6/add-shibaken/Cargo.toml deleted file mode 100644 index 0aab59656..000000000 --- a/sources/api/migration/migrations/archived/v1.0.6/add-shibaken/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "add-shibaken" -version = "0.1.0" -authors = ["Patrick J.P. Culp "] -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers" } diff --git a/sources/api/migration/migrations/archived/v1.0.6/add-shibaken/src/main.rs b/sources/api/migration/migrations/archived/v1.0.6/add-shibaken/src/main.rs deleted file mode 100644 index 82907a9e6..000000000 --- a/sources/api/migration/migrations/archived/v1.0.6/add-shibaken/src/main.rs +++ /dev/null @@ -1,21 +0,0 @@ -use migration_helpers::common_migrations::{AddMetadataMigration, SettingMetadata}; -use migration_helpers::{migrate, Result}; -use std::process; - -/// We added a new setting metadata, `host-containers.admin.user-data.setting-generator` -fn run() -> Result<()> { - migrate(AddMetadataMigration(&[SettingMetadata { - metadata: &["setting-generator"], - setting: "settings.host-containers.admin.user-data", - }])) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.0.6/add-static-pods/Cargo.toml b/sources/api/migration/migrations/archived/v1.0.6/add-static-pods/Cargo.toml deleted file mode 100644 index a258f278a..000000000 --- a/sources/api/migration/migrations/archived/v1.0.6/add-static-pods/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "add-static-pods" -version = "0.1.0" -authors = ["Erikson Tung "] -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers" } diff --git a/sources/api/migration/migrations/archived/v1.0.6/add-static-pods/src/main.rs b/sources/api/migration/migrations/archived/v1.0.6/add-static-pods/src/main.rs deleted file mode 100644 index 80029ba05..000000000 --- a/sources/api/migration/migrations/archived/v1.0.6/add-static-pods/src/main.rs +++ /dev/null @@ -1,22 +0,0 @@ -use migration_helpers::common_migrations::AddPrefixesMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -/// We added new settings for defining k8s static pods. -/// Remove `settings.kubernetes.static-pods`, `services.static-pods` prefixes when we downgrade. -fn run() -> Result<()> { - migrate(AddPrefixesMigration(vec![ - "settings.kubernetes.static-pods", - "services.static-pods", - ])) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.0.6/admin-container-v0-6-0/Cargo.toml b/sources/api/migration/migrations/archived/v1.0.6/admin-container-v0-6-0/Cargo.toml deleted file mode 100644 index 6f492a483..000000000 --- a/sources/api/migration/migrations/archived/v1.0.6/admin-container-v0-6-0/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "admin-container-v0-6-0" -version = "0.1.0" -authors = ["Patrick J.P. Culp "] -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers" } diff --git a/sources/api/migration/migrations/archived/v1.0.6/admin-container-v0-6-0/src/main.rs b/sources/api/migration/migrations/archived/v1.0.6/admin-container-v0-6-0/src/main.rs deleted file mode 100644 index 297c553e6..000000000 --- a/sources/api/migration/migrations/archived/v1.0.6/admin-container-v0-6-0/src/main.rs +++ /dev/null @@ -1,27 +0,0 @@ -use migration_helpers::common_migrations::ReplaceTemplateMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -const OLD_ADMIN_CTR_TEMPLATE: &str = - "{{ ecr-prefix settings.aws.region }}/bottlerocket-admin:v0.5.2"; -const NEW_ADMIN_CTR_TEMPLATE: &str = - "{{ ecr-prefix settings.aws.region }}/bottlerocket-admin:v0.6.0"; - -/// We bumped the version of the default admin container from v0.5.2 to v0.6.0 -fn run() -> Result<()> { - migrate(ReplaceTemplateMigration { - setting: "settings.host-containers.admin.source", - old_template: OLD_ADMIN_CTR_TEMPLATE, - new_template: NEW_ADMIN_CTR_TEMPLATE, - }) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.0.6/control-container-v0-4-2/Cargo.toml b/sources/api/migration/migrations/archived/v1.0.6/control-container-v0-4-2/Cargo.toml deleted file mode 100644 index 0c01e9265..000000000 --- a/sources/api/migration/migrations/archived/v1.0.6/control-container-v0-4-2/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "control-container-v0-4-2" -version = "0.1.0" -authors = ["Erikson Tung "] -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers" } diff --git a/sources/api/migration/migrations/archived/v1.0.6/control-container-v0-4-2/src/main.rs b/sources/api/migration/migrations/archived/v1.0.6/control-container-v0-4-2/src/main.rs deleted file mode 100644 index 49008d55d..000000000 --- a/sources/api/migration/migrations/archived/v1.0.6/control-container-v0-4-2/src/main.rs +++ /dev/null @@ -1,28 +0,0 @@ -use migration_helpers::common_migrations::ReplaceTemplateMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -const OLD_CONTROL_CTR_TEMPLATE: &str = - "{{ ecr-prefix settings.aws.region }}/bottlerocket-control:v0.4.1"; -const NEW_CONTROL_CTR_TEMPLATE: &str = - "{{ ecr-prefix settings.aws.region }}/bottlerocket-control:v0.4.2"; - - -/// We bumped the version of the default control container from v0.4.1 to v0.4.2 -fn run() -> Result<()> { - migrate(ReplaceTemplateMigration { - setting: "settings.host-containers.control.source", - old_template: OLD_CONTROL_CTR_TEMPLATE, - new_template: NEW_CONTROL_CTR_TEMPLATE, - }) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.0.6/kubelet-standalone-tls-services/Cargo.toml b/sources/api/migration/migrations/archived/v1.0.6/kubelet-standalone-tls-services/Cargo.toml deleted file mode 100644 index 82e96ae9b..000000000 --- a/sources/api/migration/migrations/archived/v1.0.6/kubelet-standalone-tls-services/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "kubelet-standalone-tls-services" -version = "0.1.0" -authors = ["Ben Cressey "] -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers" } diff --git a/sources/api/migration/migrations/archived/v1.0.6/kubelet-standalone-tls-services/src/main.rs b/sources/api/migration/migrations/archived/v1.0.6/kubelet-standalone-tls-services/src/main.rs deleted file mode 100644 index ab384d473..000000000 --- a/sources/api/migration/migrations/archived/v1.0.6/kubelet-standalone-tls-services/src/main.rs +++ /dev/null @@ -1,48 +0,0 @@ -use migration_helpers::common_migrations::{ListReplacement, ReplaceListsMigration}; -use migration_helpers::{migrate, Result}; -use std::process; - -/// We updated the configuration files and restart commands to support running kubelet in -/// standalone mode, and for configuring it to use TLS auth. They need to be restored to -/// the prior values on downgrade. -fn run() -> Result<()> { - migrate(ReplaceListsMigration(vec![ - ListReplacement { - setting: "services.kubernetes.configuration-files", - old_vals: &[ - "kubelet-env", - "kubelet-config", - "kubelet-kubeconfig", - "kubernetes-ca-crt", - "proxy-env", - ], - new_vals: &[ - "kubelet-env", - "kubelet-config", - "kubelet-kubeconfig", - "kubelet-bootstrap-kubeconfig", - "kubelet-exec-start-conf", - "kubernetes-ca-crt", - "proxy-env", - ], - }, - ListReplacement { - setting: "services.kubernetes.restart-commands", - old_vals: &["/bin/systemctl try-restart kubelet.service"], - new_vals: &[ - "/usr/bin/systemctl daemon-reload", - "/bin/systemctl try-restart kubelet.service", - ], - }, - ])) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.0.6/kubelet-standalone-tls-settings/Cargo.toml b/sources/api/migration/migrations/archived/v1.0.6/kubelet-standalone-tls-settings/Cargo.toml deleted file mode 100644 index 1d286a6cc..000000000 --- a/sources/api/migration/migrations/archived/v1.0.6/kubelet-standalone-tls-settings/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "kubelet-standalone-tls-settings" -version = "0.1.0" -authors = ["Ben Cressey "] -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers" } diff --git a/sources/api/migration/migrations/archived/v1.0.6/kubelet-standalone-tls-settings/src/main.rs b/sources/api/migration/migrations/archived/v1.0.6/kubelet-standalone-tls-settings/src/main.rs deleted file mode 100644 index 7484a4b85..000000000 --- a/sources/api/migration/migrations/archived/v1.0.6/kubelet-standalone-tls-settings/src/main.rs +++ /dev/null @@ -1,26 +0,0 @@ -use migration_helpers::common_migrations::AddPrefixesMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -/// We added new settings for running kubelet in standalone mode, and for using TLS auth. -/// We also added new configuration files to apply these settings. They need to be removed -/// when we downgrade. -fn run() -> Result<()> { - migrate(AddPrefixesMigration(vec![ - "settings.kubernetes.bootstrap-token", - "settings.kubernetes.authentication-mode", - "settings.kubernetes.standalone-mode", - "configuration-files.kubelet-bootstrap-kubeconfig", - "configuration-files.kubelet-exec-start-conf", - ])) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.0.6/metricdog-init/Cargo.toml b/sources/api/migration/migrations/archived/v1.0.6/metricdog-init/Cargo.toml deleted file mode 100644 index 0525d6bc7..000000000 --- a/sources/api/migration/migrations/archived/v1.0.6/metricdog-init/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "metricdog-init" -version = "0.1.0" -authors = ["Matt Briggs "] -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers" } diff --git a/sources/api/migration/migrations/archived/v1.0.6/metricdog-init/src/main.rs b/sources/api/migration/migrations/archived/v1.0.6/metricdog-init/src/main.rs deleted file mode 100644 index b13da2f31..000000000 --- a/sources/api/migration/migrations/archived/v1.0.6/metricdog-init/src/main.rs +++ /dev/null @@ -1,22 +0,0 @@ -use migration_helpers::common_migrations::AddPrefixesMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -/// Add settings for the new `metricdog` program. -fn run() -> Result<()> { - migrate(AddPrefixesMigration(vec![ - "settings.metrics", - "services.metricdog", - "configuration-files.metricdog", - ])) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.0.8/add-bootstrap-containers/Cargo.toml b/sources/api/migration/migrations/archived/v1.0.8/add-bootstrap-containers/Cargo.toml deleted file mode 100644 index e911e0e5f..000000000 --- a/sources/api/migration/migrations/archived/v1.0.8/add-bootstrap-containers/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "add-bootstrap-containers" -version = "0.1.0" -authors = ["Arnaldo Garcia Rincon "] -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers" } diff --git a/sources/api/migration/migrations/archived/v1.0.8/add-bootstrap-containers/src/main.rs b/sources/api/migration/migrations/archived/v1.0.8/add-bootstrap-containers/src/main.rs deleted file mode 100644 index 2920e5bee..000000000 --- a/sources/api/migration/migrations/archived/v1.0.8/add-bootstrap-containers/src/main.rs +++ /dev/null @@ -1,21 +0,0 @@ -use migration_helpers::common_migrations::AddPrefixesMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -/// We added the setting `bootstrap-containers` -fn run() -> Result<()> { - migrate(AddPrefixesMigration(vec![ - "settings.bootstrap-containers", - "services.bootstrap-containers", - ])) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.0.8/admin-container-v0-7-0/Cargo.toml b/sources/api/migration/migrations/archived/v1.0.8/admin-container-v0-7-0/Cargo.toml deleted file mode 100644 index 967e273ca..000000000 --- a/sources/api/migration/migrations/archived/v1.0.8/admin-container-v0-7-0/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "admin-container-v0-7-0" -version = "0.1.0" -authors = ["Patrick J.P. Culp "] -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers" } diff --git a/sources/api/migration/migrations/archived/v1.0.8/admin-container-v0-7-0/src/main.rs b/sources/api/migration/migrations/archived/v1.0.8/admin-container-v0-7-0/src/main.rs deleted file mode 100644 index 9c2a2663d..000000000 --- a/sources/api/migration/migrations/archived/v1.0.8/admin-container-v0-7-0/src/main.rs +++ /dev/null @@ -1,27 +0,0 @@ -use migration_helpers::common_migrations::ReplaceTemplateMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -const OLD_ADMIN_CTR_TEMPLATE: &str = - "{{ ecr-prefix settings.aws.region }}/bottlerocket-admin:v0.6.0"; -const NEW_ADMIN_CTR_TEMPLATE: &str = - "{{ ecr-prefix settings.aws.region }}/bottlerocket-admin:v0.7.0"; - -/// We bumped the version of the default admin container from v0.6.0 to v0.7.0 -fn run() -> Result<()> { - migrate(ReplaceTemplateMigration { - setting: "settings.host-containers.admin.source", - old_template: OLD_ADMIN_CTR_TEMPLATE, - new_template: NEW_ADMIN_CTR_TEMPLATE, - }) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.0.8/control-container-v0-5-0/Cargo.toml b/sources/api/migration/migrations/archived/v1.0.8/control-container-v0-5-0/Cargo.toml deleted file mode 100644 index a2bff3ace..000000000 --- a/sources/api/migration/migrations/archived/v1.0.8/control-container-v0-5-0/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "control-container-v0-5-0" -version = "0.1.0" -authors = ["Patrick J.P. Culp "] -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers" } diff --git a/sources/api/migration/migrations/archived/v1.0.8/control-container-v0-5-0/src/main.rs b/sources/api/migration/migrations/archived/v1.0.8/control-container-v0-5-0/src/main.rs deleted file mode 100644 index f1ca09941..000000000 --- a/sources/api/migration/migrations/archived/v1.0.8/control-container-v0-5-0/src/main.rs +++ /dev/null @@ -1,27 +0,0 @@ -use migration_helpers::common_migrations::ReplaceTemplateMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -const OLD_CONTROL_CTR_TEMPLATE: &str = - "{{ ecr-prefix settings.aws.region }}/bottlerocket-control:v0.4.2"; -const NEW_CONTROL_CTR_TEMPLATE: &str = - "{{ ecr-prefix settings.aws.region }}/bottlerocket-control:v0.5.0"; - -/// We bumped the version of the default control container from v0.4.2 to v0.5.0 -fn run() -> Result<()> { - migrate(ReplaceTemplateMigration { - setting: "settings.host-containers.control.source", - old_template: OLD_CONTROL_CTR_TEMPLATE, - new_template: NEW_CONTROL_CTR_TEMPLATE, - }) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.0.8/kubelet-eviction-hard/Cargo.toml b/sources/api/migration/migrations/archived/v1.0.8/kubelet-eviction-hard/Cargo.toml deleted file mode 100644 index 49bd14da4..000000000 --- a/sources/api/migration/migrations/archived/v1.0.8/kubelet-eviction-hard/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "kubelet-eviction-hard" -version = "0.1.0" -authors = ["Tianhao Geng "] -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers" } diff --git a/sources/api/migration/migrations/archived/v1.0.8/kubelet-eviction-hard/src/main.rs b/sources/api/migration/migrations/archived/v1.0.8/kubelet-eviction-hard/src/main.rs deleted file mode 100644 index 7e866f931..000000000 --- a/sources/api/migration/migrations/archived/v1.0.8/kubelet-eviction-hard/src/main.rs +++ /dev/null @@ -1,22 +0,0 @@ -use migration_helpers::common_migrations::AddPrefixesMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -/// We added a new settings for configuring kubelet,`settings.kubernetes.eviction-hard`. -/// We don't want to track all possible keys for these settings, -/// so we remove the whole prefix when we downgrade. -fn run() -> Result<()> { - migrate(AddPrefixesMigration(vec![ - "settings.kubernetes.eviction-hard", - ])) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.0.8/kubelet-unsafe-sysctl-kube-reserved/Cargo.toml b/sources/api/migration/migrations/archived/v1.0.8/kubelet-unsafe-sysctl-kube-reserved/Cargo.toml deleted file mode 100644 index a75b77531..000000000 --- a/sources/api/migration/migrations/archived/v1.0.8/kubelet-unsafe-sysctl-kube-reserved/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "kubelet-unsafe-sysctl-kube-reserved" -version = "0.1.0" -authors = ["Tianhao Geng "] -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers" } diff --git a/sources/api/migration/migrations/archived/v1.0.8/kubelet-unsafe-sysctl-kube-reserved/src/main.rs b/sources/api/migration/migrations/archived/v1.0.8/kubelet-unsafe-sysctl-kube-reserved/src/main.rs deleted file mode 100644 index 6fcf5a256..000000000 --- a/sources/api/migration/migrations/archived/v1.0.8/kubelet-unsafe-sysctl-kube-reserved/src/main.rs +++ /dev/null @@ -1,22 +0,0 @@ -use migration_helpers::common_migrations::AddSettingsMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -/// We added two new settings for configuring kubelet, `kubernetes.allowed-unsafe-sysctls` -/// `kubernetes.kube-reserved` -fn run() -> Result<()> { - migrate(AddSettingsMigration(&[ - "settings.kubernetes.allowed-unsafe-sysctls", - "settings.kubernetes.kube-reserved", - ])) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.0.8/proxy-affect-host-containers/Cargo.toml b/sources/api/migration/migrations/archived/v1.0.8/proxy-affect-host-containers/Cargo.toml deleted file mode 100644 index 440f7896c..000000000 --- a/sources/api/migration/migrations/archived/v1.0.8/proxy-affect-host-containers/Cargo.toml +++ /dev/null @@ -1,10 +0,0 @@ -[package] -name = "proxy-affect-host-containers" -version = "0.1.0" -authors = ["Erikson Tung "] -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false - -[dependencies] -migration-helpers = { path = "../../../migration-helpers" } diff --git a/sources/api/migration/migrations/archived/v1.0.8/proxy-affect-host-containers/src/main.rs b/sources/api/migration/migrations/archived/v1.0.8/proxy-affect-host-containers/src/main.rs deleted file mode 100644 index d82f4b6be..000000000 --- a/sources/api/migration/migrations/archived/v1.0.8/proxy-affect-host-containers/src/main.rs +++ /dev/null @@ -1,62 +0,0 @@ -use migration_helpers::common_migrations::{ - MetadataListReplacement, ReplaceMetadataListsMigration, -}; -use migration_helpers::{migrate, Result}; -use std::process; - -/// We updated the 'affected-services' list metadata for 'settings.network' to include -/// host-containers. The metadata list need to be restored to the prior value on downgrade and -/// updated to include host-containers on upgrades. -/// We're trying to match old values for different variants. -fn run() -> Result<()> { - migrate(ReplaceMetadataListsMigration(vec![ - MetadataListReplacement { - setting: "settings.network", - metadata: "affected-services", - old_vals: &["containerd", "host-containerd"], - new_vals: &["containerd", "host-containerd", "host-containers"], - }, - // For K8S variants - MetadataListReplacement { - setting: "settings.network", - metadata: "affected-services", - old_vals: &["containerd", "kubernetes", "host-containerd"], - new_vals: &[ - "containerd", - "kubernetes", - "host-containerd", - "host-containers", - ], - }, - // For the aws-ecs-1 variant - MetadataListReplacement { - setting: "settings.network", - metadata: "affected-services", - old_vals: &["containerd", "docker", "ecs", "host-containerd"], - new_vals: &[ - "containerd", - "docker", - "ecs", - "host-containerd", - "host-containers", - ], - }, - // For aws-dev and vmware-dev variants - MetadataListReplacement { - setting: "settings.network", - metadata: "affected-services", - old_vals: &["containerd", "docker", "host-containerd"], - new_vals: &["containerd", "docker", "host-containerd", "host-containers"], - }, - ])) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.1.0/kubelet-cloud-provider/Cargo.toml b/sources/api/migration/migrations/archived/v1.1.0/kubelet-cloud-provider/Cargo.toml deleted file mode 100644 index 4679fa9ae..000000000 --- a/sources/api/migration/migrations/archived/v1.1.0/kubelet-cloud-provider/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "kubelet-cloud-provider" -version = "0.1.0" -authors = ["Patrick J.P. Culp "] -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers" } diff --git a/sources/api/migration/migrations/archived/v1.1.0/kubelet-cloud-provider/src/main.rs b/sources/api/migration/migrations/archived/v1.1.0/kubelet-cloud-provider/src/main.rs deleted file mode 100644 index 31c7e925f..000000000 --- a/sources/api/migration/migrations/archived/v1.1.0/kubelet-cloud-provider/src/main.rs +++ /dev/null @@ -1,20 +0,0 @@ -use migration_helpers::common_migrations::AddSettingsMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -/// We added a new settings for configuring kubelet, `settings.kubernetes.cloud-provider` -fn run() -> Result<()> { - migrate(AddSettingsMigration(&[ - "settings.kubernetes.cloud-provider", - ])) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.1.0/kubelet-event-qps-event-burst/Cargo.toml b/sources/api/migration/migrations/archived/v1.1.0/kubelet-event-qps-event-burst/Cargo.toml deleted file mode 100644 index 7c8fed4c2..000000000 --- a/sources/api/migration/migrations/archived/v1.1.0/kubelet-event-qps-event-burst/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "kubelet-event-qps-event-burst" -version = "0.1.0" -authors = ["Tianhao Geng "] -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers" } diff --git a/sources/api/migration/migrations/archived/v1.1.0/kubelet-event-qps-event-burst/src/main.rs b/sources/api/migration/migrations/archived/v1.1.0/kubelet-event-qps-event-burst/src/main.rs deleted file mode 100644 index debac87d8..000000000 --- a/sources/api/migration/migrations/archived/v1.1.0/kubelet-event-qps-event-burst/src/main.rs +++ /dev/null @@ -1,22 +0,0 @@ -use migration_helpers::common_migrations::AddSettingsMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -/// We added two new settings for configuring kubelet, `settings.kubernetes.event-qps` -/// and `settings.kubernetes.event-burst` -fn run() -> Result<()> { - migrate(AddSettingsMigration(&[ - "settings.kubernetes.event-qps", - "settings.kubernetes.event-burst", - ])) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.1.0/kubelet-kube-api-qps-kube-api-burst/Cargo.toml b/sources/api/migration/migrations/archived/v1.1.0/kubelet-kube-api-qps-kube-api-burst/Cargo.toml deleted file mode 100644 index 2022b26b1..000000000 --- a/sources/api/migration/migrations/archived/v1.1.0/kubelet-kube-api-qps-kube-api-burst/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "kubelet-kube-api-qps-kube-api-burst" -version = "0.1.0" -authors = ["Tianhao Geng "] -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers" } diff --git a/sources/api/migration/migrations/archived/v1.1.0/kubelet-kube-api-qps-kube-api-burst/src/main.rs b/sources/api/migration/migrations/archived/v1.1.0/kubelet-kube-api-qps-kube-api-burst/src/main.rs deleted file mode 100644 index 3dbc35448..000000000 --- a/sources/api/migration/migrations/archived/v1.1.0/kubelet-kube-api-qps-kube-api-burst/src/main.rs +++ /dev/null @@ -1,22 +0,0 @@ -use migration_helpers::common_migrations::AddSettingsMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -/// We added two new settings for configuring kubelet, `settings.kubernetes.kube-api-qps` -/// and `settings.kubernetes.kube-api-burst` -fn run() -> Result<()> { - migrate(AddSettingsMigration(&[ - "settings.kubernetes.kube-api-qps", - "settings.kubernetes.kube-api-burst", - ])) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.1.0/kubelet-registry-qps-registry-burst/Cargo.toml b/sources/api/migration/migrations/archived/v1.1.0/kubelet-registry-qps-registry-burst/Cargo.toml deleted file mode 100644 index 965099bcd..000000000 --- a/sources/api/migration/migrations/archived/v1.1.0/kubelet-registry-qps-registry-burst/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "kubelet-registry-qps-registry-burst" -version = "0.1.0" -authors = ["Tianhao Geng "] -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers" } diff --git a/sources/api/migration/migrations/archived/v1.1.0/kubelet-registry-qps-registry-burst/src/main.rs b/sources/api/migration/migrations/archived/v1.1.0/kubelet-registry-qps-registry-burst/src/main.rs deleted file mode 100644 index 6c6d9413b..000000000 --- a/sources/api/migration/migrations/archived/v1.1.0/kubelet-registry-qps-registry-burst/src/main.rs +++ /dev/null @@ -1,22 +0,0 @@ -use migration_helpers::common_migrations::AddSettingsMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -/// We added two new settings for configuring kubelet, `settings.kubernetes.registry-qps` -/// and `settings.kubernetes.registry-burst` -fn run() -> Result<()> { - migrate(AddSettingsMigration(&[ - "settings.kubernetes.registry-qps", - "settings.kubernetes.registry-burst", - ])) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.1.0/kubelet-server-tls-bootstrap/Cargo.toml b/sources/api/migration/migrations/archived/v1.1.0/kubelet-server-tls-bootstrap/Cargo.toml deleted file mode 100644 index e06010211..000000000 --- a/sources/api/migration/migrations/archived/v1.1.0/kubelet-server-tls-bootstrap/Cargo.toml +++ /dev/null @@ -1,10 +0,0 @@ -[package] -name = "kubelet-server-tls-bootstrap" -version = "0.1.0" -authors = ["Erikson Tung "] -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false - -[dependencies] -migration-helpers = { path = "../../../migration-helpers" } diff --git a/sources/api/migration/migrations/archived/v1.1.0/kubelet-server-tls-bootstrap/src/main.rs b/sources/api/migration/migrations/archived/v1.1.0/kubelet-server-tls-bootstrap/src/main.rs deleted file mode 100644 index 00957448c..000000000 --- a/sources/api/migration/migrations/archived/v1.1.0/kubelet-server-tls-bootstrap/src/main.rs +++ /dev/null @@ -1,20 +0,0 @@ -use migration_helpers::common_migrations::AddSettingsMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -/// We added a new setting for configuring kubelet, `kubernetes.server-tls-bootstrap` -fn run() -> Result<()> { - migrate(AddSettingsMigration(&[ - "settings.kubernetes.server-tls-bootstrap", - ])) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.1.0/schnauzer-paws/Cargo.toml b/sources/api/migration/migrations/archived/v1.1.0/schnauzer-paws/Cargo.toml deleted file mode 100644 index 5e092be57..000000000 --- a/sources/api/migration/migrations/archived/v1.1.0/schnauzer-paws/Cargo.toml +++ /dev/null @@ -1,13 +0,0 @@ -[package] -name = "schnauzer-paws" -version = "0.1.0" -authors = ["Tom Kirchner "] -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers" } -serde_json = "1.0" diff --git a/sources/api/migration/migrations/archived/v1.1.0/schnauzer-paws/src/main.rs b/sources/api/migration/migrations/archived/v1.1.0/schnauzer-paws/src/main.rs deleted file mode 100644 index b7d7f6cec..000000000 --- a/sources/api/migration/migrations/archived/v1.1.0/schnauzer-paws/src/main.rs +++ /dev/null @@ -1,129 +0,0 @@ -use migration_helpers::{migrate, Migration, MigrationData, Result}; -use std::process; - -const SETTING: &str = "settings.kubernetes.pod-infra-container-image"; -const OLD_SETTING_GENERATOR: &str = "pluto pod-infra-container-image"; -const NEW_SETTING_GENERATOR: &str = "schnauzer settings.kubernetes.pod-infra-container-image"; -const NEW_TEMPLATE: &str = - "{{ pause-prefix settings.aws.region }}/eks/pause-{{ goarch os.arch }}:3.1"; - -/// We moved from using pluto to schnauzer for generating the pause container image URL, since it -/// lets us reuse the existing region and arch settings, improving reliability and allowing for -/// testing new regions through settings overrides. -pub struct SchnauzerPaws; - -impl Migration for SchnauzerPaws { - fn forward(&mut self, mut input: MigrationData) -> Result { - // Check if we have this setting at all. - if let Some(metadata) = input.metadata.get_mut(SETTING) { - if let Some(metadata_value) = metadata.get_mut("setting-generator") { - // Make sure the value is what we expect. - match metadata_value { - serde_json::Value::String(string) => { - if string == OLD_SETTING_GENERATOR { - // Happy path. Update the generator. - *metadata_value = NEW_SETTING_GENERATOR.into(); - println!( - "Changed setting-generator for '{}' from {:?} to {:?} on upgrade", - SETTING, OLD_SETTING_GENERATOR, NEW_SETTING_GENERATOR - ); - - // Set the associated template. We didn't have a template for this - // setting before, and metadata can't be changed by the user, so we can - // just set it. - metadata.insert("template".to_string(), NEW_TEMPLATE.into()); - println!( - "Set 'template' metadata on '{}' to '{}'", - SETTING, NEW_TEMPLATE - ); - } else { - println!( - "setting-generator for '{}' is not set to {:?}, leaving alone", - SETTING, OLD_SETTING_GENERATOR - ); - } - } - _ => { - println!( - "setting-generator for '{}' is set to non-string value '{}'; SchnauzerPaws only handles strings", - SETTING, metadata_value - ); - } - } - } else { - println!("Found no setting-generator for '{}'", SETTING); - } - } else { - println!("Found no metadata for '{}'", SETTING); - } - - Ok(input) - } - - fn backward(&mut self, mut input: MigrationData) -> Result { - // Check if we have this setting at all. - if let Some(metadata) = input.metadata.get_mut(SETTING) { - if let Some(metadata_value) = metadata.get_mut("setting-generator") { - // Make sure the value is what we expect. - match metadata_value { - serde_json::Value::String(string) => { - if string == NEW_SETTING_GENERATOR { - // Happy path. Update the generator. - *metadata_value = OLD_SETTING_GENERATOR.into(); - println!( - "Changed setting-generator for '{}' from {:?} to {:?} on downgrade", - SETTING, NEW_SETTING_GENERATOR, OLD_SETTING_GENERATOR - ); - - // Remove the associated template. We didn't have a template for this - // setting before, and metadata can't be changed by the user, so we can - // just remove it. - if let Some(metadata_value) = metadata.remove("template") { - println!( - "Removed 'template' metadata on '{}', which was set to '{}'", - SETTING, metadata_value - ); - } else { - println!( - "Found no 'template' metadata to remove on setting '{}'", - SETTING - ); - } - } else { - println!( - "setting-generator for '{}' is not set to {:?}, leaving alone", - SETTING, NEW_SETTING_GENERATOR - ); - } - } - _ => { - println!( - "setting-generator for '{}' is set to non-string value '{}'; SchnauzerPaws only handles strings", - SETTING, metadata_value - ); - } - } - } else { - println!("Found no setting-generator for '{}'", SETTING); - } - } else { - println!("Found no metadata for '{}'", SETTING); - } - - Ok(input) - } -} - -fn run() -> Result<()> { - migrate(SchnauzerPaws) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.1.0/shared-containerd-configs/Cargo.toml b/sources/api/migration/migrations/archived/v1.1.0/shared-containerd-configs/Cargo.toml deleted file mode 100644 index 48280abeb..000000000 --- a/sources/api/migration/migrations/archived/v1.1.0/shared-containerd-configs/Cargo.toml +++ /dev/null @@ -1,14 +0,0 @@ -[package] -name = "shared-containerd-configs" -version = "0.1.0" -authors = ["Tom Kirchner "] -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -lazy_static = "1.4" -migration-helpers = { path = "../../../migration-helpers" } -serde_json = "1.0" diff --git a/sources/api/migration/migrations/archived/v1.1.0/shared-containerd-configs/src/main.rs b/sources/api/migration/migrations/archived/v1.1.0/shared-containerd-configs/src/main.rs deleted file mode 100644 index 2919f3045..000000000 --- a/sources/api/migration/migrations/archived/v1.1.0/shared-containerd-configs/src/main.rs +++ /dev/null @@ -1,100 +0,0 @@ -use lazy_static::lazy_static; -use migration_helpers::{migrate, Migration, MigrationData, Result}; -use std::process; - -const SETTING: &'static str = "configuration-files.containerd-config-toml.template-path"; - -lazy_static! { - static ref TEMPLATE_CHANGES: &'static [(&'static str, &'static str)] = &[ - ( - "/usr/share/templates/containerd-config-toml_aws-dev", - "/usr/share/templates/containerd-config-toml_basic" - ), - ( - "/usr/share/templates/containerd-config-toml_aws-ecs-1", - "/usr/share/templates/containerd-config-toml_basic" - ), - ( - "/usr/share/templates/containerd-config-toml_aws-k8s", - "/usr/share/templates/containerd-config-toml_k8s" - ), - ( - "/usr/share/templates/containerd-config-toml_vmware-dev", - "/usr/share/templates/containerd-config-toml_basic" - ), - ]; -} - -/// We refactored containerd config file templates to share data where possible, instead of -/// duplicating them for variants with identical configs. thar-be-settings runs at startup and -/// regenerates all files based on templates, so if we change the source during migration (early in -/// boot) it'll automatically be written out based on the new template. -fn run() -> Result<()> { - migrate(SharedContainerdConfigs {}) -} - -pub struct SharedContainerdConfigs {} - -impl SharedContainerdConfigs { - fn migrate( - &mut self, - mut input: MigrationData, - transforms: &[(&str, &str)], - action: &'static str, - ) -> Result { - if let Some(data) = input.data.get_mut(SETTING) { - match data { - serde_json::Value::String(string) => { - for (outgoing, incoming) in transforms { - if string == outgoing { - *data = (*incoming).into(); - println!( - "Changed '{}' from {:?} to {:?} on {}", - SETTING, outgoing, incoming, action - ); - // We've done what we came to do - the transformations don't - // overlap, so we do one at most. (Without this, Rust knows that - // we still have a reference to 'data' for another iteration, and - // it won't let us change it. So smart.) - break; - } else { - println!("'{}' is not set to {:?}, leaving alone", SETTING, outgoing); - } - } - } - _ => { - println!( - "'{}' is set to non-string value '{}'; SharedContainerdConfigs only handles strings", - SETTING, data - ); - } - } - } else { - println!("Found no setting '{}'", SETTING); - } - - Ok(input) - } -} - -impl Migration for SharedContainerdConfigs { - fn forward(&mut self, input: MigrationData) -> Result { - self.migrate(input, *TEMPLATE_CHANGES, "upgrade") - } - - fn backward(&mut self, input: MigrationData) -> Result { - let transforms: Vec<(&str, &str)> = - TEMPLATE_CHANGES.iter().map(|(a, b)| (*b, *a)).collect(); - self.migrate(input, &transforms, "downgrade") - } -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.1.2/admin-container-v0-7-1/Cargo.toml b/sources/api/migration/migrations/archived/v1.1.2/admin-container-v0-7-1/Cargo.toml deleted file mode 100644 index 87ee44e0b..000000000 --- a/sources/api/migration/migrations/archived/v1.1.2/admin-container-v0-7-1/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "admin-container-v0-7-1" -version = "0.1.0" -authors = ["Patrick J.P. Culp "] -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers" } diff --git a/sources/api/migration/migrations/archived/v1.1.2/admin-container-v0-7-1/src/main.rs b/sources/api/migration/migrations/archived/v1.1.2/admin-container-v0-7-1/src/main.rs deleted file mode 100644 index b1c0eae30..000000000 --- a/sources/api/migration/migrations/archived/v1.1.2/admin-container-v0-7-1/src/main.rs +++ /dev/null @@ -1,27 +0,0 @@ -use migration_helpers::common_migrations::ReplaceTemplateMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -const OLD_ADMIN_CTR_TEMPLATE: &str = - "{{ ecr-prefix settings.aws.region }}/bottlerocket-admin:v0.7.0"; -const NEW_ADMIN_CTR_TEMPLATE: &str = - "{{ ecr-prefix settings.aws.region }}/bottlerocket-admin:v0.7.1"; - -/// We bumped the version of the default admin container from v0.7.0 to v0.7.1 -fn run() -> Result<()> { - migrate(ReplaceTemplateMigration { - setting: "settings.host-containers.admin.source", - old_template: OLD_ADMIN_CTR_TEMPLATE, - new_template: NEW_ADMIN_CTR_TEMPLATE, - }) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.1.2/control-container-v0-5-1/Cargo.toml b/sources/api/migration/migrations/archived/v1.1.2/control-container-v0-5-1/Cargo.toml deleted file mode 100644 index 01d0125d8..000000000 --- a/sources/api/migration/migrations/archived/v1.1.2/control-container-v0-5-1/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "control-container-v0-5-1" -version = "0.1.0" -authors = ["Patrick J.P. Culp "] -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers" } diff --git a/sources/api/migration/migrations/archived/v1.1.2/control-container-v0-5-1/src/main.rs b/sources/api/migration/migrations/archived/v1.1.2/control-container-v0-5-1/src/main.rs deleted file mode 100644 index 135783fc0..000000000 --- a/sources/api/migration/migrations/archived/v1.1.2/control-container-v0-5-1/src/main.rs +++ /dev/null @@ -1,27 +0,0 @@ -use migration_helpers::common_migrations::ReplaceTemplateMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -const OLD_CONTROL_CTR_TEMPLATE: &str = - "{{ ecr-prefix settings.aws.region }}/bottlerocket-control:v0.5.0"; -const NEW_CONTROL_CTR_TEMPLATE: &str = - "{{ ecr-prefix settings.aws.region }}/bottlerocket-control:v0.5.1"; - -/// We bumped the version of the default control container from v0.5.0 to v0.5.1 -fn run() -> Result<()> { - migrate(ReplaceTemplateMigration { - setting: "settings.host-containers.control.source", - old_template: OLD_CONTROL_CTR_TEMPLATE, - new_template: NEW_CONTROL_CTR_TEMPLATE, - }) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.1.2/kubelet-container-log/Cargo.toml b/sources/api/migration/migrations/archived/v1.1.2/kubelet-container-log/Cargo.toml deleted file mode 100644 index 37bf1fd23..000000000 --- a/sources/api/migration/migrations/archived/v1.1.2/kubelet-container-log/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "kubelet-container-log" -version = "0.1.0" -authors = ["Sungwon Cho "] -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers" } diff --git a/sources/api/migration/migrations/archived/v1.1.2/kubelet-container-log/src/main.rs b/sources/api/migration/migrations/archived/v1.1.2/kubelet-container-log/src/main.rs deleted file mode 100644 index 8e8d9d4ca..000000000 --- a/sources/api/migration/migrations/archived/v1.1.2/kubelet-container-log/src/main.rs +++ /dev/null @@ -1,22 +0,0 @@ -use migration_helpers::common_migrations::AddSettingsMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -/// We added a new settings for configuring kubelet, `settings.kubernetes.container-log-max-size` -/// and `settings.kubernetes.container-log-max-files` -fn run() -> Result<()> { - migrate(AddSettingsMigration(&[ - "settings.kubernetes.container-log-max-size", - "settings.kubernetes.container-log-max-files", - ])) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.1.2/kubelet-system-reserved/Cargo.toml b/sources/api/migration/migrations/archived/v1.1.2/kubelet-system-reserved/Cargo.toml deleted file mode 100644 index abbac095e..000000000 --- a/sources/api/migration/migrations/archived/v1.1.2/kubelet-system-reserved/Cargo.toml +++ /dev/null @@ -1,13 +0,0 @@ -[package] -name = "kubelet-system-reserved" -version = "0.1.0" -authors = ["Tianhao Geng "] -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers" } - diff --git a/sources/api/migration/migrations/archived/v1.1.2/kubelet-system-reserved/src/main.rs b/sources/api/migration/migrations/archived/v1.1.2/kubelet-system-reserved/src/main.rs deleted file mode 100644 index df55b21bf..000000000 --- a/sources/api/migration/migrations/archived/v1.1.2/kubelet-system-reserved/src/main.rs +++ /dev/null @@ -1,20 +0,0 @@ -use migration_helpers::common_migrations::AddPrefixesMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -/// We added a new settings for configuring kubelet, `settings.kubernetes.system-reserved` -fn run() -> Result<()> { - migrate(AddPrefixesMigration(vec![ - "settings.kubernetes.system-reserved", - ])) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.1.3/kubelet-cpu-manager-state/Cargo.toml b/sources/api/migration/migrations/archived/v1.1.3/kubelet-cpu-manager-state/Cargo.toml deleted file mode 100644 index f812b45b3..000000000 --- a/sources/api/migration/migrations/archived/v1.1.3/kubelet-cpu-manager-state/Cargo.toml +++ /dev/null @@ -1,13 +0,0 @@ -[package] -name = "kubelet-cpu-manager-state" -version = "0.1.0" -authors = ["Tianhao Geng "] -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers" } -snafu = "0.8" diff --git a/sources/api/migration/migrations/archived/v1.1.3/kubelet-cpu-manager-state/src/main.rs b/sources/api/migration/migrations/archived/v1.1.3/kubelet-cpu-manager-state/src/main.rs deleted file mode 100644 index 719db6414..000000000 --- a/sources/api/migration/migrations/archived/v1.1.3/kubelet-cpu-manager-state/src/main.rs +++ /dev/null @@ -1,52 +0,0 @@ -use migration_helpers::{error, migrate, Migration, MigrationData, Result}; -use snafu::ResultExt; -use std::fs; -use std::io; -use std::process; - -const CPU_MANAGER_POLICY_CHECKPOINT: &str = "/var/lib/kubelet/cpu_manager_state"; - -/// forward - We always remove the state file on boot, therefore we don't need to explicitly -/// remove the file during forward migration. -/// backward - We remove cpu manager policy checkpoint value on downgrade, since older versions did not -/// clean up this state file on boot. -pub struct CpuManagerPolicyCleaner; - -impl Migration for CpuManagerPolicyCleaner { - fn forward(&mut self, input: MigrationData) -> Result { - println!("CpuManagerPolicyCleaner has no work to do on upgrade."); - Ok(input) - } - - fn backward(&mut self, input: MigrationData) -> Result { - // removing existing cpu_manager_policy_state file - println!( - "Deleting existing cpu manager policy checkpoint: '{}'", - CPU_MANAGER_POLICY_CHECKPOINT - ); - if let Err(e) = fs::remove_file(CPU_MANAGER_POLICY_CHECKPOINT) { - if e.kind() != io::ErrorKind::NotFound { - return Err(e).context(error::RemoveFile { - path: CPU_MANAGER_POLICY_CHECKPOINT, - }); - } else { - println!("NotFound: '{}'", CPU_MANAGER_POLICY_CHECKPOINT) - } - } - Ok(input) - } -} -/// We changed the default for CPU manager policy and need to handle kubelet's state file. -fn run() -> Result<()> { - migrate(CpuManagerPolicyCleaner) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.1.3/kubelet-cpu-manager/Cargo.toml b/sources/api/migration/migrations/archived/v1.1.3/kubelet-cpu-manager/Cargo.toml deleted file mode 100644 index 46e91cfd7..000000000 --- a/sources/api/migration/migrations/archived/v1.1.3/kubelet-cpu-manager/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "kubelet-cpu-manager" -version = "0.1.0" -authors = ["Tianhao Geng "] -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers" } diff --git a/sources/api/migration/migrations/archived/v1.1.3/kubelet-cpu-manager/src/main.rs b/sources/api/migration/migrations/archived/v1.1.3/kubelet-cpu-manager/src/main.rs deleted file mode 100644 index f9f04a7e8..000000000 --- a/sources/api/migration/migrations/archived/v1.1.3/kubelet-cpu-manager/src/main.rs +++ /dev/null @@ -1,22 +0,0 @@ -use migration_helpers::common_migrations::AddSettingsMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -/// We added two new settings for configuring kubelet, `settings.kubernetes.cpu-manager-reconcile-period` -/// and `settings.kubernetes.cpu-manager-policy` -fn run() -> Result<()> { - migrate(AddSettingsMigration(&[ - "settings.kubernetes.cpu-manager-policy", - "settings.kubernetes.cpu-manager-reconcile-period", - ])) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.10.0/aws-admin-container-v0-9-2/Cargo.toml b/sources/api/migration/migrations/archived/v1.10.0/aws-admin-container-v0-9-2/Cargo.toml deleted file mode 100644 index d385e9f56..000000000 --- a/sources/api/migration/migrations/archived/v1.10.0/aws-admin-container-v0-9-2/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "aws-admin-container-v0-9-2" -version = "0.1.0" -authors = ["Patrick J.P. Culp "] -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.10.0/aws-admin-container-v0-9-2/src/main.rs b/sources/api/migration/migrations/archived/v1.10.0/aws-admin-container-v0-9-2/src/main.rs deleted file mode 100644 index 34b91399d..000000000 --- a/sources/api/migration/migrations/archived/v1.10.0/aws-admin-container-v0-9-2/src/main.rs +++ /dev/null @@ -1,27 +0,0 @@ -use migration_helpers::common_migrations::ReplaceTemplateMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -const OLD_ADMIN_CTR_TEMPLATE: &str = - "{{ ecr-prefix settings.aws.region }}/bottlerocket-admin:v0.9.0"; -const NEW_ADMIN_CTR_TEMPLATE: &str = - "{{ ecr-prefix settings.aws.region }}/bottlerocket-admin:v0.9.2"; - -/// We bumped the version of the default admin container -fn run() -> Result<()> { - migrate(ReplaceTemplateMigration { - setting: "settings.host-containers.admin.source", - old_template: OLD_ADMIN_CTR_TEMPLATE, - new_template: NEW_ADMIN_CTR_TEMPLATE, - }) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.10.0/aws-control-container-v0-6-3/Cargo.toml b/sources/api/migration/migrations/archived/v1.10.0/aws-control-container-v0-6-3/Cargo.toml deleted file mode 100644 index bac02aa59..000000000 --- a/sources/api/migration/migrations/archived/v1.10.0/aws-control-container-v0-6-3/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "aws-control-container-v0-6-3" -version = "0.1.0" -authors = ["Ethan Pullen "] -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.10.0/aws-control-container-v0-6-3/src/main.rs b/sources/api/migration/migrations/archived/v1.10.0/aws-control-container-v0-6-3/src/main.rs deleted file mode 100644 index 863ff8387..000000000 --- a/sources/api/migration/migrations/archived/v1.10.0/aws-control-container-v0-6-3/src/main.rs +++ /dev/null @@ -1,27 +0,0 @@ -use migration_helpers::common_migrations::ReplaceTemplateMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -const OLD_CONTROL_CTR_TEMPLATE: &str = - "{{ ecr-prefix settings.aws.region }}/bottlerocket-control:v0.6.1"; -const NEW_CONTROL_CTR_TEMPLATE: &str = - "{{ ecr-prefix settings.aws.region }}/bottlerocket-control:v0.6.3"; - -/// We bumped the version of the default control container -fn run() -> Result<()> { - migrate(ReplaceTemplateMigration { - setting: "settings.host-containers.control.source", - old_template: OLD_CONTROL_CTR_TEMPLATE, - new_template: NEW_CONTROL_CTR_TEMPLATE, - }) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.10.0/dns-settings-metadata/Cargo.toml b/sources/api/migration/migrations/archived/v1.10.0/dns-settings-metadata/Cargo.toml deleted file mode 100644 index 38f58b1d6..000000000 --- a/sources/api/migration/migrations/archived/v1.10.0/dns-settings-metadata/Cargo.toml +++ /dev/null @@ -1,9 +0,0 @@ -[package] -name = "dns-settings-metadata" -version = "0.1.0" -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.10.0/dns-settings-metadata/src/main.rs b/sources/api/migration/migrations/archived/v1.10.0/dns-settings-metadata/src/main.rs deleted file mode 100644 index 2f54b0d3c..000000000 --- a/sources/api/migration/migrations/archived/v1.10.0/dns-settings-metadata/src/main.rs +++ /dev/null @@ -1,21 +0,0 @@ -use migration_helpers::common_migrations::{AddMetadataMigration, SettingMetadata}; -use migration_helpers::{migrate, Result}; -use std::process; - -/// We added a new setting and `affected-services` metadata for `settings.dns` -fn run() -> Result<()> { - migrate(AddMetadataMigration(&[SettingMetadata { - metadata: &["affected-services"], - setting: "settings.dns", - }])) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.10.0/dns-settings/Cargo.toml b/sources/api/migration/migrations/archived/v1.10.0/dns-settings/Cargo.toml deleted file mode 100644 index 30a376690..000000000 --- a/sources/api/migration/migrations/archived/v1.10.0/dns-settings/Cargo.toml +++ /dev/null @@ -1,9 +0,0 @@ -[package] -name = "dns-settings" -version = "0.1.0" -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.10.0/dns-settings/src/main.rs b/sources/api/migration/migrations/archived/v1.10.0/dns-settings/src/main.rs deleted file mode 100644 index 6606f9318..000000000 --- a/sources/api/migration/migrations/archived/v1.10.0/dns-settings/src/main.rs +++ /dev/null @@ -1,22 +0,0 @@ -use migration_helpers::common_migrations::AddPrefixesMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -/// We added new settings under `settings.dns` for configuring /etc/resolv.conf -fn run() -> Result<()> { - migrate(AddPrefixesMigration(vec![ - "settings.dns", - "services.dns", - "configuration-files.netdog-toml", - ])) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.10.0/kubelet-log-level/Cargo.toml b/sources/api/migration/migrations/archived/v1.10.0/kubelet-log-level/Cargo.toml deleted file mode 100644 index 30df4f972..000000000 --- a/sources/api/migration/migrations/archived/v1.10.0/kubelet-log-level/Cargo.toml +++ /dev/null @@ -1,10 +0,0 @@ -[package] -name = "kubelet-log-level" -version = "0.1.0" -authors = ["Sean McGinnis "] -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.10.0/kubelet-log-level/src/main.rs b/sources/api/migration/migrations/archived/v1.10.0/kubelet-log-level/src/main.rs deleted file mode 100644 index 55a3df526..000000000 --- a/sources/api/migration/migrations/archived/v1.10.0/kubelet-log-level/src/main.rs +++ /dev/null @@ -1,19 +0,0 @@ -use migration_helpers::common_migrations::AddSettingsMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -/// We added a new settings for configuring kubelet logging verbosity: -/// `settings.kubernetes.log-level`. -fn run() -> Result<()> { - migrate(AddSettingsMigration(&["settings.kubernetes.log-level"])) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.10.0/public-admin-container-v0-9-2/Cargo.toml b/sources/api/migration/migrations/archived/v1.10.0/public-admin-container-v0-9-2/Cargo.toml deleted file mode 100644 index d9b023772..000000000 --- a/sources/api/migration/migrations/archived/v1.10.0/public-admin-container-v0-9-2/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "public-admin-container-v0-9-2" -version = "0.1.0" -authors = ["Patrick J.P. Culp "] -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.10.0/public-admin-container-v0-9-2/src/main.rs b/sources/api/migration/migrations/archived/v1.10.0/public-admin-container-v0-9-2/src/main.rs deleted file mode 100644 index 91c64894a..000000000 --- a/sources/api/migration/migrations/archived/v1.10.0/public-admin-container-v0-9-2/src/main.rs +++ /dev/null @@ -1,25 +0,0 @@ -use migration_helpers::common_migrations::ReplaceStringMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -const OLD_ADMIN_CTR_SOURCE_VAL: &str = "public.ecr.aws/bottlerocket/bottlerocket-admin:v0.9.0"; -const NEW_ADMIN_CTR_SOURCE_VAL: &str = "public.ecr.aws/bottlerocket/bottlerocket-admin:v0.9.2"; - -/// We bumped the version of the default admin container -fn run() -> Result<()> { - migrate(ReplaceStringMigration { - setting: "settings.host-containers.admin.source", - old_val: OLD_ADMIN_CTR_SOURCE_VAL, - new_val: NEW_ADMIN_CTR_SOURCE_VAL, - }) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.10.0/public-control-container-v0-6-3/Cargo.toml b/sources/api/migration/migrations/archived/v1.10.0/public-control-container-v0-6-3/Cargo.toml deleted file mode 100644 index 90226e207..000000000 --- a/sources/api/migration/migrations/archived/v1.10.0/public-control-container-v0-6-3/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "public-control-container-v0-6-3" -version = "0.1.0" -authors = ["Ethan Pullen "] -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.10.0/public-control-container-v0-6-3/src/main.rs b/sources/api/migration/migrations/archived/v1.10.0/public-control-container-v0-6-3/src/main.rs deleted file mode 100644 index 3d69604dd..000000000 --- a/sources/api/migration/migrations/archived/v1.10.0/public-control-container-v0-6-3/src/main.rs +++ /dev/null @@ -1,25 +0,0 @@ -use migration_helpers::common_migrations::ReplaceStringMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -const OLD_CONTROL_CTR_SOURCE_VAL: &str = "public.ecr.aws/bottlerocket/bottlerocket-control:v0.6.1"; -const NEW_CONTROL_CTR_SOURCE_VAL: &str = "public.ecr.aws/bottlerocket/bottlerocket-control:v0.6.3"; - -/// We bumped the version of the default control container -fn run() -> Result<()> { - migrate(ReplaceStringMigration { - setting: "settings.host-containers.control.source", - old_val: OLD_CONTROL_CTR_SOURCE_VAL, - new_val: NEW_CONTROL_CTR_SOURCE_VAL, - }) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.10.0/reboot-to-reconcile-setting/Cargo.toml b/sources/api/migration/migrations/archived/v1.10.0/reboot-to-reconcile-setting/Cargo.toml deleted file mode 100644 index fac72efae..000000000 --- a/sources/api/migration/migrations/archived/v1.10.0/reboot-to-reconcile-setting/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "reboot-to-reconcile-setting" -version = "0.1.0" -edition = "2018" -authors = ["Markus Boehme "] -license = "Apache-2.0 OR MIT" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.10.0/reboot-to-reconcile-setting/src/main.rs b/sources/api/migration/migrations/archived/v1.10.0/reboot-to-reconcile-setting/src/main.rs deleted file mode 100644 index e4b36a91b..000000000 --- a/sources/api/migration/migrations/archived/v1.10.0/reboot-to-reconcile-setting/src/main.rs +++ /dev/null @@ -1,19 +0,0 @@ -use migration_helpers::common_migrations::AddSettingsMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -/// We added a new setting for letting the host reboot if boot settings changed, -/// `settings.boot.reboot-to-reconcile` -fn run() -> Result<()> { - migrate(AddSettingsMigration(&["settings.boot.reboot-to-reconcile"])) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.10.1/container-runtime-metadata/Cargo.toml b/sources/api/migration/migrations/archived/v1.10.1/container-runtime-metadata/Cargo.toml deleted file mode 100644 index 9bd8d1e50..000000000 --- a/sources/api/migration/migrations/archived/v1.10.1/container-runtime-metadata/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "container-runtime-metadata" -version = "0.1.0" -edition = "2018" -authors = ["Sean McGinnis "] -license = "Apache-2.0 OR MIT" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} \ No newline at end of file diff --git a/sources/api/migration/migrations/archived/v1.10.1/container-runtime-metadata/src/main.rs b/sources/api/migration/migrations/archived/v1.10.1/container-runtime-metadata/src/main.rs deleted file mode 100644 index 0efc23fe3..000000000 --- a/sources/api/migration/migrations/archived/v1.10.1/container-runtime-metadata/src/main.rs +++ /dev/null @@ -1,21 +0,0 @@ -use migration_helpers::common_migrations::{AddMetadataMigration, SettingMetadata}; -use migration_helpers::{migrate, Result}; -use std::process; - -/// We added a new setting for configuring container runtime (containerd) settings. -fn run() -> Result<()> { - migrate(AddMetadataMigration(&[SettingMetadata { - metadata: &["affected-services"], - setting: "settings.container-runtime", - }])) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.10.1/container-runtime/Cargo.toml b/sources/api/migration/migrations/archived/v1.10.1/container-runtime/Cargo.toml deleted file mode 100644 index ac0bad27f..000000000 --- a/sources/api/migration/migrations/archived/v1.10.1/container-runtime/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "container-runtime" -version = "0.1.0" -edition = "2018" -authors = ["Sean McGinnis "] -license = "Apache-2.0 OR MIT" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} \ No newline at end of file diff --git a/sources/api/migration/migrations/archived/v1.10.1/container-runtime/src/main.rs b/sources/api/migration/migrations/archived/v1.10.1/container-runtime/src/main.rs deleted file mode 100644 index b7fe4a65a..000000000 --- a/sources/api/migration/migrations/archived/v1.10.1/container-runtime/src/main.rs +++ /dev/null @@ -1,18 +0,0 @@ -use migration_helpers::common_migrations::AddPrefixesMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -/// We added a new setting for configuring container runtime (containerd) settings. -fn run() -> Result<()> { - migrate(AddPrefixesMigration(vec!["settings.container-runtime"])) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.11.0/aws-admin-container-v0-9-3/Cargo.toml b/sources/api/migration/migrations/archived/v1.11.0/aws-admin-container-v0-9-3/Cargo.toml deleted file mode 100644 index fadc23f95..000000000 --- a/sources/api/migration/migrations/archived/v1.11.0/aws-admin-container-v0-9-3/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "aws-admin-container-v0-9-3" -version = "0.1.0" -authors = ["Patrick J.P. Culp "] -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.11.0/aws-admin-container-v0-9-3/src/main.rs b/sources/api/migration/migrations/archived/v1.11.0/aws-admin-container-v0-9-3/src/main.rs deleted file mode 100644 index c6e12deb3..000000000 --- a/sources/api/migration/migrations/archived/v1.11.0/aws-admin-container-v0-9-3/src/main.rs +++ /dev/null @@ -1,27 +0,0 @@ -use migration_helpers::common_migrations::ReplaceTemplateMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -const OLD_ADMIN_CTR_TEMPLATE: &str = - "{{ ecr-prefix settings.aws.region }}/bottlerocket-admin:v0.9.2"; -const NEW_ADMIN_CTR_TEMPLATE: &str = - "{{ ecr-prefix settings.aws.region }}/bottlerocket-admin:v0.9.3"; - -/// We bumped the version of the default admin container -fn run() -> Result<()> { - migrate(ReplaceTemplateMigration { - setting: "settings.host-containers.admin.source", - old_template: OLD_ADMIN_CTR_TEMPLATE, - new_template: NEW_ADMIN_CTR_TEMPLATE, - }) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.11.0/aws-config-settings/Cargo.toml b/sources/api/migration/migrations/archived/v1.11.0/aws-config-settings/Cargo.toml deleted file mode 100644 index 6a0061eaa..000000000 --- a/sources/api/migration/migrations/archived/v1.11.0/aws-config-settings/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "aws-config-settings" -version = "0.1.0" -edition = "2018" -authors = ["Sean McGinnis "] -license = "Apache-2.0 OR MIT" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.11.0/aws-config-settings/src/main.rs b/sources/api/migration/migrations/archived/v1.11.0/aws-config-settings/src/main.rs deleted file mode 100644 index 99610cb31..000000000 --- a/sources/api/migration/migrations/archived/v1.11.0/aws-config-settings/src/main.rs +++ /dev/null @@ -1,24 +0,0 @@ -use migration_helpers::common_migrations::AddPrefixesMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -/// We added a new setting for configuring the AWS client configuration. This -/// can be used by any client expecting to find settings in the default -/// `~/.aws/*` location. -fn run() -> Result<()> { - migrate(AddPrefixesMigration(vec![ - "services.aws", - "configuration-files.aws-config", - "configuration-files.aws-credentials", - ])) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.11.0/aws-control-container-v0-6-4/Cargo.toml b/sources/api/migration/migrations/archived/v1.11.0/aws-control-container-v0-6-4/Cargo.toml deleted file mode 100644 index 6200dec06..000000000 --- a/sources/api/migration/migrations/archived/v1.11.0/aws-control-container-v0-6-4/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "aws-control-container-v0-6-4" -version = "0.1.0" -authors = ["Patrick J.P. Culp "] -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.11.0/aws-control-container-v0-6-4/src/main.rs b/sources/api/migration/migrations/archived/v1.11.0/aws-control-container-v0-6-4/src/main.rs deleted file mode 100644 index eb7dad9e5..000000000 --- a/sources/api/migration/migrations/archived/v1.11.0/aws-control-container-v0-6-4/src/main.rs +++ /dev/null @@ -1,27 +0,0 @@ -use migration_helpers::common_migrations::ReplaceTemplateMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -const OLD_CONTROL_CTR_TEMPLATE: &str = - "{{ ecr-prefix settings.aws.region }}/bottlerocket-control:v0.6.3"; -const NEW_CONTROL_CTR_TEMPLATE: &str = - "{{ ecr-prefix settings.aws.region }}/bottlerocket-control:v0.6.4"; - -/// We bumped the version of the default control container -fn run() -> Result<()> { - migrate(ReplaceTemplateMigration { - setting: "settings.host-containers.control.source", - old_template: OLD_CONTROL_CTR_TEMPLATE, - new_template: NEW_CONTROL_CTR_TEMPLATE, - }) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.11.0/aws-creds-metadata/Cargo.toml b/sources/api/migration/migrations/archived/v1.11.0/aws-creds-metadata/Cargo.toml deleted file mode 100644 index 1818963f7..000000000 --- a/sources/api/migration/migrations/archived/v1.11.0/aws-creds-metadata/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "aws-creds-metadata" -version = "0.1.0" -edition = "2018" -authors = ["Sean McGinnis "] -license = "Apache-2.0 OR MIT" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.11.0/aws-creds-metadata/src/main.rs b/sources/api/migration/migrations/archived/v1.11.0/aws-creds-metadata/src/main.rs deleted file mode 100644 index 82eba78e5..000000000 --- a/sources/api/migration/migrations/archived/v1.11.0/aws-creds-metadata/src/main.rs +++ /dev/null @@ -1,21 +0,0 @@ -use migration_helpers::common_migrations::{AddMetadataMigration, SettingMetadata}; -use migration_helpers::{migrate, Result}; -use std::process; - -/// We added a new setting for AWS credential configuration. -fn run() -> Result<()> { - migrate(AddMetadataMigration(&[SettingMetadata { - metadata: &["affected-services"], - setting: "settings.aws", - }])) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.11.0/aws-creds/Cargo.toml b/sources/api/migration/migrations/archived/v1.11.0/aws-creds/Cargo.toml deleted file mode 100644 index face15873..000000000 --- a/sources/api/migration/migrations/archived/v1.11.0/aws-creds/Cargo.toml +++ /dev/null @@ -1,15 +0,0 @@ -[package] -name = "aws-creds" -version = "0.1.0" -edition = "2018" -authors = ["Sean McGinnis "] -license = "Apache-2.0 OR MIT" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} - -[build-dependencies] -bottlerocket-variant = { version = "0.1", path = "../../../../../bottlerocket-variant" } diff --git a/sources/api/migration/migrations/archived/v1.11.0/aws-creds/build.rs b/sources/api/migration/migrations/archived/v1.11.0/aws-creds/build.rs deleted file mode 100644 index 51d16cf1b..000000000 --- a/sources/api/migration/migrations/archived/v1.11.0/aws-creds/build.rs +++ /dev/null @@ -1,6 +0,0 @@ -use bottlerocket_variant::Variant; - -fn main() { - let variant = Variant::from_env().unwrap(); - variant.emit_cfgs(); -} diff --git a/sources/api/migration/migrations/archived/v1.11.0/aws-creds/src/main.rs b/sources/api/migration/migrations/archived/v1.11.0/aws-creds/src/main.rs deleted file mode 100644 index e4c2c3f20..000000000 --- a/sources/api/migration/migrations/archived/v1.11.0/aws-creds/src/main.rs +++ /dev/null @@ -1,28 +0,0 @@ -use migration_helpers::common_migrations::{AddPrefixesMigration, AddSettingsMigration}; -use migration_helpers::{migrate, Result}; -use std::process; - -/// We added new settings for AWS credential configuration. -fn run() -> Result<()> { - if cfg!(variant_platform = "aws") { - migrate(AddSettingsMigration(&[ - "settings.aws.config", - "settings.aws.credentials", - "settings.aws.profile", - ])) - } else { - // Non-AWS variants did not have any AWS setting until this point, - // so need to completely clean up on downgrade. - migrate(AddPrefixesMigration(vec!["settings.aws"])) - } -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.11.0/credential-providers/Cargo.toml b/sources/api/migration/migrations/archived/v1.11.0/credential-providers/Cargo.toml deleted file mode 100644 index 9670e564a..000000000 --- a/sources/api/migration/migrations/archived/v1.11.0/credential-providers/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "credential-providers" -version = "0.1.0" -edition = "2018" -authors = ["Sean McGinnis "] -license = "Apache-2.0 OR MIT" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.11.0/credential-providers/src/main.rs b/sources/api/migration/migrations/archived/v1.11.0/credential-providers/src/main.rs deleted file mode 100644 index 4f1c44e58..000000000 --- a/sources/api/migration/migrations/archived/v1.11.0/credential-providers/src/main.rs +++ /dev/null @@ -1,23 +0,0 @@ -use migration_helpers::common_migrations::AddPrefixesMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -/// We added a new setting for configuring kubelet's image credential -/// provider plugins. Initially this is only to support ecr-credential-provider, -/// but others may be added as needed. -fn run() -> Result<()> { - migrate(AddPrefixesMigration(vec![ - "settings.kubernetes.credential-providers", - "configuration-files.credential-provider-config-yaml", - ])) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.11.0/ecs-additional-configurations/Cargo.toml b/sources/api/migration/migrations/archived/v1.11.0/ecs-additional-configurations/Cargo.toml deleted file mode 100644 index 65e1c047e..000000000 --- a/sources/api/migration/migrations/archived/v1.11.0/ecs-additional-configurations/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "ecs-additional-configurations" -version = "0.1.0" -edition = "2018" -authors = ["Arnaldo Garcia Rincon "] -license = "Apache-2.0 OR MIT" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.11.0/ecs-additional-configurations/src/main.rs b/sources/api/migration/migrations/archived/v1.11.0/ecs-additional-configurations/src/main.rs deleted file mode 100644 index 97a735835..000000000 --- a/sources/api/migration/migrations/archived/v1.11.0/ecs-additional-configurations/src/main.rs +++ /dev/null @@ -1,24 +0,0 @@ -use migration_helpers::common_migrations::AddSettingsMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -/// We added additional configurations for the ECS agent -fn run() -> Result<()> { - migrate(AddSettingsMigration(&[ - "settings.ecs.container-stop-timeout", - "settings.ecs.task-cleanup-wait", - "settings.ecs.metadata-service-rps", - "settings.ecs.metadata-service-burst", - "settings.ecs.reserved-memory", - ])) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.11.0/kubelet-new-config-files/Cargo.toml b/sources/api/migration/migrations/archived/v1.11.0/kubelet-new-config-files/Cargo.toml deleted file mode 100644 index 929e09937..000000000 --- a/sources/api/migration/migrations/archived/v1.11.0/kubelet-new-config-files/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "kubelet-new-config-files" -version = "0.1.0" -edition = "2018" -authors = ["Sean McGinnis "] -license = "Apache-2.0 OR MIT" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0" } diff --git a/sources/api/migration/migrations/archived/v1.11.0/kubelet-new-config-files/src/main.rs b/sources/api/migration/migrations/archived/v1.11.0/kubelet-new-config-files/src/main.rs deleted file mode 100644 index ca89785f0..000000000 --- a/sources/api/migration/migrations/archived/v1.11.0/kubelet-new-config-files/src/main.rs +++ /dev/null @@ -1,41 +0,0 @@ -use migration_helpers::common_migrations::{ListReplacement, ReplaceListsMigration}; -use migration_helpers::{migrate, Result}; -use std::process; - -/// Handle new configuration files for kubelet configuration. -fn run() -> Result<()> { - migrate(ReplaceListsMigration(vec![ListReplacement { - setting: "services.kubernetes.configuration-files", - old_vals: &[ - "kubelet-env", - "kubelet-config", - "kubelet-kubeconfig", - "kubelet-bootstrap-kubeconfig", - "kubelet-exec-start-conf", - "kubernetes-ca-crt", - "proxy-env", - ], - new_vals: &[ - "kubelet-env", - "kubelet-config", - "kubelet-kubeconfig", - "kubelet-bootstrap-kubeconfig", - "kubelet-exec-start-conf", - "kubernetes-ca-crt", - "proxy-env", - "kubelet-server-crt", - "kubelet-server-key", - "credential-provider-config-yaml", - ], - }])) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.11.0/kubelet-tls-config/Cargo.toml b/sources/api/migration/migrations/archived/v1.11.0/kubelet-tls-config/Cargo.toml deleted file mode 100644 index 3baa1aea9..000000000 --- a/sources/api/migration/migrations/archived/v1.11.0/kubelet-tls-config/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "kubelet-tls-config" -version = "0.1.0" -edition = "2018" -authors = ["Sean McGinnis "] -license = "Apache-2.0 OR MIT" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0" } diff --git a/sources/api/migration/migrations/archived/v1.11.0/kubelet-tls-config/src/main.rs b/sources/api/migration/migrations/archived/v1.11.0/kubelet-tls-config/src/main.rs deleted file mode 100644 index 3c76737f3..000000000 --- a/sources/api/migration/migrations/archived/v1.11.0/kubelet-tls-config/src/main.rs +++ /dev/null @@ -1,21 +0,0 @@ -use migration_helpers::common_migrations::AddSettingsMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -// We added a new setting for providing TLS certs. -fn run() -> Result<()> { - migrate(AddSettingsMigration(&[ - "settings.kubernetes.server-certificate", - "settings.kubernetes.server-key", - ])) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.11.0/kubelet-tls-files/Cargo.toml b/sources/api/migration/migrations/archived/v1.11.0/kubelet-tls-files/Cargo.toml deleted file mode 100644 index 370fce487..000000000 --- a/sources/api/migration/migrations/archived/v1.11.0/kubelet-tls-files/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "kubelet-tls-files" -version = "0.1.0" -authors = ["Erikson Tung "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0" } diff --git a/sources/api/migration/migrations/archived/v1.11.0/kubelet-tls-files/src/main.rs b/sources/api/migration/migrations/archived/v1.11.0/kubelet-tls-files/src/main.rs deleted file mode 100644 index 32a42ed43..000000000 --- a/sources/api/migration/migrations/archived/v1.11.0/kubelet-tls-files/src/main.rs +++ /dev/null @@ -1,21 +0,0 @@ -use migration_helpers::common_migrations::AddPrefixesMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -/// We added support for adding new kubelet TLS certs/keys for communicating with the Kubernetes API server. -fn run() -> Result<()> { - migrate(AddPrefixesMigration(vec![ - "configuration-files.kubelet-server-crt", - "configuration-files.kubelet-server-key", - ])) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.11.0/public-admin-container-v0-9-3/Cargo.toml b/sources/api/migration/migrations/archived/v1.11.0/public-admin-container-v0-9-3/Cargo.toml deleted file mode 100644 index aa79796b7..000000000 --- a/sources/api/migration/migrations/archived/v1.11.0/public-admin-container-v0-9-3/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "public-admin-container-v0-9-3" -version = "0.1.0" -authors = ["Patrick J.P. Culp "] -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.11.0/public-admin-container-v0-9-3/src/main.rs b/sources/api/migration/migrations/archived/v1.11.0/public-admin-container-v0-9-3/src/main.rs deleted file mode 100644 index 9c6f6ae8f..000000000 --- a/sources/api/migration/migrations/archived/v1.11.0/public-admin-container-v0-9-3/src/main.rs +++ /dev/null @@ -1,25 +0,0 @@ -use migration_helpers::common_migrations::ReplaceStringMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -const OLD_ADMIN_CTR_SOURCE_VAL: &str = "public.ecr.aws/bottlerocket/bottlerocket-admin:v0.9.2"; -const NEW_ADMIN_CTR_SOURCE_VAL: &str = "public.ecr.aws/bottlerocket/bottlerocket-admin:v0.9.3"; - -/// We bumped the version of the default admin container -fn run() -> Result<()> { - migrate(ReplaceStringMigration { - setting: "settings.host-containers.admin.source", - old_val: OLD_ADMIN_CTR_SOURCE_VAL, - new_val: NEW_ADMIN_CTR_SOURCE_VAL, - }) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.11.0/public-control-container-v0-6-4/Cargo.toml b/sources/api/migration/migrations/archived/v1.11.0/public-control-container-v0-6-4/Cargo.toml deleted file mode 100644 index a0058e758..000000000 --- a/sources/api/migration/migrations/archived/v1.11.0/public-control-container-v0-6-4/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "public-control-container-v0-6-4" -version = "0.1.0" -authors = ["Patrick J.P. Culp "] -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.11.0/public-control-container-v0-6-4/src/main.rs b/sources/api/migration/migrations/archived/v1.11.0/public-control-container-v0-6-4/src/main.rs deleted file mode 100644 index c69ae12f9..000000000 --- a/sources/api/migration/migrations/archived/v1.11.0/public-control-container-v0-6-4/src/main.rs +++ /dev/null @@ -1,25 +0,0 @@ -use migration_helpers::common_migrations::ReplaceStringMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -const OLD_CONTROL_CTR_SOURCE_VAL: &str = "public.ecr.aws/bottlerocket/bottlerocket-control:v0.6.3"; -const NEW_CONTROL_CTR_SOURCE_VAL: &str = "public.ecr.aws/bottlerocket/bottlerocket-control:v0.6.4"; - -/// We bumped the version of the default control container -fn run() -> Result<()> { - migrate(ReplaceStringMigration { - setting: "settings.host-containers.control.source", - old_val: OLD_CONTROL_CTR_SOURCE_VAL, - new_val: NEW_CONTROL_CTR_SOURCE_VAL, - }) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.12.0/add-k8s-autoscaling-warm-pool-setting-metadata/Cargo.toml b/sources/api/migration/migrations/archived/v1.12.0/add-k8s-autoscaling-warm-pool-setting-metadata/Cargo.toml deleted file mode 100644 index 4104e254f..000000000 --- a/sources/api/migration/migrations/archived/v1.12.0/add-k8s-autoscaling-warm-pool-setting-metadata/Cargo.toml +++ /dev/null @@ -1,15 +0,0 @@ -[package] -name = "add-k8s-autoscaling-warm-pool-setting-metadata" -version = "0.1.0" -authors = ["Tianhao Geng "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} - -[build-dependencies] -bottlerocket-variant = { version = "0.1", path = "../../../../../bottlerocket-variant" } diff --git a/sources/api/migration/migrations/archived/v1.12.0/add-k8s-autoscaling-warm-pool-setting-metadata/build.rs b/sources/api/migration/migrations/archived/v1.12.0/add-k8s-autoscaling-warm-pool-setting-metadata/build.rs deleted file mode 100644 index 51d16cf1b..000000000 --- a/sources/api/migration/migrations/archived/v1.12.0/add-k8s-autoscaling-warm-pool-setting-metadata/build.rs +++ /dev/null @@ -1,6 +0,0 @@ -use bottlerocket_variant::Variant; - -fn main() { - let variant = Variant::from_env().unwrap(); - variant.emit_cfgs(); -} diff --git a/sources/api/migration/migrations/archived/v1.12.0/add-k8s-autoscaling-warm-pool-setting-metadata/src/main.rs b/sources/api/migration/migrations/archived/v1.12.0/add-k8s-autoscaling-warm-pool-setting-metadata/src/main.rs deleted file mode 100644 index ac393863a..000000000 --- a/sources/api/migration/migrations/archived/v1.12.0/add-k8s-autoscaling-warm-pool-setting-metadata/src/main.rs +++ /dev/null @@ -1,27 +0,0 @@ -use migration_helpers::common_migrations::{AddMetadataMigration, NoOpMigration, SettingMetadata}; -use migration_helpers::{migrate, Result}; -use std::process; - -/// We added a new setting and `affected-services` metadata for `settings.autoscaling` -fn run() -> Result<()> { - if cfg!(variant_family = "aws-k8s") { - migrate(AddMetadataMigration(&[SettingMetadata { - metadata: &["affected-services"], - setting: "settings.autoscaling", - }]))?; - } else { - migrate(NoOpMigration)?; - } - - Ok(()) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.12.0/add-k8s-autoscaling-warm-pool-setting/Cargo.toml b/sources/api/migration/migrations/archived/v1.12.0/add-k8s-autoscaling-warm-pool-setting/Cargo.toml deleted file mode 100644 index 19305ab09..000000000 --- a/sources/api/migration/migrations/archived/v1.12.0/add-k8s-autoscaling-warm-pool-setting/Cargo.toml +++ /dev/null @@ -1,15 +0,0 @@ -[package] -name = "add-k8s-autoscaling-warm-pool-setting" -version = "0.1.0" -authors = ["Tianhao Geng "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1"} - -[build-dependencies] -bottlerocket-variant = { version = "0.1", path = "../../../../../bottlerocket-variant" } diff --git a/sources/api/migration/migrations/archived/v1.12.0/add-k8s-autoscaling-warm-pool-setting/build.rs b/sources/api/migration/migrations/archived/v1.12.0/add-k8s-autoscaling-warm-pool-setting/build.rs deleted file mode 100644 index 51d16cf1b..000000000 --- a/sources/api/migration/migrations/archived/v1.12.0/add-k8s-autoscaling-warm-pool-setting/build.rs +++ /dev/null @@ -1,6 +0,0 @@ -use bottlerocket_variant::Variant; - -fn main() { - let variant = Variant::from_env().unwrap(); - variant.emit_cfgs(); -} diff --git a/sources/api/migration/migrations/archived/v1.12.0/add-k8s-autoscaling-warm-pool-setting/src/main.rs b/sources/api/migration/migrations/archived/v1.12.0/add-k8s-autoscaling-warm-pool-setting/src/main.rs deleted file mode 100644 index 968700bb2..000000000 --- a/sources/api/migration/migrations/archived/v1.12.0/add-k8s-autoscaling-warm-pool-setting/src/main.rs +++ /dev/null @@ -1,29 +0,0 @@ -use migration_helpers::common_migrations::{AddPrefixesMigration, NoOpMigration}; -use migration_helpers::{migrate, Result}; -use std::process; - -/// We added a new setting prefix for configuring autoscaling in k8s variants. -/// Remove the whole `settings.autoscaling` prefix if we downgrade. -fn run() -> Result<()> { - if cfg!(variant_family = "aws-k8s") { - migrate(AddPrefixesMigration(vec![ - "settings.autoscaling", - "services.autoscaling-warm-pool", - "configuration-files.warm-pool-wait-toml", - ]))?; - } else { - migrate(NoOpMigration)?; - } - - Ok(()) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.12.0/aws-admin-container-v0-9-4/Cargo.toml b/sources/api/migration/migrations/archived/v1.12.0/aws-admin-container-v0-9-4/Cargo.toml deleted file mode 100644 index 65a5b99d2..000000000 --- a/sources/api/migration/migrations/archived/v1.12.0/aws-admin-container-v0-9-4/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "aws-admin-container-v0-9-4" -version = "0.1.0" -authors = ["Patrick J.P. Culp "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.12.0/aws-admin-container-v0-9-4/src/main.rs b/sources/api/migration/migrations/archived/v1.12.0/aws-admin-container-v0-9-4/src/main.rs deleted file mode 100644 index 1f90ad1e9..000000000 --- a/sources/api/migration/migrations/archived/v1.12.0/aws-admin-container-v0-9-4/src/main.rs +++ /dev/null @@ -1,27 +0,0 @@ -use migration_helpers::common_migrations::ReplaceTemplateMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -const OLD_ADMIN_CTR_TEMPLATE: &str = - "{{ ecr-prefix settings.aws.region }}/bottlerocket-admin:v0.9.3"; -const NEW_ADMIN_CTR_TEMPLATE: &str = - "{{ ecr-prefix settings.aws.region }}/bottlerocket-admin:v0.9.4"; - -/// We bumped the version of the default admin container -fn run() -> Result<()> { - migrate(ReplaceTemplateMigration { - setting: "settings.host-containers.admin.source", - old_template: OLD_ADMIN_CTR_TEMPLATE, - new_template: NEW_ADMIN_CTR_TEMPLATE, - }) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.12.0/aws-control-container-v0-7-0/Cargo.toml b/sources/api/migration/migrations/archived/v1.12.0/aws-control-container-v0-7-0/Cargo.toml deleted file mode 100644 index 86d17de77..000000000 --- a/sources/api/migration/migrations/archived/v1.12.0/aws-control-container-v0-7-0/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "aws-control-container-v0-7-0" -version = "0.1.0" -authors = ["Patrick J.P. Culp "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.12.0/aws-control-container-v0-7-0/src/main.rs b/sources/api/migration/migrations/archived/v1.12.0/aws-control-container-v0-7-0/src/main.rs deleted file mode 100644 index 11371bfe5..000000000 --- a/sources/api/migration/migrations/archived/v1.12.0/aws-control-container-v0-7-0/src/main.rs +++ /dev/null @@ -1,27 +0,0 @@ -use migration_helpers::common_migrations::ReplaceTemplateMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -const OLD_CONTROL_CTR_TEMPLATE: &str = - "{{ ecr-prefix settings.aws.region }}/bottlerocket-control:v0.6.4"; -const NEW_CONTROL_CTR_TEMPLATE: &str = - "{{ ecr-prefix settings.aws.region }}/bottlerocket-control:v0.7.0"; - -/// We bumped the version of the default control container -fn run() -> Result<()> { - migrate(ReplaceTemplateMigration { - setting: "settings.host-containers.control.source", - old_template: OLD_CONTROL_CTR_TEMPLATE, - new_template: NEW_CONTROL_CTR_TEMPLATE, - }) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.12.0/k8s-private-pki-path/Cargo.toml b/sources/api/migration/migrations/archived/v1.12.0/k8s-private-pki-path/Cargo.toml deleted file mode 100644 index 323c47f9c..000000000 --- a/sources/api/migration/migrations/archived/v1.12.0/k8s-private-pki-path/Cargo.toml +++ /dev/null @@ -1,13 +0,0 @@ -[package] -name = "k8s-private-pki-path" -version = "0.1.0" -authors = ["Sean McGinnis "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} -serde_json = "1.0" diff --git a/sources/api/migration/migrations/archived/v1.12.0/k8s-private-pki-path/src/main.rs b/sources/api/migration/migrations/archived/v1.12.0/k8s-private-pki-path/src/main.rs deleted file mode 100644 index 95cb218b4..000000000 --- a/sources/api/migration/migrations/archived/v1.12.0/k8s-private-pki-path/src/main.rs +++ /dev/null @@ -1,79 +0,0 @@ -use migration_helpers::{migrate, Migration, MigrationData, Result}; -use std::process; - -const SETTING: &str = "configuration-files.kubelet-server-key.path"; -const OLD_VALUE: &str = "/etc/kubernetes/pki/kubelet-server.key"; -const NEW_VALUE: &str = "/etc/kubernetes/pki/private/kubelet-server.key"; - -/// We moved the render output location for the kubelet PKI private key to be in a restricted -/// subdirectory. We need to update this output path in the stored configuration so updated nodes -/// pick up the change. -fn run() -> Result<()> { - migrate(KubeletServerKey {}) -} - -pub struct KubeletServerKey {} - -impl KubeletServerKey { - fn migrate(&mut self, mut input: MigrationData, action: &'static str) -> Result { - let old_value; - let new_value; - if action == "upgrade" { - old_value = OLD_VALUE; - new_value = NEW_VALUE; - } else { - // Downgrade: everything old is new again - old_value = NEW_VALUE; - new_value = OLD_VALUE; - } - - if let Some(data) = input.data.get_mut(SETTING) { - match data { - serde_json::Value::String(current_value) => { - if current_value == old_value { - *data = new_value.into(); - println!( - "Changed '{}' from {:?} to {:?} on {}", - SETTING, old_value, new_value, action - ); - } else { - println!( - "'{}' is already set to {:?}, leaving alone", - SETTING, new_value - ); - } - } - _ => { - println!( - "'{}' is set to non-string value '{}'; KubeletServerKey only handles strings", - SETTING, data - ); - } - } - } else { - println!("Found no setting '{}'", SETTING); - } - - Ok(input) - } -} - -impl Migration for KubeletServerKey { - fn forward(&mut self, input: MigrationData) -> Result { - self.migrate(input, "upgrade") - } - - fn backward(&mut self, input: MigrationData) -> Result { - self.migrate(input, "downgrade") - } -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.12.0/oci-defaults-setting-metadata/Cargo.toml b/sources/api/migration/migrations/archived/v1.12.0/oci-defaults-setting-metadata/Cargo.toml deleted file mode 100644 index 599c2daa8..000000000 --- a/sources/api/migration/migrations/archived/v1.12.0/oci-defaults-setting-metadata/Cargo.toml +++ /dev/null @@ -1,15 +0,0 @@ -[package] -name = "oci-defaults-setting-metadata" -version = "0.1.0" -edition = "2021" -authors = ["Mahdi Chaker "] -license = "Apache-2.0 OR MIT" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} - -[build-dependencies] -bottlerocket-variant = { version = "0.1", path = "../../../../../bottlerocket-variant" } diff --git a/sources/api/migration/migrations/archived/v1.12.0/oci-defaults-setting-metadata/build.rs b/sources/api/migration/migrations/archived/v1.12.0/oci-defaults-setting-metadata/build.rs deleted file mode 100644 index 51d16cf1b..000000000 --- a/sources/api/migration/migrations/archived/v1.12.0/oci-defaults-setting-metadata/build.rs +++ /dev/null @@ -1,6 +0,0 @@ -use bottlerocket_variant::Variant; - -fn main() { - let variant = Variant::from_env().unwrap(); - variant.emit_cfgs(); -} diff --git a/sources/api/migration/migrations/archived/v1.12.0/oci-defaults-setting-metadata/src/main.rs b/sources/api/migration/migrations/archived/v1.12.0/oci-defaults-setting-metadata/src/main.rs deleted file mode 100644 index c9974ed8c..000000000 --- a/sources/api/migration/migrations/archived/v1.12.0/oci-defaults-setting-metadata/src/main.rs +++ /dev/null @@ -1,29 +0,0 @@ -use migration_helpers::common_migrations::{AddMetadataMigration, NoOpMigration, SettingMetadata}; -use migration_helpers::{migrate, Result}; -use std::process; - -/// We updated the 'affected-services' list metadata for 'settings.oci-defaults' -/// to include itself and containerd on upgrade, and to remove those values on -/// downgrade, depending on the running variant. -fn run() -> Result<()> { - if cfg!(variant_runtime = "k8s") { - migrate(AddMetadataMigration(&[SettingMetadata { - metadata: &["affected-services"], - setting: "settings.oci-defaults", - }]))? - } else { - migrate(NoOpMigration)?; - } - - Ok(()) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.12.0/oci-defaults-setting/Cargo.toml b/sources/api/migration/migrations/archived/v1.12.0/oci-defaults-setting/Cargo.toml deleted file mode 100644 index 9b8c5e5c0..000000000 --- a/sources/api/migration/migrations/archived/v1.12.0/oci-defaults-setting/Cargo.toml +++ /dev/null @@ -1,15 +0,0 @@ -[package] -name = "oci-defaults-setting" -version = "0.1.0" -edition = "2021" -authors = ["Mahdi Chaker "] -license = "Apache-2.0 OR MIT" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} - -[build-dependencies] -bottlerocket-variant = { version = "0.1", path = "../../../../../bottlerocket-variant" } diff --git a/sources/api/migration/migrations/archived/v1.12.0/oci-defaults-setting/build.rs b/sources/api/migration/migrations/archived/v1.12.0/oci-defaults-setting/build.rs deleted file mode 100644 index 51d16cf1b..000000000 --- a/sources/api/migration/migrations/archived/v1.12.0/oci-defaults-setting/build.rs +++ /dev/null @@ -1,6 +0,0 @@ -use bottlerocket_variant::Variant; - -fn main() { - let variant = Variant::from_env().unwrap(); - variant.emit_cfgs(); -} diff --git a/sources/api/migration/migrations/archived/v1.12.0/oci-defaults-setting/src/main.rs b/sources/api/migration/migrations/archived/v1.12.0/oci-defaults-setting/src/main.rs deleted file mode 100644 index c27c66df7..000000000 --- a/sources/api/migration/migrations/archived/v1.12.0/oci-defaults-setting/src/main.rs +++ /dev/null @@ -1,31 +0,0 @@ -use migration_helpers::common_migrations::{AddPrefixesMigration, NoOpMigration}; -use migration_helpers::{migrate, Result}; -use std::process; - -/// We added new settings for configuring the default OCI runtime spec, -/// `settings.oci-defaults`, which will initially contain -/// `settings.oci-defaults.capabilities` and -/// `settings.oci-defaults.resource-limits` -fn run() -> Result<()> { - if cfg!(variant_runtime = "k8s") { - migrate(AddPrefixesMigration(vec![ - "settings.oci-defaults", - "services.oci-defaults", - "configuration-files.oci-defaults", - ]))? - } else { - migrate(NoOpMigration)?; - } - - Ok(()) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.12.0/public-admin-container-v0-9-4/Cargo.toml b/sources/api/migration/migrations/archived/v1.12.0/public-admin-container-v0-9-4/Cargo.toml deleted file mode 100644 index 113175a4c..000000000 --- a/sources/api/migration/migrations/archived/v1.12.0/public-admin-container-v0-9-4/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "public-admin-container-v0-9-4" -version = "0.1.0" -authors = ["Patrick J.P. Culp "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.12.0/public-admin-container-v0-9-4/src/main.rs b/sources/api/migration/migrations/archived/v1.12.0/public-admin-container-v0-9-4/src/main.rs deleted file mode 100644 index 0cab19c4f..000000000 --- a/sources/api/migration/migrations/archived/v1.12.0/public-admin-container-v0-9-4/src/main.rs +++ /dev/null @@ -1,25 +0,0 @@ -use migration_helpers::common_migrations::ReplaceStringMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -const OLD_ADMIN_CTR_SOURCE_VAL: &str = "public.ecr.aws/bottlerocket/bottlerocket-admin:v0.9.3"; -const NEW_ADMIN_CTR_SOURCE_VAL: &str = "public.ecr.aws/bottlerocket/bottlerocket-admin:v0.9.4"; - -/// We bumped the version of the default admin container -fn run() -> Result<()> { - migrate(ReplaceStringMigration { - setting: "settings.host-containers.admin.source", - old_val: OLD_ADMIN_CTR_SOURCE_VAL, - new_val: NEW_ADMIN_CTR_SOURCE_VAL, - }) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.12.0/public-control-container-v0-7-0/Cargo.toml b/sources/api/migration/migrations/archived/v1.12.0/public-control-container-v0-7-0/Cargo.toml deleted file mode 100644 index 8e009361c..000000000 --- a/sources/api/migration/migrations/archived/v1.12.0/public-control-container-v0-7-0/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "public-control-container-v0-7-0" -version = "0.1.0" -authors = ["Patrick J.P. Culp "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.12.0/public-control-container-v0-7-0/src/main.rs b/sources/api/migration/migrations/archived/v1.12.0/public-control-container-v0-7-0/src/main.rs deleted file mode 100644 index 825f78a70..000000000 --- a/sources/api/migration/migrations/archived/v1.12.0/public-control-container-v0-7-0/src/main.rs +++ /dev/null @@ -1,25 +0,0 @@ -use migration_helpers::common_migrations::ReplaceStringMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -const OLD_CONTROL_CTR_SOURCE_VAL: &str = "public.ecr.aws/bottlerocket/bottlerocket-control:v0.6.4"; -const NEW_CONTROL_CTR_SOURCE_VAL: &str = "public.ecr.aws/bottlerocket/bottlerocket-control:v0.7.0"; - -/// We bumped the version of the default control container -fn run() -> Result<()> { - migrate(ReplaceStringMigration { - setting: "settings.host-containers.control.source", - old_val: OLD_CONTROL_CTR_SOURCE_VAL, - new_val: NEW_CONTROL_CTR_SOURCE_VAL, - }) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.13.0/aws-admin-container-v0-10-0/Cargo.toml b/sources/api/migration/migrations/archived/v1.13.0/aws-admin-container-v0-10-0/Cargo.toml deleted file mode 100644 index 687b23ec4..000000000 --- a/sources/api/migration/migrations/archived/v1.13.0/aws-admin-container-v0-10-0/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "aws-admin-container-v0-10-0" -version = "0.1.0" -authors = ["Markus Boehme "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.13.0/aws-admin-container-v0-10-0/src/main.rs b/sources/api/migration/migrations/archived/v1.13.0/aws-admin-container-v0-10-0/src/main.rs deleted file mode 100644 index 36afdf33e..000000000 --- a/sources/api/migration/migrations/archived/v1.13.0/aws-admin-container-v0-10-0/src/main.rs +++ /dev/null @@ -1,27 +0,0 @@ -use migration_helpers::common_migrations::ReplaceTemplateMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -const OLD_ADMIN_CTR_TEMPLATE: &str = - "{{ ecr-prefix settings.aws.region }}/bottlerocket-admin:v0.9.4"; -const NEW_ADMIN_CTR_TEMPLATE: &str = - "{{ ecr-prefix settings.aws.region }}/bottlerocket-admin:v0.10.0"; - -/// We bumped the version of the default admin container -fn run() -> Result<()> { - migrate(ReplaceTemplateMigration { - setting: "settings.host-containers.admin.source", - old_template: OLD_ADMIN_CTR_TEMPLATE, - new_template: NEW_ADMIN_CTR_TEMPLATE, - }) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.13.0/aws-control-container-v0-7-1/Cargo.toml b/sources/api/migration/migrations/archived/v1.13.0/aws-control-container-v0-7-1/Cargo.toml deleted file mode 100644 index b8c30e4fd..000000000 --- a/sources/api/migration/migrations/archived/v1.13.0/aws-control-container-v0-7-1/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "aws-control-container-v0-7-1" -version = "0.1.0" -authors = ["Markus Boehme "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.13.0/aws-control-container-v0-7-1/src/main.rs b/sources/api/migration/migrations/archived/v1.13.0/aws-control-container-v0-7-1/src/main.rs deleted file mode 100644 index 8f9760dda..000000000 --- a/sources/api/migration/migrations/archived/v1.13.0/aws-control-container-v0-7-1/src/main.rs +++ /dev/null @@ -1,27 +0,0 @@ -use migration_helpers::common_migrations::ReplaceTemplateMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -const OLD_CONTROL_CTR_TEMPLATE: &str = - "{{ ecr-prefix settings.aws.region }}/bottlerocket-control:v0.7.0"; -const NEW_CONTROL_CTR_TEMPLATE: &str = - "{{ ecr-prefix settings.aws.region }}/bottlerocket-control:v0.7.1"; - -/// We bumped the version of the default control container -fn run() -> Result<()> { - migrate(ReplaceTemplateMigration { - setting: "settings.host-containers.control.source", - old_template: OLD_CONTROL_CTR_TEMPLATE, - new_template: NEW_CONTROL_CTR_TEMPLATE, - }) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.13.0/k8s-registry/Cargo.toml b/sources/api/migration/migrations/archived/v1.13.0/k8s-registry/Cargo.toml deleted file mode 100644 index 8494d9cbd..000000000 --- a/sources/api/migration/migrations/archived/v1.13.0/k8s-registry/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "k8s-registry" -version = "0.1.0" -authors = ["John McBride "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.13.0/k8s-registry/src/main.rs b/sources/api/migration/migrations/archived/v1.13.0/k8s-registry/src/main.rs deleted file mode 100644 index 40f5be33b..000000000 --- a/sources/api/migration/migrations/archived/v1.13.0/k8s-registry/src/main.rs +++ /dev/null @@ -1,29 +0,0 @@ -use migration_helpers::common_migrations::ReplaceStringMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -const OLD_K8S_PAUSE_IMAGE: &str = "k8s.gcr.io/pause:3.2"; -const NEW_K8S_PAUSE_IMAGE: &str = "public.ecr.aws/eks-distro/kubernetes/pause:3.3"; - -// The `k8s.gcr.io` registry, as of April 2023 will be frozen and -// images will no longer be pushed to that registry. -// For further details: https://kubernetes.io/blog/2023/02/06/k8s-gcr-io-freeze-announcement/ -// -// In this migration, we move pause container image references from `k8s.gcr.io` to `public.ecr.aws/eks-distro/kubernetes/` -fn run() -> Result<()> { - migrate(ReplaceStringMigration { - setting: "settings.kubernetes.pod-infra-container-image", - old_val: OLD_K8S_PAUSE_IMAGE, - new_val: NEW_K8S_PAUSE_IMAGE, - }) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.13.0/public-admin-container-v0-10-0/Cargo.toml b/sources/api/migration/migrations/archived/v1.13.0/public-admin-container-v0-10-0/Cargo.toml deleted file mode 100644 index dbfd4d356..000000000 --- a/sources/api/migration/migrations/archived/v1.13.0/public-admin-container-v0-10-0/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "public-admin-container-v0-10-0" -version = "0.1.0" -authors = ["Markus Boehme "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.13.0/public-admin-container-v0-10-0/src/main.rs b/sources/api/migration/migrations/archived/v1.13.0/public-admin-container-v0-10-0/src/main.rs deleted file mode 100644 index 6813b80a6..000000000 --- a/sources/api/migration/migrations/archived/v1.13.0/public-admin-container-v0-10-0/src/main.rs +++ /dev/null @@ -1,25 +0,0 @@ -use migration_helpers::common_migrations::ReplaceStringMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -const OLD_ADMIN_CTR_SOURCE_VAL: &str = "public.ecr.aws/bottlerocket/bottlerocket-admin:v0.9.4"; -const NEW_ADMIN_CTR_SOURCE_VAL: &str = "public.ecr.aws/bottlerocket/bottlerocket-admin:v0.10.0"; - -/// We bumped the version of the default admin container -fn run() -> Result<()> { - migrate(ReplaceStringMigration { - setting: "settings.host-containers.admin.source", - old_val: OLD_ADMIN_CTR_SOURCE_VAL, - new_val: NEW_ADMIN_CTR_SOURCE_VAL, - }) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.13.0/public-control-container-v0-7-1/Cargo.toml b/sources/api/migration/migrations/archived/v1.13.0/public-control-container-v0-7-1/Cargo.toml deleted file mode 100644 index 1ee4a2bfd..000000000 --- a/sources/api/migration/migrations/archived/v1.13.0/public-control-container-v0-7-1/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "public-control-container-v0-7-1" -version = "0.1.0" -authors = ["Markus Boehme "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.13.0/public-control-container-v0-7-1/src/main.rs b/sources/api/migration/migrations/archived/v1.13.0/public-control-container-v0-7-1/src/main.rs deleted file mode 100644 index 1ca865c68..000000000 --- a/sources/api/migration/migrations/archived/v1.13.0/public-control-container-v0-7-1/src/main.rs +++ /dev/null @@ -1,25 +0,0 @@ -use migration_helpers::common_migrations::ReplaceStringMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -const OLD_CONTROL_CTR_SOURCE_VAL: &str = "public.ecr.aws/bottlerocket/bottlerocket-control:v0.7.0"; -const NEW_CONTROL_CTR_SOURCE_VAL: &str = "public.ecr.aws/bottlerocket/bottlerocket-control:v0.7.1"; - -/// We bumped the version of the default control container -fn run() -> Result<()> { - migrate(ReplaceStringMigration { - setting: "settings.host-containers.control.source", - old_val: OLD_CONTROL_CTR_SOURCE_VAL, - new_val: NEW_CONTROL_CTR_SOURCE_VAL, - }) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.13.1/aws-profile-cred-provider/Cargo.toml b/sources/api/migration/migrations/archived/v1.13.1/aws-profile-cred-provider/Cargo.toml deleted file mode 100644 index 2d8d93046..000000000 --- a/sources/api/migration/migrations/archived/v1.13.1/aws-profile-cred-provider/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "aws-profile-cred-provider" -version = "0.1.0" -authors = ["Sean McGinnis "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.13.1/aws-profile-cred-provider/src/main.rs b/sources/api/migration/migrations/archived/v1.13.1/aws-profile-cred-provider/src/main.rs deleted file mode 100644 index eea8b2db4..000000000 --- a/sources/api/migration/migrations/archived/v1.13.1/aws-profile-cred-provider/src/main.rs +++ /dev/null @@ -1,21 +0,0 @@ -use migration_helpers::common_migrations::{AddMetadataMigration, SettingMetadata}; -use migration_helpers::{migrate, Result}; -use std::process; - -/// We added `affected-services` metadata for `aws.profile` -fn run() -> Result<()> { - migrate(AddMetadataMigration(&[SettingMetadata { - metadata: &["affected-services"], - setting: "settings.aws.profile", - }])) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.13.3/aws-k8s-provider-id-gen/Cargo.toml b/sources/api/migration/migrations/archived/v1.13.3/aws-k8s-provider-id-gen/Cargo.toml deleted file mode 100644 index 39d27dcaa..000000000 --- a/sources/api/migration/migrations/archived/v1.13.3/aws-k8s-provider-id-gen/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "aws-k8s-provider-id-gen" -version = "0.1.0" -authors = ["Erikson Tung "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.13.3/aws-k8s-provider-id-gen/src/main.rs b/sources/api/migration/migrations/archived/v1.13.3/aws-k8s-provider-id-gen/src/main.rs deleted file mode 100644 index f101118fd..000000000 --- a/sources/api/migration/migrations/archived/v1.13.3/aws-k8s-provider-id-gen/src/main.rs +++ /dev/null @@ -1,21 +0,0 @@ -use migration_helpers::common_migrations::{AddMetadataMigration, SettingMetadata}; -use migration_helpers::{migrate, Result}; -use std::process; - -/// We added a new `setting-generator` metadata for `kubernetes.provider-id` -fn run() -> Result<()> { - migrate(AddMetadataMigration(&[SettingMetadata { - metadata: &["setting-generator"], - setting: "settings.kubernetes.provider-id", - }])) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.13.4/add-hostname-override-metadata/Cargo.toml b/sources/api/migration/migrations/archived/v1.13.4/add-hostname-override-metadata/Cargo.toml deleted file mode 100644 index 6d07a5657..000000000 --- a/sources/api/migration/migrations/archived/v1.13.4/add-hostname-override-metadata/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "add-hostname-override-metadata" -version = "0.1.0" -authors = ["Erikson Tung "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.13.4/add-hostname-override-metadata/src/main.rs b/sources/api/migration/migrations/archived/v1.13.4/add-hostname-override-metadata/src/main.rs deleted file mode 100644 index 6ac1ec964..000000000 --- a/sources/api/migration/migrations/archived/v1.13.4/add-hostname-override-metadata/src/main.rs +++ /dev/null @@ -1,21 +0,0 @@ -use migration_helpers::common_migrations::{AddMetadataMigration, SettingMetadata}; -use migration_helpers::{migrate, Result}; -use std::process; - -/// We added the `setting-generator` metadata for `kubernetes.hostname-override` -fn run() -> Result<()> { - migrate(AddMetadataMigration(&[SettingMetadata { - metadata: &["setting-generator"], - setting: "settings.kubernetes.hostname-override", - }])) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.13.4/add-hostname-override/Cargo.toml b/sources/api/migration/migrations/archived/v1.13.4/add-hostname-override/Cargo.toml deleted file mode 100644 index e37c13798..000000000 --- a/sources/api/migration/migrations/archived/v1.13.4/add-hostname-override/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "add-hostname-override" -version = "0.1.0" -authors = ["Erikson Tung "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.13.4/add-hostname-override/src/main.rs b/sources/api/migration/migrations/archived/v1.13.4/add-hostname-override/src/main.rs deleted file mode 100644 index a5affb7e3..000000000 --- a/sources/api/migration/migrations/archived/v1.13.4/add-hostname-override/src/main.rs +++ /dev/null @@ -1,20 +0,0 @@ -use migration_helpers::common_migrations::AddSettingsMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -/// We added a new setting for specifying the '--hostname-override' kubelet option for kubernetes variants -fn run() -> Result<()> { - migrate(AddSettingsMigration(&[ - "settings.kubernetes.hostname-override", - ])) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.14.0/aws-admin-container-v0-10-1/Cargo.toml b/sources/api/migration/migrations/archived/v1.14.0/aws-admin-container-v0-10-1/Cargo.toml deleted file mode 100644 index 966ae125a..000000000 --- a/sources/api/migration/migrations/archived/v1.14.0/aws-admin-container-v0-10-1/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "aws-admin-container-v0-10-1" -version = "0.1.0" -authors = ["Markus Boehme "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.14.0/aws-admin-container-v0-10-1/src/main.rs b/sources/api/migration/migrations/archived/v1.14.0/aws-admin-container-v0-10-1/src/main.rs deleted file mode 100644 index fb888fb02..000000000 --- a/sources/api/migration/migrations/archived/v1.14.0/aws-admin-container-v0-10-1/src/main.rs +++ /dev/null @@ -1,27 +0,0 @@ -use migration_helpers::common_migrations::ReplaceTemplateMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -const OLD_ADMIN_CTR_TEMPLATE: &str = - "{{ ecr-prefix settings.aws.region }}/bottlerocket-admin:v0.10.0"; -const NEW_ADMIN_CTR_TEMPLATE: &str = - "{{ ecr-prefix settings.aws.region }}/bottlerocket-admin:v0.10.1"; - -/// We bumped the version of the default admin container -fn run() -> Result<()> { - migrate(ReplaceTemplateMigration { - setting: "settings.host-containers.admin.source", - old_template: OLD_ADMIN_CTR_TEMPLATE, - new_template: NEW_ADMIN_CTR_TEMPLATE, - }) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.14.0/aws-control-container-v0-7-2/Cargo.toml b/sources/api/migration/migrations/archived/v1.14.0/aws-control-container-v0-7-2/Cargo.toml deleted file mode 100644 index 5536e107e..000000000 --- a/sources/api/migration/migrations/archived/v1.14.0/aws-control-container-v0-7-2/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "aws-control-container-v0-7-2" -version = "0.1.0" -authors = ["Markus Boehme "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.14.0/aws-control-container-v0-7-2/src/main.rs b/sources/api/migration/migrations/archived/v1.14.0/aws-control-container-v0-7-2/src/main.rs deleted file mode 100644 index 90a1b207a..000000000 --- a/sources/api/migration/migrations/archived/v1.14.0/aws-control-container-v0-7-2/src/main.rs +++ /dev/null @@ -1,27 +0,0 @@ -use migration_helpers::common_migrations::ReplaceTemplateMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -const OLD_CONTROL_CTR_TEMPLATE: &str = - "{{ ecr-prefix settings.aws.region }}/bottlerocket-control:v0.7.1"; -const NEW_CONTROL_CTR_TEMPLATE: &str = - "{{ ecr-prefix settings.aws.region }}/bottlerocket-control:v0.7.2"; - -/// We bumped the version of the default control container -fn run() -> Result<()> { - migrate(ReplaceTemplateMigration { - setting: "settings.host-containers.control.source", - old_template: OLD_CONTROL_CTR_TEMPLATE, - new_template: NEW_CONTROL_CTR_TEMPLATE, - }) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.14.0/k8s-services-mode/Cargo.toml b/sources/api/migration/migrations/archived/v1.14.0/k8s-services-mode/Cargo.toml deleted file mode 100644 index 6edec9e6e..000000000 --- a/sources/api/migration/migrations/archived/v1.14.0/k8s-services-mode/Cargo.toml +++ /dev/null @@ -1,13 +0,0 @@ -[package] -name = "k8s-services-mode" -version = "0.1.0" -authors = ["Sean McGinnis "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} -serde_json = "1.0" diff --git a/sources/api/migration/migrations/archived/v1.14.0/k8s-services-mode/src/main.rs b/sources/api/migration/migrations/archived/v1.14.0/k8s-services-mode/src/main.rs deleted file mode 100644 index dc8b29b38..000000000 --- a/sources/api/migration/migrations/archived/v1.14.0/k8s-services-mode/src/main.rs +++ /dev/null @@ -1,24 +0,0 @@ -use migration_helpers::{common_migrations::AddSettingsMigration, migrate, Result}; -use std::process; - -/// Mode settings were added for a handful of the templated kubelet configuration files. -fn run() -> Result<()> { - migrate(AddSettingsMigration(&[ - "configuration-files.kubelet-config.mode", - "configuration-files.kubelet-kubeconfig.mode", - "configuration-files.kubelet-bootstrap-kubeconfig.mode", - "configuration-files.kubelet-exec-start-conf.mode", - "configuration-files.credential-provider-config-yaml.mode", - "configuration-files.kubernetes-ca-crt.mode", - ])) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.14.0/kubelet-config-settings/Cargo.toml b/sources/api/migration/migrations/archived/v1.14.0/kubelet-config-settings/Cargo.toml deleted file mode 100644 index c36f52779..000000000 --- a/sources/api/migration/migrations/archived/v1.14.0/kubelet-config-settings/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "kubelet-config-settings" -version = "0.1.0" -authors = ["Sean McGinnis "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.14.0/kubelet-config-settings/src/main.rs b/sources/api/migration/migrations/archived/v1.14.0/kubelet-config-settings/src/main.rs deleted file mode 100644 index 1cc0e0f93..000000000 --- a/sources/api/migration/migrations/archived/v1.14.0/kubelet-config-settings/src/main.rs +++ /dev/null @@ -1,26 +0,0 @@ -use migration_helpers::{common_migrations::AddSettingsMigration, migrate, Result}; -use std::process; - -/// Additional `settings.kubernetes` options for this release. -fn run() -> Result<()> { - migrate(AddSettingsMigration(&[ - "settings.kubernetes.cpu-manager-policy-options", - "settings.kubernetes.cpu-cfs-quota-enforced", - "settings.kubernetes.shutdown-grace-period", - "settings.kubernetes.shutdown-grace-period-for-critical-pods", - "settings.kubernetes.eviction-soft", - "settings.kubernetes.eviction-soft-grace-period", - "settings.kubernetes.eviction-max-pod-grace-period", - "settings.kubernetes.memory-manager-policy", - ])) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.14.0/kubelet-prefix-config-settings/Cargo.toml b/sources/api/migration/migrations/archived/v1.14.0/kubelet-prefix-config-settings/Cargo.toml deleted file mode 100644 index 663338626..000000000 --- a/sources/api/migration/migrations/archived/v1.14.0/kubelet-prefix-config-settings/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "kubelet-prefix-config-settings" -version = "0.1.0" -authors = ["Sean McGinnis "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.14.0/kubelet-prefix-config-settings/src/main.rs b/sources/api/migration/migrations/archived/v1.14.0/kubelet-prefix-config-settings/src/main.rs deleted file mode 100644 index 1e83c2b5a..000000000 --- a/sources/api/migration/migrations/archived/v1.14.0/kubelet-prefix-config-settings/src/main.rs +++ /dev/null @@ -1,19 +0,0 @@ -use migration_helpers::{common_migrations::AddPrefixesMigration, migrate, Result}; -use std::process; - -/// Additional `settings.kubernetes` options for this release. -fn run() -> Result<()> { - migrate(AddPrefixesMigration(vec![ - "settings.kubernetes.memory-manager-reserved-memory", - ])) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.14.0/kubernetes-gc-percent-type-change/Cargo.toml b/sources/api/migration/migrations/archived/v1.14.0/kubernetes-gc-percent-type-change/Cargo.toml deleted file mode 100644 index 5d1f87d76..000000000 --- a/sources/api/migration/migrations/archived/v1.14.0/kubernetes-gc-percent-type-change/Cargo.toml +++ /dev/null @@ -1,13 +0,0 @@ -[package] -name = "kubernetes-gc-percent-type-change" -version = "0.1.0" -authors = ["Matt Briggs "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} -serde_json = "1" diff --git a/sources/api/migration/migrations/archived/v1.14.0/kubernetes-gc-percent-type-change/src/main.rs b/sources/api/migration/migrations/archived/v1.14.0/kubernetes-gc-percent-type-change/src/main.rs deleted file mode 100644 index 2df3c3c7b..000000000 --- a/sources/api/migration/migrations/archived/v1.14.0/kubernetes-gc-percent-type-change/src/main.rs +++ /dev/null @@ -1,54 +0,0 @@ -use migration_helpers::{migrate, Migration, MigrationData, Result}; -use serde_json::Value; -use std::process; - -const GC_HIGH_SETTING: &str = "settings.kubernetes.image-gc-high-threshold-percent"; -const GC_LOW_SETTING: &str = "settings.kubernetes.image-gc-low-threshold-percent"; - -/// We changed these settings so that they can be specified as numbers. Previously they could only -/// be specified as strings, which was confusing since they are numeric. On upgrade we don't need -/// to do anything because a valid string representation will still be accepted. On downgrade, we -/// need to check if the values are represented as numbers, and if so, convert them to strings. -pub struct ChangeK8sGcPercentType; - -fn convert_to_string(value: &mut Value) { - let s = if let Value::Number(n) = value { - n.to_string() - } else { - return; - }; - *value = Value::String(s); -} - -impl Migration for ChangeK8sGcPercentType { - /// On upgrade there is nothing to do (see above). - fn forward(&mut self, input: MigrationData) -> Result { - Ok(input) - } - - /// On downgrade, if the value is a number, we need to convert it to a string (see above). - fn backward(&mut self, mut input: MigrationData) -> Result { - if let Some(v) = input.data.get_mut(GC_HIGH_SETTING) { - convert_to_string(v); - } - if let Some(v) = input.data.get_mut(GC_LOW_SETTING) { - convert_to_string(v); - } - Ok(input) - } -} - -/// We made changes to `image-gc-low-threshold-percent` and `image-gc-high-threshold-percent`. -fn run() -> Result<()> { - migrate(ChangeK8sGcPercentType) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.14.0/public-admin-container-v0-10-1/Cargo.toml b/sources/api/migration/migrations/archived/v1.14.0/public-admin-container-v0-10-1/Cargo.toml deleted file mode 100644 index 294321018..000000000 --- a/sources/api/migration/migrations/archived/v1.14.0/public-admin-container-v0-10-1/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "public-admin-container-v0-10-1" -version = "0.1.0" -authors = ["Markus Boehme "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.14.0/public-admin-container-v0-10-1/src/main.rs b/sources/api/migration/migrations/archived/v1.14.0/public-admin-container-v0-10-1/src/main.rs deleted file mode 100644 index 6b432d7f9..000000000 --- a/sources/api/migration/migrations/archived/v1.14.0/public-admin-container-v0-10-1/src/main.rs +++ /dev/null @@ -1,25 +0,0 @@ -use migration_helpers::common_migrations::ReplaceStringMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -const OLD_ADMIN_CTR_SOURCE_VAL: &str = "public.ecr.aws/bottlerocket/bottlerocket-admin:v0.10.0"; -const NEW_ADMIN_CTR_SOURCE_VAL: &str = "public.ecr.aws/bottlerocket/bottlerocket-admin:v0.10.1"; - -/// We bumped the version of the default admin container -fn run() -> Result<()> { - migrate(ReplaceStringMigration { - setting: "settings.host-containers.admin.source", - old_val: OLD_ADMIN_CTR_SOURCE_VAL, - new_val: NEW_ADMIN_CTR_SOURCE_VAL, - }) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.14.0/public-control-container-v0-7-2/Cargo.toml b/sources/api/migration/migrations/archived/v1.14.0/public-control-container-v0-7-2/Cargo.toml deleted file mode 100644 index 9c3d1dacb..000000000 --- a/sources/api/migration/migrations/archived/v1.14.0/public-control-container-v0-7-2/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "public-control-container-v0-7-2" -version = "0.1.0" -authors = ["Markus Boehme "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.14.0/public-control-container-v0-7-2/src/main.rs b/sources/api/migration/migrations/archived/v1.14.0/public-control-container-v0-7-2/src/main.rs deleted file mode 100644 index e72e92f74..000000000 --- a/sources/api/migration/migrations/archived/v1.14.0/public-control-container-v0-7-2/src/main.rs +++ /dev/null @@ -1,25 +0,0 @@ -use migration_helpers::common_migrations::ReplaceStringMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -const OLD_CONTROL_CTR_SOURCE_VAL: &str = "public.ecr.aws/bottlerocket/bottlerocket-control:v0.7.1"; -const NEW_CONTROL_CTR_SOURCE_VAL: &str = "public.ecr.aws/bottlerocket/bottlerocket-control:v0.7.2"; - -/// We bumped the version of the default control container -fn run() -> Result<()> { - migrate(ReplaceStringMigration { - setting: "settings.host-containers.control.source", - old_val: OLD_CONTROL_CTR_SOURCE_VAL, - new_val: NEW_CONTROL_CTR_SOURCE_VAL, - }) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.14.2/ecs-images-cleanup/Cargo.toml b/sources/api/migration/migrations/archived/v1.14.2/ecs-images-cleanup/Cargo.toml deleted file mode 100644 index 13eaa84dd..000000000 --- a/sources/api/migration/migrations/archived/v1.14.2/ecs-images-cleanup/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "ecs-images-cleanup" -version = "0.1.0" -edition = "2018" -authors = ["Arnaldo Garcia Rincon "] -license = "Apache-2.0 OR MIT" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.14.2/ecs-images-cleanup/src/main.rs b/sources/api/migration/migrations/archived/v1.14.2/ecs-images-cleanup/src/main.rs deleted file mode 100644 index 5ee8ce7e4..000000000 --- a/sources/api/migration/migrations/archived/v1.14.2/ecs-images-cleanup/src/main.rs +++ /dev/null @@ -1,23 +0,0 @@ -use migration_helpers::common_migrations::AddSettingsMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -/// We added additional configurations for the ECS agent -fn run() -> Result<()> { - migrate(AddSettingsMigration(&[ - "settings.ecs.image-cleanup-wait", - "settings.ecs.image-cleanup-delete-per-cycle", - "settings.ecs.image-cleanup-enabled", - "settings.ecs.image-cleanup-age", - ])) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.14.3/aws-admin-container-v0-10-2/Cargo.toml b/sources/api/migration/migrations/archived/v1.14.3/aws-admin-container-v0-10-2/Cargo.toml deleted file mode 100644 index 5a6a76d9a..000000000 --- a/sources/api/migration/migrations/archived/v1.14.3/aws-admin-container-v0-10-2/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "aws-admin-container-v0-10-2" -version = "0.1.0" -authors = ["Markus Boehme "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.14.3/aws-admin-container-v0-10-2/src/main.rs b/sources/api/migration/migrations/archived/v1.14.3/aws-admin-container-v0-10-2/src/main.rs deleted file mode 100644 index 948dcb68c..000000000 --- a/sources/api/migration/migrations/archived/v1.14.3/aws-admin-container-v0-10-2/src/main.rs +++ /dev/null @@ -1,27 +0,0 @@ -use migration_helpers::common_migrations::ReplaceTemplateMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -const OLD_ADMIN_CTR_TEMPLATE: &str = - "{{ ecr-prefix settings.aws.region }}/bottlerocket-admin:v0.10.1"; -const NEW_ADMIN_CTR_TEMPLATE: &str = - "{{ ecr-prefix settings.aws.region }}/bottlerocket-admin:v0.10.2"; - -/// We bumped the version of the default admin container -fn run() -> Result<()> { - migrate(ReplaceTemplateMigration { - setting: "settings.host-containers.admin.source", - old_template: OLD_ADMIN_CTR_TEMPLATE, - new_template: NEW_ADMIN_CTR_TEMPLATE, - }) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.14.3/aws-control-container-v0-7-3/Cargo.toml b/sources/api/migration/migrations/archived/v1.14.3/aws-control-container-v0-7-3/Cargo.toml deleted file mode 100644 index 29b768fcd..000000000 --- a/sources/api/migration/migrations/archived/v1.14.3/aws-control-container-v0-7-3/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "aws-control-container-v0-7-3" -version = "0.1.0" -authors = ["Markus Boehme "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.14.3/aws-control-container-v0-7-3/src/main.rs b/sources/api/migration/migrations/archived/v1.14.3/aws-control-container-v0-7-3/src/main.rs deleted file mode 100644 index 0483cb51c..000000000 --- a/sources/api/migration/migrations/archived/v1.14.3/aws-control-container-v0-7-3/src/main.rs +++ /dev/null @@ -1,27 +0,0 @@ -use migration_helpers::common_migrations::ReplaceTemplateMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -const OLD_CONTROL_CTR_TEMPLATE: &str = - "{{ ecr-prefix settings.aws.region }}/bottlerocket-control:v0.7.2"; -const NEW_CONTROL_CTR_TEMPLATE: &str = - "{{ ecr-prefix settings.aws.region }}/bottlerocket-control:v0.7.3"; - -/// We bumped the version of the default control container -fn run() -> Result<()> { - migrate(ReplaceTemplateMigration { - setting: "settings.host-containers.control.source", - old_template: OLD_CONTROL_CTR_TEMPLATE, - new_template: NEW_CONTROL_CTR_TEMPLATE, - }) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.14.3/public-admin-container-v0-10-2/Cargo.toml b/sources/api/migration/migrations/archived/v1.14.3/public-admin-container-v0-10-2/Cargo.toml deleted file mode 100644 index 2b05b86cd..000000000 --- a/sources/api/migration/migrations/archived/v1.14.3/public-admin-container-v0-10-2/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "public-admin-container-v0-10-2" -version = "0.1.0" -authors = ["Markus Boehme "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.14.3/public-admin-container-v0-10-2/src/main.rs b/sources/api/migration/migrations/archived/v1.14.3/public-admin-container-v0-10-2/src/main.rs deleted file mode 100644 index c3ef332e0..000000000 --- a/sources/api/migration/migrations/archived/v1.14.3/public-admin-container-v0-10-2/src/main.rs +++ /dev/null @@ -1,25 +0,0 @@ -use migration_helpers::common_migrations::ReplaceStringMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -const OLD_ADMIN_CTR_SOURCE_VAL: &str = "public.ecr.aws/bottlerocket/bottlerocket-admin:v0.10.1"; -const NEW_ADMIN_CTR_SOURCE_VAL: &str = "public.ecr.aws/bottlerocket/bottlerocket-admin:v0.10.2"; - -/// We bumped the version of the default admin container -fn run() -> Result<()> { - migrate(ReplaceStringMigration { - setting: "settings.host-containers.admin.source", - old_val: OLD_ADMIN_CTR_SOURCE_VAL, - new_val: NEW_ADMIN_CTR_SOURCE_VAL, - }) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.14.3/public-control-container-v0-7-3/Cargo.toml b/sources/api/migration/migrations/archived/v1.14.3/public-control-container-v0-7-3/Cargo.toml deleted file mode 100644 index 59d6818ab..000000000 --- a/sources/api/migration/migrations/archived/v1.14.3/public-control-container-v0-7-3/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "public-control-container-v0-7-3" -version = "0.1.0" -authors = ["Markus Boehme "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.14.3/public-control-container-v0-7-3/src/main.rs b/sources/api/migration/migrations/archived/v1.14.3/public-control-container-v0-7-3/src/main.rs deleted file mode 100644 index 260653be8..000000000 --- a/sources/api/migration/migrations/archived/v1.14.3/public-control-container-v0-7-3/src/main.rs +++ /dev/null @@ -1,25 +0,0 @@ -use migration_helpers::common_migrations::ReplaceStringMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -const OLD_CONTROL_CTR_SOURCE_VAL: &str = "public.ecr.aws/bottlerocket/bottlerocket-control:v0.7.2"; -const NEW_CONTROL_CTR_SOURCE_VAL: &str = "public.ecr.aws/bottlerocket/bottlerocket-control:v0.7.3"; - -/// We bumped the version of the default control container -fn run() -> Result<()> { - migrate(ReplaceStringMigration { - setting: "settings.host-containers.control.source", - old_val: OLD_CONTROL_CTR_SOURCE_VAL, - new_val: NEW_CONTROL_CTR_SOURCE_VAL, - }) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.15.0/aws-admin-container-v0-11-0/Cargo.toml b/sources/api/migration/migrations/archived/v1.15.0/aws-admin-container-v0-11-0/Cargo.toml deleted file mode 100644 index bc3a3f493..000000000 --- a/sources/api/migration/migrations/archived/v1.15.0/aws-admin-container-v0-11-0/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "aws-admin-container-v0-11-0" -version = "0.1.0" -authors = ["Zac Mrowicki "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.15.0/aws-admin-container-v0-11-0/src/main.rs b/sources/api/migration/migrations/archived/v1.15.0/aws-admin-container-v0-11-0/src/main.rs deleted file mode 100644 index 702de37a2..000000000 --- a/sources/api/migration/migrations/archived/v1.15.0/aws-admin-container-v0-11-0/src/main.rs +++ /dev/null @@ -1,28 +0,0 @@ -#![allow(deprecated)] -use migration_helpers::common_migrations::ReplaceTemplateMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -const OLD_ADMIN_CTR_TEMPLATE: &str = - "{{ ecr-prefix settings.aws.region }}/bottlerocket-admin:v0.10.2"; -const NEW_ADMIN_CTR_TEMPLATE: &str = - "{{ ecr-prefix settings.aws.region }}/bottlerocket-admin:v0.11.0"; - -/// We bumped the version of the default admin container -fn run() -> Result<()> { - migrate(ReplaceTemplateMigration { - setting: "settings.host-containers.admin.source", - old_template: OLD_ADMIN_CTR_TEMPLATE, - new_template: NEW_ADMIN_CTR_TEMPLATE, - }) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.15.0/aws-control-container-v0-7-4/Cargo.toml b/sources/api/migration/migrations/archived/v1.15.0/aws-control-container-v0-7-4/Cargo.toml deleted file mode 100644 index ab2a9e982..000000000 --- a/sources/api/migration/migrations/archived/v1.15.0/aws-control-container-v0-7-4/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "aws-control-container-v0-7-4" -version = "0.1.0" -authors = ["Zac Mrowicki "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.15.0/aws-control-container-v0-7-4/src/main.rs b/sources/api/migration/migrations/archived/v1.15.0/aws-control-container-v0-7-4/src/main.rs deleted file mode 100644 index 881f4b4c3..000000000 --- a/sources/api/migration/migrations/archived/v1.15.0/aws-control-container-v0-7-4/src/main.rs +++ /dev/null @@ -1,28 +0,0 @@ -#![allow(deprecated)] -use migration_helpers::common_migrations::ReplaceTemplateMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -const OLD_CONTROL_CTR_TEMPLATE: &str = - "{{ ecr-prefix settings.aws.region }}/bottlerocket-control:v0.7.3"; -const NEW_CONTROL_CTR_TEMPLATE: &str = - "{{ ecr-prefix settings.aws.region }}/bottlerocket-control:v0.7.4"; - -/// We bumped the version of the default control container -fn run() -> Result<()> { - migrate(ReplaceTemplateMigration { - setting: "settings.host-containers.control.source", - old_template: OLD_CONTROL_CTR_TEMPLATE, - new_template: NEW_CONTROL_CTR_TEMPLATE, - }) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.15.0/deprecate-log4j-hotpatch-enabled/Cargo.toml b/sources/api/migration/migrations/archived/v1.15.0/deprecate-log4j-hotpatch-enabled/Cargo.toml deleted file mode 100644 index 9f9e9d6bb..000000000 --- a/sources/api/migration/migrations/archived/v1.15.0/deprecate-log4j-hotpatch-enabled/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "deprecate-log4j-hotpatch-enabled" -version = "0.1.0" -edition = "2021" -authors = ["Arnaldo Garcia Rincon "] -license = "Apache-2.0 OR MIT" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.15.0/deprecate-log4j-hotpatch-enabled/src/main.rs b/sources/api/migration/migrations/archived/v1.15.0/deprecate-log4j-hotpatch-enabled/src/main.rs deleted file mode 100644 index d25c84c89..000000000 --- a/sources/api/migration/migrations/archived/v1.15.0/deprecate-log4j-hotpatch-enabled/src/main.rs +++ /dev/null @@ -1,22 +0,0 @@ -use migration_helpers::common_migrations::AddPrefixesMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -/// We added a new service to log a warning to the journal when log4j-hotpatch-enabled -/// is true -fn run() -> Result<()> { - migrate(AddPrefixesMigration(vec![ - "services.log4j-hotpatch-enabled", - "configuration-files.log4j-hotpatch-enabled-log-message", - ])) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.15.0/log4j-hotpatch-enabled-metadata/Cargo.toml b/sources/api/migration/migrations/archived/v1.15.0/log4j-hotpatch-enabled-metadata/Cargo.toml deleted file mode 100644 index acd091c62..000000000 --- a/sources/api/migration/migrations/archived/v1.15.0/log4j-hotpatch-enabled-metadata/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "log4j-hotpatch-enabled-metadata" -version = "0.1.0" -edition = "2021" -authors = ["Arnaldo Garcia Rincon "] -license = "Apache-2.0 OR MIT" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.15.0/log4j-hotpatch-enabled-metadata/src/main.rs b/sources/api/migration/migrations/archived/v1.15.0/log4j-hotpatch-enabled-metadata/src/main.rs deleted file mode 100644 index 379ee2db0..000000000 --- a/sources/api/migration/migrations/archived/v1.15.0/log4j-hotpatch-enabled-metadata/src/main.rs +++ /dev/null @@ -1,23 +0,0 @@ -use migration_helpers::common_migrations::{AddMetadataMigration, SettingMetadata}; -use migration_helpers::{migrate, Result}; -use std::process; - -/// We added a new service to print a warning when log4j-hotpatch-enabled is true. -fn run() -> Result<()> { - migrate(AddMetadataMigration(&[SettingMetadata { - metadata: &["affected-services"], - setting: "settings.oci-hooks.log4j-hotpatch-enabled", - }]))?; - - Ok(()) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.15.0/oci-defaults-docker-setting-metadata/Cargo.toml b/sources/api/migration/migrations/archived/v1.15.0/oci-defaults-docker-setting-metadata/Cargo.toml deleted file mode 100644 index bcbe9ef11..000000000 --- a/sources/api/migration/migrations/archived/v1.15.0/oci-defaults-docker-setting-metadata/Cargo.toml +++ /dev/null @@ -1,15 +0,0 @@ -[package] -name = "oci-defaults-docker-setting-metadata" -version = "0.1.0" -edition = "2021" -authors = ["Shikha Vyaghra "] -license = "Apache-2.0 OR MIT" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} - -[build-dependencies] -bottlerocket-variant = { version = "0.1", path = "../../../../../bottlerocket-variant" } diff --git a/sources/api/migration/migrations/archived/v1.15.0/oci-defaults-docker-setting-metadata/build.rs b/sources/api/migration/migrations/archived/v1.15.0/oci-defaults-docker-setting-metadata/build.rs deleted file mode 100644 index 51d16cf1b..000000000 --- a/sources/api/migration/migrations/archived/v1.15.0/oci-defaults-docker-setting-metadata/build.rs +++ /dev/null @@ -1,6 +0,0 @@ -use bottlerocket_variant::Variant; - -fn main() { - let variant = Variant::from_env().unwrap(); - variant.emit_cfgs(); -} diff --git a/sources/api/migration/migrations/archived/v1.15.0/oci-defaults-docker-setting-metadata/src/main.rs b/sources/api/migration/migrations/archived/v1.15.0/oci-defaults-docker-setting-metadata/src/main.rs deleted file mode 100644 index 4531430df..000000000 --- a/sources/api/migration/migrations/archived/v1.15.0/oci-defaults-docker-setting-metadata/src/main.rs +++ /dev/null @@ -1,29 +0,0 @@ -use migration_helpers::common_migrations::{AddMetadataMigration, NoOpMigration, SettingMetadata}; -use migration_helpers::{migrate, Result}; -use std::process; - -/// We updated the 'affected-services' list metadata for 'settings.oci-defaults' -/// to include itself and containerd on upgrade, and to remove those values on -/// downgrade, depending on the running variant. -fn run() -> Result<()> { - if cfg!(variant_runtime = "ecs") { - migrate(AddMetadataMigration(&[SettingMetadata { - metadata: &["affected-services"], - setting: "settings.oci-defaults", - }]))? - } else { - migrate(NoOpMigration)?; - } - - Ok(()) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.15.0/oci-defaults-docker-setting/Cargo.toml b/sources/api/migration/migrations/archived/v1.15.0/oci-defaults-docker-setting/Cargo.toml deleted file mode 100644 index 22456d413..000000000 --- a/sources/api/migration/migrations/archived/v1.15.0/oci-defaults-docker-setting/Cargo.toml +++ /dev/null @@ -1,15 +0,0 @@ -[package] -name = "oci-defaults-docker-setting" -version = "0.1.0" -edition = "2021" -authors = ["Shikha Vyaghra "] -license = "Apache-2.0 OR MIT" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} - -[build-dependencies] -bottlerocket-variant = { version = "0.1", path = "../../../../../bottlerocket-variant" } diff --git a/sources/api/migration/migrations/archived/v1.15.0/oci-defaults-docker-setting/build.rs b/sources/api/migration/migrations/archived/v1.15.0/oci-defaults-docker-setting/build.rs deleted file mode 100644 index 51d16cf1b..000000000 --- a/sources/api/migration/migrations/archived/v1.15.0/oci-defaults-docker-setting/build.rs +++ /dev/null @@ -1,6 +0,0 @@ -use bottlerocket_variant::Variant; - -fn main() { - let variant = Variant::from_env().unwrap(); - variant.emit_cfgs(); -} diff --git a/sources/api/migration/migrations/archived/v1.15.0/oci-defaults-docker-setting/src/main.rs b/sources/api/migration/migrations/archived/v1.15.0/oci-defaults-docker-setting/src/main.rs deleted file mode 100644 index 6cb6d624a..000000000 --- a/sources/api/migration/migrations/archived/v1.15.0/oci-defaults-docker-setting/src/main.rs +++ /dev/null @@ -1,31 +0,0 @@ -use migration_helpers::common_migrations::{AddPrefixesMigration, NoOpMigration}; -use migration_helpers::{migrate, Result}; -use std::process; - -/// We added new settings for configuring the default OCI runtime spec for ECS, -/// `settings.oci-defaults`, which will initially contain -/// `settings.oci-defaults.capabilities` and -/// `settings.oci-defaults.resource-limits` -fn run() -> Result<()> { - if cfg!(variant_runtime = "ecs") { - migrate(AddPrefixesMigration(vec![ - "settings.oci-defaults", - "services.oci-defaults", - "configuration-files.oci-defaults", - ]))? - } else { - migrate(NoOpMigration)?; - } - - Ok(()) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.15.0/oci-defaults-max-open-files/Cargo.toml b/sources/api/migration/migrations/archived/v1.15.0/oci-defaults-max-open-files/Cargo.toml deleted file mode 100644 index b7e3d1d22..000000000 --- a/sources/api/migration/migrations/archived/v1.15.0/oci-defaults-max-open-files/Cargo.toml +++ /dev/null @@ -1,16 +0,0 @@ -[package] -name = "oci-defaults-max-open-files" -version = "0.1.0" -edition = "2021" -authors = ["Shikha Vyaghra "] -license = "Apache-2.0 OR MIT" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} -serde_json = "1" - -[build-dependencies] -bottlerocket-variant = { version = "0.1", path = "../../../../../bottlerocket-variant" } diff --git a/sources/api/migration/migrations/archived/v1.15.0/oci-defaults-max-open-files/build.rs b/sources/api/migration/migrations/archived/v1.15.0/oci-defaults-max-open-files/build.rs deleted file mode 100644 index 51d16cf1b..000000000 --- a/sources/api/migration/migrations/archived/v1.15.0/oci-defaults-max-open-files/build.rs +++ /dev/null @@ -1,6 +0,0 @@ -use bottlerocket_variant::Variant; - -fn main() { - let variant = Variant::from_env().unwrap(); - variant.emit_cfgs(); -} diff --git a/sources/api/migration/migrations/archived/v1.15.0/oci-defaults-max-open-files/src/main.rs b/sources/api/migration/migrations/archived/v1.15.0/oci-defaults-max-open-files/src/main.rs deleted file mode 100644 index b9055287d..000000000 --- a/sources/api/migration/migrations/archived/v1.15.0/oci-defaults-max-open-files/src/main.rs +++ /dev/null @@ -1,68 +0,0 @@ -use migration_helpers::common_migrations::NoOpMigration; -use migration_helpers::{migrate, Migration, MigrationData, Result}; -use serde_json::Value; -use std::process; - -const HARD_RESOURCE_LIMIT_SETTING_NAME: &str = - "settings.oci-defaults.resource-limits.max-open-files.hard-limit"; -const SOFT_RESOURCE_LIMIT_SETTING_NAME: &str = - "settings.oci-defaults.resource-limits.max-open-files.soft-limit"; - -/// This migration changes the hard and soft limit for rlimit_nofile to u32 from i64 on downgrade. -/// There is no need of migration on upgrade as u32 will automatically change to i64 -pub struct ChangeMaxOpenFileResourceLimitType; - -fn convert_to_u32(value: &mut Value) { - if !value.is_i64() { - return; - } - let v: i64 = serde_json::from_value(value.clone()).unwrap(); - let s = match v { - -1 => u32::MAX, - v if v > u32::MAX as i64 => u32::MAX, - _ => v as u32, - }; - - *value = Value::Number(s.into()); -} - -impl Migration for ChangeMaxOpenFileResourceLimitType { - /// On upgrade there is nothing to do (see above). - fn forward(&mut self, input: MigrationData) -> Result { - Ok(input) - } - - /// On downgrade, if the value is an i64 integer, we need to convert it to a u32. - /// - /// Note that this potentially causes data loss, if current value of the setting - /// is -1 or higher than u_32::MAX we will set it to max possible value i.e. u32::MAX. - fn backward(&mut self, mut input: MigrationData) -> Result { - if let Some(v) = input.data.get_mut(HARD_RESOURCE_LIMIT_SETTING_NAME) { - convert_to_u32(v); - } - if let Some(v) = input.data.get_mut(SOFT_RESOURCE_LIMIT_SETTING_NAME) { - convert_to_u32(v); - } - Ok(input) - } -} - -fn run() -> Result<()> { - if cfg!(variant_runtime = "k8s") { - migrate(ChangeMaxOpenFileResourceLimitType)? - } else { - migrate(NoOpMigration)?; - } - - Ok(()) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.15.0/oci-defaults-resource-setting/Cargo.toml b/sources/api/migration/migrations/archived/v1.15.0/oci-defaults-resource-setting/Cargo.toml deleted file mode 100644 index adfaf23e1..000000000 --- a/sources/api/migration/migrations/archived/v1.15.0/oci-defaults-resource-setting/Cargo.toml +++ /dev/null @@ -1,15 +0,0 @@ -[package] -name = "oci-defaults-resource-setting" -version = "0.1.0" -edition = "2021" -authors = ["Shikha Vyaghra "] -license = "Apache-2.0 OR MIT" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} - -[build-dependencies] -bottlerocket-variant = { version = "0.1", path = "../../../../../bottlerocket-variant" } diff --git a/sources/api/migration/migrations/archived/v1.15.0/oci-defaults-resource-setting/build.rs b/sources/api/migration/migrations/archived/v1.15.0/oci-defaults-resource-setting/build.rs deleted file mode 100644 index 51d16cf1b..000000000 --- a/sources/api/migration/migrations/archived/v1.15.0/oci-defaults-resource-setting/build.rs +++ /dev/null @@ -1,6 +0,0 @@ -use bottlerocket_variant::Variant; - -fn main() { - let variant = Variant::from_env().unwrap(); - variant.emit_cfgs(); -} diff --git a/sources/api/migration/migrations/archived/v1.15.0/oci-defaults-resource-setting/src/main.rs b/sources/api/migration/migrations/archived/v1.15.0/oci-defaults-resource-setting/src/main.rs deleted file mode 100644 index b036f3a85..000000000 --- a/sources/api/migration/migrations/archived/v1.15.0/oci-defaults-resource-setting/src/main.rs +++ /dev/null @@ -1,40 +0,0 @@ -use migration_helpers::common_migrations::{AddPrefixesMigration, NoOpMigration}; -use migration_helpers::{migrate, Result}; -use std::process; - -/// We added new resource limit settings for configuring the default OCI runtime spec. -fn run() -> Result<()> { - if cfg!(variant_runtime = "k8s") { - migrate(AddPrefixesMigration(vec![ - "settings.oci-defaults.resource-limits.max-address-space", - "settings.oci-defaults.resource-limits.max-core-file-size", - "settings.oci-defaults.resource-limits.max-cpu-time", - "settings.oci-defaults.resource-limits.max-data-size", - "settings.oci-defaults.resource-limits.max-file-locks", - "settings.oci-defaults.resource-limits.max-file-size", - "settings.oci-defaults.resource-limits.max-locked-memory", - "settings.oci-defaults.resource-limits.max-msgqueue-size", - "settings.oci-defaults.resource-limits.max-nice-priority", - "settings.oci-defaults.resource-limits.max-pending-signals", - "settings.oci-defaults.resource-limits.max-processes", - "settings.oci-defaults.resource-limits.max-realtime-priority", - "settings.oci-defaults.resource-limits.max-realtime-timeout", - "settings.oci-defaults.resource-limits.max-resident-set", - "settings.oci-defaults.resource-limits.max-stack-size", - ]))? - } else { - migrate(NoOpMigration)?; - } - - Ok(()) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.15.0/public-admin-container-v0-11-0/Cargo.toml b/sources/api/migration/migrations/archived/v1.15.0/public-admin-container-v0-11-0/Cargo.toml deleted file mode 100644 index a27ac1930..000000000 --- a/sources/api/migration/migrations/archived/v1.15.0/public-admin-container-v0-11-0/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "public-admin-container-v0-11-0" -version = "0.1.0" -authors = ["Zac Mrowicki "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.15.0/public-admin-container-v0-11-0/src/main.rs b/sources/api/migration/migrations/archived/v1.15.0/public-admin-container-v0-11-0/src/main.rs deleted file mode 100644 index beb681dad..000000000 --- a/sources/api/migration/migrations/archived/v1.15.0/public-admin-container-v0-11-0/src/main.rs +++ /dev/null @@ -1,25 +0,0 @@ -use migration_helpers::common_migrations::ReplaceStringMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -const OLD_ADMIN_CTR_SOURCE_VAL: &str = "public.ecr.aws/bottlerocket/bottlerocket-admin:v0.10.2"; -const NEW_ADMIN_CTR_SOURCE_VAL: &str = "public.ecr.aws/bottlerocket/bottlerocket-admin:v0.11.0"; - -/// We bumped the version of the default admin container -fn run() -> Result<()> { - migrate(ReplaceStringMigration { - setting: "settings.host-containers.admin.source", - old_val: OLD_ADMIN_CTR_SOURCE_VAL, - new_val: NEW_ADMIN_CTR_SOURCE_VAL, - }) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.15.0/public-control-container-v0-7-4/Cargo.toml b/sources/api/migration/migrations/archived/v1.15.0/public-control-container-v0-7-4/Cargo.toml deleted file mode 100644 index b124832f7..000000000 --- a/sources/api/migration/migrations/archived/v1.15.0/public-control-container-v0-7-4/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "public-control-container-v0-7-4" -version = "0.1.0" -authors = ["Zac Mrowicki "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.15.0/public-control-container-v0-7-4/src/main.rs b/sources/api/migration/migrations/archived/v1.15.0/public-control-container-v0-7-4/src/main.rs deleted file mode 100644 index 6aa6e0ae1..000000000 --- a/sources/api/migration/migrations/archived/v1.15.0/public-control-container-v0-7-4/src/main.rs +++ /dev/null @@ -1,25 +0,0 @@ -use migration_helpers::common_migrations::ReplaceStringMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -const OLD_CONTROL_CTR_SOURCE_VAL: &str = "public.ecr.aws/bottlerocket/bottlerocket-control:v0.7.3"; -const NEW_CONTROL_CTR_SOURCE_VAL: &str = "public.ecr.aws/bottlerocket/bottlerocket-control:v0.7.4"; - -/// We bumped the version of the default control container -fn run() -> Result<()> { - migrate(ReplaceStringMigration { - setting: "settings.host-containers.control.source", - old_val: OLD_CONTROL_CTR_SOURCE_VAL, - new_val: NEW_CONTROL_CTR_SOURCE_VAL, - }) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.15.0/seccomp-default-setting/Cargo.toml b/sources/api/migration/migrations/archived/v1.15.0/seccomp-default-setting/Cargo.toml deleted file mode 100644 index 51b8d9c49..000000000 --- a/sources/api/migration/migrations/archived/v1.15.0/seccomp-default-setting/Cargo.toml +++ /dev/null @@ -1,13 +0,0 @@ -[package] -name = "seccomp-default-setting" -version = "0.1.0" -edition = "2021" -authors = ["Cartrius Phipps "] -license = "Apache-2.0 OR MIT" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} - diff --git a/sources/api/migration/migrations/archived/v1.15.0/seccomp-default-setting/src/main.rs b/sources/api/migration/migrations/archived/v1.15.0/seccomp-default-setting/src/main.rs deleted file mode 100644 index b26ee9c94..000000000 --- a/sources/api/migration/migrations/archived/v1.15.0/seccomp-default-setting/src/main.rs +++ /dev/null @@ -1,20 +0,0 @@ -use migration_helpers::common_migrations::AddSettingsMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -/// We added a new setting to expose the ability to toggle the SeccompDefault setting. -fn run() -> Result<()> { - migrate(AddSettingsMigration(&[ - "settings.kubernetes.seccomp-default", - ])) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.16.0/aws-admin-container-v0-11-1/Cargo.toml b/sources/api/migration/migrations/archived/v1.16.0/aws-admin-container-v0-11-1/Cargo.toml deleted file mode 100644 index b6cb4ab6a..000000000 --- a/sources/api/migration/migrations/archived/v1.16.0/aws-admin-container-v0-11-1/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "aws-admin-container-v0-11-1" -version = "0.1.0" -authors = ["Sean P. Kelly "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.16.0/aws-admin-container-v0-11-1/src/main.rs b/sources/api/migration/migrations/archived/v1.16.0/aws-admin-container-v0-11-1/src/main.rs deleted file mode 100644 index ba0454aa0..000000000 --- a/sources/api/migration/migrations/archived/v1.16.0/aws-admin-container-v0-11-1/src/main.rs +++ /dev/null @@ -1,28 +0,0 @@ -#![allow(deprecated)] -use migration_helpers::common_migrations::ReplaceTemplateMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -const OLD_ADMIN_CTR_TEMPLATE: &str = - "{{ ecr-prefix settings.aws.region }}/bottlerocket-admin:v0.11.0"; -const NEW_ADMIN_CTR_TEMPLATE: &str = - "{{ ecr-prefix settings.aws.region }}/bottlerocket-admin:v0.11.1"; - -/// We bumped the version of the default admin container -fn run() -> Result<()> { - migrate(ReplaceTemplateMigration { - setting: "settings.host-containers.admin.source", - old_template: OLD_ADMIN_CTR_TEMPLATE, - new_template: NEW_ADMIN_CTR_TEMPLATE, - }) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.16.0/aws-control-container-v0-7-5/Cargo.toml b/sources/api/migration/migrations/archived/v1.16.0/aws-control-container-v0-7-5/Cargo.toml deleted file mode 100644 index b148eaff0..000000000 --- a/sources/api/migration/migrations/archived/v1.16.0/aws-control-container-v0-7-5/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "aws-control-container-v0-7-5" -version = "0.1.0" -authors = ["Sean P. Kelly "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.16.0/aws-control-container-v0-7-5/src/main.rs b/sources/api/migration/migrations/archived/v1.16.0/aws-control-container-v0-7-5/src/main.rs deleted file mode 100644 index 50cd084bb..000000000 --- a/sources/api/migration/migrations/archived/v1.16.0/aws-control-container-v0-7-5/src/main.rs +++ /dev/null @@ -1,28 +0,0 @@ -#![allow(deprecated)] -use migration_helpers::common_migrations::ReplaceTemplateMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -const OLD_CONTROL_CTR_TEMPLATE: &str = - "{{ ecr-prefix settings.aws.region }}/bottlerocket-control:v0.7.4"; -const NEW_CONTROL_CTR_TEMPLATE: &str = - "{{ ecr-prefix settings.aws.region }}/bottlerocket-control:v0.7.5"; - -/// We bumped the version of the default control container -fn run() -> Result<()> { - migrate(ReplaceTemplateMigration { - setting: "settings.host-containers.control.source", - old_template: OLD_CONTROL_CTR_TEMPLATE, - new_template: NEW_CONTROL_CTR_TEMPLATE, - }) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.16.0/kernel-modules-autoload-configs/Cargo.toml b/sources/api/migration/migrations/archived/v1.16.0/kernel-modules-autoload-configs/Cargo.toml deleted file mode 100644 index cb6ad2c18..000000000 --- a/sources/api/migration/migrations/archived/v1.16.0/kernel-modules-autoload-configs/Cargo.toml +++ /dev/null @@ -1,15 +0,0 @@ -[package] -name = "kernel-modules-autoload-configs" -version = "0.1.0" -authors = ["Leonard Foerster "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html - -[dependencies] -migration-helpers = { path = "../../../migration-helpers/", version = "0.1.0" } -serde_json = "1" diff --git a/sources/api/migration/migrations/archived/v1.16.0/kernel-modules-autoload-configs/src/main.rs b/sources/api/migration/migrations/archived/v1.16.0/kernel-modules-autoload-configs/src/main.rs deleted file mode 100644 index 3be5090a0..000000000 --- a/sources/api/migration/migrations/archived/v1.16.0/kernel-modules-autoload-configs/src/main.rs +++ /dev/null @@ -1,23 +0,0 @@ -use migration_helpers::common_migrations::AddPrefixesMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -/// We added new settings under `settings.kernel.modules` for configuring -/// /etc/modules-load.d/modules-load.conf. The actual autoload settings are -/// migrated separately in kernel-modules-autoload-settings migration as they -/// require a custom migration implementation. -fn run() -> Result<()> { - migrate(AddPrefixesMigration(vec![ - "configuration-files.modules-load", - ])) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.16.0/kernel-modules-autoload-files/Cargo.toml b/sources/api/migration/migrations/archived/v1.16.0/kernel-modules-autoload-files/Cargo.toml deleted file mode 100644 index 8f2124a85..000000000 --- a/sources/api/migration/migrations/archived/v1.16.0/kernel-modules-autoload-files/Cargo.toml +++ /dev/null @@ -1,15 +0,0 @@ -[package] -name = "kernel-modules-autoload-files" -version = "0.1.0" -authors = ["Leonard Foerster "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html - -[dependencies] -migration-helpers = { path = "../../../migration-helpers/", version = "0.1.0" } -serde_json = "1" diff --git a/sources/api/migration/migrations/archived/v1.16.0/kernel-modules-autoload-files/src/main.rs b/sources/api/migration/migrations/archived/v1.16.0/kernel-modules-autoload-files/src/main.rs deleted file mode 100644 index 389700799..000000000 --- a/sources/api/migration/migrations/archived/v1.16.0/kernel-modules-autoload-files/src/main.rs +++ /dev/null @@ -1,23 +0,0 @@ -use migration_helpers::common_migrations::{ListReplacement, ReplaceListsMigration}; -use migration_helpers::{migrate, Result}; -use std::process; - -/// We added a config file to the configuration-files list for services.kernel-modules -/// to facilitate module autoload. This needs to be restored to prior values on downgrade. -fn run() -> Result<()> { - migrate(ReplaceListsMigration(vec![ListReplacement { - setting: "services.kernel-modules.configuration-files", - old_vals: &["modprobe-conf"], - new_vals: &["modprobe-conf", "modules-load"], - }])) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.16.0/kernel-modules-autoload-restart/Cargo.toml b/sources/api/migration/migrations/archived/v1.16.0/kernel-modules-autoload-restart/Cargo.toml deleted file mode 100644 index 02a78c659..000000000 --- a/sources/api/migration/migrations/archived/v1.16.0/kernel-modules-autoload-restart/Cargo.toml +++ /dev/null @@ -1,15 +0,0 @@ -[package] -name = "kernel-modules-autoload-restart" -version = "0.1.0" -authors = ["Leonard Foerster "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html - -[dependencies] -migration-helpers = { path = "../../../migration-helpers/", version = "0.1.0" } -serde_json = "1" diff --git a/sources/api/migration/migrations/archived/v1.16.0/kernel-modules-autoload-restart/src/main.rs b/sources/api/migration/migrations/archived/v1.16.0/kernel-modules-autoload-restart/src/main.rs deleted file mode 100644 index 55290bc00..000000000 --- a/sources/api/migration/migrations/archived/v1.16.0/kernel-modules-autoload-restart/src/main.rs +++ /dev/null @@ -1,23 +0,0 @@ -use migration_helpers::common_migrations::{ListReplacement, ReplaceListsMigration}; -use migration_helpers::{migrate, Result}; -use std::process; - -/// We added a new `autoload` setting to `settings.kernel.modules`, which needs -/// re restart of `systemd-modules-load.services`. -fn run() -> Result<()> { - migrate(ReplaceListsMigration(vec![ListReplacement { - setting: "services.kernel-modules.restart-commands", - old_vals: &[], - new_vals: &["/usr/bin/systemctl try-restart systemd-modules-load"], - }])) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.16.0/kernel-modules-autoload-settings/Cargo.toml b/sources/api/migration/migrations/archived/v1.16.0/kernel-modules-autoload-settings/Cargo.toml deleted file mode 100644 index 442b9ebaa..000000000 --- a/sources/api/migration/migrations/archived/v1.16.0/kernel-modules-autoload-settings/Cargo.toml +++ /dev/null @@ -1,14 +0,0 @@ -[package] -name = "kernel-modules-autoload-settings" -version = "0.1.0" -authors = ["Leonard Foerster "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html - -[dependencies] -migration-helpers = { path = "../../../migration-helpers/", version = "0.1.0" } diff --git a/sources/api/migration/migrations/archived/v1.16.0/kernel-modules-autoload-settings/src/main.rs b/sources/api/migration/migrations/archived/v1.16.0/kernel-modules-autoload-settings/src/main.rs deleted file mode 100644 index 58c77918a..000000000 --- a/sources/api/migration/migrations/archived/v1.16.0/kernel-modules-autoload-settings/src/main.rs +++ /dev/null @@ -1,53 +0,0 @@ -use migration_helpers::{migrate, Migration, MigrationData, Result}; -use std::process; - -const KMOD_AUTOLOAD_PREFIX: &str = "settings.kernel.modules"; -const KMOD_AUTOLOAD_SETTING: &str = "autoload"; - -/// We added a new autoload setting to the kernel.mudules set of tables. These tables -/// come with a variable name containing the module name. We can hence not just use -/// an `AddSettingsMigration` as these require the full name. We rather need a hybrid -/// of `AddSettingsMigration` and `AddPrefixesMigration` in order to select the correct -/// parts of these variably named tables to remove on downgrade. Similar to the common -/// forms of `Add*Migrations` we do not need to do anything on upgrade. -pub struct AddKmodAutoload; - -impl Migration for AddKmodAutoload { - /// On upgrade there is nothing to do (see above). - fn forward(&mut self, input: MigrationData) -> Result { - Ok(input) - } - - /// On downgrade, we need to find the `autoload` setting in all tables with - /// prefix `settings.kernel.modules` and remove them. - fn backward(&mut self, mut input: MigrationData) -> Result { - let settings = input - .data - .keys() - .filter(|k| k.starts_with(KMOD_AUTOLOAD_PREFIX)) - .filter(|k| k.ends_with(KMOD_AUTOLOAD_SETTING)) - .cloned() - .collect::>(); - for setting in settings { - if let Some(data) = input.data.remove(&setting) { - println!("Removed {}, which was set to '{}'", setting, data); - } - } - Ok(input) - } -} - -/// We added `settigns.kernel.modules..auotload`. -fn run() -> Result<()> { - migrate(AddKmodAutoload) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.16.0/public-admin-container-v0-11-1/Cargo.toml b/sources/api/migration/migrations/archived/v1.16.0/public-admin-container-v0-11-1/Cargo.toml deleted file mode 100644 index 6644439d1..000000000 --- a/sources/api/migration/migrations/archived/v1.16.0/public-admin-container-v0-11-1/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "public-admin-container-v0-11-1" -version = "0.1.0" -authors = ["Sean P. Kelly "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.16.0/public-admin-container-v0-11-1/src/main.rs b/sources/api/migration/migrations/archived/v1.16.0/public-admin-container-v0-11-1/src/main.rs deleted file mode 100644 index 5dce617e2..000000000 --- a/sources/api/migration/migrations/archived/v1.16.0/public-admin-container-v0-11-1/src/main.rs +++ /dev/null @@ -1,25 +0,0 @@ -use migration_helpers::common_migrations::ReplaceStringMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -const OLD_ADMIN_CTR_SOURCE_VAL: &str = "public.ecr.aws/bottlerocket/bottlerocket-admin:v0.11.0"; -const NEW_ADMIN_CTR_SOURCE_VAL: &str = "public.ecr.aws/bottlerocket/bottlerocket-admin:v0.11.1"; - -/// We bumped the version of the default admin container -fn run() -> Result<()> { - migrate(ReplaceStringMigration { - setting: "settings.host-containers.admin.source", - old_val: OLD_ADMIN_CTR_SOURCE_VAL, - new_val: NEW_ADMIN_CTR_SOURCE_VAL, - }) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.16.0/public-control-container-v0-7-5/Cargo.toml b/sources/api/migration/migrations/archived/v1.16.0/public-control-container-v0-7-5/Cargo.toml deleted file mode 100644 index 3541718b4..000000000 --- a/sources/api/migration/migrations/archived/v1.16.0/public-control-container-v0-7-5/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "public-control-container-v0-7-5" -version = "0.1.0" -authors = ["Sean P. Kelly "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.16.0/public-control-container-v0-7-5/src/main.rs b/sources/api/migration/migrations/archived/v1.16.0/public-control-container-v0-7-5/src/main.rs deleted file mode 100644 index f4be22b7d..000000000 --- a/sources/api/migration/migrations/archived/v1.16.0/public-control-container-v0-7-5/src/main.rs +++ /dev/null @@ -1,25 +0,0 @@ -use migration_helpers::common_migrations::ReplaceStringMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -const OLD_CONTROL_CTR_SOURCE_VAL: &str = "public.ecr.aws/bottlerocket/bottlerocket-control:v0.7.4"; -const NEW_CONTROL_CTR_SOURCE_VAL: &str = "public.ecr.aws/bottlerocket/bottlerocket-control:v0.7.5"; - -/// We bumped the version of the default control container -fn run() -> Result<()> { - migrate(ReplaceStringMigration { - setting: "settings.host-containers.control.source", - old_val: OLD_CONTROL_CTR_SOURCE_VAL, - new_val: NEW_CONTROL_CTR_SOURCE_VAL, - }) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.16.0/schnauzer-v2-generators/Cargo.toml b/sources/api/migration/migrations/archived/v1.16.0/schnauzer-v2-generators/Cargo.toml deleted file mode 100644 index d5d7c08b1..000000000 --- a/sources/api/migration/migrations/archived/v1.16.0/schnauzer-v2-generators/Cargo.toml +++ /dev/null @@ -1,15 +0,0 @@ -[package] -name = "schnauzer-v2-generators" -version = "0.1.0" -authors = ["Sean P. Kelly "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0" } - -[build-dependencies] -bottlerocket-variant = { version = "0.1", path = "../../../../../bottlerocket-variant" } diff --git a/sources/api/migration/migrations/archived/v1.16.0/schnauzer-v2-generators/build.rs b/sources/api/migration/migrations/archived/v1.16.0/schnauzer-v2-generators/build.rs deleted file mode 100644 index 51d16cf1b..000000000 --- a/sources/api/migration/migrations/archived/v1.16.0/schnauzer-v2-generators/build.rs +++ /dev/null @@ -1,6 +0,0 @@ -use bottlerocket_variant::Variant; - -fn main() { - let variant = Variant::from_env().unwrap(); - variant.emit_cfgs(); -} diff --git a/sources/api/migration/migrations/archived/v1.16.0/schnauzer-v2-generators/src/main.rs b/sources/api/migration/migrations/archived/v1.16.0/schnauzer-v2-generators/src/main.rs deleted file mode 100644 index 547bd277c..000000000 --- a/sources/api/migration/migrations/archived/v1.16.0/schnauzer-v2-generators/src/main.rs +++ /dev/null @@ -1,78 +0,0 @@ -use migration_helpers::common_migrations::{MetadataReplacement, ReplaceMetadataMigration}; -use migration_helpers::{migrate, Result}; -use std::process; - -fn build_metadata_migrations() -> Vec { - let mut migrations = vec![]; - - // On AWS platforms, we use regional ECR repositories. - // Elsewhere, we use ecr-public, which is global. - #[cfg(variant_platform = "aws")] - { - migrations.append(&mut vec![ - MetadataReplacement { - setting: "settings.host-containers.admin.source", - metadata: "setting-generator", - old_val: "schnauzer settings.host-containers.admin.source", - new_val: "schnauzer-v2 render --requires 'aws@v1(helpers=[ecr-prefix])' --template '{{ ecr-prefix settings.aws.region }}/bottlerocket-admin:v0.11.1'", - }, - MetadataReplacement { - setting: "settings.host-containers.control.source", - metadata: "setting-generator", - old_val: "schnauzer settings.host-containers.control.source", - new_val: "schnauzer-v2 render --requires 'aws@v1(helpers=[ecr-prefix])' --template '{{ ecr-prefix settings.aws.region }}/bottlerocket-control:v0.7.5'", - }, - MetadataReplacement { - setting: "settings.updates.metadata-base-url", - metadata: "setting-generator", - old_val: "schnauzer settings.updates.metadata-base-url", - new_val: "schnauzer-v2 render --requires 'aws@v1' --requires 'updates@v1(helpers=[metadata-prefix, tuf-prefix])' --template '{{ tuf-prefix settings.aws.region }}{{ metadata-prefix settings.aws.region }}/2020-07-07/{{ os.variant_id }}/{{ os.arch }}/'", - }, - MetadataReplacement { - setting: "settings.updates.targets-base-url", - metadata: "setting-generator", - old_val: "schnauzer settings.updates.targets-base-url", - new_val: "schnauzer-v2 render --requires 'aws@v1' --requires 'updates@v1(helpers=[tuf-prefix])' --template '{{ tuf-prefix settings.aws.region }}/targets/'", - }, - ]); - } - #[cfg(not(variant_platform = "aws"))] - { - migrations.append(&mut vec![ - MetadataReplacement { - setting: "settings.updates.metadata-base-url", - metadata: "setting-generator", - old_val: "schnauzer settings.updates.metadata-base-url", - new_val: "schnauzer-v2 render --template 'https://updates.bottlerocket.aws/2020-07-07/{{ os.variant_id }}/{{ os.arch }}/'", - }, - ]); - } - - #[cfg(variant_family = "aws-k8s")] - { - migrations.append(&mut vec![ - MetadataReplacement { - setting: "settings.kubernetes.pod-infra-container-image", - metadata: "setting-generator", - old_val: "schnauzer settings.kubernetes.pod-infra-container-image", - new_val: "schnauzer-v2 render --requires 'aws@v1' --requires 'kubernetes@v1(helpers=[pause-prefix])' --template '{{ pause-prefix settings.aws.region }}/eks/pause:3.1-eksbuild.1'", - }, - ]); - } - - migrations -} - -fn run() -> Result<()> { - migrate(ReplaceMetadataMigration(build_metadata_migrations())) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.16.1/updog-network-affected/Cargo.toml b/sources/api/migration/migrations/archived/v1.16.1/updog-network-affected/Cargo.toml deleted file mode 100644 index 8adc750ed..000000000 --- a/sources/api/migration/migrations/archived/v1.16.1/updog-network-affected/Cargo.toml +++ /dev/null @@ -1,10 +0,0 @@ -[package] -name = "updog-network-affected" -version = "0.1.0" -authors = ["Erikson Tung "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0" } diff --git a/sources/api/migration/migrations/archived/v1.16.1/updog-network-affected/src/main.rs b/sources/api/migration/migrations/archived/v1.16.1/updog-network-affected/src/main.rs deleted file mode 100644 index fdc0513ca..000000000 --- a/sources/api/migration/migrations/archived/v1.16.1/updog-network-affected/src/main.rs +++ /dev/null @@ -1,81 +0,0 @@ -use migration_helpers::common_migrations::{ - MetadataListReplacement, ReplaceMetadataListsMigration, -}; -use migration_helpers::{migrate, Result}; -use std::process; - -/// We updated the 'affected-services' list metadata for 'settings.network' to include -/// updog. The metadata list need to be restored to the prior value on downgrade and -/// updated to include updog on upgrades. -/// We're trying to match old values for different variants. -fn run() -> Result<()> { - migrate(ReplaceMetadataListsMigration(vec![ - MetadataListReplacement { - setting: "settings.network", - metadata: "affected-services", - old_vals: &["containerd", "host-containerd", "host-containers"], - new_vals: &["containerd", "host-containerd", "host-containers", "updog"], - }, - // For K8S variants - MetadataListReplacement { - setting: "settings.network", - metadata: "affected-services", - old_vals: &[ - "containerd", - "kubernetes", - "host-containerd", - "host-containers", - ], - new_vals: &[ - "containerd", - "kubernetes", - "host-containerd", - "host-containers", - "updog", - ], - }, - // For the ECS variants - MetadataListReplacement { - setting: "settings.network", - metadata: "affected-services", - old_vals: &[ - "containerd", - "docker", - "ecs", - "host-containerd", - "host-containers", - ], - new_vals: &[ - "containerd", - "docker", - "ecs", - "host-containerd", - "host-containers", - "updog", - ], - }, - // For *-dev variants - MetadataListReplacement { - setting: "settings.network", - metadata: "affected-services", - old_vals: &["containerd", "docker", "host-containerd", "host-containers"], - new_vals: &[ - "containerd", - "docker", - "host-containerd", - "host-containers", - "updog", - ], - }, - ])) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.17.0/aws-admin-container-v0-11-2/Cargo.toml b/sources/api/migration/migrations/archived/v1.17.0/aws-admin-container-v0-11-2/Cargo.toml deleted file mode 100644 index b56dcac5f..000000000 --- a/sources/api/migration/migrations/archived/v1.17.0/aws-admin-container-v0-11-2/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "aws-admin-container-v0-11-2" -version = "0.1.0" -authors = ["Patrick J.P. Culp "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.17.0/aws-admin-container-v0-11-2/src/main.rs b/sources/api/migration/migrations/archived/v1.17.0/aws-admin-container-v0-11-2/src/main.rs deleted file mode 100644 index 84fda5a76..000000000 --- a/sources/api/migration/migrations/archived/v1.17.0/aws-admin-container-v0-11-2/src/main.rs +++ /dev/null @@ -1,27 +0,0 @@ -use migration_helpers::common_migrations::ReplaceSchnauzerMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -const OLD_ADMIN_CTR_CMDLINE: &str = - "schnauzer-v2 render --requires 'aws@v1(helpers=[ecr-prefix])' --template '{{ ecr-prefix settings.aws.region }}/bottlerocket-admin:v0.11.1'"; -const NEW_ADMIN_CTR_CMDLINE: &str = - "schnauzer-v2 render --requires 'aws@v1(helpers=[ecr-prefix])' --template '{{ ecr-prefix settings.aws.region }}/bottlerocket-admin:v0.11.2'"; - -/// We bumped the version of the default admin container -fn run() -> Result<()> { - migrate(ReplaceSchnauzerMigration { - setting: "settings.host-containers.admin.source", - old_schnauzer_cmdline: OLD_ADMIN_CTR_CMDLINE, - new_schnauzer_cmdline: NEW_ADMIN_CTR_CMDLINE, - }) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.17.0/aws-control-container-v0-7-6/Cargo.toml b/sources/api/migration/migrations/archived/v1.17.0/aws-control-container-v0-7-6/Cargo.toml deleted file mode 100644 index 9fc423ba9..000000000 --- a/sources/api/migration/migrations/archived/v1.17.0/aws-control-container-v0-7-6/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "aws-control-container-v0-7-6" -version = "0.1.0" -authors = ["Patrick J.P. Culp "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.17.0/aws-control-container-v0-7-6/src/main.rs b/sources/api/migration/migrations/archived/v1.17.0/aws-control-container-v0-7-6/src/main.rs deleted file mode 100644 index f39d71370..000000000 --- a/sources/api/migration/migrations/archived/v1.17.0/aws-control-container-v0-7-6/src/main.rs +++ /dev/null @@ -1,27 +0,0 @@ -use migration_helpers::common_migrations::ReplaceSchnauzerMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -const OLD_CONTROL_CTR_CMDLINE: &str = - "schnauzer-v2 render --requires 'aws@v1(helpers=[ecr-prefix])' --template '{{ ecr-prefix settings.aws.region }}/bottlerocket-control:v0.7.5'"; -const NEW_CONTROL_CTR_CMDLINE: &str = - "schnauzer-v2 render --requires 'aws@v1(helpers=[ecr-prefix])' --template '{{ ecr-prefix settings.aws.region }}/bottlerocket-control:v0.7.6'"; - -/// We bumped the version of the default control container -fn run() -> Result<()> { - migrate(ReplaceSchnauzerMigration { - setting: "settings.host-containers.control.source", - old_schnauzer_cmdline: OLD_CONTROL_CTR_CMDLINE, - new_schnauzer_cmdline: NEW_CONTROL_CTR_CMDLINE, - }) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.17.0/public-admin-container-v0-11-2/Cargo.toml b/sources/api/migration/migrations/archived/v1.17.0/public-admin-container-v0-11-2/Cargo.toml deleted file mode 100644 index b8a533024..000000000 --- a/sources/api/migration/migrations/archived/v1.17.0/public-admin-container-v0-11-2/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "public-admin-container-v0-11-2" -version = "0.1.0" -authors = ["Patrick J.P. Culp "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.17.0/public-admin-container-v0-11-2/src/main.rs b/sources/api/migration/migrations/archived/v1.17.0/public-admin-container-v0-11-2/src/main.rs deleted file mode 100644 index f44d625d8..000000000 --- a/sources/api/migration/migrations/archived/v1.17.0/public-admin-container-v0-11-2/src/main.rs +++ /dev/null @@ -1,25 +0,0 @@ -use migration_helpers::common_migrations::ReplaceStringMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -const OLD_ADMIN_CTR_SOURCE_VAL: &str = "public.ecr.aws/bottlerocket/bottlerocket-admin:v0.11.1"; -const NEW_ADMIN_CTR_SOURCE_VAL: &str = "public.ecr.aws/bottlerocket/bottlerocket-admin:v0.11.2"; - -/// We bumped the version of the default admin container -fn run() -> Result<()> { - migrate(ReplaceStringMigration { - setting: "settings.host-containers.admin.source", - old_val: OLD_ADMIN_CTR_SOURCE_VAL, - new_val: NEW_ADMIN_CTR_SOURCE_VAL, - }) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.17.0/public-control-container-v0-7-6/Cargo.toml b/sources/api/migration/migrations/archived/v1.17.0/public-control-container-v0-7-6/Cargo.toml deleted file mode 100644 index e48cca29b..000000000 --- a/sources/api/migration/migrations/archived/v1.17.0/public-control-container-v0-7-6/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "public-control-container-v0-7-6" -version = "0.1.0" -authors = ["Patrick J.P. Culp "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.17.0/public-control-container-v0-7-6/src/main.rs b/sources/api/migration/migrations/archived/v1.17.0/public-control-container-v0-7-6/src/main.rs deleted file mode 100644 index 3b811ee7d..000000000 --- a/sources/api/migration/migrations/archived/v1.17.0/public-control-container-v0-7-6/src/main.rs +++ /dev/null @@ -1,25 +0,0 @@ -use migration_helpers::common_migrations::ReplaceStringMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -const OLD_CONTROL_CTR_SOURCE_VAL: &str = "public.ecr.aws/bottlerocket/bottlerocket-control:v0.7.5"; -const NEW_CONTROL_CTR_SOURCE_VAL: &str = "public.ecr.aws/bottlerocket/bottlerocket-control:v0.7.6"; - -/// We bumped the version of the default control container -fn run() -> Result<()> { - migrate(ReplaceStringMigration { - setting: "settings.host-containers.control.source", - old_val: OLD_CONTROL_CTR_SOURCE_VAL, - new_val: NEW_CONTROL_CTR_SOURCE_VAL, - }) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.18.0/aws-admin-container-v0-11-3/Cargo.toml b/sources/api/migration/migrations/archived/v1.18.0/aws-admin-container-v0-11-3/Cargo.toml deleted file mode 100644 index 2d484dc39..000000000 --- a/sources/api/migration/migrations/archived/v1.18.0/aws-admin-container-v0-11-3/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "aws-admin-container-v0-11-3" -version = "0.1.0" -authors = ["Markus Boehme "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.18.0/aws-admin-container-v0-11-3/src/main.rs b/sources/api/migration/migrations/archived/v1.18.0/aws-admin-container-v0-11-3/src/main.rs deleted file mode 100644 index 47a286353..000000000 --- a/sources/api/migration/migrations/archived/v1.18.0/aws-admin-container-v0-11-3/src/main.rs +++ /dev/null @@ -1,27 +0,0 @@ -use migration_helpers::common_migrations::ReplaceSchnauzerMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -const OLD_ADMIN_CTR_CMDLINE: &str = - "schnauzer-v2 render --requires 'aws@v1(helpers=[ecr-prefix])' --template '{{ ecr-prefix settings.aws.region }}/bottlerocket-admin:v0.11.2'"; -const NEW_ADMIN_CTR_CMDLINE: &str = - "schnauzer-v2 render --requires 'aws@v1(helpers=[ecr-prefix])' --template '{{ ecr-prefix settings.aws.region }}/bottlerocket-admin:v0.11.3'"; - -/// We bumped the version of the default admin container -fn run() -> Result<()> { - migrate(ReplaceSchnauzerMigration { - setting: "settings.host-containers.admin.source", - old_schnauzer_cmdline: OLD_ADMIN_CTR_CMDLINE, - new_schnauzer_cmdline: NEW_ADMIN_CTR_CMDLINE, - }) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.18.0/aws-control-container-v0-7-7/Cargo.toml b/sources/api/migration/migrations/archived/v1.18.0/aws-control-container-v0-7-7/Cargo.toml deleted file mode 100644 index efdb495b9..000000000 --- a/sources/api/migration/migrations/archived/v1.18.0/aws-control-container-v0-7-7/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "aws-control-container-v0-7-7" -version = "0.1.0" -authors = ["Markus Boehme "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.18.0/aws-control-container-v0-7-7/src/main.rs b/sources/api/migration/migrations/archived/v1.18.0/aws-control-container-v0-7-7/src/main.rs deleted file mode 100644 index dff664a5f..000000000 --- a/sources/api/migration/migrations/archived/v1.18.0/aws-control-container-v0-7-7/src/main.rs +++ /dev/null @@ -1,27 +0,0 @@ -use migration_helpers::common_migrations::ReplaceSchnauzerMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -const OLD_CONTROL_CTR_CMDLINE: &str = - "schnauzer-v2 render --requires 'aws@v1(helpers=[ecr-prefix])' --template '{{ ecr-prefix settings.aws.region }}/bottlerocket-control:v0.7.6'"; -const NEW_CONTROL_CTR_CMDLINE: &str = - "schnauzer-v2 render --requires 'aws@v1(helpers=[ecr-prefix])' --template '{{ ecr-prefix settings.aws.region }}/bottlerocket-control:v0.7.7'"; - -/// We bumped the version of the default control container -fn run() -> Result<()> { - migrate(ReplaceSchnauzerMigration { - setting: "settings.host-containers.control.source", - old_schnauzer_cmdline: OLD_CONTROL_CTR_CMDLINE, - new_schnauzer_cmdline: NEW_CONTROL_CTR_CMDLINE, - }) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.18.0/public-admin-container-v0-11-3/Cargo.toml b/sources/api/migration/migrations/archived/v1.18.0/public-admin-container-v0-11-3/Cargo.toml deleted file mode 100644 index 14d6cbe12..000000000 --- a/sources/api/migration/migrations/archived/v1.18.0/public-admin-container-v0-11-3/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "public-admin-container-v0-11-3" -version = "0.1.0" -authors = ["Markus Boehme "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.18.0/public-admin-container-v0-11-3/src/main.rs b/sources/api/migration/migrations/archived/v1.18.0/public-admin-container-v0-11-3/src/main.rs deleted file mode 100644 index 04c4e4b62..000000000 --- a/sources/api/migration/migrations/archived/v1.18.0/public-admin-container-v0-11-3/src/main.rs +++ /dev/null @@ -1,25 +0,0 @@ -use migration_helpers::common_migrations::ReplaceStringMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -const OLD_ADMIN_CTR_SOURCE_VAL: &str = "public.ecr.aws/bottlerocket/bottlerocket-admin:v0.11.2"; -const NEW_ADMIN_CTR_SOURCE_VAL: &str = "public.ecr.aws/bottlerocket/bottlerocket-admin:v0.11.3"; - -/// We bumped the version of the default admin container -fn run() -> Result<()> { - migrate(ReplaceStringMigration { - setting: "settings.host-containers.admin.source", - old_val: OLD_ADMIN_CTR_SOURCE_VAL, - new_val: NEW_ADMIN_CTR_SOURCE_VAL, - }) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.18.0/public-control-container-v0-7-7/Cargo.toml b/sources/api/migration/migrations/archived/v1.18.0/public-control-container-v0-7-7/Cargo.toml deleted file mode 100644 index 31056099d..000000000 --- a/sources/api/migration/migrations/archived/v1.18.0/public-control-container-v0-7-7/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "public-control-container-v0-7-7" -version = "0.1.0" -authors = ["Markus Boehme "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.18.0/public-control-container-v0-7-7/src/main.rs b/sources/api/migration/migrations/archived/v1.18.0/public-control-container-v0-7-7/src/main.rs deleted file mode 100644 index bddee3726..000000000 --- a/sources/api/migration/migrations/archived/v1.18.0/public-control-container-v0-7-7/src/main.rs +++ /dev/null @@ -1,25 +0,0 @@ -use migration_helpers::common_migrations::ReplaceStringMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -const OLD_CONTROL_CTR_SOURCE_VAL: &str = "public.ecr.aws/bottlerocket/bottlerocket-control:v0.7.6"; -const NEW_CONTROL_CTR_SOURCE_VAL: &str = "public.ecr.aws/bottlerocket/bottlerocket-control:v0.7.7"; - -/// We bumped the version of the default control container -fn run() -> Result<()> { - migrate(ReplaceStringMigration { - setting: "settings.host-containers.control.source", - old_val: OLD_CONTROL_CTR_SOURCE_VAL, - new_val: NEW_CONTROL_CTR_SOURCE_VAL, - }) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.19.0/add-additional-ecs-settings/Cargo.toml b/sources/api/migration/migrations/archived/v1.19.0/add-additional-ecs-settings/Cargo.toml deleted file mode 100644 index 6820fdf4d..000000000 --- a/sources/api/migration/migrations/archived/v1.19.0/add-additional-ecs-settings/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "add-additional-ecs-settings" -version = "0.1.0" -authors = ["Arnaldo Garcia Rincon "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.19.0/add-additional-ecs-settings/src/main.rs b/sources/api/migration/migrations/archived/v1.19.0/add-additional-ecs-settings/src/main.rs deleted file mode 100644 index 50d59e536..000000000 --- a/sources/api/migration/migrations/archived/v1.19.0/add-additional-ecs-settings/src/main.rs +++ /dev/null @@ -1,21 +0,0 @@ -use migration_helpers::common_migrations::AddSettingsMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -/// We added additional configurations for the ECS agent -fn run() -> Result<()> { - migrate(AddSettingsMigration(&[ - "settings.ecs.backend-host", - "settings.ecs.awsvpc-block-imds", - ])) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.19.1/aws-admin-container-v0-11-4/Cargo.toml b/sources/api/migration/migrations/archived/v1.19.1/aws-admin-container-v0-11-4/Cargo.toml deleted file mode 100644 index 7053181f2..000000000 --- a/sources/api/migration/migrations/archived/v1.19.1/aws-admin-container-v0-11-4/Cargo.toml +++ /dev/null @@ -1,15 +0,0 @@ -[package] -name = "aws-admin-container-v0-11-4" -version = "0.1.0" -authors = ["Matthew Yeazel "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - - -# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.19.1/aws-admin-container-v0-11-4/src/main.rs b/sources/api/migration/migrations/archived/v1.19.1/aws-admin-container-v0-11-4/src/main.rs deleted file mode 100644 index 90b60ab54..000000000 --- a/sources/api/migration/migrations/archived/v1.19.1/aws-admin-container-v0-11-4/src/main.rs +++ /dev/null @@ -1,27 +0,0 @@ -use migration_helpers::common_migrations::ReplaceSchnauzerMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -const OLD_ADMIN_CTR_CMDLINE: &str = - "schnauzer-v2 render --requires 'aws@v1(helpers=[ecr-prefix])' --template '{{ ecr-prefix settings.aws.region }}/bottlerocket-admin:v0.11.3'"; -const NEW_ADMIN_CTR_CMDLINE: &str = - "schnauzer-v2 render --requires 'aws@v1(helpers=[ecr-prefix])' --template '{{ ecr-prefix settings.aws.region }}/bottlerocket-admin:v0.11.4'"; - -/// We bumped the version of the default admin container -fn run() -> Result<()> { - migrate(ReplaceSchnauzerMigration { - setting: "settings.host-containers.admin.source", - old_schnauzer_cmdline: OLD_ADMIN_CTR_CMDLINE, - new_schnauzer_cmdline: NEW_ADMIN_CTR_CMDLINE, - }) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.19.1/aws-control-container-v0-7-8/Cargo.toml b/sources/api/migration/migrations/archived/v1.19.1/aws-control-container-v0-7-8/Cargo.toml deleted file mode 100644 index da5be5f7c..000000000 --- a/sources/api/migration/migrations/archived/v1.19.1/aws-control-container-v0-7-8/Cargo.toml +++ /dev/null @@ -1,15 +0,0 @@ -[package] -name = "aws-control-container-v0-7-8" -version = "0.1.0" -authors = ["Matthew Yeazel "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - - -# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.19.1/aws-control-container-v0-7-8/src/main.rs b/sources/api/migration/migrations/archived/v1.19.1/aws-control-container-v0-7-8/src/main.rs deleted file mode 100644 index 2d9108d3c..000000000 --- a/sources/api/migration/migrations/archived/v1.19.1/aws-control-container-v0-7-8/src/main.rs +++ /dev/null @@ -1,27 +0,0 @@ -use migration_helpers::common_migrations::ReplaceSchnauzerMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -const OLD_CONTROL_CTR_CMDLINE: &str = - "schnauzer-v2 render --requires 'aws@v1(helpers=[ecr-prefix])' --template '{{ ecr-prefix settings.aws.region }}/bottlerocket-control:v0.7.7'"; -const NEW_CONTROL_CTR_CMDLINE: &str = - "schnauzer-v2 render --requires 'aws@v1(helpers=[ecr-prefix])' --template '{{ ecr-prefix settings.aws.region }}/bottlerocket-control:v0.7.8'"; - -/// We bumped the version of the default control container -fn run() -> Result<()> { - migrate(ReplaceSchnauzerMigration { - setting: "settings.host-containers.control.source", - old_schnauzer_cmdline: OLD_CONTROL_CTR_CMDLINE, - new_schnauzer_cmdline: NEW_CONTROL_CTR_CMDLINE, - }) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.19.1/public-admin-container-v0-11-4/Cargo.toml b/sources/api/migration/migrations/archived/v1.19.1/public-admin-container-v0-11-4/Cargo.toml deleted file mode 100644 index cf9d5aa7d..000000000 --- a/sources/api/migration/migrations/archived/v1.19.1/public-admin-container-v0-11-4/Cargo.toml +++ /dev/null @@ -1,15 +0,0 @@ -[package] -name = "public-admin-container-v0-11-4" -version = "0.1.0" -authors = ["Matthew Yeazel "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - - -# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.19.1/public-admin-container-v0-11-4/src/main.rs b/sources/api/migration/migrations/archived/v1.19.1/public-admin-container-v0-11-4/src/main.rs deleted file mode 100644 index fc985f3cb..000000000 --- a/sources/api/migration/migrations/archived/v1.19.1/public-admin-container-v0-11-4/src/main.rs +++ /dev/null @@ -1,25 +0,0 @@ -use migration_helpers::common_migrations::ReplaceStringMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -const OLD_ADMIN_CTR_SOURCE_VAL: &str = "public.ecr.aws/bottlerocket/bottlerocket-admin:v0.11.3"; -const NEW_ADMIN_CTR_SOURCE_VAL: &str = "public.ecr.aws/bottlerocket/bottlerocket-admin:v0.11.4"; - -/// We bumped the version of the default admin container -fn run() -> Result<()> { - migrate(ReplaceStringMigration { - setting: "settings.host-containers.admin.source", - old_val: OLD_ADMIN_CTR_SOURCE_VAL, - new_val: NEW_ADMIN_CTR_SOURCE_VAL, - }) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.19.1/public-control-container-v0-7-8/Cargo.toml b/sources/api/migration/migrations/archived/v1.19.1/public-control-container-v0-7-8/Cargo.toml deleted file mode 100644 index 191d544a0..000000000 --- a/sources/api/migration/migrations/archived/v1.19.1/public-control-container-v0-7-8/Cargo.toml +++ /dev/null @@ -1,15 +0,0 @@ -[package] -name = "public-control-container-v0-7-8" -version = "0.1.0" -authors = ["Matthew Yeazel "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - - -# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.19.1/public-control-container-v0-7-8/src/main.rs b/sources/api/migration/migrations/archived/v1.19.1/public-control-container-v0-7-8/src/main.rs deleted file mode 100644 index 769c5e313..000000000 --- a/sources/api/migration/migrations/archived/v1.19.1/public-control-container-v0-7-8/src/main.rs +++ /dev/null @@ -1,25 +0,0 @@ -use migration_helpers::common_migrations::ReplaceStringMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -const OLD_CONTROL_CTR_SOURCE_VAL: &str = "public.ecr.aws/bottlerocket/bottlerocket-control:v0.7.7"; -const NEW_CONTROL_CTR_SOURCE_VAL: &str = "public.ecr.aws/bottlerocket/bottlerocket-control:v0.7.8"; - -/// We bumped the version of the default control container -fn run() -> Result<()> { - migrate(ReplaceStringMigration { - setting: "settings.host-containers.control.source", - old_val: OLD_CONTROL_CTR_SOURCE_VAL, - new_val: NEW_CONTROL_CTR_SOURCE_VAL, - }) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.19.2/add-ecs-enable-container-metadata/Cargo.toml b/sources/api/migration/migrations/archived/v1.19.2/add-ecs-enable-container-metadata/Cargo.toml deleted file mode 100644 index dcdd1bdd7..000000000 --- a/sources/api/migration/migrations/archived/v1.19.2/add-ecs-enable-container-metadata/Cargo.toml +++ /dev/null @@ -1,10 +0,0 @@ -[package] -name = "add-ecs-enable-container-metadata" -version = "0.1.0" -authors = ["Arnaldo Garcia Rincon "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.19.2/add-ecs-enable-container-metadata/src/main.rs b/sources/api/migration/migrations/archived/v1.19.2/add-ecs-enable-container-metadata/src/main.rs deleted file mode 100644 index 1a3d0fb06..000000000 --- a/sources/api/migration/migrations/archived/v1.19.2/add-ecs-enable-container-metadata/src/main.rs +++ /dev/null @@ -1,20 +0,0 @@ -use migration_helpers::common_migrations::AddSettingsMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -/// We added additional configurations for the ECS agent -fn run() -> Result<()> { - migrate(AddSettingsMigration(&[ - "settings.ecs.enable-container-metadata", - ])) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.19.2/certdog-config-file-v0-1-0/Cargo.toml b/sources/api/migration/migrations/archived/v1.19.2/certdog-config-file-v0-1-0/Cargo.toml deleted file mode 100644 index 7917a91b5..000000000 --- a/sources/api/migration/migrations/archived/v1.19.2/certdog-config-file-v0-1-0/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "certdog-config-file-v0-1-0" -version = "0.1.0" -authors = ["Jarrett Tierney "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0" } diff --git a/sources/api/migration/migrations/archived/v1.19.2/certdog-config-file-v0-1-0/src/main.rs b/sources/api/migration/migrations/archived/v1.19.2/certdog-config-file-v0-1-0/src/main.rs deleted file mode 100644 index 12572783b..000000000 --- a/sources/api/migration/migrations/archived/v1.19.2/certdog-config-file-v0-1-0/src/main.rs +++ /dev/null @@ -1,17 +0,0 @@ -use migration_helpers::common_migrations::AddPrefixesMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -/// Add settings for the new certdog-toml config file -fn run() -> Result<()> { - migrate(AddPrefixesMigration(vec![ - "configuration-files.certdog-toml", - ])) -} - -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.19.2/certdog-service-cfg-v0-1-0/Cargo.toml b/sources/api/migration/migrations/archived/v1.19.2/certdog-service-cfg-v0-1-0/Cargo.toml deleted file mode 100644 index 7c936ecdc..000000000 --- a/sources/api/migration/migrations/archived/v1.19.2/certdog-service-cfg-v0-1-0/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "certdog-service-cfg-v0-1-0" -version = "0.1.0" -authors = ["Jarrett Tierney "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0" } diff --git a/sources/api/migration/migrations/archived/v1.19.2/certdog-service-cfg-v0-1-0/src/main.rs b/sources/api/migration/migrations/archived/v1.19.2/certdog-service-cfg-v0-1-0/src/main.rs deleted file mode 100644 index eaf50ac64..000000000 --- a/sources/api/migration/migrations/archived/v1.19.2/certdog-service-cfg-v0-1-0/src/main.rs +++ /dev/null @@ -1,19 +0,0 @@ -use migration_helpers::common_migrations::{ListReplacement, ReplaceListsMigration}; -use migration_helpers::{migrate, Result}; -use std::process; - -/// Add settings for the new certdog-toml config file -fn run() -> Result<()> { - migrate(ReplaceListsMigration(vec![ListReplacement { - setting: "services.pki.configuration-files", - old_vals: &[], - new_vals: &["certdog-toml"], - }])) -} - -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.19.3/aws-admin-container-v0-11-6/Cargo.toml b/sources/api/migration/migrations/archived/v1.19.3/aws-admin-container-v0-11-6/Cargo.toml deleted file mode 100644 index 28e5a5ff4..000000000 --- a/sources/api/migration/migrations/archived/v1.19.3/aws-admin-container-v0-11-6/Cargo.toml +++ /dev/null @@ -1,15 +0,0 @@ -[package] -name = "aws-admin-container-v0-11-6" -version = "0.1.0" -authors = ["Yutong Sun "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - - -# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.19.3/aws-admin-container-v0-11-6/src/main.rs b/sources/api/migration/migrations/archived/v1.19.3/aws-admin-container-v0-11-6/src/main.rs deleted file mode 100644 index 2b7fb6874..000000000 --- a/sources/api/migration/migrations/archived/v1.19.3/aws-admin-container-v0-11-6/src/main.rs +++ /dev/null @@ -1,27 +0,0 @@ -use migration_helpers::common_migrations::ReplaceSchnauzerMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -const OLD_ADMIN_CTR_CMDLINE: &str = - "schnauzer-v2 render --requires 'aws@v1(helpers=[ecr-prefix])' --template '{{ ecr-prefix settings.aws.region }}/bottlerocket-admin:v0.11.4'"; -const NEW_ADMIN_CTR_CMDLINE: &str = - "schnauzer-v2 render --requires 'aws@v1(helpers=[ecr-prefix])' --template '{{ ecr-prefix settings.aws.region }}/bottlerocket-admin:v0.11.6'"; - -/// We bumped the version of the default admin container -fn run() -> Result<()> { - migrate(ReplaceSchnauzerMigration { - setting: "settings.host-containers.admin.source", - old_schnauzer_cmdline: OLD_ADMIN_CTR_CMDLINE, - new_schnauzer_cmdline: NEW_ADMIN_CTR_CMDLINE, - }) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.19.3/aws-control-container-v0-7-10/Cargo.toml b/sources/api/migration/migrations/archived/v1.19.3/aws-control-container-v0-7-10/Cargo.toml deleted file mode 100644 index f99b8307d..000000000 --- a/sources/api/migration/migrations/archived/v1.19.3/aws-control-container-v0-7-10/Cargo.toml +++ /dev/null @@ -1,15 +0,0 @@ -[package] -name = "aws-control-container-v0-7-10" -version = "0.1.0" -authors = ["Yutong Sun "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - - -# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.19.3/aws-control-container-v0-7-10/src/main.rs b/sources/api/migration/migrations/archived/v1.19.3/aws-control-container-v0-7-10/src/main.rs deleted file mode 100644 index e88fb64a8..000000000 --- a/sources/api/migration/migrations/archived/v1.19.3/aws-control-container-v0-7-10/src/main.rs +++ /dev/null @@ -1,27 +0,0 @@ -use migration_helpers::common_migrations::ReplaceSchnauzerMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -const OLD_CONTROL_CTR_CMDLINE: &str = - "schnauzer-v2 render --requires 'aws@v1(helpers=[ecr-prefix])' --template '{{ ecr-prefix settings.aws.region }}/bottlerocket-control:v0.7.8'"; -const NEW_CONTROL_CTR_CMDLINE: &str = - "schnauzer-v2 render --requires 'aws@v1(helpers=[ecr-prefix])' --template '{{ ecr-prefix settings.aws.region }}/bottlerocket-control:v0.7.10'"; - -/// We bumped the version of the default control container -fn run() -> Result<()> { - migrate(ReplaceSchnauzerMigration { - setting: "settings.host-containers.control.source", - old_schnauzer_cmdline: OLD_CONTROL_CTR_CMDLINE, - new_schnauzer_cmdline: NEW_CONTROL_CTR_CMDLINE, - }) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.19.3/public-admin-container-v0-11-6/Cargo.toml b/sources/api/migration/migrations/archived/v1.19.3/public-admin-container-v0-11-6/Cargo.toml deleted file mode 100644 index 8005babfb..000000000 --- a/sources/api/migration/migrations/archived/v1.19.3/public-admin-container-v0-11-6/Cargo.toml +++ /dev/null @@ -1,15 +0,0 @@ -[package] -name = "public-admin-container-v0-11-6" -version = "0.1.0" -authors = ["Yutong Sun "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - - -# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.19.3/public-admin-container-v0-11-6/src/main.rs b/sources/api/migration/migrations/archived/v1.19.3/public-admin-container-v0-11-6/src/main.rs deleted file mode 100644 index 38c265e14..000000000 --- a/sources/api/migration/migrations/archived/v1.19.3/public-admin-container-v0-11-6/src/main.rs +++ /dev/null @@ -1,25 +0,0 @@ -use migration_helpers::common_migrations::ReplaceStringMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -const OLD_ADMIN_CTR_SOURCE_VAL: &str = "public.ecr.aws/bottlerocket/bottlerocket-admin:v0.11.4"; -const NEW_ADMIN_CTR_SOURCE_VAL: &str = "public.ecr.aws/bottlerocket/bottlerocket-admin:v0.11.6"; - -/// We bumped the version of the default admin container -fn run() -> Result<()> { - migrate(ReplaceStringMigration { - setting: "settings.host-containers.admin.source", - old_val: OLD_ADMIN_CTR_SOURCE_VAL, - new_val: NEW_ADMIN_CTR_SOURCE_VAL, - }) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.19.3/public-control-container-v0-7-10/Cargo.toml b/sources/api/migration/migrations/archived/v1.19.3/public-control-container-v0-7-10/Cargo.toml deleted file mode 100644 index f0b6a7865..000000000 --- a/sources/api/migration/migrations/archived/v1.19.3/public-control-container-v0-7-10/Cargo.toml +++ /dev/null @@ -1,15 +0,0 @@ -[package] -name = "public-control-container-v0-7-10" -version = "0.1.0" -authors = ["Yutong Sun "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - - -# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.19.3/public-control-container-v0-7-10/src/main.rs b/sources/api/migration/migrations/archived/v1.19.3/public-control-container-v0-7-10/src/main.rs deleted file mode 100644 index 7f57403e0..000000000 --- a/sources/api/migration/migrations/archived/v1.19.3/public-control-container-v0-7-10/src/main.rs +++ /dev/null @@ -1,25 +0,0 @@ -use migration_helpers::common_migrations::ReplaceStringMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -const OLD_CONTROL_CTR_SOURCE_VAL: &str = "public.ecr.aws/bottlerocket/bottlerocket-control:v0.7.8"; -const NEW_CONTROL_CTR_SOURCE_VAL: &str = "public.ecr.aws/bottlerocket/bottlerocket-control:v0.7.10"; - -/// We bumped the version of the default control container -fn run() -> Result<()> { - migrate(ReplaceStringMigration { - setting: "settings.host-containers.control.source", - old_val: OLD_CONTROL_CTR_SOURCE_VAL, - new_val: NEW_CONTROL_CTR_SOURCE_VAL, - }) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.19.5/aws-admin-container-v0-11-7/Cargo.toml b/sources/api/migration/migrations/archived/v1.19.5/aws-admin-container-v0-11-7/Cargo.toml deleted file mode 100644 index 66655fd9f..000000000 --- a/sources/api/migration/migrations/archived/v1.19.5/aws-admin-container-v0-11-7/Cargo.toml +++ /dev/null @@ -1,15 +0,0 @@ -[package] -name = "aws-admin-container-v0-11-7" -version = "0.1.0" -authors = ["Shikha Vyaghra "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - - -# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.19.5/aws-admin-container-v0-11-7/src/main.rs b/sources/api/migration/migrations/archived/v1.19.5/aws-admin-container-v0-11-7/src/main.rs deleted file mode 100644 index 8e34d928a..000000000 --- a/sources/api/migration/migrations/archived/v1.19.5/aws-admin-container-v0-11-7/src/main.rs +++ /dev/null @@ -1,27 +0,0 @@ -use migration_helpers::common_migrations::ReplaceSchnauzerMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -const OLD_ADMIN_CTR_CMDLINE: &str = - "schnauzer-v2 render --requires 'aws@v1(helpers=[ecr-prefix])' --template '{{ ecr-prefix settings.aws.region }}/bottlerocket-admin:v0.11.6'"; -const NEW_ADMIN_CTR_CMDLINE: &str = - "schnauzer-v2 render --requires 'aws@v1(helpers=[ecr-prefix])' --template '{{ ecr-prefix settings.aws.region }}/bottlerocket-admin:v0.11.7'"; - -/// We bumped the version of the default admin container -fn run() -> Result<()> { - migrate(ReplaceSchnauzerMigration { - setting: "settings.host-containers.admin.source", - old_schnauzer_cmdline: OLD_ADMIN_CTR_CMDLINE, - new_schnauzer_cmdline: NEW_ADMIN_CTR_CMDLINE, - }) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.19.5/aws-control-container-v0-7-11/Cargo.toml b/sources/api/migration/migrations/archived/v1.19.5/aws-control-container-v0-7-11/Cargo.toml deleted file mode 100644 index 8d9a5e1c1..000000000 --- a/sources/api/migration/migrations/archived/v1.19.5/aws-control-container-v0-7-11/Cargo.toml +++ /dev/null @@ -1,15 +0,0 @@ -[package] -name = "aws-control-container-v0-7-11" -version = "0.1.0" -authors = ["Shikha Vyaghra "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - - -# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.19.5/aws-control-container-v0-7-11/src/main.rs b/sources/api/migration/migrations/archived/v1.19.5/aws-control-container-v0-7-11/src/main.rs deleted file mode 100644 index ab0b7fec0..000000000 --- a/sources/api/migration/migrations/archived/v1.19.5/aws-control-container-v0-7-11/src/main.rs +++ /dev/null @@ -1,27 +0,0 @@ -use migration_helpers::common_migrations::ReplaceSchnauzerMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -const OLD_CONTROL_CTR_CMDLINE: &str = - "schnauzer-v2 render --requires 'aws@v1(helpers=[ecr-prefix])' --template '{{ ecr-prefix settings.aws.region }}/bottlerocket-control:v0.7.10'"; -const NEW_CONTROL_CTR_CMDLINE: &str = - "schnauzer-v2 render --requires 'aws@v1(helpers=[ecr-prefix])' --template '{{ ecr-prefix settings.aws.region }}/bottlerocket-control:v0.7.11'"; - -/// We bumped the version of the default control container -fn run() -> Result<()> { - migrate(ReplaceSchnauzerMigration { - setting: "settings.host-containers.control.source", - old_schnauzer_cmdline: OLD_CONTROL_CTR_CMDLINE, - new_schnauzer_cmdline: NEW_CONTROL_CTR_CMDLINE, - }) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.19.5/public-admin-container-v0-11-7/Cargo.toml b/sources/api/migration/migrations/archived/v1.19.5/public-admin-container-v0-11-7/Cargo.toml deleted file mode 100644 index 2fd13dedd..000000000 --- a/sources/api/migration/migrations/archived/v1.19.5/public-admin-container-v0-11-7/Cargo.toml +++ /dev/null @@ -1,15 +0,0 @@ -[package] -name = "public-admin-container-v0-11-7" -version = "0.1.0" -authors = ["Shikha Vyaghra "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - - -# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} \ No newline at end of file diff --git a/sources/api/migration/migrations/archived/v1.19.5/public-admin-container-v0-11-7/src/main.rs b/sources/api/migration/migrations/archived/v1.19.5/public-admin-container-v0-11-7/src/main.rs deleted file mode 100644 index fec2eba85..000000000 --- a/sources/api/migration/migrations/archived/v1.19.5/public-admin-container-v0-11-7/src/main.rs +++ /dev/null @@ -1,25 +0,0 @@ -use migration_helpers::common_migrations::ReplaceStringMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -const OLD_ADMIN_CTR_SOURCE_VAL: &str = "public.ecr.aws/bottlerocket/bottlerocket-admin:v0.11.6"; -const NEW_ADMIN_CTR_SOURCE_VAL: &str = "public.ecr.aws/bottlerocket/bottlerocket-admin:v0.11.7"; - -/// We bumped the version of the default admin container -fn run() -> Result<()> { - migrate(ReplaceStringMigration { - setting: "settings.host-containers.admin.source", - old_val: OLD_ADMIN_CTR_SOURCE_VAL, - new_val: NEW_ADMIN_CTR_SOURCE_VAL, - }) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.19.5/public-control-container-v0-7-11/Cargo.toml b/sources/api/migration/migrations/archived/v1.19.5/public-control-container-v0-7-11/Cargo.toml deleted file mode 100644 index 09f7325ec..000000000 --- a/sources/api/migration/migrations/archived/v1.19.5/public-control-container-v0-7-11/Cargo.toml +++ /dev/null @@ -1,15 +0,0 @@ -[package] -name = "public-control-container-v0-7-11" -version = "0.1.0" -authors = ["Shikha Vyaghra "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - - -# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.19.5/public-control-container-v0-7-11/src/main.rs b/sources/api/migration/migrations/archived/v1.19.5/public-control-container-v0-7-11/src/main.rs deleted file mode 100644 index 79086ef92..000000000 --- a/sources/api/migration/migrations/archived/v1.19.5/public-control-container-v0-7-11/src/main.rs +++ /dev/null @@ -1,25 +0,0 @@ -use migration_helpers::common_migrations::ReplaceStringMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -const OLD_CONTROL_CTR_SOURCE_VAL: &str = "public.ecr.aws/bottlerocket/bottlerocket-control:v0.7.10"; -const NEW_CONTROL_CTR_SOURCE_VAL: &str = "public.ecr.aws/bottlerocket/bottlerocket-control:v0.7.11"; - -/// We bumped the version of the default control container -fn run() -> Result<()> { - migrate(ReplaceStringMigration { - setting: "settings.host-containers.control.source", - old_val: OLD_CONTROL_CTR_SOURCE_VAL, - new_val: NEW_CONTROL_CTR_SOURCE_VAL, - }) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.2.0/add-custom-certificates/Cargo.toml b/sources/api/migration/migrations/archived/v1.2.0/add-custom-certificates/Cargo.toml deleted file mode 100644 index 71003f7b3..000000000 --- a/sources/api/migration/migrations/archived/v1.2.0/add-custom-certificates/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "add-custom-certificates" -version = "0.1.0" -authors = ["Arnaldo Garcia Rincon "] -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers" } diff --git a/sources/api/migration/migrations/archived/v1.2.0/add-custom-certificates/src/main.rs b/sources/api/migration/migrations/archived/v1.2.0/add-custom-certificates/src/main.rs deleted file mode 100644 index 88ff57c53..000000000 --- a/sources/api/migration/migrations/archived/v1.2.0/add-custom-certificates/src/main.rs +++ /dev/null @@ -1,18 +0,0 @@ -use migration_helpers::common_migrations::AddPrefixesMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -/// We added the settings and services for `pki` -fn run() -> Result<()> { - migrate(AddPrefixesMigration(vec!["settings.pki", "services.pki"])) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.2.0/admin-container-v0-7-2/Cargo.toml b/sources/api/migration/migrations/archived/v1.2.0/admin-container-v0-7-2/Cargo.toml deleted file mode 100644 index 1f2fe4dfc..000000000 --- a/sources/api/migration/migrations/archived/v1.2.0/admin-container-v0-7-2/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "admin-container-v0-7-2" -version = "0.1.0" -authors = ["Patrick J.P. Culp "] -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers" } diff --git a/sources/api/migration/migrations/archived/v1.2.0/admin-container-v0-7-2/src/main.rs b/sources/api/migration/migrations/archived/v1.2.0/admin-container-v0-7-2/src/main.rs deleted file mode 100644 index b05e70344..000000000 --- a/sources/api/migration/migrations/archived/v1.2.0/admin-container-v0-7-2/src/main.rs +++ /dev/null @@ -1,27 +0,0 @@ -use migration_helpers::common_migrations::ReplaceTemplateMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -const OLD_ADMIN_CTR_TEMPLATE: &str = - "{{ ecr-prefix settings.aws.region }}/bottlerocket-admin:v0.7.1"; -const NEW_ADMIN_CTR_TEMPLATE: &str = - "{{ ecr-prefix settings.aws.region }}/bottlerocket-admin:v0.7.2"; - -/// We bumped the version of the default admin container from v0.7.1 to v0.7.2 -fn run() -> Result<()> { - migrate(ReplaceTemplateMigration { - setting: "settings.host-containers.admin.source", - old_template: OLD_ADMIN_CTR_TEMPLATE, - new_template: NEW_ADMIN_CTR_TEMPLATE, - }) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.2.0/container-registry-config-restarts/Cargo.toml b/sources/api/migration/migrations/archived/v1.2.0/container-registry-config-restarts/Cargo.toml deleted file mode 100644 index e973f0d4e..000000000 --- a/sources/api/migration/migrations/archived/v1.2.0/container-registry-config-restarts/Cargo.toml +++ /dev/null @@ -1,10 +0,0 @@ -[package] -name = "container-registry-config-restarts" -version = "0.1.0" -authors = ["Erikson Tung "] -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false - -[dependencies] -migration-helpers = { path = "../../../migration-helpers" } diff --git a/sources/api/migration/migrations/archived/v1.2.0/container-registry-config-restarts/src/main.rs b/sources/api/migration/migrations/archived/v1.2.0/container-registry-config-restarts/src/main.rs deleted file mode 100644 index bfa382772..000000000 --- a/sources/api/migration/migrations/archived/v1.2.0/container-registry-config-restarts/src/main.rs +++ /dev/null @@ -1,35 +0,0 @@ -use migration_helpers::common_migrations::{ListReplacement, ReplaceListsMigration}; -use migration_helpers::{migrate, Result}; -use std::process; - -/// We templatized the configuration file for the Docker daemon. -/// We also added a new configuration file for host-containers and bootstrap-containers -fn run() -> Result<()> { - migrate(ReplaceListsMigration(vec![ - ListReplacement { - setting: "services.docker.configuration-files", - old_vals: &["proxy-env"], - new_vals: &["docker-daemon-config", "proxy-env"], - }, - ListReplacement { - setting: "services.bootstrap-containers.configuration-files", - old_vals: &[], - new_vals: &["host-ctr-toml"], - }, - ListReplacement { - setting: "services.host-containers.configuration-files", - old_vals: &[], - new_vals: &["host-ctr-toml"], - }, - ])) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.2.0/container-registry-mirrors/Cargo.toml b/sources/api/migration/migrations/archived/v1.2.0/container-registry-mirrors/Cargo.toml deleted file mode 100644 index 0b304c2e9..000000000 --- a/sources/api/migration/migrations/archived/v1.2.0/container-registry-mirrors/Cargo.toml +++ /dev/null @@ -1,10 +0,0 @@ -[package] -name = "container-registry-mirrors" -version = "0.1.0" -authors = ["Erikson Tung "] -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false - -[dependencies] -migration-helpers = { path = "../../../migration-helpers" } diff --git a/sources/api/migration/migrations/archived/v1.2.0/container-registry-mirrors/src/main.rs b/sources/api/migration/migrations/archived/v1.2.0/container-registry-mirrors/src/main.rs deleted file mode 100644 index 0ed91fd1f..000000000 --- a/sources/api/migration/migrations/archived/v1.2.0/container-registry-mirrors/src/main.rs +++ /dev/null @@ -1,23 +0,0 @@ -use migration_helpers::common_migrations::AddPrefixesMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -/// We added a new setting for configuring image registries, `settings.container-registry` -/// We also added a new configuration template file for the Docker daemon -fn run() -> Result<()> { - migrate(AddPrefixesMigration(vec![ - "settings.container-registry", - "configuration-files.docker-daemon-config", - "configuration-files.host-ctr-toml", - ])) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.2.0/hostname-setting-metadata/Cargo.toml b/sources/api/migration/migrations/archived/v1.2.0/hostname-setting-metadata/Cargo.toml deleted file mode 100644 index ad473d247..000000000 --- a/sources/api/migration/migrations/archived/v1.2.0/hostname-setting-metadata/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "hostname-setting-metadata" -version = "0.1.0" -authors = ["Zac Mrowicki "] -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers" } diff --git a/sources/api/migration/migrations/archived/v1.2.0/hostname-setting-metadata/src/main.rs b/sources/api/migration/migrations/archived/v1.2.0/hostname-setting-metadata/src/main.rs deleted file mode 100644 index 213e1e880..000000000 --- a/sources/api/migration/migrations/archived/v1.2.0/hostname-setting-metadata/src/main.rs +++ /dev/null @@ -1,21 +0,0 @@ -use migration_helpers::common_migrations::{AddMetadataMigration, SettingMetadata}; -use migration_helpers::{migrate, Result}; -use std::process; - -/// We added a new setting and generator for configuring hostname -fn run() -> Result<()> { - migrate(AddMetadataMigration(&[SettingMetadata { - metadata: &["setting-generator", "affected-services"], - setting: "settings.network.hostname", - }])) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.2.0/hostname-setting/Cargo.toml b/sources/api/migration/migrations/archived/v1.2.0/hostname-setting/Cargo.toml deleted file mode 100644 index e12889507..000000000 --- a/sources/api/migration/migrations/archived/v1.2.0/hostname-setting/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "hostname-setting" -version = "0.1.0" -authors = ["Zac Mrowicki "] -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers" } diff --git a/sources/api/migration/migrations/archived/v1.2.0/hostname-setting/src/main.rs b/sources/api/migration/migrations/archived/v1.2.0/hostname-setting/src/main.rs deleted file mode 100644 index 1de5e4141..000000000 --- a/sources/api/migration/migrations/archived/v1.2.0/hostname-setting/src/main.rs +++ /dev/null @@ -1,22 +0,0 @@ -use migration_helpers::common_migrations::AddPrefixesMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -/// We added a new setting and generator for configuring hostname -fn run() -> Result<()> { - migrate(AddPrefixesMigration(vec![ - "settings.network.hostname", - "services.hostname", - "configuration-files.hostname", - ])) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.2.0/kubelet-topology-manager/Cargo.toml b/sources/api/migration/migrations/archived/v1.2.0/kubelet-topology-manager/Cargo.toml deleted file mode 100644 index d8442adb5..000000000 --- a/sources/api/migration/migrations/archived/v1.2.0/kubelet-topology-manager/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "kubelet-topology-manager" -version = "0.1.0" -authors = ["Tianhao Geng "] -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers" } diff --git a/sources/api/migration/migrations/archived/v1.2.0/kubelet-topology-manager/src/main.rs b/sources/api/migration/migrations/archived/v1.2.0/kubelet-topology-manager/src/main.rs deleted file mode 100644 index cb8d0477e..000000000 --- a/sources/api/migration/migrations/archived/v1.2.0/kubelet-topology-manager/src/main.rs +++ /dev/null @@ -1,22 +0,0 @@ -use migration_helpers::common_migrations::AddSettingsMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -/// We added two new settings for configuring kubelet, `settings.kubernetes.topology-manager-policy` -/// and `settings.kubernetes.topology-manager-scope` -fn run() -> Result<()> { - migrate(AddSettingsMigration(&[ - "settings.kubernetes.topology-manager-scope", - "settings.kubernetes.topology-manager-policy", - ])) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.20.0/add-ntp-default-options-v0-1-0/Cargo.toml b/sources/api/migration/migrations/archived/v1.20.0/add-ntp-default-options-v0-1-0/Cargo.toml deleted file mode 100644 index 26f3ea4ca..000000000 --- a/sources/api/migration/migrations/archived/v1.20.0/add-ntp-default-options-v0-1-0/Cargo.toml +++ /dev/null @@ -1,10 +0,0 @@ -[package] -name = "add-ntp-default-options-v0-1-0" -version = "0.1.0" -authors = ["Dom Goodwin "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.20.0/add-ntp-default-options-v0-1-0/src/main.rs b/sources/api/migration/migrations/archived/v1.20.0/add-ntp-default-options-v0-1-0/src/main.rs deleted file mode 100644 index 2d485b24b..000000000 --- a/sources/api/migration/migrations/archived/v1.20.0/add-ntp-default-options-v0-1-0/src/main.rs +++ /dev/null @@ -1,18 +0,0 @@ -use migration_helpers::common_migrations::AddSettingsMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -/// We added the ability to set additional options for NTP -fn run() -> Result<()> { - migrate(AddSettingsMigration(&["settings.ntp.options"])) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.20.0/aws-admin-container-v0-11-8/Cargo.toml b/sources/api/migration/migrations/archived/v1.20.0/aws-admin-container-v0-11-8/Cargo.toml deleted file mode 100644 index ddffbd3cc..000000000 --- a/sources/api/migration/migrations/archived/v1.20.0/aws-admin-container-v0-11-8/Cargo.toml +++ /dev/null @@ -1,16 +0,0 @@ -[package] -name = "aws-admin-container-v0-11-8" -version = "0.1.0" -authors = ["Kyle Sessions "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - - -# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} - diff --git a/sources/api/migration/migrations/archived/v1.20.0/aws-admin-container-v0-11-8/src/main.rs b/sources/api/migration/migrations/archived/v1.20.0/aws-admin-container-v0-11-8/src/main.rs deleted file mode 100644 index 8b1d7a312..000000000 --- a/sources/api/migration/migrations/archived/v1.20.0/aws-admin-container-v0-11-8/src/main.rs +++ /dev/null @@ -1,27 +0,0 @@ -use migration_helpers::common_migrations::ReplaceSchnauzerMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -const OLD_ADMIN_CTR_CMDLINE: &str = - "schnauzer-v2 render --requires 'aws@v1(helpers=[ecr-prefix])' --template '{{ ecr-prefix settings.aws.region }}/bottlerocket-admin:v0.11.7'"; -const NEW_ADMIN_CTR_CMDLINE: &str = - "schnauzer-v2 render --requires 'aws@v1(helpers=[ecr-prefix])' --template '{{ ecr-prefix settings.aws.region }}/bottlerocket-admin:v0.11.8'"; - -/// We bumped the version of the default admin container -fn run() -> Result<()> { - migrate(ReplaceSchnauzerMigration { - setting: "settings.host-containers.admin.source", - old_schnauzer_cmdline: OLD_ADMIN_CTR_CMDLINE, - new_schnauzer_cmdline: NEW_ADMIN_CTR_CMDLINE, - }) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.20.0/aws-control-container-v0-7-12/Cargo.toml b/sources/api/migration/migrations/archived/v1.20.0/aws-control-container-v0-7-12/Cargo.toml deleted file mode 100644 index aa1bf3a3c..000000000 --- a/sources/api/migration/migrations/archived/v1.20.0/aws-control-container-v0-7-12/Cargo.toml +++ /dev/null @@ -1,16 +0,0 @@ -[package] -name = "aws-control-container-v0-7-12" -version = "0.1.0" -authors = ["Kyle Sessions "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - - -# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} - diff --git a/sources/api/migration/migrations/archived/v1.20.0/aws-control-container-v0-7-12/src/main.rs b/sources/api/migration/migrations/archived/v1.20.0/aws-control-container-v0-7-12/src/main.rs deleted file mode 100644 index 0f904363b..000000000 --- a/sources/api/migration/migrations/archived/v1.20.0/aws-control-container-v0-7-12/src/main.rs +++ /dev/null @@ -1,27 +0,0 @@ -use migration_helpers::common_migrations::ReplaceSchnauzerMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -const OLD_CONTROL_CTR_CMDLINE: &str = - "schnauzer-v2 render --requires 'aws@v1(helpers=[ecr-prefix])' --template '{{ ecr-prefix settings.aws.region }}/bottlerocket-control:v0.7.11'"; -const NEW_CONTROL_CTR_CMDLINE: &str = - "schnauzer-v2 render --requires 'aws@v1(helpers=[ecr-prefix])' --template '{{ ecr-prefix settings.aws.region }}/bottlerocket-control:v0.7.12'"; - -/// We bumped the version of the default control container -fn run() -> Result<()> { - migrate(ReplaceSchnauzerMigration { - setting: "settings.host-containers.control.source", - old_schnauzer_cmdline: OLD_CONTROL_CTR_CMDLINE, - new_schnauzer_cmdline: NEW_CONTROL_CTR_CMDLINE, - }) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.20.0/bootstrap-containers-config-file-v0-1-0/Cargo.toml b/sources/api/migration/migrations/archived/v1.20.0/bootstrap-containers-config-file-v0-1-0/Cargo.toml deleted file mode 100644 index 9f2a1a6fb..000000000 --- a/sources/api/migration/migrations/archived/v1.20.0/bootstrap-containers-config-file-v0-1-0/Cargo.toml +++ /dev/null @@ -1,13 +0,0 @@ -[package] -name = "bootstrap-containers-config-file-v0-1-0" -version = "0.1.0" -edition = "2021" -authors = ["Jarrett Tierney "] -license = "Apache-2.0 OR MIT" -publish = false -exclude = ["README.md"] - -# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0" } diff --git a/sources/api/migration/migrations/archived/v1.20.0/bootstrap-containers-config-file-v0-1-0/src/main.rs b/sources/api/migration/migrations/archived/v1.20.0/bootstrap-containers-config-file-v0-1-0/src/main.rs deleted file mode 100644 index 1c47e6ca1..000000000 --- a/sources/api/migration/migrations/archived/v1.20.0/bootstrap-containers-config-file-v0-1-0/src/main.rs +++ /dev/null @@ -1,16 +0,0 @@ -use migration_helpers::common_migrations::AddPrefixesMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -fn run() -> Result<()> { - migrate(AddPrefixesMigration(vec![ - "configuration-files.bootstrap-containers-toml", - ])) -} - -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.20.0/bootstrap-containers-services-cfg-v0-1-0/Cargo.toml b/sources/api/migration/migrations/archived/v1.20.0/bootstrap-containers-services-cfg-v0-1-0/Cargo.toml deleted file mode 100644 index cf6d433ea..000000000 --- a/sources/api/migration/migrations/archived/v1.20.0/bootstrap-containers-services-cfg-v0-1-0/Cargo.toml +++ /dev/null @@ -1,13 +0,0 @@ -[package] -name = "bootstrap-containers-services-cfg-v0-1-0" -version = "0.1.0" -edition = "2021" -authors = ["Jarrett Tierney "] -license = "Apache-2.0 OR MIT" -publish = false -exclude = ["README.md"] - -# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0" } diff --git a/sources/api/migration/migrations/archived/v1.20.0/bootstrap-containers-services-cfg-v0-1-0/src/main.rs b/sources/api/migration/migrations/archived/v1.20.0/bootstrap-containers-services-cfg-v0-1-0/src/main.rs deleted file mode 100644 index 4c45018e5..000000000 --- a/sources/api/migration/migrations/archived/v1.20.0/bootstrap-containers-services-cfg-v0-1-0/src/main.rs +++ /dev/null @@ -1,18 +0,0 @@ -use migration_helpers::common_migrations::{ListReplacement, ReplaceListsMigration}; -use migration_helpers::{migrate, Result}; -use std::process; - -fn run() -> Result<()> { - migrate(ReplaceListsMigration(vec![ListReplacement { - setting: "services.bootstrap-containers.configuration-files", - old_vals: &["host-ctr-toml"], - new_vals: &["host-ctr-toml", "bootstrap-containers-toml"], - }])) -} - -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.20.0/container-runtime-metadata-nvidia/Cargo.toml b/sources/api/migration/migrations/archived/v1.20.0/container-runtime-metadata-nvidia/Cargo.toml deleted file mode 100644 index 80abdb36d..000000000 --- a/sources/api/migration/migrations/archived/v1.20.0/container-runtime-metadata-nvidia/Cargo.toml +++ /dev/null @@ -1,15 +0,0 @@ -[package] -name = "container-runtime-metadata-nvidia" -version = "0.1.0" -edition = "2021" -authors = ["Matthew Yeazel "] -license = "Apache-2.0 OR MIT" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} - -[build-dependencies] -bottlerocket-variant = { version = "0.1", path = "../../../../../bottlerocket-variant" } diff --git a/sources/api/migration/migrations/archived/v1.20.0/container-runtime-metadata-nvidia/build.rs b/sources/api/migration/migrations/archived/v1.20.0/container-runtime-metadata-nvidia/build.rs deleted file mode 100644 index 51d16cf1b..000000000 --- a/sources/api/migration/migrations/archived/v1.20.0/container-runtime-metadata-nvidia/build.rs +++ /dev/null @@ -1,6 +0,0 @@ -use bottlerocket_variant::Variant; - -fn main() { - let variant = Variant::from_env().unwrap(); - variant.emit_cfgs(); -} diff --git a/sources/api/migration/migrations/archived/v1.20.0/container-runtime-metadata-nvidia/src/main.rs b/sources/api/migration/migrations/archived/v1.20.0/container-runtime-metadata-nvidia/src/main.rs deleted file mode 100644 index 011c9a496..000000000 --- a/sources/api/migration/migrations/archived/v1.20.0/container-runtime-metadata-nvidia/src/main.rs +++ /dev/null @@ -1,26 +0,0 @@ -use migration_helpers::common_migrations::{AddMetadataMigration, NoOpMigration, SettingMetadata}; -use migration_helpers::migrate; -use migration_helpers::Result; -use std::process; - -/// We added a new setting for configuring container runtime (containerd) settings only for NVIDIA k8s variants. -fn run() -> Result<()> { - if cfg!(variant_family = "aws-k8s") && cfg!(variant_flavor = "nvidia") { - migrate(AddMetadataMigration(&[SettingMetadata { - metadata: &["affected-services"], - setting: "settings.container-runtime", - }])) - } else { - migrate(NoOpMigration) - } -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.20.0/container-runtime-nvidia/Cargo.toml b/sources/api/migration/migrations/archived/v1.20.0/container-runtime-nvidia/Cargo.toml deleted file mode 100644 index e5f5499dc..000000000 --- a/sources/api/migration/migrations/archived/v1.20.0/container-runtime-nvidia/Cargo.toml +++ /dev/null @@ -1,15 +0,0 @@ -[package] -name = "container-runtime-nvidia" -version = "0.1.0" -edition = "2021" -authors = ["Matthew Yeazel "] -license = "Apache-2.0 OR MIT" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} - -[build-dependencies] -bottlerocket-variant = { version = "0.1", path = "../../../../../bottlerocket-variant" } diff --git a/sources/api/migration/migrations/archived/v1.20.0/container-runtime-nvidia/build.rs b/sources/api/migration/migrations/archived/v1.20.0/container-runtime-nvidia/build.rs deleted file mode 100644 index 51d16cf1b..000000000 --- a/sources/api/migration/migrations/archived/v1.20.0/container-runtime-nvidia/build.rs +++ /dev/null @@ -1,6 +0,0 @@ -use bottlerocket_variant::Variant; - -fn main() { - let variant = Variant::from_env().unwrap(); - variant.emit_cfgs(); -} diff --git a/sources/api/migration/migrations/archived/v1.20.0/container-runtime-nvidia/src/main.rs b/sources/api/migration/migrations/archived/v1.20.0/container-runtime-nvidia/src/main.rs deleted file mode 100644 index 1cb92bb17..000000000 --- a/sources/api/migration/migrations/archived/v1.20.0/container-runtime-nvidia/src/main.rs +++ /dev/null @@ -1,22 +0,0 @@ -use migration_helpers::common_migrations::{AddPrefixesMigration, NoOpMigration}; -use migration_helpers::{migrate, Result}; -use std::process; - -/// We added a new setting for configuring container runtime (containerd) settings only for NVIDIA k8s variants. -fn run() -> Result<()> { - if cfg!(variant_family = "aws-k8s") && cfg!(variant_flavor = "nvidia") { - migrate(AddPrefixesMigration(vec!["settings.container-runtime"])) - } else { - migrate(NoOpMigration) - } -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.20.0/corndog-config-file-v0-1-0/Cargo.toml b/sources/api/migration/migrations/archived/v1.20.0/corndog-config-file-v0-1-0/Cargo.toml deleted file mode 100644 index b9a029c22..000000000 --- a/sources/api/migration/migrations/archived/v1.20.0/corndog-config-file-v0-1-0/Cargo.toml +++ /dev/null @@ -1,13 +0,0 @@ -[package] -name = "corndog-config-file-v0-1-0" -version = "0.1.0" -edition = "2021" -authors = ["Jarrett Tierney "] -license = "Apache-2.0 OR MIT" -publish = false -exclude = ["README.md"] - -# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0" } diff --git a/sources/api/migration/migrations/archived/v1.20.0/corndog-config-file-v0-1-0/src/main.rs b/sources/api/migration/migrations/archived/v1.20.0/corndog-config-file-v0-1-0/src/main.rs deleted file mode 100644 index e1188eb34..000000000 --- a/sources/api/migration/migrations/archived/v1.20.0/corndog-config-file-v0-1-0/src/main.rs +++ /dev/null @@ -1,16 +0,0 @@ -use migration_helpers::common_migrations::AddPrefixesMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -fn run() -> Result<()> { - migrate(AddPrefixesMigration(vec![ - "configuration-files.corndog-toml", - ])) -} - -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.20.0/corndog-services-cfg-v0-1-0/Cargo.toml b/sources/api/migration/migrations/archived/v1.20.0/corndog-services-cfg-v0-1-0/Cargo.toml deleted file mode 100644 index 515037439..000000000 --- a/sources/api/migration/migrations/archived/v1.20.0/corndog-services-cfg-v0-1-0/Cargo.toml +++ /dev/null @@ -1,13 +0,0 @@ -[package] -name = "corndog-services-cfg-v0-1-0" -version = "0.1.0" -edition = "2021" -authors = ["Jarrett Tierney "] -license = "Apache-2.0 OR MIT" -publish = false -exclude = ["README.md"] - -# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0" } diff --git a/sources/api/migration/migrations/archived/v1.20.0/corndog-services-cfg-v0-1-0/src/main.rs b/sources/api/migration/migrations/archived/v1.20.0/corndog-services-cfg-v0-1-0/src/main.rs deleted file mode 100644 index 845e5b61b..000000000 --- a/sources/api/migration/migrations/archived/v1.20.0/corndog-services-cfg-v0-1-0/src/main.rs +++ /dev/null @@ -1,25 +0,0 @@ -use migration_helpers::common_migrations::{ListReplacement, ReplaceListsMigration}; -use migration_helpers::{migrate, Result}; -use std::process; - -fn run() -> Result<()> { - migrate(ReplaceListsMigration(vec![ - ListReplacement { - setting: "services.sysctl.configuration-files", - old_vals: &[], - new_vals: &["corndog-toml"], - }, - ListReplacement { - setting: "services.lockdown.configuration-files", - old_vals: &[], - new_vals: &["corndog-toml"], - }, - ])) -} - -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.20.0/host-containers-config-file-v0-1-0/Cargo.toml b/sources/api/migration/migrations/archived/v1.20.0/host-containers-config-file-v0-1-0/Cargo.toml deleted file mode 100644 index d38e35dc8..000000000 --- a/sources/api/migration/migrations/archived/v1.20.0/host-containers-config-file-v0-1-0/Cargo.toml +++ /dev/null @@ -1,11 +0,0 @@ -[package] -name = "host-containers-config-file-v0-1-0" -version = "0.1.0" -authors = ["Sam Berning "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0" } diff --git a/sources/api/migration/migrations/archived/v1.20.0/host-containers-config-file-v0-1-0/src/main.rs b/sources/api/migration/migrations/archived/v1.20.0/host-containers-config-file-v0-1-0/src/main.rs deleted file mode 100644 index 9ccf035d7..000000000 --- a/sources/api/migration/migrations/archived/v1.20.0/host-containers-config-file-v0-1-0/src/main.rs +++ /dev/null @@ -1,17 +0,0 @@ -use migration_helpers::common_migrations::AddPrefixesMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -// Create the new config file -fn run() -> Result<()> { - migrate(AddPrefixesMigration(vec![ - "configuration-files.host-containers-toml", - ])) -} - -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.20.0/host-containers-config-list-v0-1-0/Cargo.toml b/sources/api/migration/migrations/archived/v1.20.0/host-containers-config-list-v0-1-0/Cargo.toml deleted file mode 100644 index 21a9d08a6..000000000 --- a/sources/api/migration/migrations/archived/v1.20.0/host-containers-config-list-v0-1-0/Cargo.toml +++ /dev/null @@ -1,11 +0,0 @@ -[package] -name = "host-containers-config-list-v0-1-0" -version = "0.1.0" -authors = ["Sam Berning "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0" } diff --git a/sources/api/migration/migrations/archived/v1.20.0/host-containers-config-list-v0-1-0/src/main.rs b/sources/api/migration/migrations/archived/v1.20.0/host-containers-config-list-v0-1-0/src/main.rs deleted file mode 100644 index cbcb697b7..000000000 --- a/sources/api/migration/migrations/archived/v1.20.0/host-containers-config-list-v0-1-0/src/main.rs +++ /dev/null @@ -1,19 +0,0 @@ -use migration_helpers::common_migrations::{ListReplacement, ReplaceListsMigration}; -use migration_helpers::{migrate, Result}; -use std::process; - -// Add new config file to host-containers -fn run() -> Result<()> { - migrate(ReplaceListsMigration(vec![ListReplacement { - setting: "services.host-containers.configuration-files", - old_vals: &["host-ctr-toml"], - new_vals: &["host-ctr-toml", "host-containers-toml"], - }])) -} - -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.20.0/prairiedog-config-file-v0-1-0/Cargo.toml b/sources/api/migration/migrations/archived/v1.20.0/prairiedog-config-file-v0-1-0/Cargo.toml deleted file mode 100644 index 524c7e687..000000000 --- a/sources/api/migration/migrations/archived/v1.20.0/prairiedog-config-file-v0-1-0/Cargo.toml +++ /dev/null @@ -1,13 +0,0 @@ -[package] -name = "prairiedog-config-file-v0-1-0" -version = "0.1.0" -authors = ["Jarrett Tierney "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false -exclude = ["README.md"] - -# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0" } diff --git a/sources/api/migration/migrations/archived/v1.20.0/prairiedog-config-file-v0-1-0/src/main.rs b/sources/api/migration/migrations/archived/v1.20.0/prairiedog-config-file-v0-1-0/src/main.rs deleted file mode 100644 index 7d89c43fb..000000000 --- a/sources/api/migration/migrations/archived/v1.20.0/prairiedog-config-file-v0-1-0/src/main.rs +++ /dev/null @@ -1,16 +0,0 @@ -use migration_helpers::common_migrations::AddPrefixesMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -fn run() -> Result<()> { - migrate(AddPrefixesMigration(vec![ - "configuration-files.prairiedog-toml", - ])) -} - -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.20.0/prairiedog-services-cfg-v0-1-0/Cargo.toml b/sources/api/migration/migrations/archived/v1.20.0/prairiedog-services-cfg-v0-1-0/Cargo.toml deleted file mode 100644 index 44d43d764..000000000 --- a/sources/api/migration/migrations/archived/v1.20.0/prairiedog-services-cfg-v0-1-0/Cargo.toml +++ /dev/null @@ -1,13 +0,0 @@ -[package] -name = "prairiedog-services-cfg-v0-1-0" -version = "0.1.0" -authors = ["Jarrett Tierney "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false -exclude = ["README.md"] - -# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0" } diff --git a/sources/api/migration/migrations/archived/v1.20.0/prairiedog-services-cfg-v0-1-0/src/main.rs b/sources/api/migration/migrations/archived/v1.20.0/prairiedog-services-cfg-v0-1-0/src/main.rs deleted file mode 100644 index 391529368..000000000 --- a/sources/api/migration/migrations/archived/v1.20.0/prairiedog-services-cfg-v0-1-0/src/main.rs +++ /dev/null @@ -1,18 +0,0 @@ -use migration_helpers::common_migrations::{ListReplacement, ReplaceListsMigration}; -use migration_helpers::{migrate, Result}; -use std::process; - -fn run() -> Result<()> { - migrate(ReplaceListsMigration(vec![ListReplacement { - setting: "services.bootconfig.configuration-files", - old_vals: &[], - new_vals: &["prairiedog-toml"], - }])) -} - -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.20.0/public-admin-container-v0-11-8/Cargo.toml b/sources/api/migration/migrations/archived/v1.20.0/public-admin-container-v0-11-8/Cargo.toml deleted file mode 100644 index e672d43df..000000000 --- a/sources/api/migration/migrations/archived/v1.20.0/public-admin-container-v0-11-8/Cargo.toml +++ /dev/null @@ -1,16 +0,0 @@ -[package] -name = "public-admin-container-v0-11-8" -version = "0.1.0" -authors = ["Kyle Sessions "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - - -# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} - diff --git a/sources/api/migration/migrations/archived/v1.20.0/public-admin-container-v0-11-8/src/main.rs b/sources/api/migration/migrations/archived/v1.20.0/public-admin-container-v0-11-8/src/main.rs deleted file mode 100644 index 3a07b4681..000000000 --- a/sources/api/migration/migrations/archived/v1.20.0/public-admin-container-v0-11-8/src/main.rs +++ /dev/null @@ -1,25 +0,0 @@ -use migration_helpers::common_migrations::ReplaceStringMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -const OLD_ADMIN_CTR_SOURCE_VAL: &str = "public.ecr.aws/bottlerocket/bottlerocket-admin:v0.11.7"; -const NEW_ADMIN_CTR_SOURCE_VAL: &str = "public.ecr.aws/bottlerocket/bottlerocket-admin:v0.11.8"; - -/// We bumped the version of the default admin container -fn run() -> Result<()> { - migrate(ReplaceStringMigration { - setting: "settings.host-containers.admin.source", - old_val: OLD_ADMIN_CTR_SOURCE_VAL, - new_val: NEW_ADMIN_CTR_SOURCE_VAL, - }) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.20.0/public-control-container-v0-7-12/Cargo.toml b/sources/api/migration/migrations/archived/v1.20.0/public-control-container-v0-7-12/Cargo.toml deleted file mode 100644 index 71bde12e1..000000000 --- a/sources/api/migration/migrations/archived/v1.20.0/public-control-container-v0-7-12/Cargo.toml +++ /dev/null @@ -1,16 +0,0 @@ -[package] -name = "public-control-container-v0-7-12" -version = "0.1.0" -authors = ["Kyle Sessions "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - - -# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} - diff --git a/sources/api/migration/migrations/archived/v1.20.0/public-control-container-v0-7-12/src/main.rs b/sources/api/migration/migrations/archived/v1.20.0/public-control-container-v0-7-12/src/main.rs deleted file mode 100644 index e2b5ede4d..000000000 --- a/sources/api/migration/migrations/archived/v1.20.0/public-control-container-v0-7-12/src/main.rs +++ /dev/null @@ -1,25 +0,0 @@ -use migration_helpers::common_migrations::ReplaceStringMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -const OLD_CONTROL_CTR_SOURCE_VAL: &str = "public.ecr.aws/bottlerocket/bottlerocket-control:v0.7.11"; -const NEW_CONTROL_CTR_SOURCE_VAL: &str = "public.ecr.aws/bottlerocket/bottlerocket-control:v0.7.12"; - -/// We bumped the version of the default control container -fn run() -> Result<()> { - migrate(ReplaceStringMigration { - setting: "settings.host-containers.control.source", - old_val: OLD_CONTROL_CTR_SOURCE_VAL, - new_val: NEW_CONTROL_CTR_SOURCE_VAL, - }) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.20.0/remove-ecs-settings-applier/Cargo.toml b/sources/api/migration/migrations/archived/v1.20.0/remove-ecs-settings-applier/Cargo.toml deleted file mode 100644 index dfa69e1af..000000000 --- a/sources/api/migration/migrations/archived/v1.20.0/remove-ecs-settings-applier/Cargo.toml +++ /dev/null @@ -1,13 +0,0 @@ -[package] -name = "remove-ecs-settings-applier" -version = "0.1.0" -edition = "2021" -authors = ["Arnaldo Garcia "] -license = "Apache-2.0 OR MIT" -publish = false -exclude = ["README.md"] - -# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0" } diff --git a/sources/api/migration/migrations/archived/v1.20.0/remove-ecs-settings-applier/src/main.rs b/sources/api/migration/migrations/archived/v1.20.0/remove-ecs-settings-applier/src/main.rs deleted file mode 100644 index b3b5a69b0..000000000 --- a/sources/api/migration/migrations/archived/v1.20.0/remove-ecs-settings-applier/src/main.rs +++ /dev/null @@ -1,23 +0,0 @@ -use migration_helpers::common_migrations::{ListReplacement, ReplaceListsMigration}; -use migration_helpers::{migrate, Result}; -use std::process; - -/// We updated the 'affected-services' list metadata for 'settings.ecs' to remove -/// ecs-settings-applier on upgrade, and to add it on downgrade. -fn run() -> Result<()> { - migrate(ReplaceListsMigration(vec![ListReplacement { - setting: "services.ecs.restart-commands", - old_vals: &[ - "/usr/bin/ecs-settings-applier", - "/bin/systemctl try-reload-or-restart ecs.service", - ], - new_vals: &["/bin/systemctl try-reload-or-restart ecs.service"], - }])) -} - -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.20.0/static-pods-add-prefix-v0-1-0/Cargo.toml b/sources/api/migration/migrations/archived/v1.20.0/static-pods-add-prefix-v0-1-0/Cargo.toml deleted file mode 100644 index 08354cf08..000000000 --- a/sources/api/migration/migrations/archived/v1.20.0/static-pods-add-prefix-v0-1-0/Cargo.toml +++ /dev/null @@ -1,11 +0,0 @@ -[package] -name = "static-pods-add-prefix-v0-1-0" -version = "0.1.0" -authors = ["Jarrett Tierney "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0" } diff --git a/sources/api/migration/migrations/archived/v1.20.0/static-pods-add-prefix-v0-1-0/src/main.rs b/sources/api/migration/migrations/archived/v1.20.0/static-pods-add-prefix-v0-1-0/src/main.rs deleted file mode 100644 index c0a95ae71..000000000 --- a/sources/api/migration/migrations/archived/v1.20.0/static-pods-add-prefix-v0-1-0/src/main.rs +++ /dev/null @@ -1,16 +0,0 @@ -use migration_helpers::common_migrations::AddPrefixesMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -fn run() -> Result<()> { - migrate(AddPrefixesMigration(vec![ - "configuration-files.static-pods-toml", - ])) -} - -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.20.0/static-pods-services-cfg-v0-1-0/Cargo.toml b/sources/api/migration/migrations/archived/v1.20.0/static-pods-services-cfg-v0-1-0/Cargo.toml deleted file mode 100644 index f1e72224c..000000000 --- a/sources/api/migration/migrations/archived/v1.20.0/static-pods-services-cfg-v0-1-0/Cargo.toml +++ /dev/null @@ -1,11 +0,0 @@ -[package] -name = "static-pods-services-cfg-v0-1-0" -version = "0.1.0" -authors = ["Jarrett Tierney "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0" } diff --git a/sources/api/migration/migrations/archived/v1.20.0/static-pods-services-cfg-v0-1-0/src/main.rs b/sources/api/migration/migrations/archived/v1.20.0/static-pods-services-cfg-v0-1-0/src/main.rs deleted file mode 100644 index 6c170aa6f..000000000 --- a/sources/api/migration/migrations/archived/v1.20.0/static-pods-services-cfg-v0-1-0/src/main.rs +++ /dev/null @@ -1,18 +0,0 @@ -use migration_helpers::common_migrations::{ListReplacement, ReplaceListsMigration}; -use migration_helpers::{migrate, Result}; -use std::process; - -fn run() -> Result<()> { - migrate(ReplaceListsMigration(vec![ListReplacement { - setting: "services.static-pods.configuration-files", - old_vals: &[], - new_vals: &["static-pods-toml"], - }])) -} - -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.20.0/thar-be-updates-affected-services-v0-1-0/Cargo.toml b/sources/api/migration/migrations/archived/v1.20.0/thar-be-updates-affected-services-v0-1-0/Cargo.toml deleted file mode 100644 index c9c247791..000000000 --- a/sources/api/migration/migrations/archived/v1.20.0/thar-be-updates-affected-services-v0-1-0/Cargo.toml +++ /dev/null @@ -1,11 +0,0 @@ -[package] -name = "thar-be-updates-affected-services-v0-1-0" -version = "0.1.0" -authors = ["Jarrett Tierney "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0" } diff --git a/sources/api/migration/migrations/archived/v1.20.0/thar-be-updates-affected-services-v0-1-0/src/main.rs b/sources/api/migration/migrations/archived/v1.20.0/thar-be-updates-affected-services-v0-1-0/src/main.rs deleted file mode 100644 index 31ae155ce..000000000 --- a/sources/api/migration/migrations/archived/v1.20.0/thar-be-updates-affected-services-v0-1-0/src/main.rs +++ /dev/null @@ -1,21 +0,0 @@ -use migration_helpers::common_migrations::{ - MetadataListReplacement, ReplaceMetadataListsMigration, -}; -use migration_helpers::{migrate, Result}; -use std::process; -fn run() -> Result<()> { - migrate(ReplaceMetadataListsMigration(vec![ - MetadataListReplacement { - setting: "settings.updates", - metadata: "affected-services", - old_vals: &["updog"], - new_vals: &["updog", "thar-be-updates"], - }, - ])) -} -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.20.0/thar-be-updates-config-file-v0-1-0/Cargo.toml b/sources/api/migration/migrations/archived/v1.20.0/thar-be-updates-config-file-v0-1-0/Cargo.toml deleted file mode 100644 index b164d18a1..000000000 --- a/sources/api/migration/migrations/archived/v1.20.0/thar-be-updates-config-file-v0-1-0/Cargo.toml +++ /dev/null @@ -1,13 +0,0 @@ -[package] -name = "thar-be-updates-config-file-v0-1-0" -version = "0.1.0" -edition = "2021" -authors = ["Jarrett Tierney "] -license = "Apache-2.0 OR MIT" -publish = false -exclude = ["README.md"] - -# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0" } diff --git a/sources/api/migration/migrations/archived/v1.20.0/thar-be-updates-config-file-v0-1-0/src/main.rs b/sources/api/migration/migrations/archived/v1.20.0/thar-be-updates-config-file-v0-1-0/src/main.rs deleted file mode 100644 index 96101e6f5..000000000 --- a/sources/api/migration/migrations/archived/v1.20.0/thar-be-updates-config-file-v0-1-0/src/main.rs +++ /dev/null @@ -1,17 +0,0 @@ -use migration_helpers::common_migrations::AddPrefixesMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -fn run() -> Result<()> { - migrate(AddPrefixesMigration(vec![ - "configuration-files.thar-be-updates-toml", - "services.thar-be-updates", - ])) -} - -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.20.0/update-ecs-config-path/Cargo.toml b/sources/api/migration/migrations/archived/v1.20.0/update-ecs-config-path/Cargo.toml deleted file mode 100644 index bb7710d54..000000000 --- a/sources/api/migration/migrations/archived/v1.20.0/update-ecs-config-path/Cargo.toml +++ /dev/null @@ -1,13 +0,0 @@ -[package] -name = "update-ecs-config-path" -version = "0.1.0" -edition = "2021" -authors = ["Arnaldo Garcia "] -license = "Apache-2.0 OR MIT" -publish = false -exclude = ["README.md"] - -# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0" } diff --git a/sources/api/migration/migrations/archived/v1.20.0/update-ecs-config-path/src/main.rs b/sources/api/migration/migrations/archived/v1.20.0/update-ecs-config-path/src/main.rs deleted file mode 100644 index bed7e5fe1..000000000 --- a/sources/api/migration/migrations/archived/v1.20.0/update-ecs-config-path/src/main.rs +++ /dev/null @@ -1,19 +0,0 @@ -use migration_helpers::common_migrations::ReplaceStringMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -/// We updated the 'path' string for 'ecs-config' -fn run() -> Result<()> { - migrate(ReplaceStringMigration { - setting: "configuration-files.ecs-config.path", - old_val: "/etc/ecs/ecs.config", - new_val: "/etc/systemd/system/ecs.service.d/10-base.conf", - }) -} - -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.20.0/update-ecs-config-template-path/Cargo.toml b/sources/api/migration/migrations/archived/v1.20.0/update-ecs-config-template-path/Cargo.toml deleted file mode 100644 index fe708b0f9..000000000 --- a/sources/api/migration/migrations/archived/v1.20.0/update-ecs-config-template-path/Cargo.toml +++ /dev/null @@ -1,13 +0,0 @@ -[package] -name = "update-ecs-config-template-path" -version = "0.1.0" -edition = "2021" -authors = ["Arnaldo Garcia "] -license = "Apache-2.0 OR MIT" -publish = false -exclude = ["README.md"] - -# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0" } diff --git a/sources/api/migration/migrations/archived/v1.20.0/update-ecs-config-template-path/src/main.rs b/sources/api/migration/migrations/archived/v1.20.0/update-ecs-config-template-path/src/main.rs deleted file mode 100644 index 08046bb79..000000000 --- a/sources/api/migration/migrations/archived/v1.20.0/update-ecs-config-template-path/src/main.rs +++ /dev/null @@ -1,19 +0,0 @@ -use migration_helpers::common_migrations::ReplaceStringMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -/// We updated the 'template-path' for 'ecs-config' -fn run() -> Result<()> { - migrate(ReplaceStringMigration { - setting: "configuration-files.ecs-config.template-path", - old_val: "/usr/share/templates/ecs.config", - new_val: "/usr/share/templates/ecs-base-conf", - }) -} - -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.3.0/control-container-v0-5-2/Cargo.toml b/sources/api/migration/migrations/archived/v1.3.0/control-container-v0-5-2/Cargo.toml deleted file mode 100644 index f907aa469..000000000 --- a/sources/api/migration/migrations/archived/v1.3.0/control-container-v0-5-2/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "control-container-v0-5-2" -version = "0.1.0" -authors = ["Patrick J.P. Culp "] -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0" } diff --git a/sources/api/migration/migrations/archived/v1.3.0/control-container-v0-5-2/src/main.rs b/sources/api/migration/migrations/archived/v1.3.0/control-container-v0-5-2/src/main.rs deleted file mode 100644 index 889d4440e..000000000 --- a/sources/api/migration/migrations/archived/v1.3.0/control-container-v0-5-2/src/main.rs +++ /dev/null @@ -1,27 +0,0 @@ -use migration_helpers::common_migrations::ReplaceTemplateMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -const OLD_CONTROL_CTR_TEMPLATE: &str = - "{{ ecr-prefix settings.aws.region }}/bottlerocket-control:v0.5.1"; -const NEW_CONTROL_CTR_TEMPLATE: &str = - "{{ ecr-prefix settings.aws.region }}/bottlerocket-control:v0.5.2"; - -/// We bumped the version of the default control container from v0.5.1 to v0.5.2 -fn run() -> Result<()> { - migrate(ReplaceTemplateMigration { - setting: "settings.host-containers.control.source", - old_template: OLD_CONTROL_CTR_TEMPLATE, - new_template: NEW_CONTROL_CTR_TEMPLATE, - }) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.3.0/etc-hosts-service/Cargo.toml b/sources/api/migration/migrations/archived/v1.3.0/etc-hosts-service/Cargo.toml deleted file mode 100644 index 5c5c79aa4..000000000 --- a/sources/api/migration/migrations/archived/v1.3.0/etc-hosts-service/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "etc-hosts-service" -version = "0.1.0" -authors = ["Zac Mrowicki "] -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0" } diff --git a/sources/api/migration/migrations/archived/v1.3.0/etc-hosts-service/src/main.rs b/sources/api/migration/migrations/archived/v1.3.0/etc-hosts-service/src/main.rs deleted file mode 100644 index 81105acf8..000000000 --- a/sources/api/migration/migrations/archived/v1.3.0/etc-hosts-service/src/main.rs +++ /dev/null @@ -1,21 +0,0 @@ -use migration_helpers::common_migrations::AddPrefixesMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -/// We added a new setting and generator for configuring hostname -fn run() -> Result<()> { - migrate(AddPrefixesMigration(vec![ - "services.hosts", - "configuration-files.hosts", - ])) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.3.0/hostname-affects-etc-hosts/Cargo.toml b/sources/api/migration/migrations/archived/v1.3.0/hostname-affects-etc-hosts/Cargo.toml deleted file mode 100644 index 14661ad7c..000000000 --- a/sources/api/migration/migrations/archived/v1.3.0/hostname-affects-etc-hosts/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "hostname-affects-etc-hosts" -version = "0.1.0" -authors = ["Zac Mrowicki "] -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0" } diff --git a/sources/api/migration/migrations/archived/v1.3.0/hostname-affects-etc-hosts/src/main.rs b/sources/api/migration/migrations/archived/v1.3.0/hostname-affects-etc-hosts/src/main.rs deleted file mode 100644 index 7f65de221..000000000 --- a/sources/api/migration/migrations/archived/v1.3.0/hostname-affects-etc-hosts/src/main.rs +++ /dev/null @@ -1,28 +0,0 @@ -use migration_helpers::common_migrations::{ - MetadataListReplacement, ReplaceMetadataListsMigration, -}; -use migration_helpers::{migrate, Result}; -use std::process; - -/// We updated the 'affected-services' list metadata for 'settings.network.hostname' to include the -/// hosts "service" on upgrade, and to remove it on downgrade. -fn run() -> Result<()> { - migrate(ReplaceMetadataListsMigration(vec![ - MetadataListReplacement { - setting: "settings.network.hostname", - metadata: "affected-services", - old_vals: &["hostname"], - new_vals: &["hostname", "hosts"], - }, - ])) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.4.0/registry-mirror-representation/Cargo.toml b/sources/api/migration/migrations/archived/v1.4.0/registry-mirror-representation/Cargo.toml deleted file mode 100644 index 3774b434f..000000000 --- a/sources/api/migration/migrations/archived/v1.4.0/registry-mirror-representation/Cargo.toml +++ /dev/null @@ -1,13 +0,0 @@ -[package] -name = "registry-mirror-representation" -version = "0.1.0" -authors = ["Erikson Tung "] -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} -serde_json = "1.0" diff --git a/sources/api/migration/migrations/archived/v1.4.0/registry-mirror-representation/src/main.rs b/sources/api/migration/migrations/archived/v1.4.0/registry-mirror-representation/src/main.rs deleted file mode 100644 index 01acb1200..000000000 --- a/sources/api/migration/migrations/archived/v1.4.0/registry-mirror-representation/src/main.rs +++ /dev/null @@ -1,131 +0,0 @@ -use migration_helpers::{migrate, Migration, MigrationData, Result}; -use serde_json::{Map, Value}; -use std::collections::HashMap; -use std::process; - -const MIRRORS_SETTING_NAME: &'static str = "settings.container-registry.mirrors"; -const DATASTORE_KEY_SEPARATOR: char = '.'; - -/// This migration changes the model type of `settings.container-registry.mirrors` from `HashMap>` -/// to `Vec` on upgrade and vice-versa on downgrades. -pub struct ChangeRegistryMirrorsType; - -// Snapshot of the `datastore::Key::valid_character` method in Bottlerocket version 1.3.0 -// -// Determines whether a character is acceptable within a segment of a key name. This is -// separate from quoting; if a character isn't valid, it isn't valid quoted, either. -fn valid_character(c: char) -> bool { - match c { - 'a'..='z' | 'A'..='Z' | '0'..='9' | '_' | '-' | '/' => true, - _ => false, - } -} - -impl Migration for ChangeRegistryMirrorsType { - /// Newer versions store `settings.container-registry.mirrors` as `Vec`. - /// Need to convert from `HashMap>`. - fn forward(&mut self, mut input: MigrationData) -> Result { - let mirrors: HashMap<_, _> = input - .data - .iter() - .filter(|&(k, _)| k.starts_with(format!("{}.", MIRRORS_SETTING_NAME).as_str())) - .map(|(k, v)| (k.to_owned(), v.to_owned())) - .collect(); - let mut new_mirrors = Vec::new(); - for (setting, endpoint) in mirrors { - // Get the registry name from the settings name. Trim any quotes the settings name might have. - let registry = setting - .strip_prefix(&format!("{}.", MIRRORS_SETTING_NAME)) - .unwrap_or_default() - .trim_matches('"'); - let mut registry_mirrors = Map::new(); - registry_mirrors.insert("registry".to_string(), Value::String(registry.to_string())); - registry_mirrors.insert("endpoint".to_string(), endpoint.to_owned()); - new_mirrors.push(Value::Object(registry_mirrors)); - if let Some(data) = input.data.remove(&setting) { - println!("Removed setting '{}', which was set to '{}'", setting, data); - } - } - let data = Value::Array(new_mirrors); - println!( - "Creating new setting '{}', which is set to '{}'", - MIRRORS_SETTING_NAME, &data - ); - input.data.insert(MIRRORS_SETTING_NAME.to_string(), data); - Ok(input) - } - - /// Older versions store `settings.container-registry.mirrors` as `HashMap>`. - /// Need to convert from `Vec`. - fn backward(&mut self, mut input: MigrationData) -> Result { - if let Some(data) = input.data.get_mut(MIRRORS_SETTING_NAME).cloned() { - match data { - Value::Array(arr) => { - if let Some(data) = input.data.remove(MIRRORS_SETTING_NAME) { - println!( - "Removed setting '{}', which was set to '{}'", - MIRRORS_SETTING_NAME, data - ); - } - for obj in arr { - if let Some(obj) = obj.as_object() { - if let (Some(registry), Some(endpoint)) = ( - obj.get("registry").and_then(|s| s.as_str()), - obj.get("endpoint"), - ) { - // Ensure the registry contains valid datastore key characters. - // If we encounter any invalid key characters, we skip writing out - // the setting key to prevent breakage of the datastore. - if registry - .chars() - .all(|c| valid_character(c) || c == DATASTORE_KEY_SEPARATOR) - { - let setting_name = - format!(r#"{}."{}""#, MIRRORS_SETTING_NAME, registry); - println!( - "Creating new setting '{}', which is set to '{}'", - setting_name, &endpoint - ); - input.data.insert(setting_name, endpoint.to_owned()); - } else { - eprintln!( - "Container registry '{}' contains invalid datastore key character(s). Skipping to prevent datastore breakage...", - registry - ); - } - } - } else { - println!( - "'{}' contains non-JSON Object value: '{}'.", - MIRRORS_SETTING_NAME, obj - ); - } - } - } - _ => { - println!( - "'{}' is not a JSON Array value: '{}'.", - MIRRORS_SETTING_NAME, data - ); - } - } - } else { - println!("Didn't find setting '{}'", MIRRORS_SETTING_NAME); - } - Ok(input) - } -} - -fn run() -> Result<()> { - migrate(ChangeRegistryMirrorsType) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.4.2/admin-container-v0-7-3/Cargo.toml b/sources/api/migration/migrations/archived/v1.4.2/admin-container-v0-7-3/Cargo.toml deleted file mode 100644 index adf217feb..000000000 --- a/sources/api/migration/migrations/archived/v1.4.2/admin-container-v0-7-3/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "admin-container-v0-7-3" -version = "0.1.0" -authors = ["Erikson Tung "] -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.4.2/admin-container-v0-7-3/src/main.rs b/sources/api/migration/migrations/archived/v1.4.2/admin-container-v0-7-3/src/main.rs deleted file mode 100644 index 71e8462b4..000000000 --- a/sources/api/migration/migrations/archived/v1.4.2/admin-container-v0-7-3/src/main.rs +++ /dev/null @@ -1,27 +0,0 @@ -use migration_helpers::common_migrations::ReplaceTemplateMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -const OLD_ADMIN_CTR_TEMPLATE: &str = - "{{ ecr-prefix settings.aws.region }}/bottlerocket-admin:v0.7.2"; -const NEW_ADMIN_CTR_TEMPLATE: &str = - "{{ ecr-prefix settings.aws.region }}/bottlerocket-admin:v0.7.3"; - -/// We bumped the version of the default admin container from v0.7.2 to v0.7.3 -fn run() -> Result<()> { - migrate(ReplaceTemplateMigration { - setting: "settings.host-containers.admin.source", - old_template: OLD_ADMIN_CTR_TEMPLATE, - new_template: NEW_ADMIN_CTR_TEMPLATE, - }) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.4.2/control-container-v0-5-3/Cargo.toml b/sources/api/migration/migrations/archived/v1.4.2/control-container-v0-5-3/Cargo.toml deleted file mode 100644 index 994c10aa2..000000000 --- a/sources/api/migration/migrations/archived/v1.4.2/control-container-v0-5-3/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "control-container-v0-5-3" -version = "0.1.0" -authors = ["Erikson Tung "] -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.4.2/control-container-v0-5-3/src/main.rs b/sources/api/migration/migrations/archived/v1.4.2/control-container-v0-5-3/src/main.rs deleted file mode 100644 index a068ef296..000000000 --- a/sources/api/migration/migrations/archived/v1.4.2/control-container-v0-5-3/src/main.rs +++ /dev/null @@ -1,27 +0,0 @@ -use migration_helpers::common_migrations::ReplaceTemplateMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -const OLD_CONTROL_CTR_TEMPLATE: &str = - "{{ ecr-prefix settings.aws.region }}/bottlerocket-control:v0.5.2"; -const NEW_CONTROL_CTR_TEMPLATE: &str = - "{{ ecr-prefix settings.aws.region }}/bottlerocket-control:v0.5.3"; - -/// We bumped the version of the default control container from v0.5.2 to v0.5.3 -fn run() -> Result<()> { - migrate(ReplaceTemplateMigration { - setting: "settings.host-containers.control.source", - old_template: OLD_CONTROL_CTR_TEMPLATE, - new_template: NEW_CONTROL_CTR_TEMPLATE, - }) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.5.0/oci-hooks-setting-metadata/Cargo.toml b/sources/api/migration/migrations/archived/v1.5.0/oci-hooks-setting-metadata/Cargo.toml deleted file mode 100644 index 71daaa38b..000000000 --- a/sources/api/migration/migrations/archived/v1.5.0/oci-hooks-setting-metadata/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "oci-hooks-setting-metadata" -version = "0.1.0" -authors = ["Arnaldo Garcia "] -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.5.0/oci-hooks-setting-metadata/src/main.rs b/sources/api/migration/migrations/archived/v1.5.0/oci-hooks-setting-metadata/src/main.rs deleted file mode 100644 index 094cd9c7c..000000000 --- a/sources/api/migration/migrations/archived/v1.5.0/oci-hooks-setting-metadata/src/main.rs +++ /dev/null @@ -1,21 +0,0 @@ -use migration_helpers::common_migrations::{AddMetadataMigration, SettingMetadata}; -use migration_helpers::{migrate, Result}; -use std::process; - -/// We added a new setting and generator for configuring oci hooks -fn run() -> Result<()> { - migrate(AddMetadataMigration(&[SettingMetadata { - metadata: &["affected-services"], - setting: "settings.oci-hooks", - }])) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.5.0/oci-hooks-setting/Cargo.toml b/sources/api/migration/migrations/archived/v1.5.0/oci-hooks-setting/Cargo.toml deleted file mode 100644 index 7e5a8672b..000000000 --- a/sources/api/migration/migrations/archived/v1.5.0/oci-hooks-setting/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "oci-hooks-setting" -version = "0.1.0" -authors = ["Arnaldo Garcia "] -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.5.0/oci-hooks-setting/src/main.rs b/sources/api/migration/migrations/archived/v1.5.0/oci-hooks-setting/src/main.rs deleted file mode 100644 index bfedf97d5..000000000 --- a/sources/api/migration/migrations/archived/v1.5.0/oci-hooks-setting/src/main.rs +++ /dev/null @@ -1,22 +0,0 @@ -use migration_helpers::common_migrations::AddPrefixesMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -/// We added a new setting and generator for configuring oci hooks -fn run() -> Result<()> { - migrate(AddPrefixesMigration(vec![ - "settings.oci-hooks", - "services.oci-hooks", - "configuration-files.oci-hooks", - ])) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.5.1/control-container-v0-5-4/Cargo.toml b/sources/api/migration/migrations/archived/v1.5.1/control-container-v0-5-4/Cargo.toml deleted file mode 100644 index 2a167fee2..000000000 --- a/sources/api/migration/migrations/archived/v1.5.1/control-container-v0-5-4/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "control-container-v0-5-4" -version = "0.1.0" -authors = ["Patrick J.P. Culp "] -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0" } diff --git a/sources/api/migration/migrations/archived/v1.5.1/control-container-v0-5-4/src/main.rs b/sources/api/migration/migrations/archived/v1.5.1/control-container-v0-5-4/src/main.rs deleted file mode 100644 index 3996fb485..000000000 --- a/sources/api/migration/migrations/archived/v1.5.1/control-container-v0-5-4/src/main.rs +++ /dev/null @@ -1,27 +0,0 @@ -use migration_helpers::common_migrations::ReplaceTemplateMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -const OLD_CONTROL_CTR_TEMPLATE: &str = - "{{ ecr-prefix settings.aws.region }}/bottlerocket-control:v0.5.3"; -const NEW_CONTROL_CTR_TEMPLATE: &str = - "{{ ecr-prefix settings.aws.region }}/bottlerocket-control:v0.5.4"; - -/// We bumped the version of the default control container from v0.5.3 to v0.5.4 -fn run() -> Result<()> { - migrate(ReplaceTemplateMigration { - setting: "settings.host-containers.control.source", - old_template: OLD_CONTROL_CTR_TEMPLATE, - new_template: NEW_CONTROL_CTR_TEMPLATE, - }) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.5.3/vmware-host-containers/Cargo.toml b/sources/api/migration/migrations/archived/v1.5.3/vmware-host-containers/Cargo.toml deleted file mode 100644 index e7d6cec5b..000000000 --- a/sources/api/migration/migrations/archived/v1.5.3/vmware-host-containers/Cargo.toml +++ /dev/null @@ -1,13 +0,0 @@ -[package] -name = "vmware-host-containers" -version = "0.1.0" -authors = ["Erikson Tung "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -serde_json = "1" -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.5.3/vmware-host-containers/src/main.rs b/sources/api/migration/migrations/archived/v1.5.3/vmware-host-containers/src/main.rs deleted file mode 100644 index 4f42f465e..000000000 --- a/sources/api/migration/migrations/archived/v1.5.3/vmware-host-containers/src/main.rs +++ /dev/null @@ -1,109 +0,0 @@ -use migration_helpers::{migrate, Migration, MigrationData, Result}; -use std::process; - -const ADMIN_CONTAINER_SOURCE_SETTING_NAME: &str = "settings.host-containers.admin.source"; -const ADMIN_CONTAINER_IMAGE_REPOSITORY: &str = "public.ecr.aws/bottlerocket/bottlerocket-admin"; -const PREVIOUS_ADMIN_CONTAINER_VERSIONS: &[&str] = &["v0.7.0", "v0.7.1", "v0.7.2"]; -const TARGET_ADMIN_CONTAINER_VERSION: &str = "v0.7.3"; - -const CONTROL_CONTAINER_SOURCE_SETTING_NAME: &str = "settings.host-containers.control.source"; -const CONTROL_CONTAINER_IMAGE_REPOSITORY: &str = "public.ecr.aws/bottlerocket/bottlerocket-control"; -const PREVIOUS_CONTROL_CONTAINER_VERSIONS: &[&str] = &["v0.5.0", "v0.5.1", "v0.5.2", "v0.5.3"]; -const TARGET_CONTROL_CONTAINER_VERSION: &str = "v0.5.4"; - -pub struct VmwareHostContainerVersions; - -impl Migration for VmwareHostContainerVersions { - fn forward(&mut self, mut input: MigrationData) -> Result { - // For admin container - if let Some(data) = input.data.get_mut(ADMIN_CONTAINER_SOURCE_SETTING_NAME) { - match data { - serde_json::Value::String(source) => { - for ver in PREVIOUS_ADMIN_CONTAINER_VERSIONS { - let prev_source = format!("{}:{}", ADMIN_CONTAINER_IMAGE_REPOSITORY, ver); - if *source == prev_source { - *source = format!( - "{}:{}", - ADMIN_CONTAINER_IMAGE_REPOSITORY, TARGET_ADMIN_CONTAINER_VERSION - ); - println!( - "Changed value of '{}' from '{}' to '{}' on upgrade", - ADMIN_CONTAINER_SOURCE_SETTING_NAME, prev_source, source - ); - break; - } - } - } - _ => { - println!( - "'{}' is set to non-string value '{}'", - ADMIN_CONTAINER_SOURCE_SETTING_NAME, data - ); - } - } - } else { - println!( - "Found no '{}' to change on upgrade", - ADMIN_CONTAINER_SOURCE_SETTING_NAME - ); - } - - // For control container - if let Some(data) = input.data.get_mut(CONTROL_CONTAINER_SOURCE_SETTING_NAME) { - match data { - serde_json::Value::String(source) => { - for ver in PREVIOUS_CONTROL_CONTAINER_VERSIONS { - let prev_source = format!("{}:{}", CONTROL_CONTAINER_IMAGE_REPOSITORY, ver); - if *source == prev_source { - *source = format!( - "{}:{}", - CONTROL_CONTAINER_IMAGE_REPOSITORY, - TARGET_CONTROL_CONTAINER_VERSION - ); - println!( - "Changed value of '{}' from '{}' to '{}' on upgrade", - CONTROL_CONTAINER_SOURCE_SETTING_NAME, prev_source, source - ); - break; - } - } - } - _ => { - println!( - "'{}' is set to non-string value '{}'", - CONTROL_CONTAINER_SOURCE_SETTING_NAME, data - ); - } - } - } else { - println!( - "Found no '{}' to change on upgrade", - CONTROL_CONTAINER_SOURCE_SETTING_NAME - ); - } - - Ok(input) - } - - fn backward(&mut self, input: MigrationData) -> Result { - // It's unclear what version of the host-containers we should downgrade to since it could - // be any of the older host-container versions. - // We can just stay on the latest host-container version since there are no breaking changes. - println!("Vmware host-container versions migration has no work to do on downgrade"); - Ok(input) - } -} - -fn run() -> Result<()> { - migrate(VmwareHostContainerVersions) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.6.0/aws-admin-container-v0-7-4/Cargo.toml b/sources/api/migration/migrations/archived/v1.6.0/aws-admin-container-v0-7-4/Cargo.toml deleted file mode 100644 index 6cd819cec..000000000 --- a/sources/api/migration/migrations/archived/v1.6.0/aws-admin-container-v0-7-4/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "aws-admin-container-v0-7-4" -version = "0.1.0" -authors = ["Erikson Tung "] -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.6.0/aws-admin-container-v0-7-4/src/main.rs b/sources/api/migration/migrations/archived/v1.6.0/aws-admin-container-v0-7-4/src/main.rs deleted file mode 100644 index 7ab35f549..000000000 --- a/sources/api/migration/migrations/archived/v1.6.0/aws-admin-container-v0-7-4/src/main.rs +++ /dev/null @@ -1,27 +0,0 @@ -use migration_helpers::common_migrations::ReplaceTemplateMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -const OLD_ADMIN_CTR_TEMPLATE: &str = - "{{ ecr-prefix settings.aws.region }}/bottlerocket-admin:v0.7.3"; -const NEW_ADMIN_CTR_TEMPLATE: &str = - "{{ ecr-prefix settings.aws.region }}/bottlerocket-admin:v0.7.4"; - -/// We bumped the version of the default admin container from v0.7.3 to v0.7.4 -fn run() -> Result<()> { - migrate(ReplaceTemplateMigration { - setting: "settings.host-containers.admin.source", - old_template: OLD_ADMIN_CTR_TEMPLATE, - new_template: NEW_ADMIN_CTR_TEMPLATE, - }) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.6.0/aws-control-container-v0-5-5/Cargo.toml b/sources/api/migration/migrations/archived/v1.6.0/aws-control-container-v0-5-5/Cargo.toml deleted file mode 100644 index e9d4a7ade..000000000 --- a/sources/api/migration/migrations/archived/v1.6.0/aws-control-container-v0-5-5/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "aws-control-container-v0-5-5" -version = "0.1.0" -authors = ["Erikson Tung "] -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0" } diff --git a/sources/api/migration/migrations/archived/v1.6.0/aws-control-container-v0-5-5/src/main.rs b/sources/api/migration/migrations/archived/v1.6.0/aws-control-container-v0-5-5/src/main.rs deleted file mode 100644 index 7de8f7ece..000000000 --- a/sources/api/migration/migrations/archived/v1.6.0/aws-control-container-v0-5-5/src/main.rs +++ /dev/null @@ -1,27 +0,0 @@ -use migration_helpers::common_migrations::ReplaceTemplateMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -const OLD_CONTROL_CTR_TEMPLATE: &str = - "{{ ecr-prefix settings.aws.region }}/bottlerocket-control:v0.5.4"; -const NEW_CONTROL_CTR_TEMPLATE: &str = - "{{ ecr-prefix settings.aws.region }}/bottlerocket-control:v0.5.5"; - -/// We bumped the version of the default control container from v0.5.4 to v0.5.5 -fn run() -> Result<()> { - migrate(ReplaceTemplateMigration { - setting: "settings.host-containers.control.source", - old_template: OLD_CONTROL_CTR_TEMPLATE, - new_template: NEW_CONTROL_CTR_TEMPLATE, - }) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.6.0/node-taints-representation/Cargo.toml b/sources/api/migration/migrations/archived/v1.6.0/node-taints-representation/Cargo.toml deleted file mode 100644 index 3ab3536aa..000000000 --- a/sources/api/migration/migrations/archived/v1.6.0/node-taints-representation/Cargo.toml +++ /dev/null @@ -1,14 +0,0 @@ -[package] -name = "node-taints-representation" -version = "0.1.0" -authors = ["Erikson Tung "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0" } -serde_json = "1" -snafu = "0.8" diff --git a/sources/api/migration/migrations/archived/v1.6.0/node-taints-representation/src/main.rs b/sources/api/migration/migrations/archived/v1.6.0/node-taints-representation/src/main.rs deleted file mode 100644 index bf922a7dd..000000000 --- a/sources/api/migration/migrations/archived/v1.6.0/node-taints-representation/src/main.rs +++ /dev/null @@ -1,94 +0,0 @@ -use migration_helpers::{error, migrate, Migration, MigrationData, Result}; -use serde_json::Value; -use snafu::OptionExt; -use std::process; - -const NODE_TAINTS_SETTING_NAME: &str = "settings.kubernetes.node-taints"; - -/// This migration changes the model type of `settings.kubernetes.node-taints` from `HashMap` -/// to `HashMap>` on upgrade and vice-versa on downgrades. -pub struct ChangeNodeTaintsType; - -impl Migration for ChangeNodeTaintsType { - /// Newer versions store `settings.kubernetes.node-taints` as `HashMap>`. - /// Need to convert from `HashMap`. - fn forward(&mut self, mut input: MigrationData) -> Result { - for (taint_key, taint_val) in input - .data - .iter_mut() - .filter(|&(k, _)| k.starts_with(format!("{}.", NODE_TAINTS_SETTING_NAME).as_str())) - { - match taint_val { - Value::String(taint_val_string) => { - let taint_val_array = - Value::Array(vec![Value::String(taint_val_string.to_owned())]); - println!( - "Changing '{}', from '{}' to '{}' on upgrade", - taint_key, &taint_val, taint_val_array - ); - *taint_val = taint_val_array; - } - _ => { - println!( - "'{}' is not a JSON string value: '{}'", - taint_key, taint_val - ); - } - } - } - Ok(input) - } - - /// Older versions store `settings.kubernetes.node-taints` as `HashMap`. - /// Need to convert from `HashMap>`. - /// - /// Note that this potentially causes data loss if there are more than one taint value/effect assigned to a taint key. - /// Older versions can only map one taint value/effect to a taint key, so we default to choosing the first in the list if there are multiple. - fn backward(&mut self, mut input: MigrationData) -> Result { - for (taint_key, taint_val) in input - .data - .iter_mut() - .filter(|&(k, _)| k.starts_with(format!("{}.", NODE_TAINTS_SETTING_NAME).as_str())) - { - match taint_val { - Value::Array(taint_val_array) => { - // There should always at least be one value in the sequence - let first_taint_val = Value::String( - taint_val_array - .first() - .cloned() - .unwrap_or_default() - .as_str() - .context(error::NonStringSettingDataTypeSnafu { - setting: taint_key.to_string(), - })? - .to_string(), - ); - println!( - "Changing '{}', from '{}' to '{}' on downgrade", - taint_key, &taint_val, first_taint_val - ); - *taint_val = first_taint_val; - } - _ => { - println!("'{}' is not a JSON Array value: '{}'", taint_key, taint_val); - } - } - } - Ok(input) - } -} - -fn run() -> Result<()> { - migrate(ChangeNodeTaintsType) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.6.0/public-admin-container-v0-7-4/Cargo.toml b/sources/api/migration/migrations/archived/v1.6.0/public-admin-container-v0-7-4/Cargo.toml deleted file mode 100644 index 16ce4ec64..000000000 --- a/sources/api/migration/migrations/archived/v1.6.0/public-admin-container-v0-7-4/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "public-admin-container-v0-7-4" -version = "0.1.0" -authors = ["Erikson Tung "] -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.6.0/public-admin-container-v0-7-4/src/main.rs b/sources/api/migration/migrations/archived/v1.6.0/public-admin-container-v0-7-4/src/main.rs deleted file mode 100644 index 928411438..000000000 --- a/sources/api/migration/migrations/archived/v1.6.0/public-admin-container-v0-7-4/src/main.rs +++ /dev/null @@ -1,25 +0,0 @@ -use migration_helpers::common_migrations::ReplaceStringMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -const OLD_ADMIN_CTR_SOURCE_VAL: &str = "public.ecr.aws/bottlerocket/bottlerocket-admin:v0.7.3"; -const NEW_ADMIN_CTR_SOURCE_VAL: &str = "public.ecr.aws/bottlerocket/bottlerocket-admin:v0.7.4"; - -/// We bumped the version of the default admin container from v0.7.3 to v0.7.4 -fn run() -> Result<()> { - migrate(ReplaceStringMigration { - setting: "settings.host-containers.admin.source", - old_val: OLD_ADMIN_CTR_SOURCE_VAL, - new_val: NEW_ADMIN_CTR_SOURCE_VAL, - }) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.6.0/public-control-container-v0-5-5/Cargo.toml b/sources/api/migration/migrations/archived/v1.6.0/public-control-container-v0-5-5/Cargo.toml deleted file mode 100644 index 709f96972..000000000 --- a/sources/api/migration/migrations/archived/v1.6.0/public-control-container-v0-5-5/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "public-control-container-v0-5-5" -version = "0.1.0" -authors = ["Erikson Tung "] -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.6.0/public-control-container-v0-5-5/src/main.rs b/sources/api/migration/migrations/archived/v1.6.0/public-control-container-v0-5-5/src/main.rs deleted file mode 100644 index f8f08004d..000000000 --- a/sources/api/migration/migrations/archived/v1.6.0/public-control-container-v0-5-5/src/main.rs +++ /dev/null @@ -1,25 +0,0 @@ -use migration_helpers::common_migrations::ReplaceStringMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -const OLD_CONTROL_SOURCE_VAL: &str = "public.ecr.aws/bottlerocket/bottlerocket-control:v0.5.4"; -const NEW_CONTROL_SOURCE_VAL: &str = "public.ecr.aws/bottlerocket/bottlerocket-control:v0.5.5"; - -/// We bumped the version of the default control container from v0.5.4 to v0.5.5 -fn run() -> Result<()> { - migrate(ReplaceStringMigration { - setting: "settings.host-containers.control.source", - old_val: OLD_CONTROL_SOURCE_VAL, - new_val: NEW_CONTROL_SOURCE_VAL, - }) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.6.2/add-cfsignal/Cargo.toml b/sources/api/migration/migrations/archived/v1.6.2/add-cfsignal/Cargo.toml deleted file mode 100644 index 1310c42f0..000000000 --- a/sources/api/migration/migrations/archived/v1.6.2/add-cfsignal/Cargo.toml +++ /dev/null @@ -1,11 +0,0 @@ -[package] -name = "add-cfsignal" -version = "0.1.0" -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.6.2/add-cfsignal/src/main.rs b/sources/api/migration/migrations/archived/v1.6.2/add-cfsignal/src/main.rs deleted file mode 100644 index c9e034e2c..000000000 --- a/sources/api/migration/migrations/archived/v1.6.2/add-cfsignal/src/main.rs +++ /dev/null @@ -1,23 +0,0 @@ -use migration_helpers::common_migrations::AddPrefixesMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -/// We added a set of settings for configuring service cfsignal. -/// Remove the whole `settings.cloudformation` prefix if we downgrade. -fn run() -> Result<()> { - migrate(AddPrefixesMigration(vec![ - "settings.cloudformation", - "services.cfsignal", - "configuration-files.cfsignal-toml", - ])) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.6.2/container-registry-credentials-metadata/Cargo.toml b/sources/api/migration/migrations/archived/v1.6.2/container-registry-credentials-metadata/Cargo.toml deleted file mode 100644 index fd549e10c..000000000 --- a/sources/api/migration/migrations/archived/v1.6.2/container-registry-credentials-metadata/Cargo.toml +++ /dev/null @@ -1,10 +0,0 @@ -[package] -name = "container-registry-credentials-metadata" -version = "0.1.0" -authors = ["Erikson Tung "] -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.6.2/container-registry-credentials-metadata/src/main.rs b/sources/api/migration/migrations/archived/v1.6.2/container-registry-credentials-metadata/src/main.rs deleted file mode 100644 index d600e210c..000000000 --- a/sources/api/migration/migrations/archived/v1.6.2/container-registry-credentials-metadata/src/main.rs +++ /dev/null @@ -1,29 +0,0 @@ -use migration_helpers::common_migrations::{AddMetadataMigration, SettingMetadata}; -use migration_helpers::{migrate, Result}; -use std::process; - -/// We added a new setting and `affected-services` metadata for `container-registry.credentials` -/// We subdivided metadata for `container-registry` into `container-registry.mirrors` and `container-registry.credentials` -/// This is for the docker variants where don't want to restart the docker daemon when credentials settings change. -fn run() -> Result<()> { - migrate(AddMetadataMigration(&[ - SettingMetadata { - metadata: &["affected-services"], - setting: "settings.container-registry.credentials", - }, - SettingMetadata { - metadata: &["affected-services"], - setting: "settings.container-registry.mirrors", - }, - ])) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.6.2/container-registry-credentials/Cargo.toml b/sources/api/migration/migrations/archived/v1.6.2/container-registry-credentials/Cargo.toml deleted file mode 100644 index a3b01c55b..000000000 --- a/sources/api/migration/migrations/archived/v1.6.2/container-registry-credentials/Cargo.toml +++ /dev/null @@ -1,10 +0,0 @@ -[package] -name = "container-registry-credentials" -version = "0.1.0" -authors = ["Erikson Tung "] -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.6.2/container-registry-credentials/src/main.rs b/sources/api/migration/migrations/archived/v1.6.2/container-registry-credentials/src/main.rs deleted file mode 100644 index 7d71315cb..000000000 --- a/sources/api/migration/migrations/archived/v1.6.2/container-registry-credentials/src/main.rs +++ /dev/null @@ -1,20 +0,0 @@ -use migration_helpers::common_migrations::AddPrefixesMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -/// We added a new setting for configuring image credentials, `settings.container-registry.credentials` -fn run() -> Result<()> { - migrate(AddPrefixesMigration(vec![ - "settings.container-registry.credentials", - ])) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.7.0/aws-admin-container-v0-8-0/Cargo.toml b/sources/api/migration/migrations/archived/v1.7.0/aws-admin-container-v0-8-0/Cargo.toml deleted file mode 100644 index 2ba9bf763..000000000 --- a/sources/api/migration/migrations/archived/v1.7.0/aws-admin-container-v0-8-0/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "aws-admin-container-v0-8-0" -version = "0.1.0" -authors = ["Patrick J.P. Culp "] -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.7.0/aws-admin-container-v0-8-0/src/main.rs b/sources/api/migration/migrations/archived/v1.7.0/aws-admin-container-v0-8-0/src/main.rs deleted file mode 100644 index 569de6e46..000000000 --- a/sources/api/migration/migrations/archived/v1.7.0/aws-admin-container-v0-8-0/src/main.rs +++ /dev/null @@ -1,27 +0,0 @@ -use migration_helpers::common_migrations::ReplaceTemplateMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -const OLD_ADMIN_CTR_TEMPLATE: &str = - "{{ ecr-prefix settings.aws.region }}/bottlerocket-admin:v0.7.4"; -const NEW_ADMIN_CTR_TEMPLATE: &str = - "{{ ecr-prefix settings.aws.region }}/bottlerocket-admin:v0.8.0"; - -/// We bumped the version of the default admin container from v0.7.4 to v0.8.0 -fn run() -> Result<()> { - migrate(ReplaceTemplateMigration { - setting: "settings.host-containers.admin.source", - old_template: OLD_ADMIN_CTR_TEMPLATE, - new_template: NEW_ADMIN_CTR_TEMPLATE, - }) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.7.0/aws-control-container-v0-6-0/Cargo.toml b/sources/api/migration/migrations/archived/v1.7.0/aws-control-container-v0-6-0/Cargo.toml deleted file mode 100644 index 3d67bb55d..000000000 --- a/sources/api/migration/migrations/archived/v1.7.0/aws-control-container-v0-6-0/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "aws-control-container-v0-6-0" -version = "0.1.0" -authors = ["Patrick J.P. Culp "] -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0" } diff --git a/sources/api/migration/migrations/archived/v1.7.0/aws-control-container-v0-6-0/src/main.rs b/sources/api/migration/migrations/archived/v1.7.0/aws-control-container-v0-6-0/src/main.rs deleted file mode 100644 index eab2c9e47..000000000 --- a/sources/api/migration/migrations/archived/v1.7.0/aws-control-container-v0-6-0/src/main.rs +++ /dev/null @@ -1,27 +0,0 @@ -use migration_helpers::common_migrations::ReplaceTemplateMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -const OLD_CONTROL_CTR_TEMPLATE: &str = - "{{ ecr-prefix settings.aws.region }}/bottlerocket-control:v0.5.5"; -const NEW_CONTROL_CTR_TEMPLATE: &str = - "{{ ecr-prefix settings.aws.region }}/bottlerocket-control:v0.6.0"; - -/// We bumped the version of the default control container from v0.5.5 to v0.6.0 -fn run() -> Result<()> { - migrate(ReplaceTemplateMigration { - setting: "settings.host-containers.control.source", - old_template: OLD_CONTROL_CTR_TEMPLATE, - new_template: NEW_CONTROL_CTR_TEMPLATE, - }) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.7.0/public-admin-container-v0-8-0/Cargo.toml b/sources/api/migration/migrations/archived/v1.7.0/public-admin-container-v0-8-0/Cargo.toml deleted file mode 100644 index 9fdee63e6..000000000 --- a/sources/api/migration/migrations/archived/v1.7.0/public-admin-container-v0-8-0/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "public-admin-container-v0-8-0" -version = "0.1.0" -authors = ["Patrick J.P. Culp "] -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.7.0/public-admin-container-v0-8-0/src/main.rs b/sources/api/migration/migrations/archived/v1.7.0/public-admin-container-v0-8-0/src/main.rs deleted file mode 100644 index a6936d5ca..000000000 --- a/sources/api/migration/migrations/archived/v1.7.0/public-admin-container-v0-8-0/src/main.rs +++ /dev/null @@ -1,25 +0,0 @@ -use migration_helpers::common_migrations::ReplaceStringMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -const OLD_ADMIN_CTR_SOURCE_VAL: &str = "public.ecr.aws/bottlerocket/bottlerocket-admin:v0.7.4"; -const NEW_ADMIN_CTR_SOURCE_VAL: &str = "public.ecr.aws/bottlerocket/bottlerocket-admin:v0.8.0"; - -/// We bumped the version of the default admin container from v0.7.4 to v0.8.0 -fn run() -> Result<()> { - migrate(ReplaceStringMigration { - setting: "settings.host-containers.admin.source", - old_val: OLD_ADMIN_CTR_SOURCE_VAL, - new_val: NEW_ADMIN_CTR_SOURCE_VAL, - }) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.7.0/public-control-container-v0-6-0/Cargo.toml b/sources/api/migration/migrations/archived/v1.7.0/public-control-container-v0-6-0/Cargo.toml deleted file mode 100644 index ecba85adf..000000000 --- a/sources/api/migration/migrations/archived/v1.7.0/public-control-container-v0-6-0/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "public-control-container-v0-6-0" -version = "0.1.0" -authors = ["Patrick J.P. Culp "] -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.7.0/public-control-container-v0-6-0/src/main.rs b/sources/api/migration/migrations/archived/v1.7.0/public-control-container-v0-6-0/src/main.rs deleted file mode 100644 index 4760d29fe..000000000 --- a/sources/api/migration/migrations/archived/v1.7.0/public-control-container-v0-6-0/src/main.rs +++ /dev/null @@ -1,25 +0,0 @@ -use migration_helpers::common_migrations::ReplaceStringMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -const OLD_CONTROL_SOURCE_VAL: &str = "public.ecr.aws/bottlerocket/bottlerocket-control:v0.5.5"; -const NEW_CONTROL_SOURCE_VAL: &str = "public.ecr.aws/bottlerocket/bottlerocket-control:v0.6.0"; - -/// We bumped the version of the default control container from v0.5.5 to v0.6.0 -fn run() -> Result<()> { - migrate(ReplaceStringMigration { - setting: "settings.host-containers.control.source", - old_val: OLD_CONTROL_SOURCE_VAL, - new_val: NEW_CONTROL_SOURCE_VAL, - }) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.8.0/add-autoscaling/Cargo.toml b/sources/api/migration/migrations/archived/v1.8.0/add-autoscaling/Cargo.toml deleted file mode 100644 index 1394d84f5..000000000 --- a/sources/api/migration/migrations/archived/v1.8.0/add-autoscaling/Cargo.toml +++ /dev/null @@ -1,11 +0,0 @@ -[package] -name = "add-autoscaling" -version = "0.1.0" -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.8.0/add-autoscaling/src/main.rs b/sources/api/migration/migrations/archived/v1.8.0/add-autoscaling/src/main.rs deleted file mode 100644 index 2c87f5fcd..000000000 --- a/sources/api/migration/migrations/archived/v1.8.0/add-autoscaling/src/main.rs +++ /dev/null @@ -1,19 +0,0 @@ -use migration_helpers::common_migrations::AddPrefixesMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -/// We added a setting prefix for configuring autoscaling. -/// Remove the whole `settings.autoscaling` prefix if we downgrade. -fn run() -> Result<()> { - migrate(AddPrefixesMigration(vec!["settings.autoscaling"])) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.8.0/add-pull-behavior/Cargo.toml b/sources/api/migration/migrations/archived/v1.8.0/add-pull-behavior/Cargo.toml deleted file mode 100644 index 39027ea57..000000000 --- a/sources/api/migration/migrations/archived/v1.8.0/add-pull-behavior/Cargo.toml +++ /dev/null @@ -1,11 +0,0 @@ -[package] -name = "add-pull-behavior" -version = "0.1.0" -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.8.0/add-pull-behavior/src/main.rs b/sources/api/migration/migrations/archived/v1.8.0/add-pull-behavior/src/main.rs deleted file mode 100644 index 1185a5b01..000000000 --- a/sources/api/migration/migrations/archived/v1.8.0/add-pull-behavior/src/main.rs +++ /dev/null @@ -1,18 +0,0 @@ -use migration_helpers::common_migrations::AddSettingsMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -/// We added one new settings for configuring ecs-agent, `settings.ecs.image-pull-behavior` -fn run() -> Result<()> { - migrate(AddSettingsMigration(&["settings.ecs.image-pull-behavior"])) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.8.0/aws-admin-container-v0-9-0/Cargo.toml b/sources/api/migration/migrations/archived/v1.8.0/aws-admin-container-v0-9-0/Cargo.toml deleted file mode 100644 index bfc87d363..000000000 --- a/sources/api/migration/migrations/archived/v1.8.0/aws-admin-container-v0-9-0/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "aws-admin-container-v0-9-0" -version = "0.1.0" -authors = ["Richard Kelly "] -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.8.0/aws-admin-container-v0-9-0/src/main.rs b/sources/api/migration/migrations/archived/v1.8.0/aws-admin-container-v0-9-0/src/main.rs deleted file mode 100644 index 3252ca8bf..000000000 --- a/sources/api/migration/migrations/archived/v1.8.0/aws-admin-container-v0-9-0/src/main.rs +++ /dev/null @@ -1,27 +0,0 @@ -use migration_helpers::common_migrations::ReplaceTemplateMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -const OLD_ADMIN_CTR_TEMPLATE: &str = - "{{ ecr-prefix settings.aws.region }}/bottlerocket-admin:v0.8.0"; -const NEW_ADMIN_CTR_TEMPLATE: &str = - "{{ ecr-prefix settings.aws.region }}/bottlerocket-admin:v0.9.0"; - -/// We bumped the version of the default admin container -fn run() -> Result<()> { - migrate(ReplaceTemplateMigration { - setting: "settings.host-containers.admin.source", - old_template: OLD_ADMIN_CTR_TEMPLATE, - new_template: NEW_ADMIN_CTR_TEMPLATE, - }) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.8.0/aws-control-container-v0-6-1/Cargo.toml b/sources/api/migration/migrations/archived/v1.8.0/aws-control-container-v0-6-1/Cargo.toml deleted file mode 100644 index 0bfc68d82..000000000 --- a/sources/api/migration/migrations/archived/v1.8.0/aws-control-container-v0-6-1/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "aws-control-container-v0-6-1" -version = "0.1.0" -authors = ["Richard Kelly "] -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0" } diff --git a/sources/api/migration/migrations/archived/v1.8.0/aws-control-container-v0-6-1/src/main.rs b/sources/api/migration/migrations/archived/v1.8.0/aws-control-container-v0-6-1/src/main.rs deleted file mode 100644 index 4a39cf084..000000000 --- a/sources/api/migration/migrations/archived/v1.8.0/aws-control-container-v0-6-1/src/main.rs +++ /dev/null @@ -1,27 +0,0 @@ -use migration_helpers::common_migrations::ReplaceTemplateMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -const OLD_CONTROL_CTR_TEMPLATE: &str = - "{{ ecr-prefix settings.aws.region }}/bottlerocket-control:v0.6.0"; -const NEW_CONTROL_CTR_TEMPLATE: &str = - "{{ ecr-prefix settings.aws.region }}/bottlerocket-control:v0.6.1"; - -/// We bumped the version of the default control container -fn run() -> Result<()> { - migrate(ReplaceTemplateMigration { - setting: "settings.host-containers.control.source", - old_template: OLD_CONTROL_CTR_TEMPLATE, - new_template: NEW_CONTROL_CTR_TEMPLATE, - }) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.8.0/boot-setting-metadata/Cargo.toml b/sources/api/migration/migrations/archived/v1.8.0/boot-setting-metadata/Cargo.toml deleted file mode 100644 index adac639f9..000000000 --- a/sources/api/migration/migrations/archived/v1.8.0/boot-setting-metadata/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "boot-setting-metadata" -version = "0.1.0" -edition = "2018" -authors = ["Erikson Tung "] -license = "Apache-2.0 OR MIT" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.8.0/boot-setting-metadata/src/main.rs b/sources/api/migration/migrations/archived/v1.8.0/boot-setting-metadata/src/main.rs deleted file mode 100644 index 91f38f312..000000000 --- a/sources/api/migration/migrations/archived/v1.8.0/boot-setting-metadata/src/main.rs +++ /dev/null @@ -1,21 +0,0 @@ -use migration_helpers::common_migrations::{AddMetadataMigration, SettingMetadata}; -use migration_helpers::{migrate, Result}; -use std::process; - -/// We added a new setting and generator for kernel boot configuration -fn run() -> Result<()> { - migrate(AddMetadataMigration(&[SettingMetadata { - metadata: &["affected-services"], - setting: "settings.boot", - }])) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.8.0/boot-setting/Cargo.toml b/sources/api/migration/migrations/archived/v1.8.0/boot-setting/Cargo.toml deleted file mode 100644 index e7caf69db..000000000 --- a/sources/api/migration/migrations/archived/v1.8.0/boot-setting/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "boot-setting" -version = "0.1.0" -edition = "2018" -authors = ["Erikson Tung "] -license = "Apache-2.0 OR MIT" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.8.0/boot-setting/src/main.rs b/sources/api/migration/migrations/archived/v1.8.0/boot-setting/src/main.rs deleted file mode 100644 index 94bc8254b..000000000 --- a/sources/api/migration/migrations/archived/v1.8.0/boot-setting/src/main.rs +++ /dev/null @@ -1,21 +0,0 @@ -use migration_helpers::common_migrations::AddPrefixesMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -/// We added a new setting and generator for kernel boot configuration -fn run() -> Result<()> { - migrate(AddPrefixesMigration(vec![ - "settings.boot", - "services.bootconfig", - ])) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.8.0/cluster-dns-ip-list/Cargo.toml b/sources/api/migration/migrations/archived/v1.8.0/cluster-dns-ip-list/Cargo.toml deleted file mode 100644 index fb4732b2c..000000000 --- a/sources/api/migration/migrations/archived/v1.8.0/cluster-dns-ip-list/Cargo.toml +++ /dev/null @@ -1,13 +0,0 @@ -[package] -name = "cluster-dns-ip-list" -version = "0.1.0" -authors = ["Sean P. Kelly "] -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} - -[dev-dependencies] -serde_json = "1" diff --git a/sources/api/migration/migrations/archived/v1.8.0/cluster-dns-ip-list/src/main.rs b/sources/api/migration/migrations/archived/v1.8.0/cluster-dns-ip-list/src/main.rs deleted file mode 100644 index 840234cf8..000000000 --- a/sources/api/migration/migrations/archived/v1.8.0/cluster-dns-ip-list/src/main.rs +++ /dev/null @@ -1,202 +0,0 @@ -use migration_helpers::{migrate, Migration, MigrationData, Result}; -use std::process; - -const CLUSTER_DNS_IP_KEY: &str = "settings.kubernetes.cluster-dns-ip"; - -/// We changed `settings.kubernetes.cluster-dns-ip` to support being either a string or a list of strings. -fn run() -> Result<()> { - migrate(ClusterDNSIPListMigration) -} - -struct ClusterDNSIPListMigration; - -impl Migration for ClusterDNSIPListMigration { - /// New versions allow the older string values to be present, so we don't need to do anything. - fn forward(&mut self, input: MigrationData) -> Result { - println!("ClusterDNSIPListMigration has no work to do on upgrade."); - Ok(input) - } - - /// Older versions don't know about list-style settings, so we need to create a scalar setting using the first value. - fn backward(&mut self, mut input: MigrationData) -> Result { - let maybe_prior_value = input.data.get(CLUSTER_DNS_IP_KEY); - - // If the current value is a string, don't touch it. - if let Some(prior_value) = maybe_prior_value { - if prior_value.is_string() { - println!( - "{} is already a string value ('{}'), and does not require migration.", - CLUSTER_DNS_IP_KEY, prior_value - ); - return Ok(input); - } - } - - // If the current value is an array and the first element is a string, that element becomes the new value. - // Any other cases result in clearing the value. - let new_value = maybe_prior_value - .and_then(|dns_ip_value| { - println!( - "Found existing value for '{}': '{}'", - CLUSTER_DNS_IP_KEY, dns_ip_value - ); - dns_ip_value.as_array() - }) - .and_then(|ip_array| ip_array.iter().next()) - .map(|ip_value| ip_value.clone()); - - match new_value { - Some(ip_value) if ip_value.is_string() => { - input - .data - .insert(CLUSTER_DNS_IP_KEY.to_string(), ip_value.clone()); - println!( - "Replaced prior value for '{}' with '{}'", - CLUSTER_DNS_IP_KEY, ip_value - ); - } - _ => { - println!( - "Prior value for '{}' was not recognized. Removing it.", - CLUSTER_DNS_IP_KEY - ); - input.data.remove(CLUSTER_DNS_IP_KEY); - } - }; - - Ok(input) - } -} - -#[cfg(test)] -mod test { - use super::*; - use std::collections::HashMap; - - #[test] - fn test_downgrade_string() { - let input = MigrationData { - data: serde_json::from_str(r#"{"settings.kubernetes.cluster-dns-ip": "10.0.0.1"}"#) - .unwrap(), - metadata: HashMap::new(), - }; - let expected = MigrationData { - data: serde_json::from_str(r#"{"settings.kubernetes.cluster-dns-ip": "10.0.0.1"}"#) - .unwrap(), - metadata: HashMap::new(), - }; - assert_eq!(ClusterDNSIPListMigration.backward(input).unwrap(), expected); - } - - #[test] - fn test_downgrade_list() { - let test_cases = [ - ( - MigrationData { - data: serde_json::from_str( - r#"{"settings.kubernetes.cluster-dns-ip": ["10.0.0.1"]}"#, - ) - .unwrap(), - metadata: HashMap::new(), - }, - MigrationData { - data: serde_json::from_str( - r#"{"settings.kubernetes.cluster-dns-ip": "10.0.0.1"}"#, - ) - .unwrap(), - metadata: HashMap::new(), - }, - ), - ( - MigrationData { - data: serde_json::from_str(r#"{"settings.kubernetes.cluster-dns-ip": []}"#) - .unwrap(), - metadata: HashMap::new(), - }, - MigrationData { - data: HashMap::new(), - metadata: HashMap::new(), - }, - ), - ( - MigrationData { - data: serde_json::from_str( - r#"{"settings.kubernetes.cluster-dns-ip": ["10.0.0.2", "10.0.0.1"]}"#, - ) - .unwrap(), - metadata: HashMap::new(), - }, - MigrationData { - data: serde_json::from_str( - r#"{"settings.kubernetes.cluster-dns-ip": "10.0.0.2"}"#, - ) - .unwrap(), - metadata: HashMap::new(), - }, - ), - ]; - for (input, expected) in test_cases.iter() { - assert_eq!( - ClusterDNSIPListMigration.backward(input.clone()).unwrap(), - *expected - ); - } - } - - #[test] - fn test_downgrade_other() { - let test_cases = [ - ( - MigrationData { - data: serde_json::from_str( - r#"{"settings.kubernetes.cluster-dns-ip": {"1": 2}}"#, - ) - .unwrap(), - metadata: HashMap::new(), - }, - MigrationData { - data: HashMap::new(), - metadata: HashMap::new(), - }, - ), - ( - MigrationData { - data: serde_json::from_str(r#"{"settings.kubernetes.cluster-dns-ip": 56}"#) - .unwrap(), - metadata: HashMap::new(), - }, - MigrationData { - data: HashMap::new(), - metadata: HashMap::new(), - }, - ), - ( - MigrationData { - data: serde_json::from_str(r#"{"settings.kubernetes.cluster-dns-ip": false}"#) - .unwrap(), - metadata: HashMap::new(), - }, - MigrationData { - data: HashMap::new(), - metadata: HashMap::new(), - }, - ), - ]; - for (input, expected) in test_cases.iter() { - assert_eq!( - ClusterDNSIPListMigration.backward(input.clone()).unwrap(), - *expected - ); - } - } -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.8.0/etc-hosts-metadata/Cargo.toml b/sources/api/migration/migrations/archived/v1.8.0/etc-hosts-metadata/Cargo.toml deleted file mode 100644 index 43757ec87..000000000 --- a/sources/api/migration/migrations/archived/v1.8.0/etc-hosts-metadata/Cargo.toml +++ /dev/null @@ -1,10 +0,0 @@ -[package] -name = "etc-hosts-metadata" -version = "0.1.0" -authors = ["Sean P. Kelly "] -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.8.0/etc-hosts-metadata/src/main.rs b/sources/api/migration/migrations/archived/v1.8.0/etc-hosts-metadata/src/main.rs deleted file mode 100644 index ce790c907..000000000 --- a/sources/api/migration/migrations/archived/v1.8.0/etc-hosts-metadata/src/main.rs +++ /dev/null @@ -1,21 +0,0 @@ -use migration_helpers::common_migrations::{AddMetadataMigration, SettingMetadata}; -use migration_helpers::{migrate, Result}; -use std::process; - -/// We added a new setting and `affected-services` metadata for `network.hosts` -fn run() -> Result<()> { - migrate(AddMetadataMigration(&[SettingMetadata { - metadata: &["affected-services"], - setting: "settings.network.hosts", - }])) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.8.0/etc-hosts/Cargo.toml b/sources/api/migration/migrations/archived/v1.8.0/etc-hosts/Cargo.toml deleted file mode 100644 index 66410b2f1..000000000 --- a/sources/api/migration/migrations/archived/v1.8.0/etc-hosts/Cargo.toml +++ /dev/null @@ -1,10 +0,0 @@ -[package] -name = "etc-hosts" -version = "0.1.0" -authors = ["Sean P. Kelly "] -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.8.0/etc-hosts/src/main.rs b/sources/api/migration/migrations/archived/v1.8.0/etc-hosts/src/main.rs deleted file mode 100644 index 0ad4e6ddf..000000000 --- a/sources/api/migration/migrations/archived/v1.8.0/etc-hosts/src/main.rs +++ /dev/null @@ -1,18 +0,0 @@ -use migration_helpers::common_migrations::AddPrefixesMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -/// We added a new setting under `settings.network` for configuring /etc/hosts: `settings.network.hosts` -fn run() -> Result<()> { - migrate(AddPrefixesMigration(vec!["settings.network.hosts"])) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.8.0/kubelet-pod-pids-limit/Cargo.toml b/sources/api/migration/migrations/archived/v1.8.0/kubelet-pod-pids-limit/Cargo.toml deleted file mode 100644 index 438ae02af..000000000 --- a/sources/api/migration/migrations/archived/v1.8.0/kubelet-pod-pids-limit/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "kubelet-pod-pids-limit" -version = "0.1.0" -authors = ["Tianhao Geng "] -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.8.0/kubelet-pod-pids-limit/src/main.rs b/sources/api/migration/migrations/archived/v1.8.0/kubelet-pod-pids-limit/src/main.rs deleted file mode 100644 index 1d1c0fc63..000000000 --- a/sources/api/migration/migrations/archived/v1.8.0/kubelet-pod-pids-limit/src/main.rs +++ /dev/null @@ -1,20 +0,0 @@ -use migration_helpers::common_migrations::AddPrefixesMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -/// We added a new setting for configuring pod-pids-limit, `settings.kubernetes.pod-pids-limit` -fn run() -> Result<()> { - migrate(AddPrefixesMigration(vec![ - "settings.kubernetes.pod-pids-limit", - ])) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.8.0/kubelet-provider-id/Cargo.toml b/sources/api/migration/migrations/archived/v1.8.0/kubelet-provider-id/Cargo.toml deleted file mode 100644 index 4fed4ea15..000000000 --- a/sources/api/migration/migrations/archived/v1.8.0/kubelet-provider-id/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "kubelet-provider-id" -version = "0.1.0" -edition = "2018" -authors = ["Erikson Tung "] -license = "Apache-2.0 OR MIT" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.8.0/kubelet-provider-id/src/main.rs b/sources/api/migration/migrations/archived/v1.8.0/kubelet-provider-id/src/main.rs deleted file mode 100644 index 322ed92dc..000000000 --- a/sources/api/migration/migrations/archived/v1.8.0/kubelet-provider-id/src/main.rs +++ /dev/null @@ -1,18 +0,0 @@ -use migration_helpers::common_migrations::AddSettingsMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -/// We added a new setting for configuring kubelet's provider-id option, `settings.kubernetes.provider-id` -fn run() -> Result<()> { - migrate(AddSettingsMigration(&["settings.kubernetes.provider-id"])) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.8.0/pki-affected-services/Cargo.toml b/sources/api/migration/migrations/archived/v1.8.0/pki-affected-services/Cargo.toml deleted file mode 100644 index acbe9ec0f..000000000 --- a/sources/api/migration/migrations/archived/v1.8.0/pki-affected-services/Cargo.toml +++ /dev/null @@ -1,16 +0,0 @@ -[package] -name = "pki-affected-services" -version = "0.1.0" -authors = ["Arnaldo Garcia Rincon "] -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false -build = "build.rs" -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0" } - -[build-dependencies] -bottlerocket-variant = { version = "0.1", path = "../../../../../bottlerocket-variant" } diff --git a/sources/api/migration/migrations/archived/v1.8.0/pki-affected-services/build.rs b/sources/api/migration/migrations/archived/v1.8.0/pki-affected-services/build.rs deleted file mode 100644 index 51d16cf1b..000000000 --- a/sources/api/migration/migrations/archived/v1.8.0/pki-affected-services/build.rs +++ /dev/null @@ -1,6 +0,0 @@ -use bottlerocket_variant::Variant; - -fn main() { - let variant = Variant::from_env().unwrap(); - variant.emit_cfgs(); -} diff --git a/sources/api/migration/migrations/archived/v1.8.0/pki-affected-services/src/main.rs b/sources/api/migration/migrations/archived/v1.8.0/pki-affected-services/src/main.rs deleted file mode 100644 index b50343704..000000000 --- a/sources/api/migration/migrations/archived/v1.8.0/pki-affected-services/src/main.rs +++ /dev/null @@ -1,33 +0,0 @@ -use migration_helpers::common_migrations::{ - MetadataListReplacement, ReplaceMetadataListsMigration, -}; -use migration_helpers::{migrate, Result}; -use std::process; - -/// We updated the 'affected-services' list metadata for 'settings.pki' to include -/// containerd or docker on upgrade, and to remove them on downgrade depending on the -/// running variant. -fn run() -> Result<()> { - migrate(ReplaceMetadataListsMigration(vec![ - MetadataListReplacement { - setting: "settings.pki", - metadata: "affected-services", - old_vals: &["pki"], - new_vals: if cfg!(variant_runtime = "k8s") { - &["pki", "containerd"] - } else { - &["pki", "docker"] - }, - }, - ])) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.8.0/public-admin-container-v0-9-0/Cargo.toml b/sources/api/migration/migrations/archived/v1.8.0/public-admin-container-v0-9-0/Cargo.toml deleted file mode 100644 index cf6b565d4..000000000 --- a/sources/api/migration/migrations/archived/v1.8.0/public-admin-container-v0-9-0/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "public-admin-container-v0-9-0" -version = "0.1.0" -authors = ["Richard Kelly "] -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.8.0/public-admin-container-v0-9-0/src/main.rs b/sources/api/migration/migrations/archived/v1.8.0/public-admin-container-v0-9-0/src/main.rs deleted file mode 100644 index a7155f6ae..000000000 --- a/sources/api/migration/migrations/archived/v1.8.0/public-admin-container-v0-9-0/src/main.rs +++ /dev/null @@ -1,25 +0,0 @@ -use migration_helpers::common_migrations::ReplaceStringMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -const OLD_ADMIN_CTR_SOURCE_VAL: &str = "public.ecr.aws/bottlerocket/bottlerocket-admin:v0.8.0"; -const NEW_ADMIN_CTR_SOURCE_VAL: &str = "public.ecr.aws/bottlerocket/bottlerocket-admin:v0.9.0"; - -/// We bumped the version of the default admin container -fn run() -> Result<()> { - migrate(ReplaceStringMigration { - setting: "settings.host-containers.admin.source", - old_val: OLD_ADMIN_CTR_SOURCE_VAL, - new_val: NEW_ADMIN_CTR_SOURCE_VAL, - }) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.8.0/public-control-container-v0-6-1/Cargo.toml b/sources/api/migration/migrations/archived/v1.8.0/public-control-container-v0-6-1/Cargo.toml deleted file mode 100644 index 0e0191268..000000000 --- a/sources/api/migration/migrations/archived/v1.8.0/public-control-container-v0-6-1/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "public-control-container-v0-6-1" -version = "0.1.0" -authors = ["Richard Kelly "] -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.8.0/public-control-container-v0-6-1/src/main.rs b/sources/api/migration/migrations/archived/v1.8.0/public-control-container-v0-6-1/src/main.rs deleted file mode 100644 index 31bd513c4..000000000 --- a/sources/api/migration/migrations/archived/v1.8.0/public-control-container-v0-6-1/src/main.rs +++ /dev/null @@ -1,25 +0,0 @@ -use migration_helpers::common_migrations::ReplaceStringMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -const OLD_CONTROL_SOURCE_VAL: &str = "public.ecr.aws/bottlerocket/bottlerocket-control:v0.6.0"; -const NEW_CONTROL_SOURCE_VAL: &str = "public.ecr.aws/bottlerocket/bottlerocket-control:v0.6.1"; - -/// We bumped the version of the default control container -fn run() -> Result<()> { - migrate(ReplaceStringMigration { - setting: "settings.host-containers.control.source", - old_val: OLD_CONTROL_SOURCE_VAL, - new_val: NEW_CONTROL_SOURCE_VAL, - }) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.9.0/image-gc-thresholds/Cargo.toml b/sources/api/migration/migrations/archived/v1.9.0/image-gc-thresholds/Cargo.toml deleted file mode 100644 index 6d64b5cb9..000000000 --- a/sources/api/migration/migrations/archived/v1.9.0/image-gc-thresholds/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "image-gc-thresholds" -version = "0.1.0" -edition = "2018" -authors = ["Mahdi Chaker "] -license = "Apache-2.0 OR MIT" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.9.0/image-gc-thresholds/src/main.rs b/sources/api/migration/migrations/archived/v1.9.0/image-gc-thresholds/src/main.rs deleted file mode 100644 index 55c8139da..000000000 --- a/sources/api/migration/migrations/archived/v1.9.0/image-gc-thresholds/src/main.rs +++ /dev/null @@ -1,24 +0,0 @@ -use migration_helpers::common_migrations::AddSettingsMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -/// We added a new setting for configuring kubelet's image-gc-high-threshold-percent -/// and image-gc-low-threshold-percent options, -/// `settings.kubernetes.image-gc-high-threshold-percent` and -/// `settings.kubernetes.image-gc-low-threshold-percent` -fn run() -> Result<()> { - migrate(AddSettingsMigration(&[ - "settings.kubernetes.image-gc-high-threshold-percent", - "settings.kubernetes.image-gc-low-threshold-percent", - ])) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.9.0/kernel-modules-setting-metadata/Cargo.toml b/sources/api/migration/migrations/archived/v1.9.0/kernel-modules-setting-metadata/Cargo.toml deleted file mode 100644 index f3b858853..000000000 --- a/sources/api/migration/migrations/archived/v1.9.0/kernel-modules-setting-metadata/Cargo.toml +++ /dev/null @@ -1,10 +0,0 @@ -[package] -name = "kernel-modules-setting-metadata" -version = "0.1.0" -authors = ["Ben Cressey "] -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.9.0/kernel-modules-setting-metadata/src/main.rs b/sources/api/migration/migrations/archived/v1.9.0/kernel-modules-setting-metadata/src/main.rs deleted file mode 100644 index 800be1a38..000000000 --- a/sources/api/migration/migrations/archived/v1.9.0/kernel-modules-setting-metadata/src/main.rs +++ /dev/null @@ -1,21 +0,0 @@ -use migration_helpers::common_migrations::{AddMetadataMigration, SettingMetadata}; -use migration_helpers::{migrate, Result}; -use std::process; - -/// We added a new setting and `affected-services` metadata for `settings.kernel.modules` -fn run() -> Result<()> { - migrate(AddMetadataMigration(&[SettingMetadata { - metadata: &["affected-services"], - setting: "settings.kernel.modules", - }])) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.9.0/kernel-modules-setting/Cargo.toml b/sources/api/migration/migrations/archived/v1.9.0/kernel-modules-setting/Cargo.toml deleted file mode 100644 index 2a4d28c46..000000000 --- a/sources/api/migration/migrations/archived/v1.9.0/kernel-modules-setting/Cargo.toml +++ /dev/null @@ -1,10 +0,0 @@ -[package] -name = "kernel-modules-setting" -version = "0.1.0" -authors = ["Ben Cressey "] -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.9.0/kernel-modules-setting/src/main.rs b/sources/api/migration/migrations/archived/v1.9.0/kernel-modules-setting/src/main.rs deleted file mode 100644 index 06d8a7c09..000000000 --- a/sources/api/migration/migrations/archived/v1.9.0/kernel-modules-setting/src/main.rs +++ /dev/null @@ -1,23 +0,0 @@ -use migration_helpers::common_migrations::AddPrefixesMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -/// We added new settings under `settings.kernel.modules` for configuring -/// /etc/modprobe.d/modprobe.conf. -fn run() -> Result<()> { - migrate(AddPrefixesMigration(vec![ - "settings.kernel.modules", - "services.kernel-modules", - "configuration-files.modprobe-conf", - ])) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.9.0/kubelet-no-daemon-reload/Cargo.toml b/sources/api/migration/migrations/archived/v1.9.0/kubelet-no-daemon-reload/Cargo.toml deleted file mode 100644 index c0f097da4..000000000 --- a/sources/api/migration/migrations/archived/v1.9.0/kubelet-no-daemon-reload/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "kubelet-no-daemon-reload" -version = "0.1.0" -authors = ["Ben Cressey "] -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0" } diff --git a/sources/api/migration/migrations/archived/v1.9.0/kubelet-no-daemon-reload/src/main.rs b/sources/api/migration/migrations/archived/v1.9.0/kubelet-no-daemon-reload/src/main.rs deleted file mode 100644 index f44c48ea4..000000000 --- a/sources/api/migration/migrations/archived/v1.9.0/kubelet-no-daemon-reload/src/main.rs +++ /dev/null @@ -1,26 +0,0 @@ -use migration_helpers::common_migrations::{ListReplacement, ReplaceListsMigration}; -use migration_helpers::{migrate, Result}; -use std::process; - -/// We updated the restart commands for kubelet to avoid an unnecessary reload -/// of systemd. They need to be restored to the prior values on downgrade. -fn run() -> Result<()> { - migrate(ReplaceListsMigration(vec![ListReplacement { - setting: "services.kubernetes.restart-commands", - old_vals: &[ - "/usr/bin/systemctl daemon-reload", - "/usr/bin/systemctl try-restart kubelet.service", - ], - new_vals: &["/usr/bin/systemctl try-restart kubelet.service"], - }])) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.9.0/ntp-affected-services/Cargo.toml b/sources/api/migration/migrations/archived/v1.9.0/ntp-affected-services/Cargo.toml deleted file mode 100644 index f286f59ac..000000000 --- a/sources/api/migration/migrations/archived/v1.9.0/ntp-affected-services/Cargo.toml +++ /dev/null @@ -1,12 +0,0 @@ -[package] -name = "ntp-affected-services" -version = "0.1.0" -authors = ["Ben Cressey "] -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0" } diff --git a/sources/api/migration/migrations/archived/v1.9.0/ntp-affected-services/src/main.rs b/sources/api/migration/migrations/archived/v1.9.0/ntp-affected-services/src/main.rs deleted file mode 100644 index e2cd2f536..000000000 --- a/sources/api/migration/migrations/archived/v1.9.0/ntp-affected-services/src/main.rs +++ /dev/null @@ -1,28 +0,0 @@ -use migration_helpers::common_migrations::{ - MetadataListReplacement, ReplaceMetadataListsMigration, -}; -use migration_helpers::{migrate, Result}; -use std::process; - -/// We updated the 'affected-services' list metadata for 'settings.ntp' to refer -/// to the correct service name ("ntp") instead of the incorrect one ("chronyd"). -fn run() -> Result<()> { - migrate(ReplaceMetadataListsMigration(vec![ - MetadataListReplacement { - setting: "settings.ntp", - metadata: "affected-services", - old_vals: &["chronyd"], - new_vals: &["ntp"], - }, - ])) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.9.0/shibaken-admin-userdata-semantics/Cargo.toml b/sources/api/migration/migrations/archived/v1.9.0/shibaken-admin-userdata-semantics/Cargo.toml deleted file mode 100644 index 58347eb48..000000000 --- a/sources/api/migration/migrations/archived/v1.9.0/shibaken-admin-userdata-semantics/Cargo.toml +++ /dev/null @@ -1,10 +0,0 @@ -[package] -name = "shibaken-admin-userdata-semantics" -version = "0.1.0" -authors = ["Sean P. Kelly "] -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.9.0/shibaken-admin-userdata-semantics/src/main.rs b/sources/api/migration/migrations/archived/v1.9.0/shibaken-admin-userdata-semantics/src/main.rs deleted file mode 100644 index 08385210f..000000000 --- a/sources/api/migration/migrations/archived/v1.9.0/shibaken-admin-userdata-semantics/src/main.rs +++ /dev/null @@ -1,24 +0,0 @@ -use migration_helpers::common_migrations::{MetadataReplacement, ReplaceMetadataMigration}; -use migration_helpers::{migrate, Result}; -use std::process; - -/// We modified the setting generator for `settings.host-containers.admin.user-data` to use the -/// new interface to shibaken. -fn run() -> Result<()> { - migrate(ReplaceMetadataMigration(vec![MetadataReplacement { - setting: "settings.host-containers.admin.user-data", - metadata: "setting-generator", - old_val: "shibaken", - new_val: "shibaken generate-admin-userdata", - }])) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.9.0/shibaken-send-metrics/Cargo.toml b/sources/api/migration/migrations/archived/v1.9.0/shibaken-send-metrics/Cargo.toml deleted file mode 100644 index 91b5a5103..000000000 --- a/sources/api/migration/migrations/archived/v1.9.0/shibaken-send-metrics/Cargo.toml +++ /dev/null @@ -1,10 +0,0 @@ -[package] -name = "shibaken-send-metrics" -version = "0.1.0" -authors = ["Sean P. Kelly "] -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.9.0/shibaken-send-metrics/src/main.rs b/sources/api/migration/migrations/archived/v1.9.0/shibaken-send-metrics/src/main.rs deleted file mode 100644 index 33c68a32c..000000000 --- a/sources/api/migration/migrations/archived/v1.9.0/shibaken-send-metrics/src/main.rs +++ /dev/null @@ -1,22 +0,0 @@ -use migration_helpers::common_migrations::{AddMetadataMigration, SettingMetadata}; -use migration_helpers::{migrate, Result}; -use std::process; - -/// We added a `setting-generator` for `settings.metrics.send-metrics` on AWS variants. -/// This migration will do nothing on upgrade, but will remove the metadata if present on downgrade. -fn run() -> Result<()> { - migrate(AddMetadataMigration(&[SettingMetadata { - setting: "settings.metrics.send-metrics", - metadata: &["setting-generator"], - }])) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/archived/v1.9.0/updates-targets-base-url/Cargo.toml b/sources/api/migration/migrations/archived/v1.9.0/updates-targets-base-url/Cargo.toml deleted file mode 100644 index 9873cbe75..000000000 --- a/sources/api/migration/migrations/archived/v1.9.0/updates-targets-base-url/Cargo.toml +++ /dev/null @@ -1,10 +0,0 @@ -[package] -name = "updates-targets-base-url" -version = "0.1.0" -authors = ["Patrick J.P. Culp "] -license = "Apache-2.0 OR MIT" -edition = "2018" -publish = false - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/archived/v1.9.0/updates-targets-base-url/src/main.rs b/sources/api/migration/migrations/archived/v1.9.0/updates-targets-base-url/src/main.rs deleted file mode 100644 index 544e1180c..000000000 --- a/sources/api/migration/migrations/archived/v1.9.0/updates-targets-base-url/src/main.rs +++ /dev/null @@ -1,22 +0,0 @@ -use migration_helpers::common_migrations::{AddMetadataMigration, SettingMetadata}; -use migration_helpers::{migrate, Result}; -use std::process; - -/// We added a `setting-generator` for `settings.updates.targets-base-url` on AWS variants. -/// This migration will do nothing on upgrade, but will remove the metadata if present on downgrade. -fn run() -> Result<()> { - migrate(AddMetadataMigration(&[SettingMetadata { - setting: "settings.updates.targets-base-url", - metadata: &["setting-generator"], - }])) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/v1.21.0/k8s-reserved-cpus-v0-1-0/Cargo.toml b/sources/api/migration/migrations/v1.21.0/k8s-reserved-cpus-v0-1-0/Cargo.toml deleted file mode 100644 index 4ec663aaa..000000000 --- a/sources/api/migration/migrations/v1.21.0/k8s-reserved-cpus-v0-1-0/Cargo.toml +++ /dev/null @@ -1,10 +0,0 @@ -[package] -name = "k8s-reserved-cpus-v0-1-0" -version = "0.1.0" -authors = ["James Masson "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0" } diff --git a/sources/api/migration/migrations/v1.21.0/k8s-reserved-cpus-v0-1-0/src/main.rs b/sources/api/migration/migrations/v1.21.0/k8s-reserved-cpus-v0-1-0/src/main.rs deleted file mode 100644 index 54cba0056..000000000 --- a/sources/api/migration/migrations/v1.21.0/k8s-reserved-cpus-v0-1-0/src/main.rs +++ /dev/null @@ -1,18 +0,0 @@ -use migration_helpers::common_migrations::AddSettingsMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -/// Add the option to set Kubernetes reserved-cpus -fn run() -> Result<()> { - migrate(AddSettingsMigration(&["settings.kubernetes.reserved-cpus"])) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/v1.21.0/pluto-remove-generators-v0-1-0/Cargo.toml b/sources/api/migration/migrations/v1.21.0/pluto-remove-generators-v0-1-0/Cargo.toml deleted file mode 100644 index 0a009ea9f..000000000 --- a/sources/api/migration/migrations/v1.21.0/pluto-remove-generators-v0-1-0/Cargo.toml +++ /dev/null @@ -1,11 +0,0 @@ -[package] -name = "pluto-remove-generators-v0-1-0" -version = "0.1.0" -authors = ["Jarrett Tierney "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false -exclude = ["README.md"] - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0" } diff --git a/sources/api/migration/migrations/v1.21.0/pluto-remove-generators-v0-1-0/src/main.rs b/sources/api/migration/migrations/v1.21.0/pluto-remove-generators-v0-1-0/src/main.rs deleted file mode 100644 index 3b86c5d24..000000000 --- a/sources/api/migration/migrations/v1.21.0/pluto-remove-generators-v0-1-0/src/main.rs +++ /dev/null @@ -1,33 +0,0 @@ -use migration_helpers::common_migrations::{RemoveMetadataMigration, SettingMetadata}; -use migration_helpers::{migrate, Result}; -use std::process; -fn run() -> Result<()> { - migrate(RemoveMetadataMigration(&[ - SettingMetadata { - setting: "settings.kubernetes.max-pods", - metadata: &["setting-generator"], - }, - SettingMetadata { - setting: "settings.kubernetes.cluster-dns-ip", - metadata: &["setting-generator"], - }, - SettingMetadata { - setting: "settings.kubernetes.node-ip", - metadata: &["setting-generator"], - }, - SettingMetadata { - setting: "settings.kubernetes.provider-id", - metadata: &["setting-generator"], - }, - SettingMetadata { - setting: "settings.kubernetes.hostname-override", - metadata: &["setting-generator"], - }, - ])) -} -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/v1.21.0/pod-infra-container-image-affected-services/Cargo.toml b/sources/api/migration/migrations/v1.21.0/pod-infra-container-image-affected-services/Cargo.toml deleted file mode 100644 index 51d4a321b..000000000 --- a/sources/api/migration/migrations/v1.21.0/pod-infra-container-image-affected-services/Cargo.toml +++ /dev/null @@ -1,15 +0,0 @@ -[package] -name = "pod-infra-container-image-affected-services" -version = "0.1.0" -authors = ["Todd Neal "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - - -# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/v1.21.0/pod-infra-container-image-affected-services/src/main.rs b/sources/api/migration/migrations/v1.21.0/pod-infra-container-image-affected-services/src/main.rs deleted file mode 100644 index 402beab6a..000000000 --- a/sources/api/migration/migrations/v1.21.0/pod-infra-container-image-affected-services/src/main.rs +++ /dev/null @@ -1,26 +0,0 @@ -use migration_helpers::common_migrations::{ - MetadataListReplacement, ReplaceMetadataListsMigration, -}; -use migration_helpers::{migrate, Result}; -use std::process; - -fn run() -> Result<()> { - migrate(ReplaceMetadataListsMigration(vec![ - MetadataListReplacement { - setting: "settings.kubernetes.pod-infra-container-image", - metadata: "affected-services", - old_vals: &["kubernetes", "containerd"], - new_vals: &["pod-infra-container-image"], - }, - ])) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/v1.21.0/pod-infra-container-image-remove-settings-generator/Cargo.toml b/sources/api/migration/migrations/v1.21.0/pod-infra-container-image-remove-settings-generator/Cargo.toml deleted file mode 100644 index 883e93b95..000000000 --- a/sources/api/migration/migrations/v1.21.0/pod-infra-container-image-remove-settings-generator/Cargo.toml +++ /dev/null @@ -1,15 +0,0 @@ -[package] -name = "pod-infra-container-image-remove-settings-generator" -version = "0.1.0" -authors = ["Todd Neal "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - - -# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/v1.21.0/pod-infra-container-image-remove-settings-generator/src/main.rs b/sources/api/migration/migrations/v1.21.0/pod-infra-container-image-remove-settings-generator/src/main.rs deleted file mode 100644 index 39e102614..000000000 --- a/sources/api/migration/migrations/v1.21.0/pod-infra-container-image-remove-settings-generator/src/main.rs +++ /dev/null @@ -1,20 +0,0 @@ -use migration_helpers::common_migrations::{RemoveMetadataMigration, SettingMetadata}; -use migration_helpers::{migrate, Result}; -use std::process; - -fn run() -> Result<()> { - migrate(RemoveMetadataMigration(&[SettingMetadata { - setting: "settings.kubernetes.pod-infra-container-image", - metadata: &["setting-generator"], - }])) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/migration/migrations/v1.21.0/pod-infra-container-image-services/Cargo.toml b/sources/api/migration/migrations/v1.21.0/pod-infra-container-image-services/Cargo.toml deleted file mode 100644 index 9d6a30c2b..000000000 --- a/sources/api/migration/migrations/v1.21.0/pod-infra-container-image-services/Cargo.toml +++ /dev/null @@ -1,15 +0,0 @@ -[package] -name = "pod-infra-container-image-services" -version = "0.1.0" -authors = ["Todd Neal "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - - -# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html - -[dependencies] -migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/v1.21.0/pod-infra-container-image-services/src/main.rs b/sources/api/migration/migrations/v1.21.0/pod-infra-container-image-services/src/main.rs deleted file mode 100644 index 9b72dd2da..000000000 --- a/sources/api/migration/migrations/v1.21.0/pod-infra-container-image-services/src/main.rs +++ /dev/null @@ -1,20 +0,0 @@ -use migration_helpers::common_migrations::AddPrefixesMigration; -use migration_helpers::{migrate, Result}; -use std::process; - -fn run() -> Result<()> { - migrate(AddPrefixesMigration(vec![ - "services.pod-infra-container-image", - "configuration-files.pod-infra-container-image-log-message", - ])) -} - -// Returning a Result from main makes it print a Debug representation of the error, but with Snafu -// we have nice Display representations of the error, so we wrap "main" (run) and print any error. -// https://github.com/shepmaster/snafu/issues/110 -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} diff --git a/sources/api/simple-settings-plugin/Cargo.toml b/sources/api/simple-settings-plugin/Cargo.toml index fb766f50c..a3602e4cd 100644 --- a/sources/api/simple-settings-plugin/Cargo.toml +++ b/sources/api/simple-settings-plugin/Cargo.toml @@ -17,13 +17,6 @@ generate-readme = { version = "0.1", path = "../../generate-readme" } abi_stable = "0.11.3" serde = "1.0.198" serde_json = "1.0.116" -model-derive = { path = "../../models/model-derive", version = "0.1" } -modeled-types = { path = "../../models/modeled-types", version = "0.1" } -models = { path = "../../models", version = "0.1" } - -# settings extensions -settings-extension-motd = { path = "../../settings-extensions/motd", version = "0.1" } -settings-extension-ntp = { path = "../../settings-extensions/ntp", version = "0.1" } # settings plugins [dependencies.bottlerocket-settings-plugin] diff --git a/sources/api/simple-settings-plugin/src/lib.rs b/sources/api/simple-settings-plugin/src/lib.rs index 18d3f36a0..ca0773949 100644 --- a/sources/api/simple-settings-plugin/src/lib.rs +++ b/sources/api/simple-settings-plugin/src/lib.rs @@ -3,11 +3,20 @@ */ use bottlerocket_settings_plugin::SettingsPlugin; -use model_derive::model; +use serde::{Deserialize, Serialize}; -#[derive(SettingsPlugin)] -#[model(rename = "settings", impl_default = true)] +#[derive(Clone, Debug, Default, PartialEq, Serialize, Deserialize)] +pub struct NtpSettings { + #[serde(skip_serializing_if = "Option::is_none")] + time_servers: Option>, + #[serde(skip_serializing_if = "Option::is_none")] + options: Option>, +} + +#[derive(Clone, Debug, Default, PartialEq, Serialize, Deserialize, SettingsPlugin)] struct SimpleSettings { - motd: settings_extension_motd::MotdV1, - ntp: settings_extension_ntp::NtpSettingsV1, + #[serde(skip_serializing_if = "Option::is_none")] + motd: Option, + #[serde(skip_serializing_if = "Option::is_none")] + ntp: Option, } diff --git a/sources/models/Cargo.toml b/sources/models/Cargo.toml index 75770a7ae..fe061ce88 100644 --- a/sources/models/Cargo.toml +++ b/sources/models/Cargo.toml @@ -18,26 +18,6 @@ serde = { version = "1", features = ["derive"] } serde_json = "1" toml = "0.8" -# settings extensions -settings-extension-autoscaling = { path = "../settings-extensions/autoscaling", version = "0.1" } -settings-extension-aws = { path = "../settings-extensions/aws", version = "0.1" } -settings-extension-bootstrap-containers = { path = "../settings-extensions/bootstrap-containers", version = "0.1" } -settings-extension-cloudformation = { path = "../settings-extensions/cloudformation", version = "0.1" } -settings-extension-container-registry = { path = "../settings-extensions/container-registry", version = "0.1" } -settings-extension-container-runtime = { path = "../settings-extensions/container-runtime", version = "0.1" } -settings-extension-dns = { path = "../settings-extensions/dns", version = "0.1" } -settings-extension-ecs = { path = "../settings-extensions/ecs", version = "0.1" } -settings-extension-host-containers = { path = "../settings-extensions/host-containers", version = "0.1" } -settings-extension-kernel = { path = "../settings-extensions/kernel", version = "0.1" } -settings-extension-metrics = { path = "../settings-extensions/metrics", version = "0.1" } -settings-extension-motd = { path = "../settings-extensions/motd", version = "0.1" } -settings-extension-network = { path = "../settings-extensions/network", version = "0.1" } -settings-extension-ntp = { path = "../settings-extensions/ntp", version = "0.1" } -settings-extension-oci-defaults = { path = "../settings-extensions/oci-defaults", version = "0.1" } -settings-extension-oci-hooks = { path = "../settings-extensions/oci-hooks", version = "0.1" } -settings-extension-pki = { path = "../settings-extensions/pki", version = "0.1" } -settings-extension-updates = { path = "../settings-extensions/updates", version = "0.1" } - # settings plugins [dependencies.bottlerocket-settings-plugin] git = "https://github.com/bottlerocket-os/bottlerocket-settings-sdk" diff --git a/sources/settings-defaults/aws-dev/Cargo.toml b/sources/settings-defaults/aws-dev/Cargo.toml deleted file mode 100644 index e190ac8dd..000000000 --- a/sources/settings-defaults/aws-dev/Cargo.toml +++ /dev/null @@ -1,15 +0,0 @@ -[package] -name = "settings-defaults-aws-dev" -version = "0.1.0" -edition = "2021" -license = "Apache-2.0 OR MIT" -publish = false -build = "../build-defaults.rs" - -[lib] -path = "../defaults-toml.rs" - -[build-dependencies.bottlerocket-defaults-helper] -git = "https://github.com/bottlerocket-os/bottlerocket-settings-sdk" -tag = "bottlerocket-defaults-helper-v0.1.0" -version = "0.1.0" diff --git a/sources/settings-defaults/aws-dev/defaults.d/10-defaults.toml b/sources/settings-defaults/aws-dev/defaults.d/10-defaults.toml deleted file mode 120000 index a202ba61a..000000000 --- a/sources/settings-defaults/aws-dev/defaults.d/10-defaults.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/defaults.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-dev/defaults.d/15-aws-tuf.toml b/sources/settings-defaults/aws-dev/defaults.d/15-aws-tuf.toml deleted file mode 120000 index afcef6a61..000000000 --- a/sources/settings-defaults/aws-dev/defaults.d/15-aws-tuf.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/aws-tuf.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-dev/defaults.d/20-aws-host-containers.toml b/sources/settings-defaults/aws-dev/defaults.d/20-aws-host-containers.toml deleted file mode 120000 index 4d404d663..000000000 --- a/sources/settings-defaults/aws-dev/defaults.d/20-aws-host-containers.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/aws-host-containers.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-dev/defaults.d/25-cf-signal.toml b/sources/settings-defaults/aws-dev/defaults.d/25-cf-signal.toml deleted file mode 120000 index a33d54165..000000000 --- a/sources/settings-defaults/aws-dev/defaults.d/25-cf-signal.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/cf-signal.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-dev/defaults.d/30-metrics.toml b/sources/settings-defaults/aws-dev/defaults.d/30-metrics.toml deleted file mode 120000 index 99f0b2b69..000000000 --- a/sources/settings-defaults/aws-dev/defaults.d/30-metrics.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/metrics.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-dev/defaults.d/31-send-metrics-aws.toml b/sources/settings-defaults/aws-dev/defaults.d/31-send-metrics-aws.toml deleted file mode 120000 index 2fefefea7..000000000 --- a/sources/settings-defaults/aws-dev/defaults.d/31-send-metrics-aws.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/send-metrics-aws.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-dev/defaults.d/50-aws-dev.toml b/sources/settings-defaults/aws-dev/defaults.d/50-aws-dev.toml deleted file mode 100644 index 108db4a8a..000000000 --- a/sources/settings-defaults/aws-dev/defaults.d/50-aws-dev.toml +++ /dev/null @@ -1,8 +0,0 @@ -# Metrics -[settings.metrics] -send-metrics = false -service-checks = ["apiserver", "chronyd", "containerd", "host-containerd", "docker"] - -# Network -[metadata.settings.network] -affected-services = ["containerd", "docker", "host-containerd", "host-containers", "updog"] diff --git a/sources/settings-defaults/aws-dev/defaults.d/51-docker-services.toml b/sources/settings-defaults/aws-dev/defaults.d/51-docker-services.toml deleted file mode 120000 index a8512f259..000000000 --- a/sources/settings-defaults/aws-dev/defaults.d/51-docker-services.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/docker-services.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-dev/defaults.d/53-docker-pki.toml b/sources/settings-defaults/aws-dev/defaults.d/53-docker-pki.toml deleted file mode 120000 index 203cd2a9a..000000000 --- a/sources/settings-defaults/aws-dev/defaults.d/53-docker-pki.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/docker-pki.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-dev/defaults.d/60-lockdown-none.toml b/sources/settings-defaults/aws-dev/defaults.d/60-lockdown-none.toml deleted file mode 120000 index cced54333..000000000 --- a/sources/settings-defaults/aws-dev/defaults.d/60-lockdown-none.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/lockdown-none.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-dev/defaults.d/70-oci-hooks.toml b/sources/settings-defaults/aws-dev/defaults.d/70-oci-hooks.toml deleted file mode 120000 index e7b73c620..000000000 --- a/sources/settings-defaults/aws-dev/defaults.d/70-oci-hooks.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/oci-hooks.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-dev/defaults.d/90-boot.toml b/sources/settings-defaults/aws-dev/defaults.d/90-boot.toml deleted file mode 120000 index 777844745..000000000 --- a/sources/settings-defaults/aws-dev/defaults.d/90-boot.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/boot.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-1-nvidia/Cargo.toml b/sources/settings-defaults/aws-ecs-1-nvidia/Cargo.toml deleted file mode 100644 index de54bfca7..000000000 --- a/sources/settings-defaults/aws-ecs-1-nvidia/Cargo.toml +++ /dev/null @@ -1,15 +0,0 @@ -[package] -name = "settings-defaults-aws-ecs-1-nvidia" -version = "0.1.0" -edition = "2021" -license = "Apache-2.0 OR MIT" -publish = false -build = "../build-defaults.rs" - -[lib] -path = "../defaults-toml.rs" - -[build-dependencies.bottlerocket-defaults-helper] -git = "https://github.com/bottlerocket-os/bottlerocket-settings-sdk" -tag = "bottlerocket-defaults-helper-v0.1.0" -version = "0.1.0" diff --git a/sources/settings-defaults/aws-ecs-1-nvidia/defaults.d/10-defaults.toml b/sources/settings-defaults/aws-ecs-1-nvidia/defaults.d/10-defaults.toml deleted file mode 120000 index a202ba61a..000000000 --- a/sources/settings-defaults/aws-ecs-1-nvidia/defaults.d/10-defaults.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/defaults.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-1-nvidia/defaults.d/15-aws-tuf.toml b/sources/settings-defaults/aws-ecs-1-nvidia/defaults.d/15-aws-tuf.toml deleted file mode 120000 index afcef6a61..000000000 --- a/sources/settings-defaults/aws-ecs-1-nvidia/defaults.d/15-aws-tuf.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/aws-tuf.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-1-nvidia/defaults.d/20-aws-host-containers.toml b/sources/settings-defaults/aws-ecs-1-nvidia/defaults.d/20-aws-host-containers.toml deleted file mode 120000 index 4d404d663..000000000 --- a/sources/settings-defaults/aws-ecs-1-nvidia/defaults.d/20-aws-host-containers.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/aws-host-containers.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-1-nvidia/defaults.d/25-cf-signal.toml b/sources/settings-defaults/aws-ecs-1-nvidia/defaults.d/25-cf-signal.toml deleted file mode 120000 index a33d54165..000000000 --- a/sources/settings-defaults/aws-ecs-1-nvidia/defaults.d/25-cf-signal.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/cf-signal.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-1-nvidia/defaults.d/26-aws-autoscaling.toml b/sources/settings-defaults/aws-ecs-1-nvidia/defaults.d/26-aws-autoscaling.toml deleted file mode 120000 index b579c0182..000000000 --- a/sources/settings-defaults/aws-ecs-1-nvidia/defaults.d/26-aws-autoscaling.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/aws-autoscaling.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-1-nvidia/defaults.d/30-metrics.toml b/sources/settings-defaults/aws-ecs-1-nvidia/defaults.d/30-metrics.toml deleted file mode 120000 index 99f0b2b69..000000000 --- a/sources/settings-defaults/aws-ecs-1-nvidia/defaults.d/30-metrics.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/metrics.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-1-nvidia/defaults.d/31-send-metrics-aws.toml b/sources/settings-defaults/aws-ecs-1-nvidia/defaults.d/31-send-metrics-aws.toml deleted file mode 120000 index 2fefefea7..000000000 --- a/sources/settings-defaults/aws-ecs-1-nvidia/defaults.d/31-send-metrics-aws.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/send-metrics-aws.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-1-nvidia/defaults.d/51-docker-services.toml b/sources/settings-defaults/aws-ecs-1-nvidia/defaults.d/51-docker-services.toml deleted file mode 120000 index a8512f259..000000000 --- a/sources/settings-defaults/aws-ecs-1-nvidia/defaults.d/51-docker-services.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/docker-services.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-1-nvidia/defaults.d/52-aws-ecs-1.toml b/sources/settings-defaults/aws-ecs-1-nvidia/defaults.d/52-aws-ecs-1.toml deleted file mode 120000 index 06ea554fe..000000000 --- a/sources/settings-defaults/aws-ecs-1-nvidia/defaults.d/52-aws-ecs-1.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/ecs.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-1-nvidia/defaults.d/53-docker-daemon.toml b/sources/settings-defaults/aws-ecs-1-nvidia/defaults.d/53-docker-daemon.toml deleted file mode 120000 index 09b29470e..000000000 --- a/sources/settings-defaults/aws-ecs-1-nvidia/defaults.d/53-docker-daemon.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/docker-daemon-nvidia.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-1-nvidia/defaults.d/54-docker-pki.toml b/sources/settings-defaults/aws-ecs-1-nvidia/defaults.d/54-docker-pki.toml deleted file mode 120000 index 203cd2a9a..000000000 --- a/sources/settings-defaults/aws-ecs-1-nvidia/defaults.d/54-docker-pki.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/docker-pki.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-1-nvidia/defaults.d/60-lockdown-none.toml b/sources/settings-defaults/aws-ecs-1-nvidia/defaults.d/60-lockdown-none.toml deleted file mode 120000 index cced54333..000000000 --- a/sources/settings-defaults/aws-ecs-1-nvidia/defaults.d/60-lockdown-none.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/lockdown-none.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-1-nvidia/defaults.d/70-oci-hooks.toml b/sources/settings-defaults/aws-ecs-1-nvidia/defaults.d/70-oci-hooks.toml deleted file mode 120000 index 82b0def22..000000000 --- a/sources/settings-defaults/aws-ecs-1-nvidia/defaults.d/70-oci-hooks.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/nvidia-oci-hooks-docker.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-1-nvidia/defaults.d/75-oci-defaults-docker.toml b/sources/settings-defaults/aws-ecs-1-nvidia/defaults.d/75-oci-defaults-docker.toml deleted file mode 120000 index deb7cd4f6..000000000 --- a/sources/settings-defaults/aws-ecs-1-nvidia/defaults.d/75-oci-defaults-docker.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/oci-defaults-docker.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-1-nvidia/defaults.d/76-oci-defaults-capabilities.toml b/sources/settings-defaults/aws-ecs-1-nvidia/defaults.d/76-oci-defaults-capabilities.toml deleted file mode 120000 index 100c28740..000000000 --- a/sources/settings-defaults/aws-ecs-1-nvidia/defaults.d/76-oci-defaults-capabilities.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/oci-defaults-capabilities.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-1-nvidia/defaults.d/77-oci-defaults-docker-resource-limits.toml b/sources/settings-defaults/aws-ecs-1-nvidia/defaults.d/77-oci-defaults-docker-resource-limits.toml deleted file mode 120000 index 24b077b83..000000000 --- a/sources/settings-defaults/aws-ecs-1-nvidia/defaults.d/77-oci-defaults-docker-resource-limits.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/oci-defaults-docker-resource-limits.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-1/Cargo.toml b/sources/settings-defaults/aws-ecs-1/Cargo.toml deleted file mode 100644 index eab288896..000000000 --- a/sources/settings-defaults/aws-ecs-1/Cargo.toml +++ /dev/null @@ -1,15 +0,0 @@ -[package] -name = "settings-defaults-aws-ecs-1" -version = "0.1.0" -edition = "2021" -license = "Apache-2.0 OR MIT" -publish = false -build = "../build-defaults.rs" - -[lib] -path = "../defaults-toml.rs" - -[build-dependencies.bottlerocket-defaults-helper] -git = "https://github.com/bottlerocket-os/bottlerocket-settings-sdk" -tag = "bottlerocket-defaults-helper-v0.1.0" -version = "0.1.0" diff --git a/sources/settings-defaults/aws-ecs-1/defaults.d/10-defaults.toml b/sources/settings-defaults/aws-ecs-1/defaults.d/10-defaults.toml deleted file mode 120000 index a202ba61a..000000000 --- a/sources/settings-defaults/aws-ecs-1/defaults.d/10-defaults.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/defaults.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-1/defaults.d/15-aws-tuf.toml b/sources/settings-defaults/aws-ecs-1/defaults.d/15-aws-tuf.toml deleted file mode 120000 index afcef6a61..000000000 --- a/sources/settings-defaults/aws-ecs-1/defaults.d/15-aws-tuf.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/aws-tuf.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-1/defaults.d/20-aws-host-containers.toml b/sources/settings-defaults/aws-ecs-1/defaults.d/20-aws-host-containers.toml deleted file mode 120000 index 4d404d663..000000000 --- a/sources/settings-defaults/aws-ecs-1/defaults.d/20-aws-host-containers.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/aws-host-containers.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-1/defaults.d/25-cf-signal.toml b/sources/settings-defaults/aws-ecs-1/defaults.d/25-cf-signal.toml deleted file mode 120000 index a33d54165..000000000 --- a/sources/settings-defaults/aws-ecs-1/defaults.d/25-cf-signal.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/cf-signal.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-1/defaults.d/26-aws-autoscaling.toml b/sources/settings-defaults/aws-ecs-1/defaults.d/26-aws-autoscaling.toml deleted file mode 120000 index b579c0182..000000000 --- a/sources/settings-defaults/aws-ecs-1/defaults.d/26-aws-autoscaling.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/aws-autoscaling.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-1/defaults.d/30-metrics.toml b/sources/settings-defaults/aws-ecs-1/defaults.d/30-metrics.toml deleted file mode 120000 index 99f0b2b69..000000000 --- a/sources/settings-defaults/aws-ecs-1/defaults.d/30-metrics.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/metrics.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-1/defaults.d/31-send-metrics-aws.toml b/sources/settings-defaults/aws-ecs-1/defaults.d/31-send-metrics-aws.toml deleted file mode 120000 index 2fefefea7..000000000 --- a/sources/settings-defaults/aws-ecs-1/defaults.d/31-send-metrics-aws.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/send-metrics-aws.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-1/defaults.d/51-docker-services.toml b/sources/settings-defaults/aws-ecs-1/defaults.d/51-docker-services.toml deleted file mode 120000 index a8512f259..000000000 --- a/sources/settings-defaults/aws-ecs-1/defaults.d/51-docker-services.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/docker-services.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-1/defaults.d/52-aws-ecs-1.toml b/sources/settings-defaults/aws-ecs-1/defaults.d/52-aws-ecs-1.toml deleted file mode 120000 index 06ea554fe..000000000 --- a/sources/settings-defaults/aws-ecs-1/defaults.d/52-aws-ecs-1.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/ecs.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-1/defaults.d/53-docker-pki.toml b/sources/settings-defaults/aws-ecs-1/defaults.d/53-docker-pki.toml deleted file mode 120000 index 203cd2a9a..000000000 --- a/sources/settings-defaults/aws-ecs-1/defaults.d/53-docker-pki.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/docker-pki.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-1/defaults.d/60-lockdown-integrity.toml b/sources/settings-defaults/aws-ecs-1/defaults.d/60-lockdown-integrity.toml deleted file mode 120000 index 8b4de873a..000000000 --- a/sources/settings-defaults/aws-ecs-1/defaults.d/60-lockdown-integrity.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/lockdown-integrity.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-1/defaults.d/70-oci-hooks.toml b/sources/settings-defaults/aws-ecs-1/defaults.d/70-oci-hooks.toml deleted file mode 120000 index e7b73c620..000000000 --- a/sources/settings-defaults/aws-ecs-1/defaults.d/70-oci-hooks.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/oci-hooks.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-1/defaults.d/75-oci-defaults-docker.toml b/sources/settings-defaults/aws-ecs-1/defaults.d/75-oci-defaults-docker.toml deleted file mode 120000 index deb7cd4f6..000000000 --- a/sources/settings-defaults/aws-ecs-1/defaults.d/75-oci-defaults-docker.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/oci-defaults-docker.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-1/defaults.d/76-oci-defaults-capabilities.toml b/sources/settings-defaults/aws-ecs-1/defaults.d/76-oci-defaults-capabilities.toml deleted file mode 120000 index 100c28740..000000000 --- a/sources/settings-defaults/aws-ecs-1/defaults.d/76-oci-defaults-capabilities.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/oci-defaults-capabilities.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-1/defaults.d/77-oci-defaults-docker-resource-limits.toml b/sources/settings-defaults/aws-ecs-1/defaults.d/77-oci-defaults-docker-resource-limits.toml deleted file mode 120000 index 24b077b83..000000000 --- a/sources/settings-defaults/aws-ecs-1/defaults.d/77-oci-defaults-docker-resource-limits.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/oci-defaults-docker-resource-limits.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-2-nvidia/Cargo.toml b/sources/settings-defaults/aws-ecs-2-nvidia/Cargo.toml deleted file mode 100644 index 61f2514f3..000000000 --- a/sources/settings-defaults/aws-ecs-2-nvidia/Cargo.toml +++ /dev/null @@ -1,15 +0,0 @@ -[package] -name = "settings-defaults-aws-ecs-2-nvidia" -version = "0.1.0" -edition = "2021" -license = "Apache-2.0 OR MIT" -publish = false -build = "../build-defaults.rs" - -[lib] -path = "../defaults-toml.rs" - -[build-dependencies.bottlerocket-defaults-helper] -git = "https://github.com/bottlerocket-os/bottlerocket-settings-sdk" -tag = "bottlerocket-defaults-helper-v0.1.0" -version = "0.1.0" diff --git a/sources/settings-defaults/aws-ecs-2-nvidia/defaults.d/10-defaults.toml b/sources/settings-defaults/aws-ecs-2-nvidia/defaults.d/10-defaults.toml deleted file mode 120000 index a202ba61a..000000000 --- a/sources/settings-defaults/aws-ecs-2-nvidia/defaults.d/10-defaults.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/defaults.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-2-nvidia/defaults.d/15-aws-tuf.toml b/sources/settings-defaults/aws-ecs-2-nvidia/defaults.d/15-aws-tuf.toml deleted file mode 120000 index afcef6a61..000000000 --- a/sources/settings-defaults/aws-ecs-2-nvidia/defaults.d/15-aws-tuf.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/aws-tuf.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-2-nvidia/defaults.d/20-aws-host-containers.toml b/sources/settings-defaults/aws-ecs-2-nvidia/defaults.d/20-aws-host-containers.toml deleted file mode 120000 index 4d404d663..000000000 --- a/sources/settings-defaults/aws-ecs-2-nvidia/defaults.d/20-aws-host-containers.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/aws-host-containers.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-2-nvidia/defaults.d/25-cf-signal.toml b/sources/settings-defaults/aws-ecs-2-nvidia/defaults.d/25-cf-signal.toml deleted file mode 120000 index a33d54165..000000000 --- a/sources/settings-defaults/aws-ecs-2-nvidia/defaults.d/25-cf-signal.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/cf-signal.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-2-nvidia/defaults.d/26-aws-autoscaling.toml b/sources/settings-defaults/aws-ecs-2-nvidia/defaults.d/26-aws-autoscaling.toml deleted file mode 120000 index b579c0182..000000000 --- a/sources/settings-defaults/aws-ecs-2-nvidia/defaults.d/26-aws-autoscaling.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/aws-autoscaling.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-2-nvidia/defaults.d/30-metrics.toml b/sources/settings-defaults/aws-ecs-2-nvidia/defaults.d/30-metrics.toml deleted file mode 120000 index 99f0b2b69..000000000 --- a/sources/settings-defaults/aws-ecs-2-nvidia/defaults.d/30-metrics.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/metrics.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-2-nvidia/defaults.d/31-send-metrics-aws.toml b/sources/settings-defaults/aws-ecs-2-nvidia/defaults.d/31-send-metrics-aws.toml deleted file mode 120000 index 2fefefea7..000000000 --- a/sources/settings-defaults/aws-ecs-2-nvidia/defaults.d/31-send-metrics-aws.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/send-metrics-aws.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-2-nvidia/defaults.d/51-docker-services.toml b/sources/settings-defaults/aws-ecs-2-nvidia/defaults.d/51-docker-services.toml deleted file mode 120000 index a8512f259..000000000 --- a/sources/settings-defaults/aws-ecs-2-nvidia/defaults.d/51-docker-services.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/docker-services.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-2-nvidia/defaults.d/52-aws-ecs-1.toml b/sources/settings-defaults/aws-ecs-2-nvidia/defaults.d/52-aws-ecs-1.toml deleted file mode 120000 index 06ea554fe..000000000 --- a/sources/settings-defaults/aws-ecs-2-nvidia/defaults.d/52-aws-ecs-1.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/ecs.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-2-nvidia/defaults.d/53-docker-daemon.toml b/sources/settings-defaults/aws-ecs-2-nvidia/defaults.d/53-docker-daemon.toml deleted file mode 120000 index 09b29470e..000000000 --- a/sources/settings-defaults/aws-ecs-2-nvidia/defaults.d/53-docker-daemon.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/docker-daemon-nvidia.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-2-nvidia/defaults.d/54-docker-pki.toml b/sources/settings-defaults/aws-ecs-2-nvidia/defaults.d/54-docker-pki.toml deleted file mode 120000 index 203cd2a9a..000000000 --- a/sources/settings-defaults/aws-ecs-2-nvidia/defaults.d/54-docker-pki.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/docker-pki.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-2-nvidia/defaults.d/60-lockdown-none.toml b/sources/settings-defaults/aws-ecs-2-nvidia/defaults.d/60-lockdown-none.toml deleted file mode 120000 index cced54333..000000000 --- a/sources/settings-defaults/aws-ecs-2-nvidia/defaults.d/60-lockdown-none.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/lockdown-none.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-2-nvidia/defaults.d/70-oci-hooks.toml b/sources/settings-defaults/aws-ecs-2-nvidia/defaults.d/70-oci-hooks.toml deleted file mode 120000 index 82b0def22..000000000 --- a/sources/settings-defaults/aws-ecs-2-nvidia/defaults.d/70-oci-hooks.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/nvidia-oci-hooks-docker.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-2-nvidia/defaults.d/75-oci-defaults-docker.toml b/sources/settings-defaults/aws-ecs-2-nvidia/defaults.d/75-oci-defaults-docker.toml deleted file mode 120000 index deb7cd4f6..000000000 --- a/sources/settings-defaults/aws-ecs-2-nvidia/defaults.d/75-oci-defaults-docker.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/oci-defaults-docker.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-2-nvidia/defaults.d/76-oci-defaults-capabilities.toml b/sources/settings-defaults/aws-ecs-2-nvidia/defaults.d/76-oci-defaults-capabilities.toml deleted file mode 120000 index 100c28740..000000000 --- a/sources/settings-defaults/aws-ecs-2-nvidia/defaults.d/76-oci-defaults-capabilities.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/oci-defaults-capabilities.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-2-nvidia/defaults.d/77-oci-defaults-docker-resource-limits.toml b/sources/settings-defaults/aws-ecs-2-nvidia/defaults.d/77-oci-defaults-docker-resource-limits.toml deleted file mode 120000 index 24b077b83..000000000 --- a/sources/settings-defaults/aws-ecs-2-nvidia/defaults.d/77-oci-defaults-docker-resource-limits.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/oci-defaults-docker-resource-limits.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-2-nvidia/defaults.d/80-boot.toml b/sources/settings-defaults/aws-ecs-2-nvidia/defaults.d/80-boot.toml deleted file mode 120000 index 777844745..000000000 --- a/sources/settings-defaults/aws-ecs-2-nvidia/defaults.d/80-boot.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/boot.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-2/Cargo.toml b/sources/settings-defaults/aws-ecs-2/Cargo.toml deleted file mode 100644 index 4166d3d53..000000000 --- a/sources/settings-defaults/aws-ecs-2/Cargo.toml +++ /dev/null @@ -1,15 +0,0 @@ -[package] -name = "settings-defaults-aws-ecs-2" -version = "0.1.0" -edition = "2021" -license = "Apache-2.0 OR MIT" -publish = false -build = "../build-defaults.rs" - -[lib] -path = "../defaults-toml.rs" - -[build-dependencies.bottlerocket-defaults-helper] -git = "https://github.com/bottlerocket-os/bottlerocket-settings-sdk" -tag = "bottlerocket-defaults-helper-v0.1.0" -version = "0.1.0" diff --git a/sources/settings-defaults/aws-ecs-2/defaults.d/10-defaults.toml b/sources/settings-defaults/aws-ecs-2/defaults.d/10-defaults.toml deleted file mode 120000 index a202ba61a..000000000 --- a/sources/settings-defaults/aws-ecs-2/defaults.d/10-defaults.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/defaults.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-2/defaults.d/15-aws-tuf.toml b/sources/settings-defaults/aws-ecs-2/defaults.d/15-aws-tuf.toml deleted file mode 120000 index afcef6a61..000000000 --- a/sources/settings-defaults/aws-ecs-2/defaults.d/15-aws-tuf.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/aws-tuf.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-2/defaults.d/20-aws-host-containers.toml b/sources/settings-defaults/aws-ecs-2/defaults.d/20-aws-host-containers.toml deleted file mode 120000 index 4d404d663..000000000 --- a/sources/settings-defaults/aws-ecs-2/defaults.d/20-aws-host-containers.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/aws-host-containers.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-2/defaults.d/25-cf-signal.toml b/sources/settings-defaults/aws-ecs-2/defaults.d/25-cf-signal.toml deleted file mode 120000 index a33d54165..000000000 --- a/sources/settings-defaults/aws-ecs-2/defaults.d/25-cf-signal.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/cf-signal.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-2/defaults.d/26-aws-autoscaling.toml b/sources/settings-defaults/aws-ecs-2/defaults.d/26-aws-autoscaling.toml deleted file mode 120000 index b579c0182..000000000 --- a/sources/settings-defaults/aws-ecs-2/defaults.d/26-aws-autoscaling.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/aws-autoscaling.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-2/defaults.d/30-metrics.toml b/sources/settings-defaults/aws-ecs-2/defaults.d/30-metrics.toml deleted file mode 120000 index 99f0b2b69..000000000 --- a/sources/settings-defaults/aws-ecs-2/defaults.d/30-metrics.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/metrics.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-2/defaults.d/31-send-metrics-aws.toml b/sources/settings-defaults/aws-ecs-2/defaults.d/31-send-metrics-aws.toml deleted file mode 120000 index 2fefefea7..000000000 --- a/sources/settings-defaults/aws-ecs-2/defaults.d/31-send-metrics-aws.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/send-metrics-aws.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-2/defaults.d/51-docker-services.toml b/sources/settings-defaults/aws-ecs-2/defaults.d/51-docker-services.toml deleted file mode 120000 index a8512f259..000000000 --- a/sources/settings-defaults/aws-ecs-2/defaults.d/51-docker-services.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/docker-services.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-2/defaults.d/52-aws-ecs-1.toml b/sources/settings-defaults/aws-ecs-2/defaults.d/52-aws-ecs-1.toml deleted file mode 120000 index 06ea554fe..000000000 --- a/sources/settings-defaults/aws-ecs-2/defaults.d/52-aws-ecs-1.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/ecs.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-2/defaults.d/53-docker-pki.toml b/sources/settings-defaults/aws-ecs-2/defaults.d/53-docker-pki.toml deleted file mode 120000 index 203cd2a9a..000000000 --- a/sources/settings-defaults/aws-ecs-2/defaults.d/53-docker-pki.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/docker-pki.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-2/defaults.d/60-lockdown-integrity.toml b/sources/settings-defaults/aws-ecs-2/defaults.d/60-lockdown-integrity.toml deleted file mode 120000 index 8b4de873a..000000000 --- a/sources/settings-defaults/aws-ecs-2/defaults.d/60-lockdown-integrity.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/lockdown-integrity.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-2/defaults.d/70-oci-hooks.toml b/sources/settings-defaults/aws-ecs-2/defaults.d/70-oci-hooks.toml deleted file mode 120000 index e7b73c620..000000000 --- a/sources/settings-defaults/aws-ecs-2/defaults.d/70-oci-hooks.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/oci-hooks.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-2/defaults.d/75-oci-defaults-docker.toml b/sources/settings-defaults/aws-ecs-2/defaults.d/75-oci-defaults-docker.toml deleted file mode 120000 index deb7cd4f6..000000000 --- a/sources/settings-defaults/aws-ecs-2/defaults.d/75-oci-defaults-docker.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/oci-defaults-docker.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-2/defaults.d/76-oci-defaults-capabilities.toml b/sources/settings-defaults/aws-ecs-2/defaults.d/76-oci-defaults-capabilities.toml deleted file mode 120000 index 100c28740..000000000 --- a/sources/settings-defaults/aws-ecs-2/defaults.d/76-oci-defaults-capabilities.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/oci-defaults-capabilities.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-2/defaults.d/77-oci-defaults-docker-resource-limits.toml b/sources/settings-defaults/aws-ecs-2/defaults.d/77-oci-defaults-docker-resource-limits.toml deleted file mode 120000 index 24b077b83..000000000 --- a/sources/settings-defaults/aws-ecs-2/defaults.d/77-oci-defaults-docker-resource-limits.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/oci-defaults-docker-resource-limits.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-2/defaults.d/80-boot.toml b/sources/settings-defaults/aws-ecs-2/defaults.d/80-boot.toml deleted file mode 120000 index 777844745..000000000 --- a/sources/settings-defaults/aws-ecs-2/defaults.d/80-boot.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/boot.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.24-nvidia/Cargo.toml b/sources/settings-defaults/aws-k8s-1.24-nvidia/Cargo.toml deleted file mode 100644 index fe0c3f34e..000000000 --- a/sources/settings-defaults/aws-k8s-1.24-nvidia/Cargo.toml +++ /dev/null @@ -1,15 +0,0 @@ -[package] -name = "settings-defaults-aws-k8s-1_24-nvidia" -version = "0.1.0" -edition = "2021" -license = "Apache-2.0 OR MIT" -publish = false -build = "../build-defaults.rs" - -[lib] -path = "../defaults-toml.rs" - -[build-dependencies.bottlerocket-defaults-helper] -git = "https://github.com/bottlerocket-os/bottlerocket-settings-sdk" -tag = "bottlerocket-defaults-helper-v0.1.0" -version = "0.1.0" diff --git a/sources/settings-defaults/aws-k8s-1.24-nvidia/defaults.d/10-defaults.toml b/sources/settings-defaults/aws-k8s-1.24-nvidia/defaults.d/10-defaults.toml deleted file mode 120000 index a202ba61a..000000000 --- a/sources/settings-defaults/aws-k8s-1.24-nvidia/defaults.d/10-defaults.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/defaults.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.24-nvidia/defaults.d/15-aws-tuf.toml b/sources/settings-defaults/aws-k8s-1.24-nvidia/defaults.d/15-aws-tuf.toml deleted file mode 120000 index afcef6a61..000000000 --- a/sources/settings-defaults/aws-k8s-1.24-nvidia/defaults.d/15-aws-tuf.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/aws-tuf.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.24-nvidia/defaults.d/20-aws-host-containers.toml b/sources/settings-defaults/aws-k8s-1.24-nvidia/defaults.d/20-aws-host-containers.toml deleted file mode 120000 index 4d404d663..000000000 --- a/sources/settings-defaults/aws-k8s-1.24-nvidia/defaults.d/20-aws-host-containers.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/aws-host-containers.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.24-nvidia/defaults.d/25-cf-signal.toml b/sources/settings-defaults/aws-k8s-1.24-nvidia/defaults.d/25-cf-signal.toml deleted file mode 120000 index a33d54165..000000000 --- a/sources/settings-defaults/aws-k8s-1.24-nvidia/defaults.d/25-cf-signal.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/cf-signal.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.24-nvidia/defaults.d/26-aws-autoscaling.toml b/sources/settings-defaults/aws-k8s-1.24-nvidia/defaults.d/26-aws-autoscaling.toml deleted file mode 120000 index b579c0182..000000000 --- a/sources/settings-defaults/aws-k8s-1.24-nvidia/defaults.d/26-aws-autoscaling.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/aws-autoscaling.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.24-nvidia/defaults.d/30-metrics.toml b/sources/settings-defaults/aws-k8s-1.24-nvidia/defaults.d/30-metrics.toml deleted file mode 120000 index 99f0b2b69..000000000 --- a/sources/settings-defaults/aws-k8s-1.24-nvidia/defaults.d/30-metrics.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/metrics.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.24-nvidia/defaults.d/31-send-metrics-aws.toml b/sources/settings-defaults/aws-k8s-1.24-nvidia/defaults.d/31-send-metrics-aws.toml deleted file mode 120000 index 2fefefea7..000000000 --- a/sources/settings-defaults/aws-k8s-1.24-nvidia/defaults.d/31-send-metrics-aws.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/send-metrics-aws.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.24-nvidia/defaults.d/40-aws-creds.toml b/sources/settings-defaults/aws-k8s-1.24-nvidia/defaults.d/40-aws-creds.toml deleted file mode 120000 index a6a17e88f..000000000 --- a/sources/settings-defaults/aws-k8s-1.24-nvidia/defaults.d/40-aws-creds.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/aws-creds.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.24-nvidia/defaults.d/50-kubernetes-aws.toml b/sources/settings-defaults/aws-k8s-1.24-nvidia/defaults.d/50-kubernetes-aws.toml deleted file mode 120000 index 7393a2dd3..000000000 --- a/sources/settings-defaults/aws-k8s-1.24-nvidia/defaults.d/50-kubernetes-aws.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/kubernetes-aws.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.24-nvidia/defaults.d/51-kubernetes-containerd-nvidia.toml b/sources/settings-defaults/aws-k8s-1.24-nvidia/defaults.d/51-kubernetes-containerd-nvidia.toml deleted file mode 120000 index e68ab5eaa..000000000 --- a/sources/settings-defaults/aws-k8s-1.24-nvidia/defaults.d/51-kubernetes-containerd-nvidia.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/kubernetes-containerd-nvidia.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.24-nvidia/defaults.d/52-kubernetes-services.toml b/sources/settings-defaults/aws-k8s-1.24-nvidia/defaults.d/52-kubernetes-services.toml deleted file mode 120000 index afab5a7f1..000000000 --- a/sources/settings-defaults/aws-k8s-1.24-nvidia/defaults.d/52-kubernetes-services.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/kubernetes-services.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.24-nvidia/defaults.d/53-containerd-cri-pki.toml b/sources/settings-defaults/aws-k8s-1.24-nvidia/defaults.d/53-containerd-cri-pki.toml deleted file mode 120000 index 2dbf7db78..000000000 --- a/sources/settings-defaults/aws-k8s-1.24-nvidia/defaults.d/53-containerd-cri-pki.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/containerd-cri-pki.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.24-nvidia/defaults.d/60-lockdown-none.toml b/sources/settings-defaults/aws-k8s-1.24-nvidia/defaults.d/60-lockdown-none.toml deleted file mode 120000 index cced54333..000000000 --- a/sources/settings-defaults/aws-k8s-1.24-nvidia/defaults.d/60-lockdown-none.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/lockdown-none.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.24-nvidia/defaults.d/70-oci-hooks.toml b/sources/settings-defaults/aws-k8s-1.24-nvidia/defaults.d/70-oci-hooks.toml deleted file mode 120000 index d91eec452..000000000 --- a/sources/settings-defaults/aws-k8s-1.24-nvidia/defaults.d/70-oci-hooks.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/nvidia-oci-hooks-containerd-cri.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.24-nvidia/defaults.d/75-oci-defaults-containerd-cri.toml b/sources/settings-defaults/aws-k8s-1.24-nvidia/defaults.d/75-oci-defaults-containerd-cri.toml deleted file mode 120000 index 25204d67d..000000000 --- a/sources/settings-defaults/aws-k8s-1.24-nvidia/defaults.d/75-oci-defaults-containerd-cri.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/oci-defaults-containerd-cri.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.24-nvidia/defaults.d/76-oci-defaults-capabilities.toml b/sources/settings-defaults/aws-k8s-1.24-nvidia/defaults.d/76-oci-defaults-capabilities.toml deleted file mode 120000 index 100c28740..000000000 --- a/sources/settings-defaults/aws-k8s-1.24-nvidia/defaults.d/76-oci-defaults-capabilities.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/oci-defaults-capabilities.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.24-nvidia/defaults.d/77-oci-defaults-containerd-cri-resource-limits.toml b/sources/settings-defaults/aws-k8s-1.24-nvidia/defaults.d/77-oci-defaults-containerd-cri-resource-limits.toml deleted file mode 120000 index 7f0621357..000000000 --- a/sources/settings-defaults/aws-k8s-1.24-nvidia/defaults.d/77-oci-defaults-containerd-cri-resource-limits.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/oci-defaults-containerd-cri-resource-limits.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.24-nvidia/defaults.d/90-boot.toml b/sources/settings-defaults/aws-k8s-1.24-nvidia/defaults.d/90-boot.toml deleted file mode 120000 index 777844745..000000000 --- a/sources/settings-defaults/aws-k8s-1.24-nvidia/defaults.d/90-boot.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/boot.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.24/Cargo.toml b/sources/settings-defaults/aws-k8s-1.24/Cargo.toml deleted file mode 100644 index 5d315e411..000000000 --- a/sources/settings-defaults/aws-k8s-1.24/Cargo.toml +++ /dev/null @@ -1,15 +0,0 @@ -[package] -name = "settings-defaults-aws-k8s-1_24" -version = "0.1.0" -edition = "2021" -license = "Apache-2.0 OR MIT" -publish = false -build = "../build-defaults.rs" - -[lib] -path = "../defaults-toml.rs" - -[build-dependencies.bottlerocket-defaults-helper] -git = "https://github.com/bottlerocket-os/bottlerocket-settings-sdk" -tag = "bottlerocket-defaults-helper-v0.1.0" -version = "0.1.0" diff --git a/sources/settings-defaults/aws-k8s-1.24/defaults.d/10-defaults.toml b/sources/settings-defaults/aws-k8s-1.24/defaults.d/10-defaults.toml deleted file mode 120000 index a202ba61a..000000000 --- a/sources/settings-defaults/aws-k8s-1.24/defaults.d/10-defaults.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/defaults.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.24/defaults.d/15-aws-tuf.toml b/sources/settings-defaults/aws-k8s-1.24/defaults.d/15-aws-tuf.toml deleted file mode 120000 index afcef6a61..000000000 --- a/sources/settings-defaults/aws-k8s-1.24/defaults.d/15-aws-tuf.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/aws-tuf.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.24/defaults.d/20-aws-host-containers.toml b/sources/settings-defaults/aws-k8s-1.24/defaults.d/20-aws-host-containers.toml deleted file mode 120000 index 4d404d663..000000000 --- a/sources/settings-defaults/aws-k8s-1.24/defaults.d/20-aws-host-containers.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/aws-host-containers.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.24/defaults.d/25-cf-signal.toml b/sources/settings-defaults/aws-k8s-1.24/defaults.d/25-cf-signal.toml deleted file mode 120000 index a33d54165..000000000 --- a/sources/settings-defaults/aws-k8s-1.24/defaults.d/25-cf-signal.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/cf-signal.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.24/defaults.d/26-aws-autoscaling.toml b/sources/settings-defaults/aws-k8s-1.24/defaults.d/26-aws-autoscaling.toml deleted file mode 120000 index b579c0182..000000000 --- a/sources/settings-defaults/aws-k8s-1.24/defaults.d/26-aws-autoscaling.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/aws-autoscaling.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.24/defaults.d/30-metrics.toml b/sources/settings-defaults/aws-k8s-1.24/defaults.d/30-metrics.toml deleted file mode 120000 index 99f0b2b69..000000000 --- a/sources/settings-defaults/aws-k8s-1.24/defaults.d/30-metrics.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/metrics.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.24/defaults.d/31-send-metrics-aws.toml b/sources/settings-defaults/aws-k8s-1.24/defaults.d/31-send-metrics-aws.toml deleted file mode 120000 index 2fefefea7..000000000 --- a/sources/settings-defaults/aws-k8s-1.24/defaults.d/31-send-metrics-aws.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/send-metrics-aws.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.24/defaults.d/40-aws-creds.toml b/sources/settings-defaults/aws-k8s-1.24/defaults.d/40-aws-creds.toml deleted file mode 120000 index a6a17e88f..000000000 --- a/sources/settings-defaults/aws-k8s-1.24/defaults.d/40-aws-creds.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/aws-creds.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.24/defaults.d/50-kubernetes-aws.toml b/sources/settings-defaults/aws-k8s-1.24/defaults.d/50-kubernetes-aws.toml deleted file mode 120000 index 7393a2dd3..000000000 --- a/sources/settings-defaults/aws-k8s-1.24/defaults.d/50-kubernetes-aws.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/kubernetes-aws.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.24/defaults.d/51-kubernetes-containerd.toml b/sources/settings-defaults/aws-k8s-1.24/defaults.d/51-kubernetes-containerd.toml deleted file mode 120000 index 08196a5ed..000000000 --- a/sources/settings-defaults/aws-k8s-1.24/defaults.d/51-kubernetes-containerd.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/kubernetes-containerd.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.24/defaults.d/52-kubernetes-services.toml b/sources/settings-defaults/aws-k8s-1.24/defaults.d/52-kubernetes-services.toml deleted file mode 120000 index afab5a7f1..000000000 --- a/sources/settings-defaults/aws-k8s-1.24/defaults.d/52-kubernetes-services.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/kubernetes-services.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.24/defaults.d/53-containerd-cri-pki.toml b/sources/settings-defaults/aws-k8s-1.24/defaults.d/53-containerd-cri-pki.toml deleted file mode 120000 index 2dbf7db78..000000000 --- a/sources/settings-defaults/aws-k8s-1.24/defaults.d/53-containerd-cri-pki.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/containerd-cri-pki.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.24/defaults.d/60-lockdown-integrity.toml b/sources/settings-defaults/aws-k8s-1.24/defaults.d/60-lockdown-integrity.toml deleted file mode 120000 index 8b4de873a..000000000 --- a/sources/settings-defaults/aws-k8s-1.24/defaults.d/60-lockdown-integrity.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/lockdown-integrity.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.24/defaults.d/70-oci-hooks.toml b/sources/settings-defaults/aws-k8s-1.24/defaults.d/70-oci-hooks.toml deleted file mode 120000 index e7b73c620..000000000 --- a/sources/settings-defaults/aws-k8s-1.24/defaults.d/70-oci-hooks.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/oci-hooks.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.24/defaults.d/75-oci-defaults-containerd-cri.toml b/sources/settings-defaults/aws-k8s-1.24/defaults.d/75-oci-defaults-containerd-cri.toml deleted file mode 120000 index 25204d67d..000000000 --- a/sources/settings-defaults/aws-k8s-1.24/defaults.d/75-oci-defaults-containerd-cri.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/oci-defaults-containerd-cri.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.24/defaults.d/76-oci-defaults-capabilities.toml b/sources/settings-defaults/aws-k8s-1.24/defaults.d/76-oci-defaults-capabilities.toml deleted file mode 120000 index 100c28740..000000000 --- a/sources/settings-defaults/aws-k8s-1.24/defaults.d/76-oci-defaults-capabilities.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/oci-defaults-capabilities.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.24/defaults.d/77-oci-defaults-containerd-cri-resource-limits.toml b/sources/settings-defaults/aws-k8s-1.24/defaults.d/77-oci-defaults-containerd-cri-resource-limits.toml deleted file mode 120000 index 7f0621357..000000000 --- a/sources/settings-defaults/aws-k8s-1.24/defaults.d/77-oci-defaults-containerd-cri-resource-limits.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/oci-defaults-containerd-cri-resource-limits.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.24/defaults.d/90-boot.toml b/sources/settings-defaults/aws-k8s-1.24/defaults.d/90-boot.toml deleted file mode 120000 index 777844745..000000000 --- a/sources/settings-defaults/aws-k8s-1.24/defaults.d/90-boot.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/boot.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.25-nvidia/Cargo.toml b/sources/settings-defaults/aws-k8s-1.25-nvidia/Cargo.toml deleted file mode 100644 index 412ef2497..000000000 --- a/sources/settings-defaults/aws-k8s-1.25-nvidia/Cargo.toml +++ /dev/null @@ -1,15 +0,0 @@ -[package] -name = "settings-defaults-aws-k8s-1_25-nvidia" -version = "0.1.0" -edition = "2021" -license = "Apache-2.0 OR MIT" -publish = false -build = "../build-defaults.rs" - -[lib] -path = "../defaults-toml.rs" - -[build-dependencies.bottlerocket-defaults-helper] -git = "https://github.com/bottlerocket-os/bottlerocket-settings-sdk" -tag = "bottlerocket-defaults-helper-v0.1.0" -version = "0.1.0" diff --git a/sources/settings-defaults/aws-k8s-1.25-nvidia/defaults.d/10-defaults.toml b/sources/settings-defaults/aws-k8s-1.25-nvidia/defaults.d/10-defaults.toml deleted file mode 120000 index a202ba61a..000000000 --- a/sources/settings-defaults/aws-k8s-1.25-nvidia/defaults.d/10-defaults.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/defaults.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.25-nvidia/defaults.d/15-aws-tuf.toml b/sources/settings-defaults/aws-k8s-1.25-nvidia/defaults.d/15-aws-tuf.toml deleted file mode 120000 index afcef6a61..000000000 --- a/sources/settings-defaults/aws-k8s-1.25-nvidia/defaults.d/15-aws-tuf.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/aws-tuf.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.25-nvidia/defaults.d/20-aws-host-containers.toml b/sources/settings-defaults/aws-k8s-1.25-nvidia/defaults.d/20-aws-host-containers.toml deleted file mode 120000 index 4d404d663..000000000 --- a/sources/settings-defaults/aws-k8s-1.25-nvidia/defaults.d/20-aws-host-containers.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/aws-host-containers.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.25-nvidia/defaults.d/25-cf-signal.toml b/sources/settings-defaults/aws-k8s-1.25-nvidia/defaults.d/25-cf-signal.toml deleted file mode 120000 index a33d54165..000000000 --- a/sources/settings-defaults/aws-k8s-1.25-nvidia/defaults.d/25-cf-signal.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/cf-signal.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.25-nvidia/defaults.d/26-aws-autoscaling.toml b/sources/settings-defaults/aws-k8s-1.25-nvidia/defaults.d/26-aws-autoscaling.toml deleted file mode 120000 index b579c0182..000000000 --- a/sources/settings-defaults/aws-k8s-1.25-nvidia/defaults.d/26-aws-autoscaling.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/aws-autoscaling.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.25-nvidia/defaults.d/30-metrics.toml b/sources/settings-defaults/aws-k8s-1.25-nvidia/defaults.d/30-metrics.toml deleted file mode 120000 index 99f0b2b69..000000000 --- a/sources/settings-defaults/aws-k8s-1.25-nvidia/defaults.d/30-metrics.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/metrics.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.25-nvidia/defaults.d/31-send-metrics-aws.toml b/sources/settings-defaults/aws-k8s-1.25-nvidia/defaults.d/31-send-metrics-aws.toml deleted file mode 120000 index 2fefefea7..000000000 --- a/sources/settings-defaults/aws-k8s-1.25-nvidia/defaults.d/31-send-metrics-aws.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/send-metrics-aws.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.25-nvidia/defaults.d/40-aws-creds.toml b/sources/settings-defaults/aws-k8s-1.25-nvidia/defaults.d/40-aws-creds.toml deleted file mode 120000 index a6a17e88f..000000000 --- a/sources/settings-defaults/aws-k8s-1.25-nvidia/defaults.d/40-aws-creds.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/aws-creds.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.25-nvidia/defaults.d/50-kubernetes-aws.toml b/sources/settings-defaults/aws-k8s-1.25-nvidia/defaults.d/50-kubernetes-aws.toml deleted file mode 120000 index 7393a2dd3..000000000 --- a/sources/settings-defaults/aws-k8s-1.25-nvidia/defaults.d/50-kubernetes-aws.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/kubernetes-aws.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.25-nvidia/defaults.d/51-kubernetes-containerd-nvidia.toml b/sources/settings-defaults/aws-k8s-1.25-nvidia/defaults.d/51-kubernetes-containerd-nvidia.toml deleted file mode 120000 index e68ab5eaa..000000000 --- a/sources/settings-defaults/aws-k8s-1.25-nvidia/defaults.d/51-kubernetes-containerd-nvidia.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/kubernetes-containerd-nvidia.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.25-nvidia/defaults.d/52-kubernetes-services.toml b/sources/settings-defaults/aws-k8s-1.25-nvidia/defaults.d/52-kubernetes-services.toml deleted file mode 120000 index afab5a7f1..000000000 --- a/sources/settings-defaults/aws-k8s-1.25-nvidia/defaults.d/52-kubernetes-services.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/kubernetes-services.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.25-nvidia/defaults.d/53-containerd-cri-pki.toml b/sources/settings-defaults/aws-k8s-1.25-nvidia/defaults.d/53-containerd-cri-pki.toml deleted file mode 120000 index 2dbf7db78..000000000 --- a/sources/settings-defaults/aws-k8s-1.25-nvidia/defaults.d/53-containerd-cri-pki.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/containerd-cri-pki.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.25-nvidia/defaults.d/54-kubernetes-seccomp-default-false.toml b/sources/settings-defaults/aws-k8s-1.25-nvidia/defaults.d/54-kubernetes-seccomp-default-false.toml deleted file mode 120000 index b1132e002..000000000 --- a/sources/settings-defaults/aws-k8s-1.25-nvidia/defaults.d/54-kubernetes-seccomp-default-false.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/kubernetes-seccomp-default-false.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.25-nvidia/defaults.d/60-lockdown-none.toml b/sources/settings-defaults/aws-k8s-1.25-nvidia/defaults.d/60-lockdown-none.toml deleted file mode 120000 index cced54333..000000000 --- a/sources/settings-defaults/aws-k8s-1.25-nvidia/defaults.d/60-lockdown-none.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/lockdown-none.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.25-nvidia/defaults.d/70-oci-hooks.toml b/sources/settings-defaults/aws-k8s-1.25-nvidia/defaults.d/70-oci-hooks.toml deleted file mode 120000 index d91eec452..000000000 --- a/sources/settings-defaults/aws-k8s-1.25-nvidia/defaults.d/70-oci-hooks.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/nvidia-oci-hooks-containerd-cri.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.25-nvidia/defaults.d/75-oci-defaults-containerd-cri.toml b/sources/settings-defaults/aws-k8s-1.25-nvidia/defaults.d/75-oci-defaults-containerd-cri.toml deleted file mode 120000 index 25204d67d..000000000 --- a/sources/settings-defaults/aws-k8s-1.25-nvidia/defaults.d/75-oci-defaults-containerd-cri.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/oci-defaults-containerd-cri.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.25-nvidia/defaults.d/76-oci-defaults-capabilities.toml b/sources/settings-defaults/aws-k8s-1.25-nvidia/defaults.d/76-oci-defaults-capabilities.toml deleted file mode 120000 index 100c28740..000000000 --- a/sources/settings-defaults/aws-k8s-1.25-nvidia/defaults.d/76-oci-defaults-capabilities.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/oci-defaults-capabilities.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.25-nvidia/defaults.d/77-oci-defaults-containerd-cri-resource-limits.toml b/sources/settings-defaults/aws-k8s-1.25-nvidia/defaults.d/77-oci-defaults-containerd-cri-resource-limits.toml deleted file mode 120000 index 7f0621357..000000000 --- a/sources/settings-defaults/aws-k8s-1.25-nvidia/defaults.d/77-oci-defaults-containerd-cri-resource-limits.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/oci-defaults-containerd-cri-resource-limits.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.25-nvidia/defaults.d/90-boot.toml b/sources/settings-defaults/aws-k8s-1.25-nvidia/defaults.d/90-boot.toml deleted file mode 120000 index 777844745..000000000 --- a/sources/settings-defaults/aws-k8s-1.25-nvidia/defaults.d/90-boot.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/boot.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.25/Cargo.toml b/sources/settings-defaults/aws-k8s-1.25/Cargo.toml deleted file mode 100644 index ca37703e4..000000000 --- a/sources/settings-defaults/aws-k8s-1.25/Cargo.toml +++ /dev/null @@ -1,15 +0,0 @@ -[package] -name = "settings-defaults-aws-k8s-1_25" -version = "0.1.0" -edition = "2021" -license = "Apache-2.0 OR MIT" -publish = false -build = "../build-defaults.rs" - -[lib] -path = "../defaults-toml.rs" - -[build-dependencies.bottlerocket-defaults-helper] -git = "https://github.com/bottlerocket-os/bottlerocket-settings-sdk" -tag = "bottlerocket-defaults-helper-v0.1.0" -version = "0.1.0" diff --git a/sources/settings-defaults/aws-k8s-1.25/defaults.d/10-defaults.toml b/sources/settings-defaults/aws-k8s-1.25/defaults.d/10-defaults.toml deleted file mode 120000 index a202ba61a..000000000 --- a/sources/settings-defaults/aws-k8s-1.25/defaults.d/10-defaults.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/defaults.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.25/defaults.d/15-aws-tuf.toml b/sources/settings-defaults/aws-k8s-1.25/defaults.d/15-aws-tuf.toml deleted file mode 120000 index afcef6a61..000000000 --- a/sources/settings-defaults/aws-k8s-1.25/defaults.d/15-aws-tuf.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/aws-tuf.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.25/defaults.d/20-aws-host-containers.toml b/sources/settings-defaults/aws-k8s-1.25/defaults.d/20-aws-host-containers.toml deleted file mode 120000 index 4d404d663..000000000 --- a/sources/settings-defaults/aws-k8s-1.25/defaults.d/20-aws-host-containers.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/aws-host-containers.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.25/defaults.d/25-cf-signal.toml b/sources/settings-defaults/aws-k8s-1.25/defaults.d/25-cf-signal.toml deleted file mode 120000 index a33d54165..000000000 --- a/sources/settings-defaults/aws-k8s-1.25/defaults.d/25-cf-signal.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/cf-signal.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.25/defaults.d/26-aws-autoscaling.toml b/sources/settings-defaults/aws-k8s-1.25/defaults.d/26-aws-autoscaling.toml deleted file mode 120000 index b579c0182..000000000 --- a/sources/settings-defaults/aws-k8s-1.25/defaults.d/26-aws-autoscaling.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/aws-autoscaling.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.25/defaults.d/30-metrics.toml b/sources/settings-defaults/aws-k8s-1.25/defaults.d/30-metrics.toml deleted file mode 120000 index 99f0b2b69..000000000 --- a/sources/settings-defaults/aws-k8s-1.25/defaults.d/30-metrics.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/metrics.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.25/defaults.d/31-send-metrics-aws.toml b/sources/settings-defaults/aws-k8s-1.25/defaults.d/31-send-metrics-aws.toml deleted file mode 120000 index 2fefefea7..000000000 --- a/sources/settings-defaults/aws-k8s-1.25/defaults.d/31-send-metrics-aws.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/send-metrics-aws.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.25/defaults.d/40-aws-creds.toml b/sources/settings-defaults/aws-k8s-1.25/defaults.d/40-aws-creds.toml deleted file mode 120000 index a6a17e88f..000000000 --- a/sources/settings-defaults/aws-k8s-1.25/defaults.d/40-aws-creds.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/aws-creds.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.25/defaults.d/50-kubernetes-aws.toml b/sources/settings-defaults/aws-k8s-1.25/defaults.d/50-kubernetes-aws.toml deleted file mode 120000 index 7393a2dd3..000000000 --- a/sources/settings-defaults/aws-k8s-1.25/defaults.d/50-kubernetes-aws.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/kubernetes-aws.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.25/defaults.d/51-kubernetes-containerd.toml b/sources/settings-defaults/aws-k8s-1.25/defaults.d/51-kubernetes-containerd.toml deleted file mode 120000 index 08196a5ed..000000000 --- a/sources/settings-defaults/aws-k8s-1.25/defaults.d/51-kubernetes-containerd.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/kubernetes-containerd.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.25/defaults.d/52-kubernetes-services.toml b/sources/settings-defaults/aws-k8s-1.25/defaults.d/52-kubernetes-services.toml deleted file mode 120000 index afab5a7f1..000000000 --- a/sources/settings-defaults/aws-k8s-1.25/defaults.d/52-kubernetes-services.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/kubernetes-services.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.25/defaults.d/53-containerd-cri-pki.toml b/sources/settings-defaults/aws-k8s-1.25/defaults.d/53-containerd-cri-pki.toml deleted file mode 120000 index 2dbf7db78..000000000 --- a/sources/settings-defaults/aws-k8s-1.25/defaults.d/53-containerd-cri-pki.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/containerd-cri-pki.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.25/defaults.d/54-kubernetes-seccomp-default-false.toml b/sources/settings-defaults/aws-k8s-1.25/defaults.d/54-kubernetes-seccomp-default-false.toml deleted file mode 120000 index b1132e002..000000000 --- a/sources/settings-defaults/aws-k8s-1.25/defaults.d/54-kubernetes-seccomp-default-false.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/kubernetes-seccomp-default-false.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.25/defaults.d/60-lockdown-integrity.toml b/sources/settings-defaults/aws-k8s-1.25/defaults.d/60-lockdown-integrity.toml deleted file mode 120000 index 8b4de873a..000000000 --- a/sources/settings-defaults/aws-k8s-1.25/defaults.d/60-lockdown-integrity.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/lockdown-integrity.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.25/defaults.d/70-oci-hooks.toml b/sources/settings-defaults/aws-k8s-1.25/defaults.d/70-oci-hooks.toml deleted file mode 120000 index e7b73c620..000000000 --- a/sources/settings-defaults/aws-k8s-1.25/defaults.d/70-oci-hooks.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/oci-hooks.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.25/defaults.d/75-oci-defaults-containerd-cri.toml b/sources/settings-defaults/aws-k8s-1.25/defaults.d/75-oci-defaults-containerd-cri.toml deleted file mode 120000 index 25204d67d..000000000 --- a/sources/settings-defaults/aws-k8s-1.25/defaults.d/75-oci-defaults-containerd-cri.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/oci-defaults-containerd-cri.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.25/defaults.d/76-oci-defaults-capabilities.toml b/sources/settings-defaults/aws-k8s-1.25/defaults.d/76-oci-defaults-capabilities.toml deleted file mode 120000 index 100c28740..000000000 --- a/sources/settings-defaults/aws-k8s-1.25/defaults.d/76-oci-defaults-capabilities.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/oci-defaults-capabilities.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.25/defaults.d/77-oci-defaults-containerd-cri-resource-limits.toml b/sources/settings-defaults/aws-k8s-1.25/defaults.d/77-oci-defaults-containerd-cri-resource-limits.toml deleted file mode 120000 index 7f0621357..000000000 --- a/sources/settings-defaults/aws-k8s-1.25/defaults.d/77-oci-defaults-containerd-cri-resource-limits.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/oci-defaults-containerd-cri-resource-limits.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.25/defaults.d/90-boot.toml b/sources/settings-defaults/aws-k8s-1.25/defaults.d/90-boot.toml deleted file mode 120000 index 777844745..000000000 --- a/sources/settings-defaults/aws-k8s-1.25/defaults.d/90-boot.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/boot.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.26-nvidia/Cargo.toml b/sources/settings-defaults/aws-k8s-1.26-nvidia/Cargo.toml deleted file mode 100644 index acb300023..000000000 --- a/sources/settings-defaults/aws-k8s-1.26-nvidia/Cargo.toml +++ /dev/null @@ -1,15 +0,0 @@ -[package] -name = "settings-defaults-aws-k8s-1_26-nvidia" -version = "0.1.0" -edition = "2021" -license = "Apache-2.0 OR MIT" -publish = false -build = "../build-defaults.rs" - -[lib] -path = "../defaults-toml.rs" - -[build-dependencies.bottlerocket-defaults-helper] -git = "https://github.com/bottlerocket-os/bottlerocket-settings-sdk" -tag = "bottlerocket-defaults-helper-v0.1.0" -version = "0.1.0" diff --git a/sources/settings-defaults/aws-k8s-1.26-nvidia/defaults.d/10-defaults.toml b/sources/settings-defaults/aws-k8s-1.26-nvidia/defaults.d/10-defaults.toml deleted file mode 120000 index a202ba61a..000000000 --- a/sources/settings-defaults/aws-k8s-1.26-nvidia/defaults.d/10-defaults.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/defaults.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.26-nvidia/defaults.d/15-aws-tuf.toml b/sources/settings-defaults/aws-k8s-1.26-nvidia/defaults.d/15-aws-tuf.toml deleted file mode 120000 index afcef6a61..000000000 --- a/sources/settings-defaults/aws-k8s-1.26-nvidia/defaults.d/15-aws-tuf.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/aws-tuf.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.26-nvidia/defaults.d/20-aws-host-containers.toml b/sources/settings-defaults/aws-k8s-1.26-nvidia/defaults.d/20-aws-host-containers.toml deleted file mode 120000 index 4d404d663..000000000 --- a/sources/settings-defaults/aws-k8s-1.26-nvidia/defaults.d/20-aws-host-containers.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/aws-host-containers.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.26-nvidia/defaults.d/25-cf-signal.toml b/sources/settings-defaults/aws-k8s-1.26-nvidia/defaults.d/25-cf-signal.toml deleted file mode 120000 index a33d54165..000000000 --- a/sources/settings-defaults/aws-k8s-1.26-nvidia/defaults.d/25-cf-signal.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/cf-signal.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.26-nvidia/defaults.d/26-aws-autoscaling.toml b/sources/settings-defaults/aws-k8s-1.26-nvidia/defaults.d/26-aws-autoscaling.toml deleted file mode 120000 index b579c0182..000000000 --- a/sources/settings-defaults/aws-k8s-1.26-nvidia/defaults.d/26-aws-autoscaling.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/aws-autoscaling.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.26-nvidia/defaults.d/30-metrics.toml b/sources/settings-defaults/aws-k8s-1.26-nvidia/defaults.d/30-metrics.toml deleted file mode 120000 index 99f0b2b69..000000000 --- a/sources/settings-defaults/aws-k8s-1.26-nvidia/defaults.d/30-metrics.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/metrics.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.26-nvidia/defaults.d/31-send-metrics-aws.toml b/sources/settings-defaults/aws-k8s-1.26-nvidia/defaults.d/31-send-metrics-aws.toml deleted file mode 120000 index 2fefefea7..000000000 --- a/sources/settings-defaults/aws-k8s-1.26-nvidia/defaults.d/31-send-metrics-aws.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/send-metrics-aws.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.26-nvidia/defaults.d/40-aws-creds.toml b/sources/settings-defaults/aws-k8s-1.26-nvidia/defaults.d/40-aws-creds.toml deleted file mode 120000 index a6a17e88f..000000000 --- a/sources/settings-defaults/aws-k8s-1.26-nvidia/defaults.d/40-aws-creds.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/aws-creds.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.26-nvidia/defaults.d/50-kubernetes-aws.toml b/sources/settings-defaults/aws-k8s-1.26-nvidia/defaults.d/50-kubernetes-aws.toml deleted file mode 120000 index 7393a2dd3..000000000 --- a/sources/settings-defaults/aws-k8s-1.26-nvidia/defaults.d/50-kubernetes-aws.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/kubernetes-aws.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.26-nvidia/defaults.d/51-kubernetes-containerd-nvidia.toml b/sources/settings-defaults/aws-k8s-1.26-nvidia/defaults.d/51-kubernetes-containerd-nvidia.toml deleted file mode 120000 index e68ab5eaa..000000000 --- a/sources/settings-defaults/aws-k8s-1.26-nvidia/defaults.d/51-kubernetes-containerd-nvidia.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/kubernetes-containerd-nvidia.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.26-nvidia/defaults.d/52-kubernetes-services.toml b/sources/settings-defaults/aws-k8s-1.26-nvidia/defaults.d/52-kubernetes-services.toml deleted file mode 120000 index afab5a7f1..000000000 --- a/sources/settings-defaults/aws-k8s-1.26-nvidia/defaults.d/52-kubernetes-services.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/kubernetes-services.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.26-nvidia/defaults.d/53-containerd-cri-pki.toml b/sources/settings-defaults/aws-k8s-1.26-nvidia/defaults.d/53-containerd-cri-pki.toml deleted file mode 120000 index 2dbf7db78..000000000 --- a/sources/settings-defaults/aws-k8s-1.26-nvidia/defaults.d/53-containerd-cri-pki.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/containerd-cri-pki.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.26-nvidia/defaults.d/54-kubernetes-aws-external-cloud-provider.toml b/sources/settings-defaults/aws-k8s-1.26-nvidia/defaults.d/54-kubernetes-aws-external-cloud-provider.toml deleted file mode 120000 index cb2c4be2e..000000000 --- a/sources/settings-defaults/aws-k8s-1.26-nvidia/defaults.d/54-kubernetes-aws-external-cloud-provider.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/kubernetes-aws-external-cloud-provider.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.26-nvidia/defaults.d/54-kubernetes-seccomp-default-false.toml b/sources/settings-defaults/aws-k8s-1.26-nvidia/defaults.d/54-kubernetes-seccomp-default-false.toml deleted file mode 120000 index b1132e002..000000000 --- a/sources/settings-defaults/aws-k8s-1.26-nvidia/defaults.d/54-kubernetes-seccomp-default-false.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/kubernetes-seccomp-default-false.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.26-nvidia/defaults.d/60-lockdown-none.toml b/sources/settings-defaults/aws-k8s-1.26-nvidia/defaults.d/60-lockdown-none.toml deleted file mode 120000 index cced54333..000000000 --- a/sources/settings-defaults/aws-k8s-1.26-nvidia/defaults.d/60-lockdown-none.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/lockdown-none.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.26-nvidia/defaults.d/70-oci-hooks.toml b/sources/settings-defaults/aws-k8s-1.26-nvidia/defaults.d/70-oci-hooks.toml deleted file mode 120000 index d91eec452..000000000 --- a/sources/settings-defaults/aws-k8s-1.26-nvidia/defaults.d/70-oci-hooks.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/nvidia-oci-hooks-containerd-cri.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.26-nvidia/defaults.d/75-oci-defaults-containerd-cri.toml b/sources/settings-defaults/aws-k8s-1.26-nvidia/defaults.d/75-oci-defaults-containerd-cri.toml deleted file mode 120000 index 25204d67d..000000000 --- a/sources/settings-defaults/aws-k8s-1.26-nvidia/defaults.d/75-oci-defaults-containerd-cri.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/oci-defaults-containerd-cri.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.26-nvidia/defaults.d/76-oci-defaults-capabilities.toml b/sources/settings-defaults/aws-k8s-1.26-nvidia/defaults.d/76-oci-defaults-capabilities.toml deleted file mode 120000 index 100c28740..000000000 --- a/sources/settings-defaults/aws-k8s-1.26-nvidia/defaults.d/76-oci-defaults-capabilities.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/oci-defaults-capabilities.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.26-nvidia/defaults.d/77-oci-defaults-containerd-cri-resource-limits.toml b/sources/settings-defaults/aws-k8s-1.26-nvidia/defaults.d/77-oci-defaults-containerd-cri-resource-limits.toml deleted file mode 120000 index 7f0621357..000000000 --- a/sources/settings-defaults/aws-k8s-1.26-nvidia/defaults.d/77-oci-defaults-containerd-cri-resource-limits.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/oci-defaults-containerd-cri-resource-limits.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.26-nvidia/defaults.d/90-boot.toml b/sources/settings-defaults/aws-k8s-1.26-nvidia/defaults.d/90-boot.toml deleted file mode 120000 index 777844745..000000000 --- a/sources/settings-defaults/aws-k8s-1.26-nvidia/defaults.d/90-boot.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/boot.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.26/Cargo.toml b/sources/settings-defaults/aws-k8s-1.26/Cargo.toml deleted file mode 100644 index b8947b9f1..000000000 --- a/sources/settings-defaults/aws-k8s-1.26/Cargo.toml +++ /dev/null @@ -1,15 +0,0 @@ -[package] -name = "settings-defaults-aws-k8s-1_26" -version = "0.1.0" -edition = "2021" -license = "Apache-2.0 OR MIT" -publish = false -build = "../build-defaults.rs" - -[lib] -path = "../defaults-toml.rs" - -[build-dependencies.bottlerocket-defaults-helper] -git = "https://github.com/bottlerocket-os/bottlerocket-settings-sdk" -tag = "bottlerocket-defaults-helper-v0.1.0" -version = "0.1.0" diff --git a/sources/settings-defaults/aws-k8s-1.26/defaults.d/10-defaults.toml b/sources/settings-defaults/aws-k8s-1.26/defaults.d/10-defaults.toml deleted file mode 120000 index a202ba61a..000000000 --- a/sources/settings-defaults/aws-k8s-1.26/defaults.d/10-defaults.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/defaults.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.26/defaults.d/15-aws-tuf.toml b/sources/settings-defaults/aws-k8s-1.26/defaults.d/15-aws-tuf.toml deleted file mode 120000 index afcef6a61..000000000 --- a/sources/settings-defaults/aws-k8s-1.26/defaults.d/15-aws-tuf.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/aws-tuf.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.26/defaults.d/20-aws-host-containers.toml b/sources/settings-defaults/aws-k8s-1.26/defaults.d/20-aws-host-containers.toml deleted file mode 120000 index 4d404d663..000000000 --- a/sources/settings-defaults/aws-k8s-1.26/defaults.d/20-aws-host-containers.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/aws-host-containers.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.26/defaults.d/25-cf-signal.toml b/sources/settings-defaults/aws-k8s-1.26/defaults.d/25-cf-signal.toml deleted file mode 120000 index a33d54165..000000000 --- a/sources/settings-defaults/aws-k8s-1.26/defaults.d/25-cf-signal.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/cf-signal.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.26/defaults.d/26-aws-autoscaling.toml b/sources/settings-defaults/aws-k8s-1.26/defaults.d/26-aws-autoscaling.toml deleted file mode 120000 index b579c0182..000000000 --- a/sources/settings-defaults/aws-k8s-1.26/defaults.d/26-aws-autoscaling.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/aws-autoscaling.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.26/defaults.d/30-metrics.toml b/sources/settings-defaults/aws-k8s-1.26/defaults.d/30-metrics.toml deleted file mode 120000 index 99f0b2b69..000000000 --- a/sources/settings-defaults/aws-k8s-1.26/defaults.d/30-metrics.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/metrics.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.26/defaults.d/31-send-metrics-aws.toml b/sources/settings-defaults/aws-k8s-1.26/defaults.d/31-send-metrics-aws.toml deleted file mode 120000 index 2fefefea7..000000000 --- a/sources/settings-defaults/aws-k8s-1.26/defaults.d/31-send-metrics-aws.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/send-metrics-aws.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.26/defaults.d/40-aws-creds.toml b/sources/settings-defaults/aws-k8s-1.26/defaults.d/40-aws-creds.toml deleted file mode 120000 index a6a17e88f..000000000 --- a/sources/settings-defaults/aws-k8s-1.26/defaults.d/40-aws-creds.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/aws-creds.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.26/defaults.d/50-kubernetes-aws.toml b/sources/settings-defaults/aws-k8s-1.26/defaults.d/50-kubernetes-aws.toml deleted file mode 120000 index 7393a2dd3..000000000 --- a/sources/settings-defaults/aws-k8s-1.26/defaults.d/50-kubernetes-aws.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/kubernetes-aws.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.26/defaults.d/51-kubernetes-containerd.toml b/sources/settings-defaults/aws-k8s-1.26/defaults.d/51-kubernetes-containerd.toml deleted file mode 120000 index 08196a5ed..000000000 --- a/sources/settings-defaults/aws-k8s-1.26/defaults.d/51-kubernetes-containerd.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/kubernetes-containerd.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.26/defaults.d/52-kubernetes-services.toml b/sources/settings-defaults/aws-k8s-1.26/defaults.d/52-kubernetes-services.toml deleted file mode 120000 index afab5a7f1..000000000 --- a/sources/settings-defaults/aws-k8s-1.26/defaults.d/52-kubernetes-services.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/kubernetes-services.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.26/defaults.d/53-containerd-cri-pki.toml b/sources/settings-defaults/aws-k8s-1.26/defaults.d/53-containerd-cri-pki.toml deleted file mode 120000 index 2dbf7db78..000000000 --- a/sources/settings-defaults/aws-k8s-1.26/defaults.d/53-containerd-cri-pki.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/containerd-cri-pki.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.26/defaults.d/54-kubernetes-aws-external-cloud-provider.toml b/sources/settings-defaults/aws-k8s-1.26/defaults.d/54-kubernetes-aws-external-cloud-provider.toml deleted file mode 120000 index cb2c4be2e..000000000 --- a/sources/settings-defaults/aws-k8s-1.26/defaults.d/54-kubernetes-aws-external-cloud-provider.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/kubernetes-aws-external-cloud-provider.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.26/defaults.d/54-kubernetes-seccomp-default-false.toml b/sources/settings-defaults/aws-k8s-1.26/defaults.d/54-kubernetes-seccomp-default-false.toml deleted file mode 120000 index b1132e002..000000000 --- a/sources/settings-defaults/aws-k8s-1.26/defaults.d/54-kubernetes-seccomp-default-false.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/kubernetes-seccomp-default-false.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.26/defaults.d/60-lockdown-integrity.toml b/sources/settings-defaults/aws-k8s-1.26/defaults.d/60-lockdown-integrity.toml deleted file mode 120000 index 8b4de873a..000000000 --- a/sources/settings-defaults/aws-k8s-1.26/defaults.d/60-lockdown-integrity.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/lockdown-integrity.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.26/defaults.d/70-oci-hooks.toml b/sources/settings-defaults/aws-k8s-1.26/defaults.d/70-oci-hooks.toml deleted file mode 120000 index e7b73c620..000000000 --- a/sources/settings-defaults/aws-k8s-1.26/defaults.d/70-oci-hooks.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/oci-hooks.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.26/defaults.d/75-oci-defaults-containerd-cri.toml b/sources/settings-defaults/aws-k8s-1.26/defaults.d/75-oci-defaults-containerd-cri.toml deleted file mode 120000 index 25204d67d..000000000 --- a/sources/settings-defaults/aws-k8s-1.26/defaults.d/75-oci-defaults-containerd-cri.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/oci-defaults-containerd-cri.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.26/defaults.d/76-oci-defaults-capabilities.toml b/sources/settings-defaults/aws-k8s-1.26/defaults.d/76-oci-defaults-capabilities.toml deleted file mode 120000 index 100c28740..000000000 --- a/sources/settings-defaults/aws-k8s-1.26/defaults.d/76-oci-defaults-capabilities.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/oci-defaults-capabilities.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.26/defaults.d/77-oci-defaults-containerd-cri-resource-limits.toml b/sources/settings-defaults/aws-k8s-1.26/defaults.d/77-oci-defaults-containerd-cri-resource-limits.toml deleted file mode 120000 index 7f0621357..000000000 --- a/sources/settings-defaults/aws-k8s-1.26/defaults.d/77-oci-defaults-containerd-cri-resource-limits.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/oci-defaults-containerd-cri-resource-limits.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.26/defaults.d/90-boot.toml b/sources/settings-defaults/aws-k8s-1.26/defaults.d/90-boot.toml deleted file mode 120000 index 777844745..000000000 --- a/sources/settings-defaults/aws-k8s-1.26/defaults.d/90-boot.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/boot.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.30-nvidia/Cargo.toml b/sources/settings-defaults/aws-k8s-1.30-nvidia/Cargo.toml deleted file mode 100644 index 9784cfabb..000000000 --- a/sources/settings-defaults/aws-k8s-1.30-nvidia/Cargo.toml +++ /dev/null @@ -1,15 +0,0 @@ -[package] -name = "settings-defaults-aws-k8s-1_30-nvidia" -version = "0.1.0" -edition = "2021" -license = "Apache-2.0 OR MIT" -publish = false -build = "../build-defaults.rs" - -[lib] -path = "../defaults-toml.rs" - -[build-dependencies.bottlerocket-defaults-helper] -git = "https://github.com/bottlerocket-os/bottlerocket-settings-sdk" -tag = "bottlerocket-defaults-helper-v0.1.0" -version = "0.1.0" diff --git a/sources/settings-defaults/aws-k8s-1.30-nvidia/defaults.d/10-defaults.toml b/sources/settings-defaults/aws-k8s-1.30-nvidia/defaults.d/10-defaults.toml deleted file mode 120000 index a202ba61a..000000000 --- a/sources/settings-defaults/aws-k8s-1.30-nvidia/defaults.d/10-defaults.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/defaults.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.30-nvidia/defaults.d/15-aws-tuf.toml b/sources/settings-defaults/aws-k8s-1.30-nvidia/defaults.d/15-aws-tuf.toml deleted file mode 120000 index afcef6a61..000000000 --- a/sources/settings-defaults/aws-k8s-1.30-nvidia/defaults.d/15-aws-tuf.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/aws-tuf.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.30-nvidia/defaults.d/20-aws-host-containers.toml b/sources/settings-defaults/aws-k8s-1.30-nvidia/defaults.d/20-aws-host-containers.toml deleted file mode 120000 index 4d404d663..000000000 --- a/sources/settings-defaults/aws-k8s-1.30-nvidia/defaults.d/20-aws-host-containers.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/aws-host-containers.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.30-nvidia/defaults.d/25-cf-signal.toml b/sources/settings-defaults/aws-k8s-1.30-nvidia/defaults.d/25-cf-signal.toml deleted file mode 120000 index a33d54165..000000000 --- a/sources/settings-defaults/aws-k8s-1.30-nvidia/defaults.d/25-cf-signal.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/cf-signal.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.30-nvidia/defaults.d/26-aws-autoscaling.toml b/sources/settings-defaults/aws-k8s-1.30-nvidia/defaults.d/26-aws-autoscaling.toml deleted file mode 120000 index b579c0182..000000000 --- a/sources/settings-defaults/aws-k8s-1.30-nvidia/defaults.d/26-aws-autoscaling.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/aws-autoscaling.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.30-nvidia/defaults.d/30-metrics.toml b/sources/settings-defaults/aws-k8s-1.30-nvidia/defaults.d/30-metrics.toml deleted file mode 120000 index 99f0b2b69..000000000 --- a/sources/settings-defaults/aws-k8s-1.30-nvidia/defaults.d/30-metrics.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/metrics.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.30-nvidia/defaults.d/31-send-metrics-aws.toml b/sources/settings-defaults/aws-k8s-1.30-nvidia/defaults.d/31-send-metrics-aws.toml deleted file mode 120000 index 2fefefea7..000000000 --- a/sources/settings-defaults/aws-k8s-1.30-nvidia/defaults.d/31-send-metrics-aws.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/send-metrics-aws.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.30-nvidia/defaults.d/40-aws-creds.toml b/sources/settings-defaults/aws-k8s-1.30-nvidia/defaults.d/40-aws-creds.toml deleted file mode 120000 index a6a17e88f..000000000 --- a/sources/settings-defaults/aws-k8s-1.30-nvidia/defaults.d/40-aws-creds.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/aws-creds.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.30-nvidia/defaults.d/50-kubernetes-aws.toml b/sources/settings-defaults/aws-k8s-1.30-nvidia/defaults.d/50-kubernetes-aws.toml deleted file mode 120000 index 7393a2dd3..000000000 --- a/sources/settings-defaults/aws-k8s-1.30-nvidia/defaults.d/50-kubernetes-aws.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/kubernetes-aws.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.30-nvidia/defaults.d/51-kubernetes-containerd-nvidia.toml b/sources/settings-defaults/aws-k8s-1.30-nvidia/defaults.d/51-kubernetes-containerd-nvidia.toml deleted file mode 120000 index e68ab5eaa..000000000 --- a/sources/settings-defaults/aws-k8s-1.30-nvidia/defaults.d/51-kubernetes-containerd-nvidia.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/kubernetes-containerd-nvidia.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.30-nvidia/defaults.d/52-kubernetes-services.toml b/sources/settings-defaults/aws-k8s-1.30-nvidia/defaults.d/52-kubernetes-services.toml deleted file mode 120000 index afab5a7f1..000000000 --- a/sources/settings-defaults/aws-k8s-1.30-nvidia/defaults.d/52-kubernetes-services.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/kubernetes-services.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.30-nvidia/defaults.d/53-containerd-cri-pki.toml b/sources/settings-defaults/aws-k8s-1.30-nvidia/defaults.d/53-containerd-cri-pki.toml deleted file mode 120000 index 2dbf7db78..000000000 --- a/sources/settings-defaults/aws-k8s-1.30-nvidia/defaults.d/53-containerd-cri-pki.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/containerd-cri-pki.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.30-nvidia/defaults.d/54-kubernetes-aws-external-cloud-provider.toml b/sources/settings-defaults/aws-k8s-1.30-nvidia/defaults.d/54-kubernetes-aws-external-cloud-provider.toml deleted file mode 120000 index cb2c4be2e..000000000 --- a/sources/settings-defaults/aws-k8s-1.30-nvidia/defaults.d/54-kubernetes-aws-external-cloud-provider.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/kubernetes-aws-external-cloud-provider.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.30-nvidia/defaults.d/55-kubernetes-aws-credential-provider.toml b/sources/settings-defaults/aws-k8s-1.30-nvidia/defaults.d/55-kubernetes-aws-credential-provider.toml deleted file mode 120000 index 43773cc11..000000000 --- a/sources/settings-defaults/aws-k8s-1.30-nvidia/defaults.d/55-kubernetes-aws-credential-provider.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/kubernetes-aws-credential-provider.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.30-nvidia/defaults.d/56-kubernetes-seccomp-default-false.toml b/sources/settings-defaults/aws-k8s-1.30-nvidia/defaults.d/56-kubernetes-seccomp-default-false.toml deleted file mode 120000 index b1132e002..000000000 --- a/sources/settings-defaults/aws-k8s-1.30-nvidia/defaults.d/56-kubernetes-seccomp-default-false.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/kubernetes-seccomp-default-false.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.30-nvidia/defaults.d/60-lockdown-none.toml b/sources/settings-defaults/aws-k8s-1.30-nvidia/defaults.d/60-lockdown-none.toml deleted file mode 120000 index cced54333..000000000 --- a/sources/settings-defaults/aws-k8s-1.30-nvidia/defaults.d/60-lockdown-none.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/lockdown-none.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.30-nvidia/defaults.d/70-oci-hooks.toml b/sources/settings-defaults/aws-k8s-1.30-nvidia/defaults.d/70-oci-hooks.toml deleted file mode 120000 index d91eec452..000000000 --- a/sources/settings-defaults/aws-k8s-1.30-nvidia/defaults.d/70-oci-hooks.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/nvidia-oci-hooks-containerd-cri.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.30-nvidia/defaults.d/75-oci-defaults-containerd-cri.toml b/sources/settings-defaults/aws-k8s-1.30-nvidia/defaults.d/75-oci-defaults-containerd-cri.toml deleted file mode 120000 index 25204d67d..000000000 --- a/sources/settings-defaults/aws-k8s-1.30-nvidia/defaults.d/75-oci-defaults-containerd-cri.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/oci-defaults-containerd-cri.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.30-nvidia/defaults.d/76-oci-defaults-capabilities.toml b/sources/settings-defaults/aws-k8s-1.30-nvidia/defaults.d/76-oci-defaults-capabilities.toml deleted file mode 120000 index 100c28740..000000000 --- a/sources/settings-defaults/aws-k8s-1.30-nvidia/defaults.d/76-oci-defaults-capabilities.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/oci-defaults-capabilities.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.30-nvidia/defaults.d/77-oci-defaults-containerd-cri-resource-limits.toml b/sources/settings-defaults/aws-k8s-1.30-nvidia/defaults.d/77-oci-defaults-containerd-cri-resource-limits.toml deleted file mode 120000 index 7f0621357..000000000 --- a/sources/settings-defaults/aws-k8s-1.30-nvidia/defaults.d/77-oci-defaults-containerd-cri-resource-limits.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/oci-defaults-containerd-cri-resource-limits.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.30-nvidia/defaults.d/90-boot.toml b/sources/settings-defaults/aws-k8s-1.30-nvidia/defaults.d/90-boot.toml deleted file mode 120000 index 777844745..000000000 --- a/sources/settings-defaults/aws-k8s-1.30-nvidia/defaults.d/90-boot.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/boot.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.30/Cargo.toml b/sources/settings-defaults/aws-k8s-1.30/Cargo.toml deleted file mode 100644 index 6605939c4..000000000 --- a/sources/settings-defaults/aws-k8s-1.30/Cargo.toml +++ /dev/null @@ -1,15 +0,0 @@ -[package] -name = "settings-defaults-aws-k8s-1_30" -version = "0.1.0" -edition = "2021" -license = "Apache-2.0 OR MIT" -publish = false -build = "../build-defaults.rs" - -[lib] -path = "../defaults-toml.rs" - -[build-dependencies.bottlerocket-defaults-helper] -git = "https://github.com/bottlerocket-os/bottlerocket-settings-sdk" -tag = "bottlerocket-defaults-helper-v0.1.0" -version = "0.1.0" diff --git a/sources/settings-defaults/aws-k8s-1.30/defaults.d/10-defaults.toml b/sources/settings-defaults/aws-k8s-1.30/defaults.d/10-defaults.toml deleted file mode 120000 index a202ba61a..000000000 --- a/sources/settings-defaults/aws-k8s-1.30/defaults.d/10-defaults.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/defaults.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.30/defaults.d/15-aws-tuf.toml b/sources/settings-defaults/aws-k8s-1.30/defaults.d/15-aws-tuf.toml deleted file mode 120000 index afcef6a61..000000000 --- a/sources/settings-defaults/aws-k8s-1.30/defaults.d/15-aws-tuf.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/aws-tuf.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.30/defaults.d/20-aws-host-containers.toml b/sources/settings-defaults/aws-k8s-1.30/defaults.d/20-aws-host-containers.toml deleted file mode 120000 index 4d404d663..000000000 --- a/sources/settings-defaults/aws-k8s-1.30/defaults.d/20-aws-host-containers.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/aws-host-containers.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.30/defaults.d/25-cf-signal.toml b/sources/settings-defaults/aws-k8s-1.30/defaults.d/25-cf-signal.toml deleted file mode 120000 index a33d54165..000000000 --- a/sources/settings-defaults/aws-k8s-1.30/defaults.d/25-cf-signal.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/cf-signal.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.30/defaults.d/26-aws-autoscaling.toml b/sources/settings-defaults/aws-k8s-1.30/defaults.d/26-aws-autoscaling.toml deleted file mode 120000 index b579c0182..000000000 --- a/sources/settings-defaults/aws-k8s-1.30/defaults.d/26-aws-autoscaling.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/aws-autoscaling.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.30/defaults.d/30-metrics.toml b/sources/settings-defaults/aws-k8s-1.30/defaults.d/30-metrics.toml deleted file mode 120000 index 99f0b2b69..000000000 --- a/sources/settings-defaults/aws-k8s-1.30/defaults.d/30-metrics.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/metrics.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.30/defaults.d/31-send-metrics-aws.toml b/sources/settings-defaults/aws-k8s-1.30/defaults.d/31-send-metrics-aws.toml deleted file mode 120000 index 2fefefea7..000000000 --- a/sources/settings-defaults/aws-k8s-1.30/defaults.d/31-send-metrics-aws.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/send-metrics-aws.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.30/defaults.d/40-aws-creds.toml b/sources/settings-defaults/aws-k8s-1.30/defaults.d/40-aws-creds.toml deleted file mode 120000 index a6a17e88f..000000000 --- a/sources/settings-defaults/aws-k8s-1.30/defaults.d/40-aws-creds.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/aws-creds.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.30/defaults.d/50-kubernetes-aws.toml b/sources/settings-defaults/aws-k8s-1.30/defaults.d/50-kubernetes-aws.toml deleted file mode 120000 index 7393a2dd3..000000000 --- a/sources/settings-defaults/aws-k8s-1.30/defaults.d/50-kubernetes-aws.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/kubernetes-aws.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.30/defaults.d/51-kubernetes-containerd.toml b/sources/settings-defaults/aws-k8s-1.30/defaults.d/51-kubernetes-containerd.toml deleted file mode 120000 index 08196a5ed..000000000 --- a/sources/settings-defaults/aws-k8s-1.30/defaults.d/51-kubernetes-containerd.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/kubernetes-containerd.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.30/defaults.d/52-kubernetes-services.toml b/sources/settings-defaults/aws-k8s-1.30/defaults.d/52-kubernetes-services.toml deleted file mode 120000 index afab5a7f1..000000000 --- a/sources/settings-defaults/aws-k8s-1.30/defaults.d/52-kubernetes-services.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/kubernetes-services.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.30/defaults.d/53-containerd-cri-pki.toml b/sources/settings-defaults/aws-k8s-1.30/defaults.d/53-containerd-cri-pki.toml deleted file mode 120000 index 2dbf7db78..000000000 --- a/sources/settings-defaults/aws-k8s-1.30/defaults.d/53-containerd-cri-pki.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/containerd-cri-pki.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.30/defaults.d/54-kubernetes-aws-external-cloud-provider.toml b/sources/settings-defaults/aws-k8s-1.30/defaults.d/54-kubernetes-aws-external-cloud-provider.toml deleted file mode 120000 index cb2c4be2e..000000000 --- a/sources/settings-defaults/aws-k8s-1.30/defaults.d/54-kubernetes-aws-external-cloud-provider.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/kubernetes-aws-external-cloud-provider.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.30/defaults.d/55-kubernetes-aws-credential-provider.toml b/sources/settings-defaults/aws-k8s-1.30/defaults.d/55-kubernetes-aws-credential-provider.toml deleted file mode 120000 index 43773cc11..000000000 --- a/sources/settings-defaults/aws-k8s-1.30/defaults.d/55-kubernetes-aws-credential-provider.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/kubernetes-aws-credential-provider.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.30/defaults.d/56-kubernetes-seccomp-default-false.toml b/sources/settings-defaults/aws-k8s-1.30/defaults.d/56-kubernetes-seccomp-default-false.toml deleted file mode 120000 index b1132e002..000000000 --- a/sources/settings-defaults/aws-k8s-1.30/defaults.d/56-kubernetes-seccomp-default-false.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/kubernetes-seccomp-default-false.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.30/defaults.d/60-lockdown-integrity.toml b/sources/settings-defaults/aws-k8s-1.30/defaults.d/60-lockdown-integrity.toml deleted file mode 120000 index 8b4de873a..000000000 --- a/sources/settings-defaults/aws-k8s-1.30/defaults.d/60-lockdown-integrity.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/lockdown-integrity.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.30/defaults.d/70-oci-hooks.toml b/sources/settings-defaults/aws-k8s-1.30/defaults.d/70-oci-hooks.toml deleted file mode 120000 index e7b73c620..000000000 --- a/sources/settings-defaults/aws-k8s-1.30/defaults.d/70-oci-hooks.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/oci-hooks.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.30/defaults.d/75-oci-defaults-containerd-cri.toml b/sources/settings-defaults/aws-k8s-1.30/defaults.d/75-oci-defaults-containerd-cri.toml deleted file mode 120000 index 25204d67d..000000000 --- a/sources/settings-defaults/aws-k8s-1.30/defaults.d/75-oci-defaults-containerd-cri.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/oci-defaults-containerd-cri.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.30/defaults.d/76-oci-defaults-capabilities.toml b/sources/settings-defaults/aws-k8s-1.30/defaults.d/76-oci-defaults-capabilities.toml deleted file mode 120000 index 100c28740..000000000 --- a/sources/settings-defaults/aws-k8s-1.30/defaults.d/76-oci-defaults-capabilities.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/oci-defaults-capabilities.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.30/defaults.d/77-oci-defaults-containerd-cri-resource-limits.toml b/sources/settings-defaults/aws-k8s-1.30/defaults.d/77-oci-defaults-containerd-cri-resource-limits.toml deleted file mode 120000 index 7f0621357..000000000 --- a/sources/settings-defaults/aws-k8s-1.30/defaults.d/77-oci-defaults-containerd-cri-resource-limits.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/oci-defaults-containerd-cri-resource-limits.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-k8s-1.30/defaults.d/90-boot.toml b/sources/settings-defaults/aws-k8s-1.30/defaults.d/90-boot.toml deleted file mode 120000 index 777844745..000000000 --- a/sources/settings-defaults/aws-k8s-1.30/defaults.d/90-boot.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/boot.toml \ No newline at end of file diff --git a/sources/settings-defaults/build-defaults.rs b/sources/settings-defaults/build-defaults.rs deleted file mode 100644 index 484c627c3..000000000 --- a/sources/settings-defaults/build-defaults.rs +++ /dev/null @@ -1,3 +0,0 @@ -fn main() { - bottlerocket_defaults_helper::generate_defaults_toml().unwrap(); -} diff --git a/sources/settings-defaults/defaults-toml.rs b/sources/settings-defaults/defaults-toml.rs deleted file mode 100644 index c3b70616e..000000000 --- a/sources/settings-defaults/defaults-toml.rs +++ /dev/null @@ -1 +0,0 @@ -// This "crate" only generates a defaults.toml as a side effect of the build. diff --git a/sources/settings-defaults/metal-dev/Cargo.toml b/sources/settings-defaults/metal-dev/Cargo.toml deleted file mode 100644 index 0cd73a188..000000000 --- a/sources/settings-defaults/metal-dev/Cargo.toml +++ /dev/null @@ -1,15 +0,0 @@ -[package] -name = "settings-defaults-metal-dev" -version = "0.1.0" -edition = "2021" -license = "Apache-2.0 OR MIT" -publish = false -build = "../build-defaults.rs" - -[lib] -path = "../defaults-toml.rs" - -[build-dependencies.bottlerocket-defaults-helper] -git = "https://github.com/bottlerocket-os/bottlerocket-settings-sdk" -tag = "bottlerocket-defaults-helper-v0.1.0" -version = "0.1.0" diff --git a/sources/settings-defaults/metal-dev/defaults.d/10-defaults.toml b/sources/settings-defaults/metal-dev/defaults.d/10-defaults.toml deleted file mode 120000 index a202ba61a..000000000 --- a/sources/settings-defaults/metal-dev/defaults.d/10-defaults.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/defaults.toml \ No newline at end of file diff --git a/sources/settings-defaults/metal-dev/defaults.d/15-public-tuf.toml b/sources/settings-defaults/metal-dev/defaults.d/15-public-tuf.toml deleted file mode 120000 index 561a74dfd..000000000 --- a/sources/settings-defaults/metal-dev/defaults.d/15-public-tuf.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/public-tuf.toml \ No newline at end of file diff --git a/sources/settings-defaults/metal-dev/defaults.d/30-metrics.toml b/sources/settings-defaults/metal-dev/defaults.d/30-metrics.toml deleted file mode 120000 index 99f0b2b69..000000000 --- a/sources/settings-defaults/metal-dev/defaults.d/30-metrics.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/metrics.toml \ No newline at end of file diff --git a/sources/settings-defaults/metal-dev/defaults.d/31-send-metrics.toml b/sources/settings-defaults/metal-dev/defaults.d/31-send-metrics.toml deleted file mode 120000 index d01b193f1..000000000 --- a/sources/settings-defaults/metal-dev/defaults.d/31-send-metrics.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/send-metrics-global.toml \ No newline at end of file diff --git a/sources/settings-defaults/metal-dev/defaults.d/50-metal-dev.toml b/sources/settings-defaults/metal-dev/defaults.d/50-metal-dev.toml deleted file mode 100644 index 108db4a8a..000000000 --- a/sources/settings-defaults/metal-dev/defaults.d/50-metal-dev.toml +++ /dev/null @@ -1,8 +0,0 @@ -# Metrics -[settings.metrics] -send-metrics = false -service-checks = ["apiserver", "chronyd", "containerd", "host-containerd", "docker"] - -# Network -[metadata.settings.network] -affected-services = ["containerd", "docker", "host-containerd", "host-containers", "updog"] diff --git a/sources/settings-defaults/metal-dev/defaults.d/51-docker-services.toml b/sources/settings-defaults/metal-dev/defaults.d/51-docker-services.toml deleted file mode 120000 index a8512f259..000000000 --- a/sources/settings-defaults/metal-dev/defaults.d/51-docker-services.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/docker-services.toml \ No newline at end of file diff --git a/sources/settings-defaults/metal-dev/defaults.d/52-docker-pki.toml b/sources/settings-defaults/metal-dev/defaults.d/52-docker-pki.toml deleted file mode 120000 index 203cd2a9a..000000000 --- a/sources/settings-defaults/metal-dev/defaults.d/52-docker-pki.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/docker-pki.toml \ No newline at end of file diff --git a/sources/settings-defaults/metal-dev/defaults.d/60-lockdown-none.toml b/sources/settings-defaults/metal-dev/defaults.d/60-lockdown-none.toml deleted file mode 120000 index cced54333..000000000 --- a/sources/settings-defaults/metal-dev/defaults.d/60-lockdown-none.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/lockdown-none.toml \ No newline at end of file diff --git a/sources/settings-defaults/metal-dev/defaults.d/70-public-ntp.toml b/sources/settings-defaults/metal-dev/defaults.d/70-public-ntp.toml deleted file mode 120000 index eb5f4bcd0..000000000 --- a/sources/settings-defaults/metal-dev/defaults.d/70-public-ntp.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/public-ntp.toml \ No newline at end of file diff --git a/sources/settings-defaults/metal-dev/defaults.d/80-oci-hooks.toml b/sources/settings-defaults/metal-dev/defaults.d/80-oci-hooks.toml deleted file mode 120000 index e7b73c620..000000000 --- a/sources/settings-defaults/metal-dev/defaults.d/80-oci-hooks.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/oci-hooks.toml \ No newline at end of file diff --git a/sources/settings-defaults/metal-dev/defaults.d/90-boot.toml b/sources/settings-defaults/metal-dev/defaults.d/90-boot.toml deleted file mode 120000 index 777844745..000000000 --- a/sources/settings-defaults/metal-dev/defaults.d/90-boot.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/boot.toml \ No newline at end of file diff --git a/sources/settings-defaults/metal-k8s-1.30/Cargo.toml b/sources/settings-defaults/metal-k8s-1.30/Cargo.toml deleted file mode 100644 index 0b481fa2b..000000000 --- a/sources/settings-defaults/metal-k8s-1.30/Cargo.toml +++ /dev/null @@ -1,15 +0,0 @@ -[package] -name = "settings-defaults-metal-k8s-1_30" -version = "0.1.0" -edition = "2021" -license = "Apache-2.0 OR MIT" -publish = false -build = "../build-defaults.rs" - -[lib] -path = "../defaults-toml.rs" - -[build-dependencies.bottlerocket-defaults-helper] -git = "https://github.com/bottlerocket-os/bottlerocket-settings-sdk" -tag = "bottlerocket-defaults-helper-v0.1.0" -version = "0.1.0" diff --git a/sources/settings-defaults/metal-k8s-1.30/defaults.d/10-defaults.toml b/sources/settings-defaults/metal-k8s-1.30/defaults.d/10-defaults.toml deleted file mode 120000 index a202ba61a..000000000 --- a/sources/settings-defaults/metal-k8s-1.30/defaults.d/10-defaults.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/defaults.toml \ No newline at end of file diff --git a/sources/settings-defaults/metal-k8s-1.30/defaults.d/15-public-tuf.toml b/sources/settings-defaults/metal-k8s-1.30/defaults.d/15-public-tuf.toml deleted file mode 120000 index 561a74dfd..000000000 --- a/sources/settings-defaults/metal-k8s-1.30/defaults.d/15-public-tuf.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/public-tuf.toml \ No newline at end of file diff --git a/sources/settings-defaults/metal-k8s-1.30/defaults.d/20-public-host-containers.toml b/sources/settings-defaults/metal-k8s-1.30/defaults.d/20-public-host-containers.toml deleted file mode 120000 index 6119af1cf..000000000 --- a/sources/settings-defaults/metal-k8s-1.30/defaults.d/20-public-host-containers.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/public-host-containers.toml \ No newline at end of file diff --git a/sources/settings-defaults/metal-k8s-1.30/defaults.d/30-metrics.toml b/sources/settings-defaults/metal-k8s-1.30/defaults.d/30-metrics.toml deleted file mode 120000 index 99f0b2b69..000000000 --- a/sources/settings-defaults/metal-k8s-1.30/defaults.d/30-metrics.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/metrics.toml \ No newline at end of file diff --git a/sources/settings-defaults/metal-k8s-1.30/defaults.d/31-send-metrics.toml b/sources/settings-defaults/metal-k8s-1.30/defaults.d/31-send-metrics.toml deleted file mode 120000 index d01b193f1..000000000 --- a/sources/settings-defaults/metal-k8s-1.30/defaults.d/31-send-metrics.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/send-metrics-global.toml \ No newline at end of file diff --git a/sources/settings-defaults/metal-k8s-1.30/defaults.d/40-aws-creds.toml b/sources/settings-defaults/metal-k8s-1.30/defaults.d/40-aws-creds.toml deleted file mode 120000 index a6a17e88f..000000000 --- a/sources/settings-defaults/metal-k8s-1.30/defaults.d/40-aws-creds.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/aws-creds.toml \ No newline at end of file diff --git a/sources/settings-defaults/metal-k8s-1.30/defaults.d/50-kubernetes-metal.toml b/sources/settings-defaults/metal-k8s-1.30/defaults.d/50-kubernetes-metal.toml deleted file mode 120000 index 3103e5cc9..000000000 --- a/sources/settings-defaults/metal-k8s-1.30/defaults.d/50-kubernetes-metal.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/kubernetes-metal.toml \ No newline at end of file diff --git a/sources/settings-defaults/metal-k8s-1.30/defaults.d/51-kubernetes-containerd.toml b/sources/settings-defaults/metal-k8s-1.30/defaults.d/51-kubernetes-containerd.toml deleted file mode 120000 index 08196a5ed..000000000 --- a/sources/settings-defaults/metal-k8s-1.30/defaults.d/51-kubernetes-containerd.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/kubernetes-containerd.toml \ No newline at end of file diff --git a/sources/settings-defaults/metal-k8s-1.30/defaults.d/52-kubernetes-services.toml b/sources/settings-defaults/metal-k8s-1.30/defaults.d/52-kubernetes-services.toml deleted file mode 120000 index afab5a7f1..000000000 --- a/sources/settings-defaults/metal-k8s-1.30/defaults.d/52-kubernetes-services.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/kubernetes-services.toml \ No newline at end of file diff --git a/sources/settings-defaults/metal-k8s-1.30/defaults.d/53-containerd-cri-pki.toml b/sources/settings-defaults/metal-k8s-1.30/defaults.d/53-containerd-cri-pki.toml deleted file mode 120000 index 2dbf7db78..000000000 --- a/sources/settings-defaults/metal-k8s-1.30/defaults.d/53-containerd-cri-pki.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/containerd-cri-pki.toml \ No newline at end of file diff --git a/sources/settings-defaults/metal-k8s-1.30/defaults.d/54-kubernetes-seccomp-default-false.toml b/sources/settings-defaults/metal-k8s-1.30/defaults.d/54-kubernetes-seccomp-default-false.toml deleted file mode 120000 index b1132e002..000000000 --- a/sources/settings-defaults/metal-k8s-1.30/defaults.d/54-kubernetes-seccomp-default-false.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/kubernetes-seccomp-default-false.toml \ No newline at end of file diff --git a/sources/settings-defaults/metal-k8s-1.30/defaults.d/60-lockdown-integrity.toml b/sources/settings-defaults/metal-k8s-1.30/defaults.d/60-lockdown-integrity.toml deleted file mode 120000 index 8b4de873a..000000000 --- a/sources/settings-defaults/metal-k8s-1.30/defaults.d/60-lockdown-integrity.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/lockdown-integrity.toml \ No newline at end of file diff --git a/sources/settings-defaults/metal-k8s-1.30/defaults.d/70-public-ntp.toml b/sources/settings-defaults/metal-k8s-1.30/defaults.d/70-public-ntp.toml deleted file mode 120000 index eb5f4bcd0..000000000 --- a/sources/settings-defaults/metal-k8s-1.30/defaults.d/70-public-ntp.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/public-ntp.toml \ No newline at end of file diff --git a/sources/settings-defaults/metal-k8s-1.30/defaults.d/80-oci-hooks.toml b/sources/settings-defaults/metal-k8s-1.30/defaults.d/80-oci-hooks.toml deleted file mode 120000 index e7b73c620..000000000 --- a/sources/settings-defaults/metal-k8s-1.30/defaults.d/80-oci-hooks.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/oci-hooks.toml \ No newline at end of file diff --git a/sources/settings-defaults/metal-k8s-1.30/defaults.d/85-oci-defaults-containerd-cri.toml b/sources/settings-defaults/metal-k8s-1.30/defaults.d/85-oci-defaults-containerd-cri.toml deleted file mode 120000 index 25204d67d..000000000 --- a/sources/settings-defaults/metal-k8s-1.30/defaults.d/85-oci-defaults-containerd-cri.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/oci-defaults-containerd-cri.toml \ No newline at end of file diff --git a/sources/settings-defaults/metal-k8s-1.30/defaults.d/86-oci-defaults-capabilities.toml b/sources/settings-defaults/metal-k8s-1.30/defaults.d/86-oci-defaults-capabilities.toml deleted file mode 120000 index 100c28740..000000000 --- a/sources/settings-defaults/metal-k8s-1.30/defaults.d/86-oci-defaults-capabilities.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/oci-defaults-capabilities.toml \ No newline at end of file diff --git a/sources/settings-defaults/metal-k8s-1.30/defaults.d/87-oci-defaults-containerd-cri-resource-limits.toml b/sources/settings-defaults/metal-k8s-1.30/defaults.d/87-oci-defaults-containerd-cri-resource-limits.toml deleted file mode 120000 index 7f0621357..000000000 --- a/sources/settings-defaults/metal-k8s-1.30/defaults.d/87-oci-defaults-containerd-cri-resource-limits.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/oci-defaults-containerd-cri-resource-limits.toml \ No newline at end of file diff --git a/sources/settings-defaults/metal-k8s-1.30/defaults.d/90-boot.toml b/sources/settings-defaults/metal-k8s-1.30/defaults.d/90-boot.toml deleted file mode 120000 index 777844745..000000000 --- a/sources/settings-defaults/metal-k8s-1.30/defaults.d/90-boot.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/boot.toml \ No newline at end of file diff --git a/sources/settings-defaults/vmware-dev/Cargo.toml b/sources/settings-defaults/vmware-dev/Cargo.toml deleted file mode 100644 index 82f8b30ad..000000000 --- a/sources/settings-defaults/vmware-dev/Cargo.toml +++ /dev/null @@ -1,15 +0,0 @@ -[package] -name = "settings-defaults-vmware-dev" -version = "0.1.0" -edition = "2021" -license = "Apache-2.0 OR MIT" -publish = false -build = "../build-defaults.rs" - -[lib] -path = "../defaults-toml.rs" - -[build-dependencies.bottlerocket-defaults-helper] -git = "https://github.com/bottlerocket-os/bottlerocket-settings-sdk" -tag = "bottlerocket-defaults-helper-v0.1.0" -version = "0.1.0" diff --git a/sources/settings-defaults/vmware-dev/defaults.d/10-defaults.toml b/sources/settings-defaults/vmware-dev/defaults.d/10-defaults.toml deleted file mode 120000 index a202ba61a..000000000 --- a/sources/settings-defaults/vmware-dev/defaults.d/10-defaults.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/defaults.toml \ No newline at end of file diff --git a/sources/settings-defaults/vmware-dev/defaults.d/15-public-tuf.toml b/sources/settings-defaults/vmware-dev/defaults.d/15-public-tuf.toml deleted file mode 120000 index 561a74dfd..000000000 --- a/sources/settings-defaults/vmware-dev/defaults.d/15-public-tuf.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/public-tuf.toml \ No newline at end of file diff --git a/sources/settings-defaults/vmware-dev/defaults.d/30-metrics.toml b/sources/settings-defaults/vmware-dev/defaults.d/30-metrics.toml deleted file mode 120000 index 99f0b2b69..000000000 --- a/sources/settings-defaults/vmware-dev/defaults.d/30-metrics.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/metrics.toml \ No newline at end of file diff --git a/sources/settings-defaults/vmware-dev/defaults.d/31-send-metrics.toml b/sources/settings-defaults/vmware-dev/defaults.d/31-send-metrics.toml deleted file mode 120000 index d01b193f1..000000000 --- a/sources/settings-defaults/vmware-dev/defaults.d/31-send-metrics.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/send-metrics-global.toml \ No newline at end of file diff --git a/sources/settings-defaults/vmware-dev/defaults.d/50-vmware-dev.toml b/sources/settings-defaults/vmware-dev/defaults.d/50-vmware-dev.toml deleted file mode 100644 index b2d2ce92f..000000000 --- a/sources/settings-defaults/vmware-dev/defaults.d/50-vmware-dev.toml +++ /dev/null @@ -1,8 +0,0 @@ -# Metrics -[settings.metrics] -send-metrics = false -service-checks = ["apiserver", "chronyd", "containerd", "host-containerd", "docker", "vmtoolsd"] - -# Network -[metadata.settings.network] -affected-services = ["containerd", "docker", "host-containerd", "host-containers", "updog"] diff --git a/sources/settings-defaults/vmware-dev/defaults.d/51-docker-services.toml b/sources/settings-defaults/vmware-dev/defaults.d/51-docker-services.toml deleted file mode 120000 index a8512f259..000000000 --- a/sources/settings-defaults/vmware-dev/defaults.d/51-docker-services.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/docker-services.toml \ No newline at end of file diff --git a/sources/settings-defaults/vmware-dev/defaults.d/52-docker-pki.toml b/sources/settings-defaults/vmware-dev/defaults.d/52-docker-pki.toml deleted file mode 120000 index 203cd2a9a..000000000 --- a/sources/settings-defaults/vmware-dev/defaults.d/52-docker-pki.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/docker-pki.toml \ No newline at end of file diff --git a/sources/settings-defaults/vmware-dev/defaults.d/60-lockdown-none.toml b/sources/settings-defaults/vmware-dev/defaults.d/60-lockdown-none.toml deleted file mode 120000 index cced54333..000000000 --- a/sources/settings-defaults/vmware-dev/defaults.d/60-lockdown-none.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/lockdown-none.toml \ No newline at end of file diff --git a/sources/settings-defaults/vmware-dev/defaults.d/70-oci-hooks.toml b/sources/settings-defaults/vmware-dev/defaults.d/70-oci-hooks.toml deleted file mode 120000 index e7b73c620..000000000 --- a/sources/settings-defaults/vmware-dev/defaults.d/70-oci-hooks.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/oci-hooks.toml \ No newline at end of file diff --git a/sources/settings-defaults/vmware-dev/defaults.d/70-public-ntp.toml b/sources/settings-defaults/vmware-dev/defaults.d/70-public-ntp.toml deleted file mode 120000 index eb5f4bcd0..000000000 --- a/sources/settings-defaults/vmware-dev/defaults.d/70-public-ntp.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/public-ntp.toml \ No newline at end of file diff --git a/sources/settings-defaults/vmware-dev/defaults.d/90-boot.toml b/sources/settings-defaults/vmware-dev/defaults.d/90-boot.toml deleted file mode 120000 index 777844745..000000000 --- a/sources/settings-defaults/vmware-dev/defaults.d/90-boot.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/boot.toml \ No newline at end of file diff --git a/sources/settings-defaults/vmware-k8s-1.30/Cargo.toml b/sources/settings-defaults/vmware-k8s-1.30/Cargo.toml deleted file mode 100644 index da063aa50..000000000 --- a/sources/settings-defaults/vmware-k8s-1.30/Cargo.toml +++ /dev/null @@ -1,15 +0,0 @@ -[package] -name = "settings-defaults-vmware-k8s-1_30" -version = "0.1.0" -edition = "2021" -license = "Apache-2.0 OR MIT" -publish = false -build = "../build-defaults.rs" - -[lib] -path = "../defaults-toml.rs" - -[build-dependencies.bottlerocket-defaults-helper] -git = "https://github.com/bottlerocket-os/bottlerocket-settings-sdk" -tag = "bottlerocket-defaults-helper-v0.1.0" -version = "0.1.0" diff --git a/sources/settings-defaults/vmware-k8s-1.30/defaults.d/10-defaults.toml b/sources/settings-defaults/vmware-k8s-1.30/defaults.d/10-defaults.toml deleted file mode 120000 index a202ba61a..000000000 --- a/sources/settings-defaults/vmware-k8s-1.30/defaults.d/10-defaults.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/defaults.toml \ No newline at end of file diff --git a/sources/settings-defaults/vmware-k8s-1.30/defaults.d/15-public-tuf.toml b/sources/settings-defaults/vmware-k8s-1.30/defaults.d/15-public-tuf.toml deleted file mode 120000 index 561a74dfd..000000000 --- a/sources/settings-defaults/vmware-k8s-1.30/defaults.d/15-public-tuf.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/public-tuf.toml \ No newline at end of file diff --git a/sources/settings-defaults/vmware-k8s-1.30/defaults.d/20-public-host-containers.toml b/sources/settings-defaults/vmware-k8s-1.30/defaults.d/20-public-host-containers.toml deleted file mode 120000 index 6119af1cf..000000000 --- a/sources/settings-defaults/vmware-k8s-1.30/defaults.d/20-public-host-containers.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/public-host-containers.toml \ No newline at end of file diff --git a/sources/settings-defaults/vmware-k8s-1.30/defaults.d/30-metrics.toml b/sources/settings-defaults/vmware-k8s-1.30/defaults.d/30-metrics.toml deleted file mode 120000 index 99f0b2b69..000000000 --- a/sources/settings-defaults/vmware-k8s-1.30/defaults.d/30-metrics.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/metrics.toml \ No newline at end of file diff --git a/sources/settings-defaults/vmware-k8s-1.30/defaults.d/31-send-metrics.toml b/sources/settings-defaults/vmware-k8s-1.30/defaults.d/31-send-metrics.toml deleted file mode 120000 index d01b193f1..000000000 --- a/sources/settings-defaults/vmware-k8s-1.30/defaults.d/31-send-metrics.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/send-metrics-global.toml \ No newline at end of file diff --git a/sources/settings-defaults/vmware-k8s-1.30/defaults.d/40-aws-creds.toml b/sources/settings-defaults/vmware-k8s-1.30/defaults.d/40-aws-creds.toml deleted file mode 120000 index a6a17e88f..000000000 --- a/sources/settings-defaults/vmware-k8s-1.30/defaults.d/40-aws-creds.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/aws-creds.toml \ No newline at end of file diff --git a/sources/settings-defaults/vmware-k8s-1.30/defaults.d/50-kubernetes-vmware.toml b/sources/settings-defaults/vmware-k8s-1.30/defaults.d/50-kubernetes-vmware.toml deleted file mode 120000 index f67755f3b..000000000 --- a/sources/settings-defaults/vmware-k8s-1.30/defaults.d/50-kubernetes-vmware.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/kubernetes-vmware.toml \ No newline at end of file diff --git a/sources/settings-defaults/vmware-k8s-1.30/defaults.d/51-kubernetes-containerd.toml b/sources/settings-defaults/vmware-k8s-1.30/defaults.d/51-kubernetes-containerd.toml deleted file mode 120000 index 08196a5ed..000000000 --- a/sources/settings-defaults/vmware-k8s-1.30/defaults.d/51-kubernetes-containerd.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/kubernetes-containerd.toml \ No newline at end of file diff --git a/sources/settings-defaults/vmware-k8s-1.30/defaults.d/52-kubernetes-services.toml b/sources/settings-defaults/vmware-k8s-1.30/defaults.d/52-kubernetes-services.toml deleted file mode 120000 index afab5a7f1..000000000 --- a/sources/settings-defaults/vmware-k8s-1.30/defaults.d/52-kubernetes-services.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/kubernetes-services.toml \ No newline at end of file diff --git a/sources/settings-defaults/vmware-k8s-1.30/defaults.d/53-containerd-cri-pki.toml b/sources/settings-defaults/vmware-k8s-1.30/defaults.d/53-containerd-cri-pki.toml deleted file mode 120000 index 2dbf7db78..000000000 --- a/sources/settings-defaults/vmware-k8s-1.30/defaults.d/53-containerd-cri-pki.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/containerd-cri-pki.toml \ No newline at end of file diff --git a/sources/settings-defaults/vmware-k8s-1.30/defaults.d/54-kubernetes-seccomp-default-false.toml b/sources/settings-defaults/vmware-k8s-1.30/defaults.d/54-kubernetes-seccomp-default-false.toml deleted file mode 120000 index b1132e002..000000000 --- a/sources/settings-defaults/vmware-k8s-1.30/defaults.d/54-kubernetes-seccomp-default-false.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/kubernetes-seccomp-default-false.toml \ No newline at end of file diff --git a/sources/settings-defaults/vmware-k8s-1.30/defaults.d/60-lockdown-integrity.toml b/sources/settings-defaults/vmware-k8s-1.30/defaults.d/60-lockdown-integrity.toml deleted file mode 120000 index 8b4de873a..000000000 --- a/sources/settings-defaults/vmware-k8s-1.30/defaults.d/60-lockdown-integrity.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/lockdown-integrity.toml \ No newline at end of file diff --git a/sources/settings-defaults/vmware-k8s-1.30/defaults.d/70-public-ntp.toml b/sources/settings-defaults/vmware-k8s-1.30/defaults.d/70-public-ntp.toml deleted file mode 120000 index eb5f4bcd0..000000000 --- a/sources/settings-defaults/vmware-k8s-1.30/defaults.d/70-public-ntp.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/public-ntp.toml \ No newline at end of file diff --git a/sources/settings-defaults/vmware-k8s-1.30/defaults.d/75-oci-defaults-containerd-cri.toml b/sources/settings-defaults/vmware-k8s-1.30/defaults.d/75-oci-defaults-containerd-cri.toml deleted file mode 120000 index 25204d67d..000000000 --- a/sources/settings-defaults/vmware-k8s-1.30/defaults.d/75-oci-defaults-containerd-cri.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/oci-defaults-containerd-cri.toml \ No newline at end of file diff --git a/sources/settings-defaults/vmware-k8s-1.30/defaults.d/76-oci-defaults-capabilities.toml b/sources/settings-defaults/vmware-k8s-1.30/defaults.d/76-oci-defaults-capabilities.toml deleted file mode 120000 index 100c28740..000000000 --- a/sources/settings-defaults/vmware-k8s-1.30/defaults.d/76-oci-defaults-capabilities.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/oci-defaults-capabilities.toml \ No newline at end of file diff --git a/sources/settings-defaults/vmware-k8s-1.30/defaults.d/77-oci-defaults-containerd-cri-resource-limits.toml b/sources/settings-defaults/vmware-k8s-1.30/defaults.d/77-oci-defaults-containerd-cri-resource-limits.toml deleted file mode 120000 index 7f0621357..000000000 --- a/sources/settings-defaults/vmware-k8s-1.30/defaults.d/77-oci-defaults-containerd-cri-resource-limits.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/oci-defaults-containerd-cri-resource-limits.toml \ No newline at end of file diff --git a/sources/settings-defaults/vmware-k8s-1.30/defaults.d/80-oci-hooks.toml b/sources/settings-defaults/vmware-k8s-1.30/defaults.d/80-oci-hooks.toml deleted file mode 120000 index e7b73c620..000000000 --- a/sources/settings-defaults/vmware-k8s-1.30/defaults.d/80-oci-hooks.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/oci-hooks.toml \ No newline at end of file diff --git a/sources/settings-defaults/vmware-k8s-1.30/defaults.d/90-boot.toml b/sources/settings-defaults/vmware-k8s-1.30/defaults.d/90-boot.toml deleted file mode 120000 index 777844745..000000000 --- a/sources/settings-defaults/vmware-k8s-1.30/defaults.d/90-boot.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/boot.toml \ No newline at end of file diff --git a/sources/settings-extensions/autoscaling/Cargo.toml b/sources/settings-extensions/autoscaling/Cargo.toml deleted file mode 100644 index 242d04879..000000000 --- a/sources/settings-extensions/autoscaling/Cargo.toml +++ /dev/null @@ -1,19 +0,0 @@ -[package] -name = "settings-extension-autoscaling" -version = "0.1.0" -authors = ["Gaurav Sharma "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false - -[dependencies] -env_logger = "0.10" -modeled-types = { path = "../../models/modeled-types", version = "0.1" } -model-derive = { path = "../../models/model-derive", version = "0.1" } -serde = { version = "1", features = ["derive"] } -serde_json = "1" - -[dependencies.bottlerocket-settings-sdk] -git = "https://github.com/bottlerocket-os/bottlerocket-settings-sdk" -tag = "bottlerocket-settings-sdk-v0.1.0" -version = "0.1.0" diff --git a/sources/settings-extensions/autoscaling/autoscaling.toml b/sources/settings-extensions/autoscaling/autoscaling.toml deleted file mode 100644 index 727dfb274..000000000 --- a/sources/settings-extensions/autoscaling/autoscaling.toml +++ /dev/null @@ -1,13 +0,0 @@ -[extension] -supported-versions = [ - "v1" -] -default-version = "v1" - -[v1] -[v1.validation.cross-validates] - -[v1.templating] -helpers = [] - -[v1.generation.requires] diff --git a/sources/settings-extensions/autoscaling/src/lib.rs b/sources/settings-extensions/autoscaling/src/lib.rs deleted file mode 100644 index e1f8c390c..000000000 --- a/sources/settings-extensions/autoscaling/src/lib.rs +++ /dev/null @@ -1,68 +0,0 @@ -/// Settings related to auto scaling groups. -use bottlerocket_settings_sdk::{GenerateResult, SettingsModel}; -use model_derive::model; -use std::convert::Infallible; - -#[model(impl_default = true)] -pub struct AutoScalingSettingsV1 { - should_wait: bool, -} - -type Result = std::result::Result; - -impl SettingsModel for AutoScalingSettingsV1 { - type PartialKind = Self; - type ErrorKind = Infallible; - - fn get_version() -> &'static str { - "v1" - } - - fn set(_current_value: Option, _target: Self) -> Result<()> { - // Set anything that can be parsed as AutoScalingSettingsV1. - Ok(()) - } - - fn generate( - existing_partial: Option, - _dependent_settings: Option, - ) -> Result> { - Ok(GenerateResult::Complete( - existing_partial.unwrap_or_default(), - )) - } - - fn validate(_value: Self, _validated_settings: Option) -> Result<()> { - // AutoScalingSettingsV1 is validated during deserialization. - Ok(()) - } -} - -#[cfg(test)] -mod test { - use super::*; - - #[test] - fn test_generate_autoscaling() { - assert_eq!( - AutoScalingSettingsV1::generate(None, None).unwrap(), - GenerateResult::Complete(AutoScalingSettingsV1 { should_wait: None }) - ) - } - - #[test] - fn test_serde_autoscaling() { - let test_json = r#"{"should-wait":true}"#; - - let autoscaling: AutoScalingSettingsV1 = serde_json::from_str(test_json).unwrap(); - assert_eq!( - autoscaling, - AutoScalingSettingsV1 { - should_wait: Some(true), - } - ); - - let results = serde_json::to_string(&autoscaling).unwrap(); - assert_eq!(results, test_json); - } -} diff --git a/sources/settings-extensions/autoscaling/src/main.rs b/sources/settings-extensions/autoscaling/src/main.rs deleted file mode 100644 index 9c11c03a4..000000000 --- a/sources/settings-extensions/autoscaling/src/main.rs +++ /dev/null @@ -1,18 +0,0 @@ -use bottlerocket_settings_sdk::{BottlerocketSetting, NullMigratorExtensionBuilder}; -use settings_extension_autoscaling::AutoScalingSettingsV1; -use std::process::ExitCode; - -fn main() -> ExitCode { - env_logger::init(); - - match NullMigratorExtensionBuilder::with_name("autoscaling") - .with_models(vec![BottlerocketSetting::::model()]) - .build() - { - Ok(extension) => extension.run(), - Err(e) => { - println!("{}", e); - ExitCode::FAILURE - } - } -} diff --git a/sources/settings-extensions/aws/Cargo.toml b/sources/settings-extensions/aws/Cargo.toml deleted file mode 100644 index 4f08a8000..000000000 --- a/sources/settings-extensions/aws/Cargo.toml +++ /dev/null @@ -1,19 +0,0 @@ -[package] -name = "settings-extension-aws" -version = "0.1.0" -authors = ["Sam Berning "] -edition = "2021" -license = "Apache-2.0 OR MIT" -publish = false - -[dependencies] -env_logger = "0.10" -modeled-types = { path = "../../models/modeled-types", version = "0.1" } -model-derive = { path = "../../models/model-derive", version = "0.1" } -serde = { version = "1", features = ["derive"] } -serde_json = "1" - -[dependencies.bottlerocket-settings-sdk] -git = "https://github.com/bottlerocket-os/bottlerocket-settings-sdk" -tag = "bottlerocket-settings-sdk-v0.1.0" -version = "0.1.0" diff --git a/sources/settings-extensions/aws/aws.toml b/sources/settings-extensions/aws/aws.toml deleted file mode 100644 index 727dfb274..000000000 --- a/sources/settings-extensions/aws/aws.toml +++ /dev/null @@ -1,13 +0,0 @@ -[extension] -supported-versions = [ - "v1" -] -default-version = "v1" - -[v1] -[v1.validation.cross-validates] - -[v1.templating] -helpers = [] - -[v1.generation.requires] diff --git a/sources/settings-extensions/aws/src/lib.rs b/sources/settings-extensions/aws/src/lib.rs deleted file mode 100644 index 08de279ea..000000000 --- a/sources/settings-extensions/aws/src/lib.rs +++ /dev/null @@ -1,84 +0,0 @@ -/// The aws settings can be used to configure settings related to AWS -use bottlerocket_settings_sdk::{GenerateResult, SettingsModel}; -use model_derive::model; -use modeled_types::{SingleLineString, ValidBase64}; -use std::convert::Infallible; - -// Platform-specific settings -#[model(impl_default = true)] -pub struct AwsSettingsV1 { - region: SingleLineString, - config: ValidBase64, - credentials: ValidBase64, - profile: SingleLineString, -} - -type Result = std::result::Result; - -impl SettingsModel for AwsSettingsV1 { - type PartialKind = Self; - type ErrorKind = Infallible; - - fn get_version() -> &'static str { - "v1" - } - - fn set(_current_value: Option, _target: Self) -> Result<()> { - // allow anything that parses as AwsSettingsV1 - Ok(()) - } - - fn generate( - existing_partial: Option, - _dependent_settings: Option, - ) -> Result> { - Ok(GenerateResult::Complete( - existing_partial.unwrap_or_default(), - )) - } - - fn validate(_value: Self, _validated_settings: Option) -> Result<()> { - Ok(()) - } -} - -#[cfg(test)] -mod test { - use super::*; - - #[test] - fn test_generate_aws() { - let generated = AwsSettingsV1::generate(None, None).unwrap(); - assert_eq!( - generated, - GenerateResult::Complete(AwsSettingsV1 { - region: None, - config: None, - credentials: None, - profile: None, - }) - ) - } - - #[test] - fn test_serde_aws() { - let test_json = r#"{ - "region": "us-east-1", - "config": "Zm9vCg==", - "credentials": "Zm9vCg==", - "profile": "foo" - }"#; - - let aws: AwsSettingsV1 = serde_json::from_str(test_json).unwrap(); - - assert_eq!( - aws, - AwsSettingsV1 { - region: Some(SingleLineString::try_from("us-east-1").unwrap()), - config: Some(ValidBase64::try_from("Zm9vCg==").unwrap()), - credentials: Some(ValidBase64::try_from("Zm9vCg==").unwrap()), - profile: Some(SingleLineString::try_from("foo").unwrap()), - } - ); - } -} diff --git a/sources/settings-extensions/aws/src/main.rs b/sources/settings-extensions/aws/src/main.rs deleted file mode 100644 index 4786981b5..000000000 --- a/sources/settings-extensions/aws/src/main.rs +++ /dev/null @@ -1,18 +0,0 @@ -use bottlerocket_settings_sdk::{BottlerocketSetting, NullMigratorExtensionBuilder}; -use settings_extension_aws::AwsSettingsV1; -use std::process::ExitCode; - -fn main() -> ExitCode { - env_logger::init(); - - match NullMigratorExtensionBuilder::with_name("aws") - .with_models(vec![BottlerocketSetting::::model()]) - .build() - { - Ok(extension) => extension.run(), - Err(e) => { - println!("{}", e); - ExitCode::FAILURE - } - } -} diff --git a/sources/settings-extensions/bootstrap-containers/Cargo.toml b/sources/settings-extensions/bootstrap-containers/Cargo.toml deleted file mode 100644 index 860f2142e..000000000 --- a/sources/settings-extensions/bootstrap-containers/Cargo.toml +++ /dev/null @@ -1,19 +0,0 @@ -[package] -name = "settings-extension-bootstrap-containers" -version = "0.1.0" -authors = ["Gaurav Sharma "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false - -[dependencies] -env_logger = "0.10" -modeled-types = { path = "../../models/modeled-types", version = "0.1" } -model-derive = { path = "../../models/model-derive", version = "0.1" } -serde = { version = "1", features = ["derive"] } -serde_json = "1" - -[dependencies.bottlerocket-settings-sdk] -git = "https://github.com/bottlerocket-os/bottlerocket-settings-sdk" -tag = "bottlerocket-settings-sdk-v0.1.0" -version = "0.1.0" diff --git a/sources/settings-extensions/bootstrap-containers/bootstrap-containers.toml b/sources/settings-extensions/bootstrap-containers/bootstrap-containers.toml deleted file mode 100644 index 727dfb274..000000000 --- a/sources/settings-extensions/bootstrap-containers/bootstrap-containers.toml +++ /dev/null @@ -1,13 +0,0 @@ -[extension] -supported-versions = [ - "v1" -] -default-version = "v1" - -[v1] -[v1.validation.cross-validates] - -[v1.templating] -helpers = [] - -[v1.generation.requires] diff --git a/sources/settings-extensions/bootstrap-containers/src/lib.rs b/sources/settings-extensions/bootstrap-containers/src/lib.rs deleted file mode 100644 index 6d432a3a9..000000000 --- a/sources/settings-extensions/bootstrap-containers/src/lib.rs +++ /dev/null @@ -1,137 +0,0 @@ -/// Settings related to bootstrap containers. -use bottlerocket_settings_sdk::{GenerateResult, SettingsModel}; -use model_derive::model; -use modeled_types::{BootstrapContainerMode, Identifier, Url, ValidBase64}; -use serde::{Deserialize, Deserializer, Serialize, Serializer}; -use std::{collections::HashMap, convert::Infallible}; - -#[derive(Clone, Debug, Default, PartialEq)] -pub struct BootstrapContainersSettingsV1 { - pub bootstrap_containers: HashMap, -} - -// Custom serializer/deserializer added to maintain backwards -// compatibility with models created prior to settings extensions. -impl Serialize for BootstrapContainersSettingsV1 { - fn serialize(&self, serializer: S) -> std::result::Result - where - S: Serializer, - { - self.bootstrap_containers.serialize(serializer) - } -} - -impl<'de> Deserialize<'de> for BootstrapContainersSettingsV1 { - fn deserialize(deserializer: D) -> std::result::Result - where - D: Deserializer<'de>, - { - let bootstrap_containers = HashMap::deserialize(deserializer)?; - Ok(Self { - bootstrap_containers, - }) - } -} - -#[model(impl_default = true)] -struct BootstrapContainer { - source: Url, - mode: BootstrapContainerMode, - user_data: ValidBase64, - essential: bool, -} - -type Result = std::result::Result; - -impl SettingsModel for BootstrapContainersSettingsV1 { - type PartialKind = Self; - type ErrorKind = Infallible; - - fn get_version() -> &'static str { - "v1" - } - - fn set(_current_value: Option, _target: Self) -> Result<()> { - // Set anything that parses as BootstrapContainersSettingsV1. - Ok(()) - } - - fn generate( - existing_partial: Option, - _dependent_settings: Option, - ) -> Result> { - Ok(GenerateResult::Complete( - existing_partial.unwrap_or_default(), - )) - } - - fn validate(_value: Self, _validated_settings: Option) -> Result<()> { - // Validate anything that parses as BootstrapContainersSettingsV1. - Ok(()) - } -} - -#[cfg(test)] -mod test { - use super::*; - use serde_json::json; - - #[test] - fn test_generate_bootstrap_container_settings() { - let generated = BootstrapContainersSettingsV1::generate(None, None).unwrap(); - - assert_eq!( - generated, - GenerateResult::Complete(BootstrapContainersSettingsV1 { - bootstrap_containers: HashMap::new(), - }) - ) - } - - #[test] - fn test_serde_bootstrap_container() { - let test_json = json!({ - "mybootstrap": { - "source": "uri.to.container.in.oci-compatible-registry.example.com/foo:1.0.0", - "mode": "once", - "user-data": "dXNlcmRhdGE=", - "essential": true, - } - }); - - let test_json_str = test_json.to_string(); - - let bootstrap_containers: BootstrapContainersSettingsV1 = - serde_json::from_str(&test_json_str).unwrap(); - - let mut expected_bootstrap_container: HashMap = - HashMap::new(); - expected_bootstrap_container.insert( - Identifier::try_from("mybootstrap").unwrap(), - BootstrapContainer { - source: Some( - Url::try_from( - "uri.to.container.in.oci-compatible-registry.example.com/foo:1.0.0", - ) - .unwrap(), - ), - mode: Some(BootstrapContainerMode::try_from("once").unwrap()), - user_data: Some(ValidBase64::try_from("dXNlcmRhdGE=").unwrap()), - essential: Some(true), - }, - ); - - assert_eq!( - bootstrap_containers, - BootstrapContainersSettingsV1 { - bootstrap_containers: expected_bootstrap_container - } - ); - - let serialized_json: serde_json::Value = serde_json::to_string(&bootstrap_containers) - .map(|s| serde_json::from_str(&s).unwrap()) - .unwrap(); - - assert_eq!(serialized_json, test_json); - } -} diff --git a/sources/settings-extensions/bootstrap-containers/src/main.rs b/sources/settings-extensions/bootstrap-containers/src/main.rs deleted file mode 100644 index a85c55128..000000000 --- a/sources/settings-extensions/bootstrap-containers/src/main.rs +++ /dev/null @@ -1,20 +0,0 @@ -use bottlerocket_settings_sdk::{BottlerocketSetting, NullMigratorExtensionBuilder}; -use settings_extension_bootstrap_containers::BootstrapContainersSettingsV1; -use std::process::ExitCode; - -fn main() -> ExitCode { - env_logger::init(); - - match NullMigratorExtensionBuilder::with_name("bootstrap-containers") - .with_models(vec![ - BottlerocketSetting::::model(), - ]) - .build() - { - Ok(extension) => extension.run(), - Err(e) => { - println!("{}", e); - ExitCode::FAILURE - } - } -} diff --git a/sources/settings-extensions/cloudformation/Cargo.toml b/sources/settings-extensions/cloudformation/Cargo.toml deleted file mode 100644 index 2dba2e0ac..000000000 --- a/sources/settings-extensions/cloudformation/Cargo.toml +++ /dev/null @@ -1,19 +0,0 @@ -[package] -name = "settings-extension-cloudformation" -version = "0.1.0" -authors = ["Gaurav Sharma "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false - -[dependencies] -env_logger = "0.10" -modeled-types = { path = "../../models/modeled-types", version = "0.1" } -model-derive = { path = "../../models/model-derive", version = "0.1" } -serde = { version = "1", features = ["derive"] } -serde_json = "1" - -[dependencies.bottlerocket-settings-sdk] -git = "https://github.com/bottlerocket-os/bottlerocket-settings-sdk" -tag = "bottlerocket-settings-sdk-v0.1.0" -version = "0.1.0" diff --git a/sources/settings-extensions/cloudformation/cloudformation.toml b/sources/settings-extensions/cloudformation/cloudformation.toml deleted file mode 100644 index 727dfb274..000000000 --- a/sources/settings-extensions/cloudformation/cloudformation.toml +++ /dev/null @@ -1,13 +0,0 @@ -[extension] -supported-versions = [ - "v1" -] -default-version = "v1" - -[v1] -[v1.validation.cross-validates] - -[v1.templating] -helpers = [] - -[v1.generation.requires] diff --git a/sources/settings-extensions/cloudformation/src/lib.rs b/sources/settings-extensions/cloudformation/src/lib.rs deleted file mode 100644 index 2ebab6918..000000000 --- a/sources/settings-extensions/cloudformation/src/lib.rs +++ /dev/null @@ -1,89 +0,0 @@ -///Settings related to CloudFormation signaling -use bottlerocket_settings_sdk::{GenerateResult, SettingsModel}; -use model_derive::model; -use modeled_types::SingleLineString; -use std::convert::Infallible; - -#[model(impl_default = true)] -pub struct CloudFormationSettingsV1 { - should_signal: bool, - stack_name: SingleLineString, - logical_resource_id: SingleLineString, -} - -type Result = std::result::Result; - -impl SettingsModel for CloudFormationSettingsV1 { - type PartialKind = Self; - type ErrorKind = Infallible; - - fn get_version() -> &'static str { - "v1" - } - - fn set(_current_value: Option, _target: Self) -> Result<()> { - // Set anything that can be parsed as CloudFormationSettingsV1. - Ok(()) - } - - fn generate( - existing_partial: Option, - _dependent_settings: Option, - ) -> Result> { - Ok(GenerateResult::Complete( - existing_partial.unwrap_or_default(), - )) - } - - fn validate(_value: Self, _validated_settings: Option) -> Result<()> { - // CloudFormationSettingsV1 is validated during deserialization. - Ok(()) - } -} - -#[cfg(test)] -mod test { - use super::*; - use serde_json::json; - - #[test] - fn test_generate_cloudformation_settings() { - assert_eq!( - CloudFormationSettingsV1::generate(None, None), - Ok(GenerateResult::Complete(CloudFormationSettingsV1 { - should_signal: None, - stack_name: None, - logical_resource_id: None, - })) - ) - } - - #[test] - fn test_serde_cloudformation() { - let test_json = json!({ - "logical-resource-id": "MyEC2Instance", - "should-signal":true, - "stack-name":"MyStack" - }); - - let test_json_str = test_json.to_string(); - - let cloudformation_settings: CloudFormationSettingsV1 = - serde_json::from_str(&test_json_str).unwrap(); - - assert_eq!( - cloudformation_settings, - CloudFormationSettingsV1 { - logical_resource_id: Some(SingleLineString::try_from("MyEC2Instance").unwrap()), - should_signal: Some(true), - stack_name: Some(SingleLineString::try_from("MyStack").unwrap()) - } - ); - - let serialized_json: serde_json::Value = serde_json::to_string(&cloudformation_settings) - .map(|s| serde_json::from_str(&s).unwrap()) - .unwrap(); - - assert_eq!(serialized_json, test_json); - } -} diff --git a/sources/settings-extensions/cloudformation/src/main.rs b/sources/settings-extensions/cloudformation/src/main.rs deleted file mode 100644 index f6aaaa178..000000000 --- a/sources/settings-extensions/cloudformation/src/main.rs +++ /dev/null @@ -1,20 +0,0 @@ -use bottlerocket_settings_sdk::{BottlerocketSetting, NullMigratorExtensionBuilder}; -use settings_extension_cloudformation::CloudFormationSettingsV1; -use std::process::ExitCode; - -fn main() -> ExitCode { - env_logger::init(); - - match NullMigratorExtensionBuilder::with_name("cloudformation") - .with_models(vec![ - BottlerocketSetting::::model(), - ]) - .build() - { - Ok(extension) => extension.run(), - Err(e) => { - println!("{}", e); - ExitCode::FAILURE - } - } -} diff --git a/sources/settings-extensions/container-registry/Cargo.toml b/sources/settings-extensions/container-registry/Cargo.toml deleted file mode 100644 index c7b86218b..000000000 --- a/sources/settings-extensions/container-registry/Cargo.toml +++ /dev/null @@ -1,19 +0,0 @@ -[package] -name = "settings-extension-container-registry" -version = "0.1.0" -authors = ["Sam Berning "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false - -[dependencies] -env_logger = "0.10" -modeled-types = { path = "../../models/modeled-types", version = "0.1" } -model-derive = { path = "../../models/model-derive", version = "0.1" } -serde = { version = "1", features = ["derive"] } -serde_json = "1" - -[dependencies.bottlerocket-settings-sdk] -git = "https://github.com/bottlerocket-os/bottlerocket-settings-sdk" -tag = "bottlerocket-settings-sdk-v0.1.0" -version = "0.1.0" diff --git a/sources/settings-extensions/container-registry/container-registry.toml b/sources/settings-extensions/container-registry/container-registry.toml deleted file mode 100644 index 727dfb274..000000000 --- a/sources/settings-extensions/container-registry/container-registry.toml +++ /dev/null @@ -1,13 +0,0 @@ -[extension] -supported-versions = [ - "v1" -] -default-version = "v1" - -[v1] -[v1.validation.cross-validates] - -[v1.templating] -helpers = [] - -[v1.generation.requires] diff --git a/sources/settings-extensions/container-registry/src/de.rs b/sources/settings-extensions/container-registry/src/de.rs deleted file mode 100644 index 8be4dd3ed..000000000 --- a/sources/settings-extensions/container-registry/src/de.rs +++ /dev/null @@ -1,47 +0,0 @@ -use crate::RegistryMirrorV1; -use serde::de::value::SeqAccessDeserializer; -use serde::de::{MapAccess, SeqAccess, Visitor}; -use serde::{Deserialize, Deserializer}; -use std::fmt::Formatter; - -// Our standard representation of registry mirrors is a `Vec` of `RegistryMirror`; for backward compatibility, we also allow a `HashMap` of registry to endpoints. -pub(crate) fn deserialize_mirrors<'de, D>( - deserializer: D, -) -> Result>, D::Error> -where - D: Deserializer<'de>, -{ - struct TableOrArray; - - impl<'de> Visitor<'de> for TableOrArray { - type Value = Option>; - - fn expecting(&self, formatter: &mut Formatter) -> std::fmt::Result { - formatter.write_str("TOML array or TOML table") - } - - fn visit_seq(self, seq: A) -> Result - where - A: SeqAccess<'de>, - { - Ok(Some(Deserialize::deserialize(SeqAccessDeserializer::new( - seq, - ))?)) - } - - fn visit_map(self, mut map: M) -> Result - where - M: MapAccess<'de>, - { - let mut vec = Vec::new(); - while let Some((k, v)) = map.next_entry()? { - vec.push(RegistryMirrorV1 { - registry: Some(k), - endpoint: Some(v), - }); - } - Ok(Some(vec)) - } - } - deserializer.deserialize_any(TableOrArray) -} diff --git a/sources/settings-extensions/container-registry/src/lib.rs b/sources/settings-extensions/container-registry/src/lib.rs deleted file mode 100644 index 5d6483127..000000000 --- a/sources/settings-extensions/container-registry/src/lib.rs +++ /dev/null @@ -1,129 +0,0 @@ -/// The container-registry settings can be used to configure settings related to container -/// registries, including credentials for logging into a registry, or mirrors to use when -/// pulling from a registry. -mod de; - -use crate::de::deserialize_mirrors; -use bottlerocket_settings_sdk::{GenerateResult, SettingsModel}; -use model_derive::model; -use modeled_types::{SingleLineString, Url, ValidBase64}; -use std::convert::Infallible; - -#[model(impl_default = true)] -struct RegistryMirrorV1 { - registry: SingleLineString, - endpoint: Vec, -} - -#[model(impl_default = true)] -struct RegistryCredentialV1 { - registry: SingleLineString, - username: SingleLineString, - password: SingleLineString, - // This is the base64 encoding of "username:password" - auth: ValidBase64, - identitytoken: SingleLineString, -} - -#[model(impl_default = true)] -struct RegistrySettingsV1 { - #[serde( - default, - skip_serializing_if = "Option::is_none", - deserialize_with = "deserialize_mirrors" - )] - mirrors: Vec, - #[serde(alias = "creds", default, skip_serializing_if = "Option::is_none")] - credentials: Vec, -} - -type Result = std::result::Result; - -impl SettingsModel for RegistrySettingsV1 { - type PartialKind = Self; - type ErrorKind = Infallible; - - fn get_version() -> &'static str { - "v1" - } - - fn set( - _current_value: Option, - _target: Self, - ) -> std::result::Result<(), Self::ErrorKind> { - // Anything that correctly deserializes to RegistrySettingsV1 is ok - Ok(()) - } - - fn generate( - existing_partial: Option, - _dependent_settings: Option, - ) -> Result> { - Ok(GenerateResult::Complete( - existing_partial.unwrap_or_default(), - )) - } - - fn validate( - _value: Self, - _validated_settings: Option, - ) -> std::result::Result<(), Self::ErrorKind> { - Ok(()) - } -} - -#[cfg(test)] -mod test { - use super::*; - - #[test] - fn test_generate_container_registry_settings() { - assert_eq!( - RegistrySettingsV1::generate(None, None), - Ok(GenerateResult::Complete(RegistrySettingsV1 { - mirrors: None, - credentials: None, - })) - ) - } - - #[test] - fn test_serde_container_registry_with_mirrors() { - let test_json = - r#"{"mirrors": [{"registry": "foo", "endpoint": ["https://example.net"]}]}"#; - - let container_registry: RegistrySettingsV1 = serde_json::from_str(test_json).unwrap(); - let mirrors = container_registry.mirrors.unwrap(); - - assert_eq!(mirrors.len(), 1); - assert_eq!( - mirrors[0].registry.clone().unwrap(), - SingleLineString::try_from("foo").unwrap(), - ); - assert_eq!( - mirrors[0].endpoint.clone().unwrap(), - vec!(Url::try_from("https://example.net").unwrap()), - ); - } - - #[test] - fn test_serde_container_registry_with_credentials() { - let test_json = r#"{"credentials": [{"registry": "foo", "auth": "Ym90dGxlcm9ja2V0"}]}"#; - - let container_registry: RegistrySettingsV1 = serde_json::from_str(test_json).unwrap(); - let credentials = container_registry.credentials.unwrap(); - - assert_eq!(credentials.len(), 1); - assert_eq!( - credentials[0].registry.clone().unwrap(), - SingleLineString::try_from("foo").unwrap(), - ); - assert_eq!( - credentials[0].auth.clone().unwrap(), - ValidBase64::try_from("Ym90dGxlcm9ja2V0").unwrap(), - ); - assert!(credentials[0].username.is_none()); - assert!(credentials[0].password.is_none()); - assert!(credentials[0].identitytoken.is_none()); - } -} diff --git a/sources/settings-extensions/container-registry/src/main.rs b/sources/settings-extensions/container-registry/src/main.rs deleted file mode 100644 index 84801723d..000000000 --- a/sources/settings-extensions/container-registry/src/main.rs +++ /dev/null @@ -1,18 +0,0 @@ -use bottlerocket_settings_sdk::{BottlerocketSetting, NullMigratorExtensionBuilder}; -use settings_extension_container_registry::RegistrySettingsV1; -use std::process::ExitCode; - -fn main() -> ExitCode { - env_logger::init(); - - match NullMigratorExtensionBuilder::with_name("container-registry") - .with_models(vec![BottlerocketSetting::::model()]) - .build() - { - Ok(extension) => extension.run(), - Err(e) => { - println!("{}", e); - ExitCode::FAILURE - } - } -} diff --git a/sources/settings-extensions/container-runtime/Cargo.toml b/sources/settings-extensions/container-runtime/Cargo.toml deleted file mode 100644 index bacc9deda..000000000 --- a/sources/settings-extensions/container-runtime/Cargo.toml +++ /dev/null @@ -1,19 +0,0 @@ -[package] -name = "settings-extension-container-runtime" -version = "0.1.0" -authors = ["Gaurav Sharma "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false - -[dependencies] -env_logger = "0.10" -modeled-types = { path = "../../models/modeled-types", version = "0.1" } -model-derive = { path = "../../models/model-derive", version = "0.1" } -serde = { version = "1", features = ["derive"] } -serde_json = "1" - -[dependencies.bottlerocket-settings-sdk] -git = "https://github.com/bottlerocket-os/bottlerocket-settings-sdk" -tag = "bottlerocket-settings-sdk-v0.1.0" -version = "0.1.0" diff --git a/sources/settings-extensions/container-runtime/container-runtime.toml b/sources/settings-extensions/container-runtime/container-runtime.toml deleted file mode 100644 index 727dfb274..000000000 --- a/sources/settings-extensions/container-runtime/container-runtime.toml +++ /dev/null @@ -1,13 +0,0 @@ -[extension] -supported-versions = [ - "v1" -] -default-version = "v1" - -[v1] -[v1.validation.cross-validates] - -[v1.templating] -helpers = [] - -[v1.generation.requires] diff --git a/sources/settings-extensions/container-runtime/src/lib.rs b/sources/settings-extensions/container-runtime/src/lib.rs deleted file mode 100644 index d47ec522d..000000000 --- a/sources/settings-extensions/container-runtime/src/lib.rs +++ /dev/null @@ -1,92 +0,0 @@ -///Settings related to Container Runtime -use bottlerocket_settings_sdk::{GenerateResult, SettingsModel}; -use model_derive::model; -use std::convert::Infallible; - -#[model(impl_default = true)] -pub struct ContainerRuntimeSettingsV1 { - max_container_log_line_size: i32, - max_concurrent_downloads: i32, - enable_unprivileged_ports: bool, - enable_unprivileged_icmp: bool, -} - -type Result = std::result::Result; - -impl SettingsModel for ContainerRuntimeSettingsV1 { - type PartialKind = Self; - type ErrorKind = Infallible; - - fn get_version() -> &'static str { - "v1" - } - - fn set(_current_value: Option, _target: Self) -> Result<()> { - // Set anything that can be parsed as ContainerRuntimeSettingsV1. - Ok(()) - } - - fn generate( - existing_partial: Option, - _dependent_settings: Option, - ) -> Result> { - Ok(GenerateResult::Complete( - existing_partial.unwrap_or_default(), - )) - } - - fn validate(_value: Self, _validated_settings: Option) -> Result<()> { - // ContainerRuntimeSettingsV1 is validated during deserialization. - Ok(()) - } -} - -#[cfg(test)] -mod test { - use super::*; - use serde_json::json; - - #[test] - fn test_generate_container_runtime_settings() { - assert_eq!( - ContainerRuntimeSettingsV1::generate(None, None), - Ok(GenerateResult::Complete(ContainerRuntimeSettingsV1 { - max_container_log_line_size: None, - max_concurrent_downloads: None, - enable_unprivileged_ports: None, - enable_unprivileged_icmp: None, - })) - ) - } - - #[test] - fn test_serde_container_runtime() { - let test_json = json!({ - "max-container-log-line-size": 1024, - "max-concurrent-downloads": 5, - "enable-unprivileged-ports": true, - "enable-unprivileged-icmp": false - }); - - let test_json_str = test_json.to_string(); - - let container_runtime_settings: ContainerRuntimeSettingsV1 = - serde_json::from_str(&test_json_str).unwrap(); - - assert_eq!( - container_runtime_settings, - ContainerRuntimeSettingsV1 { - max_container_log_line_size: Some(1024), - max_concurrent_downloads: Some(5), - enable_unprivileged_ports: Some(true), - enable_unprivileged_icmp: Some(false), - } - ); - - let serialized_json: serde_json::Value = serde_json::to_string(&container_runtime_settings) - .map(|s| serde_json::from_str(&s).unwrap()) - .unwrap(); - - assert_eq!(serialized_json, test_json); - } -} diff --git a/sources/settings-extensions/container-runtime/src/main.rs b/sources/settings-extensions/container-runtime/src/main.rs deleted file mode 100644 index 0a1b034a2..000000000 --- a/sources/settings-extensions/container-runtime/src/main.rs +++ /dev/null @@ -1,20 +0,0 @@ -use bottlerocket_settings_sdk::{BottlerocketSetting, NullMigratorExtensionBuilder}; -use settings_extension_container_runtime::ContainerRuntimeSettingsV1; -use std::process::ExitCode; - -fn main() -> ExitCode { - env_logger::init(); - - match NullMigratorExtensionBuilder::with_name("container-runtime") - .with_models(vec![ - BottlerocketSetting::::model(), - ]) - .build() - { - Ok(extension) => extension.run(), - Err(e) => { - println!("{}", e); - ExitCode::FAILURE - } - } -} diff --git a/sources/settings-extensions/dns/Cargo.toml b/sources/settings-extensions/dns/Cargo.toml deleted file mode 100644 index f3655ddad..000000000 --- a/sources/settings-extensions/dns/Cargo.toml +++ /dev/null @@ -1,19 +0,0 @@ -[package] -name = "settings-extension-dns" -version = "0.1.0" -authors = ["Gaurav Sharma "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false - -[dependencies] -env_logger = "0.10" -modeled-types = { path = "../../models/modeled-types", version = "0.1" } -model-derive = { path = "../../models/model-derive", version = "0.1" } -serde = { version = "1", features = ["derive"] } -serde_json = "1" - -[dependencies.bottlerocket-settings-sdk] -git = "https://github.com/bottlerocket-os/bottlerocket-settings-sdk" -tag = "bottlerocket-settings-sdk-v0.1.0" -version = "0.1.0" diff --git a/sources/settings-extensions/dns/dns.toml b/sources/settings-extensions/dns/dns.toml deleted file mode 100644 index 727dfb274..000000000 --- a/sources/settings-extensions/dns/dns.toml +++ /dev/null @@ -1,13 +0,0 @@ -[extension] -supported-versions = [ - "v1" -] -default-version = "v1" - -[v1] -[v1.validation.cross-validates] - -[v1.templating] -helpers = [] - -[v1.generation.requires] diff --git a/sources/settings-extensions/dns/src/lib.rs b/sources/settings-extensions/dns/src/lib.rs deleted file mode 100644 index 6fd940f60..000000000 --- a/sources/settings-extensions/dns/src/lib.rs +++ /dev/null @@ -1,84 +0,0 @@ -/// Settings related to custom DNS settings -use bottlerocket_settings_sdk::{GenerateResult, SettingsModel}; -use model_derive::model; -use modeled_types::ValidLinuxHostname; -use std::convert::Infallible; -use std::net::IpAddr; - -#[model(impl_default = true)] -pub struct DnsSettingsV1 { - name_servers: Vec, - search_list: Vec, -} - -type Result = std::result::Result; - -impl SettingsModel for DnsSettingsV1 { - type PartialKind = Self; - type ErrorKind = Infallible; - - fn get_version() -> &'static str { - "v1" - } - - fn set(_current_value: Option, _target: Self) -> Result<()> { - // Set anything that can be parsed as DnsSettingsV1. - Ok(()) - } - - fn generate( - existing_partial: Option, - _dependent_settings: Option, - ) -> Result> { - Ok(GenerateResult::Complete( - existing_partial.unwrap_or_default(), - )) - } - - fn validate(_value: Self, _validated_settings: Option) -> Result<()> { - // DnsSettingsV1 is validated during deserialization. - Ok(()) - } -} - -#[cfg(test)] -mod test { - use super::*; - use std::str::FromStr; - - #[test] - fn test_generate_dns_settings() { - assert_eq!( - DnsSettingsV1::generate(None, None), - Ok(GenerateResult::Complete(DnsSettingsV1 { - name_servers: None, - search_list: None, - })) - ) - } - - #[test] - fn test_serde_dns() { - let test_json = - r#"{"name-servers":["1.2.3.4","5.6.7.8"],"search-list":["foo.bar","baz.foo"]}"#; - - let dns: DnsSettingsV1 = serde_json::from_str(test_json).unwrap(); - assert_eq!( - dns.name_servers.clone().unwrap(), - vec!( - IpAddr::from_str("1.2.3.4").unwrap(), - IpAddr::from_str("5.6.7.8").unwrap(), - ) - ); - assert_eq!( - dns.search_list.clone().unwrap(), - vec!( - ValidLinuxHostname::try_from("foo.bar").unwrap(), - ValidLinuxHostname::try_from("baz.foo").unwrap(), - ) - ); - - let results = serde_json::to_string(&dns).unwrap(); - assert_eq!(results, test_json); - } -} diff --git a/sources/settings-extensions/dns/src/main.rs b/sources/settings-extensions/dns/src/main.rs deleted file mode 100644 index ebd3da559..000000000 --- a/sources/settings-extensions/dns/src/main.rs +++ /dev/null @@ -1,18 +0,0 @@ -use bottlerocket_settings_sdk::{BottlerocketSetting, NullMigratorExtensionBuilder}; -use settings_extension_dns::DnsSettingsV1; -use std::process::ExitCode; - -fn main() -> ExitCode { - env_logger::init(); - - match NullMigratorExtensionBuilder::with_name("dns") - .with_models(vec![BottlerocketSetting::::model()]) - .build() - { - Ok(extension) => extension.run(), - Err(e) => { - println!("{}", e); - ExitCode::FAILURE - } - } -} diff --git a/sources/settings-extensions/ecs/Cargo.toml b/sources/settings-extensions/ecs/Cargo.toml deleted file mode 100644 index 75223a6a7..000000000 --- a/sources/settings-extensions/ecs/Cargo.toml +++ /dev/null @@ -1,19 +0,0 @@ -[package] -name = "settings-extension-ecs" -version = "0.1.0" -authors = ["Gaurav Sharma "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false - -[dependencies] -env_logger = "0.10" -modeled-types = { path = "../../models/modeled-types", version = "0.1" } -model-derive = { path = "../../models/model-derive", version = "0.1" } -serde = { version = "1", features = ["derive"] } -serde_json = "1" - -[dependencies.bottlerocket-settings-sdk] -git = "https://github.com/bottlerocket-os/bottlerocket-settings-sdk" -tag = "bottlerocket-settings-sdk-v0.1.0" -version = "0.1.0" diff --git a/sources/settings-extensions/ecs/ecs.toml b/sources/settings-extensions/ecs/ecs.toml deleted file mode 100644 index 727dfb274..000000000 --- a/sources/settings-extensions/ecs/ecs.toml +++ /dev/null @@ -1,13 +0,0 @@ -[extension] -supported-versions = [ - "v1" -] -default-version = "v1" - -[v1] -[v1.validation.cross-validates] - -[v1.templating] -helpers = [] - -[v1.generation.requires] diff --git a/sources/settings-extensions/ecs/src/lib.rs b/sources/settings-extensions/ecs/src/lib.rs deleted file mode 100644 index f94840395..000000000 --- a/sources/settings-extensions/ecs/src/lib.rs +++ /dev/null @@ -1,171 +0,0 @@ -/// Settings related to Amazon ECS -use bottlerocket_settings_sdk::{GenerateResult, SettingsModel}; -use model_derive::model; -use modeled_types::{ - ECSAgentImagePullBehavior, ECSAgentLogLevel, ECSAttributeKey, ECSAttributeValue, - ECSDurationValue, SingleLineString, -}; -use std::{collections::HashMap, convert::Infallible}; - -#[model(impl_default = true)] -pub struct ECSSettingsV1 { - cluster: String, - instance_attributes: HashMap, - allow_privileged_containers: bool, - logging_drivers: Vec, - loglevel: ECSAgentLogLevel, - enable_spot_instance_draining: bool, - image_pull_behavior: ECSAgentImagePullBehavior, - container_stop_timeout: ECSDurationValue, - task_cleanup_wait: ECSDurationValue, - metadata_service_rps: i64, - metadata_service_burst: i64, - reserved_memory: u16, - image_cleanup_wait: ECSDurationValue, - image_cleanup_delete_per_cycle: i64, - image_cleanup_enabled: bool, - image_cleanup_age: ECSDurationValue, - backend_host: String, - awsvpc_block_imds: bool, - enable_container_metadata: bool, -} - -type Result = std::result::Result; - -impl SettingsModel for ECSSettingsV1 { - type PartialKind = Self; - type ErrorKind = Infallible; - - fn get_version() -> &'static str { - "v1" - } - - fn set(_current_value: Option, _target: Self) -> Result<()> { - // Set anything that can be parsed as ECSSettingsV1. - Ok(()) - } - - fn generate( - existing_partial: Option, - _dependent_settings: Option, - ) -> Result> { - Ok(GenerateResult::Complete( - existing_partial.unwrap_or_default(), - )) - } - - fn validate(_value: Self, _validated_settings: Option) -> Result<()> { - // ECSSettingsV1 is validated during deserialization. - Ok(()) - } -} - -#[cfg(test)] -mod test { - use super::*; - use serde_json::json; - - #[test] - fn test_generate_ecs_settings() { - assert_eq!( - ECSSettingsV1::generate(None, None), - Ok(GenerateResult::Complete(ECSSettingsV1 { - cluster: None, - instance_attributes: None, - allow_privileged_containers: None, - logging_drivers: None, - loglevel: None, - enable_spot_instance_draining: None, - image_pull_behavior: None, - container_stop_timeout: None, - task_cleanup_wait: None, - metadata_service_rps: None, - metadata_service_burst: None, - reserved_memory: None, - image_cleanup_wait: None, - image_cleanup_delete_per_cycle: None, - image_cleanup_enabled: None, - image_cleanup_age: None, - backend_host: None, - awsvpc_block_imds: None, - enable_container_metadata: None, - })) - ) - } - - #[test] - fn test_serde_ecs() { - let test_json = json!({ - "cluster": "test-cluster", - "instance-attributes": { - "attribute1": "value1", - "attribute2": "value2" - }, - "allow-privileged-containers": true, - "logging-drivers": ["json-file", "awslogs"], - "loglevel": "info", - "enable-spot-instance-draining": true, - "image-pull-behavior": "always", - "container-stop-timeout": "30s", - "task-cleanup-wait": "1h", - "metadata-service-rps": 50, - "metadata-service-burst": 100, - "reserved-memory": 512, - "image-cleanup-wait": "1h", - "image-cleanup-delete-per-cycle": 2, - "image-cleanup-enabled": true, - "image-cleanup-age": "1h", - "backend-host": "ecs.us-east-1.amazonaws.com", - "awsvpc-block-imds": true, - "enable-container-metadata": true, - }); - - let test_json_str = test_json.to_string(); - - let ecs_settings: ECSSettingsV1 = serde_json::from_str(&test_json_str).unwrap(); - - let mut expected_instance_attributes: HashMap = - HashMap::new(); - expected_instance_attributes.insert( - ECSAttributeKey::try_from("attribute1").unwrap(), - ECSAttributeValue::try_from("value1").unwrap(), - ); - expected_instance_attributes.insert( - ECSAttributeKey::try_from("attribute2").unwrap(), - ECSAttributeValue::try_from("value2").unwrap(), - ); - - let expected_ecs_settings = ECSSettingsV1 { - cluster: Some("test-cluster".to_string()), - instance_attributes: Some(expected_instance_attributes), - allow_privileged_containers: Some(true), - logging_drivers: Some(vec![ - SingleLineString::try_from("json-file").unwrap(), - SingleLineString::try_from("awslogs").unwrap(), - ]), - loglevel: Some(ECSAgentLogLevel::Info), - enable_spot_instance_draining: Some(true), - image_pull_behavior: Some(ECSAgentImagePullBehavior::Always), - container_stop_timeout: Some(ECSDurationValue::try_from("30s").unwrap()), - task_cleanup_wait: Some(ECSDurationValue::try_from("1h").unwrap()), - metadata_service_rps: Some(50), - metadata_service_burst: Some(100), - reserved_memory: Some(512), - image_cleanup_wait: Some(ECSDurationValue::try_from("1h").unwrap()), - image_cleanup_delete_per_cycle: Some(2), - image_cleanup_enabled: Some(true), - image_cleanup_age: Some(ECSDurationValue::try_from("1h").unwrap()), - backend_host: Some("ecs.us-east-1.amazonaws.com".to_string()), - awsvpc_block_imds: Some(true), - enable_container_metadata: Some(true), - }; - - assert_eq!(ecs_settings, expected_ecs_settings); - - let serialized_json: serde_json::Value = serde_json::to_string(&ecs_settings) - .map(|s| serde_json::from_str(&s).unwrap()) - .unwrap(); - - assert_eq!(serialized_json, test_json); - } -} diff --git a/sources/settings-extensions/ecs/src/main.rs b/sources/settings-extensions/ecs/src/main.rs deleted file mode 100644 index 54e3d5012..000000000 --- a/sources/settings-extensions/ecs/src/main.rs +++ /dev/null @@ -1,18 +0,0 @@ -use bottlerocket_settings_sdk::{BottlerocketSetting, NullMigratorExtensionBuilder}; -use settings_extension_ecs::ECSSettingsV1; -use std::process::ExitCode; - -fn main() -> ExitCode { - env_logger::init(); - - match NullMigratorExtensionBuilder::with_name("ecs") - .with_models(vec![BottlerocketSetting::::model()]) - .build() - { - Ok(extension) => extension.run(), - Err(e) => { - println!("{}", e); - ExitCode::FAILURE - } - } -} diff --git a/sources/settings-extensions/host-containers/Cargo.toml b/sources/settings-extensions/host-containers/Cargo.toml deleted file mode 100644 index df046f524..000000000 --- a/sources/settings-extensions/host-containers/Cargo.toml +++ /dev/null @@ -1,19 +0,0 @@ -[package] -name = "settings-extension-host-containers" -version = "0.1.0" -authors = ["Gaurav Sharma "] -edition = "2021" -license = "Apache-2.0 OR MIT" -publish = false - -[dependencies] -env_logger = "0.10" -modeled-types = { path = "../../models/modeled-types", version = "0.1" } -model-derive = { path = "../../models/model-derive", version = "0.1" } -serde = { version = "1", features = ["derive"] } -serde_json = "1" - -[dependencies.bottlerocket-settings-sdk] -git = "https://github.com/bottlerocket-os/bottlerocket-settings-sdk" -tag = "bottlerocket-settings-sdk-v0.1.0" -version = "0.1.0" diff --git a/sources/settings-extensions/host-containers/host-containers.toml b/sources/settings-extensions/host-containers/host-containers.toml deleted file mode 100644 index 727dfb274..000000000 --- a/sources/settings-extensions/host-containers/host-containers.toml +++ /dev/null @@ -1,13 +0,0 @@ -[extension] -supported-versions = [ - "v1" -] -default-version = "v1" - -[v1] -[v1.validation.cross-validates] - -[v1.templating] -helpers = [] - -[v1.generation.requires] diff --git a/sources/settings-extensions/host-containers/src/lib.rs b/sources/settings-extensions/host-containers/src/lib.rs deleted file mode 100644 index 7ba100702..000000000 --- a/sources/settings-extensions/host-containers/src/lib.rs +++ /dev/null @@ -1,120 +0,0 @@ -/// host-containers settings allow users to configure multiple host containers -use bottlerocket_settings_sdk::{GenerateResult, SettingsModel}; -use model_derive::model; -use modeled_types::{Identifier, Url, ValidBase64}; -use serde::{Deserialize, Deserializer, Serialize, Serializer}; -use std::collections::HashMap; -use std::convert::Infallible; - -#[derive(Clone, Debug, Default, PartialEq)] -pub struct HostContainersSettingsV1 { - pub host_containers: HashMap, -} - -// Custom serializer/deserializer added to maintain backwards -// compatibility with models created prior to settings extensions. -impl Serialize for HostContainersSettingsV1 { - fn serialize(&self, serializer: S) -> std::result::Result - where - S: Serializer, - { - self.host_containers.serialize(serializer) - } -} - -impl<'de> Deserialize<'de> for HostContainersSettingsV1 { - fn deserialize(deserializer: D) -> std::result::Result - where - D: Deserializer<'de>, - { - let host_containers = HashMap::deserialize(deserializer)?; - Ok(Self { host_containers }) - } -} - -#[model(impl_default = true)] -struct HostContainer { - source: Url, - enabled: bool, - superpowered: bool, - user_data: ValidBase64, -} - -type Result = std::result::Result; - -impl SettingsModel for HostContainersSettingsV1 { - type PartialKind = Self; - type ErrorKind = Infallible; - - fn get_version() -> &'static str { - "v1" - } - - fn set(_current_value: Option, _target: Self) -> Result<()> { - // Set anything that can be parsed as HostContainersSettingsV1. - Ok(()) - } - - fn generate( - existing_partial: Option, - _dependent_settings: Option, - ) -> Result> { - Ok(GenerateResult::Complete( - existing_partial.unwrap_or_default(), - )) - } - - fn validate(_value: Self, _validated_settings: Option) -> Result<()> { - // HostContainersSettingsV1 is validated during deserialization. - Ok(()) - } -} - -#[cfg(test)] -mod test { - use super::*; - - #[test] - fn test_generate_host_containers() { - let generated = HostContainersSettingsV1::generate(None, None).unwrap(); - - assert_eq!( - generated, - GenerateResult::Complete(HostContainersSettingsV1 { - host_containers: HashMap::new(), - }) - ) - } - - #[test] - fn test_serde_host_containers() { - let input_json = r#"{ - "foo": { - "source": "public.ecr.aws/example/example", - "enabled": true, - "superpowered": true, - "user-data": "Zm9vCg==" - } - }"#; - - let host_containers: HostContainersSettingsV1 = serde_json::from_str(input_json).unwrap(); - - let mut expected_host_containers: HashMap = HashMap::new(); - expected_host_containers.insert( - Identifier::try_from("foo").unwrap(), - HostContainer { - source: Some(Url::try_from("public.ecr.aws/example/example").unwrap()), - enabled: Some(true), - superpowered: Some(true), - user_data: Some(ValidBase64::try_from("Zm9vCg==").unwrap()), - }, - ); - - assert_eq!( - host_containers, - HostContainersSettingsV1 { - host_containers: expected_host_containers, - } - ); - } -} diff --git a/sources/settings-extensions/host-containers/src/main.rs b/sources/settings-extensions/host-containers/src/main.rs deleted file mode 100644 index e008c5205..000000000 --- a/sources/settings-extensions/host-containers/src/main.rs +++ /dev/null @@ -1,20 +0,0 @@ -use bottlerocket_settings_sdk::{BottlerocketSetting, NullMigratorExtensionBuilder}; -use settings_extension_host_containers::HostContainersSettingsV1; -use std::process::ExitCode; - -fn main() -> ExitCode { - env_logger::init(); - - match NullMigratorExtensionBuilder::with_name("host-containers") - .with_models(vec![ - BottlerocketSetting::::model(), - ]) - .build() - { - Ok(extension) => extension.run(), - Err(e) => { - println!("{}", e); - ExitCode::FAILURE - } - } -} diff --git a/sources/settings-extensions/kernel/Cargo.toml b/sources/settings-extensions/kernel/Cargo.toml deleted file mode 100644 index 1ffd1770a..000000000 --- a/sources/settings-extensions/kernel/Cargo.toml +++ /dev/null @@ -1,19 +0,0 @@ -[package] -name = "settings-extension-kernel" -version = "0.1.0" -authors = ["Sam Berning "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false - -[dependencies] -env_logger = "0.10" -modeled-types = { path = "../../models/modeled-types", version = "0.1" } -model-derive = { path = "../../models/model-derive", version = "0.1" } -serde = { version = "1", features = ["derive"] } -serde_json = "1" - -[dependencies.bottlerocket-settings-sdk] -git = "https://github.com/bottlerocket-os/bottlerocket-settings-sdk" -tag = "bottlerocket-settings-sdk-v0.1.0" -version = "0.1.0" diff --git a/sources/settings-extensions/kernel/kernel.toml b/sources/settings-extensions/kernel/kernel.toml deleted file mode 100644 index 727dfb274..000000000 --- a/sources/settings-extensions/kernel/kernel.toml +++ /dev/null @@ -1,13 +0,0 @@ -[extension] -supported-versions = [ - "v1" -] -default-version = "v1" - -[v1] -[v1.validation.cross-validates] - -[v1.templating] -helpers = [] - -[v1.generation.requires] diff --git a/sources/settings-extensions/kernel/src/lib.rs b/sources/settings-extensions/kernel/src/lib.rs deleted file mode 100644 index e20173ed8..000000000 --- a/sources/settings-extensions/kernel/src/lib.rs +++ /dev/null @@ -1,103 +0,0 @@ -/// The kernel settings can be used to configure settings related to the kernel, e.g. -/// kernel modules -use bottlerocket_settings_sdk::{GenerateResult, SettingsModel}; -use model_derive::model; -use modeled_types::{KmodKey, Lockdown, SysctlKey}; -use std::collections::HashMap; -use std::convert::Infallible; - -#[model(impl_default = true)] -struct KernelSettingsV1 { - lockdown: Lockdown, - modules: HashMap, - // Values are almost always a single line and often just an integer... but not always. - sysctl: HashMap, -} - -#[model] -struct KmodSetting { - allowed: bool, - autoload: bool, -} - -type Result = std::result::Result; - -impl SettingsModel for KernelSettingsV1 { - type PartialKind = Self; - type ErrorKind = Infallible; - - fn get_version() -> &'static str { - "v1" - } - - fn set(_current_value: Option, _target: Self) -> Result<()> { - // allow anything that parses as KernelSettingsV1 - Ok(()) - } - - fn generate( - existing_partial: Option, - _dependent_settings: Option, - ) -> Result> { - Ok(GenerateResult::Complete( - existing_partial.unwrap_or_default(), - )) - } - - fn validate(_value: Self, _validated_settings: Option) -> Result<()> { - Ok(()) - } -} - -#[cfg(test)] -mod test { - use super::*; - - #[test] - fn test_generate_kernel() { - let generated = KernelSettingsV1::generate(None, None).unwrap(); - - assert_eq!( - generated, - GenerateResult::Complete(KernelSettingsV1 { - lockdown: None, - modules: None, - sysctl: None, - }) - ) - } - - #[test] - fn test_serde_kernel() { - let test_json = r#"{ - "lockdown": "integrity", - "modules": {"foo": {"allowed": true, "autoload": true}}, - "sysctl": {"key": "value"} - }"#; - - let kernel: KernelSettingsV1 = serde_json::from_str(test_json).unwrap(); - - let mut modules = HashMap::new(); - modules.insert( - KmodKey::try_from("foo").unwrap(), - KmodSetting { - allowed: Some(true), - autoload: Some(true), - }, - ); - let modules = Some(modules); - - let mut sysctl = HashMap::new(); - sysctl.insert(SysctlKey::try_from("key").unwrap(), String::from("value")); - let sysctl = Some(sysctl); - - assert_eq!( - kernel, - KernelSettingsV1 { - lockdown: Some(Lockdown::try_from("integrity").unwrap()), - modules, - sysctl, - } - ); - } -} diff --git a/sources/settings-extensions/kernel/src/main.rs b/sources/settings-extensions/kernel/src/main.rs deleted file mode 100644 index 1138c3998..000000000 --- a/sources/settings-extensions/kernel/src/main.rs +++ /dev/null @@ -1,18 +0,0 @@ -use bottlerocket_settings_sdk::{BottlerocketSetting, NullMigratorExtensionBuilder}; -use settings_extension_kernel::KernelSettingsV1; -use std::process::ExitCode; - -fn main() -> ExitCode { - env_logger::init(); - - match NullMigratorExtensionBuilder::with_name("kernel") - .with_models(vec![BottlerocketSetting::::model()]) - .build() - { - Ok(extension) => extension.run(), - Err(e) => { - println!("{}", e); - ExitCode::FAILURE - } - } -} diff --git a/sources/settings-extensions/metrics/Cargo.toml b/sources/settings-extensions/metrics/Cargo.toml deleted file mode 100644 index 34e592d84..000000000 --- a/sources/settings-extensions/metrics/Cargo.toml +++ /dev/null @@ -1,19 +0,0 @@ -[package] -name = "settings-extension-metrics" -version = "0.1.0" -authors = ["Sumukh Ballal "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false - -[dependencies] -env_logger = "0.10" -modeled-types = { path = "../../models/modeled-types", version = "0.1" } -model-derive = { path = "../../models/model-derive", version = "0.1" } -serde = { version = "1", features = ["derive"] } -serde_json = "1" - -[dependencies.bottlerocket-settings-sdk] -git = "https://github.com/bottlerocket-os/bottlerocket-settings-sdk" -tag = "bottlerocket-settings-sdk-v0.1.0" -version = "0.1.0" diff --git a/sources/settings-extensions/metrics/metrics.toml b/sources/settings-extensions/metrics/metrics.toml deleted file mode 100644 index 375dcc5b1..000000000 --- a/sources/settings-extensions/metrics/metrics.toml +++ /dev/null @@ -1,14 +0,0 @@ -[extension] -supported-versions = [ - "v1" -] -default-version = "v1" - -[v1] -[v1.validation.cross-validates] - -[v1.templating] -helpers = [] - -[v1.generation.requires] - diff --git a/sources/settings-extensions/metrics/src/lib.rs b/sources/settings-extensions/metrics/src/lib.rs deleted file mode 100644 index 0d7f438a2..000000000 --- a/sources/settings-extensions/metrics/src/lib.rs +++ /dev/null @@ -1,80 +0,0 @@ -/// The aws settings can be used to configure settings related to AWS -use bottlerocket_settings_sdk::{GenerateResult, SettingsModel}; -use model_derive::model; -use modeled_types::Url; -use std::convert::Infallible; - -// Platform-specific settings -#[model(impl_default = true)] -pub struct MetricsSettingsV1 { - metrics_url: Url, - send_metrics: bool, - service_checks: Vec, -} - -type Result = std::result::Result; - -impl SettingsModel for MetricsSettingsV1 { - type PartialKind = Self; - type ErrorKind = Infallible; - - fn get_version() -> &'static str { - "v1" - } - - fn set(_current_value: Option, _target: Self) -> Result<()> { - // allow anything that parses as MetricsSettingsV1 - Ok(()) - } - - fn generate( - existing_partial: Option, - _dependent_settings: Option, - ) -> Result> { - Ok(GenerateResult::Complete( - existing_partial.unwrap_or_default(), - )) - } - - fn validate(_value: Self, _validated_settings: Option) -> Result<()> { - Ok(()) - } -} - -#[cfg(test)] -mod test { - use super::*; - - #[test] - fn test_generate_metrics() { - let generated = MetricsSettingsV1::generate(None, None).unwrap(); - assert_eq!( - generated, - GenerateResult::Complete(MetricsSettingsV1 { - metrics_url: None, - send_metrics: None, - service_checks: None, - }) - ) - } - - #[test] - fn test_serde_metrics() { - let test_json = r#"{"metrics-url":"https://metrics.bottlerocket.aws/v1/metrics","send-metrics":true,"service-checks":["apiserver","chronyd"]}"#; - - let metrics: MetricsSettingsV1 = serde_json::from_str(test_json).unwrap(); - assert_eq!( - metrics, - MetricsSettingsV1 { - metrics_url: Some( - Url::try_from("https://metrics.bottlerocket.aws/v1/metrics").unwrap() - ), - send_metrics: Some(true), - service_checks: Some(vec![String::from("apiserver"), String::from("chronyd")]) - } - ); - - let results = serde_json::to_string(&metrics).unwrap(); - assert_eq!(results, test_json); - } -} diff --git a/sources/settings-extensions/metrics/src/main.rs b/sources/settings-extensions/metrics/src/main.rs deleted file mode 100644 index f919620fb..000000000 --- a/sources/settings-extensions/metrics/src/main.rs +++ /dev/null @@ -1,18 +0,0 @@ -use bottlerocket_settings_sdk::{BottlerocketSetting, NullMigratorExtensionBuilder}; -use settings_extension_metrics::MetricsSettingsV1; -use std::process::ExitCode; - -fn main() -> ExitCode { - env_logger::init(); - - match NullMigratorExtensionBuilder::with_name("metrics") - .with_models(vec![BottlerocketSetting::::model()]) - .build() - { - Ok(extension) => extension.run(), - Err(e) => { - println!("{}", e); - ExitCode::FAILURE - } - } -} diff --git a/sources/settings-extensions/motd/Cargo.toml b/sources/settings-extensions/motd/Cargo.toml deleted file mode 100644 index ed17b0ad3..000000000 --- a/sources/settings-extensions/motd/Cargo.toml +++ /dev/null @@ -1,17 +0,0 @@ -[package] -name = "settings-extension-motd" -version = "0.1.0" -authors = ["Sean P. Kelly "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false - -[dependencies] -serde = { version = "1", features = ["derive"] } -serde_json = "1" -string_impls_for = { version = "0.1", path = "../../models/string_impls_for" } - -[dependencies.bottlerocket-settings-sdk] -git = "https://github.com/bottlerocket-os/bottlerocket-settings-sdk" -tag = "bottlerocket-settings-sdk-v0.1.0" -version = "0.1.0" diff --git a/sources/settings-extensions/motd/motd.toml b/sources/settings-extensions/motd/motd.toml deleted file mode 100644 index 727dfb274..000000000 --- a/sources/settings-extensions/motd/motd.toml +++ /dev/null @@ -1,13 +0,0 @@ -[extension] -supported-versions = [ - "v1" -] -default-version = "v1" - -[v1] -[v1.validation.cross-validates] - -[v1.templating] -helpers = [] - -[v1.generation.requires] diff --git a/sources/settings-extensions/motd/src/lib.rs b/sources/settings-extensions/motd/src/lib.rs deleted file mode 100644 index eecb7c458..000000000 --- a/sources/settings-extensions/motd/src/lib.rs +++ /dev/null @@ -1,92 +0,0 @@ -/// The motd setting is used to set the "message of the day" that is shown to users when logging -/// into the Bottlerocket control container. -use bottlerocket_settings_sdk::{GenerateResult, LinearlyMigrateable, NoMigration, SettingsModel}; -use std::convert::Infallible; -use string_impls_for::string_impls_for; - -#[derive(Clone, Debug, Default, PartialEq, Eq)] -pub struct MotdV1 { - inner: String, -} - -type Result = std::result::Result; - -impl SettingsModel for MotdV1 { - /// We only have one value, so there's no such thing as a partial - type PartialKind = Self; - type ErrorKind = Infallible; - - fn get_version() -> &'static str { - "v1" - } - - fn set(_current_value: Option, _target: Self) -> Result<()> { - // Allow anything that parses as MotdV1 - Ok(()) - } - - fn generate( - existing_partial: Option, - _dependent_settings: Option, - ) -> Result> { - Ok(GenerateResult::Complete( - existing_partial.unwrap_or_default(), - )) - } - - fn validate(_value: Self, _validated_settings: Option) -> Result<()> { - // No need to do any additional validation, any MotdV1 is acceptable - Ok(()) - } -} - -impl LinearlyMigrateable for MotdV1 { - type ForwardMigrationTarget = NoMigration; - type BackwardMigrationTarget = NoMigration; - - fn migrate_forward(&self) -> Result { - NoMigration::no_defined_migration() - } - - fn migrate_backward(&self) -> Result { - NoMigration::no_defined_migration() - } -} - -impl TryFrom<&str> for MotdV1 { - type Error = Infallible; - - fn try_from(input: &str) -> Result { - Ok(MotdV1 { - inner: input.to_string(), - }) - } -} - -string_impls_for!(MotdV1, "MotdV1"); - -#[cfg(test)] -mod test { - use super::*; - - #[test] - fn test_generate_motd() { - assert_eq!( - MotdV1::generate(None, None), - Ok(GenerateResult::Complete(MotdV1 { - inner: "".to_string() - })) - ) - } - - #[test] - fn test_serde_motd() { - let test_json = r#""This is a motd""#; - - let motd: MotdV1 = serde_json::from_str(test_json).unwrap(); - assert_eq!(motd.inner, "This is a motd".to_string()); - - let results = serde_json::to_string(&motd).unwrap(); - assert_eq!(results, test_json); - } -} diff --git a/sources/settings-extensions/motd/src/main.rs b/sources/settings-extensions/motd/src/main.rs deleted file mode 100644 index 3a9a0ae8e..000000000 --- a/sources/settings-extensions/motd/src/main.rs +++ /dev/null @@ -1,16 +0,0 @@ -use bottlerocket_settings_sdk::{BottlerocketSetting, LinearMigratorExtensionBuilder}; -use settings_extension_motd::MotdV1; -use std::process::ExitCode; - -fn main() -> ExitCode { - match LinearMigratorExtensionBuilder::with_name("motd") - .with_models(vec![BottlerocketSetting::::model()]) - .build() - { - Ok(extension) => extension.run(), - Err(e) => { - println!("{}", e); - ExitCode::FAILURE - } - } -} diff --git a/sources/settings-extensions/network/Cargo.toml b/sources/settings-extensions/network/Cargo.toml deleted file mode 100644 index f86f24b93..000000000 --- a/sources/settings-extensions/network/Cargo.toml +++ /dev/null @@ -1,19 +0,0 @@ -[package] -name = "settings-extension-network" -version = "0.1.0" -authors = ["Gaurav Sharma "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false - -[dependencies] -env_logger = "0.10" -modeled-types = { path = "../../models/modeled-types", version = "0.1" } -model-derive = { path = "../../models/model-derive", version = "0.1" } -serde = { version = "1", features = ["derive"] } -serde_json = "1" - -[dependencies.bottlerocket-settings-sdk] -git = "https://github.com/bottlerocket-os/bottlerocket-settings-sdk" -tag = "bottlerocket-settings-sdk-v0.1.0" -version = "0.1.0" diff --git a/sources/settings-extensions/network/network.toml b/sources/settings-extensions/network/network.toml deleted file mode 100644 index 727dfb274..000000000 --- a/sources/settings-extensions/network/network.toml +++ /dev/null @@ -1,13 +0,0 @@ -[extension] -supported-versions = [ - "v1" -] -default-version = "v1" - -[v1] -[v1.validation.cross-validates] - -[v1.templating] -helpers = [] - -[v1.generation.requires] diff --git a/sources/settings-extensions/network/src/lib.rs b/sources/settings-extensions/network/src/lib.rs deleted file mode 100644 index 1fc84df06..000000000 --- a/sources/settings-extensions/network/src/lib.rs +++ /dev/null @@ -1,86 +0,0 @@ -/// Settings related to networking configuration. -use bottlerocket_settings_sdk::{GenerateResult, SettingsModel}; -use model_derive::model; -use modeled_types::{EtcHostsEntries, SingleLineString, Url, ValidLinuxHostname}; -use std::convert::Infallible; - -#[model(impl_default = true)] -struct NetworkSettingsV1 { - hostname: ValidLinuxHostname, - hosts: EtcHostsEntries, - https_proxy: Url, - no_proxy: Vec, -} - -type Result = std::result::Result; - -impl SettingsModel for NetworkSettingsV1 { - type PartialKind = Self; - type ErrorKind = Infallible; - - fn get_version() -> &'static str { - "v1" - } - - fn set(_current_value: Option, _target: Self) -> Result<()> { - // Set anything that can be parsed as NetworkSettingsV1. - Ok(()) - } - - fn generate( - existing_partial: Option, - _dependent_settings: Option, - ) -> Result> { - Ok(GenerateResult::Complete( - existing_partial.unwrap_or_default(), - )) - } - - fn validate(_value: Self, _validated_settings: Option) -> Result<()> { - // NetworkSettingsV1 is validated during deserialization. - Ok(()) - } -} - -#[cfg(test)] -mod test { - use super::*; - - #[test] - fn test_generate_network_settings() { - assert_eq!( - NetworkSettingsV1::generate(None, None), - Ok(GenerateResult::Complete(NetworkSettingsV1 { - hostname: None, - hosts: None, - https_proxy: None, - no_proxy: None, - })) - ) - } - - #[test] - fn test_serde_network() { - let test_json = r#"{ - "hostname": "foo", - "hosts": [["127.0.0.1", ["localhost"]]], - "https-proxy": "https://example.net", - "no-proxy": ["foo"] - }"#; - - let network: NetworkSettingsV1 = serde_json::from_str(test_json).unwrap(); - - assert_eq!( - network, - NetworkSettingsV1 { - hostname: Some(ValidLinuxHostname::try_from("foo").unwrap()), - hosts: Some( - serde_json::from_str::(r#"[["127.0.0.1", ["localhost"]]]"#) - .unwrap() - ), - https_proxy: Some(Url::try_from("https://example.net").unwrap()), - no_proxy: Some(vec![SingleLineString::try_from("foo").unwrap()]), - } - ); - } -} diff --git a/sources/settings-extensions/network/src/main.rs b/sources/settings-extensions/network/src/main.rs deleted file mode 100644 index dce11d62d..000000000 --- a/sources/settings-extensions/network/src/main.rs +++ /dev/null @@ -1,18 +0,0 @@ -use bottlerocket_settings_sdk::{BottlerocketSetting, NullMigratorExtensionBuilder}; -use settings_extension_network::NetworkSettingsV1; -use std::process::ExitCode; - -fn main() -> ExitCode { - env_logger::init(); - - match NullMigratorExtensionBuilder::with_name("network") - .with_models(vec![BottlerocketSetting::::model()]) - .build() - { - Ok(extension) => extension.run(), - Err(e) => { - println!("{}", e); - ExitCode::FAILURE - } - } -} diff --git a/sources/settings-extensions/ntp/Cargo.toml b/sources/settings-extensions/ntp/Cargo.toml deleted file mode 100644 index 7dddaaec0..000000000 --- a/sources/settings-extensions/ntp/Cargo.toml +++ /dev/null @@ -1,19 +0,0 @@ -[package] -name = "settings-extension-ntp" -version = "0.1.0" -authors = ["Sam Berning "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false - -[dependencies] -env_logger = "0.10" -modeled-types = { path = "../../models/modeled-types", version = "0.1" } -model-derive = { path = "../../models/model-derive", version = "0.1" } -serde = { version = "1", features = ["derive"] } -serde_json = "1" - -[dependencies.bottlerocket-settings-sdk] -git = "https://github.com/bottlerocket-os/bottlerocket-settings-sdk" -tag = "bottlerocket-settings-sdk-v0.1.0" -version = "0.1.0" diff --git a/sources/settings-extensions/ntp/ntp.toml b/sources/settings-extensions/ntp/ntp.toml deleted file mode 100644 index 727dfb274..000000000 --- a/sources/settings-extensions/ntp/ntp.toml +++ /dev/null @@ -1,13 +0,0 @@ -[extension] -supported-versions = [ - "v1" -] -default-version = "v1" - -[v1] -[v1.validation.cross-validates] - -[v1.templating] -helpers = [] - -[v1.generation.requires] diff --git a/sources/settings-extensions/ntp/src/lib.rs b/sources/settings-extensions/ntp/src/lib.rs deleted file mode 100644 index b653bc679..000000000 --- a/sources/settings-extensions/ntp/src/lib.rs +++ /dev/null @@ -1,104 +0,0 @@ -/// The ntp settings can be used to specify time servers with which to synchronize the instance's -/// clock. -use bottlerocket_settings_sdk::{GenerateResult, LinearlyMigrateable, NoMigration, SettingsModel}; -use model_derive::model; -use modeled_types::Url; -use std::convert::Infallible; - -#[model(impl_default = true)] -pub struct NtpSettingsV1 { - time_servers: Vec, - options: Vec, -} - -type Result = std::result::Result; - -impl SettingsModel for NtpSettingsV1 { - /// the `model` macro makes every field of the `NtpSettingsV1` struct an `Option`, so we can use - /// the type as its own `PartialKind`. - type PartialKind = Self; - type ErrorKind = Infallible; - - fn get_version() -> &'static str { - "v1" - } - - fn set(_current_value: Option, _target: Self) -> Result<()> { - // Anything that parses as a list of URLs is ok - Ok(()) - } - - fn generate( - existing_partial: Option, - _dependent_settings: Option, - ) -> Result> { - Ok(GenerateResult::Complete( - existing_partial.unwrap_or_default(), - )) - } - - fn validate(_value: Self, _validated_settings: Option) -> Result<()> { - // Anything that parses as a list of URLs is ok - Ok(()) - } -} - -impl LinearlyMigrateable for NtpSettingsV1 { - type ForwardMigrationTarget = NoMigration; - type BackwardMigrationTarget = NoMigration; - - fn migrate_forward(&self) -> Result { - NoMigration::no_defined_migration() - } - - fn migrate_backward(&self) -> Result { - NoMigration::no_defined_migration() - } -} - -#[cfg(test)] -mod test { - use super::*; - - #[test] - fn test_generate_ntp_settings() { - assert_eq!( - NtpSettingsV1::generate(None, None), - Ok(GenerateResult::Complete(NtpSettingsV1 { - time_servers: None, - options: None, - })) - ) - } - - #[test] - fn test_serde_ntp() { - let test_json = r#"{"time-servers":["https://example.net","http://www.example.com"]}"#; - - let ntp: NtpSettingsV1 = serde_json::from_str(test_json).unwrap(); - assert_eq!( - ntp.time_servers.clone().unwrap(), - vec!( - Url::try_from("https://example.net").unwrap(), - Url::try_from("http://www.example.com").unwrap(), - ) - ); - - let results = serde_json::to_string(&ntp).unwrap(); - assert_eq!(results, test_json); - } - - #[test] - fn test_options_ntp() { - let test_json = r#"{"time-servers":["https://example.net","http://www.example.com"],"options":["minpoll","1","maxpoll","2"]}"#; - - let ntp: NtpSettingsV1 = serde_json::from_str(test_json).unwrap(); - assert_eq!( - ntp.options.clone().unwrap(), - vec!("minpoll", "1", "maxpoll", "2",) - ); - - let results = serde_json::to_string(&ntp).unwrap(); - assert_eq!(results, test_json); - } -} diff --git a/sources/settings-extensions/ntp/src/main.rs b/sources/settings-extensions/ntp/src/main.rs deleted file mode 100644 index a3b2444f0..000000000 --- a/sources/settings-extensions/ntp/src/main.rs +++ /dev/null @@ -1,18 +0,0 @@ -use bottlerocket_settings_sdk::{BottlerocketSetting, LinearMigratorExtensionBuilder}; -use settings_extension_ntp::NtpSettingsV1; -use std::process::ExitCode; - -fn main() -> ExitCode { - env_logger::init(); - - match LinearMigratorExtensionBuilder::with_name("ntp") - .with_models(vec![BottlerocketSetting::::model()]) - .build() - { - Ok(extension) => extension.run(), - Err(e) => { - println!("{}", e); - ExitCode::FAILURE - } - } -} diff --git a/sources/settings-extensions/oci-defaults/Cargo.toml b/sources/settings-extensions/oci-defaults/Cargo.toml deleted file mode 100644 index 6149666f6..000000000 --- a/sources/settings-extensions/oci-defaults/Cargo.toml +++ /dev/null @@ -1,20 +0,0 @@ -[package] -name = "settings-extension-oci-defaults" -version = "0.1.0" -authors = ["Gaurav Sharma "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false - -[dependencies] -env_logger = "0.10" -modeled-types = { path = "../../models/modeled-types", version = "0.1" } -model-derive = { path = "../../models/model-derive", version = "0.1" } -serde = { version = "1", features = ["derive"] } -serde_json = "1" -toml = "0.8" - -[dependencies.bottlerocket-settings-sdk] -git = "https://github.com/bottlerocket-os/bottlerocket-settings-sdk" -tag = "bottlerocket-settings-sdk-v0.1.0" -version = "0.1.0" diff --git a/sources/settings-extensions/oci-defaults/oci-defaults.toml b/sources/settings-extensions/oci-defaults/oci-defaults.toml deleted file mode 100644 index 727dfb274..000000000 --- a/sources/settings-extensions/oci-defaults/oci-defaults.toml +++ /dev/null @@ -1,13 +0,0 @@ -[extension] -supported-versions = [ - "v1" -] -default-version = "v1" - -[v1] -[v1.validation.cross-validates] - -[v1.templating] -helpers = [] - -[v1.generation.requires] diff --git a/sources/settings-extensions/oci-defaults/src/de.rs b/sources/settings-extensions/oci-defaults/src/de.rs deleted file mode 100644 index 7d4ec1c3f..000000000 --- a/sources/settings-extensions/oci-defaults/src/de.rs +++ /dev/null @@ -1,126 +0,0 @@ -use serde::de::Error; -use serde::{Deserialize, Deserializer}; - -/// This specifies that any non negative i64 integer, -1, and "unlimited" -/// are the valid resource-limits. The hard-limit set to "unlimited" or -1 -/// and soft-limit set to "unlimited" or -1 are converted to u64::MAX in -/// the spec file for the container runtime which ultimately represents -/// unlimited for that resource -pub(crate) fn deserialize_limit<'de, D>(deserializer: D) -> Result -where - D: Deserializer<'de>, -{ - #[derive(Deserialize)] - #[serde(untagged)] - enum StringOrInt64 { - String(String), - Int(i64), - } - - match StringOrInt64::deserialize(deserializer)? { - StringOrInt64::String(s) => { - if s == "unlimited" { - Ok(-1) - } else { - Err(Error::custom(format!( - "Invalid rlimit {}, expected -1 to {} or \"unlimited\"", - s, - i64::MAX - ))) - } - } - StringOrInt64::Int(i) => { - if (-1..=i64::MAX).contains(&i) { - Ok(i) - } else { - Err(Error::custom(format!( - "Invalid rlimit {}, expected -1 to {} or \"unlimited\"", - i, - i64::MAX - ))) - } - } - } -} - -#[cfg(test)] -mod oci_default_resource_limit_tests { - use crate::OciDefaultsResourceLimitV1; - - #[test] - fn valid_any_integer_i_64() { - assert!(toml::from_str::( - r#" - hard-limit = 200000 - soft-limit = 10000 - "# - ) - .is_ok()); - } - - #[test] - fn valid_string_unlimited() { - assert!(toml::from_str::( - r#" - hard-limit = 'unlimited' - soft-limit = 10000 - "# - ) - .is_ok()); - } - - #[test] - fn valid_integer_i_64_max() { - assert!(toml::from_str::( - r#" - hard-limit = 9223372036854775807 - soft-limit = 10000 - "# - ) - .is_ok()); - } - - #[test] - fn valid_integer_minus_one() { - assert!(toml::from_str::( - r#" - hard-limit = -1 - soft-limit = 10000 - "# - ) - .is_ok()); - } - - #[test] - fn invalid_integer_greater_than_i_64_max() { - assert!(toml::from_str::( - r#" - hard-limit = 9223372036854775808 - soft-limit = 10000 - "# - ) - .is_err()); - } - - #[test] - fn invalid_minus_2() { - assert!(toml::from_str::( - r#" - hard-limit = -2 - soft-limit = 10000 - "# - ) - .is_err()); - } - - #[test] - fn invalid_string_abc() { - assert!(toml::from_str::( - r#" - hard-limit = 'abc' - soft-limit = 10000 - "# - ) - .is_err()); - } -} diff --git a/sources/settings-extensions/oci-defaults/src/lib.rs b/sources/settings-extensions/oci-defaults/src/lib.rs deleted file mode 100644 index 2240b0cc4..000000000 --- a/sources/settings-extensions/oci-defaults/src/lib.rs +++ /dev/null @@ -1,122 +0,0 @@ -/// Settings related to orchestrated containers for overriding the OCI runtime spec defaults -mod de; - -use crate::de::deserialize_limit; -use bottlerocket_settings_sdk::{GenerateResult, SettingsModel}; -use model_derive::model; -use modeled_types::{OciDefaultsCapability, OciDefaultsResourceLimitType}; -use serde::{Deserialize, Serialize}; -use std::collections::HashMap; -use std::convert::Infallible; - -///// OCI defaults specifies the default values that will be used in cri-base-json. -#[model(impl_default = true)] -struct OciDefaultsV1 { - capabilities: HashMap, - resource_limits: HashMap, -} - -///// The hard and soft limit values for an OCI defaults resource limit. -#[model(add_option = false)] -#[derive(Copy, Clone, Debug, Deserialize, Serialize, Eq, Ord, PartialOrd, PartialEq)] -struct OciDefaultsResourceLimitV1 { - #[serde(deserialize_with = "deserialize_limit")] - hard_limit: i64, - #[serde(deserialize_with = "deserialize_limit")] - soft_limit: i64, -} - -type Result = std::result::Result; - -impl SettingsModel for OciDefaultsV1 { - type PartialKind = Self; - type ErrorKind = Infallible; - - fn get_version() -> &'static str { - "v1" - } - - fn set(_current_value: Option, _target: Self) -> Result<()> { - // Set anything that can be parsed as OciDefaultsV1. - Ok(()) - } - - fn generate( - existing_partial: Option, - _dependent_settings: Option, - ) -> Result> { - Ok(GenerateResult::Complete( - existing_partial.unwrap_or_default(), - )) - } - - fn validate(_value: Self, _validated_settings: Option) -> Result<()> { - // OciDefaultsV1 is validated during deserialization. - Ok(()) - } -} - -#[cfg(test)] -mod test { - use super::*; - use serde_json::json; - use std::collections::HashMap; - - #[test] - fn test_generate_oci_defaults() { - assert_eq!( - OciDefaultsV1::generate(None, None), - Ok(GenerateResult::Complete(OciDefaultsV1 { - capabilities: None, - resource_limits: None, - })) - ) - } - - #[test] - fn test_serde_oci_defaults() { - let test_json = json!({ - "capabilities": { - "sys-admin": true, - "net-admin": false - }, - "resource-limits": { - "max-cpu-time": { - "hard-limit": 1000, - "soft-limit": 500 - } - } - }); - - let test_json_str = test_json.to_string(); - - let oci_defaults: OciDefaultsV1 = serde_json::from_str(&test_json_str).unwrap(); - - let mut expected_capabilities = HashMap::new(); - expected_capabilities.insert(OciDefaultsCapability::SysAdmin, true); - expected_capabilities.insert(OciDefaultsCapability::NetAdmin, false); - - let mut expected_resource_limits = HashMap::new(); - expected_resource_limits.insert( - OciDefaultsResourceLimitType::MaxCpuTime, - OciDefaultsResourceLimitV1 { - hard_limit: 1000, - soft_limit: 500, - }, - ); - - assert_eq!( - oci_defaults, - OciDefaultsV1 { - capabilities: Some(expected_capabilities), - resource_limits: Some(expected_resource_limits), - } - ); - - let serialized_json: serde_json::Value = serde_json::to_string(&oci_defaults) - .map(|s| serde_json::from_str(&s).unwrap()) - .unwrap(); - - assert_eq!(serialized_json, test_json); - } -} diff --git a/sources/settings-extensions/oci-defaults/src/main.rs b/sources/settings-extensions/oci-defaults/src/main.rs deleted file mode 100644 index f75ee5170..000000000 --- a/sources/settings-extensions/oci-defaults/src/main.rs +++ /dev/null @@ -1,18 +0,0 @@ -use bottlerocket_settings_sdk::{BottlerocketSetting, NullMigratorExtensionBuilder}; -use settings_extension_oci_defaults::OciDefaultsV1; -use std::process::ExitCode; - -fn main() -> ExitCode { - env_logger::init(); - - match NullMigratorExtensionBuilder::with_name("oci-defaults") - .with_models(vec![BottlerocketSetting::::model()]) - .build() - { - Ok(extension) => extension.run(), - Err(e) => { - println!("{}", e); - ExitCode::FAILURE - } - } -} diff --git a/sources/settings-extensions/oci-hooks/Cargo.toml b/sources/settings-extensions/oci-hooks/Cargo.toml deleted file mode 100644 index 9a8e097db..000000000 --- a/sources/settings-extensions/oci-hooks/Cargo.toml +++ /dev/null @@ -1,19 +0,0 @@ -[package] -name = "settings-extension-oci-hooks" -version = "0.1.0" -authors = ["Gaurav Sharma "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false - -[dependencies] -env_logger = "0.10" -modeled-types = { path = "../../models/modeled-types", version = "0.1" } -model-derive = { path = "../../models/model-derive", version = "0.1" } -serde = { version = "1", features = ["derive"] } -serde_json = "1" - -[dependencies.bottlerocket-settings-sdk] -git = "https://github.com/bottlerocket-os/bottlerocket-settings-sdk" -tag = "bottlerocket-settings-sdk-v0.1.0" -version = "0.1.0" diff --git a/sources/settings-extensions/oci-hooks/oci-hooks.toml b/sources/settings-extensions/oci-hooks/oci-hooks.toml deleted file mode 100644 index 727dfb274..000000000 --- a/sources/settings-extensions/oci-hooks/oci-hooks.toml +++ /dev/null @@ -1,13 +0,0 @@ -[extension] -supported-versions = [ - "v1" -] -default-version = "v1" - -[v1] -[v1.validation.cross-validates] - -[v1.templating] -helpers = [] - -[v1.generation.requires] diff --git a/sources/settings-extensions/oci-hooks/src/lib.rs b/sources/settings-extensions/oci-hooks/src/lib.rs deleted file mode 100644 index 6ea3e1d05..000000000 --- a/sources/settings-extensions/oci-hooks/src/lib.rs +++ /dev/null @@ -1,72 +0,0 @@ -/// Settings related to host-provided OCI Hooks -use bottlerocket_settings_sdk::{GenerateResult, SettingsModel}; -use model_derive::model; -use std::convert::Infallible; - -/// The log4j hotpatch functionality is no longer included in Bottlerocket as of v1.15.0. -/// The setting still exists for backwards compatibility. -#[model(impl_default = true)] -pub struct OciHooksSettingsV1 { - log4j_hotpatch_enabled: bool, -} - -type Result = std::result::Result; - -impl SettingsModel for OciHooksSettingsV1 { - type PartialKind = Self; - type ErrorKind = Infallible; - - fn get_version() -> &'static str { - "v1" - } - - fn set(_current_value: Option, _target: Self) -> Result<()> { - // Set anything that can be parsed as OciHooksSettingsV1. - Ok(()) - } - - fn generate( - existing_partial: Option, - _dependent_settings: Option, - ) -> Result> { - Ok(GenerateResult::Complete( - existing_partial.unwrap_or_default(), - )) - } - - fn validate(_value: Self, _validated_settings: Option) -> Result<()> { - // OciHooksSettingsV1 is validated during deserialization. - Ok(()) - } -} - -#[cfg(test)] -mod test { - use super::*; - - #[test] - fn test_generate_oci_hooks() { - assert_eq!( - OciHooksSettingsV1::generate(None, None).unwrap(), - GenerateResult::Complete(OciHooksSettingsV1 { - log4j_hotpatch_enabled: None, - }) - ) - } - - #[test] - fn test_serde_oci_hooks() { - let test_json = r#"{"log4j-hotpatch-enabled":true}"#; - - let oci_hooks: OciHooksSettingsV1 = serde_json::from_str(test_json).unwrap(); - assert_eq!( - oci_hooks, - OciHooksSettingsV1 { - log4j_hotpatch_enabled: Some(true), - } - ); - - let results = serde_json::to_string(&oci_hooks).unwrap(); - assert_eq!(results, test_json); - } -} diff --git a/sources/settings-extensions/oci-hooks/src/main.rs b/sources/settings-extensions/oci-hooks/src/main.rs deleted file mode 100644 index 52d2d1520..000000000 --- a/sources/settings-extensions/oci-hooks/src/main.rs +++ /dev/null @@ -1,18 +0,0 @@ -use bottlerocket_settings_sdk::{BottlerocketSetting, NullMigratorExtensionBuilder}; -use settings_extension_oci_hooks::OciHooksSettingsV1; -use std::process::ExitCode; - -fn main() -> ExitCode { - env_logger::init(); - - match NullMigratorExtensionBuilder::with_name("oci-hooks") - .with_models(vec![BottlerocketSetting::::model()]) - .build() - { - Ok(extension) => extension.run(), - Err(e) => { - println!("{}", e); - ExitCode::FAILURE - } - } -} diff --git a/sources/settings-extensions/pki/Cargo.toml b/sources/settings-extensions/pki/Cargo.toml deleted file mode 100644 index 50b2a654d..000000000 --- a/sources/settings-extensions/pki/Cargo.toml +++ /dev/null @@ -1,19 +0,0 @@ -[package] -name = "settings-extension-pki" -version = "0.1.0" -authors = ["Gaurav Sharma "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false - -[dependencies] -env_logger = "0.10" -modeled-types = { path = "../../models/modeled-types", version = "0.1" } -model-derive = { path = "../../models/model-derive", version = "0.1" } -serde = { version = "1", features = ["derive"] } -serde_json = "1" - -[dependencies.bottlerocket-settings-sdk] -git = "https://github.com/bottlerocket-os/bottlerocket-settings-sdk" -tag = "bottlerocket-settings-sdk-v0.1.0" -version = "0.1.0" diff --git a/sources/settings-extensions/pki/pki.toml b/sources/settings-extensions/pki/pki.toml deleted file mode 100644 index 727dfb274..000000000 --- a/sources/settings-extensions/pki/pki.toml +++ /dev/null @@ -1,13 +0,0 @@ -[extension] -supported-versions = [ - "v1" -] -default-version = "v1" - -[v1] -[v1.validation.cross-validates] - -[v1.templating] -helpers = [] - -[v1.generation.requires] diff --git a/sources/settings-extensions/pki/src/lib.rs b/sources/settings-extensions/pki/src/lib.rs deleted file mode 100644 index c9e15e241..000000000 --- a/sources/settings-extensions/pki/src/lib.rs +++ /dev/null @@ -1,115 +0,0 @@ -/// Settings related to Custom CA Certificates. -use bottlerocket_settings_sdk::{GenerateResult, SettingsModel}; -use model_derive::model; -use modeled_types::{Identifier, PemCertificateString}; -use serde::{Deserialize, Deserializer, Serialize, Serializer}; -use std::{collections::HashMap, convert::Infallible}; - -#[derive(Clone, Debug, Default, PartialEq)] -pub struct PkiSettingsV1 { - pub pki: HashMap, -} - -impl Serialize for PkiSettingsV1 { - fn serialize(&self, serializer: S) -> std::result::Result - where - S: Serializer, - { - self.pki.serialize(serializer) - } -} - -impl<'de> Deserialize<'de> for PkiSettingsV1 { - fn deserialize(deserializer: D) -> std::result::Result - where - D: Deserializer<'de>, - { - let pki = HashMap::deserialize(deserializer)?; - Ok(Self { pki }) - } -} - -#[model(impl_default = true)] -struct PemCertificate { - data: PemCertificateString, - trusted: bool, -} - -type Result = std::result::Result; - -impl SettingsModel for PkiSettingsV1 { - type PartialKind = Self; - type ErrorKind = Infallible; - - fn get_version() -> &'static str { - "v1" - } - - fn set(_current_value: Option, _target: Self) -> Result<()> { - // Set anything that parses as PkiSettingsV1. - Ok(()) - } - - fn generate( - _existing_partial: Option, - _dependent_settings: Option, - ) -> Result> { - Ok(GenerateResult::Complete(PkiSettingsV1 { - pki: HashMap::new(), - })) - } - - fn validate(_value: Self, _validated_settings: Option) -> Result<()> { - // Validate anything that parses as PkiSettingsV1. - Ok(()) - } -} - -#[cfg(test)] -mod test { - use super::*; - use serde_json::json; - - static VALID_PEM: &str = include_str!("../tests/data/test-pem"); - - #[test] - fn test_generate_pki_settings() { - assert_eq!( - PkiSettingsV1::generate(None, None), - Ok(GenerateResult::Complete(PkiSettingsV1 { - pki: HashMap::new(), - })) - ) - } - - #[test] - fn test_serde_pki() { - let test_json = json!({ - "foo": { - "data": VALID_PEM, - "trusted": true - } - }); - - let test_json_str = test_json.to_string(); - - let pki: PkiSettingsV1 = serde_json::from_str(&test_json_str).unwrap(); - - let mut expected_pki: HashMap = HashMap::new(); - expected_pki.insert( - Identifier::try_from("foo").unwrap(), - PemCertificate { - data: Some(PemCertificateString::try_from(VALID_PEM).unwrap()), - trusted: Some(true), - }, - ); - - assert_eq!(pki, PkiSettingsV1 { pki: expected_pki }); - - let serialized_json: serde_json::Value = serde_json::to_string(&pki) - .map(|s| serde_json::from_str(&s).unwrap()) - .unwrap(); - - assert_eq!(serialized_json, test_json); - } -} diff --git a/sources/settings-extensions/pki/src/main.rs b/sources/settings-extensions/pki/src/main.rs deleted file mode 100644 index 5fbb2fcc1..000000000 --- a/sources/settings-extensions/pki/src/main.rs +++ /dev/null @@ -1,18 +0,0 @@ -use bottlerocket_settings_sdk::{BottlerocketSetting, NullMigratorExtensionBuilder}; -use settings_extension_pki::PkiSettingsV1; -use std::process::ExitCode; - -fn main() -> ExitCode { - env_logger::init(); - - match NullMigratorExtensionBuilder::with_name("pki") - .with_models(vec![BottlerocketSetting::::model()]) - .build() - { - Ok(extension) => extension.run(), - Err(e) => { - println!("{}", e); - ExitCode::FAILURE - } - } -} diff --git a/sources/settings-extensions/pki/tests/data/test-pem b/sources/settings-extensions/pki/tests/data/test-pem deleted file mode 100644 index 2e2d530e5..000000000 --- a/sources/settings-extensions/pki/tests/data/test-pem +++ /dev/null @@ -1 +0,0 @@ -LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURVekNDQWp1Z0F3SUJBZ0lVVUNBbXU1MWU1NDZIakpGVEd6Z1BpS2ZxZXVVd0RRWUpLb1pJaHZjTkFRRUwKQlFBd09URVZNQk1HQTFVRUF3d01ZbTkwZEd4bGNtOWphMlYwTVFzd0NRWURWUVFHRXdKVlV6RVRNQkVHQTFVRQpCd3dLVjBGVFNFbE9SMVJQVGpBZUZ3MHlNVEEzTURjeU1UQXhNekJhRncweU5qQTNNRFl5TVRBeE16QmFNRGt4CkZUQVRCZ05WQkFNTURHSnZkSFJzWlhKdlkydGxkREVMTUFrR0ExVUVCaE1DVlZNeEV6QVJCZ05WQkFjTUNsZEIKVTBoSlRrZFVUMDR3Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQzErSk5MbllIeApyeGowOTJsQUpwOGRwRlRYbTVpR25jZFRubjBwem1OLzByMWhXUWNLSU9JY1UwcUdlN1h0UkVMcUFPQW5Gb3ZqCktaREV5SjB4eU9TZ1k4NFF6MVdXbUtqSHVsMGZXRHJ0RWlFNU03UklwVXBlVjZwejhOclRoOUFiSEZ1UWFMMkoKWk1COHVRWnFWRUhFZFl0THpFaHhnTU9NMUtjaXVqcjczWVE5TElLYVA3aW5sMU14YWd4c1Y4cjYyZG9WR3g2UwpsT2l3WXVQdmdkNnZWamQ5Wjl1UU5KNHFUdzBVVjBMbGJ1bXZwN2NITHg3U0EzWU55elZBWG0xb2FKYmhKeWpNClJmZEFwZDB3dkc0T1RXd2d5d240N2JPc0pBK3BJMDY0ZlNEeEpIaWxtdGVCSVRmV3hpQ1k2dkFvc01kVHJtRWwKUEFxYzVuem1WRkI3QWdNQkFBR2pVekJSTUIwR0ExVWREZ1FXQkJRZlFJYWh1cFRFMUdaeFBicnhYS3RoVitzTwovekFmQmdOVkhTTUVHREFXZ0JRZlFJYWh1cFRFMUdaeFBicnhYS3RoVitzTy96QVBCZ05WSFJNQkFmOEVCVEFECkFRSC9NQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUFrc1BrNlhMTG5CdVRYK0xtYWJyK0VzcnNOQ2RBYitkOXkKc3Rpc2RDanBrbUtDc2VzSjk2UWdpMDYvMU04OHUvcCtHZHAreEhMUElKVUxyR2owMWoxdXJtRWJxd2lmeFVtawpmSkZ6bW00ZU56UVpqV1gyQm5HOVA4eHlHT1NWaWVHb1RFZW13MlBNT1hodUVFc0o5ckNQSXdzdlhMRzhOQW8yCnNjOGxaNXlOVnZkaHdwemdZL3lvM2pNKzJWeXZ4K2FnTXNhRGs3YmhjOTJGc3ZieTZ2a3ZweC82THZLSGFvSmgKbmxGcUwxcWZEZGZjOU81d1ZqeURyK3Q2NVBlVy9JN2ZCeXpZTEtyMDhIM3JCTzRQRXh0aVJrUHBJcGtEVWNnUAo3eTB6SGd6eVc5dHZNVlBXdXRDTDJ3UE1jb0hpdXJrRnNoOERtQzdzUytMMlNKTG1wbDJoCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0KYmFkCi0tLS0tQkVHSU4gQ0VSVElGSUNBVEUtLS0tLQpNSUlEVXpDQ0FqdWdBd0lCQWdJVVVDQW11NTFlNTQ2SGpKRlRHemdQaUtmcWV1VXdEUVlKS29aSWh2Y05BUUVMCkJRQXdPVEVWTUJNR0ExVUVBd3dNWW05MGRHeGxjbTlqYTJWME1Rc3dDUVlEVlFRR0V3SlZVekVUTUJFR0ExVUUKQnd3S1YwRlRTRWxPUjFSUFRqQWVGdzB5TVRBM01EY3lNVEF4TXpCYUZ3MHlOakEzTURZeU1UQXhNekJhTURreApGVEFUQmdOVkJBTU1ER0p2ZEhSc1pYSnZZMnRsZERFTE1Ba0dBMVVFQmhNQ1ZWTXhFekFSQmdOVkJBY01DbGRCClUwaEpUa2RVVDA0d2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUUMxK0pOTG5ZSHgKcnhqMDkybEFKcDhkcEZUWG01aUduY2RUbm4wcHptTi8wcjFoV1FjS0lPSWNVMHFHZTdYdFJFTHFBT0FuRm92agpLWkRFeUoweHlPU2dZODRRejFXV21Lakh1bDBmV0RydEVpRTVNN1JJcFVwZVY2cHo4TnJUaDlBYkhGdVFhTDJKClpNQjh1UVpxVkVIRWRZdEx6RWh4Z01PTTFLY2l1anI3M1lROUxJS2FQN2lubDFNeGFneHNWOHI2MmRvVkd4NlMKbE9pd1l1UHZnZDZ2VmpkOVo5dVFOSjRxVHcwVVYwTGxidW12cDdjSEx4N1NBM1lOeXpWQVhtMW9hSmJoSnlqTQpSZmRBcGQwd3ZHNE9UV3dneXduNDdiT3NKQStwSTA2NGZTRHhKSGlsbXRlQklUZld4aUNZNnZBb3NNZFRybUVsClBBcWM1bnptVkZCN0FnTUJBQUdqVXpCUk1CMEdBMVVkRGdRV0JCUWZRSWFodXBURTFHWnhQYnJ4WEt0aFYrc08KL3pBZkJnTlZIU01FR0RBV2dCUWZRSWFodXBURTFHWnhQYnJ4WEt0aFYrc08vekFQQmdOVkhSTUJBZjhFQlRBRApBUUgvTUEwR0NTcUdTSWIzRFFFQkN3VUFBNElCQVFBa3NQazZYTExuQnVUWCtMbWFicitFc3JzTkNkQWIrZDl5CnN0aXNkQ2pwa21LQ3Nlc0o5NlFnaTA2LzFNODh1L3ArR2RwK3hITFBJSlVMckdqMDFqMXVybUVicXdpZnhVbWsKZkpGem1tNGVOelFaaldYMkJuRzlQOHh5R09TVmllR29URWVtdzJQTU9YaHVFRXNKOXJDUEl3c3ZYTEc4TkFvMgpzYzhsWjV5TlZ2ZGh3cHpnWS95bzNqTSsyVnl2eCthZ01zYURrN2JoYzkyRnN2Ynk2dmt2cHgvNkx2S0hhb0poCm5sRnFMMXFmRGRmYzlPNXdWanlEcit0NjVQZVcvSTdmQnl6WUxLcjA4SDNyQk80UEV4dGlSa1BwSXBrRFVjZ1AKN3kwekhnenlXOXR2TVZQV3V0Q0wyd1BNY29IaXVya0ZzaDhEbUM3c1MrTDJTSkxtcGwyaAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== \ No newline at end of file diff --git a/sources/settings-extensions/updates/Cargo.toml b/sources/settings-extensions/updates/Cargo.toml deleted file mode 100644 index effe1e2ab..000000000 --- a/sources/settings-extensions/updates/Cargo.toml +++ /dev/null @@ -1,20 +0,0 @@ -[package] -name = "settings-extension-updates" -version = "0.1.0" -authors = ["Sam Berning "] -license = "Apache-2.0 OR MIT" -edition = "2021" -publish = false - -[dependencies] -env_logger = "0.10" -modeled-types = { path = "../../models/modeled-types", version = "0.1" } -model-derive = { path = "../../models/model-derive", version = "0.1" } -rand = "0.8" -serde = { version = "1", features = ["derive"] } -serde_json = "1" - -[dependencies.bottlerocket-settings-sdk] -git = "https://github.com/bottlerocket-os/bottlerocket-settings-sdk" -tag = "bottlerocket-settings-sdk-v0.1.0" -version = "0.1.0" diff --git a/sources/settings-extensions/updates/src/generate.rs b/sources/settings-extensions/updates/src/generate.rs deleted file mode 100644 index ffef55999..000000000 --- a/sources/settings-extensions/updates/src/generate.rs +++ /dev/null @@ -1,7 +0,0 @@ -/// Generators for updates settings. -use rand::{thread_rng, Rng}; - -pub fn generate_seed() -> u32 { - let mut rng = thread_rng(); - rng.gen_range(0..2048) -} diff --git a/sources/settings-extensions/updates/src/lib.rs b/sources/settings-extensions/updates/src/lib.rs deleted file mode 100644 index c15c95323..000000000 --- a/sources/settings-extensions/updates/src/lib.rs +++ /dev/null @@ -1,94 +0,0 @@ -/// The updates settings can be used to configure settings related to updates, e.g. the -/// seed that determines in which wave the instance will update, etc. -pub mod generate; - -use bottlerocket_settings_sdk::{GenerateResult, SettingsModel}; -use model_derive::model; -use modeled_types::{FriendlyVersion, Url}; -use std::convert::Infallible; - -#[model(impl_default = true)] -pub struct UpdatesSettingsV1 { - metadata_base_url: Url, - targets_base_url: Url, - seed: u32, - // Version to update to when updating via the API. - version_lock: FriendlyVersion, - ignore_waves: bool, -} - -type Result = std::result::Result; - -impl SettingsModel for UpdatesSettingsV1 { - type PartialKind = Self; - type ErrorKind = Infallible; - - fn get_version() -> &'static str { - "v1" - } - - fn set(_current_value: Option, _target: Self) -> Result<()> { - // allow anything that parses as UpdatesSettingsV1 - Ok(()) - } - - fn generate( - existing_partial: Option, - _dependent_settings: Option, - ) -> Result> { - let partial = existing_partial.unwrap_or_default(); - - Ok(GenerateResult::Complete(UpdatesSettingsV1 { - seed: Some(partial.seed.unwrap_or_else(generate::generate_seed)), - ..partial - })) - } - - fn validate(_value: Self, _validated_settings: Option) -> Result<()> { - Ok(()) - } -} - -#[cfg(test)] -mod test { - use super::*; - - #[test] - fn test_generate_updates() { - if let GenerateResult::Complete(generated_settings) = - UpdatesSettingsV1::generate(None, None).unwrap() - { - assert!(generated_settings.seed.unwrap() < 2048); - assert!(generated_settings.metadata_base_url.is_none()); - assert!(generated_settings.targets_base_url.is_none()); - assert!(generated_settings.version_lock.is_none()); - assert!(generated_settings.ignore_waves.is_none()); - } else { - panic!("generate() should return GenerateResult::Complete") - } - } - - #[test] - fn test_serde_updates() { - let test_json = r#"{ - "metadata-base-url": "https://example.net", - "targets-base-url": "https://example.net", - "seed": 1, - "version-lock": "latest", - "ignore-waves": false - }"#; - - let updates: UpdatesSettingsV1 = serde_json::from_str(test_json).unwrap(); - - assert_eq!( - updates, - UpdatesSettingsV1 { - metadata_base_url: Some(Url::try_from("https://example.net").unwrap()), - targets_base_url: Some(Url::try_from("https://example.net").unwrap()), - seed: Some(1), - version_lock: Some(FriendlyVersion::try_from("latest").unwrap()), - ignore_waves: Some(false), - } - ); - } -} diff --git a/sources/settings-extensions/updates/src/main.rs b/sources/settings-extensions/updates/src/main.rs deleted file mode 100644 index c23f93b54..000000000 --- a/sources/settings-extensions/updates/src/main.rs +++ /dev/null @@ -1,18 +0,0 @@ -use bottlerocket_settings_sdk::{BottlerocketSetting, NullMigratorExtensionBuilder}; -use settings_extension_updates::UpdatesSettingsV1; -use std::process::ExitCode; - -fn main() -> ExitCode { - env_logger::init(); - - match NullMigratorExtensionBuilder::with_name("updates") - .with_models(vec![BottlerocketSetting::::model()]) - .build() - { - Ok(extension) => extension.run(), - Err(e) => { - println!("{}", e); - ExitCode::FAILURE - } - } -} diff --git a/sources/settings-extensions/updates/updates.toml b/sources/settings-extensions/updates/updates.toml deleted file mode 100644 index 727dfb274..000000000 --- a/sources/settings-extensions/updates/updates.toml +++ /dev/null @@ -1,13 +0,0 @@ -[extension] -supported-versions = [ - "v1" -] -default-version = "v1" - -[v1] -[v1.validation.cross-validates] - -[v1.templating] -helpers = [] - -[v1.generation.requires] diff --git a/sources/settings-plugins/aws-dev/Cargo.toml b/sources/settings-plugins/aws-dev/Cargo.toml deleted file mode 100644 index ae7ad39f2..000000000 --- a/sources/settings-plugins/aws-dev/Cargo.toml +++ /dev/null @@ -1,40 +0,0 @@ -[package] -name = "settings-plugin-aws-dev" -version = "0.1.0" -edition = "2021" -license = "Apache-2.0 OR MIT" -publish = false - -[lib] -crate-type = ["cdylib"] -name = "settings_aws_dev" - -[dependencies] -abi_stable = "0.11.3" -serde = "1.0.198" -serde_json = "1.0.116" -model-derive = { path = "../../models/model-derive", version = "0.1" } -modeled-types = { path = "../../models/modeled-types", version = "0.1" } -models = { path = "../../models", version = "0.1" } - -# settings extensions -settings-extension-aws = { path = "../../settings-extensions/aws", version = "0.1" } -settings-extension-bootstrap-containers = { path = "../../settings-extensions/bootstrap-containers", version = "0.1" } -settings-extension-cloudformation = { path = "../../settings-extensions/cloudformation", version = "0.1" } -settings-extension-container-registry = { path = "../../settings-extensions/container-registry", version = "0.1" } -settings-extension-dns = { path = "../../settings-extensions/dns", version = "0.1" } -settings-extension-host-containers = { path = "../../settings-extensions/host-containers", version = "0.1" } -settings-extension-kernel = { path = "../../settings-extensions/kernel", version = "0.1" } -settings-extension-metrics = { path = "../../settings-extensions/metrics", version = "0.1" } -settings-extension-motd = { path = "../../settings-extensions/motd", version = "0.1" } -settings-extension-network = { path = "../../settings-extensions/network", version = "0.1" } -settings-extension-ntp = { path = "../../settings-extensions/ntp", version = "0.1" } -settings-extension-oci-hooks = { path = "../../settings-extensions/oci-hooks", version = "0.1" } -settings-extension-pki = { path = "../../settings-extensions/pki", version = "0.1" } -settings-extension-updates = { path = "../../settings-extensions/updates", version = "0.1" } - -# settings plugins -[dependencies.bottlerocket-settings-plugin] -git = "https://github.com/bottlerocket-os/bottlerocket-settings-sdk" -tag = "bottlerocket-settings-plugin-v0.1.0" -version = "0.1.0" diff --git a/sources/settings-plugins/aws-dev/src/lib.rs b/sources/settings-plugins/aws-dev/src/lib.rs deleted file mode 100644 index f75fe1230..000000000 --- a/sources/settings-plugins/aws-dev/src/lib.rs +++ /dev/null @@ -1,23 +0,0 @@ -use bottlerocket_settings_plugin::SettingsPlugin; -use model::BootSettings; -use model_derive::model; - -#[derive(SettingsPlugin)] -#[model(rename = "settings", impl_default = true)] -struct AwsDevSettings { - motd: settings_extension_motd::MotdV1, - updates: settings_extension_updates::UpdatesSettingsV1, - host_containers: settings_extension_host_containers::HostContainersSettingsV1, - bootstrap_containers: settings_extension_bootstrap_containers::BootstrapContainersSettingsV1, - ntp: settings_extension_ntp::NtpSettingsV1, - network: settings_extension_network::NetworkSettingsV1, - kernel: settings_extension_kernel::KernelSettingsV1, - boot: BootSettings, - aws: settings_extension_aws::AwsSettingsV1, - metrics: settings_extension_metrics::MetricsSettingsV1, - pki: settings_extension_pki::PkiSettingsV1, - container_registry: settings_extension_container_registry::RegistrySettingsV1, - oci_hooks: settings_extension_oci_hooks::OciHooksSettingsV1, - cloudformation: settings_extension_cloudformation::CloudFormationSettingsV1, - dns: settings_extension_dns::DnsSettingsV1, -} diff --git a/sources/settings-plugins/aws-ecs-1/Cargo.toml b/sources/settings-plugins/aws-ecs-1/Cargo.toml deleted file mode 100644 index 3ea214404..000000000 --- a/sources/settings-plugins/aws-ecs-1/Cargo.toml +++ /dev/null @@ -1,43 +0,0 @@ -[package] -name = "settings-plugin-aws-ecs-1" -version = "0.1.0" -edition = "2021" -license = "Apache-2.0 OR MIT" -publish = false - -[lib] -crate-type = ["cdylib"] -name = "settings_aws_ecs_1" - -[dependencies] -abi_stable = "0.11.3" -serde = "1.0.198" -serde_json = "1.0.116" -model-derive = { path = "../../models/model-derive", version = "0.1" } -modeled-types = { path = "../../models/modeled-types", version = "0.1" } -models = { path = "../../models", version = "0.1" } - -# settings extensions -settings-extension-autoscaling = { path = "../../settings-extensions/autoscaling", version = "0.1" } -settings-extension-aws = { path = "../../settings-extensions/aws", version = "0.1" } -settings-extension-bootstrap-containers = { path = "../../settings-extensions/bootstrap-containers", version = "0.1" } -settings-extension-cloudformation = { path = "../../settings-extensions/cloudformation", version = "0.1" } -settings-extension-container-registry = { path = "../../settings-extensions/container-registry", version = "0.1" } -settings-extension-dns = { path = "../../settings-extensions/dns", version = "0.1" } -settings-extension-ecs = { path = "../../settings-extensions/ecs", version = "0.1" } -settings-extension-host-containers = { path = "../../settings-extensions/host-containers", version = "0.1" } -settings-extension-kernel = { path = "../../settings-extensions/kernel", version = "0.1" } -settings-extension-metrics = { path = "../../settings-extensions/metrics", version = "0.1" } -settings-extension-motd = { path = "../../settings-extensions/motd", version = "0.1" } -settings-extension-network = { path = "../../settings-extensions/network", version = "0.1" } -settings-extension-ntp = { path = "../../settings-extensions/ntp", version = "0.1" } -settings-extension-oci-defaults = { path = "../../settings-extensions/oci-defaults", version = "0.1" } -settings-extension-oci-hooks = { path = "../../settings-extensions/oci-hooks", version = "0.1" } -settings-extension-pki = { path = "../../settings-extensions/pki", version = "0.1" } -settings-extension-updates = { path = "../../settings-extensions/updates", version = "0.1" } - -# settings plugins -[dependencies.bottlerocket-settings-plugin] -git = "https://github.com/bottlerocket-os/bottlerocket-settings-sdk" -tag = "bottlerocket-settings-plugin-v0.1.0" -version = "0.1.0" diff --git a/sources/settings-plugins/aws-ecs-1/src/lib.rs b/sources/settings-plugins/aws-ecs-1/src/lib.rs deleted file mode 100644 index e35c5290a..000000000 --- a/sources/settings-plugins/aws-ecs-1/src/lib.rs +++ /dev/null @@ -1,24 +0,0 @@ -use bottlerocket_settings_plugin::SettingsPlugin; -use model_derive::model; - -#[derive(SettingsPlugin)] -#[model(rename = "settings", impl_default = true)] -struct AwsEcs1Settings { - motd: settings_extension_motd::MotdV1, - updates: settings_extension_updates::UpdatesSettingsV1, - host_containers: settings_extension_host_containers::HostContainersSettingsV1, - bootstrap_containers: settings_extension_bootstrap_containers::BootstrapContainersSettingsV1, - ntp: settings_extension_ntp::NtpSettingsV1, - network: settings_extension_network::NetworkSettingsV1, - kernel: settings_extension_kernel::KernelSettingsV1, - aws: settings_extension_aws::AwsSettingsV1, - ecs: settings_extension_ecs::ECSSettingsV1, - metrics: settings_extension_metrics::MetricsSettingsV1, - pki: settings_extension_pki::PkiSettingsV1, - container_registry: settings_extension_container_registry::RegistrySettingsV1, - oci_defaults: settings_extension_oci_defaults::OciDefaultsV1, - oci_hooks: settings_extension_oci_hooks::OciHooksSettingsV1, - cloudformation: settings_extension_cloudformation::CloudFormationSettingsV1, - autoscaling: settings_extension_autoscaling::AutoScalingSettingsV1, - dns: settings_extension_dns::DnsSettingsV1, -} diff --git a/sources/settings-plugins/aws-ecs-2/Cargo.toml b/sources/settings-plugins/aws-ecs-2/Cargo.toml deleted file mode 100644 index 4bb8f88ef..000000000 --- a/sources/settings-plugins/aws-ecs-2/Cargo.toml +++ /dev/null @@ -1,43 +0,0 @@ -[package] -name = "settings-plugin-aws-ecs-2" -version = "0.1.0" -edition = "2021" -license = "Apache-2.0 OR MIT" -publish = false - -[lib] -crate-type = ["cdylib"] -name = "settings_aws_ecs_2" - -[dependencies] -abi_stable = "0.11.3" -serde = "1.0.198" -serde_json = "1.0.116" -model-derive = { path = "../../models/model-derive", version = "0.1" } -modeled-types = { path = "../../models/modeled-types", version = "0.1" } -models = { path = "../../models", version = "0.1" } - -# settings extensions -settings-extension-autoscaling = { path = "../../settings-extensions/autoscaling", version = "0.1" } -settings-extension-aws = { path = "../../settings-extensions/aws", version = "0.1" } -settings-extension-bootstrap-containers = { path = "../../settings-extensions/bootstrap-containers", version = "0.1" } -settings-extension-cloudformation = { path = "../../settings-extensions/cloudformation", version = "0.1" } -settings-extension-container-registry = { path = "../../settings-extensions/container-registry", version = "0.1" } -settings-extension-dns = { path = "../../settings-extensions/dns", version = "0.1" } -settings-extension-ecs = { path = "../../settings-extensions/ecs", version = "0.1" } -settings-extension-host-containers = { path = "../../settings-extensions/host-containers", version = "0.1" } -settings-extension-kernel = { path = "../../settings-extensions/kernel", version = "0.1" } -settings-extension-metrics = { path = "../../settings-extensions/metrics", version = "0.1" } -settings-extension-motd = { path = "../../settings-extensions/motd", version = "0.1" } -settings-extension-network = { path = "../../settings-extensions/network", version = "0.1" } -settings-extension-ntp = { path = "../../settings-extensions/ntp", version = "0.1" } -settings-extension-oci-defaults = { path = "../../settings-extensions/oci-defaults", version = "0.1" } -settings-extension-oci-hooks = { path = "../../settings-extensions/oci-hooks", version = "0.1" } -settings-extension-pki = { path = "../../settings-extensions/pki", version = "0.1" } -settings-extension-updates = { path = "../../settings-extensions/updates", version = "0.1" } - -# settings plugins -[dependencies.bottlerocket-settings-plugin] -git = "https://github.com/bottlerocket-os/bottlerocket-settings-sdk" -tag = "bottlerocket-settings-plugin-v0.1.0" -version = "0.1.0" diff --git a/sources/settings-plugins/aws-ecs-2/src/lib.rs b/sources/settings-plugins/aws-ecs-2/src/lib.rs deleted file mode 100644 index 89b32a3d4..000000000 --- a/sources/settings-plugins/aws-ecs-2/src/lib.rs +++ /dev/null @@ -1,26 +0,0 @@ -use bottlerocket_settings_plugin::SettingsPlugin; -use model::BootSettings; -use model_derive::model; - -#[derive(SettingsPlugin)] -#[model(rename = "settings", impl_default = true)] -struct AwsEcs2Settings { - motd: settings_extension_motd::MotdV1, - updates: settings_extension_updates::UpdatesSettingsV1, - host_containers: settings_extension_host_containers::HostContainersSettingsV1, - bootstrap_containers: settings_extension_bootstrap_containers::BootstrapContainersSettingsV1, - ntp: settings_extension_ntp::NtpSettingsV1, - network: settings_extension_network::NetworkSettingsV1, - kernel: settings_extension_kernel::KernelSettingsV1, - boot: BootSettings, - aws: settings_extension_aws::AwsSettingsV1, - ecs: settings_extension_ecs::ECSSettingsV1, - metrics: settings_extension_metrics::MetricsSettingsV1, - pki: settings_extension_pki::PkiSettingsV1, - container_registry: settings_extension_container_registry::RegistrySettingsV1, - oci_defaults: settings_extension_oci_defaults::OciDefaultsV1, - oci_hooks: settings_extension_oci_hooks::OciHooksSettingsV1, - cloudformation: settings_extension_cloudformation::CloudFormationSettingsV1, - autoscaling: settings_extension_autoscaling::AutoScalingSettingsV1, - dns: settings_extension_dns::DnsSettingsV1, -} diff --git a/sources/settings-plugins/aws-k8s/Cargo.toml b/sources/settings-plugins/aws-k8s/Cargo.toml deleted file mode 100644 index a3d3ec9f7..000000000 --- a/sources/settings-plugins/aws-k8s/Cargo.toml +++ /dev/null @@ -1,43 +0,0 @@ -[package] -name = "settings-plugin-aws-k8s" -version = "0.1.0" -edition = "2021" -license = "Apache-2.0 OR MIT" -publish = false - -[lib] -crate-type = ["cdylib"] -name = "settings_aws_k8s" - -[dependencies] -abi_stable = "0.11.3" -serde = "1.0.198" -serde_json = "1.0.116" -model-derive = { path = "../../models/model-derive", version = "0.1" } -modeled-types = { path = "../../models/modeled-types", version = "0.1" } -models = { path = "../../models", version = "0.1" } - -# settings extensions -settings-extension-autoscaling = { path = "../../settings-extensions/autoscaling", version = "0.1" } -settings-extension-aws = { path = "../../settings-extensions/aws", version = "0.1" } -settings-extension-bootstrap-containers = { path = "../../settings-extensions/bootstrap-containers", version = "0.1" } -settings-extension-cloudformation = { path = "../../settings-extensions/cloudformation", version = "0.1" } -settings-extension-container-registry = { path = "../../settings-extensions/container-registry", version = "0.1" } -settings-extension-container-runtime = { path = "../../settings-extensions/container-runtime", version = "0.1" } -settings-extension-dns = { path = "../../settings-extensions/dns", version = "0.1" } -settings-extension-host-containers = { path = "../../settings-extensions/host-containers", version = "0.1" } -settings-extension-kernel = { path = "../../settings-extensions/kernel", version = "0.1" } -settings-extension-metrics = { path = "../../settings-extensions/metrics", version = "0.1" } -settings-extension-motd = { path = "../../settings-extensions/motd", version = "0.1" } -settings-extension-network = { path = "../../settings-extensions/network", version = "0.1" } -settings-extension-ntp = { path = "../../settings-extensions/ntp", version = "0.1" } -settings-extension-oci-defaults = { path = "../../settings-extensions/oci-defaults", version = "0.1" } -settings-extension-oci-hooks = { path = "../../settings-extensions/oci-hooks", version = "0.1" } -settings-extension-pki = { path = "../../settings-extensions/pki", version = "0.1" } -settings-extension-updates = { path = "../../settings-extensions/updates", version = "0.1" } - -# settings plugins -[dependencies.bottlerocket-settings-plugin] -git = "https://github.com/bottlerocket-os/bottlerocket-settings-sdk" -tag = "bottlerocket-settings-plugin-v0.1.0" -version = "0.1.0" diff --git a/sources/settings-plugins/aws-k8s/src/lib.rs b/sources/settings-plugins/aws-k8s/src/lib.rs deleted file mode 100644 index 0ef910c20..000000000 --- a/sources/settings-plugins/aws-k8s/src/lib.rs +++ /dev/null @@ -1,27 +0,0 @@ -use bottlerocket_settings_plugin::SettingsPlugin; -use model::{BootSettings, KubernetesSettings}; -use model_derive::model; - -#[derive(SettingsPlugin)] -#[model(rename = "settings", impl_default = true)] -struct AwsK8sSettings { - motd: settings_extension_motd::MotdV1, - kubernetes: KubernetesSettings, - updates: settings_extension_updates::UpdatesSettingsV1, - host_containers: settings_extension_host_containers::HostContainersSettingsV1, - bootstrap_containers: settings_extension_bootstrap_containers::BootstrapContainersSettingsV1, - ntp: settings_extension_ntp::NtpSettingsV1, - network: settings_extension_network::NetworkSettingsV1, - kernel: settings_extension_kernel::KernelSettingsV1, - boot: BootSettings, - aws: settings_extension_aws::AwsSettingsV1, - metrics: settings_extension_metrics::MetricsSettingsV1, - pki: settings_extension_pki::PkiSettingsV1, - container_registry: settings_extension_container_registry::RegistrySettingsV1, - oci_defaults: settings_extension_oci_defaults::OciDefaultsV1, - oci_hooks: settings_extension_oci_hooks::OciHooksSettingsV1, - cloudformation: settings_extension_cloudformation::CloudFormationSettingsV1, - dns: settings_extension_dns::DnsSettingsV1, - container_runtime: settings_extension_container_runtime::ContainerRuntimeSettingsV1, - autoscaling: settings_extension_autoscaling::AutoScalingSettingsV1, -} diff --git a/sources/settings-plugins/metal-dev/Cargo.toml b/sources/settings-plugins/metal-dev/Cargo.toml deleted file mode 100644 index 35e0f9b11..000000000 --- a/sources/settings-plugins/metal-dev/Cargo.toml +++ /dev/null @@ -1,38 +0,0 @@ -[package] -name = "settings-plugin-metal-dev" -version = "0.1.0" -edition = "2021" -license = "Apache-2.0 OR MIT" -publish = false - -[lib] -crate-type = ["cdylib"] -name = "settings_metal_dev" - -[dependencies] -abi_stable = "0.11.3" -serde = "1.0.198" -serde_json = "1.0.116" -model-derive = { path = "../../models/model-derive", version = "0.1" } -modeled-types = { path = "../../models/modeled-types", version = "0.1" } -models = { path = "../../models", version = "0.1" } - -# settings extensions -settings-extension-bootstrap-containers = { path = "../../settings-extensions/bootstrap-containers", version = "0.1" } -settings-extension-container-registry = { path = "../../settings-extensions/container-registry", version = "0.1" } -settings-extension-dns = { path = "../../settings-extensions/dns", version = "0.1" } -settings-extension-host-containers = { path = "../../settings-extensions/host-containers", version = "0.1" } -settings-extension-kernel = { path = "../../settings-extensions/kernel", version = "0.1" } -settings-extension-metrics = { path = "../../settings-extensions/metrics", version = "0.1" } -settings-extension-motd = { path = "../../settings-extensions/motd", version = "0.1" } -settings-extension-network = { path = "../../settings-extensions/network", version = "0.1" } -settings-extension-ntp = { path = "../../settings-extensions/ntp", version = "0.1" } -settings-extension-oci-hooks = { path = "../../settings-extensions/oci-hooks", version = "0.1" } -settings-extension-pki = { path = "../../settings-extensions/pki", version = "0.1" } -settings-extension-updates = { path = "../../settings-extensions/updates", version = "0.1" } - -# settings plugins -[dependencies.bottlerocket-settings-plugin] -git = "https://github.com/bottlerocket-os/bottlerocket-settings-sdk" -tag = "bottlerocket-settings-plugin-v0.1.0" -version = "0.1.0" diff --git a/sources/settings-plugins/metal-dev/src/lib.rs b/sources/settings-plugins/metal-dev/src/lib.rs deleted file mode 100644 index d0e69821b..000000000 --- a/sources/settings-plugins/metal-dev/src/lib.rs +++ /dev/null @@ -1,21 +0,0 @@ -use bottlerocket_settings_plugin::SettingsPlugin; -use model::BootSettings; -use model_derive::model; - -#[derive(SettingsPlugin)] -#[model(rename = "settings", impl_default = true)] -struct MetalDevSettings { - motd: settings_extension_motd::MotdV1, - updates: settings_extension_updates::UpdatesSettingsV1, - host_containers: settings_extension_host_containers::HostContainersSettingsV1, - bootstrap_containers: settings_extension_bootstrap_containers::BootstrapContainersSettingsV1, - ntp: settings_extension_ntp::NtpSettingsV1, - network: settings_extension_network::NetworkSettingsV1, - kernel: settings_extension_kernel::KernelSettingsV1, - boot: BootSettings, - metrics: settings_extension_metrics::MetricsSettingsV1, - pki: settings_extension_pki::PkiSettingsV1, - container_registry: settings_extension_container_registry::RegistrySettingsV1, - oci_hooks: settings_extension_oci_hooks::OciHooksSettingsV1, - dns: settings_extension_dns::DnsSettingsV1, -} diff --git a/sources/settings-plugins/metal-k8s/Cargo.toml b/sources/settings-plugins/metal-k8s/Cargo.toml deleted file mode 100644 index ab7d26d9b..000000000 --- a/sources/settings-plugins/metal-k8s/Cargo.toml +++ /dev/null @@ -1,41 +0,0 @@ -[package] -name = "settings-plugin-metal-k8s" -version = "0.1.0" -edition = "2021" -license = "Apache-2.0 OR MIT" -publish = false - -[lib] -crate-type = ["cdylib"] -name = "settings_metal_k8s" - -[dependencies] -abi_stable = "0.11.3" -serde = "1.0.198" -serde_json = "1.0.116" -model-derive = { path = "../../models/model-derive", version = "0.1" } -modeled-types = { path = "../../models/modeled-types", version = "0.1" } -models = { path = "../../models", version = "0.1" } - -# settings extensions -settings-extension-aws = { path = "../../settings-extensions/aws", version = "0.1" } -settings-extension-bootstrap-containers = { path = "../../settings-extensions/bootstrap-containers", version = "0.1" } -settings-extension-container-registry = { path = "../../settings-extensions/container-registry", version = "0.1" } -settings-extension-container-runtime = { path = "../../settings-extensions/container-runtime", version = "0.1" } -settings-extension-dns = { path = "../../settings-extensions/dns", version = "0.1" } -settings-extension-host-containers = { path = "../../settings-extensions/host-containers", version = "0.1" } -settings-extension-kernel = { path = "../../settings-extensions/kernel", version = "0.1" } -settings-extension-metrics = { path = "../../settings-extensions/metrics", version = "0.1" } -settings-extension-motd = { path = "../../settings-extensions/motd", version = "0.1" } -settings-extension-network = { path = "../../settings-extensions/network", version = "0.1" } -settings-extension-ntp = { path = "../../settings-extensions/ntp", version = "0.1" } -settings-extension-oci-defaults = { path = "../../settings-extensions/oci-defaults", version = "0.1" } -settings-extension-oci-hooks = { path = "../../settings-extensions/oci-hooks", version = "0.1" } -settings-extension-pki = { path = "../../settings-extensions/pki", version = "0.1" } -settings-extension-updates = { path = "../../settings-extensions/updates", version = "0.1" } - -# settings plugins -[dependencies.bottlerocket-settings-plugin] -git = "https://github.com/bottlerocket-os/bottlerocket-settings-sdk" -tag = "bottlerocket-settings-plugin-v0.1.0" -version = "0.1.0" diff --git a/sources/settings-plugins/metal-k8s/src/lib.rs b/sources/settings-plugins/metal-k8s/src/lib.rs deleted file mode 100644 index ff1f15886..000000000 --- a/sources/settings-plugins/metal-k8s/src/lib.rs +++ /dev/null @@ -1,25 +0,0 @@ -use bottlerocket_settings_plugin::SettingsPlugin; -use model::{BootSettings, KubernetesSettings}; -use model_derive::model; - -#[derive(SettingsPlugin)] -#[model(rename = "settings", impl_default = true)] -struct MetalK8sSettings { - motd: settings_extension_motd::MotdV1, - kubernetes: KubernetesSettings, - updates: settings_extension_updates::UpdatesSettingsV1, - host_containers: settings_extension_host_containers::HostContainersSettingsV1, - bootstrap_containers: settings_extension_bootstrap_containers::BootstrapContainersSettingsV1, - ntp: settings_extension_ntp::NtpSettingsV1, - network: settings_extension_network::NetworkSettingsV1, - kernel: settings_extension_kernel::KernelSettingsV1, - boot: BootSettings, - aws: settings_extension_aws::AwsSettingsV1, - metrics: settings_extension_metrics::MetricsSettingsV1, - pki: settings_extension_pki::PkiSettingsV1, - container_registry: settings_extension_container_registry::RegistrySettingsV1, - oci_defaults: settings_extension_oci_defaults::OciDefaultsV1, - oci_hooks: settings_extension_oci_hooks::OciHooksSettingsV1, - dns: settings_extension_dns::DnsSettingsV1, - container_runtime: settings_extension_container_runtime::ContainerRuntimeSettingsV1, -} diff --git a/sources/settings-plugins/vmware-dev/Cargo.toml b/sources/settings-plugins/vmware-dev/Cargo.toml deleted file mode 100644 index 91cbc5b01..000000000 --- a/sources/settings-plugins/vmware-dev/Cargo.toml +++ /dev/null @@ -1,38 +0,0 @@ -[package] -name = "settings-plugin-vmware-dev" -version = "0.1.0" -edition = "2021" -license = "Apache-2.0 OR MIT" -publish = false - -[lib] -crate-type = ["cdylib"] -name = "settings_vmware_dev" - -[dependencies] -abi_stable = "0.11.3" -serde = "1.0.198" -serde_json = "1.0.116" -model-derive = { path = "../../models/model-derive", version = "0.1" } -modeled-types = { path = "../../models/modeled-types", version = "0.1" } -models = { path = "../../models", version = "0.1" } - -# settings extensions -settings-extension-bootstrap-containers = { path = "../../settings-extensions/bootstrap-containers", version = "0.1" } -settings-extension-container-registry = { path = "../../settings-extensions/container-registry", version = "0.1" } -settings-extension-dns = { path = "../../settings-extensions/dns", version = "0.1" } -settings-extension-host-containers = { path = "../../settings-extensions/host-containers", version = "0.1" } -settings-extension-kernel = { path = "../../settings-extensions/kernel", version = "0.1" } -settings-extension-metrics = { path = "../../settings-extensions/metrics", version = "0.1" } -settings-extension-motd = { path = "../../settings-extensions/motd", version = "0.1" } -settings-extension-network = { path = "../../settings-extensions/network", version = "0.1" } -settings-extension-ntp = { path = "../../settings-extensions/ntp", version = "0.1" } -settings-extension-oci-hooks = { path = "../../settings-extensions/oci-hooks", version = "0.1" } -settings-extension-pki = { path = "../../settings-extensions/pki", version = "0.1" } -settings-extension-updates = { path = "../../settings-extensions/updates", version = "0.1" } - -# settings plugins -[dependencies.bottlerocket-settings-plugin] -git = "https://github.com/bottlerocket-os/bottlerocket-settings-sdk" -tag = "bottlerocket-settings-plugin-v0.1.0" -version = "0.1.0" diff --git a/sources/settings-plugins/vmware-dev/src/lib.rs b/sources/settings-plugins/vmware-dev/src/lib.rs deleted file mode 100644 index cee9e62ee..000000000 --- a/sources/settings-plugins/vmware-dev/src/lib.rs +++ /dev/null @@ -1,21 +0,0 @@ -use bottlerocket_settings_plugin::SettingsPlugin; -use model::BootSettings; -use model_derive::model; - -#[derive(SettingsPlugin)] -#[model(rename = "settings", impl_default = true)] -struct VmwareDevSettings { - motd: settings_extension_motd::MotdV1, - updates: settings_extension_updates::UpdatesSettingsV1, - host_containers: settings_extension_host_containers::HostContainersSettingsV1, - bootstrap_containers: settings_extension_bootstrap_containers::BootstrapContainersSettingsV1, - ntp: settings_extension_ntp::NtpSettingsV1, - network: settings_extension_network::NetworkSettingsV1, - kernel: settings_extension_kernel::KernelSettingsV1, - boot: BootSettings, - metrics: settings_extension_metrics::MetricsSettingsV1, - pki: settings_extension_pki::PkiSettingsV1, - container_registry: settings_extension_container_registry::RegistrySettingsV1, - oci_hooks: settings_extension_oci_hooks::OciHooksSettingsV1, - dns: settings_extension_dns::DnsSettingsV1, -} diff --git a/sources/settings-plugins/vmware-k8s/Cargo.toml b/sources/settings-plugins/vmware-k8s/Cargo.toml deleted file mode 100644 index f053f24f5..000000000 --- a/sources/settings-plugins/vmware-k8s/Cargo.toml +++ /dev/null @@ -1,41 +0,0 @@ -[package] -name = "settings-plugin-vmware-k8s" -version = "0.1.0" -edition = "2021" -license = "Apache-2.0 OR MIT" -publish = false - -[lib] -crate-type = ["cdylib"] -name = "settings_vmware_k8s" - -[dependencies] -abi_stable = "0.11.3" -serde = "1.0.198" -serde_json = "1.0.116" -model-derive = { path = "../../models/model-derive", version = "0.1" } -modeled-types = { path = "../../models/modeled-types", version = "0.1" } -models = { path = "../../models", version = "0.1" } - -# settings extensions -settings-extension-aws = { path = "../../settings-extensions/aws", version = "0.1" } -settings-extension-bootstrap-containers = { path = "../../settings-extensions/bootstrap-containers", version = "0.1" } -settings-extension-container-registry = { path = "../../settings-extensions/container-registry", version = "0.1" } -settings-extension-container-runtime = { path = "../../settings-extensions/container-runtime", version = "0.1" } -settings-extension-dns = { path = "../../settings-extensions/dns", version = "0.1" } -settings-extension-host-containers = { path = "../../settings-extensions/host-containers", version = "0.1" } -settings-extension-kernel = { path = "../../settings-extensions/kernel", version = "0.1" } -settings-extension-metrics = { path = "../../settings-extensions/metrics", version = "0.1" } -settings-extension-motd = { path = "../../settings-extensions/motd", version = "0.1" } -settings-extension-network = { path = "../../settings-extensions/network", version = "0.1" } -settings-extension-ntp = { path = "../../settings-extensions/ntp", version = "0.1" } -settings-extension-oci-defaults = { path = "../../settings-extensions/oci-defaults", version = "0.1" } -settings-extension-oci-hooks = { path = "../../settings-extensions/oci-hooks", version = "0.1" } -settings-extension-pki = { path = "../../settings-extensions/pki", version = "0.1" } -settings-extension-updates = { path = "../../settings-extensions/updates", version = "0.1" } - -# settings plugins -[dependencies.bottlerocket-settings-plugin] -git = "https://github.com/bottlerocket-os/bottlerocket-settings-sdk" -tag = "bottlerocket-settings-plugin-v0.1.0" -version = "0.1.0" diff --git a/sources/settings-plugins/vmware-k8s/src/lib.rs b/sources/settings-plugins/vmware-k8s/src/lib.rs deleted file mode 100644 index 0c400b1ed..000000000 --- a/sources/settings-plugins/vmware-k8s/src/lib.rs +++ /dev/null @@ -1,25 +0,0 @@ -use bottlerocket_settings_plugin::SettingsPlugin; -use model::{BootSettings, KubernetesSettings}; -use model_derive::model; - -#[derive(SettingsPlugin)] -#[model(rename = "settings", impl_default = true)] -struct VmwareK8sSettings { - motd: settings_extension_motd::MotdV1, - kubernetes: KubernetesSettings, - updates: settings_extension_updates::UpdatesSettingsV1, - host_containers: settings_extension_host_containers::HostContainersSettingsV1, - bootstrap_containers: settings_extension_bootstrap_containers::BootstrapContainersSettingsV1, - ntp: settings_extension_ntp::NtpSettingsV1, - network: settings_extension_network::NetworkSettingsV1, - kernel: settings_extension_kernel::KernelSettingsV1, - aws: settings_extension_aws::AwsSettingsV1, - boot: BootSettings, - metrics: settings_extension_metrics::MetricsSettingsV1, - pki: settings_extension_pki::PkiSettingsV1, - container_registry: settings_extension_container_registry::RegistrySettingsV1, - oci_defaults: settings_extension_oci_defaults::OciDefaultsV1, - oci_hooks: settings_extension_oci_hooks::OciHooksSettingsV1, - dns: settings_extension_dns::DnsSettingsV1, - container_runtime: settings_extension_container_runtime::ContainerRuntimeSettingsV1, -} diff --git a/sources/shared-defaults/aws-autoscaling.toml b/sources/shared-defaults/aws-autoscaling.toml deleted file mode 100644 index 790a30802..000000000 --- a/sources/shared-defaults/aws-autoscaling.toml +++ /dev/null @@ -1,3 +0,0 @@ -# Autoscaling warm pool support -[settings.autoscaling] -should-wait = false diff --git a/sources/shared-defaults/aws-creds.toml b/sources/shared-defaults/aws-creds.toml deleted file mode 100644 index d1f1c6ab7..000000000 --- a/sources/shared-defaults/aws-creds.toml +++ /dev/null @@ -1,20 +0,0 @@ -[settings.aws] -profile = "default" - -[services.aws] -configuration-files = [ - "aws-config", - "aws-credentials", -] -restart-commands = [] - -[metadata.settings.aws] -affected-services = ["aws"] - -[configuration-files.aws-config] -path = "/root/.aws/config" -template-path = "/usr/share/templates/aws-config" - -[configuration-files.aws-credentials] -path = "/root/.aws/credentials" -template-path = "/usr/share/templates/aws-credentials" diff --git a/sources/shared-defaults/aws-host-containers.toml b/sources/shared-defaults/aws-host-containers.toml deleted file mode 100644 index bbc175bbe..000000000 --- a/sources/shared-defaults/aws-host-containers.toml +++ /dev/null @@ -1,16 +0,0 @@ -[settings.host-containers.admin] -enabled = false -superpowered = true - -[metadata.settings.host-containers.admin.source] -setting-generator = "schnauzer-v2 render --requires 'aws@v1(helpers=[ecr-prefix])' --template '{{ ecr-prefix settings.aws.region }}/bottlerocket-admin:v0.11.8'" - -[metadata.settings.host-containers.admin.user-data] -setting-generator = "shibaken generate-admin-userdata" - -[settings.host-containers.control] -enabled = true -superpowered = false - -[metadata.settings.host-containers.control.source] -setting-generator = "schnauzer-v2 render --requires 'aws@v1(helpers=[ecr-prefix])' --template '{{ ecr-prefix settings.aws.region }}/bottlerocket-control:v0.7.12'" diff --git a/sources/shared-defaults/aws-tuf.toml b/sources/shared-defaults/aws-tuf.toml deleted file mode 100644 index adeb68450..000000000 --- a/sources/shared-defaults/aws-tuf.toml +++ /dev/null @@ -1,5 +0,0 @@ -[metadata.settings.updates.targets-base-url] -setting-generator = "schnauzer-v2 render --requires 'aws@v1' --requires 'updates@v1(helpers=[tuf-prefix])' --template '{{ tuf-prefix settings.aws.region }}/targets/'" - -[metadata.settings.updates.metadata-base-url] -setting-generator = "schnauzer-v2 render --requires 'aws@v1' --requires 'updates@v1(helpers=[metadata-prefix, tuf-prefix])' --template '{{ tuf-prefix settings.aws.region }}{{ metadata-prefix settings.aws.region }}/2020-07-07/{{ os.variant_id }}/{{ os.arch }}/'" diff --git a/sources/shared-defaults/boot.toml b/sources/shared-defaults/boot.toml deleted file mode 100644 index abf4ad535..000000000 --- a/sources/shared-defaults/boot.toml +++ /dev/null @@ -1,13 +0,0 @@ -# Boot related settings - -[metadata.settings.boot] -affected-services = ["bootconfig"] -setting-generator = "/usr/bin/prairiedog generate-boot-settings" - -[services.bootconfig] -configuration-files = ["prairiedog-toml"] -restart-commands = ["/usr/bin/prairiedog generate-boot-config"] - -[configuration-files.prairiedog-toml] -path = "/etc/prairiedog.toml" -template-path = "/usr/share/templates/prairiedog-toml" diff --git a/sources/shared-defaults/cf-signal.toml b/sources/shared-defaults/cf-signal.toml deleted file mode 100644 index 135e00406..000000000 --- a/sources/shared-defaults/cf-signal.toml +++ /dev/null @@ -1,15 +0,0 @@ -[settings.cloudformation] -should-signal = false -stack-name = "" -logical-resource-id = "" - -[services.cfsignal] -configuration-files = ["cfsignal-toml"] -restart-commands = ["/bin/systemctl try-restart cfsignal.service"] - -[configuration-files.cfsignal-toml] -path = "/etc/cfsignal.toml" -template-path = "/usr/share/templates/cfsignal-toml" - -[metadata.settings.cloudformation] -affected-services = ["cfsignal"] diff --git a/sources/shared-defaults/containerd-cri-pki.toml b/sources/shared-defaults/containerd-cri-pki.toml deleted file mode 100644 index 72e17d229..000000000 --- a/sources/shared-defaults/containerd-cri-pki.toml +++ /dev/null @@ -1,2 +0,0 @@ -[metadata.settings.pki] -affected-services = ["pki", "containerd"] diff --git a/sources/shared-defaults/defaults.toml b/sources/shared-defaults/defaults.toml deleted file mode 100644 index 0cafd012c..000000000 --- a/sources/shared-defaults/defaults.toml +++ /dev/null @@ -1,203 +0,0 @@ -# Here we define a common set of default settings for most variants. -# A variant includes these by symlinking this file into its `defaults.d` directory. -# It can override these settings in any file listed after that in the directory. - -# The structures, fields, and types here need to match those of the API model, -# as defined in src/VARIANT/mod.rs. - -[settings] -motd = "Welcome to Bottlerocket!" - -[metadata.settings.motd] -affected-services = ["motd"] - -[services.motd] -configuration-files = ["motd"] -restart-commands = [] - -[configuration-files.motd] -path = "/etc/motd" -template-path = "/usr/share/templates/motd" - -# Container runtime. - -[services.containerd] -configuration-files = ["containerd-config-toml", "proxy-env"] -restart-commands = ["/bin/systemctl try-restart containerd.service"] - -[configuration-files.containerd-config-toml] -path = "/etc/containerd/config.toml" -template-path = "/usr/share/templates/containerd-config-toml_basic" - -# Container runtime settings. - -[metadata.settings.container-runtime] -affected-services = ["containerd"] - -# Host-container runtime - -[services.host-containerd] -configuration-files = ["proxy-env"] -restart-commands = ["/bin/systemctl try-restart host-containerd.service"] - -# Updates. - -[settings.updates] -version-lock = "latest" -ignore-waves = false - -[services.thar-be-updates] -configuration-files = ["thar-be-updates-toml"] -restart-commands = [] - -[services.updog] -configuration-files = ["updog-toml"] -restart-commands = [] - -[configuration-files.thar-be-updates-toml] -path = "/etc/thar-be-updates.toml" -template-path = "/usr/share/templates/thar-be-updates-toml" - -[configuration-files.updog-toml] -path = "/etc/updog.toml" -template-path = "/usr/share/templates/updog-toml" - -[metadata.settings.updates] -affected-services = ["updog", "thar-be-updates"] -seed.setting-generator = "bork seed" - -# HostContainers - -[services.host-containers] -configuration-files = ["host-ctr-toml", "host-containers-toml"] -restart-commands = ["/usr/bin/host-containers"] - -[configuration-files.host-ctr-toml] -path = "/etc/host-containers/host-ctr.toml" -template-path = "/usr/share/templates/host-ctr-toml" - -[configuration-files.host-containers-toml] -path = "/etc/host-containers/host-containers.toml" -template-path = "/usr/share/templates/host-containers-toml" - -[metadata.settings.host-containers] -affected-services = ["host-containers"] - -# Network - -[configuration-files.proxy-env] -path = "/etc/network/proxy.env" -template-path = "/usr/share/templates/proxy-env" - -[metadata.settings.network] -affected-services = ["containerd", "host-containerd", "host-containers", "updog"] - -[metadata.settings.network.hostname] -affected-services = ["hostname", "hosts"] -setting-generator = "netdog generate-hostname" - -[services.hostname] -configuration-files = ["hostname"] -restart-commands = ["/bin/systemctl try-restart set-hostname.service"] - -[configuration-files.hostname] -path = "/etc/network/hostname.env" -template-path = "/usr/share/templates/hostname-env" - -[metadata.settings.network.hosts] -affected-services = ["hosts"] - -[services.hosts] -configuration-files = ["hosts"] -restart-commands = [] - -[configuration-files.hosts] -path = "/etc/hosts" -template-path = "/usr/share/templates/hosts" - -# NTP - -[settings.ntp] -time-servers = ["169.254.169.123", "2.amazon.pool.ntp.org"] -options = ["iburst"] - -[services.ntp] -configuration-files = ["chrony-conf"] -restart-commands = ["/bin/systemctl try-reload-or-restart chronyd.service"] - -[configuration-files.chrony-conf] -path = "/etc/chrony.conf" -template-path = "/usr/share/templates/chrony-conf" - -[metadata.settings.ntp] -affected-services = ["ntp"] - -# Kernel - -[services.sysctl] -configuration-files = ["corndog-toml"] -restart-commands = ["/usr/bin/corndog sysctl"] - -[metadata.settings.kernel.sysctl] -affected-services = ["sysctl"] - -[services.kernel-modules] -configuration-files = ["modprobe-conf", "modules-load"] -restart-commands = ["/usr/bin/systemctl try-restart systemd-modules-load"] - -[configuration-files.modprobe-conf] -path = "/etc/modprobe.d/modprobe.conf" -template-path = "/usr/share/templates/modprobe-conf" - -[configuration-files.modules-load] -path = "/etc/modules-load.d/modules-load.conf" -template-path = "/usr/share/templates/modules-load" - -[metadata.settings.kernel.modules] -affected-services = ["kernel-modules"] - -[services.lockdown] -configuration-files = ["corndog-toml"] -restart-commands = ["/usr/bin/corndog lockdown"] - -[metadata.settings.kernel.lockdown] -affected-services = ["lockdown"] - -[configuration-files.corndog-toml] -path = "/etc/corndog.toml" -template-path = "/usr/share/templates/corndog-toml" - -# Bootstrap Containers - -[services.bootstrap-containers] -configuration-files = ["host-ctr-toml", "bootstrap-containers-toml"] -restart-commands = ["/usr/bin/bootstrap-containers create-containers"] - -[metadata.settings.bootstrap-containers] -affected-services = ["bootstrap-containers"] - -[configuration-files.bootstrap-containers-toml] -path = "/etc/bootstrap-containers/bootstrap-containers.toml" -template-path = "/usr/share/templates/bootstrap-containers-toml" - -# Certdog - -[services.pki] -configuration-files = ["certdog-toml"] -restart-commands = ["/usr/bin/certdog"] - -# DNS -[metadata.settings.dns] -affected-services = ["dns"] - -[services.dns] -configuration-files = ["netdog-toml"] -restart-commands = ["netdog write-resolv-conf"] - -[configuration-files.netdog-toml] -path = "/etc/netdog.toml" -template-path = "/usr/share/templates/netdog-toml" - -[configuration-files.certdog-toml] -path = "/etc/certdog.toml" -template-path = "/usr/share/templates/certdog-toml" diff --git a/sources/shared-defaults/docker-daemon-nvidia.toml b/sources/shared-defaults/docker-daemon-nvidia.toml deleted file mode 100644 index 1640a301e..000000000 --- a/sources/shared-defaults/docker-daemon-nvidia.toml +++ /dev/null @@ -1,3 +0,0 @@ -[configuration-files.docker-daemon-config] -path = "/etc/docker/daemon.json" -template-path = "/usr/share/templates/docker-daemon-nvidia-json" diff --git a/sources/shared-defaults/docker-pki.toml b/sources/shared-defaults/docker-pki.toml deleted file mode 100644 index 471f4e5c5..000000000 --- a/sources/shared-defaults/docker-pki.toml +++ /dev/null @@ -1,2 +0,0 @@ -[metadata.settings.pki] -affected-services = ["pki", "docker"] diff --git a/sources/shared-defaults/docker-services.toml b/sources/shared-defaults/docker-services.toml deleted file mode 100644 index 2d3f0c661..000000000 --- a/sources/shared-defaults/docker-services.toml +++ /dev/null @@ -1,20 +0,0 @@ -[services.docker] -restart-commands = ["/bin/systemctl try-restart docker.service"] -configuration-files = ["docker-daemon-config", "proxy-env"] - -[configuration-files.docker-daemon-config] -path = "/etc/docker/daemon.json" -template-path = "/usr/share/templates/docker-daemon-json" - -# Image registries. Retained for backwards compatibility, but superseded by the -# more specific metadata for mirrors and credentials. -[metadata.settings.container-registry] -affected-services = ["docker", "host-containers", "bootstrap-containers"] - -# Image registry mirrors -[metadata.settings.container-registry.mirrors] -affected-services = ["docker", "host-containers", "bootstrap-containers"] - -# Image registry credentials -[metadata.settings.container-registry.credentials] -affected-services = ["host-containers", "bootstrap-containers"] diff --git a/sources/shared-defaults/ecs.toml b/sources/shared-defaults/ecs.toml deleted file mode 100644 index ffe54b0dc..000000000 --- a/sources/shared-defaults/ecs.toml +++ /dev/null @@ -1,29 +0,0 @@ -# ECS -[services.ecs] -restart-commands = ["/bin/systemctl try-reload-or-restart ecs.service"] -configuration-files = ["ecs-config"] - -[configuration-files.ecs-config] -path = "/etc/systemd/system/ecs.service.d/10-base.conf" -template-path = "/usr/share/templates/ecs-base-conf" - -[metadata.settings.ecs] -affected-services = ["ecs"] - -[settings.ecs] -allow-privileged-containers = false -image-pull-behavior = "default" -logging-drivers = ["json-file", "awslogs", "none"] -loglevel = "info" - -# Metrics -[settings.metrics] -service-checks = ["apiserver", "chronyd", "containerd", "host-containerd", "docker", "ecs"] - -# Network -[metadata.settings.network] -affected-services = ["containerd", "docker", "ecs", "host-containerd", "host-containers", "updog"] - -# Image registry credentials -[metadata.settings.container-registry.credentials] -affected-services = ["ecs", "host-containers", "bootstrap-containers"] diff --git a/sources/shared-defaults/kubernetes-aws-credential-provider.toml b/sources/shared-defaults/kubernetes-aws-credential-provider.toml deleted file mode 100644 index 89d6e5aa5..000000000 --- a/sources/shared-defaults/kubernetes-aws-credential-provider.toml +++ /dev/null @@ -1,10 +0,0 @@ -[settings.kubernetes.credential-providers.ecr-credential-provider] -enabled = true -cache-duration = "12h" -image-patterns = [ - "*.dkr.ecr.*.amazonaws.com", - "*.dkr.ecr.*.amazonaws.com.cn", - "*.dkr.ecr-fips.*.amazonaws.com", - "*.dkr.ecr.us-iso-east-1.c2s.ic.gov", - "*.dkr.ecr.us-isob-east-1.sc2s.sgov.gov" -] diff --git a/sources/shared-defaults/kubernetes-aws-external-cloud-provider.toml b/sources/shared-defaults/kubernetes-aws-external-cloud-provider.toml deleted file mode 100644 index 016b643ea..000000000 --- a/sources/shared-defaults/kubernetes-aws-external-cloud-provider.toml +++ /dev/null @@ -1,2 +0,0 @@ -[settings.kubernetes] -cloud-provider = "external" diff --git a/sources/shared-defaults/kubernetes-aws.toml b/sources/shared-defaults/kubernetes-aws.toml deleted file mode 100644 index 509fc5de7..000000000 --- a/sources/shared-defaults/kubernetes-aws.toml +++ /dev/null @@ -1,37 +0,0 @@ -[settings.kubernetes] -cluster-domain = "cluster.local" -standalone-mode = false -authentication-mode = "aws" -server-tls-bootstrap = true -cloud-provider = "aws" - -[metadata.settings.kubernetes] -affected-services = ["kubernetes"] - -[metadata.settings.kubernetes.pod-infra-container-image] -affected-services = ["pod-infra-container-image"] - -[services.pod-infra-container-image] -configuration-files = ["pod-infra-container-image-log-message"] -restart-commands = ["systemctl restart deprecation-warning@pod-infra-container-image.timer"] - -[configuration-files.pod-infra-container-image-log-message] -path = "/etc/deprecated-settings/pod-infra-container-image" -template-path = "/usr/share/templates/pod-infra-container-image" - -[settings.metrics] -service-checks = ["apiserver", "chronyd", "containerd", "host-containerd", "kubelet"] - -[metadata.settings.network] -affected-services = ["containerd", "kubernetes", "host-containerd", "host-containers", "updog"] - -[services.autoscaling-warm-pool] -configuration-files = ["warm-pool-wait-toml"] -restart-commands = [] - -[configuration-files.warm-pool-wait-toml] -path = "/etc/warm-pool-wait.toml" -template-path = "/usr/share/templates/warm-pool-wait-toml" - -[metadata.settings.autoscaling] -affected-services = ["autoscaling-warm-pool"] diff --git a/sources/shared-defaults/kubernetes-containerd-nvidia.toml b/sources/shared-defaults/kubernetes-containerd-nvidia.toml deleted file mode 100644 index c8ef68a74..000000000 --- a/sources/shared-defaults/kubernetes-containerd-nvidia.toml +++ /dev/null @@ -1,7 +0,0 @@ -[configuration-files.containerd-config-toml] -# No override to path -template-path = "/usr/share/templates/containerd-config-toml_k8s_nvidia_containerd_sock" - -# Image registries -[metadata.settings.container-registry] -affected-services = ["containerd", "host-containers", "bootstrap-containers"] diff --git a/sources/shared-defaults/kubernetes-containerd.toml b/sources/shared-defaults/kubernetes-containerd.toml deleted file mode 100644 index 4813cc31a..000000000 --- a/sources/shared-defaults/kubernetes-containerd.toml +++ /dev/null @@ -1,7 +0,0 @@ -[configuration-files.containerd-config-toml] -# No override to path -template-path = "/usr/share/templates/containerd-config-toml_k8s_containerd_sock" - -# Image registries -[metadata.settings.container-registry] -affected-services = ["containerd", "host-containers", "bootstrap-containers"] diff --git a/sources/shared-defaults/kubernetes-metal.toml b/sources/shared-defaults/kubernetes-metal.toml deleted file mode 100644 index 64979768e..000000000 --- a/sources/shared-defaults/kubernetes-metal.toml +++ /dev/null @@ -1,19 +0,0 @@ -[settings.kubernetes] -cluster-domain = "cluster.local" -standalone-mode = false -authentication-mode = "tls" -pod-infra-container-image = "public.ecr.aws/eks-distro/kubernetes/pause:3.5" -server-tls-bootstrap = false -cloud-provider = "" - -[metadata.settings.kubernetes] -node-ip.setting-generator = "netdog node-ip" -affected-services = ["kubernetes"] - -# Metrics -[settings.metrics] -service-checks = ["apiserver", "chronyd", "containerd", "host-containerd", "kubelet"] - -# Network -[metadata.settings.network] -affected-services = ["containerd", "kubernetes", "host-containerd", "host-containers", "updog"] diff --git a/sources/shared-defaults/kubernetes-seccomp-default-false.toml b/sources/shared-defaults/kubernetes-seccomp-default-false.toml deleted file mode 100644 index d6ffe5c40..000000000 --- a/sources/shared-defaults/kubernetes-seccomp-default-false.toml +++ /dev/null @@ -1,2 +0,0 @@ -[settings.kubernetes] -seccomp-default = false diff --git a/sources/shared-defaults/kubernetes-services.toml b/sources/shared-defaults/kubernetes-services.toml deleted file mode 100644 index fd206df1b..000000000 --- a/sources/shared-defaults/kubernetes-services.toml +++ /dev/null @@ -1,72 +0,0 @@ -[services.kubernetes] -configuration-files = [ - "kubelet-env", - "kubelet-config", - "kubelet-kubeconfig", - "kubelet-bootstrap-kubeconfig", - "kubelet-exec-start-conf", - "kubernetes-ca-crt", - "proxy-env", - "kubelet-server-crt", - "kubelet-server-key", - "credential-provider-config-yaml", -] -restart-commands = [ - "/usr/bin/systemctl try-restart kubelet.service" -] - -[configuration-files.kubelet-env] -path = "/etc/kubernetes/kubelet/env" -template-path = "/usr/share/templates/kubelet-env" - -[configuration-files.kubelet-config] -path = "/etc/kubernetes/kubelet/config" -template-path = "/usr/share/templates/kubelet-config" -mode = "0600" - -[configuration-files.kubelet-kubeconfig] -path = "/etc/kubernetes/kubelet/kubeconfig" -template-path = "/usr/share/templates/kubelet-kubeconfig" -mode = "0600" - -[configuration-files.kubelet-bootstrap-kubeconfig] -path = "/etc/kubernetes/kubelet/bootstrap-kubeconfig" -template-path = "/usr/share/templates/kubelet-bootstrap-kubeconfig" -mode = "0600" - -[configuration-files.kubernetes-ca-crt] -path = "/etc/kubernetes/pki/ca.crt" -template-path = "/usr/share/templates/kubernetes-ca-crt" -mode = "0600" - -[configuration-files.kubelet-server-crt] -path = "/etc/kubernetes/pki/kubelet-server.crt" -template-path = "/usr/share/templates/kubelet-server-crt" - -[configuration-files.kubelet-server-key] -path = "/etc/kubernetes/pki/private/kubelet-server.key" -template-path = "/usr/share/templates/kubelet-server-key" - -[configuration-files.kubelet-exec-start-conf] -path = "/etc/systemd/system/kubelet.service.d/exec-start.conf" -template-path = "/usr/share/templates/kubelet-exec-start-conf" -mode = "0600" - -[configuration-files.credential-provider-config-yaml] -path = "/etc/kubernetes/kubelet/credential-provider-config.yaml" -template-path = "/usr/share/templates/credential-provider-config-yaml" -mode = "0600" - -[configuration-files.static-pods-toml] -path = "/etc/kubernetes/static-pods-manifest.toml" -template-path = "/usr/share/templates/static-pods-toml" - -[services.static-pods] -configuration-files = ["static-pods-toml"] -restart-commands = ["/usr/bin/static-pods"] - -[metadata.settings.kubernetes.static-pods] -affected-services = ["static-pods"] - -[metadata.settings.aws.profile] -affected-services = ["kubernetes"] diff --git a/sources/shared-defaults/kubernetes-vmware.toml b/sources/shared-defaults/kubernetes-vmware.toml deleted file mode 100644 index 97df91798..000000000 --- a/sources/shared-defaults/kubernetes-vmware.toml +++ /dev/null @@ -1,19 +0,0 @@ -[settings.kubernetes] -cluster-domain = "cluster.local" -standalone-mode = false -authentication-mode = "tls" -pod-infra-container-image = "public.ecr.aws/eks-distro/kubernetes/pause:3.3" -server-tls-bootstrap = false -cloud-provider = "external" - -[metadata.settings.kubernetes] -node-ip.setting-generator = "netdog node-ip" -affected-services = ["kubernetes"] - -# Metrics -[settings.metrics] -service-checks = ["apiserver", "chronyd", "containerd", "host-containerd", "kubelet", "vmtoolsd"] - -# Network -[metadata.settings.network] -affected-services = ["containerd", "kubernetes", "host-containerd", "host-containers", "updog"] diff --git a/sources/shared-defaults/lockdown-integrity.toml b/sources/shared-defaults/lockdown-integrity.toml deleted file mode 100644 index 38266c1ce..000000000 --- a/sources/shared-defaults/lockdown-integrity.toml +++ /dev/null @@ -1,3 +0,0 @@ -# Kernel -[settings.kernel] -lockdown = "integrity" diff --git a/sources/shared-defaults/lockdown-none.toml b/sources/shared-defaults/lockdown-none.toml deleted file mode 100644 index cf6820b89..000000000 --- a/sources/shared-defaults/lockdown-none.toml +++ /dev/null @@ -1,3 +0,0 @@ -# Kernel -[settings.kernel] -lockdown = "none" diff --git a/sources/shared-defaults/metrics.toml b/sources/shared-defaults/metrics.toml deleted file mode 100644 index e858af186..000000000 --- a/sources/shared-defaults/metrics.toml +++ /dev/null @@ -1,14 +0,0 @@ -[settings.metrics] -# the URL to which anonymous health metrics will be sent -metrics-url = "https://metrics.bottlerocket.aws/v1/metrics" -# the list of services that are checked to determine if a host is healthy, -# overridden in each variant to list services critical to that variant -service-checks = ["apiserver", "chronyd", "containerd", "host-containerd"] - -[services.metricdog] -configuration-files = ["metricdog-toml", "proxy-env"] -restart-commands = ["/bin/systemctl try-restart metricdog.service"] - -[configuration-files.metricdog-toml] -path = "/etc/metricdog.toml" -template-path = "/usr/share/templates/metricdog-toml" diff --git a/sources/shared-defaults/nvidia-oci-hooks-containerd-cri.toml b/sources/shared-defaults/nvidia-oci-hooks-containerd-cri.toml deleted file mode 100644 index bec197a90..000000000 --- a/sources/shared-defaults/nvidia-oci-hooks-containerd-cri.toml +++ /dev/null @@ -1,13 +0,0 @@ -[settings.oci-hooks] -log4j-hotpatch-enabled = false - -[metadata.settings.oci-hooks] -affected-services = ["oci-hooks"] - -[services.oci-hooks] -configuration-files = ["oci-hooks"] -restart-commands = [] - -[configuration-files.oci-hooks] -path = "/etc/shimpei/nvidia-oci-hooks.json" -template-path = "/usr/share/templates/nvidia-oci-hooks-json" diff --git a/sources/shared-defaults/nvidia-oci-hooks-docker.toml b/sources/shared-defaults/nvidia-oci-hooks-docker.toml deleted file mode 100644 index 1de919b4c..000000000 --- a/sources/shared-defaults/nvidia-oci-hooks-docker.toml +++ /dev/null @@ -1,17 +0,0 @@ -[settings.oci-hooks] -log4j-hotpatch-enabled = false - -[metadata.settings.oci-hooks] -affected-services = ["oci-hooks"] - -[services.oci-hooks] -configuration-files = ["oci-hooks", "nvidia-oci-hooks"] -restart-commands = [] - -[configuration-files.oci-hooks] -path = "/etc/shimpei/shimpei-hooks.json" -template-path = "/usr/share/templates/oci-default-hooks-json" - -[configuration-files.nvidia-oci-hooks] -path = "/etc/shimpei/nvidia-oci-hooks.json" -template-path = "/usr/share/templates/nvidia-oci-hooks-json" diff --git a/sources/shared-defaults/oci-defaults-capabilities.toml b/sources/shared-defaults/oci-defaults-capabilities.toml deleted file mode 100644 index 5a8e98136..000000000 --- a/sources/shared-defaults/oci-defaults-capabilities.toml +++ /dev/null @@ -1,16 +0,0 @@ -[settings.oci-defaults.capabilities] -# These values represent the default capabilities for Docker and Containerd. -audit-write = true -chown = true -dac-override = true -fowner = true -fsetid = true -kill = true -mknod = true -net-bind-service = true -net-raw = true -setgid = true -setfcap = true -setpcap = true -setuid = true -sys-chroot = true diff --git a/sources/shared-defaults/oci-defaults-containerd-cri-resource-limits.toml b/sources/shared-defaults/oci-defaults-containerd-cri-resource-limits.toml deleted file mode 100644 index 4d3fb75dd..000000000 --- a/sources/shared-defaults/oci-defaults-containerd-cri-resource-limits.toml +++ /dev/null @@ -1,3 +0,0 @@ -[settings.oci-defaults.resource-limits.max-open-files] -hard-limit = 1048576 -soft-limit = 65536 diff --git a/sources/shared-defaults/oci-defaults-containerd-cri.toml b/sources/shared-defaults/oci-defaults-containerd-cri.toml deleted file mode 100644 index 12ed3551e..000000000 --- a/sources/shared-defaults/oci-defaults-containerd-cri.toml +++ /dev/null @@ -1,10 +0,0 @@ -[metadata.settings.oci-defaults] -affected-services = ["oci-defaults", "containerd"] - -[services.oci-defaults] -configuration-files = ["oci-defaults"] -restart-commands = [] - -[configuration-files.oci-defaults] -path = "/etc/containerd/cri-base.json" -template-path = "/usr/share/templates/containerd-cri-base-json" diff --git a/sources/shared-defaults/oci-defaults-docker-resource-limits.toml b/sources/shared-defaults/oci-defaults-docker-resource-limits.toml deleted file mode 100644 index 437739b79..000000000 --- a/sources/shared-defaults/oci-defaults-docker-resource-limits.toml +++ /dev/null @@ -1,3 +0,0 @@ -[settings.oci-defaults.resource-limits.max-open-files] -hard-limit = 4096 -soft-limit = 1024 diff --git a/sources/shared-defaults/oci-defaults-docker.toml b/sources/shared-defaults/oci-defaults-docker.toml deleted file mode 100644 index b1f89695d..000000000 --- a/sources/shared-defaults/oci-defaults-docker.toml +++ /dev/null @@ -1,2 +0,0 @@ -[metadata.settings.oci-defaults] -affected-services = ["docker"] diff --git a/sources/shared-defaults/oci-hooks.toml b/sources/shared-defaults/oci-hooks.toml deleted file mode 100644 index 461283777..000000000 --- a/sources/shared-defaults/oci-hooks.toml +++ /dev/null @@ -1,24 +0,0 @@ -[settings.oci-hooks] -log4j-hotpatch-enabled = false - -[metadata.settings.oci-hooks] -affected-services = ["oci-hooks"] - -[services.oci-hooks] -configuration-files = ["oci-hooks"] -restart-commands = [] - -[configuration-files.oci-hooks] -path = "/etc/shimpei/shimpei-hooks.json" -template-path = "/usr/share/templates/oci-default-hooks-json" - -[metadata.settings.oci-hooks.log4j-hotpatch-enabled] -affected-services = ["log4j-hotpatch-enabled"] - -[services.log4j-hotpatch-enabled] -configuration-files = ["log4j-hotpatch-enabled-log-message"] -restart-commands = ["systemctl restart deprecation-warning@log4j-hotpatch-enabled.timer"] - -[configuration-files.log4j-hotpatch-enabled-log-message] -path = "/etc/deprecated-settings/log4j-hotpatch-enabled" -template-path = "/usr/share/templates/log4j-hotpatch-enabled" diff --git a/sources/shared-defaults/public-host-containers.toml b/sources/shared-defaults/public-host-containers.toml deleted file mode 100644 index 1205f3884..000000000 --- a/sources/shared-defaults/public-host-containers.toml +++ /dev/null @@ -1,14 +0,0 @@ -# Both containers are disabled by default in off-AWS variants because the user -# must supply user data in order to use the containers. The admin container -# isn't useful without SSH keys/CA certs, and the control container can only be -# used with hybrid SSM off of AWS. Users of off-AWS variants might not want to -# use either of those options. -[settings.host-containers.admin] -enabled = false -superpowered = true -source = "public.ecr.aws/bottlerocket/bottlerocket-admin:v0.11.8" - -[settings.host-containers.control] -enabled = false -superpowered = false -source = "public.ecr.aws/bottlerocket/bottlerocket-control:v0.7.12" diff --git a/sources/shared-defaults/public-ntp.toml b/sources/shared-defaults/public-ntp.toml deleted file mode 100644 index 2a79166c9..000000000 --- a/sources/shared-defaults/public-ntp.toml +++ /dev/null @@ -1,3 +0,0 @@ -# Use a public endpoint, don't assume any local ones. -[settings.ntp] -time-servers = ["2.amazon.pool.ntp.org"] diff --git a/sources/shared-defaults/public-tuf.toml b/sources/shared-defaults/public-tuf.toml deleted file mode 100644 index 0e494f2fe..000000000 --- a/sources/shared-defaults/public-tuf.toml +++ /dev/null @@ -1,5 +0,0 @@ -[settings.updates] -targets-base-url = "https://updates.bottlerocket.aws/targets/" - -[metadata.settings.updates.metadata-base-url] -setting-generator = "schnauzer-v2 render --template 'https://updates.bottlerocket.aws/2020-07-07/{{ os.variant_id }}/{{ os.arch }}/'" diff --git a/sources/shared-defaults/send-metrics-aws.toml b/sources/shared-defaults/send-metrics-aws.toml deleted file mode 100644 index 2b6af79d0..000000000 --- a/sources/shared-defaults/send-metrics-aws.toml +++ /dev/null @@ -1,3 +0,0 @@ -[metadata.settings.metrics.send-metrics] -# only enable metrics in partitions with unhindered access to the metrics endpoint -setting-generator = "shibaken is-partition --partition aws --partition aws-us-gov" diff --git a/sources/shared-defaults/send-metrics-global.toml b/sources/shared-defaults/send-metrics-global.toml deleted file mode 100644 index 58661f391..000000000 --- a/sources/shared-defaults/send-metrics-global.toml +++ /dev/null @@ -1,3 +0,0 @@ -[settings.metrics] -# whether or not health metrics will be sent. set to false to opt-out -send-metrics = true diff --git a/tools/bootconfig/qemu-x86-console-bootconfig.data b/tools/bootconfig/qemu-x86-console-bootconfig.data deleted file mode 100644 index b6aa9ebca..000000000 Binary files a/tools/bootconfig/qemu-x86-console-bootconfig.data and /dev/null differ diff --git a/tools/pubsys/Infra.toml.example b/tools/pubsys/Infra.toml.example deleted file mode 100644 index 9b5b5e8e8..000000000 --- a/tools/pubsys/Infra.toml.example +++ /dev/null @@ -1,84 +0,0 @@ -# This is an example infrastructure configuration for pubsys, the tool that -# creates repos when you call `cargo make repo`. Save a copy as `Infra.toml` -# at the root of the repo, then edit the settings below to match your use case. - -# You can have any number of repos defined and build a specific one by running like this: -# cargo make -e PUBLISH_REPO=myrepo repo -[repo.default] -# URL to your root role JSON file; can be a file:// URL for local files. If -# you don't specify one here, a file will be generated for you under /roles. -# For production use, you should store them somewhere safer. -root_role_url = "https://example.com/root.json" -# SHA512 checksum of your root role JSON file. -root_role_sha512 = "0123456789abcdef" - -# For reference, this is the Bottlerocket root role: -#root_role_url = "https://cache.bottlerocket.aws/root.json" -#root_role_sha512 = "a3c58bc73999264f6f28f3ed9bfcb325a5be943a782852c7d53e803881968e0a4698bd54c2f125493f4669610a9da83a1787eb58a8303b2ee488fa2a3f7d802f" - -# pubsys assumes a single publication key that signs the snapshot, targets, -# and timestamp roles. Here you specify where that key lives so we can sign -# the created repo. If you don't specify one here, a key will be generated for -# you under /keys. For production use, you should use a key stored in a -# trusted service like KMS or SSM. -# (Need inline table syntax until this is fixed: https://github.com/alexcrichton/toml-rs/issues/225) -signing_keys = { file = { path = "/home/user/key.pem" } } -#signing_keys = { kms = { key_id = "abc-def-123" } } -#signing_keys = { ssm = { parameter = "/my/parameter" } } - -# If these URLs are uncommented, the repo will be pulled and used as a starting -# point, and your images (and related files) will be added as a new update in -# the created repo. Otherwise, we build a new repo from scratch. -metadata_base_url = "https://example.com/" -targets_url = "https://example.com/targets/" - -[aws] -# The list of regions in which you want to publish AMIs. We register an AMI in -# the first region and copy it to all other regions. -regions = ["us-west-2", "us-east-1", "us-east-2"] -# If specified, we use this named profile from ~/.aws/credentials, rather than -# the default path of trying credentials from the environment, from a -# credential process, from the default profile, and then from an IAM instance -# profile. -profile = "my-profile" -# If specified, we assume this role before making any API calls. -role = "arn:aws:iam::012345678901:role/assume-global" -# If specified, this string will be prefixed on all parameter names published to SSM. -ssm_prefix = "/your/prefix/here" - -[aws.region.us-west-2] -# If specified, we assume this role before making any API calls in this region. -# (This is assumed after the "global" aws.role, if that is also specified.) -role = "arn:aws:iam::012345678901:role/assume-regional" - -[vmware] -# A list of datacenter names to which you would like to upload an OVA. These -# are "friendly" names, and do not need to be the actual name of the -# software-defined datacenter, but can be. For example, you may have have -# multiple vSphere instances with datacenters that still carry the default -# "SDDC-Datacenter" name; this field allows you to differentiate them. -datacenters = ["north", "south"] - -# *** -# GOVC_* environment variables set in the current environment override any -# configuration set in the sections below! -# *** - -# Optional common configuration -# This configuration allow values to be set in a single place if they are common in -# multiple datacenters. They can be overridden in the datacenter's block below. -[vmware.common] -network = "a_network" - -# Datacenter specific configuration -# This specifies all of the values necessary to communicate with this -# datacenter via `govc`. Each value maps directly to the GOVC_* environment -# variable in the corresponding comment. If any of these values is missing and -# isn't in the environment, we will look for them in `vmware.common`. -[vmware.datacenter.north] -vsphere_url = "https://vcenter.1234.vmwarevmc.com" # GOVC_URL -datacenter = "SDDC-Datacenter" # GOVC_DATACENTER -datastore = "WorkloadDatastore" # GOVC_DATASTORE -network = "sddc-cgw-network-1" # GOVC_NETWORK -folder = "my_folder" # GOVC_FOLDER -resource_pool = "/SDDC-Datacenter/host/Cluster/Resources/Compute-ResourcePool" # GOVC_RESOURCE_POOL diff --git a/tools/pubsys/policies/repo-expiration/2w-2w-1w.toml b/tools/pubsys/policies/repo-expiration/2w-2w-1w.toml deleted file mode 100644 index 7a3a7b851..000000000 --- a/tools/pubsys/policies/repo-expiration/2w-2w-1w.toml +++ /dev/null @@ -1,3 +0,0 @@ -snapshot_expiration = '2 weeks' -targets_expiration = '2 weeks' -timestamp_expiration = '1 week' diff --git a/tools/pubsys/policies/ssm/README.md b/tools/pubsys/policies/ssm/README.md deleted file mode 100644 index 9760125ff..000000000 --- a/tools/pubsys/policies/ssm/README.md +++ /dev/null @@ -1,39 +0,0 @@ -# Parameter templates - -Files in this directory contain template strings that are used to generate SSM parameter names and values. -You can pass a different directory to `pubsys` to use a different set of parameters. - -The directory is expected to contain a file named `defaults.toml` with a table entry per parameter, like this: - -```toml -[[parameter]] -name = "{variant}/{arch}/{image_version}/image_id" -value = "{image_id}" -``` - -The `name` and `value` can contain template variables that will be replaced with information from the current build and from the AMI registered from that build. - -The available variables include: -* `variant`, for example "aws-ecs-1" -* `arch`, for example "x86_64" or "arm64". - * Note: "amd64" and "aarch64" are mapped to "x86_64" and "arm64", respectively, to match the names used by EC2. -* `image_id`, for example "ami-0123456789abcdef0" -* `image_name`, for example "bottlerocket-aws-ecs-1-x86_64-v0.5.0-e0ddf1b" -* `image_version`, for example "0.5.0-e0ddf1b" -* `region`, for example "us-west-2" - -# Conditional parameters - -You can also list parameters that only apply to specific variants or architectures. -To do so, add `variant` or `arch` keys (or both) to your parameter definition. -The parameter will only be populated if the current `variant` or `arch` matches one of the values in the list. -(If both `variant` and `arch` are listed, the build must match an entry from both lists.) - -For example, to add an extra parameter that's only set for "aarch64" builds of the "aws-ecs-1" variant: -```toml -[[parameter]] -arch = ["aarch64"] -variant = ["aws-ecs-1"] -name = "/a/special/aarch64/ecs/parameter" -value = "{image_name}" -``` diff --git a/tools/pubsys/policies/ssm/defaults.toml b/tools/pubsys/policies/ssm/defaults.toml deleted file mode 100644 index 5e972276d..000000000 --- a/tools/pubsys/policies/ssm/defaults.toml +++ /dev/null @@ -1,7 +0,0 @@ -[[parameter]] -name = "{variant}/{arch}/{image_version}/image_id" -value = "{image_id}" - -[[parameter]] -name = "{variant}/{arch}/{image_version}/image_version" -value = "{image_version}" diff --git a/tools/pubsys/support/vmware/import_spec.template b/tools/pubsys/support/vmware/import_spec.template deleted file mode 100644 index 9b24bfe64..000000000 --- a/tools/pubsys/support/vmware/import_spec.template +++ /dev/null @@ -1,16 +0,0 @@ -\{ - "DiskProvisioning": "flat", - "IPAllocationPolicy": "dhcpPolicy", - "IPProtocol": "IPv4", - "NetworkMapping": [ - \{ - "Name": "VM Network", - "Network": "{ network }" - } - ], - "MarkAsTemplate": { mark_as_template }, - "PowerOn": false, - "InjectOvfEnv": false, - "WaitForIP": false, - "Name": null -} diff --git a/tools/start-local-vm b/tools/start-local-vm deleted file mode 100755 index b6f0875a0..000000000 --- a/tools/start-local-vm +++ /dev/null @@ -1,357 +0,0 @@ -#!/usr/bin/env bash -# shellcheck disable=SC2054 # Arrays are formatted for passing args to other tools - -# -# Common error handling -# - -exit_trap_cmds=() - -on_exit() { - exit_trap_cmds+=( "$1" ) -} - -run_exit_trap_cmds() { - for cmd in "${exit_trap_cmds[@]}"; do - eval "${cmd}" - done -} - -trap run_exit_trap_cmds exit - -bail() { - >&2 echo "$@" - exit 1 -} - -shopt -s nullglob - -arch=${BUILDSYS_ARCH} -variant=${BUILDSYS_VARIANT} -product_name=${BUILDSYS_NAME:-bottlerocket} -host_port_forwards=tcp::2222-:22 -vm_mem=4G -vm_cpus=4 -force_extract= -declare -A extra_files=() - -os_image= -data_image= - - -if ! git_toplevel=$(git rev-parse --show-toplevel); then - bail "Failed to get the root of the repo." -else - readonly repo_root="${git_toplevel}" -fi - -show_usage() { - echo "\ -usage: ${0##*/} [--arch BUILDSYS_ARCH] [--variant BUILDSYS_VARIANT] - [--host-port-forwards HOST_PORT_FWDS] - [--product-name NAME] - [--vm-memory VM_MEMORY] [--vm-cpus VM_CPUS] - [--force-extract] - [--inject-file LOCAL_PATH[:IMAGE_PATH]]... - [--firmware-code PATH] [--firmware-vars PATH] - [--os-image-size SIZE] [--data-image-size SIZE] - -Launch a local virtual machine from a Bottlerocket image. - -Options: - - --arch architecture of the Bottlerocket image (must match the - host architecture ($(uname -m)); may be omitted if the - BUILDSYS_ARCH environment variable is set) - --variant Bottlerocket variant to run (may be omitted if the - BUILDSYS_VARIANT environment variable is set) - --product-name short product name used as prefix for file and directory - names (defaults to the BUILDSYS_NAME environment variable - or 'bottlerocket' when that is unset) - --host-port-forwards - list of host ports to forward to the VM; HOST_PORT_FWDS - must be a valid QEMU port forwarding specifier (default - is ${host_port_forwards}) - --vm-memory amount of memory to assign to the VM; VM_MEMORY must be - a valid QEMU memory specifier (default is ${vm_mem}) - --vm-cpus number of CPUs to spawn for VM (default is ${vm_cpus}) - --force-extract force recreation of the extracted Bottlerocket image, - e.g. to force first boot behavior - --inject-file adds a local file to the private partition of the - Bottlerocket image before launching the virtual machine - (may be given multiple times); existing data on the - private partition will be lost - --firmware-code override the default firmware executable file - --firmware-vars override the initial firmware variable storage file - --os-image-size resize the OS disk image to the given size (e.g. 4096M) - --data-image-size resize the data disk image to the given size (e.g. 20G) - --help shows this usage text - -By default, the virtual machine's port 22 (SSH) will be exposed via the local -port 2222, i.e. if the Bottlerocket admin container has been enabled via -user-data, it can be reached by running - - ssh -p 2222 ec2-user@localhost - -from the host. - -Usage example: - - ${0##*/} --arch $(uname -m) --variant metal-dev --inject-file net.toml -" -} - -usage_error() { - local error=$1 - - { - if [[ -n ${error} ]]; then - printf "%s\n\n" "${error}" - fi - show_usage - } >&2 - - exit 1 -} - -parse_args() { - while [[ $# -gt 0 ]]; do - case $1 in - -h|--help) - show_usage; exit 0 ;; - --arch) - shift; arch=$1 ;; - --variant) - shift; variant=$1 ;; - --product-name) - shift; product_name=$1 ;; - --host-port-forwards) - shift; host_port_forwards=$1 ;; - --vm-memory) - shift; vm_mem=$1 ;; - --vm-cpus) - shift; vm_cpus=$1 ;; - --force-extract) - force_extract=yes ;; - --inject-file) - shift; local file_spec=$1 - if [[ ${file_spec} = *:* ]]; then - local local_file=${file_spec%%:*} - local image_file=${file_spec#*:} - else - local local_file=${file_spec} - local image_file=${file_spec##*/} - fi - extra_files[${local_file}]=${image_file} - ;; - --firmware-code) - shift; firmware_code=$1 - ;; - --firmware-vars) - shift; firmware_vars=$1 - ;; - --os-image-size) - shift; os_image_size=$1 - ;; - --data-image-size) - shift; data_image_size=$1 - ;; - *) - usage_error "unknown option '$1'" ;; - esac - shift - done - - [[ -n ${arch} ]] || usage_error 'Architecture needs to be set via either --arch or BUILDSYS_ARCH.' - [[ -n ${variant} ]] || usage_error 'Variant needs to be set via either --variant or BUILDSYS_VARIANT.' - - declare -l host_arch - host_arch=$(uname -m) - [[ ${arch} == "${host_arch}" ]] || bail "Architecture needs to match host architecture (${host_arch}) for hardware virtualization." - - for path in "${!extra_files[@]}"; do - [[ -e ${path} ]] || bail "Cannot find local file '${path}' to inject." - done -} - -extract_image() { - local -r compressed_image=$1 - local -r uncompressed_image=$2 - - if [[ ${force_extract} = yes ]] || [[ ${compressed_image} -nt ${uncompressed_image} ]]; then - lz4 --decompress --force --keep "${compressed_image}" "${uncompressed_image}" \ - || bail "Failed to extract '${compressed_image}'." - fi -} - -prepare_raw_images() { - local -r image_dir=build/images/${arch}-${variant}/latest - local -r compressed_os_image=${image_dir}/${product_name}-${variant}-${arch}.img.lz4 - local -r compressed_data_image=${image_dir}/${product_name}-${variant}-${arch}-data.img.lz4 - - if [[ -e ${compressed_os_image} ]]; then - readonly os_image=${compressed_os_image%*.lz4} - extract_image "${compressed_os_image}" "${os_image}" - else - bail 'Boot image not found. Did the last build fail?' - fi - - if [[ -e ${compressed_data_image} ]]; then - readonly data_image=${compressed_data_image%*.lz4} - extract_image "${compressed_data_image}" "${data_image}" - else - # Missing data image is fine. This variant may not be a split build. - readonly data_image= - fi - - if [[ -n ${os_image_size} ]]; then - truncate --no-create --size "${os_image_size}" "${os_image}" \ - || bail "Failed to resize OS image '${os_image}'." - fi - - if [[ -n ${data_image_size} ]]; then - if [[ -e ${data_image} ]]; then - truncate --no-create --size "${data_image_size}" "${data_image}" \ - || bail "Failed to resize data image '${data_image}'." - else - >&2 echo "Ignoring option --data-image-size ${data_image_size} since no data image was found." - fi - fi -} - -prepare_firmware() { - # Create local copies of the edk2 firmware variable storage, to help with - # facilitate Secure Boot testing where custom variables are needed for both - # architectures, but can't safely be reused across QEMU invocations. Also - # set reasonable defaults for both firmware files, if nothing more specific - # was requested. - local original_vars - - if [[ ${arch} = x86_64 ]]; then - firmware_code=${firmware_code:-/usr/share/edk2/ovmf/OVMF_CODE.fd} - original_vars=${firmware_vars:-/usr/share/edk2/ovmf/OVMF_VARS.fd} - firmware_vars="$(mktemp)" - on_exit "rm '${firmware_vars}'" - cp "${original_vars}" "${firmware_vars}" - fi - - if [[ ${arch} = aarch64 ]]; then - original_code=${firmware_code:-/usr/share/edk2/aarch64/QEMU_EFI.silent.fd} - original_vars=${firmware_vars:-/usr/share/edk2/aarch64/QEMU_VARS.fd} - firmware_code="$(mktemp)" - firmware_vars="$(mktemp)" - on_exit "rm '${firmware_code}' '${firmware_vars}'" - cat "${original_code}" /dev/zero \ - | head -c 64m > "${firmware_code}" - cat "${original_vars}" /dev/zero \ - | head -c 64m > "${firmware_vars}" - fi -} - -create_extra_files() { - # Explicitly instruct the kernel to send its output to the serial port on - # x86 via a bootconfig initrd. Passing in settings via user-data would be - # too late to get console output of the first boot. - if [[ ${arch} = x86_64 ]]; then - extra_files["${repo_root}/tools/bootconfig/qemu-x86-console-bootconfig.data"]=bootconfig.data - fi - - # If the private partition needs to be recreated, ensure that any bootconfig - # data file is present, otherwise GRUB will notice the missing file and wait - # for a key press. - if [[ ${#extra_files[@]} -gt 0 ]]; then - local has_bootconfig=no - for image_file in "${extra_files[@]}"; do - if [[ ${image_file} = bootconfig.data ]]; then - has_bootconfig=yes - break - fi - done - if [[ ${has_bootconfig} = no ]]; then - extra_files["${repo_root}/tools/bootconfig/empty-bootconfig.data"]=bootconfig.data - fi - fi -} - -inject_files() { - if [[ ${#extra_files[@]} -eq 0 ]]; then - return 0 - fi - - # We inject files into the boot image by replacing the private partition - # entirely. The new partition has to perfectly fit over the original one. - # Find the first and last sector, then calculate the partition's size. In - # absence of actual hardware, assume a traditional sector size of 512 bytes. - local private_first_sector private_last_sector - read -r private_first_sector private_last_sector < <( - fdisk --list-details "${os_image}" \ - | awk '/BOTTLEROCKET-PRIVATE/ { print $2, $3 }') - if [[ -z ${private_first_sector} ]] || [[ -z ${private_last_sector} ]]; then - bail "Failed to find the private partition in '${os_image}'." - fi - local private_size_mib=$(( (private_last_sector - private_first_sector + 1) * 512 / 1024 / 1024 )) - - local private_mount private_image - private_mount=$(mktemp -d) - private_image=$(mktemp) - on_exit "rm -rf '${private_mount}' '${private_image}'" - - for local_file in "${!extra_files[@]}"; do - local image_file=${extra_files[${local_file}]} - cp "${local_file}" "${private_mount}/${image_file}" - done - - if ! mkfs.ext4 -d "${private_mount}" "${private_image}" "${private_size_mib}M" \ - || ! dd if="${private_image}" of="${os_image}" conv=notrunc bs=512 seek="${private_first_sector}" - then - rm -f "${private_image}" - rm -rf "${private_mount}" - bail "Failed to inject files into '${os_image}'." - fi -} - -launch_vm() { - local -a qemu_args=( - -nographic - -enable-kvm - -cpu host - -smp "${vm_cpus}" - -m "${vm_mem}" - -drive if=pflash,format=raw,unit=0,file="${firmware_code}",readonly=on - -drive if=pflash,format=raw,unit=1,file="${firmware_vars}" - -drive index=0,if=virtio,format=raw,file="${os_image}" - ) - - # Plug the virtual primary NIC in as BDF 00:10.0 so udev will give it a - # consistent name we can know ahead of time--enp0s16 or ens16. - qemu_args+=( - -netdev user,id=net0,hostfwd="${host_port_forwards}" - -device virtio-net-pci,netdev=net0,addr=10.0 - ) - - # Resolve the last bit of uncertainty by disabling ACPI-based PCI hot plug, - # causing udev to use the bus location when naming the NIC (enp0s16). Since - # QEMU does not support PCI hot plug via ACPI on Arm, turn it off for the - # emulated x86_64 chipset only to achieve parity. - if [[ ${arch} = x86_64 ]]; then - qemu_args+=( -global PIIX4_PM.acpi-root-pci-hotplug=off ) - qemu_args+=( -machine q35,smm=on ) - fi - - if [[ ${arch} = aarch64 ]]; then - qemu_args+=( -machine virt ) - fi - - if [[ -n ${data_image} ]]; then - qemu_args+=( -drive index=1,if=virtio,format=raw,file="${data_image}" ) - fi - - qemu-system-"${arch}" "${qemu_args[@]}" -} - -parse_args "$@" -prepare_raw_images -prepare_firmware -create_extra_files -inject_files -launch_vm diff --git a/variants/Cargo.toml b/variants/Cargo.toml deleted file mode 100644 index 3e23a84bf..000000000 --- a/variants/Cargo.toml +++ /dev/null @@ -1,41 +0,0 @@ -[workspace] -resolver = "1" -members = [ - "aws-dev", - "aws-ecs-1", - "aws-ecs-2", - "aws-ecs-1-nvidia", - "aws-ecs-2-nvidia", - "aws-k8s-1.23", - "aws-k8s-1.23-nvidia", - "aws-k8s-1.24", - "aws-k8s-1.24-nvidia", - "aws-k8s-1.25", - "aws-k8s-1.25-nvidia", - "aws-k8s-1.26", - "aws-k8s-1.26-nvidia", - "aws-k8s-1.27", - "aws-k8s-1.28", - "aws-k8s-1.29", - "aws-k8s-1.30", - "aws-k8s-1.27-nvidia", - "aws-k8s-1.28-nvidia", - "aws-k8s-1.29-nvidia", - "aws-k8s-1.30-nvidia", - "metal-dev", - "metal-k8s-1.27", - "metal-k8s-1.28", - "metal-k8s-1.29", - "vmware-dev", - "vmware-k8s-1.27", - "vmware-k8s-1.28", - "vmware-k8s-1.29", - "vmware-k8s-1.30", -] - -[profile.dev] -debug = false -opt-level = 'z' - -[profile.dev.build-override] -opt-level = 'z' diff --git a/variants/README.md b/variants/README.md deleted file mode 100644 index 0a1d5ffed..000000000 --- a/variants/README.md +++ /dev/null @@ -1,521 +0,0 @@ -# Bottlerocket Variants - -This document describes what Bottlerocket variants are and how they are built. - -In the [Background](#background) section, we discuss the motivation for variants. - -In the [Variants](#variants) section, we list the variants that exist today. - -In the [Development](#development) section, we provide a short guide for adding a new variant. - -## Background - -Bottlerocket is purpose-built for hosting containers. -It can run one of several container orchestrator agents. -It is also image-based and does not include a package manager for customization at runtime. - -Conceptually, each image could include all orchestrator agents, but that would conflict with our design goals. -We want to keep the footprint of Bottlerocket as small as possible for security and performance reasons. -Instead, we make different variants available for use, each with its own set of software and API settings. - -A variant is essentially a list of packages to install, plus a model that defines the API. -The documentation for [packages](../packages/) covers how to create a package. -Information about API settings for variants can be found in the [models](../sources/models/) documentation. - -### User data -Bottlerocket variants ingest TOML-formatted [user data](../README.md#using-user-data) from various sources in a predefined order. -All variants first attempt to read user data from `/var/lib/bottlerocket/user-data.toml`. -AWS variants then retrieve user data from IMDS. -VMware variants will attempt to read user data from a mounted CD-ROM (from a file named "user-data" or from an OVF file), and then from VMware's guestinfo interface. - -If a setting is defined in more than one source, the value in later sources will override earlier values. -For example, in a VMware variant, settings read from the guestinfo interface will override settings from CD-ROM, and settings from CD-ROM will override settings from the file. - -## Variants - -See [_Update Policy_ in the Security Features document](../SECURITY_FEATURES.md#update-policy) for information on when and how Bottlerocket applies security patches to variants. - -### aws-k8s-1.23: Kubernetes 1.23 node - -The [aws-k8s-1.23](aws-k8s-1.23/Cargo.toml) variant includes the packages needed to run a Kubernetes node in AWS. -It supports self-hosted clusters and clusters managed by [EKS](https://aws.amazon.com/eks/). - -This variant is compatible with Kubernetes 1.23, 1.24, and 1.25 clusters. - -### aws-k8s-1.23-nvidia: Kubernetes 1.23 NVIDIA node - -The [aws-k8s-1.23-nvidia](aws-k8s-1.23-nvidia/Cargo.toml) variant includes the packages needed to run a Kubernetes node in AWS. -It also includes the required packages to configure containers to leverage NVIDIA GPUs. -It supports self-hosted clusters and clusters managed by [EKS](https://aws.amazon.com/eks/). - -This variant is compatible with Kubernetes 1.23, 1.24, and 1.25 clusters. - -### aws-k8s-1.24: Kubernetes 1.24 node - -The [aws-k8s-1.24](aws-k8s-1.24/Cargo.toml) variant includes the packages needed to run a Kubernetes node in AWS. -It supports self-hosted clusters and clusters managed by [EKS](https://aws.amazon.com/eks/). - -This variant is compatible with Kubernetes 1.24, 1.25, and 1.26 clusters. - -### aws-k8s-1.24-nvidia: Kubernetes 1.24 NVIDIA node - -The [aws-k8s-1.24-nvidia](aws-k8s-1.24-nvidia/Cargo.toml) variant includes the packages needed to run a Kubernetes node in AWS. -It also includes the required packages to configure containers to leverage NVIDIA GPUs. -It supports self-hosted clusters and clusters managed by [EKS](https://aws.amazon.com/eks/). - -This variant is compatible with Kubernetes 1.24, 1.25, and 1.26 clusters. - -### aws-k8s-1.25: Kubernetes 1.25 node - -The [aws-k8s-1.25](aws-k8s-1.25/Cargo.toml) variant includes the packages needed to run a Kubernetes node in AWS. -It supports self-hosted clusters and clusters managed by [EKS](https://aws.amazon.com/eks/). - -This variant is compatible with Kubernetes 1.25, 1.26, 1.27, and 1.28 clusters. - -### aws-k8s-1.25-nvidia: Kubernetes 1.25 NVIDIA node - -The [aws-k8s-1.25-nvidia](aws-k8s-1.25-nvidia/Cargo.toml) variant includes the packages needed to run a Kubernetes node in AWS. -It also includes the required packages to configure containers to leverage NVIDIA GPUs. -It supports self-hosted clusters and clusters managed by [EKS](https://aws.amazon.com/eks/). - -This variant is compatible with Kubernetes 1.25, 1.26, 1.27, and 1.28 clusters. - -### aws-k8s-1.26: Kubernetes 1.26 node - -The [aws-k8s-1.26](aws-k8s-1.26/Cargo.toml) variant includes the packages needed to run a Kubernetes node in AWS. -It supports self-hosted clusters and clusters managed by [EKS](https://aws.amazon.com/eks/). - -This variant is compatible with Kubernetes 1.26, 1.27, 1.28, and 1.29 clusters. - -### aws-k8s-1.26-nvidia: Kubernetes 1.26 NVIDIA node - -The [aws-k8s-1.26-nvidia](aws-k8s-1.26-nvidia/Cargo.toml) variant includes the packages needed to run a Kubernetes node in AWS. -It also includes the required packages to configure containers to leverage NVIDIA GPUs. -It supports self-hosted clusters and clusters managed by [EKS](https://aws.amazon.com/eks/). - -This variant is compatible with Kubernetes 1.26, 1.27, 1.28, and 1.29 clusters. - -### aws-k8s-1.27: Kubernetes 1.27 node - -The [aws-k8s-1.27](aws-k8s-1.27/Cargo.toml) variant includes the packages needed to run a Kubernetes node in AWS. -It supports self-hosted clusters and clusters managed by [EKS](https://aws.amazon.com/eks/). - -This variant is compatible with Kubernetes 1.27, 1.28, 1.29, and 1.30 clusters. - -### aws-k8s-1.27-nvidia: Kubernetes 1.27 NVIDIA node - -The [aws-k8s-1.27-nvidia](aws-k8s-1.27-nvidia/Cargo.toml) variant includes the packages needed to run a Kubernetes node in AWS. -It also includes the required packages to configure containers to leverage NVIDIA GPUs. -It supports self-hosted clusters and clusters managed by [EKS](https://aws.amazon.com/eks/). - -This variant is compatible with Kubernetes 1.27, 1.28, 1.29, and 1.30 clusters. - -### aws-k8s-1.28: Kubernetes 1.28 node - -The [aws-k8s-1.28](aws-k8s-1.28/Cargo.toml) variant includes the packages needed to run a Kubernetes node in AWS. -It supports self-hosted clusters and clusters managed by [EKS](https://aws.amazon.com/eks/). - -This variant is compatible with Kubernetes 1.28, 1.29, 1.30, and 1.31 clusters. - -### aws-k8s-1.28-nvidia: Kubernetes 1.28 NVIDIA node - -The [aws-k8s-1.28-nvidia](aws-k8s-1.28-nvidia/Cargo.toml) variant includes the packages needed to run a Kubernetes node in AWS. -It also includes the required packages to configure containers to leverage NVIDIA GPUs. -It supports self-hosted clusters and clusters managed by [EKS](https://aws.amazon.com/eks/). - -This variant is compatible with Kubernetes 1.28, 1.29, 1.30, and 1.31 clusters. - -### aws-k8s-1.29: Kubernetes 1.29 node - -The [aws-k8s-1.29](aws-k8s-1.29/Cargo.toml) variant includes the packages needed to run a Kubernetes node in AWS. -It supports self-hosted clusters and clusters managed by [EKS](https://aws.amazon.com/eks/). - -This variant is compatible with Kubernetes 1.29, 1.30, 1.31, and 1.32 clusters. - -### aws-k8s-1.29-nvidia: Kubernetes 1.29 NVIDIA node - -The [aws-k8s-1.29-nvidia](aws-k8s-1.29-nvidia/Cargo.toml) variant includes the packages needed to run a Kubernetes node in AWS. -It also includes the required packages to configure containers to leverage NVIDIA GPUs. -It supports self-hosted clusters and clusters managed by [EKS](https://aws.amazon.com/eks/). - -This variant is compatible with Kubernetes 1.29, 1.30, 1.31 and 1.32 clusters. - -### aws-k8s-1.30: Kubernetes 1.30 node - -The [aws-k8s-1.30](aws-k8s-1.30/Cargo.toml) variant includes the packages needed to run a Kubernetes node in AWS. -It supports self-hosted clusters and clusters managed by [EKS](https://aws.amazon.com/eks/). - -This variant is compatible with Kubernetes 1.30, 1.31, 1.32, and 1.33 clusters. - -### aws-k8s-1.30-nvidia: Kubernetes 1.30 NVIDIA node - -The [aws-k8s-1.30-nvidia](aws-k8s-1.30-nvidia/Cargo.toml) variant includes the packages needed to run a Kubernetes node in AWS. -It also includes the required packages to configure containers to leverage NVIDIA GPUs. -It supports self-hosted clusters and clusters managed by [EKS](https://aws.amazon.com/eks/). - -This variant is compatible with Kubernetes 1.30, 1.31, 1.32, and 1.33 clusters. - -### aws-ecs-1: Amazon ECS container instance - -The [aws-ecs-1](aws-ecs-1/Cargo.toml) variant includes the packages needed to run an [Amazon ECS](https://ecs.aws) -container instance in AWS. - -### aws-ecs-1-nvidia: Amazon ECS container instance - -The [aws-ecs-1-nvidia](aws-ecs-1-nvidia/Cargo.toml) variant includes the packages needed to run an [Amazon ECS](https://ecs.aws) -container instance in AWS. -It also includes the required packages to configure containers to leverage NVIDIA GPUs. - -### aws-ecs-2: Amazon ECS container instance - -The [aws-ecs-2](aws-ecs-2/Cargo.toml) variant includes the packages needed to run an [Amazon ECS](https://ecs.aws) -container instance in AWS. - -### aws-ecs-2-nvidia: Amazon ECS container instance - -The [aws-ecs-2-nvidia](aws-ecs-2-nvidia/Cargo.toml) variant includes the packages needed to run an [Amazon ECS](https://ecs.aws) -container instance in AWS. -It also includes the required packages to configure containers to leverage NVIDIA GPUs. - -### aws-dev: AWS development build - -The [aws-dev](aws-dev/Cargo.toml) variant has useful packages for local development of the OS. -It includes tools for troubleshooting as well as Docker for running containers. -User data will be read from IMDS. - -### vmware-dev: VMware development build - -The [vmware-dev](vmware-dev/Cargo.toml) variant has useful packages for local development of the OS, and is intended to run as a VMware guest. -It includes tools for troubleshooting as well as Docker for running containers. - -## vmware-k8s-1.27: VMware Kubernetes 1.27 node - -The [vmware-k8s-1.27](vmware-k8s-1.27/Cargo.toml) variant includes the packages needed to run a Kubernetes worker node as a VMware guest. -It supports self-hosted clusters. - -This variant is compatible with Kubernetes 1.27, 1.28, 1.29, and 1.30 clusters. - -## vmware-k8s-1.28: VMware Kubernetes 1.28 node - -The [vmware-k8s-1.28](vmware-k8s-1.28/Cargo.toml) variant includes the packages needed to run a Kubernetes worker node as a VMware guest. -It supports self-hosted clusters. - -This variant is compatible with Kubernetes 1.28, 1.29, 1.30 and 1.31 clusters. - -## vmware-k8s-1.29: VMware Kubernetes 1.29 node - -The [vmware-k8s-1.29](vmware-k8s-1.29/Cargo.toml) variant includes the packages needed to run a Kubernetes worker node as a VMware guest. -It supports self-hosted clusters. - -This variant is compatible with Kubernetes 1.29, 1.30, 1.31, and 1.32 clusters. - -## vmware-k8s-1.30: VMware Kubernetes 1.30 node - -The [vmware-k8s-1.30](vmware-k8s-1.30/Cargo.toml) variant includes the packages needed to run a Kubernetes worker node as a VMware guest. -It supports self-hosted clusters. - -This variant is compatible with Kubernetes 1.30, 1.31, 1.32, and 1.33 clusters. - -### metal-dev: Metal development build - -The [metal-dev](metal-dev/Cargo.toml) variant has useful packages for local development of the OS and is intended to run bare metal. -It includes tools for troubleshooting as well as Docker for running containers. - -### metal-k8s-1.27: Metal Kubernetes 1.27 node - -The [metal-k8s-1.27](metal-k8s-1.27/Cargo.toml) variant includes the packages needed to run a Kubernetes node on bare metal. -It supports self-hosted clusters. - -This variant is compatible with Kubernetes 1.27, 1.28, 1.29, and 1.30 clusters. - -### metal-k8s-1.28: Metal Kubernetes 1.28 node - -The [metal-k8s-1.28](metal-k8s-1.28/Cargo.toml) variant includes the packages needed to run a Kubernetes node on bare metal. -It supports self-hosted clusters. - -This variant is compatible with Kubernetes 1.28, 1.29, 1.30, and 1.31 clusters. - -### metal-k8s-1.29: Metal Kubernetes 1.28 node - -The [metal-k8s-1.29](metal-k8s-1.29/Cargo.toml) variant includes the packages needed to run a Kubernetes node on bare metal. -It supports self-hosted clusters. - -This variant is compatible with Kubernetes 1.29, 1.30, 1.31, and 1.32 clusters. - -### Deprecated variants - -#### aws-k8s-1.15: Kubernetes 1.15 node - -The aws-k8s-1.15 variant included the packages needed to run a Kubernetes node in AWS. -It supported self-hosted clusters and clusters managed by [EKS](https://aws.amazon.com/eks/). - -This variant was compatible with Kubernetes 1.15, 1.16, and 1.17 clusters. -It reached end-of-life on May 3, 2021. - -Upstream support for Kubernetes 1.15 has ended and this variant will no longer be supported in Bottlerocket releases. - -### aws-k8s-1.16: Kubernetes 1.16 node - -The aws-k8s-1.16 variant included the packages needed to run a Kubernetes node in AWS. -It supported self-hosted clusters and clusters managed by [EKS](https://aws.amazon.com/eks/). - -This variant was compatible with Kubernetes 1.16, 1.17, and 1.18 clusters. -It reached end-of-life on July 25, 2021. - -Upstream support for Kubernetes 1.16 has ended and this variant will no longer be supported in Bottlerocket releases. - -### aws-k8s-1.17: Kubernetes 1.17 node - -The aws-k8s-1.17 variant included the packages needed to run a Kubernetes node in AWS. -It supported self-hosted clusters and clusters managed by [EKS](https://aws.amazon.com/eks/). - -This variant was compatible with Kubernetes 1.17, 1.18, and 1.19 clusters. -It reached end-of-life on November 2, 2021. - -Upstream support for Kubernetes 1.17 has ended and this variant will no longer be supported in Bottlerocket releases. - -### aws-k8s-1.18: Kubernetes 1.18 node - -The aws-k8s-1.18 variant included the packages needed to run a Kubernetes node in AWS. -It supported self-hosted clusters and clusters managed by [EKS](https://aws.amazon.com/eks/). - -This variant was compatible with Kubernetes 1.18, 1.19, and 1.20 clusters. -It reached end-of-life on March 31st, 2022. - -Upstream support for Kubernetes 1.18 has ended and this variant will no longer be supported in Bottlerocket releases. - -### aws-k8s-1.19: Kubernetes 1.19 node - -The aws-k8s-1.19 variant included the packages needed to run a Kubernetes node in AWS. -It supported self-hosted clusters and clusters managed by [EKS](https://aws.amazon.com/eks/). - -This variant was compatible with Kubernetes 1.19, 1.20, and 1.21 clusters. -It reached end-of-life on August 1st, 2022. - -Upstream support for Kubernetes 1.19 has ended and this variant will no longer be supported in Bottlerocket releases. - -### aws-k8s-1.20: Kubernetes 1.20 node - -The aws-k8s-1.20 variant included the packages needed to run a Kubernetes node in AWS. -It supported self-hosted clusters and clusters managed by [EKS](https://aws.amazon.com/eks/). - -This variant was compatible with Kubernetes 1.20, 1.21, and 1.22 clusters. -It reached end-of-life on November 1st, 2022. - -Upstream support for Kubernetes 1.20 has ended and this variant will no longer be supported in Bottlerocket releases. - -### vmware-k8s-1.20: VMware Kubernetes 1.20 node - -The vmware-k8s-1.20 variant included the packages needed to run a Kubernetes worker node as a VMware guest. -It supported self-hosted clusters. - -This variant was compatible with Kubernetes 1.20, 1.21, and 1.22 clusters. - -### aws-k8s-1.21: Kubernetes 1.21 node - -The aws-k8s-1.21 variant included the packages needed to run a Kubernetes node in AWS. -It supported self-hosted clusters and clusters managed by [EKS](https://aws.amazon.com/eks/). - -This variant was compatible with Kubernetes 1.21, 1.22, and 1.23 clusters. - -### aws-k8s-1.21-nvidia: Kubernetes 1.21 NVIDIA node - -The aws-k8s-1.21-nvidia variant included the packages needed to run a Kubernetes node in AWS. -It also included the required packages to configure containers to leverage NVIDIA GPUs. -It supported self-hosted clusters and clusters managed by [EKS](https://aws.amazon.com/eks/). -This variant was compatible with Kubernetes 1.21, 1.22, and 1.23 clusters. - -### metal-k8s-1.21: Metal Kubernetes 1.21 node - -The metal-k8s-1.21 variant included the packages needed to run a Kubernetes node on bare metal. -It supported self-hosted clusters. - -This variant was compatible with Kubernetes 1.21, 1.22, and 1.23 clusters. - -### vmware-k8s-1.21: VMware Kubernetes 1.21 node - -The vmware-k8s-1.21 variant included the packages needed to run a Kubernetes worker node as a VMware guest. -It supported self-hosted clusters. - -This variant was compatible with Kubernetes 1.21, 1.22, and 1.23 clusters. - -### aws-k8s-1.22: Kubernetes 1.22 node - -The aws-k8s-1.22 variant included the packages needed to run a Kubernetes node in AWS. -It supported self-hosted clusters and clusters managed by [EKS](https://aws.amazon.com/eks/). - -This variant was compatible with Kubernetes 1.22, 1.23, and 1.24 clusters. - -### aws-k8s-1.22-nvidia: Kubernetes 1.22 NVIDIA node - -The aws-k8s-1.22-nvidia variant included the packages needed to run a Kubernetes node in AWS. -It also included the required packages to configure containers to leverage NVIDIA GPUs. -It supported self-hosted clusters and clusters managed by [EKS](https://aws.amazon.com/eks/). - -This variant was compatible with Kubernetes 1.22, 1.23, and 1.24 clusters. - -### metal-k8s-1.22: Metal Kubernetes 1.22 node - -The metal-k8s-1.22 variant included the packages needed to run a Kubernetes node on bare metal. -It supported self-hosted clusters. - -This variant was compatible with Kubernetes 1.22, 1.23, and 1.24 clusters. - -### vmware-k8s-1.22: VMware Kubernetes 1.22 node - -The vmware-k8s-1.22 variant included the packages needed to run a Kubernetes worker node as a VMware guest. -It supported self-hosted clusters. - -This variant was compatible with Kubernetes 1.22, 1.23, and 1.24 clusters. - -### metal-k8s-1.23: Metal Kubernetes 1.23 node - -The metal-k8s-1.23 variant included the packages needed to run a Kubernetes worker node on bare metal. -It supported self-hosted clusters. - -This variant was compatible with Kubernetes 1.23, 1.24, and 1.25 clusters. - -### vmware-k8s-1.23: VMware Kubernetes 1.23 node - -The vmware-k8s-1.23 variant included the packages needed to run a Kubernetes worker node as a VMware guest. -It supported self-hosted clusters. - -This variant was compatible with Kubernetes 1.23, 1.24, and 1.25 clusters. - -### vmware-k8s-1.24: VMware Kubernetes 1.24 node - -The vmware-k8s-1.24 variant included the packages needed to run a Kubernetes worker node as a VMware guest. -It supported self-hosted clusters. - -This variant was compatible with Kubernetes 1.24, 1.25, and 1.26 clusters. - -### metal-k8s-1.24: Metal Kubernetes 1.24 node - -The metal-k8s-1.24 variant included the packages needed to run a Kubernetes node on bare metal. -It supported self-hosted clusters. - -This variant was compatible with Kubernetes 1.24, 1.25, and 1.26 clusters. - -### vmware-k8s-1.25: VMware Kubernetes 1.25 node - -The [vmware-k8s-1.25](vmware-k8s-1.25/Cargo.toml) variant included the packages needed to run a Kubernetes worker node as a VMware guest. -It supported self-hosted clusters. - -This variant was compatible with Kubernetes 1.25, 1.26, 1.27, and 1.28 clusters. - -### metal-k8s-1.25: Metal Kubernetes 1.25 node - -The [metal-k8s-1.25](metal-k8s-1.25/Cargo.toml) variant included the packages needed to run a Kubernetes node on bare metal. -It supported self-hosted clusters. - -This variant was compatible with Kubernetes 1.25, 1.26, 1.27, and 1.28 clusters. - -### vmware-k8s-1.26: VMware Kubernetes 1.26 node - -The vmware-k8s-1.26 variant included the packages needed to run a Kubernetes worker node as a VMware guest. -It supported self-hosted clusters. - -This variant was compatible with Kubernetes 1.26, 1.27, 1.28, and 1.29 clusters. - -### metal-k8s-1.26: Metal Kubernetes 1.26 node - -The metal-k8s-1.26 variant included the packages needed to run a Kubernetes node on bare metal. -It supported self-hosted clusters. - -This variant was compatible with Kubernetes 1.26, 1.27, 1.28, and 1.29 clusters. - -## Development - -Say we want to create `my-variant`, a custom build of Bottlerocket that runs `my-agent`. - -### Structure -This listing shows the directory structure of our sample variant. - -``` -variants/my-variant -└── Cargo.toml -``` - -Each variant has a `Cargo.toml` file that lists the packages to install. - -It also refers to a `build.rs` [build script](https://doc.rust-lang.org/cargo/reference/build-scripts.html) which tells Cargo to invoke our [buildsys](../tools/buildsys/) tool. -Artifacts for the variant are built as a side effect of Cargo running the script. - -It points to `/dev/null` for the actual crate, since Cargo expects some Rust code to build, and is happy with an empty file. - -### Cargo.toml - -Our sample variant has the following manifest. - -```toml -[package] -name = "my-variant" -version = "0.1.0" -edition = "2018" -publish = false -build = "../build.rs" - -[package.metadata.build-variant] -included-packages = [ - "release", - "my-agent", -] - -[package.metadata.build-variant.image-layout] -os-image-size-gib = 8 -data-image-size-gib = 20 -partition-plan = "unified" - -[lib] -path = "../variants.rs" - -[build-dependencies] -"my-agent" = { path = "../../packages/my-agent" } -"release" = { path = "../../packages/release" } -``` - -The [package.metadata](https://doc.rust-lang.org/cargo/reference/manifest.html#the-metadata-table-optional) table is ignored by Cargo and interpreted by our `buildsys` tool. - -It contains an `included-packages` list which specifies the packages to install when building the image. -In the `[build-dependencies]` section, we specify the packages that need to be built, which is sometimes slightly different than `included-packages`. -This populates the Cargo build graph with all of the RPM packages that need to be built before the variant can be constructed. -Variants should almost always include the `release` package. -This pulls in the other core packages and includes essential configuration and services. - -This variant includes the (optional) `image-layout` section, which allows the user to customize the layout of the image they are building. -`os-image-size-gib` is the size of the "OS" disk image in GiB. -`data-image-size-gib` is the size of the "data" disk image in GiB. -Though we've done so here for sake of demonstration, resizing the "data" disk image isn't necessary as it expands to fill the disk on boot. -`partition-plan` is the strategy used for image partitioning, with the options being "split" (the default) or "unified". -The "split" partition strategy has separate volumes for "OS" and "data", while "unified" has "OS" and "data" on a single volume. -See [the documentation](../tools/buildsys/src/manifest.rs) for the defaults and additional details. - -Be sure to include `publish = false` for all packages, as these are not standard crates and should never appear on [crates.io](https://crates.io/). - -### build.rs - -We reuse the same build script for all variants. - -```rust -use std::process::{exit, Command}; - -fn main() -> Result<(), std::io::Error> { - let ret = Command::new("buildsys").arg("build-variant").status()?; - if !ret.success() { - exit(1); - } - Ok(()) -} -``` - -If you need a build script with different behavior, the recommended approach is to modify the `buildsys` tool. -The `package.metadata` table can be extended with declarative elements that enable the new feature. - -### Next Steps - -To build your variant, run the following command in the top-level Bottlerocket directory. -```shell -cargo make -e BUILDSYS_VARIANT=my-variant -``` - -This will build all packages first, not just the ones needed by your variant. diff --git a/variants/aws-dev/Cargo.toml b/variants/aws-dev/Cargo.toml deleted file mode 100644 index 5b925f8b7..000000000 --- a/variants/aws-dev/Cargo.toml +++ /dev/null @@ -1,60 +0,0 @@ -[package] -name = "aws-dev" -version = "0.1.0" -edition = "2021" -publish = false -build = "../build.rs" -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[package.metadata.build-variant.image-features] -grub-set-private-var = true -xfs-data-partition = true -uefi-secure-boot = true -systemd-networkd = true - -[package.metadata.build-variant] -kernel-parameters = [ - "console=tty0", - "console=ttyS0,115200n8", - # Only reserve if there are at least 2GB - "crashkernel=2G-:256M", - "net.ifnames=0", - "netdog.default-interface=eth0:dhcp4,dhcp6?", - "quiet", -] -included-packages = [ -# core - "release", - "kernel-6.1", -# docker - "docker-cli", - "docker-engine", - "docker-init", -# tools - "login", - "iputils", - "strace", - "chrony-tools", - "soci-snapshotter", - "socat", -] - -[lib] -path = "../variants.rs" - -[build-dependencies] -# core -release = { path = "../../packages/release" } -kernel-6_1 = { path = "../../packages/kernel-6.1" } -# docker -docker-cli = { path = "../../packages/docker-cli" } -docker-engine = { path = "../../packages/docker-engine" } -docker-init = { path = "../../packages/docker-init" } -# tools -login = { path = "../../packages/login" } -iputils = { path = "../../packages/iputils" } -strace = { path = "../../packages/strace" } -chrony = { path = "../../packages/chrony" } -soci-snapshotter = { path = "../../packages/soci-snapshotter" } -socat = { path = "../../packages/socat" } diff --git a/variants/aws-ecs-1-nvidia/Cargo.toml b/variants/aws-ecs-1-nvidia/Cargo.toml deleted file mode 100644 index 9b742524e..000000000 --- a/variants/aws-ecs-1-nvidia/Cargo.toml +++ /dev/null @@ -1,52 +0,0 @@ -[package] -name = "aws-ecs-1-nvidia" -version = "0.1.0" -edition = "2021" -publish = false -build = "../build.rs" - -[package.metadata.build-variant.image-layout] -os-image-size-gib = 4 - -[package.metadata.build-variant] -kernel-parameters = [ - "console=tty0", - "console=ttyS0,115200n8", - "net.ifnames=0", - "netdog.default-interface=eth0:dhcp4,dhcp6?", - "systemd.unified_cgroup_hierarchy=0", - "quiet", -] -included-packages = [ -# core - "release", - "kernel-5.10", -# docker - "docker-cli", - "docker-engine", - "docker-init", -# ecs - "ecs-agent-nvidia-config", -# NVIDIA support - "ecs-gpu-init", - "nvidia-container-toolkit-ecs", - "kmod-5.10-nvidia-tesla-470", -] - -[lib] -path = "../variants.rs" - -[build-dependencies] -# core -release = { path = "../../packages/release" } -kernel-5_10 = { path = "../../packages/kernel-5.10" } -# docker -docker-cli = { path = "../../packages/docker-cli" } -docker-engine = { path = "../../packages/docker-engine" } -docker-init = { path = "../../packages/docker-init" } -# ecs -ecs-agent = { path = "../../packages/ecs-agent" } -# NVIDIA -ecs-gpu-init = { path = "../../packages/ecs-gpu-init" } -nvidia-container-toolkit = { path = "../../packages/nvidia-container-toolkit" } -kmod-5_10-nvidia = { path = "../../packages/kmod-5.10-nvidia" } diff --git a/variants/aws-ecs-1/Cargo.toml b/variants/aws-ecs-1/Cargo.toml deleted file mode 100644 index e7dd3e181..000000000 --- a/variants/aws-ecs-1/Cargo.toml +++ /dev/null @@ -1,41 +0,0 @@ -[package] -name = "aws-ecs-1" -version = "0.1.0" -edition = "2021" -publish = false -build = "../build.rs" - -[package.metadata.build-variant] -kernel-parameters = [ - "console=tty0", - "console=ttyS0,115200n8", - "net.ifnames=0", - "netdog.default-interface=eth0:dhcp4,dhcp6?", - "systemd.unified_cgroup_hierarchy=0", - "quiet", -] -included-packages = [ -# core - "release", - "kernel-5.10", -# docker - "docker-cli", - "docker-engine", - "docker-init", -# ecs - "ecs-agent-config", -] - -[lib] -path = "../variants.rs" - -[build-dependencies] -# core -release = { path = "../../packages/release" } -kernel-5_10 = { path = "../../packages/kernel-5.10" } -# docker -docker-cli = { path = "../../packages/docker-cli" } -docker-engine = { path = "../../packages/docker-engine" } -docker-init = { path = "../../packages/docker-init" } -# ecs -ecs-agent = { path = "../../packages/ecs-agent" } diff --git a/variants/aws-ecs-2-nvidia/Cargo.toml b/variants/aws-ecs-2-nvidia/Cargo.toml deleted file mode 100644 index 2ea13049f..000000000 --- a/variants/aws-ecs-2-nvidia/Cargo.toml +++ /dev/null @@ -1,58 +0,0 @@ -[package] -name = "aws-ecs-2-nvidia" -version = "0.1.0" -edition = "2021" -publish = false -build = "../build.rs" - -[package.metadata.build-variant.image-features] -grub-set-private-var = true -uefi-secure-boot = true -xfs-data-partition = true -systemd-networkd = true - -[package.metadata.build-variant.image-layout] -os-image-size-gib = 4 - -[package.metadata.build-variant] -included-packages = [ -# core - "release", - "kernel-6.1", -# docker - "docker-cli", - "docker-engine", - "docker-init", -# ecs - "ecs-agent-nvidia-config", -# NVIDIA support - "ecs-gpu-init", - "nvidia-container-toolkit-ecs", - "kmod-6.1-nvidia-tesla-535", -] - -kernel-parameters = [ - "console=tty0", - "console=ttyS0,115200n8", - "net.ifnames=0", - "netdog.default-interface=eth0:dhcp4,dhcp6?", - "quiet", -] - -[lib] -path = "../variants.rs" - -[build-dependencies] -# core -release = { path = "../../packages/release" } -kernel-6_1 = { path = "../../packages/kernel-6.1" } -# docker -docker-cli = { path = "../../packages/docker-cli" } -docker-engine = { path = "../../packages/docker-engine" } -docker-init = { path = "../../packages/docker-init" } -# ecs -ecs-agent = { path = "../../packages/ecs-agent" } -# NVIDIA -ecs-gpu-init = { path = "../../packages/ecs-gpu-init" } -nvidia-container-toolkit = { path = "../../packages/nvidia-container-toolkit" } -kmod-6_1-nvidia = { path = "../../packages/kmod-6.1-nvidia" } diff --git a/variants/aws-ecs-2/Cargo.toml b/variants/aws-ecs-2/Cargo.toml deleted file mode 100644 index 282dcc269..000000000 --- a/variants/aws-ecs-2/Cargo.toml +++ /dev/null @@ -1,48 +0,0 @@ -[package] -name = "aws-ecs-2" -version = "0.1.0" -edition = "2021" -publish = false -build = "../build.rs" -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[package.metadata.build-variant.image-features] -grub-set-private-var = true -uefi-secure-boot = true -xfs-data-partition = true -systemd-networkd = true - -[package.metadata.build-variant] -included-packages = [ -# core - "release", - "kernel-6.1", -# docker - "docker-cli", - "docker-engine", - "docker-init", -# ecs - "ecs-agent-config", -] -kernel-parameters = [ - "console=tty0", - "console=ttyS0,115200n8", - "net.ifnames=0", - "netdog.default-interface=eth0:dhcp4,dhcp6?", - "quiet", -] - -[lib] -path = "../variants.rs" - -[build-dependencies] -# core -release = { path = "../../packages/release" } -kernel-6_1 = { path = "../../packages/kernel-6.1" } -# docker -docker-cli = { path = "../../packages/docker-cli" } -docker-engine = { path = "../../packages/docker-engine" } -docker-init = { path = "../../packages/docker-init" } -# ecs -ecs-agent = { path = "../../packages/ecs-agent" } diff --git a/variants/aws-k8s-1.23-nvidia/Cargo.toml b/variants/aws-k8s-1.23-nvidia/Cargo.toml deleted file mode 100644 index 060636902..000000000 --- a/variants/aws-k8s-1.23-nvidia/Cargo.toml +++ /dev/null @@ -1,51 +0,0 @@ -[package] -# This is the aws-k8s-1.23-nvidia variant. "." is not allowed in crate names, but we -# don't use this crate name anywhere. -name = "aws-k8s-1_23-nvidia" -version = "0.1.0" -edition = "2021" -publish = false -build = "../build.rs" -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[package.metadata.build-variant.image-layout] -os-image-size-gib = 4 - -[package.metadata.build-variant.image-features] -grub-set-private-var = true - -[package.metadata.build-variant] -included-packages = [ - "aws-iam-authenticator", - "cni", - "cni-plugins", - "kernel-5.10", - "kubelet-1.23", - "release", - "nvidia-container-toolkit-k8s", - "nvidia-k8s-device-plugin", - "kmod-5.10-nvidia-tesla-470", -] -kernel-parameters = [ - "console=tty0", - "console=ttyS0,115200n8", - "net.ifnames=0", - "netdog.default-interface=eth0:dhcp4,dhcp6?", - "systemd.unified_cgroup_hierarchy=0", - "quiet", -] - -[lib] -path = "../variants.rs" - -[build-dependencies] -aws-iam-authenticator = { path = "../../packages/aws-iam-authenticator" } -cni = { path = "../../packages/cni" } -cni-plugins = { path = "../../packages/cni-plugins" } -kernel-5_10 = { path = "../../packages/kernel-5.10" } -kubernetes-1_23 = { path = "../../packages/kubernetes-1.23" } -release = { path = "../../packages/release" } -nvidia-container-toolkit = { path = "../../packages/nvidia-container-toolkit" } -nvidia-k8s-device-plugin = { path = "../../packages/nvidia-k8s-device-plugin" } -kmod-5_10-nvidia = { path = "../../packages/kmod-5.10-nvidia" } diff --git a/variants/aws-k8s-1.23/Cargo.toml b/variants/aws-k8s-1.23/Cargo.toml deleted file mode 100644 index 44585fc0a..000000000 --- a/variants/aws-k8s-1.23/Cargo.toml +++ /dev/null @@ -1,42 +0,0 @@ -[package] -# This is the aws-k8s-1.23 variant. "." is not allowed in crate names, but we -# don't use this crate name anywhere. -name = "aws-k8s-1_23" -version = "0.1.0" -edition = "2021" -publish = false -build = "../build.rs" -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[package.metadata.build-variant.image-features] -grub-set-private-var = true - -[package.metadata.build-variant] -included-packages = [ - "aws-iam-authenticator", - "cni", - "cni-plugins", - "kernel-5.10", - "kubelet-1.23", - "release", -] -kernel-parameters = [ - "console=tty0", - "console=ttyS0,115200n8", - "net.ifnames=0", - "netdog.default-interface=eth0:dhcp4,dhcp6?", - "systemd.unified_cgroup_hierarchy=0", - "quiet", -] - -[lib] -path = "../variants.rs" - -[build-dependencies] -aws-iam-authenticator = { path = "../../packages/aws-iam-authenticator" } -cni = { path = "../../packages/cni" } -cni-plugins = { path = "../../packages/cni-plugins" } -kernel-5_10 = { path = "../../packages/kernel-5.10" } -kubernetes-1_23= { path = "../../packages/kubernetes-1.23" } -release = { path = "../../packages/release" } diff --git a/variants/aws-k8s-1.24-nvidia/Cargo.toml b/variants/aws-k8s-1.24-nvidia/Cargo.toml deleted file mode 100644 index e7f011674..000000000 --- a/variants/aws-k8s-1.24-nvidia/Cargo.toml +++ /dev/null @@ -1,51 +0,0 @@ -[package] -# This is the aws-k8s-1.24-nvidia variant. "." is not allowed in crate names, but we -# don't use this crate name anywhere. -name = "aws-k8s-1_24-nvidia" -version = "0.1.0" -edition = "2021" -publish = false -build = "../build.rs" -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[package.metadata.build-variant.image-layout] -os-image-size-gib = 4 - -[package.metadata.build-variant.image-features] -grub-set-private-var = true - -[package.metadata.build-variant] -included-packages = [ - "aws-iam-authenticator", - "cni", - "cni-plugins", - "kernel-5.15", - "kubelet-1.24", - "release", - "nvidia-container-toolkit-k8s", - "nvidia-k8s-device-plugin", - "kmod-5.15-nvidia-tesla-535", -] -kernel-parameters = [ - "console=tty0", - "console=ttyS0,115200n8", - "net.ifnames=0", - "netdog.default-interface=eth0:dhcp4,dhcp6?", - "systemd.unified_cgroup_hierarchy=0", - "quiet", -] - -[lib] -path = "../variants.rs" - -[build-dependencies] -aws-iam-authenticator = { path = "../../packages/aws-iam-authenticator" } -cni = { path = "../../packages/cni" } -cni-plugins = { path = "../../packages/cni-plugins" } -kernel-5_15 = { path = "../../packages/kernel-5.15" } -kubernetes-1_24 = { path = "../../packages/kubernetes-1.24" } -release = { path = "../../packages/release" } -nvidia-container-toolkit = { path = "../../packages/nvidia-container-toolkit" } -nvidia-k8s-device-plugin = { path = "../../packages/nvidia-k8s-device-plugin" } -kmod-5_15-nvidia = { path = "../../packages/kmod-5.15-nvidia" } diff --git a/variants/aws-k8s-1.24/Cargo.toml b/variants/aws-k8s-1.24/Cargo.toml deleted file mode 100644 index 1f5676fd4..000000000 --- a/variants/aws-k8s-1.24/Cargo.toml +++ /dev/null @@ -1,42 +0,0 @@ -[package] -# This is the aws-k8s-1.24 variant. "." is not allowed in crate names, but we -# don't use this crate name anywhere. -name = "aws-k8s-1_24" -version = "0.1.0" -edition = "2021" -publish = false -build = "../build.rs" -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[package.metadata.build-variant.image-features] -grub-set-private-var = true - -[package.metadata.build-variant] -included-packages = [ - "aws-iam-authenticator", - "cni", - "cni-plugins", - "kernel-5.15", - "kubelet-1.24", - "release", -] -kernel-parameters = [ - "console=tty0", - "console=ttyS0,115200n8", - "net.ifnames=0", - "netdog.default-interface=eth0:dhcp4,dhcp6?", - "systemd.unified_cgroup_hierarchy=0", - "quiet", -] - -[lib] -path = "../variants.rs" - -[build-dependencies] -aws-iam-authenticator = { path = "../../packages/aws-iam-authenticator" } -cni = { path = "../../packages/cni" } -cni-plugins = { path = "../../packages/cni-plugins" } -kernel-5_15 = { path = "../../packages/kernel-5.15" } -kubernetes-1_24= { path = "../../packages/kubernetes-1.24" } -release = { path = "../../packages/release" } diff --git a/variants/aws-k8s-1.25-nvidia/Cargo.toml b/variants/aws-k8s-1.25-nvidia/Cargo.toml deleted file mode 100644 index 2692d7547..000000000 --- a/variants/aws-k8s-1.25-nvidia/Cargo.toml +++ /dev/null @@ -1,51 +0,0 @@ -[package] -# This is the aws-k8s-1.25-nvidia variant. "." is not allowed in crate names, but we -# don't use this crate name anywhere. -name = "aws-k8s-1_25-nvidia" -version = "0.1.0" -edition = "2021" -publish = false -build = "../build.rs" -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[package.metadata.build-variant.image-layout] -os-image-size-gib = 4 - -[package.metadata.build-variant.image-features] -grub-set-private-var = true - -[package.metadata.build-variant] -included-packages = [ - "aws-iam-authenticator", - "cni", - "cni-plugins", - "kernel-5.15", - "kubelet-1.25", - "release", - "nvidia-container-toolkit-k8s", - "nvidia-k8s-device-plugin", - "kmod-5.15-nvidia-tesla-535", -] -kernel-parameters = [ - "console=tty0", - "console=ttyS0,115200n8", - "net.ifnames=0", - "netdog.default-interface=eth0:dhcp4,dhcp6?", - "systemd.unified_cgroup_hierarchy=0", - "quiet", -] - -[lib] -path = "../variants.rs" - -[build-dependencies] -aws-iam-authenticator = { path = "../../packages/aws-iam-authenticator" } -cni = { path = "../../packages/cni" } -cni-plugins = { path = "../../packages/cni-plugins" } -kernel-5_15 = { path = "../../packages/kernel-5.15" } -kubernetes-1_25 = { path = "../../packages/kubernetes-1.25" } -release = { path = "../../packages/release" } -nvidia-container-toolkit = { path = "../../packages/nvidia-container-toolkit" } -nvidia-k8s-device-plugin = { path = "../../packages/nvidia-k8s-device-plugin" } -kmod-5_15-nvidia = { path = "../../packages/kmod-5.15-nvidia" } diff --git a/variants/aws-k8s-1.25/Cargo.toml b/variants/aws-k8s-1.25/Cargo.toml deleted file mode 100644 index 79e3b847b..000000000 --- a/variants/aws-k8s-1.25/Cargo.toml +++ /dev/null @@ -1,42 +0,0 @@ -[package] -# This is the aws-k8s-1.25 variant. "." is not allowed in crate names, but we -# don't use this crate name anywhere. -name = "aws-k8s-1_25" -version = "0.1.0" -edition = "2021" -publish = false -build = "../build.rs" -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[package.metadata.build-variant.image-features] -grub-set-private-var = true - -[package.metadata.build-variant] -included-packages = [ - "aws-iam-authenticator", - "cni", - "cni-plugins", - "kernel-5.15", - "kubelet-1.25", - "release", -] -kernel-parameters = [ - "console=tty0", - "console=ttyS0,115200n8", - "net.ifnames=0", - "netdog.default-interface=eth0:dhcp4,dhcp6?", - "systemd.unified_cgroup_hierarchy=0", - "quiet", -] - -[lib] -path = "../variants.rs" - -[build-dependencies] -aws-iam-authenticator = { path = "../../packages/aws-iam-authenticator" } -cni = { path = "../../packages/cni" } -cni-plugins = { path = "../../packages/cni-plugins" } -kernel-5_15 = { path = "../../packages/kernel-5.15" } -kubernetes-1_25 = { path = "../../packages/kubernetes-1.25" } -release = { path = "../../packages/release" } diff --git a/variants/aws-k8s-1.26-nvidia/Cargo.toml b/variants/aws-k8s-1.26-nvidia/Cargo.toml deleted file mode 100644 index 09a518969..000000000 --- a/variants/aws-k8s-1.26-nvidia/Cargo.toml +++ /dev/null @@ -1,50 +0,0 @@ -[package] -# This is the aws-k8s-1.26-nvidia variant. "." is not allowed in crate names, but we -# don't use this crate name anywhere. -name = "aws-k8s-1_26-nvidia" -version = "0.1.0" -edition = "2021" -publish = false -build = "../build.rs" -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[package.metadata.build-variant.image-layout] -os-image-size-gib = 4 - -[package.metadata.build-variant.image-features] -grub-set-private-var = true - -[package.metadata.build-variant] -included-packages = [ - "aws-iam-authenticator", - "cni", - "cni-plugins", - "kernel-5.15", - "kubelet-1.26", - "release", - "nvidia-container-toolkit-k8s", - "nvidia-k8s-device-plugin", - "kmod-5.15-nvidia-tesla-535", -] -kernel-parameters = [ - "console=tty0", - "console=ttyS0,115200n8", - "net.ifnames=0", - "netdog.default-interface=eth0:dhcp4,dhcp6?", - "quiet", -] - -[lib] -path = "../variants.rs" - -[build-dependencies] -aws-iam-authenticator = { path = "../../packages/aws-iam-authenticator" } -cni = { path = "../../packages/cni" } -cni-plugins = { path = "../../packages/cni-plugins" } -kernel-5_15 = { path = "../../packages/kernel-5.15" } -kubernetes-1_26 = { path = "../../packages/kubernetes-1.26" } -release = { path = "../../packages/release" } -nvidia-container-toolkit = { path = "../../packages/nvidia-container-toolkit" } -nvidia-k8s-device-plugin = { path = "../../packages/nvidia-k8s-device-plugin" } -kmod-5_15-nvidia = { path = "../../packages/kmod-5.15-nvidia" } diff --git a/variants/aws-k8s-1.26/Cargo.toml b/variants/aws-k8s-1.26/Cargo.toml deleted file mode 100644 index e24b4c22c..000000000 --- a/variants/aws-k8s-1.26/Cargo.toml +++ /dev/null @@ -1,41 +0,0 @@ -[package] -# This is the aws-k8s-1.26 variant. "." is not allowed in crate names, but we -# don't use this crate name anywhere. -name = "aws-k8s-1_26" -version = "0.1.0" -edition = "2021" -publish = false -build = "../build.rs" -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[package.metadata.build-variant.image-features] -grub-set-private-var = true - -[package.metadata.build-variant] -included-packages = [ - "aws-iam-authenticator", - "cni", - "cni-plugins", - "kernel-5.15", - "kubelet-1.26", - "release", -] -kernel-parameters = [ - "console=tty0", - "console=ttyS0,115200n8", - "net.ifnames=0", - "netdog.default-interface=eth0:dhcp4,dhcp6?", - "quiet", -] - -[lib] -path = "../variants.rs" - -[build-dependencies] -aws-iam-authenticator = { path = "../../packages/aws-iam-authenticator" } -cni = { path = "../../packages/cni" } -cni-plugins = { path = "../../packages/cni-plugins" } -kernel-5_15 = { path = "../../packages/kernel-5.15" } -kubernetes-1_26 = { path = "../../packages/kubernetes-1.26" } -release = { path = "../../packages/release" } diff --git a/variants/aws-k8s-1.27-nvidia/Cargo.toml b/variants/aws-k8s-1.27-nvidia/Cargo.toml deleted file mode 100644 index f1d65ba7a..000000000 --- a/variants/aws-k8s-1.27-nvidia/Cargo.toml +++ /dev/null @@ -1,50 +0,0 @@ -[package] -# This is the aws-k8s-1.27-nvidia variant. "." is not allowed in crate names, but we -# don't use this crate name anywhere. -name = "aws-k8s-1_27-nvidia" -version = "0.1.0" -edition = "2021" -publish = false -build = "../build.rs" -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[package.metadata.build-variant.image-layout] -os-image-size-gib = 4 - -[package.metadata.build-variant.image-features] -grub-set-private-var = true - -[package.metadata.build-variant] -included-packages = [ - "aws-iam-authenticator", - "cni", - "cni-plugins", - "kernel-5.15", - "kubelet-1.27", - "release", - "nvidia-container-toolkit-k8s", - "nvidia-k8s-device-plugin", - "kmod-5.15-nvidia-tesla-535", -] -kernel-parameters = [ - "console=tty0", - "console=ttyS0,115200n8", - "net.ifnames=0", - "netdog.default-interface=eth0:dhcp4,dhcp6?", - "quiet", -] - -[lib] -path = "../variants.rs" - -[build-dependencies] -aws-iam-authenticator = { path = "../../packages/aws-iam-authenticator" } -cni = { path = "../../packages/cni" } -cni-plugins = { path = "../../packages/cni-plugins" } -kernel-5_15 = { path = "../../packages/kernel-5.15" } -kubernetes-1_27 = { path = "../../packages/kubernetes-1.27" } -release = { path = "../../packages/release" } -nvidia-container-toolkit = { path = "../../packages/nvidia-container-toolkit" } -nvidia-k8s-device-plugin = { path = "../../packages/nvidia-k8s-device-plugin" } -kmod-5_15-nvidia = { path = "../../packages/kmod-5.15-nvidia" } diff --git a/variants/aws-k8s-1.27/Cargo.toml b/variants/aws-k8s-1.27/Cargo.toml deleted file mode 100644 index c95f1cbdf..000000000 --- a/variants/aws-k8s-1.27/Cargo.toml +++ /dev/null @@ -1,41 +0,0 @@ -[package] -# This is the aws-k8s-1.27 variant. "." is not allowed in crate names, but we -# don't use this crate name anywhere. -name = "aws-k8s-1_27" -version = "0.1.0" -edition = "2021" -publish = false -build = "../build.rs" -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[package.metadata.build-variant.image-features] -grub-set-private-var = true - -[package.metadata.build-variant] -included-packages = [ - "aws-iam-authenticator", - "cni", - "cni-plugins", - "kernel-5.15", - "kubelet-1.27", - "release", -] -kernel-parameters = [ - "console=tty0", - "console=ttyS0,115200n8", - "net.ifnames=0", - "netdog.default-interface=eth0:dhcp4,dhcp6?", - "quiet", -] - -[lib] -path = "../variants.rs" - -[build-dependencies] -aws-iam-authenticator = { path = "../../packages/aws-iam-authenticator" } -cni = { path = "../../packages/cni" } -cni-plugins = { path = "../../packages/cni-plugins" } -kernel-5_15 = { path = "../../packages/kernel-5.15" } -kubernetes-1_27 = { path = "../../packages/kubernetes-1.27" } -release = { path = "../../packages/release" } diff --git a/variants/aws-k8s-1.28-nvidia/Cargo.toml b/variants/aws-k8s-1.28-nvidia/Cargo.toml deleted file mode 100644 index 33c4908b9..000000000 --- a/variants/aws-k8s-1.28-nvidia/Cargo.toml +++ /dev/null @@ -1,59 +0,0 @@ -[package] -# This is the aws-k8s-1.28-nvidia variant. "." is not allowed in crate names, but we -# don't use this crate name anywhere. -name = "aws-k8s-1_28-nvidia" -version = "0.1.0" -edition = "2021" -publish = false -build = "../build.rs" -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[package.metadata.build-variant.image-layout] -os-image-size-gib = 4 - -[package.metadata.build-variant.image-features] -grub-set-private-var = true -uefi-secure-boot = true -xfs-data-partition = true -systemd-networkd = true - -[package.metadata.build-variant] -included-packages = [ - # core - "release", - "kernel-6.1", - # k8s - "cni", - "cni-plugins", - "kubelet-1.28", - "aws-iam-authenticator", - # nvidia - "nvidia-container-toolkit-k8s", - "nvidia-k8s-device-plugin", - "kmod-6.1-nvidia-tesla-535", -] -kernel-parameters = [ - "console=tty0", - "console=ttyS0,115200n8", - "net.ifnames=0", - "netdog.default-interface=eth0:dhcp4,dhcp6?", - "quiet", -] - -[lib] -path = "../variants.rs" - -[build-dependencies] -# core -release = { path = "../../packages/release" } -kernel-6_1 = { path = "../../packages/kernel-6.1" } -# k8s -cni = { path = "../../packages/cni" } -cni-plugins = { path = "../../packages/cni-plugins" } -kubernetes-1_28 = { path = "../../packages/kubernetes-1.28" } -aws-iam-authenticator = { path = "../../packages/aws-iam-authenticator" } -# nvidia -nvidia-container-toolkit = { path = "../../packages/nvidia-container-toolkit" } -nvidia-k8s-device-plugin = { path = "../../packages/nvidia-k8s-device-plugin" } -kmod-6_1-nvidia = { path = "../../packages/kmod-6.1-nvidia" } diff --git a/variants/aws-k8s-1.28/Cargo.toml b/variants/aws-k8s-1.28/Cargo.toml deleted file mode 100644 index baacf5eb1..000000000 --- a/variants/aws-k8s-1.28/Cargo.toml +++ /dev/null @@ -1,48 +0,0 @@ -[package] -# This is the aws-k8s-1.28 variant. "." is not allowed in crate names, but we -# don't use this crate name anywhere. -name = "aws-k8s-1_28" -version = "0.1.0" -edition = "2021" -publish = false -build = "../build.rs" -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[package.metadata.build-variant.image-features] -grub-set-private-var = true -uefi-secure-boot = true -xfs-data-partition = true -systemd-networkd = true - -[package.metadata.build-variant] -included-packages = [ -# core - "release", - "kernel-6.1", -# k8s - "cni", - "cni-plugins", - "kubelet-1.28", - "aws-iam-authenticator", -] -kernel-parameters = [ - "console=tty0", - "console=ttyS0,115200n8", - "net.ifnames=0", - "netdog.default-interface=eth0:dhcp4,dhcp6?", - "quiet", -] - -[lib] -path = "../variants.rs" - -[build-dependencies] -# core -release = { path = "../../packages/release" } -kernel-6_1 = { path = "../../packages/kernel-6.1" } -# k8s -cni = { path = "../../packages/cni" } -cni-plugins = { path = "../../packages/cni-plugins" } -kubernetes-1_28 = { path = "../../packages/kubernetes-1.28" } -aws-iam-authenticator = { path = "../../packages/aws-iam-authenticator" } diff --git a/variants/aws-k8s-1.29-nvidia/Cargo.toml b/variants/aws-k8s-1.29-nvidia/Cargo.toml deleted file mode 100644 index d47f1a03c..000000000 --- a/variants/aws-k8s-1.29-nvidia/Cargo.toml +++ /dev/null @@ -1,59 +0,0 @@ -[package] -# This is the aws-k8s-1.29-nvidia variant. "." is not allowed in crate names, but we -# don't use this crate name anywhere. -name = "aws-k8s-1_29-nvidia" -version = "0.1.0" -edition = "2021" -publish = false -build = "../build.rs" -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[package.metadata.build-variant.image-layout] -os-image-size-gib = 4 - -[package.metadata.build-variant.image-features] -grub-set-private-var = true -uefi-secure-boot = true -xfs-data-partition = true -systemd-networkd = true - -[package.metadata.build-variant] -included-packages = [ - # core - "release", - "kernel-6.1", - # k8s - "cni", - "cni-plugins", - "kubelet-1.29", - "aws-iam-authenticator", - # nvidia - "nvidia-container-toolkit-k8s", - "nvidia-k8s-device-plugin", - "kmod-6.1-nvidia-tesla-535", -] -kernel-parameters = [ - "console=tty0", - "console=ttyS0,115200n8", - "net.ifnames=0", - "netdog.default-interface=eth0:dhcp4,dhcp6?", - "quiet", -] - -[lib] -path = "../variants.rs" - -[build-dependencies] -# core -release = { path = "../../packages/release" } -kernel-6_1 = { path = "../../packages/kernel-6.1" } -# k8s -cni = { path = "../../packages/cni" } -cni-plugins = { path = "../../packages/cni-plugins" } -kubernetes-1_29 = { path = "../../packages/kubernetes-1.29" } -aws-iam-authenticator = { path = "../../packages/aws-iam-authenticator" } -# nvidia -nvidia-container-toolkit = { path = "../../packages/nvidia-container-toolkit" } -nvidia-k8s-device-plugin = { path = "../../packages/nvidia-k8s-device-plugin" } -kmod-6_1-nvidia = { path = "../../packages/kmod-6.1-nvidia" } diff --git a/variants/aws-k8s-1.29/Cargo.toml b/variants/aws-k8s-1.29/Cargo.toml deleted file mode 100644 index f229776eb..000000000 --- a/variants/aws-k8s-1.29/Cargo.toml +++ /dev/null @@ -1,48 +0,0 @@ -[package] -# This is the aws-k8s-1.29 variant. "." is not allowed in crate names, but we -# don't use this crate name anywhere. -name = "aws-k8s-1_29" -version = "0.1.0" -edition = "2021" -publish = false -build = "../build.rs" -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[package.metadata.build-variant.image-features] -grub-set-private-var = true -uefi-secure-boot = true -xfs-data-partition = true -systemd-networkd = true - -[package.metadata.build-variant] -included-packages = [ -# core - "release", - "kernel-6.1", -# k8s - "cni", - "cni-plugins", - "kubelet-1.29", - "aws-iam-authenticator", -] -kernel-parameters = [ - "console=tty0", - "console=ttyS0,115200n8", - "net.ifnames=0", - "netdog.default-interface=eth0:dhcp4,dhcp6?", - "quiet", -] - -[lib] -path = "../variants.rs" - -[build-dependencies] -# core -release = { path = "../../packages/release" } -kernel-6_1 = { path = "../../packages/kernel-6.1" } -# k8s -cni = { path = "../../packages/cni" } -cni-plugins = { path = "../../packages/cni-plugins" } -kubernetes-1_29 = { path = "../../packages/kubernetes-1.29" } -aws-iam-authenticator = { path = "../../packages/aws-iam-authenticator" } diff --git a/variants/aws-k8s-1.30-nvidia/Cargo.toml b/variants/aws-k8s-1.30-nvidia/Cargo.toml deleted file mode 100644 index a6a382c77..000000000 --- a/variants/aws-k8s-1.30-nvidia/Cargo.toml +++ /dev/null @@ -1,59 +0,0 @@ -[package] -# This is the aws-k8s-1.30-nvidia variant. "." is not allowed in crate names, but we -# don't use this crate name anywhere. -name = "aws-k8s-1_30-nvidia" -version = "0.1.0" -edition = "2021" -publish = false -build = "../build.rs" -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[package.metadata.build-variant.image-layout] -os-image-size-gib = 4 - -[package.metadata.build-variant.image-features] -grub-set-private-var = true -uefi-secure-boot = true -xfs-data-partition = true -systemd-networkd = true - -[package.metadata.build-variant] -included-packages = [ - # core - "release", - "kernel-6.1", - # k8s - "cni", - "cni-plugins", - "kubelet-1.30", - "aws-iam-authenticator", - # nvidia - "nvidia-container-toolkit-k8s", - "nvidia-k8s-device-plugin", - "kmod-6.1-nvidia-tesla-535", -] -kernel-parameters = [ - "console=tty0", - "console=ttyS0,115200n8", - "net.ifnames=0", - "netdog.default-interface=eth0:dhcp4,dhcp6?", - "quiet", -] - -[lib] -path = "../variants.rs" - -[build-dependencies] -# core -release = { path = "../../packages/release" } -kernel-6_1 = { path = "../../packages/kernel-6.1" } -# k8s -cni = { path = "../../packages/cni" } -cni-plugins = { path = "../../packages/cni-plugins" } -kubernetes-1_30 = { path = "../../packages/kubernetes-1.30" } -aws-iam-authenticator = { path = "../../packages/aws-iam-authenticator" } -# nvidia -nvidia-container-toolkit = { path = "../../packages/nvidia-container-toolkit" } -nvidia-k8s-device-plugin = { path = "../../packages/nvidia-k8s-device-plugin" } -kmod-6_1-nvidia = { path = "../../packages/kmod-6.1-nvidia" } diff --git a/variants/aws-k8s-1.30/Cargo.toml b/variants/aws-k8s-1.30/Cargo.toml deleted file mode 100644 index 02dfe30e7..000000000 --- a/variants/aws-k8s-1.30/Cargo.toml +++ /dev/null @@ -1,48 +0,0 @@ -[package] -# This is the aws-k8s-1.30 variant. "." is not allowed in crate names, but we -# don't use this crate name anywhere. -name = "aws-k8s-1_30" -version = "0.1.0" -edition = "2021" -publish = false -build = "../build.rs" -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[package.metadata.build-variant.image-features] -grub-set-private-var = true -uefi-secure-boot = true -xfs-data-partition = true -systemd-networkd = true - -[package.metadata.build-variant] -included-packages = [ -# core - "release", - "kernel-6.1", -# k8s - "cni", - "cni-plugins", - "kubelet-1.30", - "aws-iam-authenticator", -] -kernel-parameters = [ - "console=tty0", - "console=ttyS0,115200n8", - "net.ifnames=0", - "netdog.default-interface=eth0:dhcp4,dhcp6?", - "quiet", -] - -[lib] -path = "../variants.rs" - -[build-dependencies] -# core -release = { path = "../../packages/release" } -kernel-6_1 = { path = "../../packages/kernel-6.1" } -# k8s -cni = { path = "../../packages/cni" } -cni-plugins = { path = "../../packages/cni-plugins" } -kubernetes-1_30 = { path = "../../packages/kubernetes-1.30" } -aws-iam-authenticator = { path = "../../packages/aws-iam-authenticator" } diff --git a/variants/metal-dev/Cargo.toml b/variants/metal-dev/Cargo.toml deleted file mode 100644 index 414862ce3..000000000 --- a/variants/metal-dev/Cargo.toml +++ /dev/null @@ -1,57 +0,0 @@ -[package] -name = "metal-dev" -version = "0.1.0" -edition = "2021" -publish = false -build = "../build.rs" -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[package.metadata.build-variant.image-layout] -partition-plan = "unified" - -[package.metadata.build-variant.image-features] -grub-set-private-var = true -xfs-data-partition = true -uefi-secure-boot = true -systemd-networkd = true - -[package.metadata.build-variant] -image-format = "raw" -kernel-parameters = [ - # Only reserve if there are at least 2GB - "crashkernel=2G-:256M" -] -included-packages = [ -# core - "release", - "kernel-6.1", - "linux-firmware", -# docker - "docker-cli", - "docker-engine", - "docker-init", -# tools - "login", - "iputils", - "strace", - "chrony-tools", -] - -[lib] -path = "../variants.rs" - -[build-dependencies] -# core -release = { path = "../../packages/release" } -kernel-6_1 = { path = "../../packages/kernel-6.1" } -linux-firmware = { path = "../../packages/linux-firmware" } -# docker -docker-cli = { path = "../../packages/docker-cli" } -docker-engine = { path = "../../packages/docker-engine" } -docker-init = { path = "../../packages/docker-init" } -# tools -login = { path = "../../packages/login" } -iputils = { path = "../../packages/iputils" } -strace = { path = "../../packages/strace" } -chrony = { path = "../../packages/chrony" } diff --git a/variants/metal-k8s-1.27/Cargo.toml b/variants/metal-k8s-1.27/Cargo.toml deleted file mode 100644 index 81694d39c..000000000 --- a/variants/metal-k8s-1.27/Cargo.toml +++ /dev/null @@ -1,46 +0,0 @@ -[package] -# This is the metal-k8s-1.27 variant. "." is not allowed in crate names, but -# we don't use this crate name anywhere. -name = "metal-k8s-1_27" -version = "0.1.0" -edition = "2021" -publish = false -build = "../build.rs" -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[package.metadata.build-variant.image-layout] -os-image-size-gib = 4 -partition-plan = "unified" - -[package.metadata.build-variant.image-features] -grub-set-private-var = true - -[package.metadata.build-variant] -image-format = "raw" -supported-arches = ["x86_64"] -kernel-parameters = [ - # Only reserve if there are at least 2GB - "crashkernel=2G-:256M" -] -included-packages = [ - "aws-iam-authenticator", - "cni", - "cni-plugins", - "kernel-6.1", - "linux-firmware", - "kubelet-1.27", - "release", -] - -[lib] -path = "../variants.rs" - -[build-dependencies] -aws-iam-authenticator = { path = "../../packages/aws-iam-authenticator" } -cni = { path = "../../packages/cni" } -cni-plugins = { path = "../../packages/cni-plugins" } -kernel-6_1 = { path = "../../packages/kernel-6.1" } -linux-firmware = { path = "../../packages/linux-firmware" } -kubernetes-1_27 = { path = "../../packages/kubernetes-1.27" } -release = { path = "../../packages/release" } diff --git a/variants/metal-k8s-1.28/Cargo.toml b/variants/metal-k8s-1.28/Cargo.toml deleted file mode 100644 index 1f938e4ae..000000000 --- a/variants/metal-k8s-1.28/Cargo.toml +++ /dev/null @@ -1,51 +0,0 @@ -[package] -# This is the metal-k8s-1.28 variant. "." is not allowed in crate names, but -# we don't use this crate name anywhere. -name = "metal-k8s-1_28" -version = "0.1.0" -edition = "2021" -publish = false -build = "../build.rs" -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[package.metadata.build-variant.image-layout] -os-image-size-gib = 4 -partition-plan = "unified" - -[package.metadata.build-variant.image-features] -grub-set-private-var = true -uefi-secure-boot = true -xfs-data-partition = true -systemd-networkd = true - -[package.metadata.build-variant] -image-format = "raw" -supported-arches = ["x86_64"] -kernel-parameters = [ - # Only reserve if there are at least 2GB - "crashkernel=2G-:256M" -] -included-packages = [ - # core - "release", - "kernel-6.1", - # k8s - "aws-iam-authenticator", - "cni", - "cni-plugins", - "kubelet-1.28", -] - -[lib] -path = "../variants.rs" - -[build-dependencies] -# core -release = { path = "../../packages/release" } -kernel-6_1 = { path = "../../packages/kernel-6.1" } -# k8s -aws-iam-authenticator = { path = "../../packages/aws-iam-authenticator" } -cni = { path = "../../packages/cni" } -cni-plugins = { path = "../../packages/cni-plugins" } -kubernetes-1_28 = { path = "../../packages/kubernetes-1.28" } diff --git a/variants/metal-k8s-1.29/Cargo.toml b/variants/metal-k8s-1.29/Cargo.toml deleted file mode 100644 index fe2a84c73..000000000 --- a/variants/metal-k8s-1.29/Cargo.toml +++ /dev/null @@ -1,51 +0,0 @@ -[package] -# This is the metal-k8s-1.29 variant. "." is not allowed in crate names, but -# we don't use this crate name anywhere. -name = "metal-k8s-1_29" -version = "0.1.0" -edition = "2021" -publish = false -build = "../build.rs" -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[package.metadata.build-variant.image-layout] -os-image-size-gib = 4 -partition-plan = "unified" - -[package.metadata.build-variant.image-features] -grub-set-private-var = true -uefi-secure-boot = true -xfs-data-partition = true -systemd-networkd = true - -[package.metadata.build-variant] -image-format = "raw" -supported-arches = ["x86_64"] -kernel-parameters = [ - # Only reserve if there are at least 2GB - "crashkernel=2G-:256M" -] -included-packages = [ - # core - "release", - "kernel-6.1", - # k8s - "aws-iam-authenticator", - "cni", - "cni-plugins", - "kubelet-1.29", -] - -[lib] -path = "../variants.rs" - -[build-dependencies] -# core -release = { path = "../../packages/release" } -kernel-6_1 = { path = "../../packages/kernel-6.1" } -# k8s -aws-iam-authenticator = { path = "../../packages/aws-iam-authenticator" } -cni = { path = "../../packages/cni" } -cni-plugins = { path = "../../packages/cni-plugins" } -kubernetes-1_29 = { path = "../../packages/kubernetes-1.29" } diff --git a/variants/shared/template-split-secboot.ovf b/variants/shared/template-split-secboot.ovf deleted file mode 100644 index a521b8f21..000000000 --- a/variants/shared/template-split-secboot.ovf +++ /dev/null @@ -1,97 +0,0 @@ - - - - - - - - List of the virtual disks - - - - - The list of logical networks - - The network - - - - A Virtual machine - - The operating system installed - Other 4.x or later Linux (64-bit) - - - Virtual hardware requirements - - Virtual Hardware Family - 0 - vmx-15 - - - hertz * 10^6 - Number of Virtual CPUs - 2 virtual CPU(s) - 1 - 3 - 2 - - - byte * 2^20 - Memory Size - 8192MB of memory - 2 - 4 - 8192 - - - 0 - NVMe Controller - NVMe Controller 1 - 4 - vmware.nvme.controller - 20 - - - 0 - Hard Disk 1 - ovf:/disk/vmdisk1 - 6 - 4 - 17 - - - 1 - Hard Disk 2 - ovf:/disk/vmdisk2 - 7 - 4 - 17 - - - 0 - true - VM Network - Network adapter 1 - 9 - VmxNet3 - 10 - - - - - - - - - - - - - - - - - - - diff --git a/variants/shared/template-split.ovf b/variants/shared/template-split.ovf deleted file mode 100644 index 76fc088b6..000000000 --- a/variants/shared/template-split.ovf +++ /dev/null @@ -1,89 +0,0 @@ - - - - - - - - List of the virtual disks - - - - - The list of logical networks - - The network - - - - A Virtual machine - - The operating system installed - Other 4.x or later Linux (64-bit) - - - Virtual hardware requirements - - Virtual Hardware Family - 0 - vmx-15 - - - hertz * 10^6 - Number of Virtual CPUs - 2 virtual CPU(s) - 1 - 3 - 2 - - - byte * 2^20 - Memory Size - 8192MB of memory - 2 - 4 - 8192 - - - 0 - NVMe Controller - NVMe Controller 1 - 4 - vmware.nvme.controller - 20 - - - 0 - Hard Disk 1 - ovf:/disk/vmdisk1 - 6 - 4 - 17 - - - 1 - Hard Disk 2 - ovf:/disk/vmdisk2 - 7 - 4 - 17 - - - 0 - true - VM Network - Network adapter 1 - 9 - VmxNet3 - 10 - - - - - - - - - - - diff --git a/variants/shared/template-unified-secboot.ovf b/variants/shared/template-unified-secboot.ovf deleted file mode 100644 index a6df2e2ec..000000000 --- a/variants/shared/template-unified-secboot.ovf +++ /dev/null @@ -1,87 +0,0 @@ - - - - - - - List of the virtual disks - - - - The list of logical networks - - The network - - - - A Virtual machine - - The operating system installed - Other 4.x or later Linux (64-bit) - - - Virtual hardware requirements - - Virtual Hardware Family - 0 - vmx-15 - - - hertz * 10^6 - Number of Virtual CPUs - 2 virtual CPU(s) - 1 - 3 - 2 - - - byte * 2^20 - Memory Size - 8192MB of memory - 2 - 4 - 8192 - - - 0 - NVMe Controller - NVMe Controller 1 - 4 - vmware.nvme.controller - 20 - - - 0 - Hard Disk 1 - ovf:/disk/vmdisk1 - 6 - 4 - 17 - - - 0 - true - VM Network - Network adapter 1 - 9 - VmxNet3 - 10 - - - - - - - - - - - - - - - - - - - diff --git a/variants/shared/template-unified.ovf b/variants/shared/template-unified.ovf deleted file mode 100644 index 817aafae9..000000000 --- a/variants/shared/template-unified.ovf +++ /dev/null @@ -1,79 +0,0 @@ - - - - - - - List of the virtual disks - - - - The list of logical networks - - The network - - - - A Virtual machine - - The operating system installed - Other 4.x or later Linux (64-bit) - - - Virtual hardware requirements - - Virtual Hardware Family - 0 - vmx-15 - - - hertz * 10^6 - Number of Virtual CPUs - 2 virtual CPU(s) - 1 - 3 - 2 - - - byte * 2^20 - Memory Size - 8192MB of memory - 2 - 4 - 8192 - - - 0 - NVMe Controller - NVMe Controller 1 - 4 - vmware.nvme.controller - 20 - - - 0 - Hard Disk 1 - ovf:/disk/vmdisk1 - 6 - 4 - 17 - - - 0 - true - VM Network - Network adapter 1 - 9 - VmxNet3 - 10 - - - - - - - - - - - diff --git a/variants/vmware-dev/Cargo.toml b/variants/vmware-dev/Cargo.toml deleted file mode 100644 index e5d568842..000000000 --- a/variants/vmware-dev/Cargo.toml +++ /dev/null @@ -1,62 +0,0 @@ -[package] -name = "vmware-dev" -version = "0.1.0" -edition = "2021" -publish = false -build = "../build.rs" -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[package.metadata.build-variant.image-layout] -partition-plan = "unified" - -[package.metadata.build-variant.image-features] -grub-set-private-var = true -xfs-data-partition = true -uefi-secure-boot = true -systemd-networkd = true - -[package.metadata.build-variant] -image-format = "vmdk" -supported-arches = ["x86_64"] -kernel-parameters = [ - "console=tty1", - # Only reserve if there are at least 2GB - "crashkernel=2G-:256M", - "net.ifnames=0", - "netdog.default-interface=eth0:dhcp4,dhcp6?", - "quiet", -] -included-packages = [ -# core - "release", - "kernel-6.1", - "open-vm-tools", -# docker - "docker-cli", - "docker-engine", - "docker-init", -# tools - "login", - "iputils", - "strace", - "chrony-tools", -] - -[lib] -path = "../variants.rs" - -[build-dependencies] -# core -release = { path = "../../packages/release" } -kernel-6_1 = { path = "../../packages/kernel-6.1" } -open-vm-tools = { path = "../../packages/open-vm-tools" } -# docker -docker-cli = { path = "../../packages/docker-cli" } -docker-engine = { path = "../../packages/docker-engine" } -docker-init = { path = "../../packages/docker-init" } -# tools -login = { path = "../../packages/login" } -iputils = { path = "../../packages/iputils" } -strace = { path = "../../packages/strace" } -chrony = { path = "../../packages/chrony" } diff --git a/variants/vmware-dev/template.ovf b/variants/vmware-dev/template.ovf deleted file mode 120000 index db70bac6f..000000000 --- a/variants/vmware-dev/template.ovf +++ /dev/null @@ -1 +0,0 @@ -../shared/template-unified-secboot.ovf \ No newline at end of file diff --git a/variants/vmware-k8s-1.27/Cargo.toml b/variants/vmware-k8s-1.27/Cargo.toml deleted file mode 100644 index 52c262b39..000000000 --- a/variants/vmware-k8s-1.27/Cargo.toml +++ /dev/null @@ -1,47 +0,0 @@ -[package] -# This is the vmware-k8s-1.27 variant. "." is not allowed in crate names, but -# we don't use this crate name anywhere. -name = "vmware-k8s-1_27" -version = "0.1.0" -edition = "2021" -publish = false -build = "../build.rs" -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[package.metadata.build-variant.image-layout] -partition-plan = "unified" - -[package.metadata.build-variant.image-features] -grub-set-private-var = true - -[package.metadata.build-variant] -image-format = "vmdk" -supported-arches = ["x86_64"] -kernel-parameters = [ - "console=tty1", - # Only reserve if there are at least 2GB - "crashkernel=2G-:256M", - "net.ifnames=0", - "netdog.default-interface=eth0:dhcp4,dhcp6?", - "quiet", -] -included-packages = [ - "cni", - "cni-plugins", - "kernel-6.1", - "kubelet-1.27", - "open-vm-tools", - "release", -] - -[lib] -path = "../variants.rs" - -[build-dependencies] -cni = { path = "../../packages/cni" } -cni-plugins = { path = "../../packages/cni-plugins" } -kernel-6_1 = { path = "../../packages/kernel-6.1" } -kubernetes-1_27 = { path = "../../packages/kubernetes-1.27" } -open-vm-tools = { path = "../../packages/open-vm-tools" } -release = { path = "../../packages/release" } diff --git a/variants/vmware-k8s-1.27/template.ovf b/variants/vmware-k8s-1.27/template.ovf deleted file mode 120000 index e301e3bb0..000000000 --- a/variants/vmware-k8s-1.27/template.ovf +++ /dev/null @@ -1 +0,0 @@ -../shared/template-unified.ovf \ No newline at end of file diff --git a/variants/vmware-k8s-1.28/Cargo.toml b/variants/vmware-k8s-1.28/Cargo.toml deleted file mode 100644 index bbf4aed47..000000000 --- a/variants/vmware-k8s-1.28/Cargo.toml +++ /dev/null @@ -1,56 +0,0 @@ -[package] -# This is the vmware-k8s-1.28 variant. "." is not allowed in crate names, but -# we don't use this crate name anywhere. -name = "vmware-k8s-1_28" -version = "0.1.0" -edition = "2021" -publish = false -build = "../build.rs" -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[package.metadata.build-variant.image-layout] -partition-plan = "unified" - -[package.metadata.build-variant.image-features] -grub-set-private-var = true -uefi-secure-boot = true -xfs-data-partition = true -systemd-networkd = true - -[package.metadata.build-variant] -image-format = "vmdk" -supported-arches = ["x86_64"] -kernel-parameters = [ - "console=tty1", - # Only reserve if there are at least 2GB - "crashkernel=2G-:256M", - "net.ifnames=0", - "netdog.default-interface=eth0:dhcp4,dhcp6?", - "quiet", -] -included-packages = [ - # core - "release", - "kernel-6.1", - # k8s - "cni", - "cni-plugins", - "kubelet-1.28", - # vmware - "open-vm-tools", -] - -[lib] -path = "../variants.rs" - -[build-dependencies] -# core -release = { path = "../../packages/release" } -kernel-6_1 = { path = "../../packages/kernel-6.1" } -# k8s -cni = { path = "../../packages/cni" } -cni-plugins = { path = "../../packages/cni-plugins" } -kubernetes-1_28 = { path = "../../packages/kubernetes-1.28" } -# vmware -open-vm-tools = { path = "../../packages/open-vm-tools" } diff --git a/variants/vmware-k8s-1.28/template.ovf b/variants/vmware-k8s-1.28/template.ovf deleted file mode 120000 index db70bac6f..000000000 --- a/variants/vmware-k8s-1.28/template.ovf +++ /dev/null @@ -1 +0,0 @@ -../shared/template-unified-secboot.ovf \ No newline at end of file diff --git a/variants/vmware-k8s-1.29/Cargo.toml b/variants/vmware-k8s-1.29/Cargo.toml deleted file mode 100644 index dd5fa5392..000000000 --- a/variants/vmware-k8s-1.29/Cargo.toml +++ /dev/null @@ -1,56 +0,0 @@ -[package] -# This is the vmware-k8s-1.29 variant. "." is not allowed in crate names, but -# we don't use this crate name anywhere. -name = "vmware-k8s-1_29" -version = "0.1.0" -edition = "2021" -publish = false -build = "../build.rs" -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[package.metadata.build-variant.image-layout] -partition-plan = "unified" - -[package.metadata.build-variant.image-features] -grub-set-private-var = true -uefi-secure-boot = true -xfs-data-partition = true -systemd-networkd = true - -[package.metadata.build-variant] -image-format = "vmdk" -supported-arches = ["x86_64"] -kernel-parameters = [ - "console=tty1", - # Only reserve if there are at least 2GB - "crashkernel=2G-:256M", - "net.ifnames=0", - "netdog.default-interface=eth0:dhcp4,dhcp6?", - "quiet", -] -included-packages = [ - # core - "release", - "kernel-6.1", - # k8s - "cni", - "cni-plugins", - "kubelet-1.29", - # vmware - "open-vm-tools", -] - -[lib] -path = "../variants.rs" - -[build-dependencies] -# core -release = { path = "../../packages/release" } -kernel-6_1 = { path = "../../packages/kernel-6.1" } -# k8s -cni = { path = "../../packages/cni" } -cni-plugins = { path = "../../packages/cni-plugins" } -kubernetes-1_29 = { path = "../../packages/kubernetes-1.29" } -# vmware -open-vm-tools = { path = "../../packages/open-vm-tools" } diff --git a/variants/vmware-k8s-1.29/template.ovf b/variants/vmware-k8s-1.29/template.ovf deleted file mode 120000 index db70bac6f..000000000 --- a/variants/vmware-k8s-1.29/template.ovf +++ /dev/null @@ -1 +0,0 @@ -../shared/template-unified-secboot.ovf \ No newline at end of file diff --git a/variants/vmware-k8s-1.30/Cargo.toml b/variants/vmware-k8s-1.30/Cargo.toml deleted file mode 100644 index 814d6fa16..000000000 --- a/variants/vmware-k8s-1.30/Cargo.toml +++ /dev/null @@ -1,56 +0,0 @@ -[package] -# This is the vmware-k8s-1.30 variant. "." is not allowed in crate names, but -# we don't use this crate name anywhere. -name = "vmware-k8s-1_30" -version = "0.1.0" -edition = "2021" -publish = false -build = "../build.rs" -# Don't rebuild crate just because of changes to README. -exclude = ["README.md"] - -[package.metadata.build-variant.image-layout] -partition-plan = "unified" - -[package.metadata.build-variant.image-features] -grub-set-private-var = true -uefi-secure-boot = true -xfs-data-partition = true -systemd-networkd = true - -[package.metadata.build-variant] -image-format = "vmdk" -supported-arches = ["x86_64"] -kernel-parameters = [ - "console=tty1", - # Only reserve if there are at least 2GB - "crashkernel=2G-:256M", - "net.ifnames=0", - "netdog.default-interface=eth0:dhcp4,dhcp6?", - "quiet", -] -included-packages = [ - # core - "release", - "kernel-6.1", - # k8s - "cni", - "cni-plugins", - "kubelet-1.30", - # vmware - "open-vm-tools", -] - -[lib] -path = "../variants.rs" - -[build-dependencies] -# core -release = { path = "../../packages/release" } -kernel-6_1 = { path = "../../packages/kernel-6.1" } -# k8s -cni = { path = "../../packages/cni" } -cni-plugins = { path = "../../packages/cni-plugins" } -kubernetes-1_30 = { path = "../../packages/kubernetes-1.30" } -# vmware -open-vm-tools = { path = "../../packages/open-vm-tools" } diff --git a/variants/vmware-k8s-1.30/template.ovf b/variants/vmware-k8s-1.30/template.ovf deleted file mode 120000 index db70bac6f..000000000 --- a/variants/vmware-k8s-1.30/template.ovf +++ /dev/null @@ -1 +0,0 @@ -../shared/template-unified-secboot.ovf \ No newline at end of file