├── dockerfiles ├── qemu │ ├── qemu-ifdown │ ├── qemu-ifup │ ├── bridge.conf │ └── Dockerfile ├── uos │ ├── .dockerignore │ ├── dockerfiles │ │ ├── wlan │ │ │ ├── wpa_supplicant.conf.template │ │ │ ├── Dockerfile │ │ │ └── init.sh │ │ └── firmware │ │ │ ├── lan │ │ │ ├── Dockerfile.redhat │ │ │ ├── Dockerfile.alpine │ │ │ ├── Dockerfile.clearlinux │ │ │ ├── Dockerfile.fedora │ │ │ ├── Dockerfile.intel.signed │ │ │ ├── Dockerfile.intel │ │ │ └── Dockerfile.ubuntu │ │ │ └── wifi │ │ │ ├── Dockerfile.redhat │ │ │ ├── Dockerfile.alpine │ │ │ ├── Dockerfile.clearlinux │ │ │ ├── Dockerfile.fedora │ │ │ ├── Dockerfile.intel.signed │ │ │ ├── Dockerfile.intel │ │ │ └── Dockerfile.ubuntu │ ├── prepInitrd.sh │ ├── files │ │ ├── etc │ │ │ └── issue │ │ └── containers │ │ │ └── services │ │ │ ├── getty │ │ │ └── lower │ │ │ │ └── etc │ │ │ │ └── motd │ │ │ └── sshd │ │ │ └── lower │ │ │ └── etc │ │ │ └── motd │ ├── Dockerfile │ ├── Dockerfile.dyninit │ ├── Dockerfile.alpine │ ├── Dockerfile.redhat │ ├── Dockerfile.clearlinux │ ├── Dockerfile.fedora │ ├── bash │ │ ├── wifi-scan │ │ ├── start │ │ ├── profile_request │ │ ├── functions │ │ └── init │ ├── Dockerfile.ubuntu │ ├── Dockerfile.intel │ ├── Dockerfile.intel.signed │ ├── uos.yml │ └── uos-wifi.yml ├── wget │ └── Dockerfile ├── nginx │ ├── openssl.cnf │ ├── Dockerfile │ └── init ├── squid │ ├── openssl.cnf │ ├── Dockerfile │ ├── init │ └── squid.conf ├── gitea │ ├── Dockerfile │ ├── docker-compose.yml │ └── init.sh ├── git │ └── Dockerfile ├── dnsmasq │ └── init.sh ├── smb │ └── Dockerfile ├── aws-cli │ └── Dockerfile ├── dyn-profile │ ├── Dockerfile │ └── profile_service.go ├── certbot │ ├── Dockerfile │ └── init ├── logging-agent │ ├── fluent-bit.conf │ ├── Dockerfile │ └── agent.sh ├── vm │ └── Dockerfile └── core │ ├── Dockerfile │ └── init.sh ├── .bdsignore.all ├── images ├── net_diag.png └── pxe_menu.png ├── template ├── pxe_bg.png ├── pxelinux.cfg │ ├── default.tail │ ├── default.dynamic │ └── default.head ├── nginx │ ├── index.html │ └── default.conf ├── registry │ └── config.yml ├── ipxe │ ├── menu.ipxe.head │ └── menu.ipxe.middle ├── logging-server │ └── fluent-bit.conf ├── squid │ └── squid.conf ├── dnsmasq │ └── dnsmasq.conf └── smb │ └── smb.conf ├── conf ├── dynamic_profiles.json ├── secrets.sample.yml ├── config.sample.yml └── config.yml ├── examples └── deploy.sh ├── scripts ├── secretconfig.sh ├── containerutils.sh ├── yamlparse.sh ├── dynamicprofile.sh ├── pxemenuutils.sh └── textutils.sh ├── CONTRIBUTING.md ├── deploy.sh ├── LICENSE ├── .gitignore ├── Jenkinsfile ├── vpxe.sh ├── run.sh ├── makeusb.sh └── docker-compose.yml /dockerfiles/qemu/qemu-ifdown: -------------------------------------------------------------------------------- 1 | 2 | : -------------------------------------------------------------------------------- /dockerfiles/uos/.dockerignore: -------------------------------------------------------------------------------- 1 | lib/* 2 | uos* -------------------------------------------------------------------------------- /.bdsignore.all: -------------------------------------------------------------------------------- 1 | artifacts 2 | avvdat.ini 3 | vsreports 4 | -------------------------------------------------------------------------------- /dockerfiles/qemu/qemu-ifup: -------------------------------------------------------------------------------- 1 | ifconfig "$1" 0.0.0.0 up 2 | brctl addif $br "$1 -------------------------------------------------------------------------------- /images/net_diag.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/intel/Edge-Software-Provisioner/HEAD/images/net_diag.png -------------------------------------------------------------------------------- /images/pxe_menu.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/intel/Edge-Software-Provisioner/HEAD/images/pxe_menu.png -------------------------------------------------------------------------------- /template/pxe_bg.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/intel/Edge-Software-Provisioner/HEAD/template/pxe_bg.png -------------------------------------------------------------------------------- /template/pxelinux.cfg/default.tail: -------------------------------------------------------------------------------- 1 | 2 | LABEL local 3 | MENU LABEL Boot local hard drive 4 | LOCALBOOT -1 5 | -------------------------------------------------------------------------------- /template/pxelinux.cfg/default.dynamic: -------------------------------------------------------------------------------- 1 | DEFAULT 1 2 | PROMPT 0 3 | TIMEOUT 0 4 | TOTALTIMEOUT 0 5 | 6 | LABEL 1 7 | MENU DEFAULT ^1) Dynamic Profile 8 | -------------------------------------------------------------------------------- /dockerfiles/uos/dockerfiles/wlan/wpa_supplicant.conf.template: -------------------------------------------------------------------------------- 1 | country=@@COUNTRY@@ 2 | update_config=1 3 | ctrl_interface=/run/wpa_supplicant 4 | 5 | network={ 6 | scan_ssid=1 7 | ssid="@@SSID@@" 8 | key_mgmt=WPA-PSK 9 | psk="@@PSK@@" 10 | } -------------------------------------------------------------------------------- /dockerfiles/wget/Dockerfile: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2019 Intel Corporation 2 | # SPDX-License-Identifier: BSD-3-Clause 3 | 4 | FROM alpine:3.14 5 | 6 | RUN apk --no-cache add ca-certificates wget && \ 7 | apk --no-cache -U upgrade 8 | 9 | WORKDIR /data 10 | -------------------------------------------------------------------------------- /dockerfiles/nginx/openssl.cnf: -------------------------------------------------------------------------------- 1 | [req] 2 | req_extensions = v3_req 3 | distinguished_name = req_distinguished_name 4 | 5 | [req_distinguished_name] 6 | 7 | [ v3_req ] 8 | basicConstraints = CA:FALSE 9 | keyUsage = nonRepudiation, digitalSignature, keyEncipherment 10 | [ v3_ca ] 11 | keyUsage = cRLSign, keyCertSign -------------------------------------------------------------------------------- /dockerfiles/squid/openssl.cnf: -------------------------------------------------------------------------------- 1 | [req] 2 | req_extensions = v3_req 3 | distinguished_name = req_distinguished_name 4 | 5 | [req_distinguished_name] 6 | 7 | [ v3_req ] 8 | basicConstraints = CA:FALSE 9 | keyUsage = nonRepudiation, digitalSignature, keyEncipherment 10 | [ v3_ca ] 11 | keyUsage = cRLSign, keyCertSign -------------------------------------------------------------------------------- /conf/dynamic_profiles.json: -------------------------------------------------------------------------------- 1 | { 2 | "hardwares": [ 3 | { 4 | "id": "1", 5 | "mac": "AA:BB:CC:11:22:33", 6 | "profile": "Ubuntu_20.04" 7 | }, 8 | { 9 | "id": "2", 10 | "cpu": "Intel(R) Xeon(R) CPU D-1557", 11 | "profile": "Ubuntu_20.04_Desktop" 12 | } 13 | ] 14 | } -------------------------------------------------------------------------------- /examples/deploy.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | if [[ $(id -u) -ne 0 ]]; then 4 | echo -e "\e[1m\e[31;1m Please run this script as root \e[0m" 5 | exit 1 6 | fi 7 | 8 | mkdir -p /opt/esp && \ 9 | cd /opt/esp && \ 10 | wget -O /opt/esp/docker-compose.yml https://github.com/myuser/esp/raw/branch/master/docker-compose.yml && \ 11 | docker-compose up -d -------------------------------------------------------------------------------- /dockerfiles/gitea/Dockerfile: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2020 Intel Corporation 2 | # SPDX-License-Identifier: BSD-3-Clause 3 | 4 | FROM gitea/gitea:1.15.3 5 | LABEL maintainer "Bryan J Rodriguez " 6 | 7 | RUN apk --no-cache add bash && \ 8 | apk --no-cache -U upgrade 9 | 10 | COPY init.sh /usr/local/bin/init.sh 11 | 12 | ENTRYPOINT [ "/usr/local/bin/init.sh" ] -------------------------------------------------------------------------------- /dockerfiles/qemu/bridge.conf: -------------------------------------------------------------------------------- 1 | # This should have the following permissions: root:qemu 0640 2 | 3 | # Allow users in the "qemu" group to add devices to "br0". 4 | allow br0 5 | 6 | # Uncomment the following line to allow users in the "bob" 7 | # group to have permissions defined in it, iff it has the 8 | # following permissions: root:bob 0640 9 | #include /etc/qemu/bob.conf 10 | -------------------------------------------------------------------------------- /dockerfiles/git/Dockerfile: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2019 Intel Corporation 2 | # SPDX-License-Identifier: BSD-3-Clause 3 | 4 | FROM alpine:3.14 5 | 6 | RUN apk --no-cache add ca-certificates git openssh-client && \ 7 | apk --no-cache -U upgrade && \ 8 | rm -rf /var/cache/apk/* 9 | 10 | ENV GIT_SSH_COMMAND="ssh -vv -o ForwardAgent=yes -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null" 11 | ENV SSH_AUTH_SOCK="/ssh-agent" 12 | 13 | 14 | WORKDIR /data 15 | -------------------------------------------------------------------------------- /dockerfiles/uos/prepInitrd.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright (C) 2019 Intel Corporation 4 | # SPDX-License-Identifier: BSD-3-Clause 5 | 6 | # old method used to detect yml file 7 | # $(basename ../*.yml | sed 's/\.[^.]*$//') 8 | 9 | mkdir -p prep/ && \ 10 | cd prep/ && \ 11 | gunzip -c < ../uos-initrd.img | cpio -i -d && \ 12 | rsync -rtc ../files/ ./ && \ 13 | find . | cpio -H newc -o | pv | xz -T0 --check=crc32 > ../uos-initrd.img && \ 14 | cd - && \ 15 | rm -fr prep/ 16 | -------------------------------------------------------------------------------- /dockerfiles/uos/files/etc/issue: -------------------------------------------------------------------------------- 1 | 2 | 3 | Intel 4 | ███████╗███████╗██████╗ ██████╗ ███████╗ 5 | ██╔════╝██╔════╝██╔══██╗ ██╗ ██╗██╔═══██╗██╔════╝ 6 | █████╗ ███████╗██████╔╝ ██║ ██║██║ ██║███████╗ 7 | ██╔══╝ ╚════██║██╔═══╝ ██║ ██║██║ ██║╚════██║ 8 | ███████╗███████║██║ ╚██████╔╝╚██████╔╝███████║ 9 | ╚══════╝╚══════╝╚═╝ ╚═════╝ ╚═════╝ ╚══════╝ 10 | Intel Edge Software Provisioner Micro OS 11 | 12 | -------------------------------------------------------------------------------- /conf/secrets.sample.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | # This is a sample file to hold secret tokens or passwords. 4 | # ESP will look for this file in the /etc/esp/ folder of the host machine 5 | # Each secret token or password can be exchanged by looking for a placeholder 6 | # ESP will search for any of the placeholders in the profile folders (only!) and exchange it with the token. 7 | 8 | #tokens: 9 | # - token: 123456ABCDEF 10 | # placeholder: @@GITHUB_TOKEN@@ 11 | # - token: this_is_user_password 12 | # placeholder: @@USER_PASS@@ 13 | -------------------------------------------------------------------------------- /dockerfiles/uos/files/containers/services/getty/lower/etc/motd: -------------------------------------------------------------------------------- 1 | 2 | 3 | Intel 4 | ███████╗███████╗██████╗ ██████╗ ███████╗ 5 | ██╔════╝██╔════╝██╔══██╗ ██╗ ██╗██╔═══██╗██╔════╝ 6 | █████╗ ███████╗██████╔╝ ██║ ██║██║ ██║███████╗ 7 | ██╔══╝ ╚════██║██╔═══╝ ██║ ██║██║ ██║╚════██║ 8 | ███████╗███████║██║ ╚██████╔╝╚██████╔╝███████║ 9 | ╚══════╝╚══════╝╚═╝ ╚═════╝ ╚═════╝ ╚══════╝ 10 | Intel Edge Software Provisioner Micro OS 11 | 12 | -------------------------------------------------------------------------------- /dockerfiles/uos/files/containers/services/sshd/lower/etc/motd: -------------------------------------------------------------------------------- 1 | 2 | 3 | Intel 4 | ███████╗███████╗██████╗ ██████╗ ███████╗ 5 | ██╔════╝██╔════╝██╔══██╗ ██╗ ██╗██╔═══██╗██╔════╝ 6 | █████╗ ███████╗██████╔╝ ██║ ██║██║ ██║███████╗ 7 | ██╔══╝ ╚════██║██╔═══╝ ██║ ██║██║ ██║╚════██║ 8 | ███████╗███████║██║ ╚██████╔╝╚██████╔╝███████║ 9 | ╚══════╝╚══════╝╚═╝ ╚═════╝ ╚═════╝ ╚══════╝ 10 | Intel Edge Software Provisioner Micro OS 11 | 12 | -------------------------------------------------------------------------------- /dockerfiles/dnsmasq/init.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Copyright (C) 2019 Intel Corporation 4 | # SPDX-License-Identifier: BSD-3-Clause 5 | 6 | # copy files to web server directory to be serverd over http 7 | rsync -rtc --exclude=images/ --exclude=pxelinux.cfg/ /srv/tftp/ /usr/share/nginx/html/tftp/ 8 | 9 | while (! ls /etc/dnsmasq/dnsmasq.conf > /dev/null 2>&1 ); do 10 | echo \"Waiting for dnsmasq.conf file to be created\"; 11 | sleep 5; 12 | done 13 | 14 | exec dnsmasq --conf-file=/etc/dnsmasq/dnsmasq.conf -d --log-dhcp --log-queries=extra -------------------------------------------------------------------------------- /dockerfiles/smb/Dockerfile: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2021 Intel Corporation 2 | # SPDX-License-Identifier: BSD-3-Clause 3 | 4 | FROM alpine:3.14 5 | LABEL maintainer "Bryan J Rodriguez " 6 | 7 | RUN apk --no-cache add \ 8 | samba-common-tools \ 9 | samba-client \ 10 | samba-server \ 11 | tini && \ 12 | apk --no-cache -U upgrade 13 | 14 | RUN mkdir /smbshare && \ 15 | chmod 777 /smbshare 16 | 17 | EXPOSE 445/tcp 18 | 19 | ENTRYPOINT [ "tini", "--" ] 20 | CMD ["/usr/sbin/smbd", "--foreground", "--no-process-group", "--log-stdout"] -------------------------------------------------------------------------------- /dockerfiles/aws-cli/Dockerfile: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2019 Intel Corporation 2 | # SPDX-License-Identifier: BSD-3-Clause 3 | 4 | FROM alpine:3.14 5 | 6 | # Versions: https://pypi.python.org/pypi/awscli#downloads 7 | ENV AWS_CLI_VERSION 1.18.223 8 | 9 | RUN apk --no-cache add \ 10 | python3 \ 11 | py3-pip \ 12 | py3-setuptools \ 13 | ca-certificates \ 14 | groff \ 15 | less && \ 16 | apk --no-cache -U upgrade && \ 17 | pip3 --no-cache-dir install awscli==${AWS_CLI_VERSION} && \ 18 | rm -rf /var/cache/apk/* 19 | 20 | WORKDIR /data 21 | -------------------------------------------------------------------------------- /template/nginx/index.html: -------------------------------------------------------------------------------- 1 | 2 | 6 | 7 | 8 | Welcome! 9 | 24 | 25 | 26 |

Welcome!

27 | 28 | 29 | -------------------------------------------------------------------------------- /template/registry/config.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | # docker run -d --restart=always -p 5000:5000 --name registry-mirror -v /var/lib/registry:/var/lib/registry registry:2 /var/lib/registry/config.yml 4 | 5 | version: 0.1 6 | log: 7 | fields: 8 | service: registry 9 | storage: 10 | cache: 11 | blobdescriptor: inmemory 12 | filesystem: 13 | rootdirectory: /var/lib/registry 14 | http: 15 | addr: :5000 16 | headers: 17 | X-Content-Type-Options: [nosniff] 18 | health: 19 | storagedriver: 20 | enabled: true 21 | interval: 10s 22 | threshold: 3 23 | proxy: 24 | remoteurl: https://registry-1.docker.io 25 | -------------------------------------------------------------------------------- /dockerfiles/uos/dockerfiles/wlan/Dockerfile: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2020 Intel Corporation 2 | # SPDX-License-Identifier: BSD-3-Clause 3 | 4 | FROM alpine:3.14 5 | LABEL maintainer "Bryan J Rodriguez " 6 | 7 | RUN apk add --no-cache \ 8 | bash \ 9 | dhcpcd \ 10 | inotify-tools \ 11 | tini \ 12 | wireless-tools \ 13 | wpa_supplicant 14 | 15 | COPY init.sh /usr/local/bin/init.sh 16 | COPY wpa_supplicant.conf.template /opt/wpa_supplicant.conf.template 17 | 18 | WORKDIR / 19 | 20 | ENV COUNTRY=us \ 21 | SSID='' \ 22 | PSK='' 23 | 24 | ENTRYPOINT ["tini", "--"] 25 | CMD ["/usr/local/bin/init.sh"] 26 | -------------------------------------------------------------------------------- /dockerfiles/squid/Dockerfile: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2020 Intel Corporation 2 | # SPDX-License-Identifier: BSD-3-Clause 3 | 4 | # Original work cam from https://github.com/alatas/squid-alpine-ssl 5 | 6 | FROM alpine:3.14 7 | LABEL maintainer "Bryan J Rodriguez " 8 | 9 | RUN apk --no-cache add \ 10 | squid \ 11 | openssl \ 12 | ca-certificates && \ 13 | apk --no-cache -U upgrade && \ 14 | update-ca-certificates 15 | 16 | COPY init /usr/local/bin/ 17 | COPY openssl.cnf /etc/ssl 18 | COPY squid.conf /etc/squid/ 19 | 20 | ENV CN=squid.local \ 21 | O=squid \ 22 | OU=squid \ 23 | C=US 24 | 25 | EXPOSE 3128 26 | EXPOSE 4128 27 | 28 | ENTRYPOINT ["/usr/local/bin/init"] 29 | -------------------------------------------------------------------------------- /scripts/secretconfig.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright (C) 2022 Intel Corporation 4 | # SPDX-License-Identifier: BSD-3-Clause 5 | 6 | # This file contains the logic for handling the secret configurations like tokens, passwords.... 7 | 8 | source "scripts/yamlparse.sh" 9 | 10 | SECRETS="conf/secrets.yml" 11 | 12 | getSecretInfo() { 13 | if [[ -f ${SECRETS} ]];then 14 | eval $(yamlParse "${SECRETS}" "secret_config_") 15 | fi 16 | } 17 | 18 | renderSecretTemplate() { 19 | local fileName=$1 20 | 21 | for (( i = 0; i < "${#secret_config_tokens__token[@]}"; i += 1)); do 22 | sed -i -e "s/${secret_config_tokens__placeholder[i]}/${secret_config_tokens__token[i]}/g" ${fileName} 23 | done 24 | } 25 | -------------------------------------------------------------------------------- /dockerfiles/gitea/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: "2" 2 | 3 | networks: 4 | gitea: 5 | external: false 6 | 7 | services: 8 | mirror: 9 | image: gitea/gitea:1.12.6@sha256:0facddc4a9a1e384db5edb0a3586aa55d80a48a000a068c5864f25628c347727 10 | environment: 11 | - USER_UID=1000 12 | - USER_GID=1000 13 | - DISABLE_REGISTRATION=true 14 | - DEFAULT_PRIVATE=public 15 | - ENABLE_PUSH_CREATE_USER=true 16 | - ENABLE_PUSH_CREATE_ORG=true 17 | restart: always 18 | networks: 19 | - gitea 20 | volumes: 21 | - ../../data/gitea:/data 22 | - /etc/timezone:/etc/timezone:ro 23 | - /etc/localtime:/etc/localtime:ro 24 | ports: 25 | - "3003:3000" 26 | - "222:22" -------------------------------------------------------------------------------- /dockerfiles/uos/Dockerfile: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2020 Intel Corporation 2 | # SPDX-License-Identifier: BSD-3-Clause 3 | 4 | FROM docker:19.03.12 5 | LABEL maintainer "Bryan J Rodriguez " 6 | 7 | RUN apk update && apk add --no-cache \ 8 | bash \ 9 | cpio \ 10 | coreutils \ 11 | curl \ 12 | e2fsprogs \ 13 | lsblk \ 14 | findutils \ 15 | gzip \ 16 | dnsmasq \ 17 | dumb-init \ 18 | iptables \ 19 | ovmf \ 20 | parted \ 21 | pv \ 22 | qemu \ 23 | qemu-img \ 24 | qemu-system-x86_64 \ 25 | rsync \ 26 | syslinux \ 27 | util-linux \ 28 | xz 29 | 30 | COPY /bin/linuxkit /usr/bin/linuxkit 31 | 32 | ENTRYPOINT ["/bin/bash"] 33 | CMD [] 34 | -------------------------------------------------------------------------------- /dockerfiles/dyn-profile/Dockerfile: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2022 Intel Corporation 2 | # SPDX-License-Identifier: BSD-3-Clause 3 | 4 | FROM alpine:3.14 as build 5 | LABEL maintainer "Bryan J Rodriguez " 6 | 7 | RUN apk --update --no-cache add go 8 | 9 | COPY profile_service.go /build/profile_service.go 10 | RUN cd /build && go build profile_service.go 11 | 12 | FROM alpine:3.14 13 | 14 | RUN apk --update --no-cache add \ 15 | ca-certificates \ 16 | tini \ 17 | curl \ 18 | wget \ 19 | && update-ca-certificates 20 | 21 | COPY --from=build /build/profile_service /usr/local/bin/profile_service 22 | 23 | RUN chmod a+x /usr/local/bin/profile_service 24 | 25 | ENTRYPOINT ["/usr/local/bin/profile_service"] 26 | -------------------------------------------------------------------------------- /dockerfiles/certbot/Dockerfile: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2020 Intel Corporation 2 | # SPDX-License-Identifier: BSD-3-Clause 3 | 4 | FROM certbot/certbot:v1.21.0 5 | LABEL maintainer "Bryan J Rodriguez " 6 | 7 | RUN apk --no-cache add \ 8 | bash \ 9 | inotify-tools \ 10 | tini && \ 11 | apk --no-cache -U upgrade 12 | 13 | # assume that by going to certbot 1.21 we will get Alpine 3.14 14 | RUN apk add krb5 apk-tools --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/v3.14/main && \ 15 | apk -U upgrade busybox --repository=http://dl-cdn.alpinelinux.org/alpine/v3.14/main 16 | 17 | COPY init /usr/local/bin/ 18 | COPY scripts/ /opt/esp/scripts/ 19 | 20 | WORKDIR /opt/esp 21 | 22 | ENTRYPOINT ["tini", "--"] 23 | CMD ["/usr/local/bin/init"] -------------------------------------------------------------------------------- /dockerfiles/uos/dockerfiles/firmware/lan/Dockerfile.redhat: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2020 Intel Corporation 2 | # SPDX-License-Identifier: BSD-3-Clause 3 | 4 | FROM registry.access.redhat.com/ubi8/ubi as kernel-builder 5 | LABEL maintainer "Bryan J Rodriguez " 6 | 7 | ARG FIRMWARE=20210702-103.gitd79c2677.el8 8 | ARG ARCH=noarch 9 | 10 | RUN dnf install -y \ 11 | wget \ 12 | tar \ 13 | kmod \ 14 | cpio 15 | 16 | WORKDIR /build 17 | RUN mkdir /out 18 | 19 | RUN yum download --downloadonly --downloaddir=/build/ linux-firmware-${FIRMWARE} 20 | 21 | RUN rpm2cpio linux-firmware-${FIRMWARE}.${ARCH}.rpm | cpio -i --make-directories && \ 22 | mv usr/lib /out/ 23 | 24 | FROM scratch 25 | ENTRYPOINT [] 26 | CMD [] 27 | WORKDIR / 28 | COPY --from=kernel-builder /out/* /lib/ -------------------------------------------------------------------------------- /dockerfiles/uos/dockerfiles/firmware/wifi/Dockerfile.redhat: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2020 Intel Corporation 2 | # SPDX-License-Identifier: BSD-3-Clause 3 | 4 | FROM registry.access.redhat.com/ubi8/ubi as kernel-builder 5 | LABEL maintainer "Bryan J Rodriguez " 6 | 7 | ARG FIRMWARE=20210702-103.gitd79c2677.el8 8 | ARG ARCH=noarch 9 | 10 | RUN dnf install -y \ 11 | wget \ 12 | tar \ 13 | kmod \ 14 | cpio 15 | 16 | WORKDIR /build 17 | RUN mkdir /out 18 | 19 | RUN yum download --downloadonly --downloaddir=/build/ linux-firmware-${FIRMWARE} 20 | 21 | RUN rpm2cpio linux-firmware-${FIRMWARE}.${ARCH}.rpm | cpio -i --make-directories && \ 22 | mv usr/lib /out/ 23 | 24 | FROM scratch 25 | ENTRYPOINT [] 26 | CMD [] 27 | WORKDIR / 28 | COPY --from=kernel-builder /out/* /lib/ -------------------------------------------------------------------------------- /dockerfiles/logging-agent/fluent-bit.conf: -------------------------------------------------------------------------------- 1 | [INPUT] 2 | Name tail 3 | Path /tmp/provisioning.log 4 | Read_from_Head True 5 | Tag edgenode_provisioning 6 | 7 | [INPUT] 8 | Name tail 9 | Path /tmp/machine-scrape.log 10 | Read_from_Head True 11 | Tag edgenode_provisioning 12 | 13 | [FILTER] 14 | Name record_modifier 15 | Match * 16 | Record source edgenode 17 | Record FileType ProvisioningLog 18 | Record Serial ${SERIAL_NUMBER} 19 | 20 | [OUTPUT] 21 | Name forward 22 | Match * 23 | Host ${LOGGING_SERVER} 24 | Port 24224 25 | -------------------------------------------------------------------------------- /template/ipxe/menu.ipxe.head: -------------------------------------------------------------------------------- 1 | #!ipxe 2 | console --x 800 --y 600 --picture http://@@HOST_IP@@/tftp/pxe_bg.png || goto loadipxe 3 | 4 | # Some menu defaults 5 | set menu-timeout 20000 6 | isset ${menu-default} || set menu-default local 7 | 8 | # Figure out if client is 64-bit capable 9 | cpuid --ext 29 && set arch x64 || set arch x86 10 | cpuid --ext 29 && set archl amd64 || set archl i386 11 | cpuid --ext 29 && set efiarch 64 || set efiarch 32 12 | 13 | ###################### MAIN MENU #################################### 14 | 15 | :menu 16 | menu Boot Menu ${initiator-iqn} 17 | item --gap -- -------------------------------------------------------------------------- 18 | item --gap -- ESP Profiles 19 | item --gap -- ------------------------------------------------------------------------- 20 | item --key l local l) Boot local hard drive 21 | item --gap -- 22 | -------------------------------------------------------------------------------- /dockerfiles/logging-agent/Dockerfile: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2023 Intel Corporation 2 | # SPDX-License-Identifier: BSD-3-Clause 3 | 4 | FROM fluent/fluent-bit:latest as fluentbit 5 | 6 | FROM debian:bullseye-slim as builder 7 | 8 | # Install required packages 9 | RUN apt-get update && \ 10 | # The agent.sh dependencies 11 | apt-get install -y dmidecode util-linux pciutils curl && \ 12 | # The Fluent-Bit dependencies 13 | apt-get install -y libyaml-0-2 libpq5 && \ 14 | rm -rf /var/lib/apt/lists/* 15 | 16 | # Copy the agent script into the container 17 | COPY agent.sh /usr/bin/agent.sh 18 | RUN chmod +x /usr/bin/agent.sh 19 | 20 | COPY --from=fluentbit /fluent-bit /fluent-bit 21 | COPY fluent-bit.conf /fluent-bit/fluent-bit.conf 22 | 23 | # Run the agent script and Start the Fluent Bit service 24 | CMD ["sh", "-c", "/usr/bin/agent.sh && SERIAL_NUMBER=$(cat /tmp/serial_number) /fluent-bit/bin/fluent-bit -c /fluent-bit/fluent-bit.conf"] -------------------------------------------------------------------------------- /dockerfiles/uos/dockerfiles/firmware/lan/Dockerfile.alpine: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2021 Intel Corporation 2 | # SPDX-License-Identifier: BSD-3-Clause 3 | 4 | FROM alpine:3.14 as build 5 | LABEL maintainer "Bryan J Rodriguez " 6 | 7 | ARG CLEARLINUX_RELEASE=34270 8 | ARG FIRMWARE=wifi-20210208-154 9 | 10 | RUN apk update && apk add --no-cache \ 11 | bash \ 12 | wget \ 13 | tar \ 14 | rpm \ 15 | cpio 16 | 17 | WORKDIR /build 18 | RUN mkdir /out 19 | 20 | # https://download.clearlinux.org/releases/34270/clear/x86_64/os/Packages/linux-firmware-wifi-20210208-154.x86_64.rpm 21 | RUN wget https://download.clearlinux.org/releases/${CLEARLINUX_RELEASE}/clear/x86_64/os/Packages/linux-firmware-${FIRMWARE}.x86_64.rpm 22 | 23 | RUN rpm2cpio linux-firmware-${FIRMWARE}.x86_64.rpm | cpio -i --make-directories && \ 24 | mv usr/lib /out/ 25 | 26 | FROM scratch 27 | ENTRYPOINT [] 28 | CMD [] 29 | WORKDIR / 30 | COPY --from=build /out/lib/ /lib/ -------------------------------------------------------------------------------- /dockerfiles/uos/dockerfiles/firmware/wifi/Dockerfile.alpine: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2021 Intel Corporation 2 | # SPDX-License-Identifier: BSD-3-Clause 3 | 4 | FROM alpine:3.14 as build 5 | LABEL maintainer "Bryan J Rodriguez " 6 | 7 | ARG CLEARLINUX_RELEASE=34270 8 | ARG FIRMWARE=wifi-20210208-154 9 | 10 | RUN apk update && apk add --no-cache \ 11 | bash \ 12 | wget \ 13 | tar \ 14 | rpm \ 15 | cpio 16 | 17 | WORKDIR /build 18 | RUN mkdir /out 19 | 20 | # https://download.clearlinux.org/releases/34270/clear/x86_64/os/Packages/linux-firmware-wifi-20210208-154.x86_64.rpm 21 | RUN wget https://download.clearlinux.org/releases/${CLEARLINUX_RELEASE}/clear/x86_64/os/Packages/linux-firmware-${FIRMWARE}.x86_64.rpm 22 | 23 | RUN rpm2cpio linux-firmware-${FIRMWARE}.x86_64.rpm | cpio -i --make-directories && \ 24 | mv usr/lib /out/ 25 | 26 | FROM scratch 27 | ENTRYPOINT [] 28 | CMD [] 29 | WORKDIR / 30 | COPY --from=build /out/lib/ /lib/ -------------------------------------------------------------------------------- /dockerfiles/nginx/Dockerfile: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2020 Intel Corporation 2 | # SPDX-License-Identifier: BSD-3-Clause 3 | 4 | FROM nginx:1.21.3-alpine 5 | LABEL maintainer "Bryan J Rodriguez " 6 | 7 | RUN apk --no-cache add \ 8 | ca-certificates \ 9 | inotify-tools \ 10 | openssl \ 11 | tini \ 12 | wget && \ 13 | apk --no-cache -U upgrade && \ 14 | update-ca-certificates 15 | 16 | RUN wget -qO - https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/_internal/tls_configs/options-ssl-nginx.conf > /tmp/options-ssl-nginx.conf 17 | RUN wget -qO - https://raw.githubusercontent.com/certbot/certbot/master/certbot/certbot/ssl-dhparams.pem > /tmp/ssl-dhparams.pem 18 | 19 | COPY init /usr/local/bin/ 20 | COPY openssl.cnf /etc/ssl 21 | 22 | ENV CN=nginx.local \ 23 | O=nginx \ 24 | OU=nginx \ 25 | C=US 26 | 27 | EXPOSE 80 28 | EXPOSE 443 29 | 30 | ENTRYPOINT ["tini", "--"] 31 | CMD ["/usr/local/bin/init"] 32 | -------------------------------------------------------------------------------- /dockerfiles/uos/dockerfiles/firmware/lan/Dockerfile.clearlinux: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2021 Intel Corporation 2 | # SPDX-License-Identifier: BSD-3-Clause 3 | 4 | FROM alpine:3.14 as build 5 | LABEL maintainer "Bryan J Rodriguez " 6 | 7 | ARG CLEARLINUX_RELEASE=36410 8 | ARG FIRMWARE=wifi-20220509-171 9 | 10 | RUN apk update && apk add --no-cache \ 11 | bash \ 12 | wget \ 13 | tar \ 14 | rpm \ 15 | cpio 16 | 17 | WORKDIR /build 18 | RUN mkdir /out 19 | 20 | # https://download.clearlinux.org/releases/34270/clear/x86_64/os/Packages/linux-firmware-wifi-20210208-154.x86_64.rpm 21 | RUN wget https://download.clearlinux.org/releases/${CLEARLINUX_RELEASE}/clear/x86_64/os/Packages/linux-firmware-${FIRMWARE}.x86_64.rpm 22 | 23 | RUN rpm2cpio linux-firmware-${FIRMWARE}.x86_64.rpm | cpio -i --make-directories && \ 24 | mv usr/lib /out/ 25 | 26 | FROM scratch 27 | ENTRYPOINT [] 28 | CMD [] 29 | WORKDIR / 30 | COPY --from=build /out/lib/ /lib/ -------------------------------------------------------------------------------- /dockerfiles/uos/dockerfiles/firmware/wifi/Dockerfile.clearlinux: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2021 Intel Corporation 2 | # SPDX-License-Identifier: BSD-3-Clause 3 | 4 | FROM alpine:3.14 as build 5 | LABEL maintainer "Bryan J Rodriguez " 6 | 7 | ARG CLEARLINUX_RELEASE=36410 8 | ARG FIRMWARE=wifi-20220509-171 9 | 10 | RUN apk update && apk add --no-cache \ 11 | bash \ 12 | wget \ 13 | tar \ 14 | rpm \ 15 | cpio 16 | 17 | WORKDIR /build 18 | RUN mkdir /out 19 | 20 | # https://download.clearlinux.org/releases/34270/clear/x86_64/os/Packages/linux-firmware-wifi-20210208-154.x86_64.rpm 21 | RUN wget https://download.clearlinux.org/releases/${CLEARLINUX_RELEASE}/clear/x86_64/os/Packages/linux-firmware-${FIRMWARE}.x86_64.rpm 22 | 23 | RUN rpm2cpio linux-firmware-${FIRMWARE}.x86_64.rpm | cpio -i --make-directories && \ 24 | mv usr/lib /out/ 25 | 26 | FROM scratch 27 | ENTRYPOINT [] 28 | CMD [] 29 | WORKDIR / 30 | COPY --from=build /out/lib/ /lib/ -------------------------------------------------------------------------------- /dockerfiles/uos/dockerfiles/firmware/lan/Dockerfile.fedora: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2020 Intel Corporation 2 | # SPDX-License-Identifier: BSD-3-Clause 3 | 4 | FROM fedora:32 as kernel-builder 5 | LABEL maintainer "Bryan J Rodriguez " 6 | 7 | ARG FIRMWARE=20220310-130.fc36.noarch 8 | ARG FEDORA_RELEASE=36 9 | 10 | RUN dnf install -y \ 11 | wget \ 12 | tar \ 13 | kmod \ 14 | cpio 15 | 16 | WORKDIR /build 17 | RUN mkdir /out 18 | 19 | # https://download-ib01.fedoraproject.org/pub/fedora/linux/releases/32/Everything/x86_64/os/Packages/l/linux-firmware-20200316-106.fc32.noarch.rpm 20 | 21 | RUN wget https://download-ib01.fedoraproject.org/pub/fedora/linux/releases/${FEDORA_RELEASE}/Everything/x86_64/os/Packages/l/linux-firmware-${FIRMWARE}.rpm 22 | 23 | RUN rpm2cpio linux-firmware-${FIRMWARE}.rpm | cpio -i --make-directories && \ 24 | mv usr/lib /out/ 25 | 26 | FROM scratch 27 | ENTRYPOINT [] 28 | CMD [] 29 | WORKDIR / 30 | COPY --from=kernel-builder /out/* /lib/ 31 | -------------------------------------------------------------------------------- /dockerfiles/uos/dockerfiles/firmware/wifi/Dockerfile.fedora: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2020 Intel Corporation 2 | # SPDX-License-Identifier: BSD-3-Clause 3 | 4 | FROM fedora:32 as kernel-builder 5 | LABEL maintainer "Bryan J Rodriguez " 6 | 7 | ARG FIRMWARE=20220310-130.fc36.noarch 8 | ARG FEDORA_RELEASE=36 9 | 10 | RUN dnf install -y \ 11 | wget \ 12 | tar \ 13 | kmod \ 14 | cpio 15 | 16 | WORKDIR /build 17 | RUN mkdir /out 18 | 19 | # https://download-ib01.fedoraproject.org/pub/fedora/linux/releases/32/Everything/x86_64/os/Packages/l/linux-firmware-20200316-106.fc32.noarch.rpm 20 | 21 | RUN wget https://download-ib01.fedoraproject.org/pub/fedora/linux/releases/${FEDORA_RELEASE}/Everything/x86_64/os/Packages/l/linux-firmware-${FIRMWARE}.rpm 22 | 23 | RUN rpm2cpio linux-firmware-${FIRMWARE}.rpm | cpio -i --make-directories && \ 24 | mv usr/lib /out/ 25 | 26 | FROM scratch 27 | ENTRYPOINT [] 28 | CMD [] 29 | WORKDIR / 30 | COPY --from=kernel-builder /out/* /lib/ 31 | -------------------------------------------------------------------------------- /scripts/containerutils.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright (C) 2019 Intel Corporation 4 | # SPDX-License-Identifier: BSD-3-Clause 5 | 6 | # This file contains functions and global variables intended to make 7 | # file management easier within this application's scripts. 8 | 9 | # These are helper variables to quickly identify where things will be stored 10 | # These variables are used globally throughout this application's scripts 11 | export IMAGE_ROOT="$(pwd)/data/usr/share/nginx/html/containers" 12 | 13 | saveDockerImage() { 14 | makeDirectory ${IMAGE_ROOT} 15 | 16 | # The image list, this is where you can add more images to save to webroot 17 | local imageList=("intel/esp-logging-agent") 18 | 19 | for image in ${imageList[@]}; do 20 | # Check if docker image exists 21 | if [[ "$(docker images -q ${image} 2> /dev/null)" == "" ]]; then 22 | logMsg "Image ${image} does not exist" 23 | else 24 | logInfoMsg "Saving image ${image}" 25 | docker save ${image} | gzip > "${IMAGE_ROOT}/${image/\//_}.tar.gz" 26 | fi 27 | done 28 | } -------------------------------------------------------------------------------- /dockerfiles/vm/Dockerfile: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2020 Intel Corporation 2 | # SPDX-License-Identifier: BSD-3-Clause 3 | 4 | FROM intel/esp-qemu 5 | LABEL maintainer "Bryan J Rodriguez " 6 | 7 | COPY ${VIRTUAL_DISK} /data/volumes/vm.img 8 | 9 | ENV NAME=${NAME:-vm} \ 10 | RAM=4096 \ 11 | SMP="4,sockets=1,cores=4,threads=1" \ 12 | CPU=max \ 13 | MOUSE=none \ 14 | DISK_DEVICE=virtio \ 15 | IMAGE=/data/volumes/vm.img \ 16 | IMAGE_FORMAT=${DISK_FORMAT:-qcow2} \ 17 | IMAGE_CACHE=none \ 18 | IMAGE_DISCARD=unmap \ 19 | IMAGE_CREATE=0 \ 20 | ISO_DOWNLOAD=0 \ 21 | NETWORK=bridge \ 22 | NETWORK_BRIDGE=br0 \ 23 | NETWORK_DEVICE=e1000 \ 24 | GTK="" \ 25 | VIDEO=spice \ 26 | VNC=tcp \ 27 | VNC_IP="" \ 28 | VNC_ID=0 \ 29 | VNC_PORT="" \ 30 | VNC_SOCK="" \ 31 | SPICE=sock \ 32 | SPICE_IP=0.0.0.0 \ 33 | SPICE_PORT=5901 \ 34 | SPICE_SOCK=/var/run/kvmvideo/spice.sock \ 35 | SPICE_OPTIONS="" \ 36 | CUSTOM_VIDEO="" \ 37 | TCP_PORTS="" \ 38 | UDP_PORTS="" \ 39 | ADD_FLAGS="" \ 40 | RESOLUTION="" 41 | -------------------------------------------------------------------------------- /dockerfiles/gitea/init.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Copyright (C) 2019 Intel Corporation 4 | # SPDX-License-Identifier: BSD-3-Clause 5 | 6 | if [ -f /data/gitea/conf/app.ini ] && (cat /data/gitea/conf/app.ini | grep INSTALL_LOCK | grep true 2>&1 > /dev/null ); then 7 | echo "GitTea already configured" 8 | else 9 | echo "configuring GitTea" 10 | /usr/bin/entrypoint & 11 | sleep 5 12 | gitea manager shutdown 13 | sed -i 's/INSTALL_LOCK[ \t]*= false/INSTALL_LOCK = true/' /data/gitea/conf/app.ini && \ 14 | sed -i 's/\[repository\]/\[repository\]\nDEFAULT_PRIVATE=public\nENABLE_PUSH_CREATE_USER=true\nENABLE_PUSH_CREATE_ORG=true/' /data/gitea/conf/app.ini && \ 15 | sed -i 's/\[database\]/\[database\]\nLOG_SQL = false/' /data/gitea/conf/app.ini 16 | sleep 5 17 | /usr/bin/entrypoint & 18 | sleep 5 19 | gitea migrate 20 | sleep 5 21 | while (! gitea admin user create --admin --username mirror --password mirror --email mirror@localhost --must-change-password=false ); do 22 | echo \"Waiting for Gitea Database\"; 23 | sleep 5; 24 | done 25 | sleep 3 26 | gitea manager shutdown 27 | chown git:git /data/gitea/gitea.db 28 | sleep 5 29 | fi 30 | 31 | exec /usr/bin/entrypoint -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # How to contribute 2 | 3 | ## Branching strategy 4 | The common approach for this repo is, that the main developent branch is *main*. This branch should always be in a good state and the code from this branch should 5 | always be in a state so that it could be released any time. 6 | Releases will be done based on tags, only when needed we will create a separate branch for the release. 7 | 8 | ## Tagging 9 | Each tag should have the format *vMAJOR.MINOR.PATCH*, e.g. v2.5.0 10 | If we create a release branch, then the branch name must not be equal to the tag name. Instead, we call the branch *vMAJOR.MINOR*, e.g. v2.5 11 | On a release branch we will only do urgent bug fixes. These fixes must then be ported back to main development branch. 12 | 13 | ## Development branches 14 | Each developer should create a separate development branch (based on latest main) and give it a meaningful name like feature/FEATURE_NAME, e.g feature/add_network 15 | Development branches should be deleted after they are merged to the main branch. 16 | 17 | ## Merging to main 18 | For merging the development branches to main we use pull requests. 19 | The development branches might need a rebase on the main branch, this is highlighted on the pull request overview. 20 | -------------------------------------------------------------------------------- /deploy.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright (C) 2023 Intel Corporation 4 | # SPDX-License-Identifier: BSD-3-Clause 5 | 6 | if [[ $(id -u) -ne 0 ]]; then 7 | echo -e "\e[1m\e[31;1m Please run this script as root \e[0m" 8 | exit 1 9 | fi 10 | 11 | if (! which docker > /dev/null 2>&1); then 12 | echo -e "\e[1m\e[31;1m Please install docker before running this program \e[0m" 13 | exit 1 14 | fi 15 | 16 | if (! which docker-compose > /dev/null 2>&1); then 17 | mkdir -p /usr/local/bin 18 | wget --no-check-certificate -qO /usr/local/bin/docker-compose "https://github.com/docker/compose/releases/download/v2.20.2/docker-compose-$(uname -s)-$(uname -m)" 19 | chmod a+x /usr/local/bin/docker-compose 20 | fi 21 | 22 | if [ -z ${ESP_VERSION+x} ]; then 23 | ESP_VERSION=master 24 | fi 25 | 26 | mkdir -p /opt/esp && \ 27 | cd /opt/esp && \ 28 | wget --no-check-certificate -O /opt/esp/docker-compose.yml https://raw.githubusercontent.com/intel/Edge-Software-Provisioner/${ESP_VERSION}/compose/docker-compose.yml && \ 29 | docker-compose up -d core mirror && \ 30 | echo "Waiting for Intel ESP images to be downloaded." && \ 31 | while (! ls /opt/esp/run.sh > /dev/null 2>&1 ); do \ 32 | echo -n "."; \ 33 | sleep 5; \ 34 | done && \ 35 | ./run.sh -n 36 | -------------------------------------------------------------------------------- /dockerfiles/core/Dockerfile: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2020 Intel Corporation 2 | # SPDX-License-Identifier: BSD-3-Clause 3 | 4 | FROM docker:20.10.8 5 | LABEL maintainer "Bryan J Rodriguez " 6 | 7 | RUN apk --no-cache add \ 8 | bash \ 9 | dumb-init \ 10 | docker-compose \ 11 | inotify-tools \ 12 | git \ 13 | net-tools \ 14 | nmap \ 15 | nmap-scripts \ 16 | rsync \ 17 | syslinux \ 18 | wget && \ 19 | apk --no-cache -U upgrade && \ 20 | update-ca-certificates 21 | 22 | RUN mkdir -p /opt/core/conf /opt/core/data/srv /opt/core/scripts /opt/core/dockerfiles && \ 23 | mkdir -p /usr/local/bin && \ 24 | mkdir -p /usr/share/ipxe && \ 25 | wget -O /usr/share/ipxe/ipxe.lkrn https://boot.ipxe.org/ipxe.lkrn && \ 26 | wget -O /usr/share/ipxe/wimboot https://github.com/ipxe/wimboot/releases/latest/download/wimboot 27 | 28 | COPY files/conf/ /opt/core/conf/ 29 | COPY files/data/ /opt/core/data/ 30 | COPY files/dockerfiles/ /opt/core/dockerfiles/ 31 | COPY files/scripts/ /opt/core/scripts/ 32 | COPY files/template/ /opt/core/template/ 33 | COPY files/*.sh /opt/core/ 34 | COPY files/dockerfiles/core/init.sh /usr/local/bin/init.sh 35 | 36 | ENTRYPOINT [ "dumb-init", "/usr/local/bin/init.sh" ] 37 | -------------------------------------------------------------------------------- /dockerfiles/uos/Dockerfile.dyninit: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2020 Intel Corporation 2 | # SPDX-License-Identifier: BSD-3-Clause 3 | 4 | FROM docker:20.10.12-dind 5 | LABEL maintainer "Bryan J Rodriguez " 6 | 7 | RUN apk --no-cache add \ 8 | bash \ 9 | ca-certificates \ 10 | coreutils \ 11 | cpio \ 12 | cryptsetup \ 13 | curl \ 14 | dmidecode \ 15 | e2fsprogs \ 16 | e2fsprogs-extra \ 17 | efibootmgr \ 18 | efitools \ 19 | eudev \ 20 | expect \ 21 | file \ 22 | git \ 23 | gnupg \ 24 | grub \ 25 | grub-efi \ 26 | grub-bios \ 27 | lddtree \ 28 | lshw \ 29 | lvm2 \ 30 | netcat-openbsd \ 31 | ntfs-3g \ 32 | openssh-client \ 33 | openssl \ 34 | partx \ 35 | parted \ 36 | pciutils \ 37 | py3-pip \ 38 | rng-tools \ 39 | rsync \ 40 | sbsigntool \ 41 | supervisor \ 42 | syslinux \ 43 | util-linux \ 44 | wget \ 45 | wireless-tools \ 46 | xz && \ 47 | apk --no-cache -U upgrade 48 | 49 | RUN echo "PasswordAuthentication yes" >> /etc/ssh/sshd_config 50 | 51 | RUN mkdir -p /opt/bootstrap 52 | COPY bash/init /opt/bootstrap/ 53 | COPY bash/functions /opt/bootstrap/ 54 | COPY bash/start /opt/bootstrap/ 55 | COPY bash/profile_request /opt/bootstrap/ 56 | COPY bash/wifi-scan /opt/bootstrap/ 57 | ENTRYPOINT [] 58 | CMD ["/bin/bash","/opt/bootstrap/start"] 59 | -------------------------------------------------------------------------------- /dockerfiles/logging-agent/agent.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright (C) 2023 Intel Corporation 4 | # SPDX-License-Identifier: BSD-3-Clause 5 | 6 | OUTPUT_FILE="/tmp/machine-scrape.log" 7 | SERIAL_FILE="/tmp/serial_number" 8 | 9 | # Get external IP 10 | external_ip=$(curl -s http://whatismyip.akamai.com/ --connect-timeout 5) 11 | 12 | # Get internal IP 13 | internal_ip=$(hostname -I | awk '{print $1}') 14 | 15 | # Get PCI tree 16 | pci_tree=$(lspci) 17 | 18 | # Get motherboard model v 19 | motherboard_model=$(dmidecode -s baseboard-product-name) 20 | 21 | # Get firmware version v 22 | firmware_version=$(dmidecode -s bios-version) 23 | 24 | # Get hard drives info 25 | hard_drives=$(lsblk) 26 | 27 | # Get serial number v 28 | serial_number=$(dmidecode -s system-serial-number) 29 | 30 | if [ -z "$serial_number" ]; then 31 | echo "not_available" > $SERIAL_FILE 32 | else 33 | echo "$serial_number" > $SERIAL_FILE 34 | fi 35 | 36 | # Write the information to the log file 37 | echo "External IP: $external_ip" > $OUTPUT_FILE 38 | echo "Internal IP: $internal_ip" >> $OUTPUT_FILE 39 | echo "PCI tree:" >> $OUTPUT_FILE 40 | echo "$pci_tree" >> $OUTPUT_FILE 41 | echo "Motherboard model: $motherboard_model" >> $OUTPUT_FILE 42 | echo "Firmware version: $firmware_version" >> $OUTPUT_FILE 43 | echo "Hard drives info:" >> $OUTPUT_FILE 44 | echo "$hard_drives" >> $OUTPUT_FILE 45 | echo "Serial number: $serial_number" >> $OUTPUT_FILE -------------------------------------------------------------------------------- /dockerfiles/uos/dockerfiles/firmware/lan/Dockerfile.intel.signed: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2022 Intel Corporation 2 | # SPDX-License-Identifier: BSD-3-Clause 3 | 4 | FROM alpine:3.14 as kernel-builder 5 | LABEL maintainer "Bryan J Rodriguez " 6 | 7 | # Leave out 3rd version number. For example at the time of this file we are downloading version 1.187.33. 8 | ARG FIRMWARE=1.187 9 | 10 | RUN apk update && apk add --no-cache \ 11 | bash \ 12 | curl \ 13 | wget \ 14 | tar \ 15 | rpm \ 16 | cpio \ 17 | binutils \ 18 | xz 19 | 20 | WORKDIR /build 21 | RUN mkdir /out 22 | 23 | # List of kernels 24 | # wget -qO - https://mirrors.kernel.org/ubuntu/pool/main/l/linux/ | sed -n 's/.*href="\([^"]*\).*/\1/p' | grep -o "linux-image-unsigned-[0-9]\.[0-9]\+\.[0-9]\+-[0-9]\+-generic_[^ ]\+amd64\.deb" 25 | # https://mirrors.edge.kernel.org/ubuntu/pool/main/l/linux-firmware/linux-firmware_1.197_all.deb 26 | 27 | RUN FIRMWARE_FILE=$(curl -s https://mirrors.edge.kernel.org/ubuntu/pool/main/l/linux-firmware/ | grep -Eo linux-firmware_${FIRMWARE}.\[0-9\]\[\-\_\.0-9a-zA-Z\]+_all.deb | head -n1) && \ 28 | wget https://mirrors.edge.kernel.org/ubuntu/pool/main/l/linux-firmware/${FIRMWARE_FILE} && \ 29 | ar x ${FIRMWARE_FILE} && \ 30 | tar -xf data.tar.xz && \ 31 | mv ./lib /out/ 32 | 33 | FROM scratch 34 | ENTRYPOINT [] 35 | CMD [] 36 | WORKDIR / 37 | COPY --from=kernel-builder /out/* /lib/ 38 | -------------------------------------------------------------------------------- /dockerfiles/uos/dockerfiles/firmware/wifi/Dockerfile.intel.signed: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2022 Intel Corporation 2 | # SPDX-License-Identifier: BSD-3-Clause 3 | 4 | FROM alpine:3.14 as kernel-builder 5 | LABEL maintainer "Bryan J Rodriguez " 6 | 7 | # Leave out 3rd version number. For example at the time of this file we are downloading version 1.187.33. 8 | ARG FIRMWARE=1.187 9 | 10 | RUN apk update && apk add --no-cache \ 11 | bash \ 12 | curl \ 13 | wget \ 14 | tar \ 15 | rpm \ 16 | cpio \ 17 | binutils \ 18 | xz 19 | 20 | WORKDIR /build 21 | RUN mkdir /out 22 | 23 | # List of kernels 24 | # wget -qO - https://mirrors.kernel.org/ubuntu/pool/main/l/linux/ | sed -n 's/.*href="\([^"]*\).*/\1/p' | grep -o "linux-image-unsigned-[0-9]\.[0-9]\+\.[0-9]\+-[0-9]\+-generic_[^ ]\+amd64\.deb" 25 | # https://mirrors.edge.kernel.org/ubuntu/pool/main/l/linux-firmware/linux-firmware_1.197_all.deb 26 | 27 | RUN FIRMWARE_FILE=$(curl -s https://mirrors.edge.kernel.org/ubuntu/pool/main/l/linux-firmware/ | grep -Eo linux-firmware_${FIRMWARE}.\[0-9\]\[\-\_\.0-9a-zA-Z\]+_all.deb | head -n1) && \ 28 | wget https://mirrors.edge.kernel.org/ubuntu/pool/main/l/linux-firmware/${FIRMWARE_FILE} && \ 29 | ar x ${FIRMWARE_FILE} && \ 30 | tar -xf data.tar.xz && \ 31 | mv ./lib /out/ 32 | 33 | FROM scratch 34 | ENTRYPOINT [] 35 | CMD [] 36 | WORKDIR / 37 | COPY --from=kernel-builder /out/* /lib/ 38 | -------------------------------------------------------------------------------- /dockerfiles/uos/Dockerfile.alpine: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2019 Intel Corporation 2 | # SPDX-License-Identifier: BSD-3-Clause 3 | 4 | FROM alpine:3.14 as kernel-builder 5 | LABEL maintainer "Bryan J Rodriguez " 6 | 7 | ARG ALPINELINUX_RELEASE=edge 8 | # ARG KERNEL_VERSION=4.19.26-r0 9 | # ARG KERNEL_PREFIX=vanilla 10 | 11 | RUN apk update && apk add --no-cache \ 12 | bash \ 13 | coreutils \ 14 | cpio \ 15 | curl \ 16 | gzip \ 17 | kmod \ 18 | rpm \ 19 | tar \ 20 | wget 21 | 22 | WORKDIR /build 23 | RUN mkdir /out 24 | 25 | RUN curl -s http://dl-cdn.alpinelinux.org/alpine/${ALPINELINUX_RELEASE}/main/x86_64/ | grep -Eo linux-lts-\[0-9\]\[\-\_\.0-9a-zA-Z\]+.apk | head -n1 > /tmp/KERNEL_FILE 26 | 27 | RUN KERNEL_FILE=$(cat /tmp/KERNEL_FILE) && wget http://dl-cdn.alpinelinux.org/alpine/${ALPINELINUX_RELEASE}/main/x86_64/${KERNEL_FILE} 28 | 29 | # wget http://dl-cdn.alpinelinux.org/alpine/edge/main/x86_64/linux-vanilla-4.19.26-r0.apk 30 | 31 | RUN KERNEL_FILE=$(cat /tmp/KERNEL_FILE) && gunzip -c < ${KERNEL_FILE} | tar xf - && \ 32 | cp boot/vmlinuz* /out/kernel && \ 33 | cp boot/System* /out/System.map 34 | 35 | RUN mkdir tmp/ && mv lib/ tmp/ && \ 36 | cd tmp/ && depmod -an -b . $(ls lib/modules/) > lib/modules/$(ls lib/modules/)/modules.dep && \ 37 | tar cf /out/kernel.tar . 38 | 39 | FROM scratch 40 | ENTRYPOINT [] 41 | CMD [] 42 | WORKDIR / 43 | COPY --from=kernel-builder /out/* / 44 | -------------------------------------------------------------------------------- /dockerfiles/uos/Dockerfile.redhat: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2021 Intel Corporation 2 | # SPDX-License-Identifier: BSD-3-Clause 3 | 4 | FROM registry.access.redhat.com/ubi8/ubi as kernel-builder 5 | LABEL maintainer "Bryan J Rodriguez " 6 | 7 | ARG KERNEL_VERSION=4.18.0-348.2.1.el8_5 8 | ARG ARCH=x86_64 9 | 10 | RUN dnf install -y \ 11 | wget \ 12 | tar \ 13 | kmod \ 14 | cpio 15 | 16 | WORKDIR /build 17 | RUN mkdir /out 18 | 19 | RUN yum download --downloadonly --downloaddir=/build/ kernel-${KERNEL_VERSION}.${ARCH} kernel-core-${KERNEL_VERSION}.${ARCH} kernel-modules-${KERNEL_VERSION}.${ARCH} kernel-modules-extra-${KERNEL_VERSION}.${ARCH} 20 | 21 | RUN rpm2cpio kernel-${KERNEL_VERSION}.${ARCH}.rpm | cpio -i --make-directories && \ 22 | rpm2cpio kernel-core-${KERNEL_VERSION}.${ARCH}.rpm | cpio -i --make-directories && \ 23 | rpm2cpio kernel-modules-${KERNEL_VERSION}.${ARCH}.rpm | cpio -i --make-directories && \ 24 | rpm2cpio kernel-modules-extra-${KERNEL_VERSION}.${ARCH}.rpm | cpio -i --make-directories && \ 25 | for d in lib/modules/*; do depmod -b . $(basename $d); done && \ 26 | mv lib/modules/*/vmlinuz* /out/kernel && \ 27 | mv lib/modules/*/config* /out/kernel_config && \ 28 | mv lib/modules/*/System* /out/System.map && \ 29 | tar cf /out/kernel.tar lib && \ 30 | tar cf /out/kernel-dev.tar usr || true 31 | 32 | FROM scratch 33 | ENTRYPOINT [] 34 | CMD [] 35 | WORKDIR / 36 | COPY --from=kernel-builder /out/* / -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Copyright © 2022, Intel Corporation 2 | 3 | Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 4 | 5 | 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 6 | 7 | 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 8 | 9 | 3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. 10 | 11 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 12 | -------------------------------------------------------------------------------- /dockerfiles/uos/dockerfiles/firmware/wifi/Dockerfile.intel: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2022 Intel Corporation 2 | # SPDX-License-Identifier: BSD-3-Clause 3 | 4 | FROM alpine:3.14 as kernel-builder 5 | LABEL maintainer "Bryan J Rodriguez " 6 | 7 | # Leave out 3rd version number. For example at the time of this file we are downloading version 1.187.33. 8 | ARG FIRMWARE=1.187 9 | 10 | RUN apk update && apk add --no-cache \ 11 | bash \ 12 | curl \ 13 | wget \ 14 | tar \ 15 | rpm \ 16 | cpio \ 17 | binutils \ 18 | xz 19 | 20 | WORKDIR /build 21 | RUN mkdir /out 22 | 23 | # List of kernels 24 | # wget -qO - https://mirrors.kernel.org/ubuntu/pool/main/l/linux/ | sed -n 's/.*href="\([^"]*\).*/\1/p' | grep -o "linux-image-unsigned-[0-9]\.[0-9]\+\.[0-9]\+-[0-9]\+-generic_[^ ]\+amd64\.deb" 25 | # https://mirrors.edge.kernel.org/ubuntu/pool/main/l/linux-firmware/linux-firmware_1.197_all.deb 26 | 27 | RUN FIRMWARE_FILE=$(curl -s https://mirrors.edge.kernel.org/ubuntu/pool/main/l/linux-firmware/ | grep -Eo linux-firmware_${FIRMWARE}.\[0-9\]\[\-\_\.0-9a-zA-Z\]+_all.deb | head -n1) && \ 28 | wget https://mirrors.edge.kernel.org/ubuntu/pool/main/l/linux-firmware/${FIRMWARE_FILE} && \ 29 | ar x ${FIRMWARE_FILE} && \ 30 | tar --wildcards -xf data.tar.xz \ 31 | ./lib/firmware/*wifi* \ 32 | ./lib/firmware/*ipw* && \ 33 | mv ./lib /out/ 34 | 35 | FROM scratch 36 | ENTRYPOINT [] 37 | CMD [] 38 | WORKDIR / 39 | COPY --from=kernel-builder /out/* /lib/ 40 | -------------------------------------------------------------------------------- /template/logging-server/fluent-bit.conf: -------------------------------------------------------------------------------- 1 | [INPUT] 2 | Name forward 3 | Listen 0.0.0.0 4 | Port 24224 5 | Tag edgenode 6 | 7 | [FILTER] 8 | Name rewrite_tag 9 | Match edgenode 10 | Rule $container_name ^\/.+[-_]([a-z\-]+)[-_][0-9]+$ esp-$1 false 11 | 12 | [FILTER] 13 | Name record_modifier 14 | Match esp-* 15 | Remove_key source 16 | 17 | [FILTER] 18 | Name record_modifier 19 | Match esp-* 20 | Record source provisioning_server 21 | 22 | [FILTER] 23 | Name record_modifier 24 | Match esp-* 25 | Record host ${HOSTNAME} 26 | 27 | [OUTPUT] 28 | Name stdout 29 | Match * 30 | 31 | [OUTPUT] 32 | Name http 33 | Match esp-* 34 | Host @@LOGGING_SERVER@@ 35 | Port 443 36 | format json 37 | tls on 38 | tls.verify on 39 | tls.crt_file /fluent-bit/tls.crt 40 | tls.key_file /fluent-bit/tls.key 41 | URI /provisioning_container_logs 42 | 43 | [OUTPUT] 44 | Name http 45 | Match edgenode 46 | Host @@LOGGING_SERVER@@ 47 | Port 443 48 | format json 49 | tls on 50 | tls.verify on 51 | tls.crt_file /fluent-bit/tls.crt 52 | tls.key_file /fluent-bit/tls.key 53 | URI /@@LOGGING_URI@@ 54 | -------------------------------------------------------------------------------- /dockerfiles/uos/dockerfiles/firmware/wifi/Dockerfile.ubuntu: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2020 Intel Corporation 2 | # SPDX-License-Identifier: BSD-3-Clause 3 | 4 | FROM alpine:3.14 as kernel-builder 5 | LABEL maintainer "Bryan J Rodriguez " 6 | 7 | ARG UBUNTU_RELEASE=5.15.0-23-generic 8 | # Leave out 3rd version number. For example at the time of this file we are downloading version 1.187.33. 9 | ARG FIRMWARE=1.187 10 | 11 | 12 | RUN apk update && apk add --no-cache \ 13 | bash \ 14 | curl \ 15 | wget \ 16 | tar \ 17 | rpm \ 18 | cpio \ 19 | binutils \ 20 | zstd \ 21 | xz 22 | 23 | WORKDIR /build 24 | RUN mkdir /out 25 | 26 | # List of kernels 27 | # wget -qO - https://mirrors.kernel.org/ubuntu/pool/main/l/linux/ | sed -n 's/.*href="\([^"]*\).*/\1/p' | grep -o "linux-image-unsigned-[0-9]\.[0-9]\+\.[0-9]\+-[0-9]\+-generic_[^ ]\+amd64\.deb" 28 | # https://mirrors.edge.kernel.org/ubuntu/pool/main/l/linux-firmware/linux-firmware_1.197_all.deb 29 | 30 | RUN FIRMWARE_FILE=$(curl -s https://mirrors.edge.kernel.org/ubuntu/pool/main/l/linux-firmware/ | grep -Eo linux-firmware_${FIRMWARE}.\[0-9\]\[\-\_\.0-9a-zA-Z\]+_all.deb | head -n1) && \ 31 | wget https://mirrors.edge.kernel.org/ubuntu/pool/main/l/linux-firmware/${FIRMWARE_FILE} && \ 32 | ar x ${FIRMWARE_FILE} && \ 33 | tar --wildcards -xf data.tar.xz \ 34 | ./lib/firmware/*wifi* \ 35 | ./lib/firmware/*ipw* && \ 36 | mv ./lib /out/ 37 | 38 | FROM scratch 39 | ENTRYPOINT [] 40 | CMD [] 41 | WORKDIR / 42 | COPY --from=kernel-builder /out/* /lib/ 43 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2019 Intel Corporation 2 | # SPDX-License-Identifier: BSD-3-Clause 3 | 4 | # Log files 5 | builder.log 6 | rni.log 7 | scripts/builder.log 8 | scripts/rni.log 9 | 10 | # Installation artifacts 11 | get-docker.sh 12 | 13 | # Debugging artifacts 14 | Success 15 | 16 | # Auto-generated Edge Software Provisioner files & directories 17 | data/ 18 | data/etc/dnsmasq.conf 19 | data/srv/tftp/images/* 20 | data/srv/tftp/pxelinux.cfg/default 21 | data/srv/tftp/pxelinux.cfg/tmp_default 22 | data/usr/share/nginx/html/files/* 23 | data/usr/share/nginx/html/index.html 24 | data/usr/share/nginx/html/profile/* 25 | 26 | # Auto-generated Edge Software Provisioner backup files 27 | # They are automatically created using copySampleFile 28 | # and have the format abc_2019-03-19_11:34:47 29 | data/etc/dnsmasq.conf_* 30 | data/srv/tftp/pxelinux.cfg/default_* 31 | data/srv/tftp/pxelinux.cfg/tmp_default.modified* 32 | data/usr/share/nginx/html/kickstart/default/dyn-ks.yml 33 | data/usr/share/nginx/html/kickstart/default/dyn-ks.yml_* 34 | 35 | # Template staging files 36 | template/dnsmasq/dnsmasq.conf.modified* 37 | template/logging-server/fluent-bit.conf.modified* 38 | 39 | # Auto-generated UOS files & directories 40 | dockerfiles/uos/prep/ 41 | dockerfiles/uos/uos-cmdline 42 | dockerfiles/uos/uos-initrd.img 43 | dockerfiles/uos/uos-kernel 44 | dockerfiles/uos/lib/docker 45 | 46 | # Configuration that should never be committed to git 47 | # conf/config.yml 48 | conf/secrets.yml 49 | 50 | #used for core 51 | dockerfiles/core/files/ 52 | 53 | #used for certbot 54 | dockerfiles/certbot/scripts/ 55 | -------------------------------------------------------------------------------- /dockerfiles/uos/dockerfiles/firmware/lan/Dockerfile.intel: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2022 Intel Corporation 2 | # SPDX-License-Identifier: BSD-3-Clause 3 | 4 | FROM alpine:3.14 as kernel-builder 5 | LABEL maintainer "Bryan J Rodriguez " 6 | 7 | # Leave out 3rd version number. For example at the time of this file we are downloading version 1.187.33. 8 | ARG FIRMWARE=1.187 9 | 10 | RUN apk update && apk add --no-cache \ 11 | bash \ 12 | curl \ 13 | wget \ 14 | tar \ 15 | rpm \ 16 | cpio \ 17 | binutils \ 18 | xz 19 | 20 | WORKDIR /build 21 | RUN mkdir /out 22 | 23 | # List of kernels 24 | # wget -qO - https://mirrors.kernel.org/ubuntu/pool/main/l/linux/ | sed -n 's/.*href="\([^"]*\).*/\1/p' | grep -o "linux-image-unsigned-[0-9]\.[0-9]\+\.[0-9]\+-[0-9]\+-generic_[^ ]\+amd64\.deb" 25 | # https://mirrors.edge.kernel.org/ubuntu/pool/main/l/linux-firmware/linux-firmware_1.197_all.deb 26 | 27 | RUN FIRMWARE_FILE=$(curl -s https://mirrors.edge.kernel.org/ubuntu/pool/main/l/linux-firmware/ | grep -Eo linux-firmware_${FIRMWARE}.\[0-9\]\[\-\_\.0-9a-zA-Z\]+_all.deb | head -n1) && \ 28 | wget https://mirrors.edge.kernel.org/ubuntu/pool/main/l/linux-firmware/${FIRMWARE_FILE} && \ 29 | ar x ${FIRMWARE_FILE} && \ 30 | tar --wildcards -xf data.tar.xz \ 31 | ./lib/firmware/intel \ 32 | ./lib/firmware/brcm \ 33 | ./lib/firmware/mrvl \ 34 | ./lib/firmware/e100 \ 35 | ./lib/firmware/ath* \ 36 | ./lib/firmware/rt* && \ 37 | mv ./lib /out/ 38 | 39 | FROM scratch 40 | ENTRYPOINT [] 41 | CMD [] 42 | WORKDIR / 43 | COPY --from=kernel-builder /out/* /lib/ 44 | -------------------------------------------------------------------------------- /dockerfiles/uos/dockerfiles/firmware/lan/Dockerfile.ubuntu: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2020 Intel Corporation 2 | # SPDX-License-Identifier: BSD-3-Clause 3 | 4 | FROM alpine:3.14 as kernel-builder 5 | LABEL maintainer "Bryan J Rodriguez " 6 | 7 | ARG UBUNTU_RELEASE=5.15.0-23-generic 8 | # Leave out 3rd version number. For example at the time of this file we are downloading version 1.187.33. 9 | ARG FIRMWARE=1.187 10 | 11 | 12 | RUN apk update && apk add --no-cache \ 13 | bash \ 14 | curl \ 15 | wget \ 16 | tar \ 17 | rpm \ 18 | cpio \ 19 | binutils \ 20 | zstd \ 21 | xz 22 | 23 | WORKDIR /build 24 | RUN mkdir /out 25 | 26 | # List of kernels 27 | # wget -qO - https://mirrors.kernel.org/ubuntu/pool/main/l/linux/ | sed -n 's/.*href="\([^"]*\).*/\1/p' | grep -o "linux-image-unsigned-[0-9]\.[0-9]\+\.[0-9]\+-[0-9]\+-generic_[^ ]\+amd64\.deb" 28 | # https://mirrors.edge.kernel.org/ubuntu/pool/main/l/linux-firmware/linux-firmware_1.197_all.deb 29 | 30 | RUN FIRMWARE_FILE=$(curl -s https://mirrors.edge.kernel.org/ubuntu/pool/main/l/linux-firmware/ | grep -Eo linux-firmware_${FIRMWARE}.\[0-9\]\[\-\_\.0-9a-zA-Z\]+_all.deb | head -n1) && \ 31 | wget https://mirrors.edge.kernel.org/ubuntu/pool/main/l/linux-firmware/${FIRMWARE_FILE} && \ 32 | ar x ${FIRMWARE_FILE} && \ 33 | tar --wildcards -xf data.tar.xz \ 34 | ./lib/firmware/intel \ 35 | ./lib/firmware/brcm \ 36 | ./lib/firmware/mrvl \ 37 | ./lib/firmware/e100 \ 38 | ./lib/firmware/ath* \ 39 | ./lib/firmware/rt* && \ 40 | mv ./lib /out/ 41 | 42 | FROM scratch 43 | ENTRYPOINT [] 44 | CMD [] 45 | WORKDIR / 46 | COPY --from=kernel-builder /out/* /lib/ 47 | -------------------------------------------------------------------------------- /template/pxelinux.cfg/default.head: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2019 Intel Corporation 2 | # SPDX-License-Identifier: BSD-3-Clause 3 | 4 | DEFAULT menu.c32 5 | UI vesamenu.c32 6 | PROMPT 0 7 | TIMEOUT 200 8 | TOTALTIMEOUT 6000 9 | 10 | MENU RESOLUTION 800 600 11 | MENU TITLE | Build Options | 12 | MENU WIDTH 100 13 | MENU MARGIN 10 14 | MENU PASSWORDMARGIN 3 15 | MENU ROWS 27 16 | MENU TABMSGROW 33 17 | MENU CMDLINEROW 33 18 | MENU ENDROW -1 19 | MENU PASSWORDROW 26 20 | MENU TIMEOUTROW 35 21 | MENU HELPMSGROW 37 22 | MENU HELPMSGENDROW -1 23 | MENU HIDDENROW -2 24 | MENU HSHIFT 0 25 | MENU VSHIFT 0 26 | 27 | # Default to the first boot option if there is a timeout 28 | ONTIMEOUT local 29 | 30 | MENU BACKGROUND pxe_bg.png 31 | MENU COLOR screen 0 #808b8b8b #00000000 std 32 | MENU COLOR border 0 #ffffffff #ee000000 std 33 | MENU COLOR title 0 #ff6bbfff #ee000000 std 34 | MENU COLOR sel 0 #ff6bbfff #ee000000 std 35 | MENU COLOR hotsel 0 #ff9eff40 #ee000000 std 36 | MENU COLOR unsel 0 #55ffffff #ee000000 std 37 | MENU COLOR hotkey 0 #ff9eff40 #ee000000 std 38 | MENU COLOR tabmsg 0 #ffffffff #00000000 std 39 | MENU COLOR timeout_msg 0 #ff6bbfff #00000000 std 40 | MENU COLOR timeout 0 #c0ff2a2a #00000000 std 41 | MENU COLOR disabled 0 #807f7f7f #ee000000 std 42 | MENU COLOR cmdmark 0 #c000ffff #ee000000 std 43 | MENU COLOR cmdline 0 #c0ffffff #ee000000 std 44 | MENU COLOR scrollbar 0 #40000000 #00000000 std 45 | MENU COLOR pwdborder 0 #80ffffff #20ffffff std 46 | MENU COLOR pwdheader 0 #80ff8080 #20ffffff std 47 | MENU COLOR pwdentry 0 #80ffffff #20ffffff std 48 | MENU COLOR help 0 #c0ffffff #00000000 std 49 | 50 | LABEL local 51 | MENU LABEL Boot local hard drive 52 | LOCALBOOT -1 53 | -------------------------------------------------------------------------------- /dockerfiles/uos/Dockerfile.clearlinux: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2020 Intel Corporation 2 | # SPDX-License-Identifier: BSD-3-Clause 3 | 4 | FROM alpine:3.14 as kernel-builder 5 | LABEL maintainer "Bryan J Rodriguez " 6 | 7 | ARG CLEARLINUX_RELEASE=34780 8 | ARG KERNEL_VERSION=5.12.13-1050 9 | ARG KERNEL_PREFIX 10 | 11 | RUN apk update && apk add --no-cache \ 12 | bash \ 13 | wget \ 14 | tar \ 15 | rpm \ 16 | cpio 17 | 18 | WORKDIR /build 19 | RUN mkdir /out 20 | 21 | RUN wget https://download.clearlinux.org/releases/${CLEARLINUX_RELEASE}/clear/x86_64/os/Packages/linux-${KERNEL_PREFIX}${KERNEL_VERSION}.x86_64.rpm 22 | RUN wget https://download.clearlinux.org/releases/${CLEARLINUX_RELEASE}/clear/x86_64/os/Packages/linux-${KERNEL_PREFIX}extra-${KERNEL_VERSION}.x86_64.rpm 23 | # RUN wget https://download.clearlinux.org/releases/${CLEARLINUX_RELEASE}/clear/x86_64/os/Packages/linux-dev-${KERNEL_VERSION}.x86_64.rpm 24 | 25 | #https://download.clearlinux.org/releases/current/clear/source/SRPMS/linux-4.20.7-694.src.rpm 26 | 27 | RUN rpm2cpio linux-${KERNEL_PREFIX}${KERNEL_VERSION}.x86_64.rpm | cpio -i --make-directories && \ 28 | rpm2cpio linux-${KERNEL_PREFIX}extra-${KERNEL_VERSION}.x86_64.rpm | cpio -i --make-directories && \ 29 | cp usr/lib/kernel/default-* /out/kernel && \ 30 | cp usr/lib/kernel/System* /out/System.map 31 | 32 | RUN rpm2cpio linux-${KERNEL_PREFIX}${KERNEL_VERSION}.x86_64.rpm | cpio -i --make-directories && \ 33 | mv usr/lib/kernel/ . && \ 34 | cd usr/ && tar cf /out/kernel.tar . 35 | 36 | # RUN rm -fr usr/ && \ 37 | # rpm2cpio linux-dev-${KERNEL_VERSION}.x86_64.rpm | cpio -i --make-directories && \ 38 | # cd usr/ && tar cf /out/kernel-headers.tar . 39 | 40 | FROM scratch 41 | ENTRYPOINT [] 42 | CMD [] 43 | WORKDIR / 44 | COPY --from=kernel-builder /out/* / -------------------------------------------------------------------------------- /scripts/yamlparse.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Copyright (C) 2019 Intel Corporation 4 | # SPDX-License-Identifier: BSD-3-Clause 5 | 6 | # This file comes from: 7 | # https://github.com/jasperes/bash-yaml/blob/master/script/yaml.sh 8 | # See licenses/bash-yaml.license to find the license under which 9 | # this code resides. 10 | 11 | # Slightly modified, based on https://gist.github.com/pkuczynski/8665367 12 | 13 | yamlParse() { 14 | local yaml_file=$1 15 | local prefix=$2 16 | local s 17 | local w 18 | local fs 19 | 20 | s='[[:space:]]*' 21 | w='[a-zA-Z0-9_.-]*' 22 | fs="$(echo @|tr @ '\034')" 23 | 24 | ( 25 | sed -e '/- [^\“]'"[^\']"'.*: /s|\([ ]*\)- \([[:space:]]*\)|\1-\'$'\n'' \1\2|g' | 26 | 27 | sed -ne '/^--/s|--||g; s|\"|\\\"|g; s/[[:space:]]*$//g;' \ 28 | -e "/#.*[\"\']/!s| #.*||g; /^#/s|#.*||g;" \ 29 | -e "s|^\($s\)\($w\)$s:$s\"\(.*\)\"$s\$|\1$fs\2$fs\3|p" \ 30 | -e "s|^\($s\)\($w\)${s}[:-]$s\(.*\)$s\$|\1$fs\2$fs\3|p" | 31 | 32 | awk -F"$fs" '{ 33 | indent = length($1)/2; 34 | if (length($2) == 0) { conj[indent]="+";} else {conj[indent]="";} 35 | vname[indent] = $2; 36 | for (i in vname) {if (i > indent) {delete vname[i]}} 37 | if (length($3) > 0) { 38 | vn=""; for (i=0; i /dev/null 2>&1 ); do 56 | echo "Waiting for squid.conf file to be created"; 57 | sleep 5; 58 | done 59 | cp /etc/squid/template/squid.conf /etc/squid/squid.conf 60 | } 61 | 62 | run() { 63 | wait_for_conf 64 | echo "Starting squid..." 65 | prepare_folders 66 | create_cert 67 | clear_certs_db 68 | initialize_cache 69 | exec "$SQUID" -NYCd 1 -f /etc/squid/squid.conf 70 | } 71 | 72 | run 73 | -------------------------------------------------------------------------------- /dockerfiles/uos/Dockerfile.fedora: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2020 Intel Corporation 2 | # SPDX-License-Identifier: BSD-3-Clause 3 | 4 | FROM fedora:32 as kernel-builder 5 | LABEL maintainer "Bryan J Rodriguez " 6 | 7 | ARG KERNEL_VERSION=5.17.5-300.fc36.x86_64 8 | ARG KERNEL_PREFIX 9 | ARG FEDORA_RELEASE=36 10 | 11 | RUN dnf install -y \ 12 | wget \ 13 | tar \ 14 | kmod \ 15 | cpio 16 | 17 | WORKDIR /build 18 | RUN mkdir /out 19 | 20 | RUN wget https://download-ib01.fedoraproject.org/pub/fedora/linux/releases/${FEDORA_RELEASE}/Everything/x86_64/os/Packages/k/kernel-${KERNEL_VERSION}.rpm && \ 21 | wget https://download-ib01.fedoraproject.org/pub/fedora/linux/releases/${FEDORA_RELEASE}/Everything/x86_64/os/Packages/k/kernel-core-${KERNEL_VERSION}.rpm && \ 22 | wget https://download-ib01.fedoraproject.org/pub/fedora/linux/releases/${FEDORA_RELEASE}/Everything/x86_64/os/Packages/k/kernel-modules-${KERNEL_VERSION}.rpm && \ 23 | wget https://download-ib01.fedoraproject.org/pub/fedora/linux/releases/${FEDORA_RELEASE}/Everything/x86_64/os/Packages/k/kernel-modules-extra-${KERNEL_VERSION}.rpm && \ 24 | wget https://download-ib01.fedoraproject.org/pub/fedora/linux/releases/${FEDORA_RELEASE}/Everything/x86_64/os/Packages/k/kernel-modules-internal-${KERNEL_VERSION}.rpm 25 | 26 | RUN rpm2cpio kernel-${KERNEL_VERSION}.rpm | cpio -i --make-directories && \ 27 | rpm2cpio kernel-core-${KERNEL_VERSION}.rpm | cpio -i --make-directories && \ 28 | rpm2cpio kernel-modules-${KERNEL_VERSION}.rpm | cpio -i --make-directories && \ 29 | rpm2cpio kernel-modules-extra-${KERNEL_VERSION}.rpm | cpio -i --make-directories && \ 30 | rpm2cpio kernel-modules-internal-${KERNEL_VERSION}.rpm | cpio -i --make-directories && \ 31 | for d in lib/modules/*; do depmod -b . $(basename $d); done && \ 32 | mv lib/modules/*/vmlinuz* /out/kernel && \ 33 | mv lib/modules/*/config* /out/kernel_config && \ 34 | mv lib/modules/*/System* /out/System.map && \ 35 | tar cf /out/kernel.tar lib && \ 36 | tar cf /out/kernel-dev.tar usr || true 37 | 38 | FROM scratch 39 | ENTRYPOINT [] 40 | CMD [] 41 | WORKDIR / 42 | COPY --from=kernel-builder /out/* / -------------------------------------------------------------------------------- /dockerfiles/uos/bash/wifi-scan: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright (C) 2021 Intel Corporation 4 | # SPDX-License-Identifier: BSD-3-Clause 5 | 6 | source /opt/bootstrap/functions 7 | 8 | until [ -f /opt/bootstrap/wifi-scan.run ] || [ -f /opt/bootstrap/init.done ]; do 9 | echo "Waiting for init to finish." 10 | sleep 20 11 | done 12 | 13 | if [ -f /opt/bootstrap/init.done ]; then 14 | exit 15 | fi 16 | 17 | if [ -d "/sys/class/ieee80211" ] && [ "$(ls -A /sys/class/ieee80211 2>/dev/null )" ]; then 18 | echo "" 19 | echo "" 20 | echo "WiFi card found..." 21 | echo "" 22 | echo "" 23 | if ( ip link show mlan0 > /dev/null 2>&1 ); then 24 | # workaround for mlan0 driver of Advantech 25 | (ip link set mlan0 down ; ip link set mlan0 name wlan0) || /bin/true 26 | fi 27 | if (! ip link show wlan0 | grep ",UP" > /dev/null ); then 28 | echo "Bringing WiFi interface up..." 29 | ip link set wlan0 up 30 | fi 31 | PS3="Select the wireless network: " 32 | select SSID in $(iwlist wlan0 scan | grep ESSID | awk '{print $1}' | awk -F\" '{print $2}'); do 33 | if [ "${SSID}" != "" ]; then 34 | read -p "Enter enter the pre-shared key for SSID - '${SSID}': " PSK 35 | cp /hostroot/var/services/wlan/wpa_supplicant/wpa_supplicant.conf /hostroot/var/services/wlan/wpa_supplicant/wpa_supplicant.conf.tmp 36 | sed -i -e "s/@@SSID@@/${SSID}/g" -e "s/@@PSK@@/${PSK}/g" /hostroot/var/services/wlan/wpa_supplicant/wpa_supplicant.conf.tmp 37 | cat /hostroot/var/services/wlan/wpa_supplicant/wpa_supplicant.conf.tmp > /hostroot/var/services/wlan/wpa_supplicant/wpa_supplicant.conf 38 | rm /hostroot/var/services/wlan/wpa_supplicant/wpa_supplicant.conf.tmp 39 | break 40 | fi 41 | done 42 | echo "" 43 | echo "" 44 | echo "Waiting WiFi to get and IP Address..." 45 | sleep 7.5 46 | echo "Updating system time..." 47 | ntpd -d -N -q -n -p us.pool.ntp.org 48 | echo "" 49 | echo "" 50 | echo "" 51 | echo "" 52 | echo -e "IP Address:\n$(ip -o -4 addr list $(ip route show 0.0.0.0/0 | awk '{print $5}') | head -1 | awk '{print $4}' | cut -d/ -f1)\n\nRoutes:\n$(ip route show)\n\nLANs:\n$(ip -o -4 addr list)\n" 53 | fi 54 | 55 | touch /opt/bootstrap/wifi-scan.done -------------------------------------------------------------------------------- /dockerfiles/certbot/init: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright (C) 2019 Intel Corporation 4 | # SPDX-License-Identifier: BSD-3-Clause 5 | 6 | source "scripts/textutils.sh" 7 | source "scripts/fileutils.sh" 8 | # source "scripts/bulkfileutils.sh" 9 | # source "scripts/profileutils.sh" 10 | # source "scripts/pxemenuutils.sh" 11 | source "scripts/templateutils.sh" 12 | 13 | parseConfig 14 | 15 | if [ "${builder_config_letsencrypt_enabled}" == "true" ]; then 16 | if [ "${builder_config_letsencrypt_agree_to}" == "true" ]; then 17 | if [ "${builder_config_letsencrypt_no_eff_email}" == "true" ]; then 18 | NO_EFF_EMAIL="--no-eff-email" 19 | fi 20 | if [ "${builder_config_letsencrypt_staging}" == "true" ]; then 21 | STAGING="--staging " 22 | fi 23 | # validateInput fqdn "${builder_config_host_ip}" "${builder_config_host_ip} is not a valid FQDN - Fully Qualified Domain Name." 24 | validateInput email "${builder_config_letsencrypt_email}" "${builder_config_letsencrypt_email} is not a valid email address." 25 | 26 | if [ ! -f "/etc/letsencrypt/live/${builder_config_host_ip}/fullchain.pem" ]; then 27 | certbot certonly --webroot --webroot-path=/var/www/certbot --rsa-key-size 4096 --email ${builder_config_letsencrypt_email} --agree-tos ${NO_EFF_EMAIL} ${STAGING} -d ${builder_config_host_ip} && \ 28 | cp /etc/letsencrypt/live/${builder_config_host_ip}/privkey.pem /etc/ssl/private/EB_web.key && \ 29 | cp /etc/letsencrypt/live/${builder_config_host_ip}/fullchain.pem /etc/ssl/cert/EB_web.crt 30 | fi 31 | inotifywait -e move -e create -m /etc/letsencrypt/live/${builder_config_host_ip}/ | 32 | while read -r directory events filename; do 33 | if [ "${filename}" == "privkey.pem" ]; then 34 | echo "/etc/letsencrypt/live/${builder_config_host_ip}/privkey.pem has changed." 35 | cp /etc/letsencrypt/live/${builder_config_host_ip}/privkey.pem /etc/ssl/private/EB_web.key && \ 36 | cp /etc/letsencrypt/live/${builder_config_host_ip}/fullchain.pem /etc/ssl/cert/EB_web.crt 37 | fi 38 | done 39 | else 40 | printMsg "Service will not run as the user did not agree to the service agreement in conf/config.yml" 41 | exit 0 42 | fi 43 | else 44 | printMsg "Let's Encrypt is disabled in conf/config.yml and the service will not run" 45 | exit 0 46 | fi -------------------------------------------------------------------------------- /dockerfiles/qemu/Dockerfile: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2020 Intel Corporation 2 | # SPDX-License-Identifier: BSD-3-Clause 3 | 4 | FROM alpine:3.13 5 | LABEL maintainer="Bryan J Rodriguez " 6 | 7 | RUN apk update && apk add --no-cache \ 8 | bash \ 9 | dnsmasq \ 10 | dumb-init \ 11 | iptables \ 12 | mesa-egl \ 13 | mesa-gl \ 14 | mesa-dri-virtio \ 15 | mesa-dri-intel \ 16 | ovmf \ 17 | qemu-img \ 18 | qemu-system-arm \ 19 | qemu-system-x86_64 \ 20 | qemu-system-i386 \ 21 | qemu-ui-gtk \ 22 | qemu-ui-sdl \ 23 | qemu-ui-curses \ 24 | qemu-ui-spice-app \ 25 | qemu-audio-sdl \ 26 | qemu-audio-alsa \ 27 | qemu-audio-oss \ 28 | qemu-block-curl \ 29 | qemu-block-nfs \ 30 | qemu-block-ssh \ 31 | qemu-modules \ 32 | ttf-dejavu \ 33 | util-linux \ 34 | xf86-video-intel \ 35 | xf86-video-qxl \ 36 | xhost 37 | 38 | # The following are guest tools to improve performance of the VM 39 | # RUN https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/stable-virtio/virtio-win.iso 40 | # https://downloadmirror.intel.com/30100/a08/igfx_win10_100.9126.exe 41 | # https://downloadmirror.intel.com/30100/a08/igfx_win10_100.9126.zip 42 | # https://www.spice-space.org/download/windows/spice-guest-tools/spice-guest-tools-latest.exe 43 | 44 | COPY bootstrapVm.sh /bin/ 45 | COPY qemu-ifup /etc/ 46 | COPY qemu-ifdown /etc/ 47 | COPY bridge.conf /etc/qemu/ 48 | 49 | ENV NAME vm0 50 | ENV RAM 1024 51 | ENV SMP 1,sockets=1,cores=1,threads=1 52 | ENV CPU host 53 | ENV BIOS "" 54 | ENV AUDIO "" 55 | ENV KEYBOARD "" 56 | ENV MOUSE "" 57 | ENV DISK_DEVICE ide 58 | ENV IMAGE /data/volumes/vm.img 59 | ENV IMAGE_FORMAT qcow2 60 | ENV IMAGE_SIZE 10G 61 | ENV IMAGE_CACHE none 62 | ENV IMAGE_DISCARD unmap 63 | ENV IMAGE_CREATE 0 64 | ENV DISK_AHCI "" 65 | ENV ISO_DOWNLOAD 0 66 | ENV NETWORK user 67 | ENV NETWORK_BRIDGE br0 68 | ENV NETWORK_DEVICE e1000 69 | ENV NETWORK_IF eth0 70 | ENV GTK "" 71 | ENV VIDEO none 72 | ENV GPU none 73 | ENV VNC tcp 74 | ENV VNC_IP "" 75 | ENV VNC_ID 0 76 | ENV VNC_PORT 5900 77 | ENV VNC_SOCK /var/run/kvmvideo/vnc.sock 78 | ENV SPICE tcp 79 | ENV SPICE_IP 127.0.0.1 80 | ENV SPICE_PORT 5900 81 | ENV SPICE_SOCK /var/run/kvmvideo/spice.sock 82 | ENV SPICE_OPTIONS "" 83 | ENV CUSTOM_VIDEO "" 84 | ENV TCP_PORTS "" 85 | ENV UDP_PORTS "" 86 | ENV USB_HUB "" 87 | ENV BALLOON "" 88 | ENV MONITOR "" 89 | ENV ADD_FLAGS "" 90 | 91 | ENTRYPOINT ["dumb-init"] 92 | CMD ["/bin/bootstrapVm.sh"] -------------------------------------------------------------------------------- /template/nginx/default.conf: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2019 Intel Corporation 2 | # SPDX-License-Identifier: BSD-3-Clause 3 | 4 | # This will be run as a Docker container and will be responsible for 5 | # serving out profile files, kernel and initrd images, and anything 6 | # else needed. Everything stored in a profile's git repository will be 7 | # hosted over the local area network, and clients that are attempting 8 | # to PXE boot will reach out to this nginx server. 9 | server { 10 | listen 80 default_server; 11 | 12 | # Files will be served from this location. 13 | # Nginx runs as a container in docker-compose.yml 14 | # and this folder is mounted to this directory: 15 | # ./data/usr/share/nginx/html:/usr/share/nginx/html 16 | root /usr/share/nginx/html; 17 | index index.html; 18 | server_name _; 19 | 20 | # Deny access to any and all directories named ".git" recursively. 21 | # This is needed because profiles will be using git, and this directory 22 | # can contain credentials and other sensitive information. 23 | location ~ /\.git { 24 | deny all; 25 | } 26 | 27 | # This directive tells nginx to try to serve out the requested file/folder, 28 | # and serve out 404 if it can't find it. 29 | location / { 30 | try_files $uri $uri/ =404; 31 | autoindex off; 32 | autoindex_exact_size off; 33 | } 34 | 35 | # Each profile will have its files stored under this directory 36 | # in the format /files/${profileName}/. The autoindex directive tells 37 | # nginx to provide a convenient HTML page showing the files and subfolders 38 | # when navigating to a folder 39 | location /files { 40 | autoindex off; 41 | } 42 | 43 | # Each profile will be served out under the 44 | # /profile/${profileName} directory. The autoindex directive tells 45 | # nginx to provide a convenient HTML page showing the files and subfolders 46 | # when navigating to a folder 47 | location /profile { 48 | autoindex on; 49 | } 50 | 51 | # Lets Encrypt Challenge request 52 | location /.well-known/acme-challenge/ { 53 | root /var/www/certbot; 54 | } 55 | } 56 | 57 | server { 58 | listen 443 ssl; 59 | server_name edgebuilder.local; 60 | 61 | ssl_certificate /etc/ssl/cert/EB_web.crt; 62 | ssl_certificate_key /etc/ssl/private/EB_web.key; 63 | 64 | include /etc/nginx/conf.d/options-ssl-nginx.conf; 65 | ssl_dhparam /etc/nginx/ssl-dhparams.pem; 66 | 67 | location / { 68 | proxy_pass http://localhost; #for demo purposes 69 | } 70 | } 71 | -------------------------------------------------------------------------------- /dockerfiles/uos/Dockerfile.ubuntu: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2020 Intel Corporation 2 | # SPDX-License-Identifier: BSD-3-Clause 3 | 4 | FROM alpine:3.14 as kernel-builder 5 | LABEL maintainer "Bryan J Rodriguez " 6 | 7 | ARG UBUNTU_RELEASE=5.15.0-25-generic 8 | ARG KERNEL_VERSION=5.15.0-25.25_amd64 9 | ARG KERNEL_PREFIX 10 | 11 | RUN apk update && apk add --no-cache \ 12 | bash \ 13 | wget \ 14 | tar \ 15 | rpm \ 16 | cpio \ 17 | binutils \ 18 | zstd \ 19 | xz 20 | 21 | WORKDIR /build 22 | RUN mkdir /out 23 | 24 | # List of kernels 25 | # wget -qO - https://mirrors.kernel.org/ubuntu/pool/main/l/linux/ | sed -n 's/.*href="\([^"]*\).*/\1/p' | grep -o "linux-image-unsigned-[0-9]\.[0-9]\+\.[0-9]\+-[0-9]\+-generic_[^ ]\+amd64\.deb" 26 | 27 | RUN wget http://mirrors.edge.kernel.org/ubuntu/pool/main/l/linux/linux-image-unsigned-${UBUNTU_RELEASE}_${KERNEL_VERSION}.deb && \ 28 | wget http://mirrors.edge.kernel.org/ubuntu/pool/main/l/linux/linux-modules-${UBUNTU_RELEASE}_${KERNEL_VERSION}.deb && \ 29 | wget http://mirrors.edge.kernel.org/ubuntu/pool/main/l/linux/linux-modules-extra-${UBUNTU_RELEASE}_${KERNEL_VERSION}.deb 30 | 31 | RUN ar x linux-image-unsigned-${UBUNTU_RELEASE}_${KERNEL_VERSION}.deb && \ 32 | tar -xf data.tar && \ 33 | ar x linux-modules-${UBUNTU_RELEASE}_${KERNEL_VERSION}.deb && \ 34 | tar -xf data.tar.zst && \ 35 | ar x linux-modules-extra-${UBUNTU_RELEASE}_${KERNEL_VERSION}.deb && \ 36 | tar -xf data.tar.zst \ 37 | ./lib/modules/${UBUNTU_RELEASE}/kernel/net/ \ 38 | ./lib/modules/${UBUNTU_RELEASE}/kernel/drivers/net/ethernet/ \ 39 | ./lib/modules/${UBUNTU_RELEASE}/kernel/drivers/gpu/ \ 40 | ./lib/modules/${UBUNTU_RELEASE}/kernel/drivers/video/ \ 41 | ./lib/modules/${UBUNTU_RELEASE}/kernel/drivers/net/phy/ \ 42 | ./lib/modules/${UBUNTU_RELEASE}/kernel/drivers/net/wireless/ \ 43 | ./lib/modules/${UBUNTU_RELEASE}/kernel/drivers/misc/mei/ \ 44 | ./lib/modules/${UBUNTU_RELEASE}/kernel/drivers/mmc/ \ 45 | ./lib/modules/${UBUNTU_RELEASE}/kernel/drivers/media/mmc/ \ 46 | ./lib/modules/${UBUNTU_RELEASE}/kernel/drivers/scsi/ \ 47 | ./lib/modules/${UBUNTU_RELEASE}/kernel/drivers/ata/ \ 48 | ./lib/modules/${UBUNTU_RELEASE}/kernel/drivers/block/ \ 49 | ./lib/modules/${UBUNTU_RELEASE}/kernel/drivers/usb/ \ 50 | ./lib/modules/${UBUNTU_RELEASE}/kernel/drivers/virtio/ && \ 51 | for d in lib/modules/*; do depmod -b . $(basename $d); done && \ 52 | cp boot/vmlinuz* /out/kernel && \ 53 | cp boot/config* /out/kernel_config && \ 54 | cp boot/System* /out/System.map && \ 55 | tar cf /out/kernel.tar lib || true 56 | 57 | FROM scratch 58 | ENTRYPOINT [] 59 | CMD [] 60 | WORKDIR / 61 | COPY --from=kernel-builder /out/* / 62 | -------------------------------------------------------------------------------- /template/squid/squid.conf: -------------------------------------------------------------------------------- 1 | 2 | acl globalnet src all 3 | acl localnet src 10.0.0.0/8 # RFC1918 possible internal network 4 | acl localnet src 172.16.0.0/12 # RFC1918 possible internal network 5 | acl localnet src 192.168.0.0/16 # RFC1918 possible internal network 6 | acl localnet src fc00::/7 # RFC 4193 local private network range 7 | acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines 8 | acl SSL_ports port 443 9 | acl Safe_ports port 80 # http 10 | acl Safe_ports port 21 # ftp 11 | acl Safe_ports port 443 # https 12 | acl Safe_ports port 70 # gopher 13 | acl Safe_ports port 210 # wais 14 | acl Safe_ports port 1025-65535 # unregistered ports 15 | acl Safe_ports port 280 # http-mgmt 16 | acl Safe_ports port 488 # gss-http 17 | acl Safe_ports port 591 # filemaker 18 | acl Safe_ports port 777 # multiling http 19 | acl CONNECT method CONNECT 20 | http_access deny !Safe_ports 21 | http_access deny CONNECT !SSL_ports 22 | http_access allow localhost manager 23 | http_access deny manager 24 | http_access deny to_localhost 25 | http_access allow globalnet 26 | http_access allow localnet 27 | http_access allow localhost 28 | http_access deny all 29 | http_port 3128 30 | 31 | http_port 4128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid-cert/private.pem key=/etc/squid-cert/private.pem 32 | ssl_bump server-first all 33 | always_direct allow all 34 | sslcrtd_program /usr/lib/squid/security_file_certgen -s /var/lib/ssl_db -M 4MB 35 | # sslcrtd_children 4 startup=1 idle=1 36 | 37 | 38 | refresh_pattern -i .rpm$ 10080 100% 10080 refresh-ims override-expire 39 | refresh_pattern -i .iso$ 10080 100% 10080 refresh-ims override-expire 40 | refresh_pattern -i .deb$ 10080 100% 10080 refresh-ims override-expire 41 | refresh_pattern -i .apk$ 10080 100% 10080 refresh-ims override-expire 42 | refresh_pattern -i .tar$ 10080 100% 10080 refresh-ims override-expire 43 | refresh_pattern -i .zip$ 10080 100% 10080 refresh-ims override-expire 44 | refresh_pattern -i .tgz$ 10080 100% 10080 refresh-ims override-expire 45 | refresh_pattern -i .gz$ 10080 100% 10080 refresh-ims override-expire 46 | # refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880 47 | refresh_pattern ^ftp: 1440 20% 10080 48 | refresh_pattern ^gopher: 1440 0% 1440 49 | refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 50 | refresh_pattern . 0 20% 4320 51 | maximum_object_size 6 GB 52 | cache_dir ufs /var/spool/squid 10240 16 256 53 | cache_mem 256 MB 54 | maximum_object_size_in_memory 512 KB 55 | cache_replacement_policy heap LFUDA 56 | range_offset_limit -1 57 | quick_abort_min -1 KB 58 | coredump_dir /var/spool/squid 59 | #access_log none 60 | #cache_log none 61 | -------------------------------------------------------------------------------- /template/ipxe/menu.ipxe.middle: -------------------------------------------------------------------------------- 1 | item --gap -- 2 | item --gap -- -------------------------------------------------------------------------- 3 | item --gap -- Advanced options 4 | item --gap -- -------------------------------------------------------------------------- 5 | item --key s linuxmenu Boot Legacy ESP Menu (SYSLINUX) 6 | item --key t tinycore Boot TinyCore Linux 7 | item --key w winpe Boot WinPE 8 | item --key l exit Boot local hard drive 9 | item --gap -- 10 | item --key c config Configure settings 11 | item shell Drop to iPXE shell 12 | item reboot Reboot computer 13 | item --gap -- 14 | item --key x exit Exit iPXE and continue BIOS boot 15 | item --gap -- -------------------------------------------------------------------------- 16 | choose --timeout ${menu-timeout} --default ${menu-default} selected || goto cancel 17 | set menu-timeout 0 18 | goto ${selected} 19 | 20 | :linuxmenu 21 | iseq ${platform} efi && goto syslinux || goto pxelinux 22 | 23 | :pxelinux 24 | imgfree 25 | set 210:string http://@@HOST_IP@@/tftp/legacy/ 26 | set filename ${210:string}pxelinux.0 27 | chain ${filename} || 28 | echo PXELINUX Netboot failed 29 | shell 30 | 31 | :syslinux 32 | imgfree 33 | set 210:string http://@@HOST_IP@@/tftp/efi${efiarch}/ 34 | set filename ${210:string}syslinux.efi 35 | chain ${filename} || 36 | echo SYSLINUX Netboot failed 37 | shell 38 | 39 | :loadipxe 40 | set 210:string tftp://@@HOST_IP@@/ipxe/legacy/ 41 | set filename ${210:string}undionly.kpxe 42 | chain ${filename} || 43 | echo iPXE Netboot failed 44 | shell 45 | 46 | :tinycore 47 | set base http://tinycorelinux.net/13.x/x86/release/distribution_files 48 | 49 | cpuid --ext 29 && set arch 64 || set arch 50 | 51 | kernel ${base}/vmlinuz${arch} initrd=rootfs.gz initrd=modules${arch}.gz 52 | initrd ${base}/rootfs.gz 53 | initrd ${base}/modules${arch}.gz 54 | boot || goto menu 55 | 56 | :winpe 57 | cpuid --ext 29 && set arch amd64 || set arch x86 58 | 59 | kernel http://@@HOST_IP@@/tftp/images/ipxe/wimboot 60 | initrd http://@@HOST_IP@@/tftp/images/winpe/Boot/BCD BCD 61 | initrd http://@@HOST_IP@@/tftp/images/winpe/Boot/boot.sdi boot.sdi 62 | initrd http://@@HOST_IP@@/tftp/images/winpe/sources/boot.wim boot.wim 63 | boot || goto menu 64 | 65 | :cancel 66 | echo You cancelled the menu, dropping you to a shell 67 | 68 | :shell 69 | echo Type 'exit' to get the back to the menu 70 | shell 71 | set menu-timeout 0 72 | set submenu-timeout 0 73 | goto menu 74 | 75 | :failed 76 | echo Booting failed, dropping to shell 77 | goto shell 78 | 79 | :reboot 80 | reboot 81 | 82 | :exit 83 | sanboot --no-describe --drive 0x80 84 | exit 85 | 86 | :local 87 | sanboot --no-describe --drive 0x80 88 | exit 89 | 90 | -------------------------------------------------------------------------------- /dockerfiles/uos/bash/start: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright (C) 2019 Intel Corporation 4 | # SPDX-License-Identifier: BSD-3-Clause 5 | 6 | rngd -r /dev/urandom 7 | 8 | /sbin/udevadm hwdb --update && 9 | /sbin/udevd --debug --daemon 10 | 11 | export CONSOLE_OUTPUT="/dev/kmsg" 12 | 13 | sleep 3 14 | 15 | kernel_params=$(cat /proc/cmdline) 16 | 17 | if [[ $kernel_params == *" ntp="* ]]; then 18 | tmp="${kernel_params##* ntp=}" 19 | export param_ntp="${tmp%% *}" 20 | else 21 | export param_ntp="us.pool.ntp.org" 22 | fi 23 | 24 | echo "Updating system time..." 2>&1 | tee -a ${CONSOLE_OUTPUT} 25 | ntpd -d -N -q -n -p ${param_ntp} 2>&1 | tee -a ${CONSOLE_OUTPUT} 26 | 27 | echo "Discovering hardware..." 2>&1 | tee -a ${CONSOLE_OUTPUT} 28 | for f in $(ls /sys/bus/*/devices/*/modalias); do 29 | if [ -f $f ]; then 30 | modprobe -abq $(cat $f) >/dev/null 2>&1 31 | fi 32 | done 33 | 34 | sleep 1 35 | 36 | for f in $(ls /sys/bus/*/devices/*/modalias); do 37 | if [ -f $f ]; then 38 | modprobe -abq $(cat $f) >/dev/null 2>&1 39 | fi 40 | done 41 | 42 | if [[ $kernel_params = *"httpserver="* ]]; then 43 | tmp="${kernel_params##*httpserver=}" 44 | param_httpserver="${tmp%% *}" 45 | fi 46 | 47 | if [[ $kernel_params = *" proxy="* ]]; then 48 | tmp="${kernel_params##* proxy=}" 49 | param_proxy="${tmp%% *}" 50 | 51 | export http_proxy=${param_proxy} 52 | export https_proxy=${param_proxy} 53 | export no_proxy="localhost,127.0.0.1,${param_httpserver}" 54 | export HTTP_PROXY=${param_proxy} 55 | export HTTPS_PROXY=${param_proxy} 56 | export NO_PROXY="localhost,127.0.0.1,${param_httpserver}" 57 | fi 58 | 59 | if [[ $kernel_params = *" dynamicprofile="* ]]; then 60 | tmp="${kernel_params##* dynamicprofile=}" 61 | export param_dynamicprofile="${tmp%% *}" 62 | fi 63 | 64 | echo "Cmdline: $kernel_params" 2>&1 | tee -a ${CONSOLE_OUTPUT} 65 | 66 | if [[ $param_dynamicprofile == 'true' ]]; then 67 | echo "DYNAMIC PROFILE ACTIVE!! Collecting hardware information" 2>&1 | tee -a ${CONSOLE_OUTPUT} 68 | /opt/bootstrap/profile_request 69 | fi 70 | 71 | if [ $(wget http://${param_httpserver}:5557/v2/_catalog -O-) ] 2>/dev/null; then 72 | export REGISTRY_MIRROR="--registry-mirror=http://${param_httpserver}:5557" 73 | elif [ $(wget http://${param_httpserver}:5000/v2/_catalog -O-) ] 2>/dev/null; then 74 | export REGISTRY_MIRROR="--registry-mirror=http://${param_httpserver}:5000" 75 | fi 76 | 77 | iptables -L >/dev/null 2>&1 78 | if [ $? = 0 ]; then 79 | # /usr/local/bin/docker-init /usr/local/bin/dockerd & 80 | /usr/local/bin/dockerd ${REGISTRY_MIRROR} & 81 | else 82 | /usr/local/bin/dockerd --iptables=false ${REGISTRY_MIRROR} & 83 | fi 84 | 85 | while (! docker stats --no-stream > /dev/null ); do 86 | # Docker takes a few seconds to initialize 87 | echo "Waiting for Docker to launch..." 2>&1 | tee -a ${CONSOLE_OUTPUT} 88 | sleep 3 89 | done 90 | 91 | /opt/bootstrap/init 92 | 93 | supervisord -n 94 | -------------------------------------------------------------------------------- /dockerfiles/uos/Dockerfile.intel: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2022 Intel Corporation 2 | # SPDX-License-Identifier: BSD-3-Clause 3 | 4 | FROM alpine:3.14 as kernel-builder 5 | LABEL maintainer "Bryan J Rodriguez " 6 | 7 | ARG UBUNTU_RELEASE=5.15.0-1010-intel-iotg 8 | ARG KERNEL_VERSION=5.15.0-1010.14~20.04.1_amd64 9 | ARG KERNEL_PREFIX 10 | ARG KERNEL_PATH=linux-intel-iotg-5.15 11 | ARG KERNEL_MODULE_PATH=linux-intel-iotg-5.15 12 | 13 | RUN apk update && apk add --no-cache \ 14 | bash \ 15 | wget \ 16 | tar \ 17 | rpm \ 18 | cpio \ 19 | binutils \ 20 | xz 21 | 22 | WORKDIR /build 23 | RUN mkdir /out 24 | 25 | # List of kernels 26 | # wget -qO - https://mirrors.kernel.org/ubuntu/pool/main/l/linux/ | sed -n 's/.*href="\([^"]*\).*/\1/p' | grep -o "linux-image-unsigned-[0-9]\.[0-9]\+\.[0-9]\+-[0-9]\+-generic_[^ ]\+amd64\.deb" 27 | 28 | RUN wget http://mirrors.edge.kernel.org/ubuntu/pool/main/l/${KERNEL_PATH}/linux-image-unsigned-${UBUNTU_RELEASE}_${KERNEL_VERSION}.deb && \ 29 | wget http://mirrors.edge.kernel.org/ubuntu/pool/main/l/${KERNEL_MODULE_PATH}/linux-modules-${UBUNTU_RELEASE}_${KERNEL_VERSION}.deb && \ 30 | wget http://mirrors.edge.kernel.org/ubuntu/pool/main/l/${KERNEL_MODULE_PATH}/linux-modules-extra-${UBUNTU_RELEASE}_${KERNEL_VERSION}.deb 31 | 32 | RUN ar x linux-image-unsigned-${UBUNTU_RELEASE}_${KERNEL_VERSION}.deb && \ 33 | tar -xf data.tar && \ 34 | ar x linux-modules-${UBUNTU_RELEASE}_${KERNEL_VERSION}.deb && \ 35 | tar -xf data.tar.xz && \ 36 | ar x linux-modules-extra-${UBUNTU_RELEASE}_${KERNEL_VERSION}.deb && \ 37 | tar -xf data.tar.xz \ 38 | ./lib/modules/${UBUNTU_RELEASE}/kernel/net/ \ 39 | ./lib/modules/${UBUNTU_RELEASE}/kernel/drivers/net/ethernet/ \ 40 | ./lib/modules/${UBUNTU_RELEASE}/kernel/drivers/gpu/ \ 41 | ./lib/modules/${UBUNTU_RELEASE}/kernel/drivers/video/ \ 42 | ./lib/modules/${UBUNTU_RELEASE}/kernel/drivers/net/phy/ \ 43 | ./lib/modules/${UBUNTU_RELEASE}/kernel/drivers/net/wireless/ \ 44 | ./lib/modules/${UBUNTU_RELEASE}/kernel/drivers/misc/mei/ \ 45 | ./lib/modules/${UBUNTU_RELEASE}/kernel/drivers/mmc/ \ 46 | ./lib/modules/${UBUNTU_RELEASE}/kernel/drivers/media/mmc/ \ 47 | ./lib/modules/${UBUNTU_RELEASE}/kernel/drivers/scsi/ \ 48 | ./lib/modules/${UBUNTU_RELEASE}/kernel/drivers/ata/ \ 49 | ./lib/modules/${UBUNTU_RELEASE}/kernel/drivers/block/ \ 50 | ./lib/modules/${UBUNTU_RELEASE}/kernel/drivers/usb/ \ 51 | ./lib/modules/${UBUNTU_RELEASE}/kernel/drivers/virtio/ && \ 52 | for d in lib/modules/*; do depmod -b . $(basename $d); done && \ 53 | cp boot/vmlinuz* /out/kernel && \ 54 | cp boot/config* /out/kernel_config && \ 55 | cp boot/System* /out/System.map && \ 56 | tar cf /out/kernel.tar lib || true 57 | 58 | FROM scratch 59 | ENTRYPOINT [] 60 | CMD [] 61 | WORKDIR / 62 | COPY --from=kernel-builder /out/* / 63 | -------------------------------------------------------------------------------- /dockerfiles/uos/Dockerfile.intel.signed: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2022 Intel Corporation 2 | # SPDX-License-Identifier: BSD-3-Clause 3 | 4 | FROM alpine:3.14 as kernel-builder 5 | LABEL maintainer "Bryan J Rodriguez " 6 | 7 | ARG UBUNTU_RELEASE=5.15.0-1010-intel-iotg 8 | ARG KERNEL_VERSION=5.15.0-1010.14~20.04.1_amd64 9 | ARG KERNEL_PREFIX 10 | ARG KERNEL_PATH=linux-signed-intel-iotg-5.15 11 | ARG KERNEL_MODULE_PATH=linux-intel-iotg-5.15 12 | 13 | RUN apk update && apk add --no-cache \ 14 | bash \ 15 | wget \ 16 | tar \ 17 | rpm \ 18 | cpio \ 19 | binutils \ 20 | xz 21 | 22 | WORKDIR /build 23 | RUN mkdir /out 24 | 25 | # List of kernels 26 | # wget -qO - https://mirrors.kernel.org/ubuntu/pool/main/l/linux/ | sed -n 's/.*href="\([^"]*\).*/\1/p' | grep -o "linux-image-unsigned-[0-9]\.[0-9]\+\.[0-9]\+-[0-9]\+-generic_[^ ]\+amd64\.deb" 27 | 28 | RUN wget http://mirrors.edge.kernel.org/ubuntu/pool/main/l/${KERNEL_PATH}/linux-image-unsigned-${UBUNTU_RELEASE}_${KERNEL_VERSION}.deb && \ 29 | wget http://mirrors.edge.kernel.org/ubuntu/pool/main/l/${KERNEL_MODULE_PATH}/linux-modules-${UBUNTU_RELEASE}_${KERNEL_VERSION}.deb && \ 30 | wget http://mirrors.edge.kernel.org/ubuntu/pool/main/l/${KERNEL_MODULE_PATH}/linux-modules-extra-${UBUNTU_RELEASE}_${KERNEL_VERSION}.deb 31 | 32 | RUN ar x linux-image-unsigned-${UBUNTU_RELEASE}_${KERNEL_VERSION}.deb && \ 33 | tar -xf data.tar && \ 34 | ar x linux-modules-${UBUNTU_RELEASE}_${KERNEL_VERSION}.deb && \ 35 | tar -xf data.tar.xz && \ 36 | ar x linux-modules-extra-${UBUNTU_RELEASE}_${KERNEL_VERSION}.deb && \ 37 | tar -xf data.tar.xz \ 38 | ./lib/modules/${UBUNTU_RELEASE}/kernel/net/ \ 39 | ./lib/modules/${UBUNTU_RELEASE}/kernel/drivers/net/ethernet/ \ 40 | ./lib/modules/${UBUNTU_RELEASE}/kernel/drivers/gpu/ \ 41 | ./lib/modules/${UBUNTU_RELEASE}/kernel/drivers/video/ \ 42 | ./lib/modules/${UBUNTU_RELEASE}/kernel/drivers/net/phy/ \ 43 | ./lib/modules/${UBUNTU_RELEASE}/kernel/drivers/net/wireless/ \ 44 | ./lib/modules/${UBUNTU_RELEASE}/kernel/drivers/misc/mei/ \ 45 | ./lib/modules/${UBUNTU_RELEASE}/kernel/drivers/mmc/ \ 46 | ./lib/modules/${UBUNTU_RELEASE}/kernel/drivers/media/mmc/ \ 47 | ./lib/modules/${UBUNTU_RELEASE}/kernel/drivers/scsi/ \ 48 | ./lib/modules/${UBUNTU_RELEASE}/kernel/drivers/ata/ \ 49 | ./lib/modules/${UBUNTU_RELEASE}/kernel/drivers/block/ \ 50 | ./lib/modules/${UBUNTU_RELEASE}/kernel/drivers/usb/ \ 51 | ./lib/modules/${UBUNTU_RELEASE}/kernel/drivers/virtio/ && \ 52 | for d in lib/modules/*; do depmod -b . $(basename $d); done && \ 53 | cp boot/vmlinuz* /out/kernel && \ 54 | cp boot/config* /out/kernel_config && \ 55 | cp boot/System* /out/System.map && \ 56 | tar cf /out/kernel.tar lib || true 57 | 58 | FROM scratch 59 | ENTRYPOINT [] 60 | CMD [] 61 | WORKDIR / 62 | COPY --from=kernel-builder /out/* / 63 | -------------------------------------------------------------------------------- /dockerfiles/uos/bash/profile_request: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright (C) 2021 Intel Corporation 4 | # SPDX-License-Identifier: BSD-3-Clause 5 | 6 | source /opt/bootstrap/functions 7 | 8 | export CONSOLE_OUTPUT="/dev/kmsg" 9 | 10 | kernel_params=$(cat /proc/cmdline) 11 | 12 | if [[ $kernel_params = *"httpserver="* ]]; then 13 | tmp="${kernel_params##*httpserver=}" 14 | param_httpserver="${tmp%% *}" 15 | else 16 | clear 17 | echo "" 2>&1 | tee -a ${CONSOLE_OUTPUT} 18 | echo "'httpserver' kernel parameter missing in profile_request script!" 19 | sleep 20 20 | reboot 21 | fi 22 | 23 | echo "KERNEL_PARAMS: $kernel_params" 2>&1 |tee -a ${CONSOLE_OUTPUT} 24 | echo "param_httpserver: $param_httpserver" 2>&1 |tee -a ${CONSOLE_OUTPUT} 25 | 26 | param_hwqueries="macaddress cpu" 27 | 28 | #make sure requests is empty 29 | requests="" 30 | 31 | for i in ${param_hwqueries}; do 32 | case ${i} in 33 | "macaddress" ) ethdevice=$(ip route get 8.8.8.8 | awk '{for(i=1;i<=NF;i++) if ($i=="src") print $(i-1)}'); 34 | macaddr=$(cat /sys/class/net/$ethdevice/address); 35 | mac_req="\"mac\":\"$macaddr\""; 36 | requests=${requests}${mac_req};; 37 | # grep for Model name, then remove everythind until ':', then remove the blanks, then remove all after '@', then remove trailing blanks 38 | "cpu" ) cpu_name=$(lscpu |grep "Model name" | sed 's|.*\:\(.*\)|\1|' | sed -e 's/^[ \t]*//' | sed 's/@.*//' | sed 's/ *$//'); 39 | cpu_req="\"cpu\":\"$cpu_name\""; 40 | requests=${requests}${cpu_req};; 41 | esac 42 | requests=${requests}", " 43 | done 44 | 45 | #remove last blank and comma 46 | requests=${requests::-2} 47 | 48 | request_line="curl -d '{${requests}}'i -H \"Content-Type: application/json\" -X POST $param_httpserver:8580/hardwares" 49 | 50 | echo "HTTP request: $request_line" 2>&1 | tee -a ${CONSOLE_OUTPUT} 51 | 52 | response=$(eval $request_line) 53 | 54 | echo "HTTP response: $response" 2>&1 | tee -a ${CONSOLE_OUTPUT} 55 | 56 | profile_url=$(sed 's#.*url":"\([^"{}]*\).*#\1#' <<<$response) 57 | 58 | profile_name=$(sed 's#.*profile/\([^"{}]*\).*#\1#' <<<$profile_url | sed 's#/bootstrap.sh##') 59 | 60 | profile_basebranch=$(sed 's#.*basebranch":"\([^"{}]*\).*#\1#' <<<$response) 61 | 62 | 63 | kernel_params=$(sed "s/##PROFILE##/$profile_name/g" <<<$kernel_params) 64 | 65 | echo "Profile URL: $profile_url" 2>&1 | tee -a ${CONSOLE_OUTPUT} 66 | echo "Profile kernel parameters: $kernel_params" 2>&1 |tee -a ${CONSOLE_OUTPUT} 67 | 68 | profileparams=$(sed 's#.*kernelParams":"\([^"{}]*\).*#\1#' <<<$response) 69 | 70 | profileparams=$profileparams" bootstrap="$profile_url" basebranch="$profile_basebranch 71 | 72 | 73 | kernel_params=$kernel_params" "$profileparams 74 | echo "New kernel cmdline to continue with: $kernel_params" 2>&1 |tee -a ${CONSOLE_OUTPUT} 75 | 76 | echo $kernel_params > /tmp/cmdline 77 | 78 | mount -o bind /tmp/cmdline /proc/cmdline 79 | 80 | -------------------------------------------------------------------------------- /dockerfiles/squid/squid.conf: -------------------------------------------------------------------------------- 1 | # 2 | # Recommended minimum configuration: 3 | # 4 | 5 | # Example rule allowing access from your local networks. 6 | # Adapt to list your (internal) IP networks from where browsing 7 | # should be allowed 8 | acl localnet src 10.0.0.0/8 # RFC1918 possible internal network 9 | acl localnet src 172.16.0.0/12 # RFC1918 possible internal network 10 | acl localnet src 192.168.0.0/16 # RFC1918 possible internal network 11 | acl localnet src fc00::/7 # RFC 4193 local private network range 12 | acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines 13 | 14 | acl SSL_ports port 443 15 | acl Safe_ports port 80 # http 16 | acl Safe_ports port 21 # ftp 17 | acl Safe_ports port 443 # https 18 | acl Safe_ports port 70 # gopher 19 | acl Safe_ports port 210 # wais 20 | acl Safe_ports port 1025-65535 # unregistered ports 21 | acl Safe_ports port 280 # http-mgmt 22 | acl Safe_ports port 488 # gss-http 23 | acl Safe_ports port 591 # filemaker 24 | acl Safe_ports port 777 # multiling http 25 | acl CONNECT method CONNECT 26 | 27 | # 28 | # Recommended minimum Access Permission configuration: 29 | # 30 | # Deny requests to certain unsafe ports 31 | http_access deny !Safe_ports 32 | 33 | # Deny CONNECT to other than secure SSL ports 34 | http_access deny CONNECT !SSL_ports 35 | 36 | # Only allow cachemgr access from localhost 37 | http_access allow localhost manager 38 | http_access deny manager 39 | 40 | # We strongly recommend the following be uncommented to protect innocent 41 | # web applications running on the proxy server who think the only 42 | # one who can access services on "localhost" is a local user 43 | #http_access deny to_localhost 44 | 45 | # 46 | # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS 47 | # 48 | 49 | # Example rule allowing access from your local networks. 50 | # Adapt localnet in the ACL section to list your (internal) IP networks 51 | # from where browsing should be allowed 52 | http_access allow localnet 53 | http_access allow localhost 54 | 55 | # And finally deny all other access to this proxy 56 | http_access deny all 57 | 58 | # Squid normally listens to port 3128 59 | http_port 3128 60 | 61 | # Squid normally listens to port 4128 for ssl bump 62 | http_port 4128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid-cert/private.pem key=/etc/squid-cert/private.pem 63 | ssl_bump server-first all 64 | always_direct allow all 65 | sslcrtd_program /usr/lib/squid/security_file_certgen -s /var/lib/ssl_db -M 4MB 66 | sslcrtd_children 3 startup=1 idle=1 67 | 68 | # Uncomment and adjust the following to add a disk cache directory. 69 | cache_dir ufs /var/cache/squid 5000 16 256 70 | 71 | # Leave coredumps in the first cache dir 72 | coredump_dir /var/cache/squid 73 | 74 | # 75 | # Add any of your own refresh_pattern entries above these. 76 | # 77 | refresh_pattern ^ftp: 1440 20% 10080 78 | refresh_pattern ^gopher: 1440 0% 1440 79 | refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 80 | refresh_pattern . 30 20% 4320 reload-into-ims 81 | 82 | 83 | range_offset_limit 200 MB 84 | maximum_object_size 200 MB 85 | quick_abort_min -1 86 | -------------------------------------------------------------------------------- /dockerfiles/uos/dockerfiles/wlan/init.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright (C) 2021 Intel Corporation 4 | # SPDX-License-Identifier: BSD-3-Clause 5 | 6 | # --- Get kernel parameters --- 7 | kernel_params=$(cat /proc/cmdline) 8 | 9 | if [[ $kernel_params == *"wpacountry="* ]]; then 10 | tmp="${kernel_params##*wpacountry=}" 11 | COUNTRY="${tmp%% *}" 12 | fi 13 | 14 | if [[ $kernel_params == *"wpassid="* ]]; then 15 | tmp="${kernel_params##*wpassid=}" 16 | SSID="${tmp%% *}" 17 | fi 18 | 19 | if [[ $kernel_params == *"wpapsk="* ]]; then 20 | tmp="${kernel_params##*wpapsk=}" 21 | PSK="${tmp%% *}" 22 | fi 23 | 24 | configdir="/run/wpa_supplicant" 25 | configfile="/etc/wpa_supplicant/wpa_supplicant.conf" 26 | configfileTemplate="/opt/wpa_supplicant.conf.template" 27 | 28 | mkdir -p /etc/wpa_supplicant 29 | 30 | cp ${configfileTemplate} ${configfile} 31 | 32 | sed -i -e "s/@@COUNTRY@@/${COUNTRY}/g" ${configfile} 33 | 34 | if [ -d "/sys/class/ieee80211" ] && [ "$(ls -A /sys/class/ieee80211 2>/dev/null )" ]; then 35 | # Note: Can't use wpa_supplicant without WPA; have to disable it then e.g., 36 | # iwconfig wlan0 essid "ietf-hotel" 37 | 38 | if ( ip link show mlan0 > /dev/null 2>&1 ); then 39 | # workaround for mlan0 driver of Advantech 40 | (ip link set mlan0 down ; ip link set mlan0 name wlan0) || /bin/true 41 | fi 42 | if (! ip link show wlan0 | grep up > /dev/null ); then 43 | ip link set wlan0 up 44 | fi 45 | 46 | if [ -n "${SSID}" ] && [ -n "${PSK}" ]; then 47 | cp ${configfileTemplate} ${configfile} 48 | 49 | sed -i -e "s/@@COUNTRY@@/${COUNTRY}/g" ${configfile} 50 | sed -i -e "s/@@SSID@@/${SSID}/g" ${configfile} 51 | sed -i -e "s/@@PSK@@/${PSK}/g" ${configfile} 52 | 53 | if [ -d "${configdir}" ] && [ -f "${configfile}" ]; then 54 | wpa_supplicant -Dwext -iwlan0 -c "${configfile}" -d -B && \ 55 | sleep 1.5 && \ 56 | udhcpc -i wlan0 && \ 57 | cat /etc/resolv.conf > /etc/system-resolv.conf 58 | fi 59 | fi 60 | fi 61 | 62 | while inotifywait -e modify ${configfile}; do 63 | echo "${configfile} has changed. Restarting services" 64 | if [ -d "/sys/class/ieee80211" ] && [ "$(ls -A /sys/class/ieee80211 2>/dev/null )" ]; then 65 | # Note: Can't use wpa_supplicant without WPA; have to disable it then e.g., 66 | # iwconfig wlan0 essid "ietf-hotel" 67 | 68 | if ( ip link show mlan0 > /dev/null 2>&1 ); then 69 | # workaround for mlan0 driver of Advantech 70 | (ip link set mlan0 down ; ip link set mlan0 name wlan0) || /bin/true 71 | fi 72 | if (! ip link show wlan0 | grep up > /dev/null ); then 73 | ip link set wlan0 up 74 | fi 75 | if [ -z "$(pgrep -x "wpa_supplicant")" ]; then 76 | wpa_supplicant -Dwext -iwlan0 -c "${configfile}" -d -B && \ 77 | sleep 1.5 && \ 78 | udhcpc -i wlan0 && \ 79 | cat /etc/resolv.conf > /etc/system-resolv.conf 80 | else 81 | killall -s HUP wpa_supplicant && \ 82 | sleep 1.5 && \ 83 | udhcpc -i wlan0 && \ 84 | cat /etc/resolv.conf > /etc/system-resolv.conf 85 | fi 86 | else 87 | echo "No wireless devices found. Sleeping until restarted." 88 | fi 89 | done -------------------------------------------------------------------------------- /dockerfiles/nginx/init: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Copyright (C) 2020 Intel Corporation 4 | # SPDX-License-Identifier: BSD-3-Clause 5 | 6 | set -e 7 | 8 | prepare_folders() { 9 | echo "Preparing folders..." 10 | mkdir -p /etc/ssl/private/ 11 | mkdir -p /etc/ssl/cert/ 12 | mkdir -p /etc/nginx/conf.d/ 13 | } 14 | 15 | create_cert() { 16 | if [ ! -f /etc/ssl/private/EB_web.key ]; then 17 | echo "Creating certificate..." 18 | # The following is for creating V3 509 Certificates. Does not work with self-signed added to trusted CA 19 | # openssl req -new -newkey rsa:4096 -sha256 -days 3650 -nodes -x509 \ 20 | # -extensions v3_ca -keyout /etc/ssl/private/EB_web.key \ 21 | # -out /etc/ssl/cert/EB_web.crt \ 22 | # -subj "/CN=$CN/O=$O/OU=$OU/C=$C" -utf8 -nameopt multiline,utf8 23 | 24 | openssl req -new -newkey rsa:4096 -sha256 -days 3650 -nodes -x509 \ 25 | -keyout /etc/ssl/private/EB_web.key \ 26 | -out /etc/ssl/cert/EB_web.crt \ 27 | -subj "/CN=$CN/O=$O/OU=$OU/C=$C" -utf8 -nameopt multiline,utf8 28 | 29 | cat /etc/ssl/private/EB_web.key /etc/ssl/cert/EB_web.crt > /etc/ssl/private/EB_web.pem 30 | 31 | openssl x509 -in /etc/ssl/private/EB_web.pem \ 32 | -outform DER -out /etc/ssl/cert/EB_web.der 33 | 34 | openssl x509 -inform DER -in /etc/ssl/cert/EB_web.der \ 35 | -out /etc/ssl/cert/EB_web.pem 36 | 37 | # cp /etc/ssl/private/private.pem /etc/ssl/private/sync.pem 38 | # chmod a+r /etc/ssl/private/sync.pem 39 | 40 | # openssl dhparam -out /etc/nginx/dhparam.pem 4096 41 | else 42 | echo "Certificate found..." 43 | fi 44 | } 45 | 46 | download_cerbot() { 47 | if [ ! -f "/etc/nginx/conf.d/options-ssl-nginx.conf" ] || [ ! -f "/etc/nginx/ssl-dhparams.pem" ]; then 48 | echo "Downloading recommended TLS parameters from Certbot..." 49 | wget -qO - https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/_internal/tls_configs/options-ssl-nginx.conf > /etc/nginx/conf.d/options-ssl-nginx.conf | exit 0 50 | wget -qO - https://raw.githubusercontent.com/certbot/certbot/master/certbot/certbot/ssl-dhparams.pem > /etc/nginx/ssl-dhparams.pem | exit 0 51 | if [ ! -s "/etc/nginx/conf.d/options-ssl-nginx.conf" ] || [ ! -s "/etc/nginx/ssl-dhparams.pem" ]; then 52 | echo "Copying offline version of the file" 53 | cp -rf /tmp/options-ssl-nginx.conf /etc/nginx/conf.d/options-ssl-nginx.conf 54 | cp -rf /tmp/ssl-dhparams.pem /etc/nginx/ssl-dhparams.pem 55 | fi 56 | fi 57 | } 58 | 59 | watch_certs() { 60 | inotifywait -e modify -m /etc/ssl/cert/ | 61 | while read -r directory events filename; do 62 | if [ "${filename}" == "EB_web.crt" ]; then 63 | echo "Certificate updated, reloading Nginx" 64 | nginx -s reload 65 | fi 66 | done 67 | } 68 | 69 | wait_for_conf() { 70 | while (! ls /usr/share/nginx/template/default.conf > /dev/null 2>&1 ); do 71 | echo "Waiting for default.conf file to be created"; 72 | sleep 5; 73 | done 74 | cp /usr/share/nginx/template/default.conf /etc/nginx/conf.d/default.conf 75 | } 76 | 77 | run() { 78 | prepare_folders 79 | create_cert 80 | download_cerbot 81 | wait_for_conf 82 | echo "Starting Nginx..." 83 | nginx-debug -g "daemon off;" & 84 | watch_certs 85 | } 86 | 87 | run 88 | -------------------------------------------------------------------------------- /dockerfiles/uos/bash/functions: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Copyright (C) 2019 Intel Corporation 3 | # SPDX-License-Identifier: BSD-3-Clause 4 | 5 | spinner() { 6 | local pid=$! 7 | local delay=0.08 8 | local spinstr='|/-\' 9 | while [ "$(ps a | awk '{print $1}' | grep $pid)" ]; do 10 | local temp=${spinstr#?} 11 | printf " [%c] " "$spinstr" 2>&1 | tee -a /dev/console 12 | local spinstr=$temp${spinstr%"$temp"} 13 | sleep $delay 14 | printf "\b\b\b\b\b\b" 2>&1 | tee -a /dev/console 15 | done 16 | printf " \b\b\b\b" 2>&1 | tee -a /dev/console 17 | } 18 | 19 | resumeProfile() { 20 | if [ ! -z "${RESUME_PROFILE:+x}" ]; then 21 | if [ -f /target/root/tmp/profile_failed_cmd.txt ]; then 22 | local profile_cmd=$1 23 | local profile_failed_cmd=$(cat /target/root/tmp/profile_failed_cmd.txt) 24 | if [ "${profile_cmd}" = "${profile_failed_cmd}" ]; then 25 | echo "Retrying failed cmd: ${profile_failed_cmd}" | tee -a /dev/console 26 | rm /target/root/tmp/profile_failed_cmd.txt 27 | return 0 28 | elif [[ ! -z "${RESUME_PROFILE_RUN:+x}" && "${RESUME_PROFILE_RUN[@]}" =~ "${profile_cmd}" ]]; then 29 | echo "Run always: ${profile_cmd}" | tee -a /dev/console 30 | return 0 31 | else 32 | echo "Skipping cmd: ${profile_cmd}" | tee -a /dev/console 33 | return 1 34 | fi 35 | else 36 | return 0 37 | fi 38 | else 39 | return 0 40 | fi 41 | } 42 | 43 | run() { 44 | local msg=$1 45 | local runThis=$2 46 | local log=$3 47 | if resumeProfile "${msg}"; then 48 | echo -e "\e[1m\e[4m$(date | awk '{print $4}') - $msg...\e[0m" 2>&1 | tee -a /dev/console 49 | echo "$(date) START: Running $runThis..." >> $log 50 | if [ "$debug" = true ]; then 51 | unbuffer $runThis $verbose | tee -a $log /dev/console 52 | else 53 | (eval $runThis >> $log 2>&1) & 54 | spinner 55 | wait %1 56 | exitcode=$? 57 | if [ $exitcode -ne 0 ]; then 58 | local success=false 59 | else 60 | local success=true 61 | fi 62 | if [ "$success" = false ]; then 63 | IP=$(ip route get 8.8.8.8 | awk 'NR==1 {print $NF}') 64 | echo "$(date) FAILED: Running $runThis..." >> $log 65 | echo -e "\e[1m[\e[31mFAILED: Running $runThis\e[39m]" 2>&1 | tee -a /dev/console 66 | echo -e "\e[1mPress 'enter' to login to the console or SSH into $IP using username 'root' and password as 'uos'. After logging in, check the file $log." 2>&1 | tee -a /dev/console 67 | echo ${msg} > /target/root/tmp/profile_failed_cmd.txt 68 | exit 1 69 | else 70 | echo "$(date) SUCCESS: Running $runThis..." >> $log 71 | echo -e "\e[1m[\e[32msuccess\e[39m]" 2>&1 | tee -a /dev/console 72 | fi 73 | fi 74 | else 75 | echo "$(date) Skip running $msg..." >> $log 76 | fi 77 | } 78 | 79 | runProgress() { 80 | local msg=$1 81 | local runThis=$2 82 | local log=$3 83 | echo -e "\e[1m\e[4m$(date | awk '{print $4}') - $msg...\e[0m" 2>&1 | tee -a /dev/console 84 | echo "$(date) START: Running $runThis..." >> $log 85 | eval $runThis 2>&1 | tee -a $log /dev/console 86 | exitcode=$? 87 | if [ $exitcode -ne 0 ]; then 88 | local success=false 89 | else 90 | local success=true 91 | fi 92 | if [ "$success" = false ]; then 93 | IP=$(ip route get 8.8.8.8 | awk 'NR==1 {print $NF}') 94 | echo "$(date) FAILED: Running $runThis..." >> $log 95 | echo -e "\e[1m[\e[31mFAILED: Running $runThis\e[39m]" 2>&1 | tee -a /dev/console 96 | echo -e "\e[1mPress 'enter' to login to the console or SSH into $IP using username 'root' and password as 'uos'. After logging in, check the file $log." 2>&1 | tee -a /dev/console 97 | exit 1 98 | else 99 | echo "$(date) SUCCESS: Running $runThis..." >> $log 100 | echo -e "\e[1m[\e[32msuccess\e[39m]" 2>&1 | tee -a /dev/console 101 | fi 102 | } 103 | -------------------------------------------------------------------------------- /scripts/dynamicprofile.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright (C) 2021 Intel Corporation 4 | # SPDX-License-Identifier: BSD-3-Clause 5 | 6 | # This file contains the logic for the dynamic profile use case. 7 | 8 | export DYN_PROF_DATA="data/dyn-profile" 9 | export DYN_PROF_IPFILE="localIp" 10 | 11 | 12 | getIp() { 13 | 14 | if [[ -z "${builder_config_interface+x}" ]]; then 15 | echo $(ip route get 8.8.8.8 | awk '{for(i=1;i<=NF;i++) if ($i=="src") print $(i+1)}') 16 | else 17 | echo $(ip route |grep ${builder_config_interface} |grep src |awk '{for(i=1;i<=NF;i++) if ($i=="src") print $(i+1)}') 18 | fi 19 | } 20 | 21 | setDynamicProfileArgs() { 22 | 23 | local ipAddr=$(getIp) 24 | local kernelArgs="" 25 | local proxyArgs="" 26 | local noproxyArgs="" 27 | local ttyArg="console=tty0" 28 | local httpserverArg="httpserver=${ipAddr}" 29 | local uosInitrdKernelArg="initrd=http://${ipAddr}/tftp/images/uos/initrd" 30 | local httpFilesPathArg="httppath=/files/##PROFILE##" 31 | local dynamicprofile="true" 32 | 33 | local kernelPath="http://${ipAddr}/tftp/images/uos/vmlinuz" 34 | local pxeMenuFile="${TFTP_ROOT}/pxelinux.cfg/default" 35 | local pxeLegacyMenuFile="${TFTP_ROOT}/pxelinux.cfg_legacy/default" 36 | 37 | local kernelLine=" KERNEL ${kernelPath}" 38 | echo "${kernelLine}" >> ${pxeMenuFile} 39 | kernelArgs="${uosInitrdKernelArg} ${ttyArg} dynamicprofile=true ${httpserverArg} ${httpFilesPathArg} ${kernelArgs}" 40 | 41 | # If proxy args exist, add kernel parameters to pass along the proxy settings 42 | if [ ! -z "${HTTPS_PROXY+x}" ] || [ ! -z "${HTTP_PROXY+x}" ]; then 43 | if [ ! -z "${HTTPS_PROXY+x}" ]; then 44 | proxyArgs="proxy=${HTTPS_PROXY}" 45 | else 46 | proxyArgs="proxy=${HTTP_PROXY}" 47 | fi 48 | fi 49 | if [ ! -z "${FTP_PROXY+x}" ]; then 50 | proxyArgs="${proxyArgs} proxysocks=${FTP_PROXY}" 51 | fi 52 | if [ ! -z "${NO_PROXY+x}" ] || [ ! -z "${no_proxy+x}" ]; then 53 | if [ ! -z "${NO_PROXY+x}" ]; then 54 | noproxyArgs="noproxy=${NO_PROXY}" 55 | else 56 | noproxyArgs="noproxy=${no_proxy}" 57 | fi 58 | fi 59 | if [ ! -z "${proxyArgs}" ]; then 60 | kernelArgs="${kernelArgs} ${proxyArgs}" 61 | fi 62 | if [ ! -z "${noproxyArgs}" ]; then 63 | kernelArgs="${kernelArgs} ${noproxyArgs}" 64 | fi 65 | # profileQueries="profileQueries=" 66 | # if [[ ${builder_config_dynamic_profile__hw_queries[@]} != 0 ]];then 67 | # local i=0 68 | # for query in ${builder_config_dynamic_profile__hw_queries[@]}; do 69 | # if [[ ${i} != 0 ]];then 70 | # profileQueries="${profileQueries}," 71 | # fi 72 | # profileQueries="${profileQueries}${query}" 73 | # i=$((i+1)) 74 | # done 75 | # kernelArgs="${kernelArgs} ${profileQueries}" 76 | # fi 77 | local appendLine=" APPEND ${kernelArgs}" 78 | echo "${appendLine}" >> ${pxeMenuFile} 79 | 80 | cat ${pxeMenuFile} \ 81 | | sed 's#KERNEL http://[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}/tftp/#KERNEL /#g' \ 82 | | sed 's#APPEND initrd=http://[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}/tftp/#APPEND initrd=/#g' \ 83 | | sed 's#LINUX http://[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}/tftp/#LINUX /#g' \ 84 | | sed 's#INITRD http://[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}/tftp/#INITRD /#g' \ 85 | > ${pxeLegacyMenuFile} 86 | 87 | if [[ ! -d "${DYN_PROF_DATA}" ]]; then 88 | mkdir -p ${DYN_PROF_DATA} 89 | fi 90 | 91 | echo "HOST_IP=$(getIp)" >> ${ENV_FILE} 92 | } 93 | 94 | exportProfileInfo() { 95 | 96 | if [[ -z "${builder_config_dynamic_profile_url+x}" ]];then 97 | builder_config_dynamic_profile_url="/conf/dynamic_profiles.json" 98 | fi 99 | 100 | if [[ ! -d "${DYN_PROF_DATA}" ]]; then 101 | mkdir -p ${DYN_PROF_DATA} 102 | fi 103 | 104 | echo "DYN_URL=${builder_config_dynamic_profile_url}" >> ${ENV_FILE} 105 | if [[ "${builder_config_dynamic_profile_token+x}" != "" && "${builder_config_dynamic_profile_user+x}" != "" ]]; then 106 | echo "DYN_URL_USER=${builder_config_dynamic_profile_user}" >> ${ENV_FILE} 107 | echo "DYN_URL_TOKEN=${builder_config_dynamic_profile_token}" >> ${ENV_FILE} 108 | fi 109 | 110 | } 111 | -------------------------------------------------------------------------------- /Jenkinsfile: -------------------------------------------------------------------------------- 1 | pipeline { 2 | agent { label 'rbhe' } 3 | stages { 4 | stage('Build') { 5 | environment { 6 | DOCKER_BUILD_ARGS = '--build-arg http_proxy --build-arg https_proxy' // add --no-cache for a clean build 7 | } 8 | steps { 9 | // This really should be pulled out into a script in the source code repo 10 | // like ./ci-build.sh or something similar 11 | sh ''' 12 | docker build ${DOCKER_BUILD_ARGS} -t edgebuilder-aws-cli dockerfiles/aws-cli 13 | docker build ${DOCKER_BUILD_ARGS} -t edgebuilder-wget dockerfiles/wget 14 | docker build ${DOCKER_BUILD_ARGS} -t edgebuilder-git dockerfiles/git 15 | docker build ${DOCKER_BUILD_ARGS} -t edgebuilder-dnsmasq dockerfiles/dnsmasq 16 | docker build ${DOCKER_BUILD_ARGS} -t edgebuilder-squid dockerfiles/squid 17 | docker build ${DOCKER_BUILD_ARGS} -t edgebuilder-web dockerfiles/nginx 18 | docker build ${DOCKER_BUILD_ARGS} -t edgebuilder-gitea dockerfiles/gitea 19 | docker build ${DOCKER_BUILD_ARGS} -t edgebuilder-qemu dockerfiles/qemu 20 | docker build ${DOCKER_BUILD_ARGS} -t edgebuilder-smb dockerfiles/smb 21 | 22 | # just need to trick the core builder. This image will not run, just needs to be built to be scanned by Snyk 23 | for dir in conf data dockerfiles/core scripts template; do mkdir -p dockerfiles/core/files/${dir}; done 24 | cp ./*.sh dockerfiles/core/files/ 25 | cp ./dockerfiles/core/init.sh dockerfiles/core/files/dockerfiles/core/init.sh 26 | docker build ${DOCKER_BUILD_ARGS} -t edgebuilder-core dockerfiles/core 27 | rm -rf dockerfiles/core/files 28 | 29 | # just need to trick the certbot builder. This image will not run, just needs to be built to be scanned by Snyk 30 | mkdir -p dockerfiles/certbot/scripts 31 | docker build ${DOCKER_BUILD_ARGS} -t edgebuilder-certbot dockerfiles/certbot 32 | rm -rf dockerfiles/certbot/scripts 33 | 34 | docker images | grep "edgebuilder" 35 | ''' 36 | } 37 | } 38 | 39 | stage('Static Code Scan') { 40 | when { 41 | expression { env.GIT_BRANCH == 'master' } 42 | } 43 | stages { 44 | stage('Prep Snyk Env') { 45 | steps { 46 | script { 47 | def _files = [ 48 | 'edgebuilder-aws-cli': 'dockerfiles/aws-cli/Dockerfile', 49 | 'edgebuilder-wget': 'dockerfiles/wget/Dockerfile', 50 | 'edgebuilder-git': 'dockerfiles/git/Dockerfile', 51 | 'edgebuilder-dnsmasq': 'dockerfiles/dnsmasq/Dockerfile', 52 | 'edgebuilder-squid': 'dockerfiles/squid/Dockerfile', 53 | 'edgebuilder-web': 'dockerfiles/nginx/Dockerfile', 54 | 'edgebuilder-gitea': 'dockerfiles/gitea/Dockerfile', 55 | 'edgebuilder-qemu': 'dockerfiles/qemu/Dockerfile', 56 | 'edgebuilder-smb': 'dockerfiles/smb/Dockerfile', 57 | 'edgebuilder-core': 'dockerfiles/core/Dockerfile', 58 | 'edgebuilder-certbot': 'dockerfiles/certbot/Dockerfile', 59 | ] 60 | 61 | env.SNYK_MANIFEST_FILE = _files.collect { k,v -> v }.join(',') 62 | env.SNYK_PROJECT_NAME = _files.collect { k,v -> "${k}-docker" }.join(',') 63 | env.SNYK_DOCKER_IMAGE = _files.collect { k,v -> k }.join(',') 64 | 65 | env.SNYK_ALLOW_LONG_PROJECT_NAME = 'true' 66 | env.SNYK_SEVERITY_THRESHOLD_CVE = 'high' 67 | } 68 | } 69 | } 70 | 71 | stage('Scan') { 72 | environment { 73 | SCANNERS = 'protex,snyk' 74 | PROJECT_NAME = 'NEX – Container First Architecture' 75 | } 76 | steps { 77 | rbheStaticCodeScan() 78 | } 79 | } 80 | 81 | stage('Virus Scan') { 82 | steps { 83 | script { 84 | virusScan { 85 | dir = '.' 86 | } 87 | } 88 | } 89 | } 90 | } 91 | } 92 | } 93 | } -------------------------------------------------------------------------------- /scripts/pxemenuutils.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright (C) 2019 Intel Corporation 4 | # SPDX-License-Identifier: BSD-3-Clause 5 | 6 | # This file is intended to contain functions that assist with the management 7 | # of the PXE boot menu. 8 | 9 | # If running this file alone, uncomment these lines: 10 | # source "fileutils.sh" 11 | # source "textutils.sh" 12 | 13 | genPxeMenuHead() { 14 | makeDirectory "${TFTP_ROOT}/pxelinux.cfg" 15 | cp "./template/pxelinux.cfg/default.head" "${TFTP_ROOT}/pxelinux.cfg/tmp_default" 16 | } 17 | 18 | genIpxeMenuHead() { 19 | makeDirectory "${WEB_ROOT}" 20 | cp "./template/ipxe/menu.ipxe.head" "${WEB_ROOT}/tmp_menu.ipxe" 21 | } 22 | 23 | genPxeMenuTail() { 24 | if [ -f "${TFTP_ROOT}/pxelinux.cfg/tmp_default" ]; then 25 | cat "./template/pxelinux.cfg/default.tail" >> "${TFTP_ROOT}/pxelinux.cfg/tmp_default" 26 | else 27 | cp "./template/pxelinux.cfg/default.head" "${TFTP_ROOT}/pxelinux.cfg/tmp_default" 28 | cat "./template/pxelinux.cfg/default.tail" >> "${TFTP_ROOT}/pxelinux.cfg/tmp_default" 29 | fi 30 | } 31 | 32 | genIpxeMenuMiddle() { 33 | if [ -f "${WEB_ROOT}/tmp_menu.ipxe" ]; then 34 | cat "./template/ipxe/menu.ipxe.middle" >> "${WEB_ROOT}/tmp_menu.ipxe" 35 | else 36 | cp "./template/ipxe/menu.ipxe.head" "${WEB_ROOT}/tmp_menu.ipxe" 37 | cat "./template/ipxe/menu.ipxe.middle" >> "${WEB_ROOT}/tmp_menu.ipxe" 38 | fi 39 | } 40 | 41 | cleanupTmpPxeMenu() { 42 | if [ -f "${TFTP_ROOT}/pxelinux.cfg/tmp_default" ]; then 43 | rm "${TFTP_ROOT}/pxelinux.cfg/tmp_default" 44 | fi 45 | if [ -f "${TFTP_ROOT}/pxelinux.cfg/tmp_default.modified" ]; then 46 | rm "${TFTP_ROOT}/pxelinux.cfg/tmp_default.modified" 47 | fi 48 | } 49 | 50 | updatePxeMenu() { 51 | if [ -f "${TFTP_ROOT}/pxelinux.cfg/tmp_default" ]; then 52 | cp "${TFTP_ROOT}/pxelinux.cfg/tmp_default" "${TFTP_ROOT}/pxelinux.cfg/default" 53 | # makeDirectory "${TFTP_ROOT}/efi64/pxelinux.cfg" 54 | # cp "${TFTP_ROOT}/pxelinux.cfg/tmp_default" "${TFTP_ROOT}/efi64/pxelinux.cfg/default" 55 | fi 56 | cleanupTmpPxeMenu 57 | } 58 | 59 | updateIpxeMenu() { 60 | if [ -f "${WEB_ROOT}/tmp_menu.ipxe" ]; then 61 | mv "${WEB_ROOT}/tmp_menu.ipxe" "${WEB_ROOT}/menu.ipxe" 62 | fi 63 | if [ -f "${WEB_ROOT}/tmp_menu.ipxe.modified" ]; then 64 | mv "${WEB_ROOT}/tmp_menu.ipxe.modified" "${WEB_ROOT}/menu.ipxe" 65 | fi 66 | } 67 | 68 | # The usage for this is a little strange. 69 | # If you are using this with spaces, 70 | # you need to make sure you wrap the input 71 | # with escaped quotes: \" \" 72 | # 73 | # for example: 74 | # addLineToPxeMenu "\"Do this thing\"" 75 | addLineToPxeMenu() { 76 | local line=$1 77 | 78 | # The input value of line will contain quotes, so trim them now 79 | # local trimmed_line=$(docker run --rm -t alpine:3.9 echo "${line}" | awk -F\" '{ print $2 }') 80 | local trimmed_line=$(echo "${line}" | awk -F\" '{ print $2 }') 81 | 82 | # Write to file 83 | echo "${trimmed_line}" >> "${TFTP_ROOT}/pxelinux.cfg/tmp_default" 84 | } 85 | 86 | addLineToIpxeMenu() { 87 | local line=$1 88 | 89 | # The input value of line will contain quotes, so trim them now 90 | # local trimmed_line=$(docker run --rm -t alpine:3.9 echo "${line}" | awk -F\" '{ print $2 }') 91 | local trimmed_line=$(echo "${line}" | awk -F\" '{ print $2 }') 92 | 93 | # Write to file 94 | echo "${trimmed_line}" >> "${WEB_ROOT}/tmp_menu.ipxe" 95 | } 96 | 97 | addLineToVirtualPxeMenu() { 98 | local line=$1 99 | 100 | # The input value of line will contain quotes, so trim them now 101 | # local trimmed_line=$(docker run --rm -t alpine:3.9 echo "${line}" | awk -F\" '{ print $2 }') 102 | local trimmed_line=$(echo "${line}" | awk -F\" '{ print $2 }') 103 | 104 | # Write to file 105 | echo "${trimmed_line}" 106 | } 107 | 108 | # When --boot-profile set this will make the PXE menu boot a specific profile 109 | replaceDefaultPXEboot() { 110 | local number=$1 111 | 112 | sed -i "s#TIMEOUT 200#TIMEOUT 20#" ${TFTP_ROOT}/pxelinux.cfg/tmp_default 113 | sed -i "s#ONTIMEOUT local#ONTIMEOUT ${number}#" ${TFTP_ROOT}/pxelinux.cfg/tmp_default 114 | } 115 | 116 | # When --boot-profile set this will make the PXE menu boot a specific profile 117 | replaceDefaultIPXEboot() { 118 | local goto=$1 119 | 120 | sed -i "s#menu-default local#menu-default ${goto}#" ${WEB_ROOT}/tmp_menu.ipxe 121 | sed -i "s|menu-timeout 20000|menu-timeout 2000|" ${WEB_ROOT}/tmp_menu.ipxe 122 | } 123 | 124 | # Helper function to return the location of the staging file for the PXE menu 125 | getTmpPxeMenuLocation() { 126 | echo "${TFTP_ROOT}/pxelinux.cfg/tmp_default" 127 | } 128 | 129 | # Helper function to return the location of the staging file for the PXE menu 130 | getTmpIpxeMenuLocation() { 131 | echo "${WEB_ROOT}/tmp_menu.ipxe" 132 | } 133 | -------------------------------------------------------------------------------- /dockerfiles/uos/bash/init: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright (C) 2019 Intel Corporation 4 | # SPDX-License-Identifier: BSD-3-Clause 5 | 6 | source /opt/bootstrap/functions 7 | 8 | export CONSOLE_OUTPUT="/dev/kmsg" 9 | 10 | kernel_params=$(cat /proc/cmdline) 11 | if [[ $kernel_params = *"bootstrap="* ]]; then 12 | tmp="${kernel_params##*bootstrap=}" 13 | param_bootstrap="${tmp%% *}" 14 | else 15 | clear 16 | echo "" 2>&1 | tee -a ${CONSOLE_OUTPUT} 17 | echo "'bootstrap' kernel parameter missing!" 2>&1 | tee -a ${CONSOLE_OUTPUT} 18 | sleep 30 19 | # reboot 20 | fi 21 | 22 | if [[ $kernel_params = *"httpserver="* ]]; then 23 | tmp="${kernel_params##*httpserver=}" 24 | param_httpserver="${tmp%% *}" 25 | else 26 | clear 27 | echo "" 2>&1 | tee -a ${CONSOLE_OUTPUT} 28 | echo "'httpserver' kernel parameter missing!" 2>&1 | tee -a ${CONSOLE_OUTPUT} 29 | sleep 30 30 | # reboot 31 | fi 32 | 33 | if [[ $kernel_params = *" proxy="* ]]; then 34 | tmp="${kernel_params##* proxy=}" 35 | param_proxy="${tmp%% *}" 36 | 37 | export http_proxy=${param_proxy} 38 | export https_proxy=${param_proxy} 39 | export no_proxy="localhost,127.0.0.1,${param_httpserver}" 40 | export HTTP_PROXY=${param_proxy} 41 | export HTTPS_PROXY=${param_proxy} 42 | export NO_PROXY="localhost,127.0.0.1,${param_httpserver}" 43 | fi 44 | 45 | if [[ $kernel_params == *" noproxy="* ]]; then 46 | tmp="${kernel_params##* noproxy=}" 47 | export param_noproxy="${tmp%% *}" 48 | export no_proxy="${param_noproxy},${param_httpserver}" 49 | export NO_PROXY="${param_noproxy},${param_httpserver}" 50 | fi 51 | 52 | if [[ $kernel_params = *"token="* ]]; then 53 | tmp="${kernel_params##*token=}" 54 | param_token="${tmp%% *}" 55 | fi 56 | 57 | if [[ $kernel_params = *" logserver="* ]]; then 58 | tmp="${kernel_params##*logserver=}" 59 | param_logserver="${tmp%% *}" 60 | fi 61 | 62 | if [ $( nc -vz ${param_httpserver} 80; echo $?; ) -ne 0 ] && [ $( nc -vz ${param_httpserver} 443; echo $?; ) -ne 0 ]; then 63 | echo "" 2>&1 | tee -a ${CONSOLE_OUTPUT} 64 | echo "No routable network interface found." 2>&1 | tee -a ${CONSOLE_OUTPUT} 65 | echo -e "Routes:\n$(ip route show)\n\nLANs:\n$(ip -o -4 addr list)\n" 2>&1 | tee -a ${CONSOLE_OUTPUT} 66 | 67 | if [ -d "/sys/class/ieee80211" ] && [ "$(ls -A /sys/class/ieee80211 2>/dev/null )" ]; then 68 | if [ -f /opt/bootstrap/init.done ]; then 69 | rm /opt/bootstrap/init.done 70 | fi 71 | 72 | touch /opt/bootstrap/wifi-scan.run 73 | until [ -f /opt/bootstrap/wifi-scan.done ]; do 74 | echo "Waiting for wifi-scan to finish." 2>&1 | tee -a ${CONSOLE_OUTPUT} 75 | sleep 5 76 | done 77 | fi 78 | fi 79 | touch /opt/bootstrap/init.done 80 | 81 | if [ ! -z ${param_logserver+x} ]; then 82 | 83 | if ( ! docker pull intel/esp-logging-agent > /dev/null 2>&1 ); then 84 | if (wget --no-check-certificate --method=HEAD https://${param_httpserver}/containers/intel_esp-logging-agent.tar.gz 2>&1 | grep "200 OK"); then 85 | wget --no-check-certificate -O- https://${param_httpserver}/containers/intel_esp-logging-agent.tar.gz | docker load 86 | fi 87 | fi 88 | 89 | if docker images | grep intel/esp-logging-agent; then 90 | if [ ! -z ${param_proxy+x} ]; then 91 | docker run -d \ 92 | -v /dev:/dev \ 93 | -v /tmp:/tmp \ 94 | -e http_proxy=${http_proxy} \ 95 | -e https_proxy=${https_proxy} \ 96 | -e no_proxy=${no_proxy} \ 97 | -e HTTP_PROXY=${HTTP_PROXY} \ 98 | -e HTTPS_PROXY=${HTTPS_PROXY} \ 99 | -e NO_PROXY=${NO_PROXY} \ 100 | -e LOGGING_SERVER=${param_logserver} \ 101 | --privileged \ 102 | --restart=always \ 103 | --name provisioning_logging_agent \ 104 | intel/esp-logging-agent 105 | else 106 | docker run -d \ 107 | -v /dev:/dev \ 108 | -v /tmp:/tmp \ 109 | -e LOGGING_SERVER=${param_logserver} \ 110 | --privileged \ 111 | --restart=always \ 112 | --name provisioning_logging_agent \ 113 | intel/esp-logging-agent 114 | fi 115 | fi 116 | fi 117 | 118 | if [ $( nc -vz ${param_httpserver} 80; echo $?; ) -ne 0 ] && [ $( nc -vz ${param_httpserver} 443; echo $?; ) -ne 0 ]; then 119 | echo "Unable to connect to ${param_httpserver} and the network is up. Verify the service is up and running." 2>&1 | tee -a ${CONSOLE_OUTPUT} 120 | echo "" 2>&1 | tee -a ${CONSOLE_OUTPUT} 121 | echo -e "IP Address:\n$(ip -o -4 addr list $(ip route show 0.0.0.0/0 | awk '{print $5}') | head -1 | awk '{print $4}' | cut -d/ -f1)\n\nRoutes:\n$(ip route show)\n\nLANs:\n$(ip -o -4 addr list)\n" 2>&1 | tee -a ${CONSOLE_OUTPUT} 122 | else 123 | if [ $( nc -vz ${param_httpserver} 443; echo $?; ) -eq 0 ]; then 124 | wget --no-check-certificate --header "Authorization: token ${param_token}" -O - ${param_bootstrap/http:/https:} 2> ${CONSOLE_OUTPUT} | bash -s - $param_httpserver 125 | else 126 | wget --header "Authorization: token ${param_token}" -O - ${param_bootstrap/https:/http:} 2> ${CONSOLE_OUTPUT} | bash -s - $param_httpserver 127 | fi 128 | fi 129 | -------------------------------------------------------------------------------- /conf/config.sample.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | # Copyright (C) 2019 Intel Corporation 4 | # SPDX-License-Identifier: BSD-3-Clause 5 | 6 | # If omitted, the build script automatically sets the first 7 | # three octets (x.x.x.1) by inspecting an arbitrary outbound IP route. 8 | # This default behavior may not work if your network 9 | # is not a /24, so make sure to specify here if needed. 10 | 11 | # The following are optional and automatically discovered 12 | # dhcp_range_minimum: 192.168.1.100 13 | # dhcp_range_maximum: 192.168.1.250 14 | # network_broadcast_ip: 192.168.1.255 15 | # network_gateway_ip: 192.168.1.1 16 | 17 | # If omitted, host_ip is automatically determined 18 | # host_ip: 192.168.1.11 19 | 20 | # If omitted, defaults to 8.8.8.8 21 | # Note that the primary DNS is always host_ip 22 | # network_dns_primary: 8.8.4.4 23 | # network_dns_secondary: 8.8.8.8 24 | 25 | # Let's Encrypt Certificates TLS for Web Services 26 | # letsencrypt_enabled: true 27 | # letsencrypt_email: email@example.com 28 | # This specifies that you agree to ACME’s Subscriber Agreement. 29 | # letsencrypt_agree_to: true 30 | # This tells Certbot that you do not wish to share your email with the Electronic Frontier Foundation (EFF). 31 | # letsencrypt_no_eff_email: true 32 | # This tells Certbot that you would like to use Let’s Encrypt’s staging environment to obtain test certificates. 33 | # letsencrypt_staging: false 34 | 35 | # If ommited, the default ethernet interface is used. 36 | # BE AWARE: ESP will set up a dnsmasq service. Any other dnsmasq service have 37 | # to be stopped or bound to a different device as the one you 38 | # configure below. 39 | # Alternativly, you can use iptables to address this as well. That is 40 | # out of scope for this application 41 | 42 | # interface: enp2s0 43 | 44 | # remote_logging_server is the remote Fluent-Bit instance which collects logs of provisioning process. Must be an FQDN or IP Address. 45 | # remote_logging_service_uri is the remote Fluent-Bit instance URI path for collection. Defaults to "edgenode_provisioning" 46 | # To disable fluent logging service in ESP, set "disable_fluent_logging: true" in the below section. 47 | 48 | # remote_logging_server: (must be an FQDN or IP Address) 49 | # remote_logging_service_uri: (path to receiving service) 50 | 51 | # This section is used to enable dynamic profile association. Please read the instructions on 52 | # how to use here: https://github.com/intel/Edge-Software-Provisioner#dynamic-profile 53 | # You can modify the file conf/dynamic_profiles.json or place this on github location. After 54 | # pxe boot, the ESP uOS will get the desired parameters from the hardware, send it back to the 55 | # intel/esp-dyn-profile service, which will then provide the desired profile location 56 | 57 | # dynamic_profile: 58 | # enabled: true 59 | # url: "" 60 | # user: "" 61 | # token: "" 62 | 63 | # This section is used to enable the support to assign fixed ip addresses based on mac addresses. 64 | # The template array below shows how it should be configured. The dnsmasq.conf file of ESP will 65 | # then be adapted to have the "dhcp-host" entries. 66 | 67 | # ip_mapping: 68 | # - mac: 00:11:22:33:44:55 69 | # ip: 192.168.100.200 70 | # - mac: 01:12:23:24:25:26 71 | # ip: 192.168.100.220 72 | 73 | # This section is used to disable services not being used. By default they are all enabled. 74 | # disable_uos_wifi: false 75 | # disable_gitea: false 76 | # disable_aws_cli: false 77 | # disable_qemu: false 78 | # disable_smb: false 79 | # disable_dnsmasq: false 80 | # disable_dyn_profile: false 81 | disable_fluent_logging: true 82 | 83 | # This is for airgap condition,profiles in local 84 | # airgapped_mode: true 85 | 86 | # Please make sure to define ALL of the variables below, even if they 87 | # are empty. Otherwise, this application will not be configured properly. 88 | profiles: 89 | - git_remote_url: https://github.com/intel/esp-profile-clearlinux.git 90 | profile_branch: desktop 91 | profile_base_branch: master 92 | # Username and token can be empty by specifying "" 93 | git_username: YOUR_USERNAME 94 | git_token: YOUR_TOKEN 95 | # This is the name that will be shown on the PXE menu (NOTE: No Spaces) 96 | name: Clear_Linux_desktop 97 | # Can optionally specify empty values "" like this: 98 | # custom_git_arguments: "" 99 | custom_git_arguments: --depth=1 100 | 101 | - git_remote_url: https://github.com/intel/esp-profile-clearlinux.git 102 | profile_branch: legacy 103 | profile_base_branch: None 104 | # Username and token can be empty by specifying "" 105 | git_username: YOUR_USERNAME 106 | git_token: YOUR_TOKEN 107 | # This is the name that will be shown on the PXE menu (NOTE: No Spaces) 108 | name: Clear_Linux_desktop 109 | # Can optionally specify empty values "" like this: 110 | # custom_git_arguments: "" 111 | custom_git_arguments: --depth=1 112 | -------------------------------------------------------------------------------- /dockerfiles/core/init.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright (C) 2019 Intel Corporation 4 | # SPDX-License-Identifier: BSD-3-Clause 5 | 6 | renew_certs() { 7 | while :; do 8 | sleep 6h; 9 | docker exec $(docker ps | grep _certbot_1 | awk '{print $NF}' | head -n 1) certbot renew; 10 | done 11 | } 12 | 13 | # If Lets Encrypt is enabled run job to check every 6 hours to renew certificate as recommend by Lets Encrypt Certbot 14 | if ( cat ${BUILDER_PATH}/conf/config.yml | grep letsencrypt_enabled | grep true | grep -v \# > /dev/null ); then 15 | echo "Spinning up Certbot certificate renewal checking service." 16 | renew_certs & 17 | fi 18 | 19 | # Make sure ISO memdisk is in the correct location 20 | if [ ! -f ${BUILDER_PATH}/data/srv/tftp/images/iso/memdisk ]; then 21 | mkdir -p ${BUILDER_PATH}/data/srv/tftp/images/iso/ 22 | cp /usr/share/syslinux/memdisk ${BUILDER_PATH}/data/srv/tftp/images/iso/memdisk 23 | fi 24 | 25 | # Make sure iPXE is in the correct location 26 | if [ ! -f ${BUILDER_PATH}/data/srv/tftp/images/ipxe/ipxe.lkrn ]; then 27 | mkdir -p ${BUILDER_PATH}/data/srv/tftp/images/ipxe/ 28 | cp /usr/share/ipxe/ipxe.lkrn ${BUILDER_PATH}/data/srv/tftp/images/ipxe/ipxe.lkrn 29 | fi 30 | 31 | # Make sure iPXE is in the correct location 32 | if [ ! -f ${BUILDER_PATH}/data/srv/tftp/images/ipxe/wimboot ]; then 33 | mkdir -p ${BUILDER_PATH}/data/srv/tftp/images/ipxe/ 34 | cp /usr/share/ipxe/wimboot ${BUILDER_PATH}/data/srv/tftp/images/ipxe/wimboot 35 | fi 36 | 37 | if [ ! -f ${BUILDER_PATH}/data/usr/share/nginx/html/mbr.bin ]; then 38 | mkdir -p ${BUILDER_PATH}/data/usr/share/nginx/html/ 39 | cp /usr/share/syslinux/mbr.bin ${BUILDER_PATH}/data/usr/share/nginx/html/mbr.bin 40 | fi 41 | 42 | # Old method of detecting if this running from a container 43 | # if [ "${TAG_PREFIX}" != "esp-dnsmasq" ]; then 44 | 45 | if [ ! -d ${BUILDER_PATH}/root/.git ] && [ ! -f ${BUILDER_PATH}/root/.git ]; then 46 | if [ ! -f ${BUILDER_PATH}/template/pxe_bg.png ]; then 47 | echo "Copying templates..." 48 | cp -a /opt/core/template/* ${BUILDER_PATH}/template/ 49 | fi 50 | 51 | if [ ! -f ${BUILDER_PATH}/conf/config.yml ]; then 52 | echo "Copying configs..." 53 | cp -a /opt/core/conf/* ${BUILDER_PATH}/conf/ 54 | fi 55 | 56 | rsync -rtc /opt/core/build.sh ${BUILDER_PATH}/ 57 | rsync -rtc /opt/core/build.sh ${BUILDER_PATH}/root/ 58 | rsync -rtc /opt/core/scripts ${BUILDER_PATH}/ 59 | rsync -rtc /opt/core/scripts ${BUILDER_PATH}/root/ 60 | rsync -rtc /opt/core/dockerfiles ${BUILDER_PATH}/ 61 | rsync -rtc ${BUILDER_PATH}/root/docker-compose.yml ${BUILDER_PATH}/ 62 | 63 | # Make sure UOS is in the correct location 64 | if [ ! -f ${BUILDER_PATH}/data/srv/tftp/images/uos/vmlinuz ]; then 65 | rsync -rtc /opt/core/data/ ${BUILDER_PATH}/data/ 66 | fi 67 | 68 | TAG_PREFIX_TMP=$(docker ps | grep esp-core | awk '{print $2}' | head -n 1) 69 | TAG_POSTFIX=$(echo ${TAG_PREFIX_TMP} | awk -F ':' '{print $2}') 70 | TAG_PREFIX=${TAG_PREFIX_TMP/\/esp-core:${TAG_POSTFIX}/} 71 | 72 | IMAGES="${CONTAINER_IMAGES}" 73 | if [ "${TAG_PREFIX}" != "" ] && [ "${TAG_PREFIX}" != "${TAG_PREFIX_TMP}" ]; then 74 | for image in ${IMAGES}; do 75 | if ( docker images | grep "${image} " > /dev/null 2>&1 ); then 76 | echo "docker image ${image} exists." 77 | elif ( ! docker pull ${image} > /dev/null 2>&1 ); then 78 | echo "docker image ${image} is unavailable for pulling." 79 | fi 80 | echo "docker image ${image} downloaded." 81 | stip_postfix=${image/:${TAG_POSTFIX}/} 82 | orig_image=${stip_postfix/${TAG_PREFIX}\//intel\/} 83 | docker tag ${image} ${orig_image} 84 | done 85 | fi 86 | 87 | cd ${BUILDER_PATH} && ./build.sh -C -S -P -g 88 | rsync -rtc /opt/core/*.sh ${BUILDER_PATH}/ 89 | rsync -rtc /opt/core/*.sh ${BUILDER_PATH}/root/ 90 | 91 | # Wait for dnsmasq service to start 92 | while (! docker ps | grep esp-dnsmasq > /dev/null 2>&1 ); do 93 | echo "Waiting for dnsmasq to start"; 94 | sleep 1; 95 | done 96 | 97 | ./build.sh -C -S -g -n && \ 98 | echo "Watching for changes in ${BUILDER_PATH}/conf/config.yml" && \ 99 | inotifywait -e modify -m ${BUILDER_PATH}/conf/ | 100 | while read -r directory events filename; do 101 | if [ "${filename}" == "config.yml" ]; then 102 | echo "${BUILDER_PATH}/conf/config.yml has changed. Restarting services" 103 | # Sleeping for user to run build manually 104 | sleep 15 105 | ./build.sh -C -S -g && \ 106 | docker restart $(docker ps | grep esp-dnsmasq | awk '{print $1}') 107 | fi 108 | done 109 | else 110 | # ESP was built and started from this system. This container skips all above steps as the user will use ./build.sh manually. 111 | echo "Watching for changes in ${BUILDER_PATH}/conf/config.yml" 112 | inotifywait -e modify -m ${BUILDER_PATH}/conf/ | 113 | while read -r directory events filename; do 114 | if [ "${filename}" == "config.yml" ]; then 115 | echo "${BUILDER_PATH}/conf/config.yml has changed." 116 | fi 117 | done 118 | fi 119 | -------------------------------------------------------------------------------- /conf/config.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | # Copyright (C) 2019 Intel Corporation 4 | # SPDX-License-Identifier: BSD-3-Clause 5 | 6 | # If omitted, the build script automatically sets the first 7 | # three octets (x.x.x.1) by inspecting an arbitrary outbound IP route. 8 | # This default behavior may not work if your network 9 | # is not a /24, so make sure to specify here if needed. 10 | 11 | # The following are optional and automatically discovered 12 | # dhcp_range_minimum: 192.168.1.100 13 | # dhcp_range_maximum: 192.168.1.250 14 | # network_broadcast_ip: 192.168.1.255 15 | # network_gateway_ip: 192.168.1.1 16 | 17 | # If omitted, host_ip is automatically determined 18 | # host_ip: 192.168.1.11 19 | 20 | # If omitted, defaults to 8.8.8.8 21 | # Note that the primary DNS is always host_ip 22 | 23 | # network_dns_primary: 8.8.4.4 24 | # network_dns_secondary: 8.8.8.8 25 | 26 | # Let's Encrypt Certificates TLS for Web Services 27 | # letsencrypt_enabled: true 28 | # letsencrypt_email: email@example.com 29 | # This specifies that you agree to ACME’s Subscriber Agreement. 30 | # letsencrypt_agree_to: true 31 | # This tells Certbot that you do not wish to share your email with the Electronic Frontier Foundation (EFF). 32 | # letsencrypt_no_eff_email: true 33 | # This tells Certbot that you would like to use Let’s Encrypt’s staging environment to obtain test certificates. 34 | # letsencrypt_staging: false 35 | 36 | # If ommited, the default ethernet interface is used. 37 | # BE AWARE: ESP will set up a dnsmasq service. Any other dnsmasq service have 38 | # to be stopped or bound to a different device as the one you 39 | # configure below. 40 | # Alternativly, you can use iptables to address this as well. That is 41 | # out of scope for this application 42 | 43 | # interface: enp2s0 44 | 45 | # remote_logging_server is the remote Fluent-Bit instance which collects logs of provisioning process. Must be an FQDN or IP Address. 46 | # remote_logging_service_uri is the remote Fluent-Bit instance URI path for collection. Defaults to "edgenode_provisioning" 47 | # To disable fluent logging service in ESP, set "disable_fluent_logging: true" in the below section. 48 | 49 | # remote_logging_server: (must be an FQDN or IP Address) 50 | # remote_logging_service_uri: (path to receiving service) 51 | 52 | # This section is used to enable dynamic profile association. Please read the instructions on 53 | # how to use here: https://github.com/intel/Edge-Software-Provisioner#dynamic-profile 54 | # You can modify the file conf/dynamic_profiles.json or place this on github location. After 55 | # pxe boot, the ESP uOS will get the desired parameters from the hardware, send it back to the 56 | # intel/esp-dyn-profile service, which will then provide the desired profile location 57 | 58 | # dynamic_profile: 59 | # enabled: true 60 | # url: "" 61 | # user: "" 62 | # token: "" 63 | 64 | # This section is used to enable the support to assign fixed ip addresses based on mac addresses. 65 | # The template array below shows how it should be configured. The dnsmasq.conf file of ESP will 66 | # then be adapted to have the "dhcp-host" entries. 67 | 68 | # ip_mapping: 69 | # - mac: 00:11:22:33:44:55 70 | # ip: 192.168.100.200 71 | # - mac: 01:12:23:24:25:26 72 | # ip: 192.168.100.220 73 | 74 | # This section is used to disable services not being used. By default they are all enabled. 75 | # disable_uos_wifi: false 76 | # disable_gitea: false 77 | # disable_aws_cli: false 78 | # disable_qemu: false 79 | # disable_smb: false 80 | # disable_dnsmasq: false 81 | # disable_dyn_profile: false 82 | disable_fluent_logging: true 83 | 84 | # This is for airgap condition,profiles in local 85 | # airgapped_mode: true 86 | 87 | # Please make sure to define ALL of the variables below, even if they 88 | # are empty. Otherwise, this application will not be configured properly. 89 | profiles: 90 | 91 | - git_remote_url: https://github.com/intel/esp-profile-clearlinux.git 92 | profile_branch: slim 93 | profile_base_branch: master 94 | git_username: "" 95 | git_token: "" 96 | # This is the name that will be shown on the PXE menu (NOTE: No Spaces) 97 | name: Clear_Linux 98 | custom_git_arguments: --depth=1 99 | 100 | - git_remote_url: https://github.com/intel/esp-profile-clearlinux.git 101 | profile_branch: desktop 102 | profile_base_branch: master 103 | git_username: "" 104 | git_token: "" 105 | # This is the name that will be shown on the PXE menu (NOTE: No Spaces) 106 | name: Clear_Linux_Desktop 107 | custom_git_arguments: --depth=1 108 | 109 | - git_remote_url: https://github.com/intel/esp-profile-ubuntu.git 110 | profile_branch: slim 111 | profile_base_branch: master 112 | git_username: "" 113 | git_token: "" 114 | # This is the name that will be shown on the PXE menu (NOTE: No Spaces) 115 | name: Ubuntu_22.04 116 | custom_git_arguments: --depth=1 117 | 118 | - git_remote_url: https://github.com/intel/esp-profile-ubuntu.git 119 | profile_branch: desktop 120 | profile_base_branch: master 121 | git_username: "" 122 | git_token: "" 123 | # This is the name that will be shown on the PXE menu (NOTE: No Spaces) 124 | name: Ubuntu_22.04_Desktop 125 | custom_git_arguments: --depth=1 126 | -------------------------------------------------------------------------------- /dockerfiles/dyn-profile/profile_service.go: -------------------------------------------------------------------------------- 1 | // Copyright (C) 2021 Intel Corporation 2 | // SPDX-License-Identifier: BSD-3-Clause 3 | 4 | package main 5 | 6 | import ( 7 | "encoding/json" 8 | "fmt" 9 | "io/ioutil" 10 | "log" 11 | "net/http" 12 | "os" 13 | "os/exec" 14 | "strings" 15 | "bufio" 16 | "errors" 17 | ) 18 | 19 | type Hardwares struct { 20 | Hardwares []Hardware `json:"hardwares"` 21 | } 22 | 23 | type Hardware struct { 24 | ID string `json:"id"` 25 | CPU string `json:"cpu"` 26 | MacAddress string `json:"mac"` 27 | Profile string `json:"profile"` 28 | ProfileUrl string `json:"profileUrl"` 29 | BaseBranch string `json:"baseprofileUrl"` 30 | BootUrl string `json:"booturl"` 31 | KernelArgs string `json:"kernelargs"` 32 | } 33 | 34 | var hardwares Hardwares 35 | var ipAddr string 36 | var profileDir string 37 | var profileUser string 38 | var profileToken string 39 | 40 | 41 | func httpHandler(w http.ResponseWriter, r *http.Request) { 42 | var hw Hardware 43 | var js []byte 44 | w.Header().Set("Content-Type", "application/json") 45 | switch r.Method { 46 | case "GET": 47 | getHardwareStruct() 48 | js, _ = json.Marshal(&hardwares) 49 | w.WriteHeader(http.StatusOK) 50 | w.Write(js) 51 | case "POST": 52 | var stat int = 404 53 | getHardwareStruct() 54 | json.NewDecoder(r.Body).Decode(&hw) 55 | for _, v := range hardwares.Hardwares { 56 | if strings.ToLower(v.MacAddress) == strings.ToLower(hw.MacAddress) { 57 | data := make(map[string]interface{}) 58 | data["url"] = v.BootUrl 59 | data["basebranch"] = v.BaseBranch 60 | data["kernelParams"] = v.KernelArgs 61 | js, _ = json.Marshal(data) 62 | stat = http.StatusOK 63 | break 64 | } 65 | } 66 | w.WriteHeader(stat) 67 | if stat == http.StatusOK { 68 | w.Write(js) 69 | } 70 | } 71 | } 72 | 73 | func getHardwareInfoFile() (error) { 74 | 75 | var err error 76 | if strings.HasPrefix(profileDir,"http") { 77 | cmd := exec.Command("curl","-L", "--user", profileUser+":"+profileToken, profileDir, "-o", "/data/hardware.json") 78 | err = cmd.Run() 79 | } else if strings.HasPrefix(profileDir,"/") { 80 | cmd := exec.Command("cp", profileDir, "/data/hardware.json") 81 | err = cmd.Run() 82 | } else { 83 | log.Println("Invalid location for downloading hardware profile information") 84 | err = errors.New("Invalid download location for hardwre profiles!") 85 | } 86 | 87 | return err 88 | } 89 | 90 | func getHardwareStruct() (error) { 91 | err := getHardwareInfoFile() 92 | if err != nil { 93 | return err 94 | } 95 | jsonFile, err := os.Open("/data/hardware.json") 96 | if err != nil { 97 | log.Println("Error opening json file:" +err.Error()) 98 | return err 99 | } 100 | byteValue, _ := ioutil.ReadAll(jsonFile) 101 | if err := json.Unmarshal(byteValue, &hardwares); err != nil { 102 | log.Println("Error getting json details:" +err.Error()) 103 | return err 104 | } 105 | defer jsonFile.Close() 106 | 107 | baseUrl := "http://" +ipAddr + "/profile/" 108 | for i := 0; i < len(hardwares.Hardwares); i++ { 109 | hardwares.Hardwares[i].ProfileUrl = baseUrl + hardwares.Hardwares[i].Profile 110 | hardwares.Hardwares[i].BootUrl = hardwares.Hardwares[i].ProfileUrl + "/bootstrap.sh" 111 | cmd := exec.Command("wget", "--spider", "--no-proxy", hardwares.Hardwares[i].BootUrl) 112 | err := cmd.Run() 113 | if err != nil { 114 | log.Println("no profile " + hardwares.Hardwares[i].BootUrl + " found on server") 115 | return err 116 | } 117 | cmd = exec.Command("wget", "--spider", "--no-proxy", hardwares.Hardwares[i].ProfileUrl+"_base/pre.sh") 118 | err = cmd.Run() 119 | if err != nil { 120 | log.Println("no base branch for " + hardwares.Hardwares[i].ProfileUrl + " found on server, leave that empty") 121 | } else { 122 | hardwares.Hardwares[i].BaseBranch = hardwares.Hardwares[i].ProfileUrl+"_base" 123 | } 124 | confFileUrl := hardwares.Hardwares[i].ProfileUrl+"/conf/config.yml" 125 | fmt.Println("ConfigFileUrl: "+confFileUrl) 126 | cmd = exec.Command("wget", "--no-proxy", confFileUrl) 127 | err = cmd.Run() 128 | if err != nil { 129 | log.Println("config file not found for profile " + hardwares.Hardwares[i].Profile) 130 | return err 131 | } 132 | confFile, err := os.Open("config.yml") 133 | if err != nil { 134 | log.Println("error opening config file") 135 | return err 136 | } 137 | defer confFile.Close() 138 | scanner := bufio.NewScanner(confFile) 139 | for scanner.Scan() { 140 | line := string(scanner.Text()) 141 | if strings.HasPrefix(line,"kernel_arguments:") == true { 142 | hardwares.Hardwares[i].KernelArgs = strings.ReplaceAll(line,"kernel_arguments:","") 143 | log.Println("Kernel args:" + hardwares.Hardwares[i].KernelArgs) 144 | } 145 | } 146 | cmd = exec.Command("rm","config.yml") 147 | cmd.Run() 148 | } 149 | return nil 150 | } 151 | 152 | func main() { 153 | ipAddr = os.Getenv("host_ip") 154 | profileDir = os.Getenv("dyn_url") 155 | profileUser = os.Getenv("dyn_url_user") 156 | profileToken = os.Getenv("dyn_url_token") 157 | 158 | log.Println("profileDir: "+profileDir) 159 | log.Println("profileUser: "+profileUser) 160 | log.Println("profileToken: "+profileToken) 161 | log.Println("hostip: "+ipAddr) 162 | 163 | http.HandleFunc("/hardwares", httpHandler) 164 | log.Println("Listening on localhost:8080") 165 | log.Println(http.ListenAndServe(":8080", nil)) 166 | } 167 | -------------------------------------------------------------------------------- /vpxe.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright (C) 2020 Intel Corporation 4 | # SPDX-License-Identifier: BSD-3-Clause 5 | 6 | set -u 7 | 8 | if [[ $(id -u) -ne 0 ]]; then 9 | echo -e "\e[1m\e[31;1m Please run this script as root \e[0m" 10 | exit 1 11 | fi 12 | 13 | # If running from within container change to builder directory 14 | if [ "${BUILDER_PATH:=}" != "" ]; then 15 | cd ${BUILDER_PATH} 16 | fi 17 | 18 | source "scripts/textutils.sh" 19 | source "scripts/fileutils.sh" 20 | source "scripts/bulkfileutils.sh" 21 | source "scripts/profileutils.sh" 22 | source "scripts/pxemenuutils.sh" 23 | source "scripts/templateutils.sh" 24 | if [ -f ".env" ]; then 25 | source ".env" 26 | fi 27 | 28 | printHelp() { 29 | printMsg "\n Main ${T_BOLD}${C_BLUE}Virtual PXE Script${T_RESET}" 30 | printMsg " You can specify one the following options:" 31 | printMsg " ${T_BOLD}-d${T_RESET}, --disk-size A numeric valude is valid measured in gigabytes. Defaults to '10'." 32 | printMsg " ${T_BOLD}-f${T_RESET}, --disk-format Valid input value is [ qcow2 | vdi | vmdk | vpc | vhdx | parallels ]. Defaults to 'qcow2'." 33 | printMsg " ${T_BOLD}-m${T_RESET}, --memory-size A numeric value is valid measured in megabytes. Defaults to '2048'." 34 | printMsg " ${T_BOLD}-b${T_RESET}, --bios Valid input value is [ efi ] or leave empty. Defaults to empty value." 35 | printMsg " ${T_BOLD}-o${T_RESET}, --output Valid input value is [ file | container ]. Defaults to 'file'." 36 | printMsg " ${T_BOLD}-p${T_RESET}, --profile Enter the profile name to build." 37 | printMsg " ${T_BOLD}-n${T_RESET}, --skip-net Skips network autodetection and verification" 38 | printMsg " ${T_BOLD}-h${T_RESET}, --help Show this help dialog" 39 | printMsg "" 40 | printMsg " Usage: $0" 41 | printMsg "" 42 | exit 0 43 | } 44 | 45 | export DISK_SIZE="10" 46 | export DISK_FORMAT="qcow2" 47 | export MEMORY="2048" 48 | export OUTPUT="file" 49 | export VERBOSE="false" 50 | export BIOS="" 51 | export SINGLE_PROFILE="" 52 | export SKIP_NET="false" 53 | while (( "$#" )); do 54 | case "$1" in 55 | "-d" | "--disk-size" ) export DISK_SIZE=$2 56 | shift 2;; 57 | "-f" | "--disk-format" ) export DISK_FORMAT=$2 58 | shift 2;; 59 | "-m" | "--memory-size" ) export MEMORY=$2 60 | shift 2;; 61 | "-b" | "--bios" ) export BIOS=$2 62 | shift 2;; 63 | "-o" | "--output" ) export OUTPUT=$2 64 | shift 2;; 65 | "-p" | "--profile" ) export SINGLE_PROFILE=$2 66 | shift 2;; 67 | "-v" | "--verbose" ) export VERBOSE="true" 68 | shift 1;; 69 | "-n" | "--skip-net" ) export SKIP_NET="true" 70 | shift 1;; 71 | "-h" | "--help" ) printHelp;; 72 | "--" ) # end argument parsing 73 | shift 74 | break;; 75 | -* | --*= ) # unsupported flags 76 | echo "Error: Unsupported flag $1" >&2 77 | exit 1;; 78 | * ) # preserve positional arguments 79 | PARAMS="$PARAMS $1" 80 | shift;; 81 | esac 82 | done 83 | 84 | validateInput numeric "${DISK_SIZE}" "'--disk-size' value is not a valid numeric value: ${DISK_SIZE}" 85 | validateInput custom "${DISK_FORMAT}" "'--disk-format' value is not a valid value [qcow2|vdi|vmdk|vpc|vhdx|parallels]: ${DISK_FORMAT}" "^(qcow2|vdi|vmdk|vpc|vhdx|parallels)$" 86 | validateInput numeric "${MEMORY}" "'--memory-size' value is not a valid numeric value: ${MEMORY}" 87 | validateInput custom "${OUTPUT}" "'--output' value is not a valid value [file|container]: ${OUTPUT}" "^(file|container)$" 88 | 89 | if [ $(grep MemTotal /proc/meminfo | awk '{print $2}') -lt 3145728 ]; then 90 | printErrMsg " There is not enough memory available for Virtual PXE. This system needs 3G or more of RAM." 91 | fi 92 | 93 | # Incorporate proxy preferences 94 | if [ "${HTTP_PROXY+x}" != "" ]; then 95 | export DOCKER_BUILD_ARGS="--build-arg http_proxy='${http_proxy}' --build-arg https_proxy='${https_proxy}' --build-arg HTTP_PROXY='${HTTP_PROXY}' --build-arg HTTPS_PROXY='${HTTPS_PROXY}' --build-arg NO_PROXY='${NO_PROXY}' --build-arg no_proxy='${no_proxy}'" 96 | export DOCKER_RUN_ARGS="--env http_proxy='${http_proxy}' --env https_proxy='${https_proxy}' --env HTTP_PROXY='${HTTP_PROXY}' --env HTTPS_PROXY='${HTTPS_PROXY}' --env NO_PROXY='${NO_PROXY}' --env no_proxy='${no_proxy}'" 97 | export AWS_CLI_PROXY="export http_proxy='${http_proxy}'; export https_proxy='${https_proxy}'; export HTTP_PROXY='${HTTP_PROXY}'; export HTTPS_PROXY='${HTTPS_PROXY}'; export NO_PROXY='${NO_PROXY}'; export no_proxy='${no_proxy}';" 98 | else 99 | export DOCKER_BUILD_ARGS="" 100 | export DOCKER_RUN_ARGS="" 101 | export AWS_CLI_PROXY="" 102 | fi 103 | 104 | printMsg "\n-------------------------" 105 | printMsg " ${T_BOLD}${C_BLUE}Welcome to Virtual PXE${T_RESET}" 106 | printMsg "-------------------------" 107 | logMsg "Welcome to Virtual PXE" 108 | parseConfig 109 | if [[ "${SKIP_NET}" == "true" ]]; then 110 | printBanner "Skipping ${C_GREEN}Network Config Check..." 111 | logMsg "Skipping Network Config Check..." 112 | else 113 | printBanner "Checking ${C_GREEN}Network Config..." 114 | logMsg "Checking Network Config..." 115 | fi 116 | verifyNetworkConfig 117 | printMsg "" 118 | printMsg "" 119 | 120 | if [ -z "${SINGLE_PROFILE}" ]; then 121 | # Begin the process of generating Virtual PXE Menu 122 | logMsg "Generating Virtual PXE Menu" 123 | profilesActions genProfileVirtualPxeMenu 124 | echo " q) Quit" 125 | echo "" 126 | read -p 'Select the Profile Number: ' selected_profile 127 | if [ ${selected_profile} = "q" ]; then exit; fi 128 | validateInput numeric "${selected_profile}" "Input value is not a valid numeric value: ${selected_profile}" 129 | else 130 | selected_profile=$(profilesActions getProfileNumber) 131 | fi 132 | 133 | bootProfile genProfileVirtualPxeBoot ${selected_profile} 134 | -------------------------------------------------------------------------------- /template/dnsmasq/dnsmasq.conf: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2019 Intel Corporation 2 | # SPDX-License-Identifier: BSD-3-Clause 3 | 4 | # This file is automatically generated. 5 | 6 | # Listen on this specific port instead of the standard DNS port 7 | # (53). Setting this to zero completely disables DNS function, 8 | # leaving only DHCP and/or TFTP. 9 | port=0 10 | 11 | # Set this (and domain: see below) if you want to have a domain 12 | # automatically added to simple names in a hosts-file. 13 | expand-hosts 14 | 15 | # Set the domain for dnsmasq. this is optional, but if it is set, it 16 | # does the following things. 17 | # 1) Allows DHCP hosts to have fully qualified domain names, as long 18 | # as the domain part matches this setting. 19 | # 2) Sets the "domain" DHCP option thereby potentially setting the 20 | # domain of all systems configured by DHCP 21 | # 3) Provides the domain part for "expand-hosts" 22 | domain=builder.local 23 | 24 | # Define the network interface which should be used by ESP. This interface 25 | # will then act as the Gateway for the targets. All targets will get an IP 26 | # in the same address range as the chosen interface. If no interface is 27 | # selected, ESP will use the default interface. The interface is selected 28 | # via the config.yml file 29 | @@INTERFACE_BINDING@@ 30 | 31 | # Define a list of static mac address to IP Address 32 | @@IP_MAPPING@@ 33 | 34 | # Enable the integrated DHCP server, you need 35 | # to supply the range of addresses available for lease 36 | #dhcp-range=@@DHCP_MIN@@,@@DHCP_MAX@@,6h 37 | dhcp-range=@@DHCP_RANGE@@ 38 | 39 | # Override the default route supplied by dnsmasq, which assumes the 40 | # router is the same machine as the one running dnsmasq. 41 | dhcp-option=3,@@NETWORK_GATEWAY_IP@@ 42 | 43 | # set dns name servers 44 | dhcp-option=6,@@NETWORK_DNS_PRIMARY@@,@@NETWORK_DNS_SECONDARY@@ 45 | 46 | # network broadcast 47 | dhcp-option=28,@@NETWORK_BROADCAST_IP@@ 48 | 49 | # NTP server, default to this machine 50 | # dhcp-option=42,0.0.0.0 51 | 52 | # Type Architecture Name 53 | # ---- ----------------- 54 | # 0 Intel x86PC 55 | # 1 NEC/PC98 56 | # 2 EFI Itanium 57 | # 3 DEC Alpha 58 | # 4 Arc x86 59 | # 5 Intel Lean Client 60 | # 6 EFI IA32 61 | # 7 EFI BC 62 | # 8 EFI Xscale 63 | # 9 EFI x86-64 64 | 65 | # Serve out legacy binaries to legacy PXE clients 66 | dhcp-match=set:x86PC,option:client-arch,0 67 | # dhcp-boot=tag:legacy,pxelinux.0 68 | dhcp-boot=tag:x86PC,ipxe/legacy/undionly.kpxe 69 | 70 | # Serve out UEFI-compatible binaries to UEFI32 PXE clients 71 | dhcp-match=set:IA32_EFI,option:client-arch,6 72 | # dhcp-boot=tag:uefi32,efi32/syslinux.efi 73 | dhcp-boot=tag:IA32_EFI,ipxe/efi32/ipxe.efi 74 | 75 | # Serve out UEFI-compatible binaries to UEFI64 PXE clients 76 | dhcp-match=set:BC_EFI,option:client-arch,7 77 | dhcp-match=set:X86-64_EFI,option:client-arch,9 78 | dhcp-boot=tag:BC_EFI,ipxe/efi64/ipxe.efi 79 | dhcp-boot=tag:X86-64_EFI,ipxe/efi64/ipxe.efi 80 | 81 | # Serve out UEFI HTTPClient Boot 82 | dhcp-pxe-vendor=PXEClient,HTTPClient:Arch:00016 83 | dhcp-vendorclass=set:X86-64_EFI,HTTPClient:Arch:00016 84 | dhcp-option-force=tag:X86-64_EFI,60,HTTPClient 85 | dhcp-boot=tag:X86-64_EFI,"http://@@HOST_IP@@/tftp/ipxe/efi64/ipxe.efi" 86 | 87 | # Fallback to telling all other clients to boot 88 | dhcp-boot=tag:!X86-64_EFI,tag:!BC_EFI,tag:!IA32_EFI,ipxe/legacy/undionly.kpxe 89 | 90 | # Enable ipxe menu 91 | dhcp-match=set:ipxe,175 92 | dhcp-userclass=set:ipxe,iPXE 93 | dhcp-boot=tag:ipxe,http://@@HOST_IP@@/menu.ipxe 94 | 95 | # PXE Service 96 | # @@PXE_COMMENT@@pxe-prompt="Select PXE Boot Type:", 5 97 | # x86PC gets rom from above matches 98 | # @@PXE_COMMENT@@pxe-service=x86PC, "PXELINUX (0000-Intel x86PC)", "ipxe/legacy/undionly.kpxe" 99 | @@PXE_COMMENT@@pxe-service=PC98, "PXELINUX (0001-NEC/PC98)", "ipxe/legacy/undionly.kpxe" 100 | @@PXE_COMMENT@@pxe-service=IA64_EFI, "PXELINUX (0002-EFI Itanium)", "ipxe/pcbios/ipxe.efi" 101 | @@PXE_COMMENT@@pxe-service=Alpha, "PXELINUX (0003-DEC Alpha)", "ipxe/legacy/undionly.kpxe" 102 | @@PXE_COMMENT@@pxe-service=Arc_x86, "PXELINUX (0004-Arc x86)", "ipxe/legacy/undionly.kpxe" 103 | @@PXE_COMMENT@@pxe-service=Intel_Lean_Client, "PXELINUX (0005-Intel Lean Client)", "ipxe/legacy/undionly.kpxe" 104 | @@PXE_COMMENT@@pxe-service=IA32_EFI, "PXELINUX (0006-EFI IA32)", "ipxe/efi32/ipxe.efi" 105 | @@PXE_COMMENT@@pxe-service=BC_EFI, "PXELINUX (0007-EFI BC)", "ipxe/efi64/ipxe.efi" 106 | @@PXE_COMMENT@@pxe-service=Xscale_EFI, "PXELINUX (0008-EFI Xscale)", "ipxe/efi64/ipxe.efi" 107 | @@PXE_COMMENT@@pxe-service=X86-64_EFI, "PXELINUX (0009-EFI x86-64)", "ipxe/efi64/ipxe.efi" 108 | @@PXE_COMMENT@@pxe-service=ARM64_EFI, "PXELINUX (00011-EFI ARM-64)", "ipxe/arm64/ipxe.efi" 109 | 110 | @@PXE_COMMENT@@pxe-service=tag:ipxe, BC_EFI, "iPXE Menu", "http://@@HOST_IP@@/menu.ipxe" 111 | @@PXE_COMMENT@@pxe-service=tag:ipxe, X86-64_EFI, "iPXE Menu", "http://@@HOST_IP@@/menu.ipxe" 112 | @@PXE_COMMENT@@pxe-service=tag:ipxe, x86PC, "iPXE Menu", "http://@@HOST_IP@@/menu.ipxe" 113 | 114 | # PXELINUX: Previous method 115 | # @@PXE_COMMENT@@pxe-service=x86PC, "PXELINUX (BIOS HTTP)", "lpxelinux.0" 116 | # @@PXE_COMMENT@@pxe-service=x86PC, "PXELINUX (BIOS TFTP)", "legacy/pxelinux.0" 117 | # @@PXE_COMMENT@@pxe-service=IA32_EFI, "PXELINUX (EFI IA32)", "efi32/syslinux.efi" 118 | # @@PXE_COMMENT@@pxe-service=X86-64_EFI, "PXELINUX (EFI x86-64)", "efi64/syslinux.efi" 119 | # @@PXE_COMMENT@@pxe-service=BC_EFI, "PXELINUX (EFI BC)", "efi64/syslinux.efi" 120 | 121 | # @@PXE_COMMENT@@pxe-service=0, "PXELINUX (0000-Intel x86PC)", "lpxelinux.0" 122 | # @@PXE_COMMENT@@pxe-service=0, "PXELINUX (0000-Intel x86PC TFTP)", "legacy/pxelinux.0" 123 | # @@PXE_COMMENT@@pxe-service=1, "PXELINUX (0001-NEC/PC98)", "lpxelinux.0" 124 | # @@PXE_COMMENT@@pxe-service=2, "PXELINUX (0002-EFI Itanium)", "efi32/syslinux.efi" 125 | # @@PXE_COMMENT@@pxe-service=3, "PXELINUX (0003-DEC Alpha)", "lpxelinux.0" 126 | # @@PXE_COMMENT@@pxe-service=4, "PXELINUX (0004-Arc x86)", "lpxelinux.0" 127 | # @@PXE_COMMENT@@pxe-service=5, "PXELINUX (0005-Intel Lean Client)", "lpxelinux.0" 128 | # @@PXE_COMMENT@@pxe-service=6, "PXELINUX (0006-EFI IA32)", "efi32/syslinux.efi" 129 | # @@PXE_COMMENT@@pxe-service=7, "PXELINUX (0007-EFI BC)", "efi64/syslinux.efi" 130 | # @@PXE_COMMENT@@pxe-service=8, "PXELINUX (0008-EFI Xscale)", "efi64/syslinux.efi" 131 | # @@PXE_COMMENT@@pxe-service=9, "PXELINUX (0009-EFI x86-64)", "efi64/syslinux.efi" 132 | 133 | # Enable dnsmasq's built-in TFTP server 134 | enable-tftp 135 | 136 | # Set the root directory for files available via FTP. 137 | tftp-root=/srv/tftp 138 | 139 | # Execute the following command when ever a system requests an IP address 140 | # Example execution: /path/to/command add 3c:a4:44:68:f6:AB 10.1.1.198 141 | # dhcp-script /path/to/command -------------------------------------------------------------------------------- /run.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright (C) 2019 Intel Corporation 4 | # SPDX-License-Identifier: BSD-3-Clause 5 | 6 | set -u 7 | 8 | if [[ $(id -u) -ne 0 ]]; then 9 | echo -e "\e[1m\e[31;1m Please run this script as root \e[0m" 10 | exit 1 11 | fi 12 | 13 | source "scripts/textutils.sh" 14 | source "scripts/fileutils.sh" 15 | 16 | printHelp() { 17 | printMsg "\n ${T_BOLD}${C_BLUE}Run Script${T_RESET}" 18 | printMsg " This script simply starts (or restarts) the containers in the docker-compose.yml file." 19 | printMsg " If this is your first time deploying, please use ${T_BOLD}${C_YELLOW}build.sh${T_RESET} first." 20 | printMsg " Running this script without any arguments will safely attempt " 21 | printMsg " to bring up all containers without any downtime." 22 | printMsg "" 23 | printMsg " You can specify one the following options:" 24 | printMsg " ${T_BOLD}-m${T_RESET}, --no-dnsmasq Dnsmasq service will not be started (no DHCP or PXE)" 25 | printMsg " ${T_BOLD}-f${T_RESET}, --force Will forceably stop & re-create the containers" 26 | printMsg " ${T_BOLD}-r${T_RESET}, --restart Will only restart the containers" 27 | printMsg " ${T_BOLD}-d${T_RESET}, --down Will stop all containers and cleanup excess mounts" 28 | printMsg " ${T_BOLD}-n${T_RESET}, --no-tail-logs Do not tail the containers' logs after completion (default is to tail)" 29 | printMsg " ${T_BOLD}-D${T_RESET}, --dynamic RUN ESP with dynamic profile support, if included in build" 30 | printMsg " ${T_BOLD}-h${T_RESET}, --help Show this help dialog" 31 | printMsg "" 32 | printMsg " Usage: ./run.sh" 33 | printMsg "" 34 | exit 0 35 | } 36 | 37 | NO_DNSMASQ="false" 38 | FORCE_RECREATE="false" 39 | FORCE_RESTART="false" 40 | DOWN="false" 41 | NO_TAIL_LOGS="false" 42 | 43 | # export HOSTNAME to make docker-compose can read it 44 | export HOSTNAME="$(hostname)" 45 | 46 | for var in "$@"; do 47 | case "${var}" in 48 | "-m" | "--no-dnsmasq" ) NO_DNSMASQ="true";; 49 | "-f" | "--force" ) FORCE_RECREATE="true";; 50 | "-r" | "--restart" ) FORCE_RESTART="true";; 51 | "-d" | "--down" ) DOWN="true";; 52 | "-n" | "--no-tail-logs" ) NO_TAIL_LOGS="true";; 53 | "-h" | "--help" ) printHelp;; 54 | esac 55 | done 56 | 57 | printMsg "\n-------------------------" 58 | printMsg " ${T_BOLD}${C_BLUE}Welcome${T_RESET}" 59 | printMsg "-------------------------" 60 | logMsg "Welcome to the builder host run script" 61 | 62 | parseConfig 63 | 64 | if [[ "${DOWN}" == "true" ]]; then 65 | printDatedInfoMsg "Stopping containers..." 66 | logMsg "run.sh down containers" 67 | sleep 1 68 | if podman -v >/dev/null 2>&1; then 69 | scripts/espctl.sh down 70 | else 71 | docker-compose down 72 | fi 73 | PWD=$(pwd) 74 | umount template/pxe_bg.png -l >/dev/null 2>&1 75 | umount data/srv/tftp/images -l >/dev/null 2>&1 76 | umount data/srv/tftp/pxelinux.cfg -l >/dev/null 2>&1 77 | umount data/srv/tftp/pxelinux.cfg_legacy -l >/dev/null 2>&1 78 | umount data/usr/share/nginx/html/tftp -l >/dev/null 2>&1 79 | sync >/dev/null 2>&1 80 | exit 81 | fi 82 | 83 | if [[ "${FORCE_RESTART}" == "true" ]]; then 84 | printDatedInfoMsg "Restarting containers..." 85 | logMsg "run.sh restarting containers" 86 | if podman -v >/dev/null 2>&1; then 87 | scripts/espctl.sh restart 88 | else 89 | docker-compose restart 90 | fi 91 | else 92 | if [[ "${FORCE_RECREATE}" == "true" ]]; then 93 | printDatedInfoMsg "Stopping containers..." 94 | logMsg "run.sh force-recreating containers" 95 | sleep 1 96 | if podman -v >/dev/null 2>&1; then 97 | scripts/espctl.sh down 98 | else 99 | docker-compose down 100 | fi 101 | PWD=$(pwd) 102 | umount template/pxe_bg.png -l >/dev/null 2>&1 103 | umount data/srv/tftp/images -l >/dev/null 2>&1 104 | umount data/srv/tftp/pxelinux.cfg -l >/dev/null 2>&1 105 | umount data/srv/tftp/pxelinux.cfg_legacy -l >/dev/null 2>&1 106 | umount data/usr/share/nginx/html/tftp -l >/dev/null 2>&1 107 | sync >/dev/null 2>&1 108 | fi 109 | 110 | if [[ "${builder_config_disable_dnsmasq-false}" == "false" ]]; then 111 | if [[ "${NO_DNSMASQ}" == "false" ]]; then 112 | printDatedInfoMsg "Starting dnsmasq container..." 113 | logMsg "run.sh bringing up containers" 114 | if podman -v >/dev/null 2>&1; then 115 | scripts/espctl.sh up dnsmasq 116 | else 117 | docker-compose up -d dnsmasq 118 | fi 119 | printDatedInfoMsg "Waiting a moment before starting the remaining containers..." 120 | sleep 3 121 | fi 122 | fi 123 | 124 | if podman -v >/dev/null 2>&1; then 125 | scripts/espctl.sh up --no-dnsmasq 126 | else 127 | DOCKER_COMPOSE_SERVICES="core web registry-mirror squid" 128 | if [[ "${builder_config_letsencrypt_enabled-false}" == "true" ]]; then 129 | DOCKER_COMPOSE_SERVICES="${DOCKER_COMPOSE_SERVICES} certbot" 130 | fi 131 | if [[ "${builder_config_disable_gitea-false}" == "false" ]]; then 132 | DOCKER_COMPOSE_SERVICES="${DOCKER_COMPOSE_SERVICES} mirror" 133 | fi 134 | if [[ "${builder_config_disable_smb-false}" == "false" ]]; then 135 | DOCKER_COMPOSE_SERVICES="${DOCKER_COMPOSE_SERVICES} smb" 136 | fi 137 | if [[ "${builder_config_dynamic_profile__enabled-x}" == "true" ]]; then 138 | DOCKER_COMPOSE_SERVICES="${DOCKER_COMPOSE_SERVICES} dyn-profile" 139 | fi 140 | if [[ "${builder_config_disable_fluent_logging-true}" == "false" ]]; then 141 | DOCKER_COMPOSE_SERVICES="${DOCKER_COMPOSE_SERVICES} logging-server" 142 | fi 143 | docker-compose up -d ${DOCKER_COMPOSE_SERVICES} 144 | fi 145 | fi 146 | 147 | if [[ "${NO_TAIL_LOGS}" == "true" ]]; then 148 | printBanner "${C_GREEN}Intel Edge Software Provisioner is up!" 149 | else 150 | printBanner "${C_GREEN}Following Logs..." 151 | printMsg "" 152 | printMsg "${T_BOLD}It is safe to press CTRL+C at any time to stop following logs.${T_RESET}" 153 | printMsg "" 154 | 155 | # Give the user a moment to read the above message before tailing logs. 156 | printMsgNoNewline "." 157 | sleep 1 158 | printMsgNoNewline "." 159 | sleep 1 160 | printMsgNoNewline "." 161 | sleep 1 162 | printMsg "" 163 | 164 | if podman -v >/dev/null 2>&1; then 165 | ./scripts/espctl.sh logs -f 166 | else 167 | docker-compose logs -f 168 | fi 169 | fi 170 | -------------------------------------------------------------------------------- /makeusb.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright (C) 2021 Intel Corporation 4 | # SPDX-License-Identifier: BSD-3-Clause 5 | 6 | set -u 7 | 8 | if [[ $(id -u) -ne 0 ]]; then 9 | echo -e "\e[1m\e[31;1m Please run this script as root \e[0m" 10 | exit 1 11 | fi 12 | 13 | # If running from within container change to builder directory 14 | if [ "${BUILDER_PATH:=}" != "" ]; then 15 | cd ${BUILDER_PATH} 16 | fi 17 | 18 | source "scripts/textutils.sh" 19 | source "scripts/fileutils.sh" 20 | source "scripts/bulkfileutils.sh" 21 | source "scripts/profileutils.sh" 22 | source "scripts/pxemenuutils.sh" 23 | source "scripts/templateutils.sh" 24 | 25 | if [ -f ".env" ]; then 26 | source ".env" 27 | fi 28 | 29 | printHelp() { 30 | printMsg "\n Main ${T_BOLD}${C_BLUE}Make USB Script${T_RESET}" 31 | printMsg " You can specify one the following options:" 32 | printMsg " ${T_BOLD}-p${T_RESET}, --profile Build USB bootable image for the specified Profile. The image will be located in data/usr/share/nginx/html/usb/(Profile Name)/. If omitted it will build menu system to select a profile from the USB stick." 33 | printMsg " ${T_BOLD}-b${T_RESET}, --bios Set USB bootable stick to legacy BIOS or EFI, valid options [ efi | bios ]. Defaults to efi." 34 | printMsg " ${T_BOLD}-l${T_RESET}, --bootloader Set USB bootable stick bootloader to IPXE or SYSLINUX, valid options [ ipxe | syslinux ]. Defaults to syslinux." 35 | printMsg " ${T_BOLD}-d${T_RESET}, --dev Path to usb devices, for example '/dev/sdc'. WARNING: this will wipe out the target device. If omitted it will provide instructions how to flash a USB device." 36 | printMsg " ${T_BOLD}-m${T_RESET}, --skip-memory Skip system memory check." 37 | printMsg " ${T_BOLD}-n${T_RESET}, --skip-net Skips network autodetection and verification" 38 | printMsg " ${T_BOLD}-g${T_RESET}, --random Generate a random name for the image." 39 | printMsg " ${T_BOLD}-h${T_RESET}, --help Show this help dialog" 40 | printMsg "" 41 | printMsg " Usage: $0 --profile Clear_Linux --bios efi" 42 | printMsg "" 43 | exit 0 44 | } 45 | 46 | export USB_PROFILE="" 47 | export USB_BIOS="efi" 48 | export USB_BOOTLOADER="syslinux" 49 | export USB_DEV="" 50 | export USB_RANDOM="false" 51 | export SKIP_MEMORY="false" 52 | export SKIP_NET="false" 53 | export SINGLE_PROFILE="" 54 | while (( "$#" )); do 55 | case "$1" in 56 | "-p" | "--profile" ) export USB_PROFILE=$2 57 | shift 2;; 58 | "-b" | "--bios" ) export USB_BIOS=$2 59 | shift 2;; 60 | "-l" | "--bootloader" ) export USB_BOOTLOADER=$2 61 | shift 2;; 62 | "-d" | "--dev" ) export USB_DEV=$2 63 | shift 2;; 64 | "-m" | "--skip-memory" ) export SKIP_MEMORY="true" 65 | shift 1;; 66 | "-n" | "--skip-net" ) export SKIP_NET="true" 67 | shift 1;; 68 | "-g" | "--random" ) export USB_RANDOM="true" 69 | shift 1;; 70 | "-v" | "--verbose" ) export VERBOSE="true" 71 | shift 1;; 72 | "-h" | "--help" ) printHelp;; 73 | "--" ) # end argument parsing 74 | shift 75 | break;; 76 | -* | --*= ) # unsupported flags 77 | echo "Error: Unsupported flag $1" >&2 78 | exit 1;; 79 | * ) # preserve positional arguments 80 | PARAMS="$PARAMS $1" 81 | shift;; 82 | esac 83 | done 84 | 85 | if [ -n "${USB_PROFILE}" ]; then 86 | validateInput filename "${USB_PROFILE}" "'--profile' value is not a valid profile name: ${USB_PROFILE}" 87 | fi 88 | validateInput custom "${USB_BIOS}" "'--bios' value is not a valid value [bios|efi]: ${USB_BIOS}" "^(bios|efi)$" 89 | if [ -n "${USB_DEV}" ]; then 90 | validateInput dirname "${USB_DEV}" "'--dev' value is not a valid directory name value: ${USB_DEV}" 91 | fi 92 | 93 | if [[ "${SKIP_MEMORY}" == "false" ]]; then 94 | if [ $(grep MemTotal /proc/meminfo | awk '{print $2}') -lt 3145728 ]; then 95 | printErrMsg " There is not enough memory available for Makeusb.sh. This system needs 3G or more of RAM." 96 | exit 97 | fi 98 | fi 99 | 100 | # Copy flashusb.sh so that is available from the web 101 | cp ./flashusb.sh data/usr/share/nginx/html/ 102 | 103 | # Incorporate proxy preferences 104 | if [ "${HTTP_PROXY+x}" != "" ]; then 105 | export DOCKER_BUILD_ARGS="--build-arg http_proxy='${http_proxy}' --build-arg https_proxy='${https_proxy}' --build-arg HTTP_PROXY='${HTTP_PROXY}' --build-arg HTTPS_PROXY='${HTTPS_PROXY}' --build-arg NO_PROXY='localhost,127.0.0.1'" 106 | export DOCKER_RUN_ARGS="--env http_proxy=${http_proxy} --env https_proxy=${https_proxy} --env HTTP_PROXY=${HTTP_PROXY} --env HTTPS_PROXY=${HTTPS_PROXY} --env NO_PROXY=localhost,127.0.0.1" 107 | export AWS_CLI_PROXY="export http_proxy='${http_proxy}'; export https_proxy='${https_proxy}'; export HTTP_PROXY='${HTTP_PROXY}'; export HTTPS_PROXY='${HTTPS_PROXY}'; export NO_PROXY='localhost,127.0.0.1';" 108 | else 109 | export DOCKER_BUILD_ARGS="" 110 | export DOCKER_RUN_ARGS="" 111 | export AWS_CLI_PROXY="" 112 | fi 113 | 114 | printMsg "\n-------------------------" 115 | printMsg " ${T_BOLD}${C_BLUE}Welcome to Make USB${T_RESET}" 116 | printMsg "-------------------------" 117 | logMsg "Welcome to Make USB" 118 | parseConfig 119 | if [[ "${SKIP_NET}" == "true" ]]; then 120 | printBanner "Skipping ${C_GREEN}Network Config Check..." 121 | logMsg "Skipping Network Config Check..." 122 | else 123 | printBanner "Checking ${C_GREEN}Network Config..." 124 | logMsg "Checking Network Config..." 125 | fi 126 | verifyNetworkConfig 127 | printMsg "" 128 | printMsg "" 129 | 130 | # Verifiy uOS Images are built, if not run build process 131 | if (docker images | grep uos/kernel > /dev/null 2>&1); then 132 | logMsg "uos/kernel is in the local image database." 133 | else 134 | printBanner "Building ${C_GREEN}Micro OS (uOS)..." 135 | logMsg "Building Micro OS (uOS)..." 136 | source "scripts/buildUOS.sh" 137 | fi 138 | 139 | if [[ "${builder_config_disable_uos_wifi-x}" == "true" ]]; then 140 | logMsg "Skipping building Micro OS (uOS)" 141 | else 142 | # Verifiy uOS Images are built, if not run build process 143 | if (docker images | grep uos/wlan > /dev/null 2>&1); then 144 | logMsg "uos/wlan is in the local image database." 145 | else 146 | printBanner "Building ${C_GREEN}Micro OS (uOS)..." 147 | logMsg "Building Micro OS (uOS)..." 148 | source "scripts/buildUOS.sh" 149 | fi 150 | fi 151 | 152 | if [ -n "${USB_PROFILE}" ]; then 153 | makeUsbProfile genProfileUsbBoot ${USB_PROFILE} 154 | else 155 | genAllProfileUsbBoot 156 | fi 157 | -------------------------------------------------------------------------------- /dockerfiles/uos/uos.yml: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2019 Intel Corporation 2 | # SPDX-License-Identifier: BSD-3-Clause 3 | 4 | kernel: 5 | image: intel/esp-uos-kernel 6 | cmdline: "console=tty0 console=ttyS0 console=ttyAMA0 console=ttysclp0" 7 | init: 8 | - linuxkit/init:a68f9fa0c1d9dbfc9c23663749a0b7ac510cbe1c 9 | - linuxkit/runc:v0.8 10 | - linuxkit/containerd:1ae8f054e9fe792d1dbdb9a65f1b5e14491cb106 11 | - linuxkit/ca-certificates:c1c73ef590dffb6a0138cf758fe4a4305c9864f4 12 | - intel/esp-uos-firmware-lan 13 | onboot: 14 | - name: modprobe 15 | image: linuxkit/modprobe:v0.8 16 | command: ["modprobe", "-a", "virtio_net", "virtio_blk", "nvme-core", "mmc_block"] 17 | - name: sysctl 18 | image: linuxkit/sysctl:v0.8 19 | - name: sysfs 20 | image: linuxkit/sysfs:v0.8 21 | - name: rngd1 22 | image: linuxkit/rngd:v0.8 23 | command: ["/sbin/rngd", "-1"] 24 | services: 25 | - name: getty 26 | image: linuxkit/getty:v0.8 27 | env: 28 | - INSECURE=true 29 | binds.add: 30 | - /:/hostroot 31 | - /etc/issue:/etc/motd 32 | - /etc/getty.shadow:/etc/shadow 33 | - /etc/sshd.passwd:/etc/passwd 34 | - /etc/sshd.group:/etc/group 35 | - /etc/profile.d:/etc/profile.d 36 | - /usr/local/bin/uos:/usr/local/bin/uos 37 | - name: rngd 38 | image: linuxkit/rngd:v0.8 39 | - name: dhcpcd 40 | image: linuxkit/dhcpcd:v0.8 41 | - name: ntpd 42 | image: linuxkit/openntpd:v0.8 43 | - name: sshd 44 | image: linuxkit/sshd:v0.8 45 | binds.add: 46 | - /:/hostroot 47 | - /etc/issue:/etc/motd 48 | - /etc/getty.shadow:/etc/shadow 49 | - /etc/sshd.passwd:/etc/passwd 50 | - /etc/sshd.group:/etc/group 51 | - /etc/profile.d:/etc/profile.d 52 | - /etc/ssh/sshd_config:/etc/ssh/sshd_config 53 | - /home:/home 54 | - /lib/modules:/lib/modules 55 | - /usr/local/bin/uos:/usr/local/bin/uos 56 | - name: dyninit 57 | image: intel/esp-uos-dyninit 58 | capabilities: 59 | - all 60 | pid: host 61 | net: host 62 | mounts: 63 | - type: cgroup 64 | options: ["rw","nosuid","noexec","nodev","relatime"] 65 | binds: 66 | - /:/hostroot 67 | - /dev:/dev 68 | - /etc/docker/daemon.json:/etc/docker/daemon.json 69 | - /etc/profile.d/profile.sh:/etc/profile.d/profile.sh 70 | - /etc/resolv.conf:/etc/resolv.conf 71 | - /lib/modules:/lib/modules 72 | - /root/.bashrc:/root/.bashrc 73 | - /sys:/sys 74 | - /tmp:/tmp 75 | files: 76 | - path: var/lib/docker 77 | directory: true 78 | - path: etc/ssh/sshd_config 79 | contents: | 80 | PasswordAuthentication yes 81 | PermitRootLogin yes 82 | - path: root/.ssh/authorized_keys 83 | contents: "" 84 | # ssh-rsa fill-this-in-with-an-ssh-key-if-you-want 85 | mode: "0600" 86 | - path: etc/docker/daemon.json 87 | contents: '{"debug": true, "storage-driver": "vfs"}' 88 | - path: usr/local/bin/uos 89 | contents: | 90 | hostname uos 91 | ctr -n services.linuxkit t exec -t --exec-id dyninit-cli-$(uuidgen) dyninit bash 92 | mode: "0777" 93 | - path: root/.bashrc 94 | contents: | 95 | source /etc/profile 96 | - path: home/uos/.bashrc 97 | contents: | 98 | source /etc/profile 99 | uid: 1000 100 | gid: 1000 101 | - path: home/uos 102 | directory: true 103 | uid: 1000 104 | gid: 1000 105 | - path: etc/issue 106 | contents: |+ 107 | 108 | Intel 109 | ███████╗███████╗██████╗ ██████╗ ███████╗ 110 | ██╔════╝██╔════╝██╔══██╗ ██╗ ██╗██╔═══██╗██╔════╝ 111 | █████╗ ███████╗██████╔╝ ██║ ██║██║ ██║███████╗ 112 | ██╔══╝ ╚════██║██╔═══╝ ██║ ██║██║ ██║╚════██║ 113 | ███████╗███████║██║ ╚██████╔╝╚██████╔╝███████║ 114 | ╚══════╝╚══════╝╚═╝ ╚═════╝ ╚═════╝ ╚══════╝ 115 | Intel Edge Software Provisioner Micro OS 116 | 117 | 118 | - path: etc/profile.d/aliases.sh 119 | contents: | 120 | alias docker="ctr -n services.linuxkit t exec -t --exec-id docker-cli-$(uuidgen) dyninit docker" 121 | mode: "0777" 122 | - path: etc/profile.d/profile.sh 123 | contents: | 124 | export PS1="\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]# " 125 | if [ -f /usr/local/bin/uos ]; then /usr/local/bin/uos; fi 126 | cd ~ 127 | export TERM=xterm 128 | resize 129 | mode: "0777" 130 | - path: etc/getty.shadow 131 | contents: | 132 | root:$6$CynZq8uqcMQH.Cbv$C.yZr/U9JMM0p/XmJGz2F1B6QLuYLqwhwz88b5CEc.GVH8XCKMMOULnjGyK7ro1olvsKS.c48B.mLwDw5iG9v0::0::::: 133 | bin:!::0::::: 134 | daemon:!::0::::: 135 | adm:!::0::::: 136 | lp:!::0::::: 137 | sync:!::0::::: 138 | shutdown:!::0::::: 139 | halt:!::0::::: 140 | mail:!::0::::: 141 | news:!::0::::: 142 | uucp:!::0::::: 143 | operator:!::0::::: 144 | man:!::0::::: 145 | postmaster:!::0::::: 146 | cron:!::0::::: 147 | ftp:!::0::::: 148 | sshd:!::0::::: 149 | at:!::0::::: 150 | squid:!::0::::: 151 | xfs:!::0::::: 152 | games:!::0::::: 153 | cyrus:!::0::::: 154 | vpopmail:!::0::::: 155 | ntp:!::0::::: 156 | smmsp:!::0::::: 157 | guest:!::0::::: 158 | nobody:!::0::::: 159 | uos:$6$1QMjH.ST8$2IDA3U50M925KDJwmtlC9e9g.8g2ZQYtiFi6.BXLFM11mXDvrFyFzl3GS6GOC7r3g5tTCOIVO1oN/tJQDpdX8/::0::::: 160 | mode: "644" 161 | - path: etc/sshd.passwd 162 | contents: | 163 | root:x:0:0:root:/root:/bin/ash 164 | bin:x:1:1:bin:/bin:/sbin/nologin 165 | daemon:x:2:2:daemon:/sbin:/sbin/nologin 166 | adm:x:3:4:adm:/var/adm:/sbin/nologin 167 | lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin 168 | sync:x:5:0:sync:/sbin:/bin/sync 169 | shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown 170 | halt:x:7:0:halt:/sbin:/sbin/halt 171 | mail:x:8:12:mail:/var/mail:/sbin/nologin 172 | news:x:9:13:news:/usr/lib/news:/sbin/nologin 173 | uucp:x:10:14:uucp:/var/spool/uucppublic:/sbin/nologin 174 | operator:x:11:0:operator:/root:/sbin/nologin 175 | man:x:13:15:man:/usr/man:/sbin/nologin 176 | postmaster:x:14:12:postmaster:/var/mail:/sbin/nologin 177 | cron:x:16:16:cron:/var/spool/cron:/sbin/nologin 178 | ftp:x:21:21::/var/lib/ftp:/sbin/nologin 179 | sshd:x:22:22:sshd:/dev/null:/sbin/nologin 180 | at:x:25:25:at:/var/spool/cron/atjobs:/sbin/nologin 181 | squid:x:31:31:Squid:/var/cache/squid:/sbin/nologin 182 | xfs:x:33:33:X Font Server:/etc/X11/fs:/sbin/nologin 183 | games:x:35:35:games:/usr/games:/sbin/nologin 184 | cyrus:x:85:12::/usr/cyrus:/sbin/nologin 185 | vpopmail:x:89:89::/var/vpopmail:/sbin/nologin 186 | ntp:x:123:123:NTP:/var/empty:/sbin/nologin 187 | smmsp:x:209:209:smmsp:/var/spool/mqueue:/sbin/nologin 188 | guest:x:405:100:guest:/dev/null:/sbin/nologin 189 | nobody:x:65534:65534:nobody:/:/sbin/nologin 190 | uos:x:1000:1000:uos:/home/uos:/bin/ash 191 | mode: "644" 192 | - path: etc/sshd.group 193 | contents: | 194 | root:x:0:root,uos 195 | bin:x:1:root,bin,daemon 196 | daemon:x:2:root,bin,daemon 197 | sys:x:3:root,bin,adm 198 | adm:x:4:root,adm,daemon 199 | tty:x:5: 200 | disk:x:6:root,adm 201 | lp:x:7:lp 202 | mem:x:8: 203 | kmem:x:9: 204 | wheel:x:10:root 205 | floppy:x:11:root 206 | mail:x:12:mail 207 | news:x:13:news 208 | uucp:x:14:uucp 209 | man:x:15:man 210 | cron:x:16:cron 211 | console:x:17: 212 | audio:x:18: 213 | cdrom:x:19: 214 | dialout:x:20:root 215 | ftp:x:21: 216 | sshd:x:22: 217 | input:x:23: 218 | at:x:25:at 219 | tape:x:26:root 220 | video:x:27:root 221 | netdev:x:28: 222 | readproc:x:30: 223 | squid:x:31:squid 224 | xfs:x:33:xfs 225 | kvm:x:34:kvm 226 | games:x:35: 227 | shadow:x:42: 228 | cdrw:x:80: 229 | usb:x:85: 230 | vpopmail:x:89: 231 | users:x:100:games 232 | ntp:x:123: 233 | nofiles:x:200: 234 | smmsp:x:209:smmsp 235 | locate:x:245: 236 | abuild:x:300: 237 | utmp:x:406: 238 | ping:x:999: 239 | nogroup:x:65533: 240 | nobody:x:65534: 241 | uos:x:1000: 242 | mode: "644" 243 | -------------------------------------------------------------------------------- /dockerfiles/uos/uos-wifi.yml: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2019 Intel Corporation 2 | # SPDX-License-Identifier: BSD-3-Clause 3 | 4 | kernel: 5 | image: intel/esp-uos-kernel 6 | cmdline: "console=tty0 console=ttyS0 console=ttyAMA0 console=ttysclp0" 7 | init: 8 | - linuxkit/init:a68f9fa0c1d9dbfc9c23663749a0b7ac510cbe1c 9 | - linuxkit/runc:v0.8 10 | - linuxkit/containerd:1ae8f054e9fe792d1dbdb9a65f1b5e14491cb106 11 | - linuxkit/ca-certificates:c1c73ef590dffb6a0138cf758fe4a4305c9864f4 12 | - intel/esp-uos-firmware-wifi 13 | onboot: 14 | - name: modprobe 15 | image: linuxkit/modprobe:v0.8 16 | command: ["modprobe", "-a", "virtio_net", "virtio_blk", "nvme-core", "mmc_block"] 17 | - name: sysctl 18 | image: linuxkit/sysctl:v0.8 19 | - name: sysfs 20 | image: linuxkit/sysfs:v0.8 21 | - name: rngd1 22 | image: linuxkit/rngd:v0.8 23 | command: ["/sbin/rngd", "-1"] 24 | services: 25 | - name: wlan 26 | image: intel/esp-uos-wifi 27 | capabilities: 28 | - all 29 | net: host 30 | binds: 31 | - /dev:/dev 32 | - /lib/firmware:/lib/firmware 33 | - /lib/modules:/lib/modules 34 | - /proc:/proc 35 | - /sys:/sys 36 | - /run/resolvconf/resolv.conf:/etc/system-resolv.conf 37 | - /var/services/wlan:/etc 38 | runtime: 39 | mkdir: ["/var/services/wlan"] 40 | - name: getty 41 | image: linuxkit/getty:v0.8 42 | env: 43 | - INSECURE=true 44 | binds.add: 45 | - /:/hostroot 46 | - /etc/issue:/etc/motd 47 | - /etc/getty.shadow:/etc/shadow 48 | - /etc/sshd.passwd:/etc/passwd 49 | - /etc/sshd.group:/etc/group 50 | - /etc/profile.d:/etc/profile.d 51 | - /usr/local/bin/uos:/usr/local/bin/uos 52 | - name: rngd 53 | image: linuxkit/rngd:v0.8 54 | - name: dhcpcd 55 | image: linuxkit/dhcpcd:v0.8 56 | - name: ntpd 57 | image: linuxkit/openntpd:v0.8 58 | - name: sshd 59 | image: linuxkit/sshd:v0.8 60 | binds.add: 61 | - /:/hostroot 62 | - /etc/issue:/etc/motd 63 | - /etc/getty.shadow:/etc/shadow 64 | - /etc/sshd.passwd:/etc/passwd 65 | - /etc/sshd.group:/etc/group 66 | - /etc/profile.d:/etc/profile.d 67 | - /etc/ssh/sshd_config:/etc/ssh/sshd_config 68 | - /home:/home 69 | - /lib/modules:/lib/modules 70 | - /usr/local/bin/uos:/usr/local/bin/uos 71 | - name: dyninit 72 | image: intel/esp-uos-dyninit 73 | capabilities: 74 | - all 75 | pid: host 76 | net: host 77 | mounts: 78 | - type: cgroup 79 | options: ["rw","nosuid","noexec","nodev","relatime"] 80 | binds: 81 | - /:/hostroot 82 | - /dev:/dev 83 | - /etc/docker/daemon.json:/etc/docker/daemon.json 84 | - /etc/profile.d/profile.sh:/etc/profile.d/profile.sh 85 | - /lib/modules:/lib/modules 86 | - /root/.bashrc:/root/.bashrc 87 | - /run/resolvconf/resolv.conf:/etc/resolv.conf 88 | - /sys:/sys 89 | - /tmp:/tmp 90 | files: 91 | - path: var/lib/docker 92 | directory: true 93 | - path: etc/ssh/sshd_config 94 | contents: | 95 | PasswordAuthentication yes 96 | PermitRootLogin yes 97 | - path: root/.ssh/authorized_keys 98 | contents: "" 99 | # ssh-rsa fill-this-in-with-an-ssh-key-if-you-want 100 | mode: "0600" 101 | - path: etc/docker/daemon.json 102 | contents: '{"debug": true, "storage-driver": "vfs"}' 103 | - path: usr/local/bin/uos 104 | contents: | 105 | hostname uos 106 | ctr -n services.linuxkit t exec -t --exec-id dyninit-cli-$(uuidgen) dyninit bash 107 | mode: "0777" 108 | - path: root/.bashrc 109 | contents: | 110 | source /etc/profile 111 | - path: home/uos/.bashrc 112 | contents: | 113 | source /etc/profile 114 | uid: 1000 115 | gid: 1000 116 | - path: home/uos 117 | directory: true 118 | uid: 1000 119 | gid: 1000 120 | - path: etc/issue 121 | contents: |+ 122 | 123 | Intel 124 | ███████╗███████╗██████╗ ██████╗ ███████╗ 125 | ██╔════╝██╔════╝██╔══██╗ ██╗ ██╗██╔═══██╗██╔════╝ 126 | █████╗ ███████╗██████╔╝ ██║ ██║██║ ██║███████╗ 127 | ██╔══╝ ╚════██║██╔═══╝ ██║ ██║██║ ██║╚════██║ 128 | ███████╗███████║██║ ╚██████╔╝╚██████╔╝███████║ 129 | ╚══════╝╚══════╝╚═╝ ╚═════╝ ╚═════╝ ╚══════╝ 130 | Intel Edge Software Provisioner Micro OS 131 | 132 | 133 | - path: etc/profile.d/aliases.sh 134 | contents: | 135 | alias docker="ctr -n services.linuxkit t exec -t --exec-id docker-cli-$(uuidgen) dyninit docker" 136 | mode: "0777" 137 | - path: etc/profile.d/profile.sh 138 | contents: | 139 | export PS1="\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]# " 140 | if [ -f /usr/local/bin/uos ]; then /usr/local/bin/uos; fi 141 | cd ~ 142 | if [ -f /opt/bootstrap/wifi-scan ]; then /opt/bootstrap/wifi-scan; fi 143 | export TERM=xterm 144 | resize 145 | mode: "0777" 146 | - path: etc/getty.shadow 147 | contents: | 148 | root:$6$CynZq8uqcMQH.Cbv$C.yZr/U9JMM0p/XmJGz2F1B6QLuYLqwhwz88b5CEc.GVH8XCKMMOULnjGyK7ro1olvsKS.c48B.mLwDw5iG9v0::0::::: 149 | bin:!::0::::: 150 | daemon:!::0::::: 151 | adm:!::0::::: 152 | lp:!::0::::: 153 | sync:!::0::::: 154 | shutdown:!::0::::: 155 | halt:!::0::::: 156 | mail:!::0::::: 157 | news:!::0::::: 158 | uucp:!::0::::: 159 | operator:!::0::::: 160 | man:!::0::::: 161 | postmaster:!::0::::: 162 | cron:!::0::::: 163 | ftp:!::0::::: 164 | sshd:!::0::::: 165 | at:!::0::::: 166 | squid:!::0::::: 167 | xfs:!::0::::: 168 | games:!::0::::: 169 | cyrus:!::0::::: 170 | vpopmail:!::0::::: 171 | ntp:!::0::::: 172 | smmsp:!::0::::: 173 | guest:!::0::::: 174 | nobody:!::0::::: 175 | uos:$6$1QMjH.ST8$2IDA3U50M925KDJwmtlC9e9g.8g2ZQYtiFi6.BXLFM11mXDvrFyFzl3GS6GOC7r3g5tTCOIVO1oN/tJQDpdX8/::0::::: 176 | mode: "644" 177 | - path: etc/sshd.passwd 178 | contents: | 179 | root:x:0:0:root:/root:/bin/ash 180 | bin:x:1:1:bin:/bin:/sbin/nologin 181 | daemon:x:2:2:daemon:/sbin:/sbin/nologin 182 | adm:x:3:4:adm:/var/adm:/sbin/nologin 183 | lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin 184 | sync:x:5:0:sync:/sbin:/bin/sync 185 | shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown 186 | halt:x:7:0:halt:/sbin:/sbin/halt 187 | mail:x:8:12:mail:/var/mail:/sbin/nologin 188 | news:x:9:13:news:/usr/lib/news:/sbin/nologin 189 | uucp:x:10:14:uucp:/var/spool/uucppublic:/sbin/nologin 190 | operator:x:11:0:operator:/root:/sbin/nologin 191 | man:x:13:15:man:/usr/man:/sbin/nologin 192 | postmaster:x:14:12:postmaster:/var/mail:/sbin/nologin 193 | cron:x:16:16:cron:/var/spool/cron:/sbin/nologin 194 | ftp:x:21:21::/var/lib/ftp:/sbin/nologin 195 | sshd:x:22:22:sshd:/dev/null:/sbin/nologin 196 | at:x:25:25:at:/var/spool/cron/atjobs:/sbin/nologin 197 | squid:x:31:31:Squid:/var/cache/squid:/sbin/nologin 198 | xfs:x:33:33:X Font Server:/etc/X11/fs:/sbin/nologin 199 | games:x:35:35:games:/usr/games:/sbin/nologin 200 | cyrus:x:85:12::/usr/cyrus:/sbin/nologin 201 | vpopmail:x:89:89::/var/vpopmail:/sbin/nologin 202 | ntp:x:123:123:NTP:/var/empty:/sbin/nologin 203 | smmsp:x:209:209:smmsp:/var/spool/mqueue:/sbin/nologin 204 | guest:x:405:100:guest:/dev/null:/sbin/nologin 205 | nobody:x:65534:65534:nobody:/:/sbin/nologin 206 | uos:x:1000:1000:uos:/home/uos:/bin/ash 207 | mode: "644" 208 | - path: etc/sshd.group 209 | contents: | 210 | root:x:0:root,uos 211 | bin:x:1:root,bin,daemon 212 | daemon:x:2:root,bin,daemon 213 | sys:x:3:root,bin,adm 214 | adm:x:4:root,adm,daemon 215 | tty:x:5: 216 | disk:x:6:root,adm 217 | lp:x:7:lp 218 | mem:x:8: 219 | kmem:x:9: 220 | wheel:x:10:root 221 | floppy:x:11:root 222 | mail:x:12:mail 223 | news:x:13:news 224 | uucp:x:14:uucp 225 | man:x:15:man 226 | cron:x:16:cron 227 | console:x:17: 228 | audio:x:18: 229 | cdrom:x:19: 230 | dialout:x:20:root 231 | ftp:x:21: 232 | sshd:x:22: 233 | input:x:23: 234 | at:x:25:at 235 | tape:x:26:root 236 | video:x:27:root 237 | netdev:x:28: 238 | readproc:x:30: 239 | squid:x:31:squid 240 | xfs:x:33:xfs 241 | kvm:x:34:kvm 242 | games:x:35: 243 | shadow:x:42: 244 | cdrw:x:80: 245 | usb:x:85: 246 | vpopmail:x:89: 247 | users:x:100:games 248 | ntp:x:123: 249 | nofiles:x:200: 250 | smmsp:x:209:smmsp 251 | locate:x:245: 252 | abuild:x:300: 253 | utmp:x:406: 254 | ping:x:999: 255 | nogroup:x:65533: 256 | nobody:x:65534: 257 | uos:x:1000: 258 | mode: "644" 259 | -------------------------------------------------------------------------------- /scripts/textutils.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright (C) 2020 Intel Corporation 4 | # SPDX-License-Identifier: BSD-3-Clause 5 | 6 | LOG_FILE="builder.log" 7 | 8 | export C_RED='\e[31m' 9 | export C_GREEN='\e[32m' 10 | export C_YELLOW='\e[33m' 11 | export C_BLUE='\e[34m' 12 | export C_MAGENTA='\e[35m' 13 | export C_CYAN='\e[36m' 14 | export C_WHITE='\e[37m' 15 | 16 | export C_GRAY='\e[30;1m' 17 | export C_L_RED='\e[31;1m' 18 | export C_L_GREEN='\e[32;1m' 19 | export C_L_YELLOW='\e[33;1m' 20 | export C_L_BLUE='\e[34;1m' 21 | export C_L_MAGENTA='\e[35;1m' 22 | export C_L_CYAN='\e[36;1m' 23 | export C_L_WHITE='\e[37;1m' 24 | 25 | export T_RESET='\e[0m' 26 | export T_BOLD='\e[1m' 27 | export T_ULINE='\e[4m' 28 | 29 | export T_ERR="${T_BOLD}\e[31;1m" 30 | export T_ERR_ICON="[${T_BOLD}${C_RED}✗${T_RESET}]" 31 | 32 | export T_OK_ICON="[${T_BOLD}${C_GREEN}✓${T_RESET}]" 33 | export T_INFO_ICON="[${T_BOLD}${C_YELLOW}i${T_RESET}]" 34 | export T_QST_ICON="${T_BOLD}[?]${T_RESET}" 35 | 36 | function printMsg() { 37 | echo -e "${T_RESET}${1}" 2>&1 38 | } 39 | 40 | function printMsgNoNewline() { 41 | echo -n -e "${1}" 2>&1 42 | } 43 | 44 | function getFormattedDate() { 45 | date +"%Y-%m-%d %I:%M:%S" 46 | } 47 | 48 | function getPrettyDate() { 49 | echo "${C_BLUE}$(getFormattedDate)${T_RESET}" 50 | } 51 | 52 | function printDatedMsg() { 53 | printMsg "$(getPrettyDate) ${1}${T_RESET}" 54 | } 55 | 56 | function printDatedInfoMsg() { 57 | printDatedMsg "${T_INFO_ICON} ${1}" 58 | } 59 | 60 | function printErrMsg() { 61 | printMsg "${T_ERR_ICON}${T_ERR} ${1} ${T_RESET}" 62 | } 63 | 64 | function printDatedErrMsg() { 65 | printDatedMsg "${T_ERR_ICON}${T_ERR} ${1}" 66 | } 67 | 68 | function printOkMsg() { 69 | printMsg "${T_OK_ICON} ${1}${T_RESET}" 70 | } 71 | 72 | function printDatedOkMsg() { 73 | printDatedMsg "${T_OK_ICON} ${1}${T_RESET}" 74 | } 75 | 76 | function printBanner() { 77 | printMsg "\n${T_BOLD}${C_BLUE}${1}${T_RESET}" 78 | } 79 | 80 | # logMsg will log the given message 81 | # $1 is the message to log 82 | # $2 is optional log location 83 | function logMsg() { 84 | # if a path was passed in, use it 85 | # otherwise, default to base log file 86 | local logLocation=${2:-${LOG_FILE}} 87 | 88 | echo "$(getFormattedDate) ${1}" >> "${logLocation}" 89 | } 90 | 91 | function logInfoMsg() { 92 | # if a path was passed in, use it 93 | # otherwise, default to base log file 94 | local logLocation=${2:-${LOG_FILE}} 95 | 96 | logMsg "INFO ${1}" "${logLocation}" 97 | } 98 | 99 | function logErrMsg() { 100 | # if a path was passed in, use it 101 | # otherwise, default to base log file 102 | local logLocation=${2:-${LOG_FILE}} 103 | 104 | logMsg "ERROR ${1}" "${logLocation}" 105 | } 106 | 107 | function logFatalErrMsg() { 108 | # if a path was passed in, use it 109 | # otherwise, default to base log file 110 | local logLocation=${2:-${LOG_FILE}} 111 | 112 | logErrMsg "${1}" "${logLocation}" 113 | echo -e "${T_ERR}Preview:${T_RESET}" 2>&1 114 | tail -n 3 ${LOG_FILE} 2>&1 115 | echo -e "${T_ERR}Please check ${LOG_FILE} for more details.${T_RESET}\n\n" 2>&1 116 | exit 1 117 | } 118 | 119 | function logOkMsg() { 120 | # if a path was passed in, use it 121 | # otherwise, default to base log file 122 | local logLocation=${2:-${LOG_FILE}} 123 | 124 | logMsg "OK ${1}" "${logLocation}" 125 | } 126 | 127 | function printAndLogDatedInfoMsg() { 128 | # if a path was passed in, use it 129 | # otherwise, default to base log file 130 | local logLocation=${2:-${LOG_FILE}} 131 | 132 | printDatedInfoMsg "${1}" 133 | logMsg "${1}" "${logLocation}" 134 | } 135 | 136 | function printAndLogDatedErrMsg() { 137 | # if a path was passed in, use it 138 | # otherwise, default to base log file 139 | local logLocation=${2:-${LOG_FILE}} 140 | 141 | printDatedErrMsg "${1}" 142 | logErrMsg "${1}" "${logLocation}" 143 | } 144 | 145 | function printAndLogDatedOkMsg() { 146 | # if a path was passed in, use it 147 | # otherwise, default to base log file 148 | local logLocation=${2:-${LOG_FILE}} 149 | 150 | printDatedOkMsg "${1}" 151 | logOkMsg "${1}" "${logLocation}" 152 | } 153 | 154 | function spinner() { 155 | local pid="$!" 156 | local spinstr="-\|/*" 157 | #tput civis # cursor invisible 158 | #while [ "$(ps a -o pid | grep ${pid})" ]; do 159 | while kill -0 ${pid} 2>/dev/null; do 160 | local temp=${spinstr#?} 161 | printf " [%c] " "${spinstr}" 2>&1 162 | local spinstr=${temp}${spinstr%"$temp"} 163 | sleep 0.08 164 | printf "\b\b\b\b\b\b" 2>&1 165 | done 166 | #tput cnorm # cursor visible 167 | printf " \b\b\b\b" 2>&1 168 | } 169 | 170 | # function to run a long running process and show a spinner 171 | # sample: run "message to display" 172 | function run() { 173 | local msg=$1 174 | local runThis=$2 175 | local log=$3 176 | echo -e -n "$(getPrettyDate) ${msg}...${T_RESET}" 2>&1 177 | { 178 | # this is grouped so that the log is only appended once 179 | echo "$(getFormattedDate) START ${msg}..." 180 | echo -e "${runThis}" 181 | } >> "${log}" 182 | (eval "${runThis}" >> "${log}" 2>&1) & 183 | spinner 184 | wait %1 185 | exitcode=$? 186 | if [ ${exitcode} -ne 0 ]; then 187 | local success=false 188 | else 189 | local success=true 190 | fi 191 | 192 | if [ "${success}" = false ]; then 193 | echo "$(getFormattedDate) FAILED: Running ${runThis}..." >> "${log}" 194 | echo -e "\n$(getPrettyDate) ${T_ERR_ICON}${T_ERR} FAILED: Running ${runThis}${T_RESET}" 2>&1 195 | echo -e "\n${T_ERR}Log Preview:${T_RESET}" 2>&1 196 | tail -n 3 "${log}" 2>&1 197 | echo -e "${T_ERR}Please check ${log} for more details.${T_RESET}\n\n" 2>&1 198 | if [ -f conf/.build.lock ]; then 199 | rm conf/.build.lock > /dev/null 2>&1 200 | fi 201 | if [ -f ../../conf/.build.lock ]; then 202 | rm ../../conf/.build.lock > /dev/null 2>&1 203 | fi 204 | exit 1 205 | else 206 | echo "$(getFormattedDate) SUCCESS: ${msg}..." >> "${log}" 207 | echo -e " ${T_OK_ICON} ${C_GREEN}Success${T_RESET}" 2>&1 208 | fi 209 | } 210 | 211 | # Ensures that we can consistently handle blank inputs of the following forms: 212 | # None 213 | # '' 214 | # "" 215 | # Will return either the original value if it is not empty, or an empty value. 216 | function validateEmptyInput() { 217 | local input=$1 218 | 219 | if [[ "${input}" == "None" || "${input}" == "\"\"" || "${input}" == "''" ]]; then 220 | echo "" 221 | else 222 | echo "${input}" 223 | fi 224 | } 225 | 226 | validateInput() { 227 | local type=$1 228 | local string=$2 229 | local msg=$3 230 | local regex=${4:-*} 231 | 232 | case ${type} in 233 | 234 | "url" ) 235 | local regex='^(https?|ftp|file)://[-A-Za-z0-9\+&@#/%?=~_|!:,.;]*[-A-Za-z0-9\+&@#/%=~_|]\.[-A-Za-z0-9\+&@#/%?=~_|!:,.;]*[-A-Za-z0-9\+&@#/%=~_|]$' 236 | if [[ ! ${string} =~ ${regex} ]]; then 237 | printErrMsg " ${msg}" 238 | exit; 239 | fi 240 | ;; 241 | 242 | "fqdn" ) 243 | local regex='^(?=^.{4,253}$)(^(?:[a-zA-Z](?:(?:[a-zA-Z0-9-]){0,61}[a-zA-Z])?\.)+[a-zA-Z]{2,}$)$' 244 | if [[ ! ${string} =~ ${regex} ]]; then 245 | printErrMsg " ${msg}" 246 | exit; 247 | fi 248 | ;; 249 | 250 | "email" ) 251 | local regex='^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,4}$' 252 | if [[ ! ${string} =~ ${regex} ]]; then 253 | printErrMsg " ${msg}" 254 | exit; 255 | fi 256 | ;; 257 | 258 | "filename" ) 259 | local regex='^[A-Za-z0-9_\.-]+$' 260 | if [[ ! ${string} =~ ${regex} ]]; then 261 | printErrMsg " ${msg}" 262 | exit; 263 | fi 264 | ;; 265 | 266 | "dirname" ) 267 | local regex='^[A-Za-z0-9_\/\.-]+$' 268 | if [[ ! ${string} =~ ${regex} ]]; then 269 | printErrMsg " ${msg}" 270 | exit; 271 | fi 272 | ;; 273 | 274 | "numeric" ) 275 | local regex='^[0-9]+$' 276 | if [[ ! ${string} =~ ${regex} ]]; then 277 | printErrMsg " ${msg}" 278 | exit; 279 | fi 280 | ;; 281 | 282 | "container" ) 283 | local regex='^[A-Za-z0-9_\/\.:-]+$' 284 | if [[ ! ${string} =~ ${regex} ]]; then 285 | printErrMsg " ${msg}" 286 | exit; 287 | fi 288 | ;; 289 | 290 | "custom" ) 291 | if [[ ! ${string} =~ ${regex} ]]; then 292 | printErrMsg " ${msg}" 293 | exit; 294 | fi 295 | ;; 296 | 297 | esac 298 | 299 | } 300 | -------------------------------------------------------------------------------- /template/smb/smb.conf: -------------------------------------------------------------------------------- 1 | # This is the main Samba configuration file. You should read the 2 | # smb.conf(5) manual page in order to understand the options listed 3 | # here. Samba has a huge number of configurable options (perhaps too 4 | # many!) most of which are not shown in this example 5 | # 6 | # For a step to step guide on installing, configuring and using samba, 7 | # read the Samba-HOWTO-Collection. This may be obtained from: 8 | # http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf 9 | # 10 | # Many working examples of smb.conf files can be found in the 11 | # Samba-Guide which is generated daily and can be downloaded from: 12 | # http://www.samba.org/samba/docs/Samba-Guide.pdf 13 | # 14 | # Any line which starts with a ; (semi-colon) or a # (hash) 15 | # is a comment and is ignored. In this example we will use a # 16 | # for commentry and a ; for parts of the config file that you 17 | # may wish to enable 18 | # 19 | # NOTE: Whenever you modify this file you should run the command "testparm" 20 | # to check that you have not made any basic syntactic errors. 21 | # 22 | #======================= Global Settings ===================================== 23 | [global] 24 | 25 | # workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH 26 | workgroup = MYGROUP 27 | 28 | # server string is the equivalent of the NT Description field 29 | server string = Samba Server 30 | 31 | # Server role. Defines in which mode Samba will operate. Possible 32 | # values are "standalone server", "member server", "classic primary 33 | # domain controller", "classic backup domain controller", "active 34 | # directory domain controller". 35 | # 36 | # Most people will want "standalone server" or "member server". 37 | # Running as "active directory domain controller" will require first 38 | # running "samba-tool domain provision" to wipe databases and create a 39 | # new domain. 40 | server role = standalone server 41 | 42 | # This option is important for security. It allows you to restrict 43 | # connections to machines which are on your local network. The 44 | # following example restricts access to two C class networks and 45 | # the "loopback" interface. For more examples of the syntax see 46 | # the smb.conf man page 47 | ; hosts allow = 192.168.1. 192.168.2. 127. 48 | 49 | # Uncomment this if you want a guest account, you must add this to /etc/passwd 50 | # otherwise the user "nobody" is used 51 | ; guest account = pcguest 52 | 53 | # this tells Samba to use a separate log file for each machine 54 | # that connects 55 | log file = /usr/local/samba/var/log.%m 56 | 57 | # Put a capping on the size of the log files (in Kb). 58 | max log size = 50 59 | 60 | # Specifies the Kerberos or Active Directory realm the host is part of 61 | ; realm = MY_REALM 62 | 63 | # Backend to store user information in. New installations should 64 | # use either tdbsam or ldapsam. smbpasswd is available for backwards 65 | # compatibility. tdbsam requires no further configuration. 66 | ; passdb backend = tdbsam 67 | 68 | # Using the following line enables you to customise your configuration 69 | # on a per machine basis. The %m gets replaced with the netbios name 70 | # of the machine that is connecting. 71 | # Note: Consider carefully the location in the configuration file of 72 | # this line. The included file is read at that point. 73 | ; include = /usr/local/samba/lib/smb.conf.%m 74 | 75 | # Configure Samba to use multiple interfaces 76 | # If you have multiple network interfaces then you must list them 77 | # here. See the man page for details. 78 | ; interfaces = 192.168.12.2/24 192.168.13.2/24 79 | 80 | # Where to store roving profiles (only for Win95 and WinNT) 81 | # %L substitutes for this servers netbios name, %U is username 82 | # You must uncomment the [Profiles] share below 83 | ; logon path = \\%L\Profiles\%U 84 | 85 | # Windows Internet Name Serving Support Section: 86 | # WINS Support - Tells the NMBD component of Samba to enable it's WINS Server 87 | ; wins support = yes 88 | 89 | # WINS Server - Tells the NMBD components of Samba to be a WINS Client 90 | # Note: Samba can be either a WINS Server, or a WINS Client, but NOT both 91 | ; wins server = w.x.y.z 92 | 93 | # WINS Proxy - Tells Samba to answer name resolution queries on 94 | # behalf of a non WINS capable client, for this to work there must be 95 | # at least one WINS Server on the network. The default is NO. 96 | ; wins proxy = yes 97 | 98 | # DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names 99 | # via DNS nslookups. The default is NO. 100 | dns proxy = no 101 | 102 | # These scripts are used on a domain controller or stand-alone 103 | # machine to add or delete corresponding unix accounts 104 | ; add user script = /usr/sbin/useradd %u 105 | ; add group script = /usr/sbin/groupadd %g 106 | ; add machine script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %u 107 | ; delete user script = /usr/sbin/userdel %u 108 | ; delete user from group script = /usr/sbin/deluser %u %g 109 | ; delete group script = /usr/sbin/groupdel %g 110 | 111 | 112 | #============================ Share Definitions ============================== 113 | ;[homes] 114 | ; comment = Home Directories 115 | ; browseable = no 116 | ; writable = yes 117 | 118 | # Un-comment the following and create the netlogon directory for Domain Logons 119 | ; [netlogon] 120 | ; comment = Network Logon Service 121 | ; path = /usr/local/samba/lib/netlogon 122 | ; guest ok = yes 123 | ; writable = no 124 | ; share modes = no 125 | 126 | 127 | # Un-comment the following to provide a specific roving profile share 128 | # the default is to use the user's home directory 129 | ;[Profiles] 130 | ; path = /usr/local/samba/profiles 131 | ; browseable = no 132 | ; guest ok = yes 133 | 134 | 135 | # NOTE: If you have a BSD-style print system there is no need to 136 | # specifically define each individual printer 137 | ;[printers] 138 | ; comment = All Printers 139 | ; path = /usr/spool/samba 140 | ; browseable = no 141 | # Set public = yes to allow user 'guest account' to print 142 | ; guest ok = no 143 | ; writable = no 144 | ; printable = yes 145 | 146 | # This one is useful for people to share files 147 | ;[tmp] 148 | ; comment = Temporary file space 149 | ; path = /tmp 150 | ; read only = no 151 | ; public = yes 152 | 153 | # A publicly accessible directory, but read only, except for people in 154 | # the "staff" group 155 | ;[public] 156 | ; comment = Public Stuff 157 | ; path = /home/samba 158 | ; public = yes 159 | ; writable = no 160 | ; printable = no 161 | ; write list = @staff 162 | 163 | # Other examples. 164 | # 165 | # A private printer, usable only by fred. Spool data will be placed in fred's 166 | # home directory. Note that fred must have write access to the spool directory, 167 | # wherever it is. 168 | ;[fredsprn] 169 | ; comment = Fred's Printer 170 | ; valid users = fred 171 | ; path = /homes/fred 172 | ; printer = freds_printer 173 | ; public = no 174 | ; writable = no 175 | ; printable = yes 176 | 177 | # A private directory, usable only by fred. Note that fred requires write 178 | # access to the directory. 179 | ;[fredsdir] 180 | ; comment = Fred's Service 181 | ; path = /usr/somewhere/private 182 | ; valid users = fred 183 | ; public = no 184 | ; writable = yes 185 | ; printable = no 186 | # a service which has a different directory for each machine that connects 187 | # this allows you to tailor configurations to incoming machines. You could 188 | # also use the %U option to tailor it by user name. 189 | # The %m gets replaced with the machine name that is connecting. 190 | ;[pchome] 191 | ; comment = PC Directories 192 | ; path = /usr/pc/%m 193 | ; public = no 194 | ; writable = yes 195 | 196 | # A publicly accessible directory, read/write to all users. Note that all files 197 | # created in the directory by users will be owned by the default user, so 198 | # any user with access can delete any other user's files. Obviously this 199 | # directory must be writable by the default user. Another user could of course 200 | # be specified, in which case all files would be owned by that user instead. 201 | ;[public] 202 | ; path = /usr/somewhere/else/public 203 | ; public = yes 204 | ; only guest = yes 205 | ; writable = yes 206 | ; printable = no 207 | 208 | # The following two entries demonstrate how to share a directory so that two 209 | # users can place files there that will be owned by the specific users. In this 210 | # setup, the directory should be writable by both users and should have the 211 | # sticky bit set on it to prevent abuse. Obviously this could be extended to 212 | # as many users as required. 213 | ;[myshare] 214 | ; comment = Mary's and Fred's stuff 215 | ; path = /usr/somewhere/shared 216 | ; valid users = mary fred 217 | ; public = no 218 | ; writable = yes 219 | ; printable = no 220 | ; create mask = 0765 221 | 222 | [install] 223 | comment = My network share 224 | path = /smbshare/ 225 | public = yes 226 | writable = no 227 | printable = no 228 | browseable = yes 229 | create mask = 0644 230 | directory mask = 0755 231 | -------------------------------------------------------------------------------- /docker-compose.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | # Copyright (C) 2023 Intel Corporation 4 | # SPDX-License-Identifier: BSD-3-Clause 5 | 6 | version: '3' 7 | 8 | networks: 9 | gitea: 10 | external: false 11 | 12 | services: 13 | core: 14 | image: intel/esp-core 15 | environment: 16 | - CONTAINER_IMAGES=intel/esp-core intel/esp-gitea intel/esp-dnsmasq intel/esp-squid intel/esp-web intel/esp-git intel/esp-aws-cli intel/esp-uos-builder intel/esp-qemu intel/esp-certbot intel/esp-smb intel/esp-dyn-profile intel/esp-logging-agent intel/esp-uos-kernel intel/esp-uos-wifi intel/esp-uos-firmware-wifi intel/esp-uos-firmware-lan intel/esp-uos-dyninit 17 | - BUILDER_PATH=${PWD} 18 | - PATH=${PWD}:/usr/local/bin:/usr/local/sbin:/usr/sbin:/usr/bin:/sbin:/bin 19 | - http_proxy=${http_proxy:-} 20 | - https_proxy=${https_proxy:-} 21 | - ftp_proxy=${ftp_proxy:-} 22 | - no_proxy=${no_proxy:-} 23 | - HTTP_PROXY=${HTTP_PROXY:-} 24 | - HTTPS_PROXY=${HTTPS_PROXY:-} 25 | - FTP_PROXY=${FTP_PROXY:-} 26 | - NO_PROXY=${NO_PROXY:-} 27 | ipc: host 28 | network_mode: host 29 | pid: host 30 | privileged: true 31 | restart: always 32 | userns_mode: host 33 | volumes: 34 | - /var/run/docker.sock:/var/run/docker.sock 35 | - ./:${PWD}/root 36 | - ./conf:${PWD}/conf:shared 37 | - ./data:${PWD}/data:shared 38 | - ./dockerfiles/uos:${PWD}/dockerfiles/uos:shared 39 | - ./output:${PWD}/output:shared 40 | - ./template:${PWD}/template:shared 41 | logging: 42 | driver: "json-file" 43 | options: 44 | max-file: "5" 45 | max-size: "1m" 46 | 47 | web: 48 | image: intel/esp-web 49 | restart: always 50 | environment: 51 | - CN=edgebuilder.local 52 | - O=edgebuilder 53 | - OU=edgebuilder 54 | - C=US 55 | - http_proxy=${http_proxy:-} 56 | - https_proxy=${https_proxy:-} 57 | - ftp_proxy=${ftp_proxy:-} 58 | - no_proxy=${no_proxy:-} 59 | - HTTP_PROXY=${HTTP_PROXY:-} 60 | - HTTPS_PROXY=${HTTPS_PROXY:-} 61 | - FTP_PROXY=${FTP_PROXY:-} 62 | - NO_PROXY=${NO_PROXY:-} 63 | ports: 64 | - 80:80 65 | - 443:443 66 | volumes: 67 | # Don't make these read-only, or else docker will fail to mount 68 | - ./data/certbot/conf:/etc/letsencrypt 69 | - ./data/certbot/www:/var/www/certbot 70 | - ./data/etc/ssl/private:/etc/ssl/private 71 | - ./data/usr/share/nginx/html:/usr/share/nginx/html:shared 72 | - ./data/srv/tftp:/usr/share/nginx/html/tftp:shared 73 | - ./data/srv/tftp/pxelinux.cfg/:/usr/share/nginx/html/tftp/pxelinux.cfg/ 74 | - ./data/srv/tftp/pxelinux.cfg_legacy/:/usr/share/nginx/html/tftp/legacy/pxelinux.cfg/ 75 | - ./data/srv/tftp/pxelinux.cfg/:/usr/share/nginx/html/tftp/efi32/pxelinux.cfg/ 76 | - ./data/srv/tftp/pxelinux.cfg/:/usr/share/nginx/html/tftp/efi64/pxelinux.cfg/ 77 | - ./data/srv/tftp/images/uos/:/usr/share/nginx/html/tftp/legacy/images/uos/ 78 | - ./data/srv/tftp/images/uos/:/usr/share/nginx/html/tftp/efi32/images/uos/ 79 | - ./data/srv/tftp/images/uos/:/usr/share/nginx/html/tftp/efi64/images/uos/ 80 | - ./data/usr/share/nginx/html/web-cert:/etc/ssl/cert 81 | - ./template/nginx:/usr/share/nginx/template 82 | depends_on: 83 | - core 84 | logging: 85 | driver: "json-file" 86 | options: 87 | max-file: "5" 88 | max-size: "1m" 89 | 90 | certbot: 91 | image: intel/esp-certbot 92 | restart: on-failure 93 | environment: 94 | - http_proxy=${http_proxy:-} 95 | - https_proxy=${https_proxy:-} 96 | - ftp_proxy=${ftp_proxy:-} 97 | - no_proxy=${no_proxy:-} 98 | - HTTP_PROXY=${HTTP_PROXY:-} 99 | - HTTPS_PROXY=${HTTPS_PROXY:-} 100 | - FTP_PROXY=${FTP_PROXY:-} 101 | - NO_PROXY=${NO_PROXY:-} 102 | ports: [] 103 | volumes: 104 | - ./conf:/opt/esp/conf 105 | - ./data/certbot/conf:/etc/letsencrypt 106 | - ./data/certbot/www:/var/www/certbot 107 | - ./data/certbot/lib:/var/lib/letsencrypt 108 | - ./data/etc/ssl/private:/etc/ssl/private 109 | - ./data/usr/share/nginx/html/web-cert:/etc/ssl/cert 110 | depends_on: 111 | - web 112 | logging: 113 | driver: "json-file" 114 | options: 115 | max-file: "5" 116 | max-size: "1m" 117 | 118 | dnsmasq: 119 | image: intel/esp-dnsmasq 120 | restart: always 121 | environment: 122 | - http_proxy=${http_proxy:-} 123 | - https_proxy=${https_proxy:-} 124 | - ftp_proxy=${ftp_proxy:-} 125 | - no_proxy=${no_proxy:-} 126 | - HTTP_PROXY=${HTTP_PROXY:-} 127 | - HTTPS_PROXY=${HTTPS_PROXY:-} 128 | - FTP_PROXY=${FTP_PROXY:-} 129 | - NO_PROXY=${NO_PROXY:-} 130 | volumes: 131 | - ./template/pxe_bg.png:/srv/tftp/pxe_bg.png 132 | - ./template/pxe_bg.png:/srv/tftp/legacy/pxe_bg.png 133 | - ./template/pxe_bg.png:/srv/tftp/efi32/pxe_bg.png 134 | - ./template/pxe_bg.png:/srv/tftp/efi64/pxe_bg.png 135 | - ./data/srv/tftp/images:/srv/tftp/images 136 | - ./data/srv/tftp/images:/srv/tftp/legacy/images 137 | - ./data/srv/tftp/images:/srv/tftp/efi32/images 138 | - ./data/srv/tftp/images:/srv/tftp/efi64/images 139 | - ./data/srv/tftp/pxelinux.cfg/:/srv/tftp/pxelinux.cfg/ 140 | - ./data/srv/tftp/pxelinux.cfg_legacy/:/srv/tftp/legacy/pxelinux.cfg/ 141 | - ./data/srv/tftp/pxelinux.cfg/:/srv/tftp/efi32/pxelinux.cfg/ 142 | - ./data/srv/tftp/pxelinux.cfg/:/srv/tftp/efi64/pxelinux.cfg/ 143 | - ./data/srv/tftp/:/usr/share/nginx/html/tftp/:shared 144 | - ./data/etc:/etc/dnsmasq:shared 145 | network_mode: host 146 | cap_add: 147 | - NET_ADMIN 148 | depends_on: 149 | - core 150 | logging: 151 | driver: "json-file" 152 | options: 153 | max-file: "5" 154 | max-size: "1m" 155 | # driver: "fluentd" 156 | # options: 157 | # fluentd-address: "localhost:24224" 158 | 159 | registry-mirror: 160 | image: registry:2 161 | restart: always 162 | environment: 163 | - http_proxy=${http_proxy:-} 164 | - https_proxy=${https_proxy:-} 165 | - ftp_proxy=${ftp_proxy:-} 166 | - no_proxy=${no_proxy:-} 167 | - HTTP_PROXY=${HTTP_PROXY:-} 168 | - HTTPS_PROXY=${HTTPS_PROXY:-} 169 | - FTP_PROXY=${FTP_PROXY:-} 170 | - NO_PROXY=${NO_PROXY:-} 171 | ports: 172 | - 5557:5000 173 | volumes: 174 | - ./template/registry/:/etc/docker/registry/:shared 175 | - ./data/var/lib/registry:/var/lib/registry 176 | command: "/etc/docker/registry/config.yml" 177 | depends_on: 178 | - core 179 | logging: 180 | driver: "json-file" 181 | options: 182 | max-file: "5" 183 | max-size: "1m" 184 | 185 | squid: 186 | image: intel/esp-squid 187 | restart: always 188 | environment: 189 | - CN=squid.local 190 | - O=squid 191 | - OU=squid 192 | - C=US 193 | - http_proxy=${http_proxy:-} 194 | - https_proxy=${https_proxy:-} 195 | - ftp_proxy=${ftp_proxy:-} 196 | - no_proxy=${no_proxy:-} 197 | - HTTP_PROXY=${HTTP_PROXY:-} 198 | - HTTPS_PROXY=${HTTPS_PROXY:-} 199 | - FTP_PROXY=${FTP_PROXY:-} 200 | - NO_PROXY=${NO_PROXY:-} 201 | ports: 202 | - 3128:3128 203 | - 4128:4128 204 | volumes: 205 | - ./template/squid:/etc/squid/template 206 | - ./data/var/cache/squid:/var/spool/squid 207 | - ./data/var/log/squid:/var/log/squid 208 | - ./data/usr/share/nginx/html/squid-cert:/etc/squid-cert 209 | depends_on: 210 | - core 211 | logging: 212 | driver: "json-file" 213 | options: 214 | max-file: "5" 215 | max-size: "1m" 216 | 217 | mirror: 218 | image: intel/esp-gitea 219 | environment: 220 | - USER_UID=1000 221 | - USER_GID=1000 222 | - DISABLE_REGISTRATION=true 223 | - DEFAULT_PRIVATE=public 224 | - ENABLE_PUSH_CREATE_USER=true 225 | - ENABLE_PUSH_CREATE_ORG=true 226 | - http_proxy=${http_proxy:-} 227 | - https_proxy=${https_proxy:-} 228 | - ftp_proxy=${ftp_proxy:-} 229 | - no_proxy=${no_proxy:-} 230 | - HTTP_PROXY=${HTTP_PROXY:-} 231 | - HTTPS_PROXY=${HTTPS_PROXY:-} 232 | - FTP_PROXY=${FTP_PROXY:-} 233 | - NO_PROXY=${NO_PROXY:-} 234 | restart: always 235 | networks: 236 | - gitea 237 | volumes: 238 | - ./data/gitea:/data 239 | - /etc/timezone:/etc/timezone:ro 240 | - /etc/localtime:/etc/localtime:ro 241 | ports: 242 | - "3003:3000" 243 | - "222:22" 244 | depends_on: 245 | - core 246 | logging: 247 | driver: "json-file" 248 | options: 249 | max-file: "5" 250 | max-size: "1m" 251 | 252 | smb: 253 | image: intel/esp-smb 254 | restart: always 255 | environment: 256 | - http_proxy=${http_proxy:-} 257 | - https_proxy=${https_proxy:-} 258 | - ftp_proxy=${ftp_proxy:-} 259 | - no_proxy=${no_proxy:-} 260 | - HTTP_PROXY=${HTTP_PROXY:-} 261 | - HTTPS_PROXY=${HTTPS_PROXY:-} 262 | - FTP_PROXY=${FTP_PROXY:-} 263 | - NO_PROXY=${NO_PROXY:-} 264 | ports: 265 | - 445:445 266 | volumes: 267 | - ./data/usr/share/nginx/html/smb:/smbshare 268 | - ./template/smb/smb.conf:/etc/samba/smb.conf 269 | tty: true 270 | # network_mode: bridge 271 | depends_on: 272 | - core 273 | logging: 274 | driver: "json-file" 275 | options: 276 | max-file: "5" 277 | max-size: "1m" 278 | 279 | dyn-profile: 280 | image: intel/esp-dyn-profile 281 | ports: 282 | - 8580:8080 283 | depends_on: 284 | - web 285 | volumes: 286 | - ./conf:/conf:shared 287 | - ./data/dyn-profile:/data 288 | environment: 289 | - host_ip=${HOST_IP:-} 290 | - dyn_url=${DYN_URL:-} 291 | - dyn_url_user=${DYN_URL_USER:-} 292 | - dyn_url_token=${DYN_URL_TOKEN:-} 293 | - http_proxy=${http_proxy:-} 294 | - https_proxy=${https_proxy:-} 295 | - no_proxy=${no_proxy:-} 296 | - HTTP_PROXY=${HTTP_PROXY:-} 297 | - HTTPS_PROXY=${HTTPS_PROXY:-} 298 | - NO_PROXY=${NO_PROXY:-} 299 | 300 | logging-server: 301 | image: fluent/fluent-bit:2.1.4 302 | network_mode: host 303 | restart: always 304 | volumes: 305 | - ./data/etc:/fluent-bit/etc 306 | --------------------------------------------------------------------------------