diff --git a/.github/workflows/check-circular-deps.yml b/.github/workflows/check-circular-deps.yml index d1aa1c2bb3..d995eb6995 100644 --- a/.github/workflows/check-circular-deps.yml +++ b/.github/workflows/check-circular-deps.yml @@ -11,6 +11,8 @@ on: - .github/workflows/check-circular-deps.yml - '**.spec' +permissions: read-all + jobs: spec-check: name: Circular dependency check @@ -20,6 +22,8 @@ jobs: # Checkout the branch of our repo that triggered this action - name: Workflow trigger checkout uses: actions/checkout@v4 + with: + persist-credentials: false - name: Check for circular dependencies run: | diff --git a/.github/workflows/check-entangled-specs.yml b/.github/workflows/check-entangled-specs.yml index d9d130a658..1ce335df7c 100644 --- a/.github/workflows/check-entangled-specs.yml +++ b/.github/workflows/check-entangled-specs.yml @@ -20,7 +20,9 @@ jobs: # Checkout the branch of our repo that triggered this action - name: Workflow trigger checkout uses: actions/checkout@v4 - + with: + persist-credentials: false + # For consistency, we use the same major/minor version of Python that Azure Linux ships - name: Setup Python 3.12 uses: actions/setup-python@v5 diff --git a/.github/workflows/check-license-map.yml b/.github/workflows/check-license-map.yml index abe0ee677a..3c77d5769e 100644 --- a/.github/workflows/check-license-map.yml +++ b/.github/workflows/check-license-map.yml @@ -24,7 +24,9 @@ jobs: # Checkout the branch of our repo that triggered this action - name: Workflow trigger checkout uses: actions/checkout@v4 - + with: + persist-credentials: false + - name: Setup Python 3.12 uses: actions/setup-python@v5 with: diff --git a/.github/workflows/check-manifests.yml b/.github/workflows/check-manifests.yml index 5c40bab380..77b0398f32 100644 --- a/.github/workflows/check-manifests.yml +++ b/.github/workflows/check-manifests.yml @@ -22,6 +22,8 @@ jobs: steps: - name: Check out code uses: actions/checkout@v4 + with: + persist-credentials: false # This PR runner uses an older Ubuntu with rpm version 4.17, which doesn't understand some newer macros like %bcond - name: Define missing rpm macros diff --git a/.github/workflows/check-package-cgmanifest.yml b/.github/workflows/check-package-cgmanifest.yml index 2c89c989ea..0922498f56 100644 --- a/.github/workflows/check-package-cgmanifest.yml +++ b/.github/workflows/check-package-cgmanifest.yml @@ -22,6 +22,8 @@ jobs: steps: - name: Check out code uses: actions/checkout@v4 + with: + persist-credentials: false # This PR runner uses an older Ubuntu with rpm version 4.17, which doesn't understand some newer macros like %bcond - name: Define missing rpm macros @@ -33,9 +35,12 @@ jobs: - name: Get base commit for PRs if: ${{ github.event_name == 'pull_request' }} run: | - git fetch origin ${{ github.base_ref }} - echo "base_sha=$(git rev-parse origin/${{ github.base_ref }})" >> "$GITHUB_ENV" - echo "Merging ${{ github.sha }} into ${{ github.base_ref }}" + base_ref="${BASE_REF}" + git fetch origin $base_ref + echo "base_sha=$(git rev-parse origin/$base_ref)" >> "$GITHUB_ENV" + echo "Merging ${{ github.sha }} into $base_ref" + env: + BASE_REF: ${{ github.base_ref }} - name: Get base commit for Pushes if: ${{ github.event_name == 'push' }} diff --git a/.github/workflows/check-source-signatures.yml b/.github/workflows/check-source-signatures.yml index 8f6cce3181..efd86fc9e8 100644 --- a/.github/workflows/check-source-signatures.yml +++ b/.github/workflows/check-source-signatures.yml @@ -11,6 +11,8 @@ on: - .github/workflows/check-source-signatures.yml - '**.spec' +permissions: read-all + jobs: spec-check: name: Source Signature Check @@ -24,6 +26,7 @@ jobs: - name: Workflow trigger checkout uses: actions/checkout@v4 with: + persist-credentials: false fetch-depth: 0 # For consistency, we use the same major/minor version of Python that Azure Linux ships @@ -38,8 +41,11 @@ jobs: - name: Get base commit for PRs if: ${{ github.event_name == 'pull_request' }} run: | - echo "base_sha=$(git rev-parse origin/${{ github.base_ref }})" >> "$GITHUB_ENV" - echo "Merging ${{ github.sha }} into ${{ github.base_ref }}" + base_ref="${BASE_REF}" + echo "base_sha=$(git rev-parse origin/$base_ref)" >> "$GITHUB_ENV" + echo "Merging ${{ github.sha }} into $base_ref" + env: + BASE_REF: ${{ github.base_ref }} - name: Get base commit for Pushes if: ${{ github.event_name == 'push' }} diff --git a/.github/workflows/check-spec.yml b/.github/workflows/check-spec.yml index b95017005a..4df7f16dc8 100644 --- a/.github/workflows/check-spec.yml +++ b/.github/workflows/check-spec.yml @@ -24,6 +24,7 @@ jobs: uses: actions/checkout@v4 with: fetch-depth: 0 + persist-credentials: false # For consistency, we use the same major/minor version of Python that Azure Linux ships - name: Setup Python 3.12 @@ -37,8 +38,11 @@ jobs: - name: Get base commit for PRs if: ${{ github.event_name == 'pull_request' }} run: | - echo "base_sha=$(git rev-parse origin/${{ github.base_ref }})" >> "$GITHUB_ENV" - echo "Merging ${{ github.sha }} into ${{ github.base_ref }}" + base_ref="${BASE_REF}" + echo "base_sha=$(git rev-parse origin/$base_ref)" >> "$GITHUB_ENV" + echo "Merging ${{ github.sha }} into $base_ref" + env: + BASE_REF: ${{ github.base_ref }} - name: Get base commit for Pushes if: ${{ github.event_name == 'push' }} @@ -63,6 +67,7 @@ jobs: with: ref: '3.0' path: '3.0-checkout' + persist-credentials: false - name: Verify .spec files if: ${{ env.updated-specs != '' }} diff --git a/.github/workflows/check-static-glibc.yml b/.github/workflows/check-static-glibc.yml index ad033bc7c3..709f956f7c 100644 --- a/.github/workflows/check-static-glibc.yml +++ b/.github/workflows/check-static-glibc.yml @@ -22,6 +22,8 @@ jobs: # Checkout the branch of our repo that triggered this action - name: Workflow trigger checkout uses: actions/checkout@v4 + with: + persist-credentials: false # For consistency, we use the same major/minor version of Python that Azure Linux ships - name: Setup Python 3.12 diff --git a/.github/workflows/go-test-coverage.yml b/.github/workflows/go-test-coverage.yml index 3e0f61e6db..e7645372d7 100644 --- a/.github/workflows/go-test-coverage.yml +++ b/.github/workflows/go-test-coverage.yml @@ -33,6 +33,8 @@ jobs: - name: Check out code into the Go module directory uses: actions/checkout@v4 + with: + persist-credentials: false - name: Check go.mod run: | diff --git a/.github/workflows/lint-specs.yml b/.github/workflows/lint-specs.yml index e93fb5be41..47dea50cbf 100644 --- a/.github/workflows/lint-specs.yml +++ b/.github/workflows/lint-specs.yml @@ -24,13 +24,17 @@ jobs: uses: actions/checkout@v4 with: fetch-depth: 0 + persist-credentials: false - name: Get base commit for PRs if: ${{ github.event_name == 'pull_request' }} run: | - echo "base_sha=$(git rev-parse origin/${{ github.base_ref }})" >> "$GITHUB_ENV" - echo "Merging ${{ github.sha }} into ${{ github.base_ref }}" - + base_ref="${BASE_REF}" + echo "base_sha=$(git rev-parse origin/$base_ref)" >> "$GITHUB_ENV" + echo "Merging ${{ github.sha }} into $base_ref" + env: + BASE_REF: ${{ github.base_ref }} + - name: Get base commit for Pushes if: ${{ github.event_name == 'push' }} run: | @@ -50,6 +54,7 @@ jobs: with: ref: '3.0' path: '3.0-checkout' + persist-credentials: false # Our linter is based on the spec-cleaner tool from the folks at openSUSE # We apply a patch to modify it for our needs @@ -59,6 +64,7 @@ jobs: repository: 'rpm-software-management/spec-cleaner' ref: 'spec-cleaner-1.2.0' path: 'spec-cleaner' + persist-credentials: false # For consistency, we use the same major/minor version of Python that Azure Linux ships - name: Setup Python 3.12 diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 8cf75ec04e..fdb8bf5a63 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -16,6 +16,8 @@ on: - "**.spec" - "**.patch" +permissions: read-all + jobs: lint: name: Lint Workflows and Code @@ -32,6 +34,8 @@ jobs: uses: actions/checkout@v4 with: fetch-depth: 0 + persist-credentials: false + - name: Lint uses: github/super-linter/slim@v7 env: diff --git a/.github/workflows/merge-conflict-check.yml b/.github/workflows/merge-conflict-check.yml index 26334f09f5..ffe173c40f 100644 --- a/.github/workflows/merge-conflict-check.yml +++ b/.github/workflows/merge-conflict-check.yml @@ -7,6 +7,8 @@ on: pull_request: branches: [main, 3.0*] +permissions: read-all + jobs: spec-check: name: Github Merge Conflict Check @@ -16,13 +18,18 @@ jobs: # Checkout the branch of our repo that triggered this action - name: Workflow trigger checkout uses: actions/checkout@v4 + with: + persist-credentials: false - name: Get base commit for PRs if: ${{ github.event_name == 'pull_request' }} run: | - git fetch origin ${{ github.base_ref }} - echo "base_sha=$(git rev-parse origin/${{ github.base_ref }})" >> $GITHUB_ENV - echo "Merging ${{ github.sha }} into ${{ github.base_ref }}" + base_ref="${BASE_REF}" + git fetch origin $base_ref + echo "base_sha=$(git rev-parse origin/$base_ref)" >> $GITHUB_ENV + echo "Merging ${{ github.sha }} into $base_ref" + env: + BASE_REF: ${{ github.base_ref }} - name: Get base commit for Pushes if: ${{ github.event_name == 'push' }} diff --git a/.github/workflows/publish-docs.yml b/.github/workflows/publish-docs.yml index 46330247c0..a7d565477e 100644 --- a/.github/workflows/publish-docs.yml +++ b/.github/workflows/publish-docs.yml @@ -12,15 +12,19 @@ on: - microvisor-toolkit permissions: - contents: read + contents: read # needed for actions/checkout + pull-requests: read # needed for gh pr list + issues: write # needed to post PR comment jobs: build_microvisor-toolkit: if: ${{ (github.event.inputs.target == 'microvisor-toolkit') || (github.event.inputs.target == 'all-documentation') }} - uses: open-edge-platform/orch-ci/.github/workflows/publish-documentation.yml@2fc4c75be6b7f308dd95bdf5a822e466437734ac + uses: open-edge-platform/orch-ci/.github/workflows/publish-documentation.yml@734970a73e3d6e8d7cd160e2cad6366770f52403 secrets: SYS_ORCH_GITHUB: ${{ secrets.SYS_ORCH_GITHUB }} DOC_AWS_ACCESS_KEY_ID: ${{ secrets.DOC_AWS_ACCESS_KEY_ID }} DOC_AWS_SECRET_ACCESS_KEY: ${{ secrets.DOC_AWS_SECRET_ACCESS_KEY }} with: - docs_directory: docs + docs_directory: '.' + branch_pattern: '^3\.0.*$' + diff --git a/README.md b/README.md index 938e76c808..46067f2be6 100644 --- a/README.md +++ b/README.md @@ -16,8 +16,8 @@ The currently published versions are: * Edge Microvisor Toolkit (immutable) * Edge Microvisor Toolkit with real time extensions (immutable) -* Edge Microvisor Toolkit Standalone (immutable) -* Edge Microvisor Toolkit Developer (mutable) +* Edge Microvisor Toolkit Standalone (immutable) ([Download link](https://edgesoftwarecatalog.intel.com/details/?microserviceType=recipeµserviceNameForUrl=edge-microvisor-toolkit-standalone-node)) +* Edge Microvisor Toolkit Developer (mutable) ([Download link](https://edgesoftwarecatalog.intel.com/details/?microserviceType=recipeµserviceNameForUrl=edge--microvisor-toolkit-development-node)) The Edge Microvisor Toolkit has undergone extensive validation across all Intel platforms such as Xeon®, Intel® Core Ultra™, Intel Core™ and Intel® Atom®. It diff --git a/SPECS/moby-engine/docker.socket b/SPECS/moby-engine/docker.socket index 330a1772bc..ebf32bf08f 100644 --- a/SPECS/moby-engine/docker.socket +++ b/SPECS/moby-engine/docker.socket @@ -3,7 +3,7 @@ Description=Docker Socket for the API PartOf=docker.service [Socket] -ListenStream=/var/run/docker.sock +ListenStream=/run/docker.sock SocketMode=0660 SocketUser=root SocketGroup=docker diff --git a/SPECS/moby-engine/moby-engine.signatures.json b/SPECS/moby-engine/moby-engine.signatures.json index dcca0b84dd..9e44db9af8 100644 --- a/SPECS/moby-engine/moby-engine.signatures.json +++ b/SPECS/moby-engine/moby-engine.signatures.json @@ -1,7 +1,7 @@ { "Signatures": { "docker.service": "b150b3ce0947a65c655ed09dfe4e48b7464c60542f9f9902330288bbf87af38e", - "docker.socket": "51a06786cae46bc63b7314c25d0bd5bb2e676120d80874b99e35bf60d0b0ffa8", + "docker.socket": "cc1b8bd06696541caa64ec96694f1b7aacae8394286125463ead25fb4286b37d", "moby-engine-25.0.3.tar.gz": "4cdb516f5d6f5caf8b3bcf93c2962277ba727cfd2d1620176a3bb0cf153b3590" } } diff --git a/SPECS/moby-engine/moby-engine.spec b/SPECS/moby-engine/moby-engine.spec index c644c33e0b..adacc21068 100644 --- a/SPECS/moby-engine/moby-engine.spec +++ b/SPECS/moby-engine/moby-engine.spec @@ -3,7 +3,7 @@ Summary: The open-source application container engine Name: moby-engine Version: 25.0.3 -Release: 11%{?dist} +Release: 12%{?dist} License: ASL 2.0 Group: Tools/Container URL: https://mobyproject.org @@ -87,6 +87,11 @@ GIT_COMMIT=%{commit_hash} DOCKER_GITCOMMIT=${GIT_COMMIT:0:7} DOCKER_BUILDTAGS='seccomp' hack/make.sh dynbinary %install +# Create runtime/config directories +mkdir -p %{buildroot}/var/lib/docker +mkdir -p %{buildroot}/var/log/docker +mkdir -p %{buildroot}%{_sysconfdir}/docker + mkdir -p %{buildroot}%{_bindir} install -p -m 755 ./bundles/dynbinary-daemon/dockerd %{buildroot}%{_bindir}/dockerd @@ -105,6 +110,9 @@ if ! grep -q "^docker:" /etc/group; then groupadd --system docker fi +%{_bindir}/systemctl enable docker +%{_bindir}/systemctl start docker + %preun %systemd_preun docker.service @@ -117,8 +125,14 @@ fi %{_libexecdir}/docker-proxy %{_sysconfdir}/* %{_unitdir}/* +/var/lib/docker +/var/log/docker +%dir %{_sysconfdir}/docker %changelog +* Fri May 2 2025 Mah Yock Gen - 25.0.3-12 +- Enable Docker service to start during system initialization + * Fri Mar 21 2025 Anuj Mittal - 25.0.3-11 - Bump Release to rebuild diff --git a/docs/developer-guide/get-started/sb-howto.md b/docs/developer-guide/get-started/sb-howto.md index 0f40e97a99..652f6704ab 100644 --- a/docs/developer-guide/get-started/sb-howto.md +++ b/docs/developer-guide/get-started/sb-howto.md @@ -125,10 +125,15 @@ export KEY=KeyInDB cd ~ ``` Make sure your rpm %_topdir is ~/rpmbuild; if not you should edit your ~/.rpmmacros to include: + ```bash mkdir -p ~/rpmbuild/{BUILD,RPMS,SOURCES,SPECS,SRPMS} %_topdir %(echo $HOME)/rpmbuild ``` +If file ~/.rpmmacros does not exist in home directory, create one: +```bash +vi ~/.rpmmacros +``` ### Step 2: Rebuild the shim-unsigned Package @@ -143,14 +148,14 @@ certutil -d /etc/pki/pesign -L -n KeyInShim -r > ~/key-in-shim.der ```bash base_url=$(grep -E '^\s*baseurl' /etc/yum.repos.d/*.repo | awk -F= '{print $2}' | sed 's/^[ \t]*//') -shim_unsigned_package=$(tdnf repoquery --source shim-unsigned-x64 | tail -1) -wget $base_url/SRPMS/$shim_unsigned_package.rpm +shim_unsigned_package=$(tdnf repoquery --source shim-unsigned-x64 | tail -1 | sed 's/\.src$//') +wget $base_url/SRPMS/$shim_unsigned_package.src.rpm -rpm -i shim-unsigned-x64-*.src.rpm +rpm -i $shim_unsigned_package.src.rpm cd ~/rpmbuild cp ~/key-in-shim.der SOURCES/azurelinux-ca-20230216.der rpmbuild -bb SPECS/shim-unsigned-x64.spec -sudo tdnf install RPMS/x86_64/shim-unsigned-x64-*.x86_64.rpm +sudo tdnf install RPMS/x86_64/$shim_unsigned_package.x86_64.rpm ``` ```bash cd ~ @@ -163,10 +168,10 @@ cd ~ ```bash base_url=$(grep -E '^\s*baseurl' /etc/yum.repos.d/*.repo | awk -F= '{print $2}' | sed 's/^[ \t]*//') -shim_package=$(tdnf repoquery --source shim | grep -v "unsigned" | tail -1) -wget $base_url/SRPMS/$shim_package.rpm +shim_package=$(tdnf repoquery --source shim | grep -v "unsigned" | tail -1 | sed 's/\.src$//') +wget $base_url/SRPMS/$shim_package.src.rpm -rpm -i $shim_package.rpm +rpm -i $shim_package.src.rpm ``` **Sign the binaries**: @@ -186,12 +191,12 @@ rpmbuild -bb SPECS/shim.spec Install the new package and reboot with secure boot disabled: ```bash -sudo tdnf install RPMS/x86_64/$shim_package.rpm +sudo tdnf install RPMS/x86_64/$shim_package.x86_64.rpm ``` -Ensure that the `$shim_package.rpm` package is installed properly. If you encounter any messages, such as "Nothing to do", you can attempt to reinstall the package. +Ensure that the `$shim_package.x86_64.rpm` package is installed properly. If you encounter any messages, such as "Nothing to do", you can attempt to reinstall the package. ```bash -sudo tdnf reinstall --allowerasing RPMS/x86_64/$shim_package.rpm +sudo tdnf reinstall --allowerasing RPMS/x86_64/$shim_package.x86_64.rpm ``` ```bash @@ -213,7 +218,7 @@ sudo sh -c 'cp /boot/vmlinuz-* .' ```bash sudo pesign -s -i grubx64.efi -o /boot/efi/EFI/BOOT/grubx64.efi -c KeyInShim --force -udo sh -c 'pesign -s -i vmlinuz-* -o /boot/vmlinuz-* -c KeyInShim --force' +sudo sh -c 'pesign -s -i vmlinuz-* -o /boot/vmlinuz-* -c KeyInShim --force' ``` ### Step 6: Enroll KeyInDB into UEFI DB diff --git a/docs/user-guide/Overview.md b/docs/user-guide/Overview.md index 2826de0cbf..c670b3c34f 100644 --- a/docs/user-guide/Overview.md +++ b/docs/user-guide/Overview.md @@ -1,85 +1,91 @@ --- orphan: true --- -# Overview - -The Edge Microvisor Toolkit Developer is a package that contains mutable Edge Microvisor Toolkit in an `ISO` installer format. Edge Microvisor Toolkit is a streamlined container operating system that showcases the Intel® silicon optimizations. Built on Azure Linux, it features a Linux Kernel maintained by -Intel, incorporating all the latest kernel and user patches. - -The Edge Microvisor Toolkit Developer has undergone extensive validation across -all Intel® platforms such as Intel® Xeon®, Intel® Core™ Ultra, Intel® Core™ and Intel® Atom®. -The Edge Microvisor Toolkit Developer Node enables users to quickly deploy -and run their solutions for multiple scenarios like benchmarking and validation -of Edge AI computing workloads. The Edge Microvisor Toolkit Developer is -available to download from the Open-source repository. - -The Edge Microvisor Toolkit Developer supports Native applications and VM based applications out of the box. Users can customize their Edge Node using the -provided `dnf` package manager to install container runtimes and Docker tools. -This allows users to run Docker containers. - -The Edge Microvisor Toolkit Developer is Fully open-Source and royalty free. - -## Get started - -### System requirements - -Edge Microvisor Toolkit Developer is designed to support all Intel® platforms -with the latest Intel® kernel to ensure all features are exposed and available -for application and workloads. The microvisor has been validated on the -following platforms. +# Edge Microvisor Toolkit Developer Node + +The Edge Microvisor Toolkit Development Node is a developer version of the Edge +Microvisor Toolkit which is a container host operating system, that comes with +and an ISO installer. + +## Overview + +The Edge Microvisor Toolkit Development Node is a software package that contains +mutable Edge Microvisor Toolkit in an ISO installer format. Edge Microvisor +Toolkit is a streamlined container operating system that showcases the Intel +silicon optimizations. Built on Azure Linux, it features a Linux Kernel +maintained by Intel, incorporating all the latest kernel and user patches. The +Edge Microvisor Toolkit Development Node has undergone extensive validation +across all Intel platforms such as Xeon®, Intel® Core Ultra™, Intel Core™ and +Intel® Atom®. The Edge Microvisor Toolkit Development Node allows users to +quickly deploy and run their solutions for multiple scenarios like benchmarking +and validation of Edge AI computing workloads. This software package is +available to download as buildable source code from the Open-source repository +or as binary. + +The Edge Microvisor Toolkit Development Node supports Native applications and VM +based applications out of the box. Users can customize their Edge Node using the +provided dnf package manager to install container runtimes and Docker tools. +The Edge Microvisor Toolkit Development Node is fully open-Source and royalty +free. + +## How It Works + +Edge Microvisor Toolkit Development Node is designed to support all Intel® +platforms with the latest Intel® kernel to ensure all features are exposed and +available for application and workloads. The microvisor has been validated on +the following platforms. | Atom | Core | Xeon | | ----------------------| ----------------------------- | -------------- | -| Intel Atom® X Series | 12th Gen Intel® Core™ | 4th Gen Intel® Xeon® SP | +| Intel® Atom® X Series | 12th Gen Intel® Core™ | 4th Gen Intel® Xeon® SP | | | 13th Gen Intel® Core™ | 3rd Gen Intel® Xeon® SP | | | Intel® Core™ Ultra (Series 1) | | The following outlines the recommended hardware configuration to run Edge Microvisor Toolkit Developer. -| Component | Edge Microvisor Toolkit Developer | +| Component | Edge Microvisor Toolkit Development Node | |--------------|----------------------------| -| CPU | Intel Atom®, Intel® Core™, or Intel® Xeon® | +| CPU | Intel® Atom, Core, or Xeon | | RAM | 2GB minimum | | Storage | 32GB SSD/NVMe or eMMC | | Networking | 1GbE Ethernet or Wi-Fi | ### Installation Instructions -You can download the Edge Microvisor Toolkit Developer from [Edge Software Catalog](https://edgesoftwarecatalog.intel.com/) - -> TODO: Add step by step guide to download the ISO image from ESC with screenshots +You can download the Edge Microvisor Toolkit Developer Node [here](https://files-rs.edgeorchestration.intel.com/files-edge-orch/microvisor/iso/EdgeMicrovisorToolkit-3.0.iso) -## Secure by Design +### Secure by Design - Package based updates with 'dnf'. - Support for Secure Boot (optional) and TPM support for hardware-verified integrity. - Support for Full Disc Encryption (optional) -## Optimized for Intel® Architecture +### Optimized for Intel® Architecture - Pre-tuned drivers and acceleration libraries for Intel® CPUs and GPUs. - Enables Intel® silicon ahead of Operating System vendors (OSVs), unlocking features that may not be accepted upstream. - Intel® Linux* Kernel 6.12 with optimized security settings -## Flexible and Modular Deployment +### Flexible and Modular Deployment - Supports bare metal, VM-based, and containerized deployments. - Supports Kubernetes*, Docker*, and OCI-compliant runtimes. -## Open Source and Extensible +### Open Source and Extensible - Fully open-source and royalty-free. - Actively integrates OxM platform features and third-party vendor hardware. -## Getting help +### Getting help -If you encounter bugs, have feature requests, or need assistance, file a GitHub Issue. Before submitting a new report, check the existing issues to see if a +If you encounter bugs, have feature requests, or need assistance, file a GitHub +Issue. Before submitting a new report, check the existing issues to see if a similar one has not been filed already. If no matching issue is found, feel free to file the issue as described in the contribution guide. -## License Information +### License Information Edge Microvisor Toolkit Developer is based on [Azure Linux](https://github.com/microsoft/azurelinux), sharing its permissive open-source license: [MIT](https://github.com/microsoft/azurelinux/blob/3.0/LICENSE). diff --git a/toolkit/imageconfigs/additionalconfigs/layout.env b/toolkit/imageconfigs/additionalconfigs/layout.env index 84089bd257..f9ad369079 100644 --- a/toolkit/imageconfigs/additionalconfigs/layout.env +++ b/toolkit/imageconfigs/additionalconfigs/layout.env @@ -43,6 +43,12 @@ PERSISTENT_BIND_PATHS+=" # platform-update-agent package PERSISTENT_BIND_PATHS+=" /var/edge-node/pua" +# docker +PERSISTENT_BIND_PATHS+=" + /var/lib/docker + /var/log/docker + /etc/docker + /usr/lib/systemd/system/docker.service" export PERSISTENT_BIND_PATHS export PERSISTENT_BIND_TARGET="/opt/.mount/persistence" diff --git a/toolkit/imageconfigs/edge-image-dev.json b/toolkit/imageconfigs/edge-image-dev.json index b8990a20af..e62d920959 100644 --- a/toolkit/imageconfigs/edge-image-dev.json +++ b/toolkit/imageconfigs/edge-image-dev.json @@ -2,7 +2,7 @@ "Disks": [ { "PartitionTableType": "gpt", - "MaxSize": 2048, + "MaxSize": 2248, "Artifacts": [ { "Name": "edge-readonly-dev", @@ -30,14 +30,14 @@ "Name": "rootfs", "ID": "rootfs", "Start": 300, - "End": 1536, + "End": 1736, "FsType": "ext4", "Type": "linux-root-amd64" }, { "Name": "edge_persistent", "ID": "opt", - "Start": 1536, + "Start": 1736, "End": 0, "FsType": "ext4" } @@ -74,7 +74,8 @@ "packagelists/selinux-full.json", "packagelists/intel-gpu-base.json", "packagelists/intel-wireless.json", - "packagelists/os-ab-update.json" + "packagelists/os-ab-update.json", + "packagelists/docker.json" ], "AdditionalFiles": { "additionalconfigs/layout.env": "/etc/layout.env", diff --git a/toolkit/imageconfigs/edge-image-rt-dev.json b/toolkit/imageconfigs/edge-image-rt-dev.json index 95387cc3fd..1ce7cdcc28 100644 --- a/toolkit/imageconfigs/edge-image-rt-dev.json +++ b/toolkit/imageconfigs/edge-image-rt-dev.json @@ -2,7 +2,7 @@ "Disks": [ { "PartitionTableType": "gpt", - "MaxSize": 2048, + "MaxSize": 3072, "Artifacts": [ { "Name": "edge-readonly-rt-dev", @@ -22,22 +22,22 @@ "boot" ], "Start": 1, - "End": 300, + "End": 512, "FsType": "fat32", "Type": "esp" }, { "Name": "rootfs", "ID": "rootfs", - "Start": 300, - "End": 1536, + "Start": 512, + "End": 2048, "FsType": "ext4", "Type": "linux-root-amd64" }, { "Name": "edge_persistent", "ID": "opt", - "Start": 1536, + "Start": 2048, "End": 0, "FsType": "ext4" } @@ -74,7 +74,8 @@ "packagelists/selinux-full.json", "packagelists/intel-gpu-base-rt.json", "packagelists/intel-wireless.json", - "packagelists/os-ab-update.json" + "packagelists/os-ab-update.json", + "packagelists/docker.json" ], "AdditionalFiles": { "additionalconfigs/layout.env": "/etc/layout.env", diff --git a/toolkit/imageconfigs/edge-image-rt.json b/toolkit/imageconfigs/edge-image-rt.json index a7cc503308..d05b6f4b07 100644 --- a/toolkit/imageconfigs/edge-image-rt.json +++ b/toolkit/imageconfigs/edge-image-rt.json @@ -2,7 +2,7 @@ "Disks": [ { "PartitionTableType": "gpt", - "MaxSize": 2048, + "MaxSize": 2248, "Artifacts": [ { "Name": "edge-readonly-rt", @@ -30,14 +30,14 @@ "Name": "rootfs", "ID": "rootfs", "Start": 300, - "End": 1536, + "End": 1736, "FsType": "ext4", "Type": "linux-root-amd64" }, { "Name": "edge_persistent", "ID": "opt", - "Start": 1536, + "Start": 1736, "End": 0, "FsType": "ext4" } @@ -74,7 +74,8 @@ "packagelists/selinux-full.json", "packagelists/intel-gpu-base-rt.json", "packagelists/intel-wireless.json", - "packagelists/os-ab-update.json" + "packagelists/os-ab-update.json", + "packagelists/docker.json" ], "AdditionalFiles": { "additionalconfigs/layout.env": "/etc/layout.env", diff --git a/toolkit/imageconfigs/edge-image.json b/toolkit/imageconfigs/edge-image.json index 4c3de086c4..8ecb3016b9 100644 --- a/toolkit/imageconfigs/edge-image.json +++ b/toolkit/imageconfigs/edge-image.json @@ -2,7 +2,7 @@ "Disks": [ { "PartitionTableType": "gpt", - "MaxSize": 2048, + "MaxSize": 2248, "Artifacts": [ { "Name": "edge-readonly", @@ -30,14 +30,14 @@ "Name": "rootfs", "ID": "rootfs", "Start": 300, - "End": 1536, + "End": 1736, "FsType": "ext4", "Type": "linux-root-amd64" }, { "Name": "edge_persistent", "ID": "opt", - "Start": 1536, + "Start": 1736, "End": 0, "FsType": "ext4" } @@ -74,7 +74,8 @@ "packagelists/selinux-full.json", "packagelists/intel-gpu-base.json", "packagelists/intel-wireless.json", - "packagelists/os-ab-update.json" + "packagelists/os-ab-update.json", + "packagelists/docker.json" ], "AdditionalFiles": { "additionalconfigs/layout.env": "/etc/layout.env", diff --git a/toolkit/imageconfigs/packagelists/docker.json b/toolkit/imageconfigs/packagelists/docker.json new file mode 100644 index 0000000000..0383f45da2 --- /dev/null +++ b/toolkit/imageconfigs/packagelists/docker.json @@ -0,0 +1,7 @@ +{ + "packages": [ + "moby-engine", + "docker-cli", + "docker-compose" + ] +}