Bootstrap process based on initial data

etc/90-genesis-dummy-config.yaml

@@ -0,0 +1,6 @@
+network:
+  version: 2
+  renderer: networkd
+  allmatch:
+    en*:
+      dhcp4: false

etc/90-genesis-net-config.yaml.j2

@@ -0,0 +1,21 @@
+network:
+  version: 2
+  renderer: networkd
+  ethernets:
+    if-eth0:
+      match:
+        macaddress: "{{ main_mac }}"
+      dhcp4: false
+      addresses:
+        - "{{ main_ip_with_mask }}"
+      routes:
+        - to: default
+          via: "{{ default_gw }}"
+      nameservers:
+        addresses: [1.1.1.1, 8.8.8.8, 8.8.4.4]
+    if-eth1:
+      match:
+        macaddress: "{{ boot_mac }}"
+      dhcp4: false
+      addresses:
+        - "{{ boot_ip_with_mask }}"

etc/dnsdist/dnsdist-private.conf → etc/dnsdist/dnsdist-private.conf.j2

@@ -1,7 +1,7 @@
 -- disable security status polling via DNS
 setSecurityPollSuffix("")
 
-setLocal("10.20.0.2:53")
+setLocal("{{ main_ip }}:53")
 
 --Private DNS
 newServer({address="127.0.0.1:5300", pool="privatedns", healthCheckMode="up"})

etc/genesis_core/genesis_core.conf → etc/genesis_core/genesis_core.conf.j2

@@ -29,15 +29,15 @@ bind_host = 0.0.0.0
 bind_port = 11012
 
 [boot_api]
-bind_host = 10.30.0.2
+bind_host = {{ boot_ip }}
 bind_port = 11013
-gc_boot_api = http://10.30.0.2:11013
-initrd = http://10.30.0.2:8080/bios/initrd.img
-kernel = http://10.30.0.2:8080/bios/vmlinuz
+gc_boot_api = http://{{ boot_ip }}:11013
+initrd = http://{{ boot_ip }}:8080/bios/initrd.img
+kernel = http://{{ boot_ip }}:8080/bios/vmlinuz
 
 
 [events]
-# enable = False
+enabled = False
 # client_type = async
 # event_type_mapping_filepath = event_type_mapping.yaml
 # genesis_notification_endpoint = http://127.0.0.1:8080/

etc/genesis_universal_agent/genesis_universal_agent.conf → etc/genesis_universal_agent/genesis_universal_agent.conf.j2

@@ -9,13 +9,22 @@ connection_pool_size = 2
 
 
 [universal_agent]
-orch_endpoint = http://localhost:11011
-status_endpoint = http://localhost:11012
-caps_drivers = RestCoreCapabilityDriver,PasswordCapabilityDriver,CoreDNSCertificateCapabilityDriver,LBAgentCapabilityDriver
+orch_secure_communication = False
+orch_endpoint = http://{{ boot_ip }}:11013
+status_endpoint = http://{{ boot_ip }}:11013
+caps_drivers =
+    RestCoreCapabilityDriver,
+    PasswordCapabilityDriver,
+    CoreDNSCertificateCapabilityDriver,
+    LBAgentCapabilityDriver
 
 
 [universal_agent_scheduler]
-capabilities = em_*,password,certificate,paas_lb_agent
+capabilities =
+    em_*,
+    password,
+    certificate,
+    paas_lb_agent
 
 
 [CoreDNSCertificateCapabilityDriver]

etc/systemd/resolved.conf.j2

@@ -0,0 +1,37 @@
+#  This file is part of systemd.
+#
+#  systemd is free software; you can redistribute it and/or modify it under the
+#  terms of the GNU Lesser General Public License as published by the Free
+#  Software Foundation; either version 2.1 of the License, or (at your option)
+#  any later version.
+#
+# Entries in this file show the compile time defaults. Local configuration
+# should be created by either modifying this file (or a copy of it placed in
+# /etc/ if the original file is shipped in /usr/), or by creating "drop-ins" in
+# the /etc/systemd/resolved.conf.d/ directory. The latter is generally
+# recommended. Defaults can be restored by simply deleting the main
+# configuration file and all drop-ins located in /etc/.
+#
+# Use 'systemd-analyze cat-config systemd/resolved.conf' to display the full config.
+#
+# See resolved.conf(5) for details.
+
+[Resolve]
+# Some examples of DNS servers which may be used for DNS= and FallbackDNS=:
+# Cloudflare: 1.1.1.1#cloudflare-dns.com 1.0.0.1#cloudflare-dns.com 2606:4700:4700::1111#cloudflare-dns.com 2606:4700:4700::1001#cloudflare-dns.com
+# Google:     8.8.8.8#dns.google 8.8.4.4#dns.google 2001:4860:4860::8888#dns.google 2001:4860:4860::8844#dns.google
+# Quad9:      9.9.9.9#dns.quad9.net 149.112.112.112#dns.quad9.net 2620:fe::fe#dns.quad9.net 2620:fe::9#dns.quad9.net
+#FallbackDNS=
+#Domains=
+#DNSSEC=no
+#DNSOverTLS=no
+#MulticastDNS=no
+#LLMNR=no
+#Cache=no-negative
+#CacheFromLocalhost=no
+#DNSStubListener=yes
+#DNSStubListenerExtra=
+#ReadEtcHosts=yes
+#ResolveUnicastSingleLabel=no
+#StaleRetentionSec=0
+DNS={{ main_ip }}

genesis/genesis.yaml

@@ -12,14 +12,10 @@ build:
         - .venv
         - .tox
         - .pytest_cache
+        - .ruff_cache
         - build
         - cover
-
-    # Network configuration
-    - dst: /etc/netplan/90-genesis-net-base-config.yaml
-      # Local path
-      path:
-        src: ../../genesis_core/etc/90-genesis-net-base-config.yaml
+        - output
 
     # Binary artifacts. Kernel, initrd, boot loaders.
     - dst: /opt/genesis_core/artifacts/undionly.kpxe
@@ -54,9 +50,10 @@ build:
   # List of elements in the project
   elements:
     # List of images in the element
-    - images:
+    - manifest: manifests/core.yaml.j2
+      images:
       - name: genesis-core
-        format: raw
+        format: qcow2
 
         # OS profile for the image
         profile: genesis_base
@@ -68,7 +65,6 @@ build:
         override:
           # For development purposes it's handy to have more space.
           disk_size: "10G"
-      # manifest: manifests/genesis-core.yaml
 
         envs:
           - ALLOW_USER_PASSWD

genesis/images/bootstrap.sh

@@ -139,10 +139,8 @@ EOF
             # Reload systemd units generated from fstab so the mount can work on first run.
             # Example output:
             #   [genesis-bootstrap] running: systemctl daemon-reload
-            if command -v systemctl >/dev/null 2>&1; then
-              log "running: systemctl daemon-reload"
-              systemctl daemon-reload || true
-            fi
+            log "running: systemctl daemon-reload"
+            systemctl daemon-reload || true
           else
             log "/etc/fstab already has the correct UUID entry for ${MOUNTPOINT}"
           fi
@@ -153,10 +151,8 @@ EOF
           # Reload systemd units generated from fstab so the mount can work on first run.
           # Example output:
           #   [genesis-bootstrap] running: systemctl daemon-reload
-          if command -v systemctl >/dev/null 2>&1; then
-            log "running: systemctl daemon-reload"
-            systemctl daemon-reload || true
-          fi
+          log "running: systemctl daemon-reload"
+          systemctl daemon-reload || true
         fi
       else
         log "could not determine UUID for ${PART_DEV}; skipping fstab update"
@@ -242,20 +238,29 @@ if host_mountpoint "/var/lib/genesis/data"; then
         if ! grep -qs "^[[:space:]]*data_directory[[:space:]]*=[[:space:]]*'${NEW_PGDATA}'" "${PG_CONF_FILE}"; then
           log "configuring PostgreSQL data_directory to ${NEW_PGDATA}"
 
-          if command -v systemctl >/dev/null 2>&1; then
-            systemctl stop postgresql || true
-          fi
-
+          systemctl stop postgresql || true
           mkdir -p "${NEW_PGDATA}"
           chown -R postgres:postgres "/var/lib/genesis/data/postgresql" || true
 
           if [[ -d "${OLD_PGDATA}" && ! -f "${NEW_PGDATA}/PG_VERSION" ]]; then
             log "copying PostgreSQL data directory to ${NEW_PGDATA}"
-            if command -v rsync >/dev/null 2>&1; then
-              rsync -aHAX --numeric-ids "${OLD_PGDATA}/" "${NEW_PGDATA}/"
-            else
-              cp -a "${OLD_PGDATA}/." "${NEW_PGDATA}/"
-            fi
+            MAX_RETRIES=5
+            RETRY_COUNT=0
+            while [[ ${RETRY_COUNT} -lt ${MAX_RETRIES} ]]; do
+              if rsync -aHAX --numeric-ids "${OLD_PGDATA}/" "${NEW_PGDATA}/"; then
+                log "rsync completed successfully"
+                break
+              else
+                RETRY_COUNT=$((RETRY_COUNT + 1))
+                if [[ ${RETRY_COUNT} -lt ${MAX_RETRIES} ]]; then
+                  log "rsync failed, retrying in 0.5s (attempt ${RETRY_COUNT}/${MAX_RETRIES})"
+                  sleep 0.5
+                else
+                  log "ERROR: rsync failed after ${MAX_RETRIES} attempts"
+                  exit 1
+                fi
+              fi
+            done
             chown -R postgres:postgres "${NEW_PGDATA}" || true
           else
             log "PostgreSQL data directory already present under ${NEW_PGDATA}; skipping copy"
@@ -267,17 +272,13 @@ if host_mountpoint "/var/lib/genesis/data"; then
             printf '%s\n' "data_directory = '${NEW_PGDATA}'" >> "${PG_CONF_FILE}"
           fi
 
-          if command -v systemctl >/dev/null 2>&1; then
-            systemctl daemon-reload || true
-            systemctl start postgresql || true
-          fi
+          systemctl daemon-reload || true
+          systemctl start postgresql || true
         else
           log "PostgreSQL is already configured to use ${NEW_PGDATA}"
         fi
 
-        if command -v systemctl >/dev/null 2>&1; then
-          systemctl start postgresql || true
-        fi
+        systemctl start postgresql || true
       else
         log "PostgreSQL config not found at ${PG_CONF_FILE}; skipping PostgreSQL relocation"
       fi
@@ -294,6 +295,32 @@ fi
 # Additional PostgreSQL configuration
 sudo -u postgres psql -c "ALTER SYSTEM SET io_method = 'io_uring';"
 
+# Mount CD-ROM if device is present.
+CDROM_DEV="$(lsblk -dn -o NAME,TYPE | awk '$2=="rom" {print "/dev/"$1; exit}')"
+CDROM_MOUNTPOINT="/mnt/cdrom"
+if [[ -n "${CDROM_DEV}" ]]; then
+  log "cd-rom device detected: ${CDROM_DEV}"
+  mkdir -p "${CDROM_MOUNTPOINT}"
+  if mountpoint -q "${CDROM_MOUNTPOINT}"; then
+    log "cd-rom is already mounted at ${CDROM_MOUNTPOINT}"
+  else
+    if mount -o ro "${CDROM_DEV}" "${CDROM_MOUNTPOINT}"; then
+      log "cd-rom mounted at ${CDROM_MOUNTPOINT}"
+    else
+      log "failed to mount cd-rom ${CDROM_DEV} at ${CDROM_MOUNTPOINT}"
+    fi
+  fi
+else
+  log "cd-rom device not detected"
+fi
+
+# Prepare templated configuration files and apply them
+sudo gc-bootstrap-templates
+sudo netplan apply
+sudo systemctl restart \
+  systemd-resolved.service \
+  dnsdist@private.service
+
 # Apply migrations
 source "$VENV_PATH/bin/activate"
 # TODO(akremenetsky): Database configuration parameters should be taken

genesis/images/install.sh

@@ -143,12 +143,9 @@ sudo systemctl enable nginx
 
 # Install genesis core
 sudo mkdir -p $GC_CFG_DIR
-sudo cp "$GC_PATH/etc/genesis_core/genesis_core.conf" $GC_CFG_DIR/
 sudo cp "$GC_PATH/etc/genesis_core/core_agent.conf" $GC_CFG_DIR/
 sudo cp "$GC_PATH/etc/genesis_core/logging.yaml" $GC_CFG_DIR/
 sudo cp "$GC_PATH/etc/genesis_core/event_type_mapping.yaml" $GC_CFG_DIR/
-sudo cp "$GC_PATH/genesis/manifests/core.yaml" $GC_CFG_DIR/
-sudo cp "$GC_PATH/genesis/images/startup_cfg.yaml" $GC_CFG_DIR/
 sudo cp "$GC_PATH/genesis/images/bootstrap.sh" $BOOTSTRAP_PATH/0100-gc-bootstrap.sh
 
 cd "$GC_PATH"
@@ -162,7 +159,7 @@ if [[ "$SDK_DEV_MODE" == "true" ]]; then
 fi
 
 # Configuration for universal agent
-sudo cp -r "$GC_PATH/etc/genesis_universal_agent" /etc/
+sudo cp "$GC_PATH/etc/genesis_universal_agent/logging.yaml" /etc/genesis_universal_agent/
 
 # Apply migrations
 # The migrations are applied in the bootstrap script as well.
@@ -182,13 +179,19 @@ fi
 
 deactivate
 
+# Misc config
+# Disable DHCP for the main interface, it will be configured in the bootstrap script
+sudo cp "$GC_PATH/etc/90-genesis-dummy-config.yaml" /etc/netplan/90-genesis-net-base-config.yaml
+
+
 # Create links to venv
 sudo ln -sf "$VENV_PATH/bin/gc-user-api" "/usr/bin/gc-user-api"
 sudo ln -sf "$VENV_PATH/bin/gc-boot-api" "/usr/bin/gc-boot-api"
 sudo ln -sf "$VENV_PATH/bin/gc-orch-api" "/usr/bin/gc-orch-api"
 sudo ln -sf "$VENV_PATH/bin/gc-status-api" "/usr/bin/gc-status-api"
 sudo ln -sf "$VENV_PATH/bin/gc-gservice" "/usr/bin/gc-gservice"
 sudo ln -sf "$VENV_PATH/bin/gc-bootstrap" "/usr/bin/gc-bootstrap"
+sudo ln -sf "$VENV_PATH/bin/gc-bootstrap-templates" "/usr/bin/gc-bootstrap-templates"
 sudo ln -sf "$VENV_PATH/bin/genesis-universal-agent" "/usr/bin/genesis-universal-agent"
 sudo ln -sf "$VENV_PATH/bin/genesis-universal-agent-db-back" "/usr/bin/genesis-universal-agent-db-back"
 sudo ln -sf "$VENV_PATH/bin/genesis-universal-scheduler" "/usr/bin/genesis-universal-scheduler"
@@ -217,19 +220,18 @@ sudo cp "$GC_PATH/etc/powerdns/genesis.conf" /etc/powerdns/pdns.d/genesis.conf
 sudo systemctl enable pdns
 
 #dnsdist
-sudo cp "$GC_PATH/etc/dnsdist/dnsdist-private.conf" /etc/dnsdist/dnsdist-private.conf
-sudo systemctl enable dnsdist@private
 
 # Optional, only for public resolving, for ex. ACME dns01 certs challenge
 sudo cp "$GC_PATH/etc/dnsdist/dnsdist-public.conf" /etc/dnsdist/dnsdist-public.conf
 sudo systemctl enable dnsdist@public
+sudo systemctl enable dnsdist@private
 
 # Set local IP where needed
 # LOCAL_IP=$(cat "$GC_PATH/genesis/images/startup_cfg.yaml" | yq '.startup_entities.core_ip' -r)
 # Use static IP for now
-LOCAL_IP="10.20.0.2"
-echo "DNS=${LOCAL_IP}" | sudo tee -a /etc/systemd/resolved.conf > /dev/null
-sudo sed -i 's/setLocal("10.20.0.2:53")/setLocal("'"${LOCAL_IP}"':53")/' /etc/dnsdist/dnsdist-private.conf
+# LOCAL_IP="10.20.0.2"
+# echo "DNS=${LOCAL_IP}" | sudo tee -a /etc/systemd/resolved.conf > /dev/null
+# sudo sed -i 's/setLocal("10.20.0.2:53")/setLocal("'"${LOCAL_IP}"':53")/' /etc/dnsdist/dnsdist-private.conf
 
 
 cat <<EOT | sudo tee /etc/motd
@@ -243,4 +245,14 @@ Welcome to Genesis Core virtual machine!
 All materials can be found here:
 https://github.com/infraguys
 
-EOT
+EOT
+
+PASSWD="${GEN_USER_PASSWD:-ubuntu}"
+
+# Set default password
+cat > /tmp/__passwd <<EOF
+ubuntu:$PASSWD
+EOF
+
+sudo chpasswd < /tmp/__passwd
+rm -f /tmp/__passwd