diff --git a/Cargo.lock b/Cargo.lock index b4ed0484de8..ccc92d0c567 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -47,6 +47,42 @@ dependencies = [ "settings-plugins", ] +[[package]] +name = "aws-ecs-3" +version = "0.1.0" +dependencies = [ + "settings-defaults", + "settings-migrations", + "settings-plugins", +] + +[[package]] +name = "aws-ecs-3-fips" +version = "0.1.0" +dependencies = [ + "settings-defaults", + "settings-migrations", + "settings-plugins", +] + +[[package]] +name = "aws-ecs-3-nvidia" +version = "0.1.0" +dependencies = [ + "settings-defaults", + "settings-migrations", + "settings-plugins", +] + +[[package]] +name = "aws-ecs-3-nvidia-fips" +version = "0.1.0" +dependencies = [ + "settings-defaults", + "settings-migrations", + "settings-plugins", +] + [[package]] name = "aws-k8s-1_28" version = "0.1.0" diff --git a/Cargo.toml b/Cargo.toml index 7bb825ef9f9..134f8151374 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -9,6 +9,10 @@ members = [ "variants/aws-ecs-2-fips", "variants/aws-ecs-2-nvidia", "variants/aws-ecs-2-nvidia-fips", + "variants/aws-ecs-3", + "variants/aws-ecs-3-fips", + "variants/aws-ecs-3-nvidia", + "variants/aws-ecs-3-nvidia-fips", "variants/aws-k8s-1.28", "variants/aws-k8s-1.28-fips", "variants/aws-k8s-1.29", diff --git a/README.md b/README.md index d28000bf7ef..2610dbda5b5 100644 --- a/README.md +++ b/README.md @@ -80,6 +80,9 @@ The following variants support ECS: * `aws-ecs-2` * `aws-ecs-2-nvidia` +* `aws-ecs-3` +* `aws-ecs-3-fips` +* `aws-ecs-3-nvidia` We also have variants that are designed to be Kubernetes worker nodes in VMware: diff --git a/packages/settings-defaults/settings-defaults.spec b/packages/settings-defaults/settings-defaults.spec index e9c7d42e494..3cd549766f7 100644 --- a/packages/settings-defaults/settings-defaults.spec +++ b/packages/settings-defaults/settings-defaults.spec @@ -55,6 +55,34 @@ Conflicts: %{_cross_os}settings-defaults(any) %description aws-ecs-2-nvidia %{summary}. +%package aws-ecs-3 +Summary: Settings defaults for the aws-ecs-3 FIPS and non-FIPS variants +Requires: (%{shrink: + %{_cross_os}variant(aws-ecs-3) or + %{_cross_os}variant(aws-ecs-3-fips) + %{nil}}) +Provides: %{_cross_os}settings-defaults(any) +Provides: %{_cross_os}settings-defaults(aws-ecs-3) +Provides: %{_cross_os}settings-defaults(aws-ecs-3-fips) +Conflicts: %{_cross_os}settings-defaults(any) + +%description aws-ecs-3 +%{summary}. + +%package aws-ecs-3-nvidia +Summary: Settings defaults for the aws-ecs-3-nvidia variant +Requires: (%{shrink: + %{_cross_os}variant(aws-ecs-3-nvidia) or + %{_cross_os}variant(aws-ecs-3-nvidia-fips) + %{nil}}) +Provides: %{_cross_os}settings-defaults(any) +Provides: %{_cross_os}settings-defaults(aws-ecs-3-nvidia) +Provides: %{_cross_os}settings-defaults(aws-ecs-3-nvidia-fips) +Conflicts: %{_cross_os}settings-defaults(any) + +%description aws-ecs-3-nvidia +%{summary}. + %package aws-k8s-1.31 Summary: Settings defaults for the aws-k8s 1.28 through 1.31 variants Requires: (%{shrink: @@ -277,6 +305,8 @@ for defaults in \ aws-dev \ aws-ecs-2 \ aws-ecs-2-nvidia \ + aws-ecs-3 \ + aws-ecs-3-nvidia \ aws-k8s-1.31 \ aws-k8s-1.31-nvidia \ aws-k8s-1.32 \ @@ -313,6 +343,8 @@ for defaults in \ aws-dev \ aws-ecs-2 \ aws-ecs-2-nvidia \ + aws-ecs-3 \ + aws-ecs-3-nvidia \ aws-k8s-1.31 \ aws-k8s-1.31-nvidia \ aws-k8s-1.32 \ @@ -352,6 +384,14 @@ done %{_cross_defaultsdir}/aws-ecs-2-nvidia.toml %{_cross_tmpfilesdir}/storewolf-defaults-aws-ecs-2-nvidia.conf +%files aws-ecs-3 +%{_cross_defaultsdir}/aws-ecs-3.toml +%{_cross_tmpfilesdir}/storewolf-defaults-aws-ecs-3.conf + +%files aws-ecs-3-nvidia +%{_cross_defaultsdir}/aws-ecs-3-nvidia.toml +%{_cross_tmpfilesdir}/storewolf-defaults-aws-ecs-3-nvidia.conf + %files aws-k8s-1.31 %{_cross_defaultsdir}/aws-k8s-1.31.toml %{_cross_tmpfilesdir}/storewolf-defaults-aws-k8s-1.31.conf diff --git a/packages/settings-plugins/settings-plugins.spec b/packages/settings-plugins/settings-plugins.spec index ee2a5f46583..754ccdd32d4 100644 --- a/packages/settings-plugins/settings-plugins.spec +++ b/packages/settings-plugins/settings-plugins.spec @@ -48,6 +48,24 @@ Conflicts: %{_cross_os}settings-plugin(any) %description aws-ecs-2 %{summary}. +%package aws-ecs-3 +Summary: Settings plugin for the aws-ecs-3 variant +Requires: (%{shrink: + %{_cross_os}variant(aws-ecs-3) or + %{_cross_os}variant(aws-ecs-3-fips) or + %{_cross_os}variant(aws-ecs-3-nvidia) or + %{_cross_os}variant(aws-ecs-3-nvidia-fips) + %{nil}}) +Provides: %{_cross_os}settings-plugin(any) +Provides: %{_cross_os}settings-plugin(aws-ecs-3) +Provides: %{_cross_os}settings-plugin(aws-ecs-3-nvidia) +Provides: %{_cross_os}settings-plugin(aws-ecs-3-nvidia-fips) +Provides: %{_cross_os}settings-plugin(aws-ecs-3-fips) +Conflicts: %{_cross_os}settings-plugin(any) + +%description aws-ecs-3 +%{summary}. + %package aws-k8s Summary: Settings plugin for the aws-k8s variants Requires: %{_cross_os}variant-family(aws-k8s) @@ -146,6 +164,7 @@ Conflicts: %{_cross_os}settings-plugin(any) %cargo_build --manifest-path %{_builddir}/sources/Cargo.toml \ -p settings-plugin-aws-dev \ -p settings-plugin-aws-ecs-2 \ + -p settings-plugin-aws-ecs-3 \ -p settings-plugin-aws-k8s \ -p settings-plugin-aws-k8s-nvidia \ -p settings-plugin-metal-dev \ @@ -161,6 +180,7 @@ install -d %{buildroot}%{_cross_tmpfilesdir} for plugin in \ aws-dev \ aws-ecs-2 \ + aws-ecs-3 \ aws-k8s-nvidia \ aws-k8s \ metal-dev \ @@ -194,6 +214,11 @@ done %{_cross_factorydir}%{_cross_sysconfdir}/ld.so.conf.d/aws-ecs-2.conf %{_cross_tmpfilesdir}/settings-plugin-aws-ecs-2.conf +%files aws-ecs-3 +%{_cross_pluginsdir}/aws-ecs-3/libsettings.so +%{_cross_factorydir}%{_cross_sysconfdir}/ld.so.conf.d/aws-ecs-3.conf +%{_cross_tmpfilesdir}/settings-plugin-aws-ecs-3.conf + %files aws-k8s %{_cross_pluginsdir}/aws-k8s/libsettings.so %{_cross_factorydir}%{_cross_sysconfdir}/ld.so.conf.d/aws-k8s.conf diff --git a/sources/Cargo.lock b/sources/Cargo.lock index 38bee1146a5..2421d091f25 100644 --- a/sources/Cargo.lock +++ b/sources/Cargo.lock @@ -1831,6 +1831,20 @@ dependencies = [ "bottlerocket-defaults-helper", ] +[[package]] +name = "settings-defaults-aws-ecs-3" +version = "0.1.0" +dependencies = [ + "bottlerocket-defaults-helper", +] + +[[package]] +name = "settings-defaults-aws-ecs-3-nvidia" +version = "0.1.0" +dependencies = [ + "bottlerocket-defaults-helper", +] + [[package]] name = "settings-defaults-aws-k8s-1_31" version = "0.1.0" @@ -2270,6 +2284,17 @@ dependencies = [ "serde_json", ] +[[package]] +name = "settings-plugin-aws-ecs-3" +version = "0.1.0" +dependencies = [ + "abi_stable", + "bottlerocket-settings-models", + "bottlerocket-settings-plugin", + "serde", + "serde_json", +] + [[package]] name = "settings-plugin-aws-k8s" version = "0.1.0" diff --git a/sources/Cargo.toml b/sources/Cargo.toml index be9e17363ef..837aee4f682 100644 --- a/sources/Cargo.toml +++ b/sources/Cargo.toml @@ -16,6 +16,8 @@ members = [ "settings-defaults/aws-dev", "settings-defaults/aws-ecs-2", "settings-defaults/aws-ecs-2-nvidia", + "settings-defaults/aws-ecs-3", + "settings-defaults/aws-ecs-3-nvidia", "settings-defaults/aws-k8s-1.31", "settings-defaults/aws-k8s-1.31-nvidia", "settings-defaults/aws-k8s-1.32", @@ -51,6 +53,7 @@ members = [ "settings-plugins/aws-dev", "settings-plugins/aws-ecs-2", + "settings-plugins/aws-ecs-3", "settings-plugins/aws-k8s", "settings-plugins/aws-k8s-nvidia", "settings-plugins/metal-dev", diff --git a/sources/settings-defaults/aws-ecs-3-nvidia/Cargo.toml b/sources/settings-defaults/aws-ecs-3-nvidia/Cargo.toml new file mode 100644 index 00000000000..fe6437f20e1 --- /dev/null +++ b/sources/settings-defaults/aws-ecs-3-nvidia/Cargo.toml @@ -0,0 +1,13 @@ +[package] +name = "settings-defaults-aws-ecs-3-nvidia" +version = "0.1.0" +edition = "2021" +license = "Apache-2.0 OR MIT" +publish = false +build = "../build-defaults.rs" + +[lib] +path = "../defaults-toml.rs" + +[build-dependencies] +bottlerocket-defaults-helper.workspace = true diff --git a/sources/settings-defaults/aws-ecs-3-nvidia/defaults.d/10-defaults.toml b/sources/settings-defaults/aws-ecs-3-nvidia/defaults.d/10-defaults.toml new file mode 120000 index 00000000000..a202ba61a4c --- /dev/null +++ b/sources/settings-defaults/aws-ecs-3-nvidia/defaults.d/10-defaults.toml @@ -0,0 +1 @@ +../../../shared-defaults/defaults.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-3-nvidia/defaults.d/15-aws-tuf.toml b/sources/settings-defaults/aws-ecs-3-nvidia/defaults.d/15-aws-tuf.toml new file mode 120000 index 00000000000..afcef6a617e --- /dev/null +++ b/sources/settings-defaults/aws-ecs-3-nvidia/defaults.d/15-aws-tuf.toml @@ -0,0 +1 @@ +../../../shared-defaults/aws-tuf.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-3-nvidia/defaults.d/20-aws-host-containers.toml b/sources/settings-defaults/aws-ecs-3-nvidia/defaults.d/20-aws-host-containers.toml new file mode 120000 index 00000000000..4d404d663cd --- /dev/null +++ b/sources/settings-defaults/aws-ecs-3-nvidia/defaults.d/20-aws-host-containers.toml @@ -0,0 +1 @@ +../../../shared-defaults/aws-host-containers.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-3-nvidia/defaults.d/21-aws-bootstrap-container.toml b/sources/settings-defaults/aws-ecs-3-nvidia/defaults.d/21-aws-bootstrap-container.toml new file mode 120000 index 00000000000..7709ecb2ebd --- /dev/null +++ b/sources/settings-defaults/aws-ecs-3-nvidia/defaults.d/21-aws-bootstrap-container.toml @@ -0,0 +1 @@ +../../../shared-defaults/aws-bootstrap-container.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-3-nvidia/defaults.d/25-cf-signal.toml b/sources/settings-defaults/aws-ecs-3-nvidia/defaults.d/25-cf-signal.toml new file mode 120000 index 00000000000..a33d541652c --- /dev/null +++ b/sources/settings-defaults/aws-ecs-3-nvidia/defaults.d/25-cf-signal.toml @@ -0,0 +1 @@ +../../../shared-defaults/cf-signal.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-3-nvidia/defaults.d/26-aws-autoscaling.toml b/sources/settings-defaults/aws-ecs-3-nvidia/defaults.d/26-aws-autoscaling.toml new file mode 120000 index 00000000000..b579c0182b6 --- /dev/null +++ b/sources/settings-defaults/aws-ecs-3-nvidia/defaults.d/26-aws-autoscaling.toml @@ -0,0 +1 @@ +../../../shared-defaults/aws-autoscaling.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-3-nvidia/defaults.d/30-metrics.toml b/sources/settings-defaults/aws-ecs-3-nvidia/defaults.d/30-metrics.toml new file mode 120000 index 00000000000..99f0b2b6980 --- /dev/null +++ b/sources/settings-defaults/aws-ecs-3-nvidia/defaults.d/30-metrics.toml @@ -0,0 +1 @@ +../../../shared-defaults/metrics.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-3-nvidia/defaults.d/31-send-metrics-aws.toml b/sources/settings-defaults/aws-ecs-3-nvidia/defaults.d/31-send-metrics-aws.toml new file mode 120000 index 00000000000..2fefefea751 --- /dev/null +++ b/sources/settings-defaults/aws-ecs-3-nvidia/defaults.d/31-send-metrics-aws.toml @@ -0,0 +1 @@ +../../../shared-defaults/send-metrics-aws.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-3-nvidia/defaults.d/40-aws-creds.toml b/sources/settings-defaults/aws-ecs-3-nvidia/defaults.d/40-aws-creds.toml new file mode 120000 index 00000000000..a6a17e88f54 --- /dev/null +++ b/sources/settings-defaults/aws-ecs-3-nvidia/defaults.d/40-aws-creds.toml @@ -0,0 +1 @@ +../../../shared-defaults/aws-creds.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-3-nvidia/defaults.d/51-docker-services.toml b/sources/settings-defaults/aws-ecs-3-nvidia/defaults.d/51-docker-services.toml new file mode 120000 index 00000000000..a8512f25961 --- /dev/null +++ b/sources/settings-defaults/aws-ecs-3-nvidia/defaults.d/51-docker-services.toml @@ -0,0 +1 @@ +../../../shared-defaults/docker-services.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-3-nvidia/defaults.d/52-aws-ecs-1.toml b/sources/settings-defaults/aws-ecs-3-nvidia/defaults.d/52-aws-ecs-1.toml new file mode 120000 index 00000000000..06ea554fe9f --- /dev/null +++ b/sources/settings-defaults/aws-ecs-3-nvidia/defaults.d/52-aws-ecs-1.toml @@ -0,0 +1 @@ +../../../shared-defaults/ecs.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-3-nvidia/defaults.d/53-docker-daemon.toml b/sources/settings-defaults/aws-ecs-3-nvidia/defaults.d/53-docker-daemon.toml new file mode 120000 index 00000000000..09b29470e5b --- /dev/null +++ b/sources/settings-defaults/aws-ecs-3-nvidia/defaults.d/53-docker-daemon.toml @@ -0,0 +1 @@ +../../../shared-defaults/docker-daemon-nvidia.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-3-nvidia/defaults.d/54-docker-pki.toml b/sources/settings-defaults/aws-ecs-3-nvidia/defaults.d/54-docker-pki.toml new file mode 120000 index 00000000000..203cd2a9a2f --- /dev/null +++ b/sources/settings-defaults/aws-ecs-3-nvidia/defaults.d/54-docker-pki.toml @@ -0,0 +1 @@ +../../../shared-defaults/docker-pki.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-3-nvidia/defaults.d/55-image-verification.toml b/sources/settings-defaults/aws-ecs-3-nvidia/defaults.d/55-image-verification.toml new file mode 120000 index 00000000000..b4d93f54799 --- /dev/null +++ b/sources/settings-defaults/aws-ecs-3-nvidia/defaults.d/55-image-verification.toml @@ -0,0 +1 @@ +../../../shared-defaults/image-verification.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-3-nvidia/defaults.d/60-lockdown-none.toml b/sources/settings-defaults/aws-ecs-3-nvidia/defaults.d/60-lockdown-none.toml new file mode 120000 index 00000000000..cced543330e --- /dev/null +++ b/sources/settings-defaults/aws-ecs-3-nvidia/defaults.d/60-lockdown-none.toml @@ -0,0 +1 @@ +../../../shared-defaults/lockdown-none.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-3-nvidia/defaults.d/70-oci-hooks.toml b/sources/settings-defaults/aws-ecs-3-nvidia/defaults.d/70-oci-hooks.toml new file mode 120000 index 00000000000..e7b73c620dd --- /dev/null +++ b/sources/settings-defaults/aws-ecs-3-nvidia/defaults.d/70-oci-hooks.toml @@ -0,0 +1 @@ +../../../shared-defaults/oci-hooks.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-3-nvidia/defaults.d/75-oci-defaults-docker.toml b/sources/settings-defaults/aws-ecs-3-nvidia/defaults.d/75-oci-defaults-docker.toml new file mode 120000 index 00000000000..deb7cd4f616 --- /dev/null +++ b/sources/settings-defaults/aws-ecs-3-nvidia/defaults.d/75-oci-defaults-docker.toml @@ -0,0 +1 @@ +../../../shared-defaults/oci-defaults-docker.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-3-nvidia/defaults.d/76-oci-defaults-capabilities.toml b/sources/settings-defaults/aws-ecs-3-nvidia/defaults.d/76-oci-defaults-capabilities.toml new file mode 120000 index 00000000000..100c2874090 --- /dev/null +++ b/sources/settings-defaults/aws-ecs-3-nvidia/defaults.d/76-oci-defaults-capabilities.toml @@ -0,0 +1 @@ +../../../shared-defaults/oci-defaults-capabilities.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-3-nvidia/defaults.d/77-oci-defaults-docker-resource-limits.toml b/sources/settings-defaults/aws-ecs-3-nvidia/defaults.d/77-oci-defaults-docker-resource-limits.toml new file mode 120000 index 00000000000..24b077b8362 --- /dev/null +++ b/sources/settings-defaults/aws-ecs-3-nvidia/defaults.d/77-oci-defaults-docker-resource-limits.toml @@ -0,0 +1 @@ +../../../shared-defaults/oci-defaults-docker-resource-limits.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-3-nvidia/defaults.d/80-boot.toml b/sources/settings-defaults/aws-ecs-3-nvidia/defaults.d/80-boot.toml new file mode 120000 index 00000000000..7778447459a --- /dev/null +++ b/sources/settings-defaults/aws-ecs-3-nvidia/defaults.d/80-boot.toml @@ -0,0 +1 @@ +../../../shared-defaults/boot.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-3/Cargo.toml b/sources/settings-defaults/aws-ecs-3/Cargo.toml new file mode 100644 index 00000000000..69d71316ab0 --- /dev/null +++ b/sources/settings-defaults/aws-ecs-3/Cargo.toml @@ -0,0 +1,13 @@ +[package] +name = "settings-defaults-aws-ecs-3" +version = "0.1.0" +edition = "2021" +license = "Apache-2.0 OR MIT" +publish = false +build = "../build-defaults.rs" + +[lib] +path = "../defaults-toml.rs" + +[build-dependencies] +bottlerocket-defaults-helper.workspace = true diff --git a/sources/settings-defaults/aws-ecs-3/defaults.d/10-defaults.toml b/sources/settings-defaults/aws-ecs-3/defaults.d/10-defaults.toml new file mode 120000 index 00000000000..a202ba61a4c --- /dev/null +++ b/sources/settings-defaults/aws-ecs-3/defaults.d/10-defaults.toml @@ -0,0 +1 @@ +../../../shared-defaults/defaults.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-3/defaults.d/15-aws-tuf.toml b/sources/settings-defaults/aws-ecs-3/defaults.d/15-aws-tuf.toml new file mode 120000 index 00000000000..afcef6a617e --- /dev/null +++ b/sources/settings-defaults/aws-ecs-3/defaults.d/15-aws-tuf.toml @@ -0,0 +1 @@ +../../../shared-defaults/aws-tuf.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-3/defaults.d/20-aws-host-containers.toml b/sources/settings-defaults/aws-ecs-3/defaults.d/20-aws-host-containers.toml new file mode 120000 index 00000000000..4d404d663cd --- /dev/null +++ b/sources/settings-defaults/aws-ecs-3/defaults.d/20-aws-host-containers.toml @@ -0,0 +1 @@ +../../../shared-defaults/aws-host-containers.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-3/defaults.d/21-aws-bootstrap-container.toml b/sources/settings-defaults/aws-ecs-3/defaults.d/21-aws-bootstrap-container.toml new file mode 120000 index 00000000000..7709ecb2ebd --- /dev/null +++ b/sources/settings-defaults/aws-ecs-3/defaults.d/21-aws-bootstrap-container.toml @@ -0,0 +1 @@ +../../../shared-defaults/aws-bootstrap-container.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-3/defaults.d/25-cf-signal.toml b/sources/settings-defaults/aws-ecs-3/defaults.d/25-cf-signal.toml new file mode 120000 index 00000000000..a33d541652c --- /dev/null +++ b/sources/settings-defaults/aws-ecs-3/defaults.d/25-cf-signal.toml @@ -0,0 +1 @@ +../../../shared-defaults/cf-signal.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-3/defaults.d/26-aws-autoscaling.toml b/sources/settings-defaults/aws-ecs-3/defaults.d/26-aws-autoscaling.toml new file mode 120000 index 00000000000..b579c0182b6 --- /dev/null +++ b/sources/settings-defaults/aws-ecs-3/defaults.d/26-aws-autoscaling.toml @@ -0,0 +1 @@ +../../../shared-defaults/aws-autoscaling.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-3/defaults.d/30-metrics.toml b/sources/settings-defaults/aws-ecs-3/defaults.d/30-metrics.toml new file mode 120000 index 00000000000..99f0b2b6980 --- /dev/null +++ b/sources/settings-defaults/aws-ecs-3/defaults.d/30-metrics.toml @@ -0,0 +1 @@ +../../../shared-defaults/metrics.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-3/defaults.d/31-send-metrics-aws.toml b/sources/settings-defaults/aws-ecs-3/defaults.d/31-send-metrics-aws.toml new file mode 120000 index 00000000000..2fefefea751 --- /dev/null +++ b/sources/settings-defaults/aws-ecs-3/defaults.d/31-send-metrics-aws.toml @@ -0,0 +1 @@ +../../../shared-defaults/send-metrics-aws.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-3/defaults.d/40-aws-creds.toml b/sources/settings-defaults/aws-ecs-3/defaults.d/40-aws-creds.toml new file mode 120000 index 00000000000..a6a17e88f54 --- /dev/null +++ b/sources/settings-defaults/aws-ecs-3/defaults.d/40-aws-creds.toml @@ -0,0 +1 @@ +../../../shared-defaults/aws-creds.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-3/defaults.d/51-docker-services.toml b/sources/settings-defaults/aws-ecs-3/defaults.d/51-docker-services.toml new file mode 120000 index 00000000000..a8512f25961 --- /dev/null +++ b/sources/settings-defaults/aws-ecs-3/defaults.d/51-docker-services.toml @@ -0,0 +1 @@ +../../../shared-defaults/docker-services.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-3/defaults.d/52-aws-ecs-1.toml b/sources/settings-defaults/aws-ecs-3/defaults.d/52-aws-ecs-1.toml new file mode 120000 index 00000000000..06ea554fe9f --- /dev/null +++ b/sources/settings-defaults/aws-ecs-3/defaults.d/52-aws-ecs-1.toml @@ -0,0 +1 @@ +../../../shared-defaults/ecs.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-3/defaults.d/53-docker-pki.toml b/sources/settings-defaults/aws-ecs-3/defaults.d/53-docker-pki.toml new file mode 120000 index 00000000000..203cd2a9a2f --- /dev/null +++ b/sources/settings-defaults/aws-ecs-3/defaults.d/53-docker-pki.toml @@ -0,0 +1 @@ +../../../shared-defaults/docker-pki.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-3/defaults.d/55-image-verification.toml b/sources/settings-defaults/aws-ecs-3/defaults.d/55-image-verification.toml new file mode 120000 index 00000000000..b4d93f54799 --- /dev/null +++ b/sources/settings-defaults/aws-ecs-3/defaults.d/55-image-verification.toml @@ -0,0 +1 @@ +../../../shared-defaults/image-verification.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-3/defaults.d/60-lockdown-integrity.toml b/sources/settings-defaults/aws-ecs-3/defaults.d/60-lockdown-integrity.toml new file mode 120000 index 00000000000..8b4de873a39 --- /dev/null +++ b/sources/settings-defaults/aws-ecs-3/defaults.d/60-lockdown-integrity.toml @@ -0,0 +1 @@ +../../../shared-defaults/lockdown-integrity.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-3/defaults.d/70-oci-hooks.toml b/sources/settings-defaults/aws-ecs-3/defaults.d/70-oci-hooks.toml new file mode 120000 index 00000000000..e7b73c620dd --- /dev/null +++ b/sources/settings-defaults/aws-ecs-3/defaults.d/70-oci-hooks.toml @@ -0,0 +1 @@ +../../../shared-defaults/oci-hooks.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-3/defaults.d/75-oci-defaults-docker.toml b/sources/settings-defaults/aws-ecs-3/defaults.d/75-oci-defaults-docker.toml new file mode 120000 index 00000000000..deb7cd4f616 --- /dev/null +++ b/sources/settings-defaults/aws-ecs-3/defaults.d/75-oci-defaults-docker.toml @@ -0,0 +1 @@ +../../../shared-defaults/oci-defaults-docker.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-3/defaults.d/76-oci-defaults-capabilities.toml b/sources/settings-defaults/aws-ecs-3/defaults.d/76-oci-defaults-capabilities.toml new file mode 120000 index 00000000000..100c2874090 --- /dev/null +++ b/sources/settings-defaults/aws-ecs-3/defaults.d/76-oci-defaults-capabilities.toml @@ -0,0 +1 @@ +../../../shared-defaults/oci-defaults-capabilities.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-3/defaults.d/77-oci-defaults-docker-resource-limits.toml b/sources/settings-defaults/aws-ecs-3/defaults.d/77-oci-defaults-docker-resource-limits.toml new file mode 120000 index 00000000000..24b077b8362 --- /dev/null +++ b/sources/settings-defaults/aws-ecs-3/defaults.d/77-oci-defaults-docker-resource-limits.toml @@ -0,0 +1 @@ +../../../shared-defaults/oci-defaults-docker-resource-limits.toml \ No newline at end of file diff --git a/sources/settings-defaults/aws-ecs-3/defaults.d/80-boot.toml b/sources/settings-defaults/aws-ecs-3/defaults.d/80-boot.toml new file mode 120000 index 00000000000..7778447459a --- /dev/null +++ b/sources/settings-defaults/aws-ecs-3/defaults.d/80-boot.toml @@ -0,0 +1 @@ +../../../shared-defaults/boot.toml \ No newline at end of file diff --git a/sources/settings-plugins/aws-ecs-3/Cargo.toml b/sources/settings-plugins/aws-ecs-3/Cargo.toml new file mode 100644 index 00000000000..be81d515970 --- /dev/null +++ b/sources/settings-plugins/aws-ecs-3/Cargo.toml @@ -0,0 +1,19 @@ +[package] +name = "settings-plugin-aws-ecs-3" +version = "0.1.0" +edition = "2021" +license = "Apache-2.0 OR MIT" +publish = false + +[lib] +crate-type = ["cdylib"] +name = "settings_aws_ecs_3" + +[dependencies] +abi_stable.workspace = true +serde.workspace = true +serde_json.workspace = true + +# settings plugins +bottlerocket-settings-models.workspace = true +bottlerocket-settings-plugin.workspace = true diff --git a/sources/settings-plugins/aws-ecs-3/src/lib.rs b/sources/settings-plugins/aws-ecs-3/src/lib.rs new file mode 100644 index 00000000000..46369c12d26 --- /dev/null +++ b/sources/settings-plugins/aws-ecs-3/src/lib.rs @@ -0,0 +1,27 @@ +use bottlerocket_settings_models::model_derive::model; +use bottlerocket_settings_plugin::SettingsPlugin; + +#[derive(SettingsPlugin)] +#[model(rename = "settings", impl_default = true)] +struct AwsEcs3Settings { + motd: bottlerocket_settings_models::MotdV1, + updates: bottlerocket_settings_models::UpdatesSettingsV1, + host_containers: bottlerocket_settings_models::HostContainersSettingsV1, + bootstrap_commands: bottlerocket_settings_models::BootstrapCommandsSettingsV1, + bootstrap_containers: bottlerocket_settings_models::BootstrapContainersSettingsV1, + ntp: bottlerocket_settings_models::NtpSettingsV1, + network: bottlerocket_settings_models::NetworkSettingsV1, + kernel: bottlerocket_settings_models::KernelSettingsV1, + boot: bottlerocket_settings_models::BootSettingsV1, + aws: bottlerocket_settings_models::AwsSettingsV1, + ecs: bottlerocket_settings_models::ECSSettingsV1, + metrics: bottlerocket_settings_models::MetricsSettingsV1, + pki: bottlerocket_settings_models::PkiSettingsV1, + container_registry: bottlerocket_settings_models::RegistrySettingsV1, + oci_defaults: bottlerocket_settings_models::OciDefaultsV1, + oci_hooks: bottlerocket_settings_models::OciHooksSettingsV1, + cloudformation: bottlerocket_settings_models::CloudFormationSettingsV1, + autoscaling: bottlerocket_settings_models::AutoScalingSettingsV1, + dns: bottlerocket_settings_models::DnsSettingsV1, + image_verifier_plugins: bottlerocket_settings_models::ImageVerifierPluginsSettingsV1, +} diff --git a/sources/shared-defaults/image-verification.toml b/sources/shared-defaults/image-verification.toml new file mode 100644 index 00000000000..b03153fe737 --- /dev/null +++ b/sources/shared-defaults/image-verification.toml @@ -0,0 +1,25 @@ +# Container runtime - image verification + +[services.image-verification] +configuration-files = [ + "containerd-image-verifiers-toml", + "notation-trust-policy-json", +] + +# Reload if we disable image verification / update the trustpolicy +restart-commands = [] + +[metadata.settings.image-verifier-plugins] +affected-services = ["image-verification"] + +# Reload the containerd configuration drop-in +[metadata.settings.image-verifier-plugins.enabled] +affected-services = ["containerd", "image-verification"] + +[configuration-files.containerd-image-verifiers-toml] +path = "/etc/containerd/config.d/002-image-verification-plugins.toml" +template-path = "/usr/share/templates/containerd-image-verifiers-toml" + +[configuration-files.notation-trust-policy-json] +path = "/etc/notation/trustpolicy.json" +template-path = "/usr/share/templates/notation-trust-policy-json" diff --git a/variants/README.md b/variants/README.md index f9e0184cc49..2744fa3cf54 100644 --- a/variants/README.md +++ b/variants/README.md @@ -205,6 +205,29 @@ The [aws-ecs-2-nvidia-fips](aws-ecs-2-nvidia-fips/Cargo.toml) variant includes t container instance in AWS. It also includes the required packages to configure containers to leverage NVIDIA GPUs and is FIPS-enabled. +### aws-ecs-3: Amazon ECS container instance + +The [aws-ecs-3](aws-ecs-3/Cargo.toml) variant includes the packages needed to run an [Amazon ECS](https://ecs.aws) +container instance in AWS. + +### aws-ecs-3-fips: Amazon ECS container instance with FIPS + +The [aws-ecs-3-fips](aws-ecs-3-fips/Cargo.toml) variant includes the packages needed to run an [Amazon ECS](https://ecs.aws) +container instance in AWS. +It also is FIPS-enabled. + +### aws-ecs-3-nvidia: Amazon ECS container instance with NVIDIA + +The [aws-ecs-3-nvidia](aws-ecs-3-nvidia/Cargo.toml) variant includes the packages needed to run an [Amazon ECS](https://ecs.aws) +container instance in AWS. +It also includes the required packages to configure containers to leverage NVIDIA GPUs. + +### aws-ecs-3-nvidia-fips: Amazon ECS container instance with NVIDIA and FIPS + +The [aws-ecs-3-nvidia-fips](aws-ecs-3-nvidia-fips/Cargo.toml) variant includes the packages needed to run an [Amazon ECS](https://ecs.aws) +container instance in AWS. +It also includes the required packages to configure containers to leverage NVIDIA GPUs and is FIPS-enabled. + ### aws-dev: AWS development build The [aws-dev](aws-dev/Cargo.toml) variant has useful packages for local development of the OS. diff --git a/variants/aws-ecs-3-fips/Cargo.toml b/variants/aws-ecs-3-fips/Cargo.toml new file mode 100644 index 00000000000..a57900ec0f9 --- /dev/null +++ b/variants/aws-ecs-3-fips/Cargo.toml @@ -0,0 +1,52 @@ +[package] +name = "aws-ecs-3-fips" +version = "0.1.0" +edition = "2021" +publish = false +build = "../build.rs" +# Don't rebuild crate just because of changes to README. +exclude = ["README.md"] + +[package.metadata.build-variant.image-features] +grub-set-private-var = true +uefi-secure-boot = true +xfs-data-partition = true +systemd-networkd = true +erofs-root-partition = true +external-kmod-development = false +encrypted-storage = true +fips = true + +[package.metadata.build-variant] +included-packages = [ +# core + "release", + "kernel-6.12", + "containerd-2.1", + "systemd-257", + "nftables", + "whippet", +# docker + "docker-cli-29", + "docker-engine-29", + "docker-init", +# ecs + "ecs-agent-config", + "aws-signer-notation-plugin", + "notation-image-verifier", +] +kernel-parameters = [ + "console=tty0", + "console=ttyS0,115200n8", + "net.ifnames=0", + "netdog.default-interface=eth0:dhcp4,dhcp6?", + "quiet", +] + +[lib] +path = "../variants.rs" + +[build-dependencies] +settings-defaults = { path = "../../packages/settings-defaults" } +settings-plugins = { path = "../../packages/settings-plugins" } +settings-migrations = { path = "../../packages/settings-migrations" } diff --git a/variants/aws-ecs-3-fips/amispec.toml b/variants/aws-ecs-3-fips/amispec.toml new file mode 100644 index 00000000000..023761c93e5 --- /dev/null +++ b/variants/aws-ecs-3-fips/amispec.toml @@ -0,0 +1,11 @@ +description = "This variant is in preview. It contains the newly released Docker v29.0.0 along with features related to image verification and encrypted storage." + +# https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-options.html +imds-support = "v2.0" + +# Override the pubsys "gp2" default +[block-device-mappings."/dev/xvda".ebs] +volume-type = "gp3" + +[block-device-mappings."/dev/xvdb".ebs] +volume-type = "gp3" diff --git a/variants/aws-ecs-3-nvidia-fips/Cargo.toml b/variants/aws-ecs-3-nvidia-fips/Cargo.toml new file mode 100644 index 00000000000..3ac0a435233 --- /dev/null +++ b/variants/aws-ecs-3-nvidia-fips/Cargo.toml @@ -0,0 +1,58 @@ +[package] +name = "aws-ecs-3-nvidia-fips" +version = "0.1.0" +edition = "2021" +publish = false +build = "../build.rs" + +[package.metadata.build-variant.image-features] +grub-set-private-var = true +uefi-secure-boot = true +xfs-data-partition = true +systemd-networkd = true +erofs-root-partition = true +external-kmod-development = false +encrypted-storage = true +fips = true + +[package.metadata.build-variant.image-layout] +os-image-size-gib = 4 + +[package.metadata.build-variant] +included-packages = [ +# core + "release", + "kernel-6.12", + "containerd-2.1", + "systemd-257", + "nftables", + "whippet", +# docker + "docker-cli-29", + "docker-engine-29", + "docker-init", +# ecs + "ecs-agent-nvidia-config", + "aws-signer-notation-plugin", + "notation-image-verifier", +# NVIDIA support + "ecs-gpu-init", + "nvidia-container-toolkit-ecs", + "kmod-6.12-nvidia-r580-tesla", +] + +kernel-parameters = [ + "console=tty0", + "console=ttyS0,115200n8", + "net.ifnames=0", + "netdog.default-interface=eth0:dhcp4,dhcp6?", + "quiet", +] + +[lib] +path = "../variants.rs" + +[build-dependencies] +settings-defaults = { path = "../../packages/settings-defaults" } +settings-plugins = { path = "../../packages/settings-plugins" } +settings-migrations = { path = "../../packages/settings-migrations" } diff --git a/variants/aws-ecs-3-nvidia-fips/amispec.toml b/variants/aws-ecs-3-nvidia-fips/amispec.toml new file mode 100644 index 00000000000..023761c93e5 --- /dev/null +++ b/variants/aws-ecs-3-nvidia-fips/amispec.toml @@ -0,0 +1,11 @@ +description = "This variant is in preview. It contains the newly released Docker v29.0.0 along with features related to image verification and encrypted storage." + +# https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-options.html +imds-support = "v2.0" + +# Override the pubsys "gp2" default +[block-device-mappings."/dev/xvda".ebs] +volume-type = "gp3" + +[block-device-mappings."/dev/xvdb".ebs] +volume-type = "gp3" diff --git a/variants/aws-ecs-3-nvidia/Cargo.toml b/variants/aws-ecs-3-nvidia/Cargo.toml new file mode 100644 index 00000000000..ebca03ef989 --- /dev/null +++ b/variants/aws-ecs-3-nvidia/Cargo.toml @@ -0,0 +1,57 @@ +[package] +name = "aws-ecs-3-nvidia" +version = "0.1.0" +edition = "2021" +publish = false +build = "../build.rs" + +[package.metadata.build-variant.image-features] +grub-set-private-var = true +uefi-secure-boot = true +xfs-data-partition = true +systemd-networkd = true +erofs-root-partition = true +external-kmod-development = false +encrypted-storage = true + +[package.metadata.build-variant.image-layout] +os-image-size-gib = 4 + +[package.metadata.build-variant] +included-packages = [ +# core + "release", + "kernel-6.12", + "containerd-2.1", + "systemd-257", + "nftables", + "whippet", +# docker + "docker-cli-29", + "docker-engine-29", + "docker-init", +# ecs + "ecs-agent-nvidia-config", + "aws-signer-notation-plugin", + "notation-image-verifier", +# NVIDIA support + "ecs-gpu-init", + "nvidia-container-toolkit-ecs", + "kmod-6.12-nvidia-r580-tesla", +] + +kernel-parameters = [ + "console=tty0", + "console=ttyS0,115200n8", + "net.ifnames=0", + "netdog.default-interface=eth0:dhcp4,dhcp6?", + "quiet", +] + +[lib] +path = "../variants.rs" + +[build-dependencies] +settings-defaults = { path = "../../packages/settings-defaults" } +settings-plugins = { path = "../../packages/settings-plugins" } +settings-migrations = { path = "../../packages/settings-migrations" } diff --git a/variants/aws-ecs-3-nvidia/amispec.toml b/variants/aws-ecs-3-nvidia/amispec.toml new file mode 100644 index 00000000000..023761c93e5 --- /dev/null +++ b/variants/aws-ecs-3-nvidia/amispec.toml @@ -0,0 +1,11 @@ +description = "This variant is in preview. It contains the newly released Docker v29.0.0 along with features related to image verification and encrypted storage." + +# https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-options.html +imds-support = "v2.0" + +# Override the pubsys "gp2" default +[block-device-mappings."/dev/xvda".ebs] +volume-type = "gp3" + +[block-device-mappings."/dev/xvdb".ebs] +volume-type = "gp3" diff --git a/variants/aws-ecs-3/Cargo.toml b/variants/aws-ecs-3/Cargo.toml new file mode 100644 index 00000000000..970ac339fcf --- /dev/null +++ b/variants/aws-ecs-3/Cargo.toml @@ -0,0 +1,51 @@ +[package] +name = "aws-ecs-3" +version = "0.1.0" +edition = "2021" +publish = false +build = "../build.rs" +# Don't rebuild crate just because of changes to README. +exclude = ["README.md"] + +[package.metadata.build-variant.image-features] +grub-set-private-var = true +uefi-secure-boot = true +xfs-data-partition = true +systemd-networkd = true +erofs-root-partition = true +external-kmod-development = false +encrypted-storage = true + +[package.metadata.build-variant] +included-packages = [ +# core + "release", + "kernel-6.12", + "containerd-2.1", + "systemd-257", + "nftables", + "whippet", +# docker + "docker-cli-29", + "docker-engine-29", + "docker-init", +# ecs + "ecs-agent-config", + "aws-signer-notation-plugin", + "notation-image-verifier", +] +kernel-parameters = [ + "console=tty0", + "console=ttyS0,115200n8", + "net.ifnames=0", + "netdog.default-interface=eth0:dhcp4,dhcp6?", + "quiet", +] + +[lib] +path = "../variants.rs" + +[build-dependencies] +settings-defaults = { path = "../../packages/settings-defaults" } +settings-plugins = { path = "../../packages/settings-plugins" } +settings-migrations = { path = "../../packages/settings-migrations" } diff --git a/variants/aws-ecs-3/amispec.toml b/variants/aws-ecs-3/amispec.toml new file mode 100644 index 00000000000..023761c93e5 --- /dev/null +++ b/variants/aws-ecs-3/amispec.toml @@ -0,0 +1,11 @@ +description = "This variant is in preview. It contains the newly released Docker v29.0.0 along with features related to image verification and encrypted storage." + +# https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-options.html +imds-support = "v2.0" + +# Override the pubsys "gp2" default +[block-device-mappings."/dev/xvda".ebs] +volume-type = "gp3" + +[block-device-mappings."/dev/xvdb".ebs] +volume-type = "gp3"