orphan: true

Edge Microvisor Bootkit#

Edge Microvisor Bootkit is a custom, minimal build of Edge Microvisor Toolkit. It is intended for use in the workflows of Edge Manageability Framework and Edge Microvisor Toolkit Standalone Node. Bootkit has been introduced to replace previously used HookOS in builds. It runs in RAM memory and installs the Edge Microvisor Toolkit operating system.

Building the Bootkit image#

Edge Microvisor Bootkit is built from the same baseline as other microvisor OS images and is generated as a set of initramfs and vmlinuz image files. The characteristics of the resulting image are defined in edge-image-bootkit.json configuration file. The OS includes base OS packages, as well as Bootkit specific packages.

Before you can build the image, make sure you have installed prerequisites and built the toolchain. To build the Bootkit OS image, run the following command:

sudo make image -j8 REBUILD_TOOLS=y REBUILD_PACKAGES=n CONFIG_FILE=./imageconfigs/edge-image-bootkit.json

The build results in a compressed emt-bootkit.tar.gz file.

The initramfs and vmlinuz images are required to run entirely in RAM memory, so first they need to be extracted from the generated tar file. It can be done by running the generate-bootkit-initramfs.sh bash script. See the usage example:

sudo toolkit/imageconfigs/scripts/generate-bootkit-initramfs.sh \
  -f <emt-bootkit.tar.gz> -o <output_images_dir>

  • The <emt-bootkit.tar.gz> is the output “rootfs.tar.gz” file generated by the Bootkit OS build.

  • The <output_images_dir> is the folder where output vmlinuz/initramfs files will be placed.

Then, the “rootfs.tar.gz” file is added into the extracted initramfs image, which in turn is extracted to tmpfs by the 90tmpfsroot dracut module. The dracut module decompresses the tar file to tmpfs to run as root during boot stage of initramfs.

To boot with the vmlinuz and initramfs images, the following additional kernel parameters are required:

root=tmpfs rootflags=mode=0755 rd.skipfsck noresume modules-load=nbd

The generated initramfs and vmlinuz images can be used for implementing required customizations in Edge Manageability Framework or Edge Microvisor Toolkit Standalone Node builds.

Integration with Edge Manageability Framework and Edge Microvisor Toolkit Standalone Node#

The primary components in Edge Microvisor Bootkit, that is device-discovery, tink-worker are required for provisioning of Edge Manageability Framework (orchestrator) and are built as RPMs (from open source) and included in an output emt-bootkit.tar.gz image file by standard image build process of Edge Microvisor Toolkit (microvisor).

The output image file can then be transformed into initramfs and vmlinuz images required to boot as a transitionary OS during provisioning workflows of Edge Manageability Framework and Standalone Node. Then, the generated initramfs and vmlinuz images are used in Edge Manageability Framework and Standalone Node image build processes, where specific customizations for an edge node are also included. In result, the final signed images are generated and can be used in provisioning of the orchestrator (Edge Manageability Framework) and the microvisor (Edge Microvisor Toolkit Standalone Node).

See the diagram for more details:

build-workflow

Edge Manageability Framework (orchestrator) Specific Builds#

Orchestrator Build with HookOS (previous workflow)#

In the 3.0 release, in the build workflow of Edge Manageability Framework (orchestrator), to generate customized initramfs and vmlinuz images, the following were implemented directly into the HookOS image:

Generated customized HookOS initramfs and vmlinuz images were then downloaded to an edge node over PXE boot. HookOS pulled tink-worker container image after booting to start the Tinkerbell workflow. In case of HookOS, tink-worker was a container which ran other containers in a docker-in-docker scenario.

Orchestrator Build with Bootkit (new workflow)#

When using Edge Microvisor Bootkit in the build workflow, the following RPM packages are run as native systemd services in the Edge Microvisor Toolkit OS:

  • Caddy and Fluent Bit are existing RPM packages which are included in Bootkit OS.

  • Device discovery agent

    • from Edge Infrastructure Manager of the Edge Manageability Framework is built as an RPM package to run as systemd service and is included in the OS image.

  • Tinkerbell tink-worker

    • patched to directly run containers via containerd only, without dependency on docker and avoiding a docker-in-docker use case.

Bootkit provides vmlinuz and initramfs images for use in installer builds of Edge Manageability Framework (orchestrator) and Edge Microvisor Toolkit Standalone Node (microvisor). The orchestrator build requires additional configuration to create a customized initramfs file during the building process:

  • Configuration files for:

    • Caddy for Edge Manageability Framework

    • Fluent Bit configuration files

    • Environment configuration file

  • Cert files

Edge Microvisor Toolkit Standalone Node Specific Builds#

Microvisor Build with HookOS (previous workflow)#

In Edge Microvisor Toolkit Standalone Node, HookOS sources, separate from the ones in Edge Manageability Framework, were implemented to generate required HookOS images to be used in the installer. The installer scripts from Edge Microvisor Toolkit Standalone Node were built into the OS image and set up to run automatically in bash on boot.

The customized HookOS initramfs and vmlinuz were then used to generate the required ISO for the USB installer of Edge Microvisor Toolkit Standalone Node.

Microvisor Build with Bootkit (new workflow)#

When using Edge Microvisor Bootkit in the build workflow, the following components are added to run as native systemd services in the initramfs image:

Bootkit also includes efibootmgr, gawk, lvm2, net-tools, and parted packages to support creation of Standalone Node build.

NOTE: Before the final ISO image for the USB installer is generated, required OS installer bash scripts and systemd service are added to the initramfs to run as services in Edge Microvisor Toolkit Standalone Node.