Releases: kairos-io/kairos
Releases · kairos-io/kairos
v3.2.3
✨ Improvements
- Mainly bugfixes and dependency bumps across the aisle
- Upgrading to v3.2.3 from Kubernetes was fixed #3010
- Updated Yip across all packages to v1.12.0 which brings some nice improvements
- Timesyncd now writes the config to an override instead of removing the default config file
- User recreation now tries to get more info about the UID if the user previously existed in order to use the same UID
- Stages that take too long to execute now will log every 10 seconds to let the user now that the stage is stillbeing executed
⬆️ Dependencies
kairos-framewok was updated from v2.15.3 to v2.15.4 which brought the following updates (only showing updated packages):
| Package | Old version | New version |
|---|---|---|
| suc-upgrade | 0.3.0 | 0.3.1 |
| immucore | 0.6.0 | 0.6.1 |
| kairos-agent | 2.15.3 | 2.15.4 |
Notables changes in the packages:
- suc-upgrade:
- Fixes a wrong path when checking for
kairos-release/os-releaseon kubernetes upgrade #3010
- Fixes a wrong path when checking for
- immucore:
- Dependency bumps, including yip from v1.11.0 to v1.12.0
- kairos-agent:
- Respect user defined/default sizes on upgrade instead of defaulting to the image size
- Fix partitioner on disks with sector size other than 512
- Fix and validate schema for disk devices
- Enable debug logs asap, so yip calls via the agent also have the debug level if requested
- Dependency bumps, including yip from v1.11.0 to v1.12.0
Full Changelog: v3.2.2...v3.2.3
v3.2.2
Caution
We have identified a potential issue when upgrading from older versions into 3.2.2 via Kubernetes with suc-upgrade
If your upgrade scenario is via Kubernetes, we recommend NOT upgrading to this version and waiting for v3.2.3 which should be release between the 13th and 14th of November as a follow up to this release.
If you still need to upgrade, check #3010 for a workaround
✨ Improvements
- Move kairos vars to their own file by @Itxaka in #2908
- Now all the kairos vars are stored into /etc/kairos-release to not contaminate the system os-release
- Add ubuntu 24.10 flavor by @mauromorales in #2930
- Now you can enjoy the latest 24.10 ubuntu released in Kairos fashion
- Build Ubuntu 24.04 Standard Image UKI on Github by @bencorrado in #2940
- Now the released UKI base images provide a standard image that contains K3S for ease of consuming and generating Trusted Boot images.
- Yip was updated across the system to version v1.11.0 which brings:
- New trace level log output for extra logs
- Move some logs from debug to trace to make debug logs clearer
- Add missing name to stages that didnt have names for easy identification of the steps
- Dont log empty command output
- Do not duplicate errors when logging out
- Nicer steps dump when running on debug
- On failures print the source file for the errored step
- Kairos-agent now allows installing a system with no users.
- Can be enabled by setting the
install.nouserstotrue - This will install a system with no users, thus blocked from sshing into it or login via physical methods
- Can be enabled by setting the
- Kairos-agent now checks the system configurations to validate user+admin
- At least one user needs to be added to the configs
- At least one user needs to be in the admin group
- Our configs set a Kairos user by default but this might change int he future and no users may be shipped by default, so we may consider the default kairos user bundled with our configs deprecated
- This check can be skipped by the new setting
install.nousers
⬆️ Dependencies
kairos-framewok was updated from v2.12.4 to v2.14.3 which brought the following updates (only showing updated packages):
| Package | Old version | New version |
|---|---|---|
| suc-upgrade | 0.2.3 | 0.3.0 |
| kairos-overlay-files | 1.1.58 | 1.5.1 |
| immucore | 0.5.1 | 0.6.0 |
| kairos-agent | 2.14.7 | 2.15.3 |
Notables changes in the packages:
- suc-upgrade:
- Will try to read the current release from
/etc/kairos-releaseinstead of/etc/os-release
- Will try to read the current release from
- immucore:
- Dependency bumps, including yip from v1.10.0 to v1.11.0 which includes a nicer log output and mentioning the sources for stages on failures.
- kairos-overlay-files:
- Use
/etc/kairos-releaseinstead of/etc/os-release - Drop duplicated entries in defautl cmdlines
- Drop duplicated filesystem expansion step
- Pull datasources only during Install
- Use
- kairos-agent:
- Use
/etc/kairos-releaseinstead of/etc/os-release - Allow to install with no users by setting the
install.nouserskey totruein the config file. This allows to install a system with zero default users. - Validate that we have users in the config files and at least 1 is admin during install and upgrade to avoid installing/upgrading a system with no users and being locked out of the system. Can be override witht he above
install.nouserskey. - Read actual system configs during k8s upgrade. During k8s upgrade we were scanning the upgraded container for cloud config files, which skipped the actual system files.
- Dependency bumps, including yip from v1.10.0 to v1.11.0 which includes a nicer log output and mentioning the sources for stages on failures.
- Use
New Contributors
- @bencorrado made their first contribution in #2942
Full Changelog: v3.2.1...v3.2.2
Contributors
mauromorales, Itxaka, and bencorrado
Assets 488
v3.2.1
What's Changed
✨ Improvements
- Show sources in config string by @jimmykarily in kairos-io/kairos-agent#550
- Now when checking the configs you will see the sources uses to generate them
- Expose the Analize method of
kairos-agent run-stageby @Itxaka in kairos-io/kairos-agent#548- now
kairos-agent runstagecan be run with the flag--analyzeor-ato only show what steps would be run from a given stage and in the order they will be run.
- now
- Accept more paths to devices for install by @Itxaka in kairos-io/kairos-agent#552
- Now the install target accepts devices identified by
/dev/disk/by-{uuid,label,path,diskseq}
- Now the install target accepts devices identified by
⬆️ Dependencies
🐛 Fixed bugs
- Add missing binary to nvidia images by @Itxaka in #2918
- Dracut immucore should fatal if binaries are missing in #2692
- Alpine initrd should mount the livecd under /run/initramfs/live in #2912
- systemd-networkd-wait-online fails with multiple ethernet where one or more is disconnected in #2898
- AuroraBoot doesn't copy cloud config file in #2876
- Fix partitioner not identifying mmc/nvme partitions by @Itxaka in kairos-io/kairos-agent#563
- Fix reset by @Itxaka in kairos-io/kairos-agent#565
- Fix mkfs using the wrong label for the fs label by @Itxaka in kairos-io/kairos-agent#556
🤖 CI related
- Revert the trivy DB changes by @Itxaka in #2889
- Cache trivy by @jimmykarily in #2910
- Cache trivy in one more pipeline by @jimmykarily in #2913
- Cache even more trivy by @jimmykarily in #2914
- Install arm64 earthly by @Itxaka in #2916
Full Changelog: v3.2.0...v3.2.1
Contributors
Itxaka and jimmykarily
Assets 457
v3.2.1-rc1
What's Changed
- 🤖 Revert the trivy DB changes by @Itxaka in #2889
- Cache trivy by @jimmykarily in #2910
- Cache trivy in one more pipeline by @jimmykarily in #2913
- Cache even more trivy by @jimmykarily in #2914
- Install arm64 earthly by @Itxaka in #2916
- ⬆️ Bump framework by @Itxaka in #2915
- 🐛 Add missing binary to nvidia images by @Itxaka in #2918
Full Changelog: v3.2.0...v3.2.1-rc1
Contributors
Itxaka and jimmykarily
Assets 457
v3.2.0
9e0d3c8
This commit was signed with the committer’s verified signature.
jimmykarily
Dimitris Karakasilis
This is a "milestone" release as is signifies the completeness of a set of planned stories. You can see what was planned for the v3.2.0 release in the relevant ticket: #2052
What's Changed
- Fixed recovery reset (kairos-io/kairos-agent#565)
- Make it possible to refer to disks using labels and ids (device names was the only option up to now) (kairos-io/kairos-agent#563, kairos-io/kairos-agent#558, kairos-io/kairos-agent#552)
- Make the kairos-agent skip yip config directories when parsing for installation/upgrade/reset configuration and allow users to override built-in configuration using datasource by parsing
/oemlast (kairos-io/kairos-agent#562) - Show merged configs as a comment in the final kairos config and when running
kairos-agent configcommand (kairos-io/kairos-agent#550) - Expose the "analyze" method of yip in the
kairos-agent run-stagecommand (kairos-io/kairos-agent#548) - Update aquasec/trivy Docker tag to v0.55.2 by @renovate in #2867
- Update github/codeql-action action to v3.26.8 by @renovate in #2873
- 🤖 Allow testing provider dev versions by @Itxaka in #2870
- 🐛 Do not bindly install all tpm2 tools by @Itxaka in #2884
- Store logs on earthly by @Itxaka in #2880
- :Robot: Cache triby DB before running the build by @Itxaka in #2885
- Bump framework by @Itxaka in #2891
- Test selecting disk by uuid+label by @Itxaka in #2877
- Don't run both rngd and haveged by @jimmykarily in #2890
- 🤖 Add missing secrets: inherit by @Itxaka in #2897
- Update quay.io/kairos/framework Docker tag to v2.12.1 by @renovate in #2902
Full Changelog: v3.1.3...v3.2.0
Contributors
Itxaka, renovate, and jimmykarily
Assets 440
v3.2.0-rc1
See the v3.2.0 release notes - This was an rc
v3.1.3
b5ded86
This commit was signed with the committer’s verified signature.
jimmykarily
Dimitris Karakasilis
Release highlights:
- In the previous release, we introduced a fix for the broken permissions of the user's home directory. It turned out that the fix only applied to users created by the top level
users:key in the Kairos configuration file. In this release, users created in various stages will also get their home directory permissions fixed. If for some reason, you don't want the script to recursively fix the home directory permissions, you can create a sentinel file to skip the fix and apply it on your own as you see fit. - Fixed an issue where we didn't calculate the upgrade image size and the always created an image with the default size (#2818)
- Fixed an issue in Kairos upgrades through Kuberentes, where various host directories were also used in image size calculation (kairos-io/kairos-agent#537)
- We now display the webui url below the QR code to avoid people having to plug a keyboard just to find the IP address of the node (#2826)
- Fixed a bug in Alpine flavors where we passed the edgevpn arguments in the openrc service file wrongly (#2789)
- Lots of version bumps on dependencies (mostly automated).
Known Issues
- [Carry over from previous releases] RPi EFI booting no longer supported on kernels shipped with Ubuntu 24.04+ #2249
What's Changed
- Add permissions to generic arm release pipeline by @mauromorales in #2840
- Update tj-actions/changed-files action to v45 by @renovate in #2816
- Add upgrade uki test by @jimmykarily in #2776
- Update dependency go to v1.23.1 by @renovate in #2845
- Generate relative paths to files by @jimmykarily in #2846
- 🤖 Make arm64 workers use docker mirror by @Itxaka in #2850
- 🐛 Fix wifi cloud-config example by @jimmyjones2 in #2820
- 📖 Add alpine wifi cloud-config by @jimmyjones2 in #2819
- Update anchore/grype Docker tag to v0.80.1 by @renovate in #2852
- Update aquasec/trivy Docker tag to v0.55.0 by @renovate in #2781
- Update aquasec/trivy Docker tag to v0.55.1 by @renovate in #2854
- Update github/codeql-action action to v3.26.6 by @renovate in #2799
- Fix test printing old value for debugging by @jimmykarily in #2855
- Update google/osv-scanner-action action to v1.8.5 by @renovate in #2853
- Update quay.io/kairos/framework Docker tag to v2.11.5 by @renovate in #2856
- Update github/codeql-action action to v3.26.7 by @renovate in #2858
- Update quay.io/kairos/framework Docker tag to v2.11.7 by @renovate in #2859
- Split the uploading of trivy and grype results by @jimmykarily in #2860
New Contributors
- @jimmyjones2 made their first contribution in #2820
Full Changelog: v3.1.2...v3.1.3
Contributors
mauromorales, Itxaka, and 3 other contributors
Assets 457
v3.1.2
⚠️ The following issues have been resolved, so it is safe to upgrade again:
Kairos user ids change on upgrade, breaking ssh login #2797
Long duration hang during boot #2802
What's Changed
- 🤖 Check that install/recovery services are off during active boot by @Itxaka in #2775
- 🐧 Disable pcrlock for all systemd distros by @Itxaka in #2778
- 🐛 Empty machine-id instead of removing it by @Itxaka in #2784
- 🐛 Fix +base-image for Remote Execution by @sdwilsh in #2808
Full Changelog: v3.1.1...v3.1.2
Contributors
sdwilsh and Itxaka
Assets 455
v3.1.2-rc1
What's Changed
- Update softprops/action-gh-release action to v2.0.8 by @renovate in #2751
- Update manual tests by @mauromorales in #2747
- Update github/codeql-action action to v3.25.13 by @renovate in #2750
- Remove ubuntu 23.10 from the pipelines by @jimmykarily in #2756
- Update tj-actions/changed-files digest to 6b2903b by @renovate in #2746
- Update github/codeql-action digest to 2d79040 by @renovate in #2749
- Update docker/login-action digest to 9780b0c by @renovate in #2754
- Run arm jobs under arm workers by @Itxaka in #2757
- Update github/codeql-action action to v3.25.14 by @renovate in #2763
- Update module github.com/onsi/ginkgo/v2 to v2.19.1 by @renovate in #2768
- Update github/codeql-action action to v3.25.15 by @renovate in #2767
- Add manual test for edgevpn setup by @jimmykarily in #2771
- 🤖 Check that install/recovery services are off during active boot by @Itxaka in #2775
- Update ossf/scorecard-action action to v2.4.0 by @renovate in #2769
- Update docker/setup-buildx-action digest to 988b5a0 by @renovate in #2755
- Update github/codeql-action digest to afb54ba by @renovate in #2762
- Update renovate/renovate Docker tag to v38 by @renovate in #2765
- Update module github.com/onsi/gomega to v1.34.1 by @renovate in #2764
- 🐧 Disable pcrlock for all systemd distros by @Itxaka in #2778
- Update tj-actions/changed-files digest to c65cd88 by @renovate in #2780
- Update quay.io/luet/base Docker tag to v0.35.4 by @renovate in #2783
- 🐛 Empty machine-id instead of removing it by @Itxaka in #2784
- Update actions/upload-artifact digest to 89ef406 by @renovate in #2786
- Update actions/upload-artifact action to v4.3.5 by @renovate in #2787
- 🔧 Allow testing overlya files branches by @Itxaka in #2791
- Update module github.com/mudler/edgevpn to v0.27.0 by @renovate in #2803
- Update actions/upload-artifact action to v4.3.6 by @renovate in #2795
- Update google/osv-scanner-action action to v1.8.3 by @renovate in #2801
- Update dependency go to v1.23.0 by @renovate in #2796
- Update module github.com/mudler/edgevpn to v0.27.2 by @renovate in #2812
- Update github.com/mudler/go-processmanager digest to 8b802d3 by @renovate in #2811
- 🐛 Fix +base-image for Remote Execution by @sdwilsh in #2808
- Update module github.com/onsi/ginkgo/v2 to v2.20.1 by @renovate in #2815
- Update module github.com/mudler/edgevpn to v0.27.3 by @renovate in #2814
- Update google/osv-scanner-action action to v1.8.4 by @renovate in #2817
- Update module github.com/mudler/edgevpn to v0.27.4 by @renovate in #2822
- Update module github.com/onsi/ginkgo/v2 to v2.20.2 by @renovate in #2829
- Update quay.io/luet/base Docker tag to v0.35.5 by @renovate in #2831
- Update module github.com/onsi/gomega to v1.34.2 by @renovate in #2830
Full Changelog: v3.1.1...v3.1.2-rc1
Contributors
mauromorales, sdwilsh, and 3 other contributors
Assets 454
v3.1.1
Upgrade issues
Be advised that there is currently an issue when upgrading from 3.0.x to 3.1.x in which the user ids will change. This will result in any files owned by the user under its /home directory to lose permissions which can lead to not being able to ssh (ssh keys will have a different user id)
We are currently working on a workaround, so you are advised to not upgrade until 3.1.2 is released with a fix for this.
What's Changed
Bug fixes 🐛
- Disable make cache timer on fedora by @Itxaka in #2717
- It's not possible to login on an Alpine 3.19 RPi fixed by @Itxaka #2439
- Expired password on system with no rtc (e.g. rpi4) on Alpine fixed by @Itxaka #1994
- cgroup_memory not mounted in Alpine rpi4 fixed by @Itxaka #2002
- reset from the GRUB menu on alpine, gets stuck in an endless loop @Itxaka #2136
Known Issues
- RPi EFI booting no longer supported on kernels shipped with Ubuntu 24.04+ #2249
Full Changelog: v3.1.0...v3.1.1
Contributors
Itxaka