Merge pull request #1 from CSHieuV/bootstrap-container-0.1.0

Bootstrap Container Version v0.1.0

CHANGELOG.md

@@ -0,0 +1,5 @@
+# 0.1.0
+
+Initial release of **bottlerocket-bootstrap-container** - the bootstrap container for Bottlerocket.
+
+See the [README](README.md) for additional information.

CONTRIBUTING.md

@@ -1,18 +1,18 @@
 # Contributing Guidelines
 
-Thank you for your interest in contributing to our project. Whether it's a bug report, new feature, correction, or additional
-documentation, we greatly value feedback and contributions from our community.
+Thank you for your interest in contributing to our project.
+Whether it's a bug report, new feature, correction, or additional documentation, we greatly value feedback and contributions from our community.
 
-Please read through this document before submitting any issues or pull requests to ensure we have all the necessary
-information to effectively respond to your bug report or contribution.
+Please read through this document before submitting any issues or pull requests to ensure we have all the necessary information to effectively respond to your bug report or contribution.
 
 
 ## Reporting Bugs/Feature Requests
 
 We welcome you to use the GitHub issue tracker to report bugs or suggest features.
 
-When filing an issue, please check existing open, or recently closed, issues to make sure somebody else hasn't already
-reported the issue. Please try to include as much information as you can. Details like these are incredibly useful:
+When filing an issue, please check [existing open](https://github.com/bottlerocket-os/bottlerocket-bootstrap-container/issues) and [closed](https://github.com/bottlerocket-os/bottlerocket-bootstrap-container/issues?q=is%3Aissue+is%3Aclosed) issues to make sure somebody else hasn't already reported the issue.
+Please try to include as much information as you can.
+Details like these are incredibly useful:
 
 * A reproducible test case or series of steps
 * The version of our code being used
@@ -21,39 +21,41 @@ reported the issue. Please try to include as much information as you can. Detail
 
 
 ## Contributing via Pull Requests
-Contributions via pull requests are much appreciated. Before sending us a pull request, please ensure that:
+Contributions via pull requests are much appreciated.
+Before starting a pull request, please ensure that:
 
-1. You are working against the latest source on the *main* branch.
-2. You check existing open, and recently merged, pull requests to make sure someone else hasn't addressed the problem already.
-3. You open an issue to discuss any significant work - we would hate for your time to be wasted.
+1. You open an issue first to discuss any significant work - we would hate for your time to be wasted.
+2. You are working against the latest source on the *develop* branch.
+3. You check existing [open](https://github.com/bottlerocket-os/bottlerocket-bootstrap-container/pulls) and [merged](https://github.com/bottlerocket-os/bottlerocket-bootstrap-container/pulls?q=is%3Apr+is%3Aclosed) pull requests to make sure someone else hasn't addressed the problem already.
 
 To send us a pull request, please:
 
 1. Fork the repository.
-2. Modify the source; please focus on the specific change you are contributing. If you also reformat all the code, it will be hard for us to focus on your change.
+2. Modify the source; please focus on the specific change you are contributing. If you also reformat the code, it will be hard for us to focus on your change.
 3. Ensure local tests pass.
 4. Commit to your fork using clear commit messages.
 5. Send us a pull request, answering any default questions in the pull request interface.
 6. Pay attention to any automated CI failures reported in the pull request, and stay involved in the conversation.
 
-GitHub provides additional document on [forking a repository](https://help.github.com/articles/fork-a-repo/) and
-[creating a pull request](https://help.github.com/articles/creating-a-pull-request/).
+GitHub provides additional documentation on [forking a repository](https://help.github.com/articles/fork-a-repo/) and [creating a pull request](https://help.github.com/articles/creating-a-pull-request/).
 
 
 ## Finding contributions to work on
-Looking at the existing issues is a great way to find something to contribute on. As our projects, by default, use the default GitHub issue labels (enhancement/bug/duplicate/help wanted/invalid/question/wontfix), looking at any 'help wanted' issues is a great place to start.
+Looking at the existing issues is a great way to find something to contribute on.
+As our projects, by default, use the default GitHub issue labels (enhancement/bug/duplicate/help wanted/invalid/question/wontfix), looking at any ['help wanted'](https://github.com/bottlerocket-os/bottlerocket-bootstrap-container/labels/help%20wanted) issues is a great place to start.
 
 
 ## Code of Conduct
 This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct).
-For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq) or contact
-opensource-codeofconduct@amazon.com with any additional questions or comments.
+For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq) or contact opensource-codeofconduct@amazon.com with any additional questions or comments.
 
 
 ## Security issue notifications
-If you discover a potential security issue in this project we ask that you notify AWS/Amazon Security via our [vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/). Please do **not** create a public github issue.
+If you discover a potential security issue in this project we ask that you notify AWS/Amazon Security via our [vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/).
+Please do **not** create a public GitHub issue.
 
 
 ## Licensing
 
-See the [LICENSE](LICENSE) file for our project's licensing. We will ask you to confirm the licensing of your contribution.
+See the [COPYRIGHT](COPYRIGHT) file for our project's licensing.
+We will ask you to confirm the licensing of your contribution.

Dockerfile

@@ -0,0 +1,30 @@
+FROM amazonlinux:2023
+
+# Install necessary packages
+RUN yum update -y && \
+    yum install -y \
+    aws-cli \
+    jq \
+    util-linux \
+    e2fsprogs \
+    xfsprogs \
+    lvm2 \
+    mdadm && \
+    yum clean all && \
+    # Verify that all packages are installed
+    command -v aws && \
+    command -v jq && \
+    command -v lsblk && \
+    command -v mkfs.ext4 && \
+    command -v mkfs.xfs && \
+    command -v lvm && \
+    command -v mdadm
+
+# Copy the wrapper script into the container
+COPY bootstrap-script.sh /usr/local/bin/bootstrap-script.sh
+
+# Make the wrapper script executable
+RUN chmod +x /usr/local/bin/bootstrap-script.sh
+
+# Set the wrapper script as the entry point
+ENTRYPOINT ["/usr/local/bin/bootstrap-script.sh"]

LICENSE → LICENSE-APACHE

@@ -173,3 +173,30 @@
       defend, and hold each Contributor harmless for any liability
       incurred by, or claims asserted against, such Contributor by reason
       of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

LICENSE-MIT

@@ -0,0 +1,8 @@
+MIT License
+Copyright Amazon.com, Inc., its affiliates, or other contributors. All Rights Reserved.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including  without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to  the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN  NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE  SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

Makefile

@@ -0,0 +1,18 @@
+IMAGE_NAME = bottlerocket-bootstrap-container:latest
+
+.PHONY: all build clean
+
+# Run all build tasks for this container image
+all: build_amd64 build_arm64
+
+# Build the container image for the amd64 architecture
+build_amd64:
+	docker build --tag $(IMAGE_NAME)-amd64 -f Dockerfile .
+
+# Build the container image for the arm64 architecture
+build_arm64:
+	docker build --tag $(IMAGE_NAME)-arm64 -f Dockerfile .
+
+# Clean up the build artifacts (if there are any to clean)
+clean:
+	rm -f $(IMAGE_NAME)

README.md

@@ -1,17 +1,63 @@
-## My Project
+# Bottlerocket Control Container
 
-TODO: Fill this README out!
+This is the bootstrap container for the [Bottlerocket](https://github.com/bottlerocket-os/bottlerocket) operating system. This container 
+image allows the user to provide their own script to run bootstrap commands to setup their own configuration during runtime. 
 
-Be sure to:
+## Using the Container Image
 
-* Change the title in this README
-* Edit your repository description on GitHub
+For more information on settings, please refer to the [Bottlerocket Documentation](https://bottlerocket.dev/) in order to configure your files. 
+To use the container image, create a TOML file with the following configurations. 
 
-## Security
+### Sample TOML configuration
 
-See [CONTRIBUTING](CONTRIBUTING.md#security-issue-notifications) for more information.
+```toml
+[settings.bootstrap-containers.myscript]
+source="<URI to ECR Repository for this Bootstrap Container>"
+mode="once"
+user-data="user-base64-encoded-bootstrap-script"
+```
 
-## License
+Afterwards, create the Bottlerocket instance using the TOML file. 
+The settings that you changed within the user's bootstrap script should be seen within the bottlerocket instance. 
 
-This project is licensed under the Apache-2.0 License.
+### Example Walkthrough
 
+This example assumes that you have access to AWS services and the necessary permissions to create and manage EC2 instances.
+
+Given a user data similar to the below:
+
+```sh
+#!/usr/bin/env sh
+set -euo pipefail
+
+# Create the directory
+mkdir -p /var/lib/my_directory
+
+# Set API client configurations
+apiclient set --json '{"settings": {"oci-defaults": {"resource-limits": {"max-open-files": {"soft-limit": 4294967296, "hard-limit": 8589934592}}}}}'
+
+# Load kernel module
+if command -v modprobe > /dev/null 2>&1; then
+  modprobe dummy
+fi
+
+echo "User-data script executed."
+```
+
+The user-data script needs to be base64 encoded. Encode the script in base64.
+
+Next, create a TOML file with the necessary settings to use the bootstrap container. 
+Replace <URI to ECR Repository for this Bootstrap Container> with the actual URI of the ECR repository.
+
+For example, the TOML file should look like the below if you base64 the given user-data:
+
+```toml
+[settings.bootstrap-containers.bear]
+source = "<URI to ECR Repository for this Bootstrap Container>"
+mode = "once"
+user-data = "IyEvdXNyL2Jpbi9lbnYgc2gKc2V0IC1ldW8gcGlwZWZhaWwKCiMgQ3JlYXRlIHRoZSBkaXJlY3RvcnkKbWtkaXIgLXAgL3Zhci9saWIvbXlfZGlyZWN0b3J5CgojIFNldCBBUEkgY2xpZW50IGNvbmZpZ3VyYXRpb25zCmFwaWNsaWVudCBzZXQgLS1qc29uICd7InNldHRpbmdzIjogeyJvY2ktZGVmYXVsdHMiOiB7InJlc291cmNlLWxpbWl0cyI6IHsibWF4LW9wZW4tZmlsZXMiOiB7InNvZnQtbGltaXQiOiA0Mjk0OTY3Mjk2LCAiaGFyZC1saW1pdCI6IDg1ODk5MzQ1OTJ9fX19fScKCiMgTG9hZCBrZXJuZWwgbW9kdWxlCmlmIGNvbW1hbmQgLXYgbW9kcHJvYmUgPiAvZGV2L251bGwgMj4mMTsgdGhlbgogIG1vZHByb2JlIGR1bW15CmZpCgplY2hvICJVc2VyLWRhdGEgc2NyaXB0IGV4ZWN1dGVkLiIK"
+```
+
+Afterwards, you can run the Bottlerocket instance using the TOML file and the user-data configurations will be applied. 
+Once the instance is up and running, you can verify that the bootstrap process completed successfully. 
+You can check the logs of the bootstrap container using the apiclient tool from the admin container.

SECURITY.md

@@ -0,0 +1,4 @@
+## Reporting a Vulnerability
+
+If you discover a potential security issue in this project, we ask that you notify AWS/Amazon Security via our [vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/) or directly via email to aws-security@amazon.com.
+Please do **not** create a public GitHub issue.

VERSION

@@ -0,0 +1 @@
+v0.1.0

bootstrap-script.sh

@@ -0,0 +1,24 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+set -x
+
+# Full path to the base64-encoded user data
+USER_DATA_PATH=/.bottlerocket/bootstrap-containers/current/user-data
+
+# If the user data file is there, not empty, and not a directory, make it executable
+if [ -s "$USER_DATA_PATH" ] && [ ! -d "$USER_DATA_PATH" ]; then
+    chmod +x "$USER_DATA_PATH"
+
+    # If the decoded script is there and executable, then execute it.
+    if [ -x "$USER_DATA_PATH" ]; then
+        echo "Executing user bootstrap script: $USER_DATA_PATH"
+        exec "$USER_DATA_PATH"
+    else
+        echo "Warning: User bootstrap script not found or not executable: $USER_DATA_PATH"
+        exit 1
+    fi
+else
+    echo "Warning: User data not found or is a directory: $USER_DATA_PATH"
+    exit 1
+fi