fix: bump hami core version

feat: update storage requirement

.github/workflows/check.yaml

@@ -3,8 +3,12 @@ name: Lint and Test Charts
 on:
   push:
     branches: [ "main", "release-*" ]
+    paths-ignore:
+      - 'docs/**'    
   pull_request_target:
     branches: [ "main", "release-*" ]
+    paths-ignore:
+      - 'docs/**'    
 
   workflow_dispatch:
 
@@ -55,7 +59,7 @@ jobs:
     steps:
       - id: generate
         run: |
-          v=1.12.0-$(echo $RANDOM)
+          v=1.12.1-$(echo $RANDOM$RANDOM)
           echo "version=$v" >> "$GITHUB_OUTPUT"
 
   upload-cli:
@@ -65,6 +69,7 @@ jobs:
     with:
       version: ${{ needs.test-version.outputs.version }}
       ref: ${{ github.event.pull_request.head.ref }}
+      repository: ${{ github.event.pull_request.head.repo.full_name }}
 
   upload-daemon:
     needs: test-version
@@ -73,6 +78,7 @@ jobs:
     with:
       version: ${{ needs.test-version.outputs.version }}
       ref: ${{ github.event.pull_request.head.ref }}
+      repository: ${{ github.event.pull_request.head.repo.full_name }}
 
   push-image:
     runs-on: ubuntu-latest
@@ -97,6 +103,12 @@ jobs:
     runs-on: [self-hosted, linux, ARM64]
 
     steps:
+      - name: Install skopeo (Ubuntu)
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y skopeo
+          
+
       - name: 'Checkout source code'
         uses: actions/checkout@v3
         with:
@@ -132,6 +144,7 @@ jobs:
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           AWS_DEFAULT_REGION: "us-east-1"
           VERSION: ${{ needs.test-version.outputs.version }}
+          REPO_PATH: '${{ secrets.REPO_PATH }}'
         run: |
           bash build/deps-manifest.sh && bash build/upload-deps.sh
 
@@ -156,6 +169,7 @@ jobs:
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           AWS_DEFAULT_REGION: "us-east-1"
           VERSION: ${{ needs.test-version.outputs.version }}
+          REPO_PATH: '${{ secrets.REPO_PATH }}'
         run: |
           export PATH=$PATH:/usr/local/bin:/home/ubuntu/.local/bin
           bash build/deps-manifest.sh linux/arm64 && bash build/upload-deps.sh linux/arm64

.github/workflows/push-deps-to-s3.yml

@@ -11,27 +11,13 @@ jobs:
       - name: "Checkout source code"
         uses: actions/checkout@v3
 
-      - name: Install coscmd
-        run: pip install coscmd        
-
-      - name: Configure coscmd
-        env:
-          TENCENT_SECRET_ID: ${{ secrets.TENCENT_SECRET_ID }}
-          TENCENT_SECRET_KEY: ${{ secrets.TENCENT_SECRET_KEY }}
-          COS_BUCKET: ${{ secrets.COS_BUCKET }}
-          COS_REGION: ${{ secrets.COS_REGION }}
-          END_POINT: ${{ secrets.END_POINT }}
-        run: |
-          coscmd config -a $TENCENT_SECRET_ID \
-                        -s $TENCENT_SECRET_KEY \
-                        -b $COS_BUCKET \
-                        -r $COS_REGION 
 
       # test
       - env:
           AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           AWS_DEFAULT_REGION: "us-east-1"
+          REPO_PATH: '${{ secrets.REPO_PATH }}'
         run: |
           bash build/deps-manifest.sh && bash build/upload-deps.sh
 
@@ -42,28 +28,12 @@ jobs:
       - name: "Checkout source code"
         uses: actions/checkout@v3
 
-      - name: Install coscmd
-        run: pip install coscmd        
-
-      - name: Configure coscmd
-        env:
-          TENCENT_SECRET_ID: ${{ secrets.TENCENT_SECRET_ID }}
-          TENCENT_SECRET_KEY: ${{ secrets.TENCENT_SECRET_KEY }}
-          COS_BUCKET: ${{ secrets.COS_BUCKET }}
-          COS_REGION: ${{ secrets.COS_REGION }}
-          END_POINT: ${{ secrets.END_POINT }}
-        run: |
-          export PATH=$PATH:/usr/local/bin:/home/ubuntu/.local/bin
-          coscmd config -m 10 -p 10 -a $TENCENT_SECRET_ID \
-                        -s $TENCENT_SECRET_KEY \
-                        -b $COS_BUCKET \
-                        -r $COS_REGION 
-
       # test
       - env:
           AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           AWS_DEFAULT_REGION: "us-east-1"
+          REPO_PATH: '${{ secrets.REPO_PATH }}'
         run: |
           export PATH=$PATH:/usr/local/bin:/home/ubuntu/.local/bin
           bash build/deps-manifest.sh linux/arm64 && bash build/upload-deps.sh linux/arm64

.github/workflows/push-to-s3.yaml

@@ -11,22 +11,6 @@ jobs:
       - name: "Checkout source code"
         uses: actions/checkout@v3
 
-      - name: Install coscmd
-        run: pip install coscmd        
-
-      - name: Configure coscmd
-        env:
-          TENCENT_SECRET_ID: ${{ secrets.TENCENT_SECRET_ID }}
-          TENCENT_SECRET_KEY: ${{ secrets.TENCENT_SECRET_KEY }}
-          COS_BUCKET: ${{ secrets.COS_BUCKET }}
-          COS_REGION: ${{ secrets.COS_REGION }}
-          END_POINT: ${{ secrets.END_POINT }}
-        run: |
-          coscmd config -a $TENCENT_SECRET_ID \
-                        -s $TENCENT_SECRET_KEY \
-                        -b $COS_BUCKET \
-                        -r $COS_REGION 
-
       # test
       - env:
           AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
@@ -42,23 +26,6 @@ jobs:
       - name: "Checkout source code"
         uses: actions/checkout@v3
 
-      - name: Install coscmd
-        run: pip install coscmd        
-
-      - name: Configure coscmd
-        env:
-          TENCENT_SECRET_ID: ${{ secrets.TENCENT_SECRET_ID }}
-          TENCENT_SECRET_KEY: ${{ secrets.TENCENT_SECRET_KEY }}
-          COS_BUCKET: ${{ secrets.COS_BUCKET }}
-          COS_REGION: ${{ secrets.COS_REGION }}
-          END_POINT: ${{ secrets.END_POINT }}
-        run: |
-          export PATH=$PATH:/usr/local/bin:/home/ubuntu/.local/bin
-          coscmd config -m 10 -p 10 -a $TENCENT_SECRET_ID \
-                        -s $TENCENT_SECRET_KEY \
-                        -b $COS_BUCKET \
-                        -r $COS_REGION 
-
       - env:
           AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

.github/workflows/release-cli.yaml

@@ -8,7 +8,17 @@ on:
         required: true
       ref:
         type: string
+      repository:
+        type: string
   workflow_dispatch:
+    inputs:
+      version:
+        type: string
+        required: true
+      ref:
+        type: string
+      repository:
+        type: string
 jobs:
   goreleaser:
     runs-on: ubuntu-22.04
@@ -18,6 +28,7 @@ jobs:
         with:
           fetch-depth: 1
           ref: ${{ inputs.ref }}
+          repository: ${{ inputs.repository }}
 
       - name: Add Local Git Tag For GoReleaser
         run: git tag ${{ inputs.version }}
@@ -51,6 +62,5 @@ jobs:
           AWS_DEFAULT_REGION: "us-east-1"
         run: |
           cd cli/output && for file in *.tar.gz; do
-            aws s3 cp "$file" s3://terminus-os-install/$file --acl=public-read
-            # coscmd upload $file /$file
+            aws s3 cp "$file" s3://terminus-os-install${{ secrets.REPO_PATH }}${file} --acl=public-read
           done

.github/workflows/release-daemon.yaml

@@ -8,7 +8,17 @@ on:
         required: true
       ref:
         type: string
+      repository:
+        type: string
   workflow_dispatch:
+    inputs:
+      version:
+        type: string
+        required: true
+      ref:
+        type: string
+      repository:
+        type: string
 
 jobs:
   goreleaser:
@@ -19,6 +29,7 @@ jobs:
         with:
           fetch-depth: 1
           ref: ${{ inputs.ref }}
+          repository: ${{ inputs.repository }}
 
       - name: Add Local Git Tag For GoReleaser
         run: git tag ${{ inputs.version }}
@@ -31,7 +42,7 @@ jobs:
 
       - name: install udev-devel
         run: |
-          sudo apt install -y libudev-dev
+          sudo apt update && sudo apt install -y libudev-dev
 
       - name: Install x86_64 cross-compiler
         run: sudo apt-get update && sudo apt-get install -y build-essential
@@ -54,5 +65,5 @@ jobs:
           AWS_DEFAULT_REGION: 'us-east-1'
         run: |
           cd daemon/output && for file in *.tar.gz; do
-            aws s3 cp "$file" s3://terminus-os-install/$file --acl=public-read
+            aws s3 cp "$file" s3://terminus-os-install${{ secrets.REPO_PATH }}${file} --acl=public-read
           done

.github/workflows/release-daily.yaml

@@ -17,7 +17,7 @@ jobs:
     steps:
       - id: generate
         run: |
-          v=1.12.0-$(date +"%Y%m%d")
+          v=1.12.1-$(date +"%Y%m%d")
           echo "version=$v" >> "$GITHUB_OUTPUT"
 
   release-cli:
@@ -77,6 +77,7 @@ jobs:
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           AWS_DEFAULT_REGION: "us-east-1"
           VERSION: ${{ needs.daily-version.outputs.version }}
+          REPO_PATH: '${{ secrets.REPO_PATH }}'
         run: |
           bash build/deps-manifest.sh && bash build/upload-deps.sh
 
@@ -94,6 +95,7 @@ jobs:
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           AWS_DEFAULT_REGION: "us-east-1"
           VERSION: ${{ needs.daily-version.outputs.version }}
+          REPO_PATH: '${{ secrets.REPO_PATH }}'
         run: |
           export PATH=$PATH:/usr/local/bin:/home/ubuntu/.local/bin
           bash build/deps-manifest.sh linux/arm64 && bash build/upload-deps.sh linux/arm64
@@ -121,13 +123,13 @@ jobs:
           AWS_DEFAULT_REGION: 'us-east-1'
         run: |
           md5sum install-wizard-v${{ needs.daily-version.outputs.version }}.tar.gz > install-wizard-v${{ needs.daily-version.outputs.version }}.md5sum.txt && \
-          aws s3 cp install-wizard-v${{ needs.daily-version.outputs.version }}.md5sum.txt s3://terminus-os-install/install-wizard-v${{ needs.daily-version.outputs.version }}.md5sum.txt --acl=public-read && \
-          aws s3 cp install-wizard-v${{ needs.daily-version.outputs.version }}.tar.gz s3://terminus-os-install/install-wizard-v${{ needs.daily-version.outputs.version }}.tar.gz --acl=public-read && \
+          aws s3 cp install-wizard-v${{ needs.daily-version.outputs.version }}.md5sum.txt s3://terminus-os-install${{ secrets.REPO_PATH }}install-wizard-v${{ needs.daily-version.outputs.version }}.md5sum.txt --acl=public-read && \
+          aws s3 cp install-wizard-v${{ needs.daily-version.outputs.version }}.tar.gz s3://terminus-os-install${{ secrets.REPO_PATH }}install-wizard-v${{ needs.daily-version.outputs.version }}.tar.gz --acl=public-read && \
           echo "md5sum=$(awk '{print $1}' install-wizard-v${{ needs.daily-version.outputs.version }}.md5sum.txt)" >> "$GITHUB_OUTPUT"
 
 
   release:
-    needs: [daily-version, upload-package]
+    needs: [daily-version, upload-package, release-cli]
     runs-on: ubuntu-latest
 
     steps:
@@ -150,6 +152,7 @@ jobs:
           cp .dist/install-wizard/install.sh build/base-package
           cp build/base-package/install.sh build/base-package/publicInstaller.sh
           cp .dist/install-wizard/install.ps1 build/base-package
+          cp .dist/install-wizard/joincluster.sh build/base-package
 
       - name: Release public files
         uses: softprops/action-gh-release@v1

.github/workflows/release.yaml

@@ -59,8 +59,46 @@ jobs:
           export PATH=$PATH:/usr/local/bin:/home/ubuntu/.local/bin
           bash build/image-manifest.sh && bash build/upload-images.sh .manifest/images.mf linux/arm64
 
+  push-deps:
+    needs: [release-daemon]
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: "Checkout source code"
+        uses: actions/checkout@v3
+
+      # test
+      - env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          AWS_DEFAULT_REGION: "us-east-1"
+          VERSION: ${{ github.event.inputs.tags }}
+          REPO_PATH: '${{ secrets.REPO_PATH }}'
+        run: |
+          bash build/deps-manifest.sh && bash build/upload-deps.sh
+
+  push-deps-arm64:
+    needs: [release-daemon]
+    runs-on: [self-hosted, linux, ARM64]
+
+    steps:
+      - name: "Checkout source code"
+        uses: actions/checkout@v3
+
+      # test
+      - env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          AWS_DEFAULT_REGION: "us-east-1"
+          VERSION: ${{ github.event.inputs.tags }}
+          REPO_PATH: '${{ secrets.REPO_PATH }}'
+        run: |
+          export PATH=$PATH:/usr/local/bin:/home/ubuntu/.local/bin
+          bash build/deps-manifest.sh linux/arm64 && bash build/upload-deps.sh linux/arm64
+
+
   upload-package:
-    needs: [push, push-arm64, release-daemon]
+    needs: [push, push-arm64, push-deps, push-deps-arm64, release-daemon]
     runs-on: ubuntu-latest
 
     steps:
@@ -80,12 +118,12 @@ jobs:
           AWS_DEFAULT_REGION: 'us-east-1'
         run: |
           md5sum install-wizard-v${{ github.event.inputs.tags }}.tar.gz > install-wizard-v${{ github.event.inputs.tags }}.md5sum.txt && \
-          aws s3 cp install-wizard-v${{ github.event.inputs.tags }}.md5sum.txt s3://terminus-os-install/install-wizard-v${{ github.event.inputs.tags }}.md5sum.txt --acl=public-read && \
-          aws s3 cp install-wizard-v${{ github.event.inputs.tags }}.tar.gz s3://terminus-os-install/install-wizard-v${{ github.event.inputs.tags }}.tar.gz --acl=public-read
+          aws s3 cp install-wizard-v${{ github.event.inputs.tags }}.md5sum.txt s3://terminus-os-install${{ secrets.REPO_PATH }}install-wizard-v${{ github.event.inputs.tags }}.md5sum.txt --acl=public-read && \
+          aws s3 cp install-wizard-v${{ github.event.inputs.tags }}.tar.gz s3://terminus-os-install${{ secrets.REPO_PATH }}install-wizard-v${{ github.event.inputs.tags }}.tar.gz --acl=public-read
 
   release:
     runs-on: ubuntu-latest
-    needs: [upload-package]
+    needs: [upload-package, release-cli]
 
     steps:
       - name: 'Checkout source code'
@@ -101,7 +139,7 @@ jobs:
       - name: Get checksum
         id: vars
         run: |
-          echo "version_md5sum=$(curl -sSfL https://dc3p1870nn3cj.cloudfront.net/install-wizard-v${{ github.event.inputs.tags }}.md5sum.txt|awk '{print $1}')" >> $GITHUB_OUTPUT
+          echo "version_md5sum=$(curl -sSfL https://dc3p1870nn3cj.cloudfront.net${{ secrets.REPO_PATH }}install-wizard-v${{ github.event.inputs.tags }}.md5sum.txt|awk '{print $1}')" >> $GITHUB_OUTPUT
 
       - name: Update checksum
         uses: eball/write-tag-to-version-file@latest
@@ -119,8 +157,9 @@ jobs:
           cp .dist/install-wizard/install.sh build/base-package
           cp build/base-package/install.sh build/base-package/publicInstaller.sh
           cp build/base-package/install.sh build/base-package/publicInstaller.latest
-          cp .dist/install-wizard/install.ps1 build/insbase-packagetaller
+          cp .dist/install-wizard/install.ps1 build/base-package
           cp build/base-package/install.ps1 build/base-package/publicInstaller.latest.ps1
+          cp .dist/install-wizard/joincluster.sh build/base-package
 
       - name: Release public files
         uses: softprops/action-gh-release@v1
@@ -135,7 +174,7 @@ jobs:
             build/base-package/publicInstaller.latest.ps1
             build/base-package/install.ps1
             build/base-package/publicAddnode.sh
-            build/instbase-packagealler/joincluster.sh
+            build/base-package/joincluster.sh
             build/base-package/version.hint
             build/base-package/publicRestoreInstaller.sh
           prerelease: true

.gitignore

@@ -31,3 +31,10 @@ olares-cli-*.tar.gz
 .DS_Store
 cli/output
 daemon/output
+daemon/bin
+
+docs/.vitepress/dist/
+docs/.vitepress/cache/
+node_modules
+.idea/
+cli/olares-cli*

README.md

@@ -108,20 +108,15 @@ Olares has been tested and verified on the following Linux platforms:
 To get started with Olares on your own device, follow the [Getting Started Guide](https://docs.olares.com/manual/get-started/) for step-by-step instructions.
 
 ## Project navigation
-
-> [!NOTE]  
-> We are currently consolidating Olares subproject code into this repository. This process may take a few months. Once finished, you will get a comprehensive view of the entire Olares system here.
-
-
 This section lists the main directories in the Olares repository:
 
-* **`apps`**: Contains the code for system applications, primarily for `larepass`.
-* **`cli`**: Contains the code for `olares-cli`, the command-line interface tool for Olares.
-* **`daemon`**: Contains the code for `olaresd`, the system daemon process.
-* **`docs`**: Contains documentation for the project.
-* **`framework`**: Contains the Olares system services.
-* **`infrastructure`**: Contains code related to infrastructure components such as computing, storage, networking, and GPUs.
-* **`platform`**: Contains code for cloud-native components like databases and message queues.
+* **[`apps`](./apps)**: Contains the code for system applications, primarily for `larepass`.
+* **[`cli`](./cli)**: Contains the code for `olares-cli`, the command-line interface tool for Olares.
+* **[`daemon`](./daemon)**: Contains the code for `olaresd`, the system daemon process.
+* **[`docs`](./docs)**: Contains documentation for the project.
+* **[`framework`](./framework)**: Contains the Olares system services.
+* **[`infrastructure`](./infrastructure)**: Contains code related to infrastructure components such as computing, storage, networking, and GPUs.
+* **[`platform`](./platform)**: Contains code for cloud-native components like databases and message queues.
 * **`vendor`**: Contains code from third-party hardware vendors.
 
 ## Contributing to Olares

README_CN.md

@@ -110,19 +110,15 @@ Olares 已在以下 Linux 平台完成测试与验证：
 参考[快速上手指南](https://docs.olares.cn/zh/manual/get-started/)安装并激活 Olares。
 
 ## 项目目录
-
-> [!NOTE]
-> 我们正将 Olares 子项目的代码移动到当前仓库。此过程可能会持续数月。届时您就可以通过本仓库了解 Olares 系统的全貌。
-
 Olares 代码库中的主要目录如下：
 
-* **`apps`**: 用于存放系统应用，主要是 `larepass` 的代码。
-* **`cli`**: 用于存放 `olares-cli`（Olares 的命令行界面工具）的代码。
-* **`daemon`**: 用于存放 `olaresd`（系统守护进程）的代码。
-* **`docs`**: 用于存放 Olares 项目的文档。
-* **`framework`**: 用来存放 Olares 系统服务代码。
-* **`infrastructure`**: 用于存放计算，存储，网络，GPU 等基础设施的代码。
-* **`platform`**: 用于存放数据库、消息队列等云原生组件的代码。
+* **[`apps`](./apps)**: 用于存放系统应用，主要是 `larepass` 的代码。
+* **[`cli`](./cli)**: 用于存放 `olares-cli`（Olares 的命令行界面工具）的代码。
+* **[`daemon`](./daemon)**: 用于存放 `olaresd`（系统守护进程）的代码。
+* **[`docs`**](./docs)**: 用于存放 Olares 项目的文档。
+* **[`framework`](./framework)**: 用来存放 Olares 系统服务代码。
+* **[`infrastructure`](./infrastructure)**: 用于存放计算，存储，网络，GPU 等基础设施的代码。
+* **[`platform`](./platform)**: 用于存放数据库、消息队列等云原生组件的代码。
 * **`vendor`**: 用于存放来自第三方硬件供应商的代码。
 
 ## 社区贡献

README_JP.md

@@ -108,20 +108,16 @@ Olaresは以下のLinuxプラットフォームで動作検証を完了してい
 自分のデバイスでOlaresを始めるには、[はじめにガイド](https://docs.olares.com/manual/get-started/)に従ってステップバイステップの手順を確認してください。
 
 
-## プロジェクトナビゲーション
-
-> [!NOTE]
-> 現在、Olaresのサブプロジェクトのコードを当リポジトリへ移行する作業を進めています。この作業が完了するまでには数ヶ月を要する見込みです。完了後には、当リポジトリを通じてOlaresシステムの全貌をご覧いただけるようになります。
-
+## プロジェクトナビゲーションx
 このセクションでは、Olares リポジトリ内の主要なディレクトリをリストアップしています：
 
-* **`apps`**: システムアプリケーションのコードが含まれており、主に `larepass` 用です。
-* **`cli`**: Olares のコマンドラインインターフェースツールである `olares-cli` のコードが含まれています。
-* **`daemon`**: システムデーモンプロセスである `olaresd` のコードが含まれています。
-* **`docs`**: プロジェクトのドキュメントが含まれています。
-* **`framework`**: Olares システムサービスが含まれています。
-* **`infrastructure`**: コンピューティング、ストレージ、ネットワーキング、GPU などのインフラストラクチャコンポーネントに関連するコードが含まれています。
-* **`platform`**: データベースやメッセージキューなどのクラウドネイティブコンポーネントのコードが含まれています。
+* **[`apps`](./apps)**: システムアプリケーションのコードが含まれており、主に `larepass` 用です。
+* **[`cli`](./cli)**: Olares のコマンドラインインターフェースツールである `olares-cli` のコードが含まれています。
+* **[`daemon`](./daemon)**: システムデーモンプロセスである `olaresd` のコードが含まれています。
+* **[`docs`](./docs)**: プロジェクトのドキュメントが含まれています。
+* **[`framework`](./framework)**: Olares システムサービスが含まれています。
+* **[`infrastructure`](./infrastructure)**: コンピューティング、ストレージ、ネットワーキング、GPU などのインフラストラクチャコンポーネントに関連するコードが含まれています。
+* **[`platform`](./platform)**: データベースやメッセージキューなどのクラウドネイティブコンポーネントのコードが含まれています。
 * **`vendor`**: サードパーティのハードウェアベンダーからのコードが含まれています。
 
 ## Olaresへの貢献

apps/.olares/config/user/helm-charts/market/Chart.yaml

@@ -1,26 +0,0 @@
-apiVersion: v2
-name: appstore
-description: A Helm chart for Kubernetes
-maintainers:
-- name: bytetrade
-
-# A chart can be either an 'application' or a 'library' chart.
-#
-# Application charts are a collection of templates that can be packaged into versioned archives
-# to be deployed.
-#
-# Library charts provide useful utilities or functions for the chart developer. They're included as
-# a dependency of application charts to inject those utilities and functions into the rendering
-# pipeline. Library charts do not define any templates and therefore cannot be deployed.
-type: application
-
-# This is the chart version. This version number should be incremented each time you make changes
-# to the chart and its templates, including the app version.
-# Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.0.1
-
-# This is the version number of the application being deployed. This version number should be
-# incremented each time you make changes to the application. Versions are not expected to
-# follow Semantic Versioning. They should reflect the version the application is using.
-# It is recommended to use it with quotes.
-appVersion: "1.16.0"

apps/.olares/config/user/helm-charts/market/templates/_helpers.tpl

@@ -1,62 +0,0 @@
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "appstore.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "appstore.fullname" -}}
-{{- if .Values.fullnameOverride }}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- $name := default .Chart.Name .Values.nameOverride }}
-{{- if contains $name .Release.Name }}
-{{- .Release.Name | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
-{{- end }}
-{{- end }}
-{{- end }}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "appstore.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Common labels
-*/}}
-{{- define "appstore.labels" -}}
-helm.sh/chart: {{ include "appstore.chart" . }}
-{{ include "appstore.selectorLabels" . }}
-{{- if .Chart.AppVersion }}
-app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
-{{- end }}
-app.kubernetes.io/managed-by: {{ .Release.Service }}
-{{- end }}
-
-{{/*
-Selector labels
-*/}}
-{{- define "appstore.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "appstore.name" . }}
-app.kubernetes.io/instance: {{ .Release.Name }}
-{{- end }}
-
-{{/*
-Create the name of the service account to use
-*/}}
-{{- define "appstore.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
-{{- default (include "appstore.fullname" .) .Values.serviceAccount.name }}
-{{- else }}
-{{- default "default" .Values.serviceAccount.name }}
-{{- end }}
-{{- end }}

apps/.olares/config/user/helm-charts/market/templates/market_deploy.yaml

@@ -1,353 +0,0 @@
-{{- $market_secret := (lookup "v1" "Secret" .Release.Namespace "market-secrets") -}}
-
-{{- $redis_password := "" -}}
-{{ if $market_secret -}}
-{{ $redis_password = (index $market_secret "data" "redis-passwords") }}
-{{ else -}}
-{{ $redis_password = randAlphaNum 16 | b64enc }}
-{{- end -}}
-
-{{- $market_backend_nats_secret := (lookup "v1" "Secret" .Release.Namespace "market-backend-nats-secret") -}}
-{{- $nats_password := "" -}}
-{{ if $market_backend_nats_secret -}}
-{{ $nats_password = (index $market_backend_nats_secret "data" "nats_password") }}
-{{ else -}}
-{{ $nats_password = randAlphaNum 16 | b64enc }}
-{{- end -}}
-
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: market-backend-nats-secret
-  namespace: {{ .Release.Namespace }}
-type: Opaque
-data:
-  nats_password: {{ $nats_password }}
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: market-secrets
-  namespace: {{ .Release.Namespace }}
-type: Opaque
-data:
-  redis-passwords: {{ $redis_password }}
-
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: market-deployment
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app: appstore
-    applications.app.bytetrade.io/author: bytetrade.io
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: appstore
-  template:
-    metadata:
-      labels:
-        app: appstore
-        io.bytetrade.app: "true"
-      annotations:
-        instrumentation.opentelemetry.io/inject-go: "olares-instrumentation"
-        instrumentation.opentelemetry.io/go-container-names: "appstore-backend"    
-        instrumentation.opentelemetry.io/otel-go-auto-target-exe: "/opt/app/market"
-    spec:
-      priorityClassName: "system-cluster-critical"
-      initContainers:
-        - args:
-          - -it
-          - authelia-backend.os-system:9091
-          image: owncloudci/wait-for:latest
-          imagePullPolicy: IfNotPresent
-          name: check-auth
-        - name: terminus-sidecar-init
-          image: openservicemesh/init:v1.2.3
-          imagePullPolicy: IfNotPresent
-          securityContext:
-            privileged: true
-            capabilities: 
-              add:
-              - NET_ADMIN
-            runAsNonRoot: false
-            runAsUser: 0
-          command:
-          - /bin/sh
-          - -c
-          - |
-            iptables-restore --noflush <<EOF
-            # sidecar interception rules
-            *nat
-            :PROXY_IN_REDIRECT - [0:0]
-            :PROXY_INBOUND - [0:0]
-            -A PROXY_IN_REDIRECT -p tcp -j REDIRECT --to-port 15003
-            -A PROXY_INBOUND -p tcp --dport 15000 -j RETURN
-            -A PROXY_INBOUND -p tcp -j PROXY_IN_REDIRECT
-            -A PREROUTING -p tcp -j PROXY_INBOUND
-            COMMIT
-            EOF
-          
-          env:
-          - name: POD_IP
-            valueFrom:
-              fieldRef:
-                apiVersion: v1
-                fieldPath: status.podIP         
-      containers:
-      - name: appstore-backend
-        image: beclab/market-backend:v0.3.12
-        imagePullPolicy: IfNotPresent
-        ports:
-          - containerPort: 81
-        env:
-          - name: OS_SYSTEM_SERVER
-            value: system-server.user-system-{{ .Values.bfl.username }}
-          - name: OS_APP_SECRET
-            value: '{{ .Values.os.appstore.appSecret }}'
-          - name: OS_APP_KEY
-            value: {{ .Values.os.appstore.appKey }}
-          - name: APP_SOTRE_SERVICE_SERVICE_HOST
-            value: appstore-server-prod.bttcdn.com
-          - name: MARKET_PROVIDER
-            value: '{{ .Values.os.appstore.marketProvider }}'
-          - name: APP_SOTRE_SERVICE_SERVICE_PORT
-            value: '443'
-          - name: APP_SERVICE_SERVICE_HOST
-            value: app-service.os-system
-          - name: APP_SERVICE_SERVICE_PORT
-            value: '6755'
-          - name: REPO_URL_PORT
-            value: "82"
-          - name: REDIS_ADDRESS
-            value: 'redis-cluster-proxy.user-system-{{ .Values.bfl.username }}:6379'
-          - name: REDIS_PASSWORD
-            valueFrom:
-              secretKeyRef:
-                name: market-secrets
-                key: redis-passwords
-          - name: REDIS_DB_NUMBER
-            value: '0'
-          - name: REPO_URL_HOST
-            valueFrom:
-              fieldRef:
-                fieldPath: status.podIP
-          - name: NATS_HOST
-            value: nats.user-system-{{ .Values.bfl.username }}
-          - name: NATS_PORT
-            value: '4222'
-          - name: NATS_USERNAME
-            value: market-backend-{{ .Values.bfl.username}}
-          - name: NATS_PASSWORD
-            valueFrom:
-              secretKeyRef:
-                name: market-backend-nats-secret
-                key: nats_password
-          - name: NATS_SUBJECT_USER_APPLICATION
-            value: terminus.user.application.{{ .Values.bfl.username}}
-        volumeMounts:
-          - name: opt-data
-            mountPath: /opt/app/data
-      - name: terminus-envoy-sidecar
-        image: bytetrade/envoy:v1.25.11
-        imagePullPolicy: IfNotPresent
-        securityContext:
-          allowPrivilegeEscalation: false
-          runAsUser: 1000
-        ports:
-        - name: proxy-admin
-          containerPort: 15000
-        - name: proxy-inbound
-          containerPort: 15003
-        volumeMounts:
-        - name: terminus-sidecar-config
-          readOnly: true
-          mountPath: /etc/envoy/envoy.yaml
-          subPath: envoy.yaml
-        command:
-        - /usr/local/bin/envoy
-        - --log-level
-        - debug
-        - -c
-        - /etc/envoy/envoy.yaml
-        env:
-        - name: POD_UID
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.uid
-        - name: POD_NAME
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.name
-        - name: POD_NAMESPACE
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.namespace
-        - name: POD_IP
-          valueFrom:
-            fieldRef:
-              fieldPath: status.podIP
-      - name: terminus-ws-sidecar
-        image: 'beclab/ws-gateway:v1.0.5'
-        command:
-          - /ws-gateway
-        env:
-          - name: WS_PORT
-            value: '81'
-          - name: WS_URL
-            value: /app-store/v1/websocket/message
-        resources: { }
-        terminationMessagePath: /dev/termination-log
-        terminationMessagePolicy: File
-        imagePullPolicy: IfNotPresent
-      volumes:
-      - name: terminus-sidecar-config
-        configMap:
-          name: sidecar-ws-configs
-          items:
-          - key: envoy.yaml
-            path: envoy.yaml
-      - name: opt-data
-        hostPath:
-          path: '{{ .Values.userspace.appData}}/appstore/data'
-          type: DirectoryOrCreate
-      - name: app
-        emptyDir: {}
-      - name: nginx-confd
-        emptyDir: {}
-
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: appstore-service
-  namespace: {{ .Release.Namespace }}
-spec:
-  selector:
-    app: appstore
-  type: ClusterIP
-  ports:
-    - protocol: TCP
-      name: appstore-backend
-      port: 81
-      targetPort: 81
-
----
-apiVersion: sys.bytetrade.io/v1alpha1
-kind: ApplicationPermission
-metadata:
-  name: appstore
-  namespace: user-system-{{ .Values.bfl.username }}
-spec:
-  app: appstore
-  appid: appstore
-  key: {{ .Values.os.appstore.appKey }}
-  secret: {{ .Values.os.appstore.appSecret }}
-  permissions:
-  - dataType: event
-    group: message-disptahcer.system-server
-    ops:
-      - Create
-    version: v1
-  - dataType: app
-    group: service.bfl
-    ops:
-      - UserApps
-    version: v1
-status:
-  state: active
-
----
-apiVersion: sys.bytetrade.io/v1alpha1
-kind: ProviderRegistry
-metadata:
-  name: appstore-backend-provider
-  namespace: user-system-{{ .Values.bfl.username }}
-spec:
-  dataType: app
-  deployment: market
-  description: app store provider
-  endpoint: appstore-service.{{ .Release.Namespace }}
-  group: service.appstore
-  kind: provider
-  namespace: {{ .Release.Namespace }}
-  opApis:
-    - name: InstallDevApp
-      uri: /app-store/v1/applications/provider/installdev
-    - name: UninstallDevApp
-      uri: /app-store/v1/applications/provider/uninstalldev
-  version: v1
-status:
-  state: active
----
-apiVersion: apr.bytetrade.io/v1alpha1
-kind: MiddlewareRequest
-metadata:
-  name: market-redis
-  namespace: {{ .Release.Namespace }}
-spec:
-  app: market
-  appNamespace: {{ .Release.Namespace }}
-  middleware: redis
-  redis:
-    password:
-      valueFrom:
-        secretKeyRef:
-          key: redis-passwords
-          name: market-secrets
-    namespace: market
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: appstore-svc
-  namespace: {{ .Release.Namespace }}
-spec:
-  type: ClusterIP
-  selector:
-    app: appstore
-  ports:
-    - name: "appstore-backend"
-      protocol: TCP
-      port: 81
-      targetPort: 81
-    - name: "appstore-websocket"
-      protocol: TCP
-      port: 40010
-      targetPort: 40010
----
-apiVersion: apr.bytetrade.io/v1alpha1
-kind: MiddlewareRequest
-metadata:
-  name: market-backend-nats
-  namespace: {{ .Release.Namespace }}
-spec:
-  app: market-backend
-  appNamespace: user
-  middleware: nats
-  nats:
-    password:
-      valueFrom:
-        secretKeyRef:
-          key: nats_password
-          name: market-backend-nats-secret
-    refs:
-      - appName: user-service
-        appNamespace: user
-        subjects:
-          - name: "application.*"
-            perm:
-              - pub
-              - sub
-      - appName: user-service
-        appNamespace: user
-        subjects:
-          - name: "market.*"
-            perm:
-              - pub
-              - sub
-    user: market-backend-{{ .Values.bfl.username}}

apps/.olares/config/user/helm-charts/market/values.yaml

@@ -1,44 +0,0 @@
-bfl:
-  nodeport: 30883
-  nodeport_ingress_http: 30083
-  nodeport_ingress_https: 30082
-  username: 'test'
-  url: 'test'
-  nodeName: test
-pvc:
-  userspace: test
-userspace:
-  userData: test/Home
-  appData: test/Data
-  appCache: test
-  dbdata: test
-docs:
-  nodeport: 30881
-desktop:
-  nodeport: 30180
-os:
-  portfolio:
-    appKey: '${ks[0]}'
-    appSecret: test
-  vault:
-    appKey: '${ks[0]}'
-    appSecret: test
-  desktop:
-    appKey: '${ks[0]}'
-    appSecret: test
-  message:
-    appKey: '${ks[0]}'
-    appSecret: test
-  rss:
-    appKey: '${ks[0]}'
-    appSecret: test
-  search:
-    appKey: '${ks[0]}'
-    appSecret: test
-  search2:
-    appKey: '${ks[0]}'
-    appSecret: test
-  appstore:
-    marketProvider: ''
-kubesphere:
-  redis_password: ""

apps/.olares/config/user/helm-charts/studio/Chart.yaml

@@ -1,26 +0,0 @@
-apiVersion: v2
-name: studio
-description: A Terminus app development tool
-maintainers:
-- name: bytetrade
-
-# A chart can be either an 'application' or a 'library' chart.
-#
-# Application charts are a collection of templates that can be packaged into versioned archives
-# to be deployed.
-#
-# Library charts provide useful utilities or functions for the chart developer. They're included as
-# a dependency of application charts to inject those utilities and functions into the rendering
-# pipeline. Library charts do not define any templates and therefore cannot be deployed.
-type: application
-
-# This is the chart version. This version number should be incremented each time you make changes
-# to the chart and its templates, including the app version.
-# Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.3
-
-# This is the version number of the application being deployed. This version number should be
-# incremented each time you make changes to the application. Versions are not expected to
-# follow Semantic Versioning. They should reflect the version the application is using.
-# It is recommended to use it with quotes.
-appVersion: "4.9.1"

apps/.olares/config/user/helm-charts/studio/templates/deployment.yaml

@@ -1,549 +0,0 @@
-{{- $namespace := printf "%s%s" "user-system-" .Values.bfl.username -}}
-{{- $studio_secret := (lookup "v1" "Secret" $namespace "studio-secrets") -}}
-
-{{- $pg_password := "" -}}
-{{ if $studio_secret -}}
-{{ $pg_password = (index $studio_secret "data" "pg_password") }}
-{{ else -}}
-{{ $pg_password = randAlphaNum 16 | b64enc }}
-{{- end -}}
-
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: studio-secrets
-  namespace: user-system-{{ .Values.bfl.username }}
-type: Opaque
-data:
-  pg_password: {{ $pg_password }}
-
----
-apiVersion: apr.bytetrade.io/v1alpha1
-kind: MiddlewareRequest
-metadata:
-  name: studio-pg
-  namespace: user-system-{{ .Values.bfl.username }}
-spec:
-  app: studio
-  appNamespace: {{ .Release.Namespace }}
-  middleware: postgres
-  postgreSQL:
-    user: studio_{{ .Values.bfl.username }}
-    password:
-      valueFrom:
-        secretKeyRef:
-          key: pg_password
-          name: studio-secrets
-    databases:
-      - name: studio
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: studio-server
-  namespace: {{ .Release.Namespace }}
-spec:
-  selector:
-    app: studio-server
-  ports:
-    - protocol: TCP
-      port: 8080
-      targetPort: 8088
-      name: http
-    - protocol: TCP
-      port: 8083
-      targetPort: 8083
-      name: https
-
----
-kind: Service
-apiVersion: v1
-metadata:
-  name: chartmuseum-studio
-  namespace: {{ .Release.Namespace }}
-spec:
-  ports:
-    - name: http
-      protocol: TCP
-      port: 8080
-      targetPort: 8888
-  selector:
-    app: studio-server
-
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: studio-san-cnf
-  namespace: {{ .Release.Namespace }}
-data:
-  san.cnf: |
-    [req]
-    distinguished_name = req_distinguished_name
-    req_extensions = v3_req
-    prompt = no
-
-    [req_distinguished_name]
-    countryName = CN
-    stateOrProvinceName = Beijing
-    localityName = Beijing
-    0.organizationName = bytetrade
-    commonName = studio-server.{{ .Release.Namespace }}.svc
-
-    [v3_req]
-    basicConstraints = CA:FALSE
-    keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-    subjectAltName = @bytetrade
-
-    [bytetrade]
-    DNS.1 = studio-server.{{ .Release.Namespace }}.svc
-
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: studio-server
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app: studio-server
-    applications.app.bytetrade.io/author: bytetrade.io
-spec:
-  replicas: 1
-  strategy:
-    type: Recreate
-  selector:
-    matchLabels:
-      app: studio-server
-  template:
-    metadata:
-      labels:
-        app: studio-server
-    spec:
-      serviceAccountName: bytetrade-controller
-      volumes:
-        - name: chart
-          hostPath:
-            type: DirectoryOrCreate
-            path: '{{ .Values.userspace.appData}}/studio/Chart'
-        - name: data
-          hostPath:
-            type: DirectoryOrCreate
-            path: '{{ .Values.userspace.appData }}/studio/Data'
-        - name: storage-volume
-          hostPath:
-            path: '{{ .Values.userspace.appData }}/studio/helm-repo-dev'
-            type: DirectoryOrCreate
-        - name: config-san
-          configMap:
-            name: studio-san-cnf
-            items:
-              - key: san.cnf
-                path: san.cnf
-        - name: sidecar-configs-studio
-          configMap:
-            name: sidecar-configs-studio
-            items:
-              - key: envoy.yaml
-                path: envoy.yaml
-        - name: certs
-          emptyDir: {}
-      initContainers:
-        - name: init-chmod-data
-          image: busybox:1.28
-          imagePullPolicy: IfNotPresent
-          command:
-            - sh
-            - '-c'
-            - |
-              chown -R 1000:1000 /home/coder
-              chown -R 65532:65532 /charts
-              chown -R 65532:65532 /data
-          securityContext:
-            runAsUser: 0
-          resources: { }
-          volumeMounts:
-            - name: storage-volume
-              mountPath: /home/coder
-            - name: chart
-              mountPath: /charts
-            - name: data
-              mountPath: /data
-        - name: terminus-sidecar-init
-          image: aboveos/openservicemesh-init:v1.2.3
-          imagePullPolicy: IfNotPresent
-          command:
-            - /bin/sh
-            - -c
-            - |
-              iptables-restore --noflush <<EOF
-              # sidecar interception rules
-              *nat
-              :PROXY_IN_REDIRECT - [0:0]
-              :PROXY_INBOUND - [0:0]
-              :PROXY_OUTBOUND - [0:0]
-              :PROXY_OUT_REDIRECT - [0:0]
-
-              -A PREROUTING -p tcp -j PROXY_INBOUND
-              -A OUTPUT -p tcp -j PROXY_OUTBOUND
-              -A PROXY_INBOUND -p tcp --dport 15000 -j RETURN
-              -A PROXY_INBOUND -p tcp --dport 8083 -j RETURN
-              -A PROXY_INBOUND -p tcp -j PROXY_IN_REDIRECT
-              -A PROXY_IN_REDIRECT -p tcp -j REDIRECT --to-port 15003
-
-
-              -A PROXY_OUTBOUND -p tcp --dport 5432 -j RETURN
-              -A PROXY_OUTBOUND -p tcp --dport 6379 -j RETURN
-              -A PROXY_OUTBOUND -p tcp --dport 27017 -j RETURN
-              -A PROXY_OUTBOUND -p tcp --dport 443 -j RETURN
-              -A PROXY_OUTBOUND -p tcp --dport 8080 -j RETURN
-
-              -A PROXY_OUTBOUND -d ${POD_IP}/32 -j RETURN
-
-              -A PROXY_OUTBOUND -o lo ! -d 127.0.0.1/32 -m owner --uid-owner 1555 -j PROXY_IN_REDIRECT
-              -A PROXY_OUTBOUND -o lo -m owner ! --uid-owner 1555 -j RETURN
-              -A PROXY_OUTBOUND -m owner --uid-owner 1555 -j RETURN
-              -A PROXY_OUTBOUND -d 127.0.0.1/32 -j RETURN
-
-              -A PROXY_OUTBOUND -j PROXY_OUT_REDIRECT
-              -A PROXY_OUT_REDIRECT -p tcp -j REDIRECT --to-port 15001
-
-              COMMIT
-              EOF
-          env:
-            - name: POD_IP
-              valueFrom:
-                fieldRef:
-                  apiVersion: v1
-                  fieldPath: status.podIP
-          securityContext:
-            privileged: true
-            capabilities:
-              add:
-                - NET_ADMIN
-            runAsNonRoot: false
-            runAsUser: 0
-
-        - name: generate-certs
-          image: beclab/openssl:v3
-          imagePullPolicy: IfNotPresent
-          command: [ "/bin/sh", "-c" ]
-          args:
-            - |
-              openssl genrsa -out /etc/certs/ca.key 2048
-              openssl req -new -x509 -days 3650 -key /etc/certs/ca.key -out /etc/certs/ca.crt \
-                -subj "/CN=bytetrade CA/O=bytetrade/C=CN"
-              openssl req -new -newkey rsa:2048 -nodes \
-                -keyout /etc/certs/server.key -out /etc/certs/server.csr \
-                -config /etc/san/san.cnf
-              openssl x509 -req -days 3650 -in /etc/certs/server.csr \
-                -CA /etc/certs/ca.crt -CAkey /etc/certs/ca.key \
-                -CAcreateserial -out /etc/certs/server.crt \
-                -extensions v3_req -extfile /etc/san/san.cnf
-              chown -R 65532 /etc/certs/*
-          volumeMounts:
-            - name: config-san
-              mountPath: /etc/san
-            - name: certs
-              mountPath: /etc/certs
-
-      containers:
-        - name: studio
-          image: beclab/studio-server:v0.1.50
-          imagePullPolicy: IfNotPresent
-          args:
-            - server
-          ports:
-            - name: port
-              containerPort: 8088
-              protocol: TCP
-            - name: ssl-port
-              containerPort: 8083
-              protocol: TCP
-          volumeMounts:
-            - name: chart
-              mountPath: /charts
-            - name: data
-              mountPath: /data
-            - mountPath: /etc/certs
-              name: certs
-          lifecycle:
-            preStop:
-              exec:
-                command:
-                  - "/studio"
-                  - "clean"
-          env:
-            - name: BASE_DIR
-              value: /charts
-            - name: OS_API_KEY
-              value: {{ .Values.os.studio.appKey }}
-            - name: OS_API_SECRET
-              value: {{ .Values.os.studio.appSecret }}
-            - name: OS_SYSTEM_SERVER
-              value: system-server.user-system-{{ .Values.bfl.username }}
-            - name: NAME_SPACE
-              value: {{ .Release.Namespace }}
-            - name: OWNER
-              value: '{{ .Values.bfl.username }}'
-            - name: DB_HOST
-              value: citus-master-svc.user-system-{{ .Values.bfl.username }}
-            - name: DB_USERNAME
-              value: studio_{{ .Values.bfl.username }}
-            - name: DB_PASSWORD
-              value: "{{ $pg_password | b64dec }}"
-            - name: DB_NAME
-              value: user_space_{{ .Values.bfl.username }}_studio
-            - name: DB_PORT
-              value: "5432"
-          resources:
-            requests:
-              cpu: "50m"
-              memory: 100Mi
-            limits:
-              cpu: "0.5"
-              memory: 1000Mi
-        - name: terminus-envoy-sidecar
-          image: bytetrade/envoy:v1.25.11.1
-          imagePullPolicy: IfNotPresent
-          securityContext:
-            allowPrivilegeEscalation: false
-            runAsUser: 1555
-          ports:
-            - name: proxy-admin
-              containerPort: 15000
-            - name: proxy-inbound
-              containerPort: 15003
-            - name: proxy-outbound
-              containerPort: 15001
-          resources:
-            requests:
-              cpu: "50m"
-              memory: 100Mi
-            limits:
-              cpu: "0.5"
-              memory: 200Mi
-          volumeMounts:
-            - name: sidecar-configs-studio
-              readOnly: true
-              mountPath: /etc/envoy/envoy.yaml
-              subPath: envoy.yaml
-          command:
-            - /usr/local/bin/envoy
-            - --log-level
-            - debug
-            - -c
-            - /etc/envoy/envoy.yaml
-          env:
-            - name: POD_UID
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.uid
-            - name: POD_NAME
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.name
-            - name: POD_NAMESPACE
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.namespace
-            - name: POD_IP
-              valueFrom:
-                fieldRef:
-                  fieldPath: status.podIP
-            - name: APP_KEY
-              value: {{ .Values.os.studio.appKey }}
-            - name: APP_SECRET
-              value: {{ .Values.os.studio.appSecret }}
-        - name: chartmuseum
-          image: aboveos/helm-chartmuseum:v0.15.0
-          args:
-            - '--port=8888'
-            - '--storage-local-rootdir=/storage'
-          ports:
-            - name: http
-              containerPort: 8888
-              protocol: TCP
-          env:
-            - name: CHART_POST_FORM_FIELD_NAME
-              value: chart
-            - name: DISABLE_API
-              value: 'false'
-            - name: LOG_JSON
-              value: 'true'
-            - name: PROV_POST_FORM_FIELD_NAME
-              value: prov
-            - name: STORAGE
-              value: local
-          resources:
-            requests:
-              cpu: "50m"
-              memory: 100Mi
-            limits:
-              cpu: 1000m
-              memory: 512Mi
-          volumeMounts:
-            - name: storage-volume
-              mountPath: /storage
-          livenessProbe:
-            httpGet:
-              path: /health
-              port: http
-              scheme: HTTP
-            initialDelaySeconds: 5
-            timeoutSeconds: 1
-            periodSeconds: 10
-            successThreshold: 1
-            failureThreshold: 3
-          readinessProbe:
-            httpGet:
-              path: /health
-              port: http
-              scheme: HTTP
-            initialDelaySeconds: 5
-            timeoutSeconds: 1
-            periodSeconds: 10
-            successThreshold: 1
-            failureThreshold: 3
-
----
-apiVersion: v1
-data:
-  envoy.yaml: |
-    admin:
-      access_log_path: "/dev/stdout"
-      address:
-        socket_address:
-          address: 0.0.0.0
-          port_value: 15000
-    static_resources:
-      listeners:
-        - name: listener_0
-          address:
-            socket_address:
-              address: 0.0.0.0
-              port_value: 15003
-          listener_filters:
-            - name: envoy.filters.listener.original_dst
-              typed_config:
-                "@type": type.googleapis.com/envoy.extensions.filters.listener.original_dst.v3.OriginalDst
-          filter_chains:
-            - filters:
-                - name: envoy.filters.network.http_connection_manager
-                  typed_config:
-                    "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
-                    stat_prefix: desktop_http
-                    upgrade_configs:
-                      - upgrade_type: websocket
-                      - upgrade_type: tailscale-control-protocol
-                    skip_xff_append: false
-                    codec_type: AUTO
-                    route_config:
-                      name: local_route
-                      virtual_hosts:
-                        - name: service
-                          domains: ["*"]
-                          routes:
-                            - match:
-                                prefix: "/"
-                              route:
-                                cluster: original_dst
-                                timeout: 1800s
-                    http_protocol_options:
-                      accept_http_10: true
-                    http_filters:
-                      - name: envoy.filters.http.router
-                        typed_config:
-                          "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
-        - name: listener_1
-          address:
-            socket_address:
-              address: 0.0.0.0
-              port_value: 15001
-          listener_filters:
-            - name: envoy.filters.listener.original_dst
-              typed_config:
-                "@type": type.googleapis.com/envoy.extensions.filters.listener.original_dst.v3.OriginalDst
-          filter_chains:
-            - filters:
-                - name: envoy.filters.network.http_connection_manager
-                  typed_config:
-                    "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
-                    stat_prefix: studio_out_http
-                    skip_xff_append: false
-                    codec_type: AUTO
-                    route_config:
-                      name: local_route
-                      virtual_hosts:
-                        - name: service
-                          domains: ["*"]
-                          routes:
-                            - match:
-                                prefix: "/server/intent/send"
-                              request_headers_to_add:
-                                - header:
-                                    key: X-App-Key
-                                    value: {{ .Values.os.studio.appKey }}
-                              route:
-                                cluster: system-server
-                                prefix_rewrite: /system-server/v2/legacy_api/api.intent/v2/server/intent/send
-                            - match:
-                                prefix: "/"
-                              route:
-                                cluster: original_dst
-                                timeout: 1800s
-                              typed_per_filter_config:
-                                envoy.filters.http.lua:
-                                  "@type": type.googleapis.com/envoy.extensions.filters.http.lua.v3.LuaPerRoute
-                                  disabled: true
-
-                    http_protocol_options:
-                      accept_http_10: true
-                    http_filters:
-                      - name: envoy.filters.http.lua
-                        typed_config:
-                          "@type": type.googleapis.com/envoy.extensions.filters.http.lua.v3.Lua
-                          inline_code:
-                            local sha = require("lib.sha2")
-                            function envoy_on_request(request_handle)
-                            local app_key = os.getenv("APP_KEY")
-                            local app_secret = os.getenv("APP_SECRET")
-                            local current_time = os.time()
-                            local minute_level_time = current_time - (current_time % 60)
-                            local time_string = tostring(minute_level_time)
-                            local s = app_key .. app_secret .. time_string
-                            request_handle:logInfo("originstring:" .. s)
-                            local hash = sha.sha256(s)
-                            request_handle:logInfo("Hello World.")
-                            request_handle:logInfo(hash)
-                            request_handle:headers():add("X-Auth-Signature",hash)
-                            end
-                      - name: envoy.filters.http.router
-                        typed_config:
-                          "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
-
-
-      clusters:
-        - name: original_dst
-          connect_timeout: 5000s
-          type: ORIGINAL_DST
-          lb_policy: CLUSTER_PROVIDED
-        - name: system-server
-          connect_timeout: 2s
-          type: LOGICAL_DNS
-          dns_lookup_family: V4_ONLY
-          dns_refresh_rate: 600s
-          lb_policy: ROUND_ROBIN
-          load_assignment:
-            cluster_name: system-server
-            endpoints:
-              - lb_endpoints:
-                  - endpoint:
-                      address:
-                        socket_address:
-                          address: system-server.user-system-{{ .Values.bfl.username }}
-                          port_value: 80
-kind: ConfigMap
-metadata:
-  name: sidecar-configs-studio
-  namespace: {{ .Release.Namespace }}

apps/.olares/config/user/helm-charts/studio/values.yaml

@@ -1,42 +0,0 @@
-bfl:
-  nodeport: 30883
-  nodeport_ingress_http: 30083
-  nodeport_ingress_https: 30082
-  username: 'test'
-  url: 'test'
-  nodeName: test
-pvc:
-  userspace: test
-userspace:
-  userData: test/Home
-  appData: test/Data
-  appCache: test
-  dbdata: test
-docs:
-  nodeport: 30881
-desktop:
-  nodeport: 30180
-os:
-  portfolio:
-    appKey: '${ks[0]}'
-    appSecret: test
-  vault:
-    appKey: '${ks[0]}'
-    appSecret: test
-  desktop:
-    appKey: '${ks[0]}'
-    appSecret: test
-  message:
-    appKey: '${ks[0]}'
-    appSecret: test
-  rss:
-    appKey: '${ks[0]}'
-    appSecret: test
-  search:
-    appKey: '${ks[0]}'
-    appSecret: test
-  studio:
-    appKey: '${ks[0]}'
-    appSecret: test
-kubesphere:
-  redis_password: ""

apps/.olares/config/user/helm-charts/system-apps/values.yaml

@@ -44,5 +44,3 @@ os:
   dashboard:
     appKey: '${ks[0]}'
     appSecret: test
-kubesphere:
-  redis_password: ""

apps/.olares/config/user/helm-charts/wizard/templates/wizard_deploy.yaml

@@ -22,123 +22,25 @@ spec:
       initContainers:
       - args:
         - -it
-        - authelia-backend.os-system:9091
+        - authelia-backend.os-framework:9091
         image: owncloudci/wait-for:latest
         imagePullPolicy: IfNotPresent
         name: check-auth
-      # - name: terminus-sidecar-init
-      #   image: openservicemesh/init:v1.2.3
-      #   imagePullPolicy: IfNotPresent
-      #   securityContext:
-      #     privileged: true
-      #     capabilities: 
-      #       add:
-      #       - NET_ADMIN
-      #     runAsNonRoot: false
-      #     runAsUser: 0
-      #   command:
-      #   - /bin/sh
-      #   - -c
-      #   - |
-      #     iptables-restore --noflush <<EOF
-      #     # sidecar interception rules
-      #     *nat
-      #     :PROXY_IN_REDIRECT - [0:0]
-      #     :PROXY_INBOUND - [0:0]
-      #     -A PROXY_IN_REDIRECT -p tcp -j REDIRECT --to-port 15003
-      #     -A PROXY_INBOUND -p tcp --dport 15000 -j RETURN
-      #     -A PROXY_INBOUND -p tcp -j PROXY_IN_REDIRECT
-      #     -A PREROUTING -p tcp -j PROXY_INBOUND
-      #     COMMIT
-      #     EOF
-        
-      #   env:
-      #   - name: POD_IP
-      #     valueFrom:
-      #       fieldRef:
-      #         apiVersion: v1
-      #         fieldPath: status.podIP
 
       containers:
       - name: wizard
-        image: beclab/wizard:v1.3.57
+        image: beclab/wizard:v1.4.3
         imagePullPolicy: IfNotPresent
         ports:
         - containerPort: 80
         env:
           - name: apiServerURL
             value: http://bfl.{{ .Release.Namespace }}:8080
-
-      # - name: wizard-server
-      #   image: aboveos/wizard-server:v0.4.2
-      #   imagePullPolicy: IfNotPresent
-      #   volumeMounts:
-      #   - name: userspace-dir
-      #     mountPath: /Home
-      #   ports:
-      #   - containerPort: 3000
-      #   env:
-      #   - name: OS_SYSTEM_SERVER
-      #     value: system-server.user-system-{{ .Values.bfl.username }}
-      #   - name: OS_APP_SECRET
-      #     value: '{{ .Values.os.desktop.appSecret }}'
-      #   - name: OS_APP_KEY
-      #     value: {{ .Values.os.desktop.appKey }}
-      #   - name: APP_SERVICE_SERVICE_HOST
-      #     value: app-service.os-system
-      #   - name: APP_SERVICE_SERVICE_PORT
-      #     value: '6755'
-
-      # - name: terminus-envoy-sidecar
-      #   image: bytetrade/envoy:v1.25.11
-      #   imagePullPolicy: IfNotPresent
-      #   securityContext:
-      #     allowPrivilegeEscalation: false
-      #     runAsUser: 1000
-      #   ports:
-      #   - name: proxy-admin
-      #     containerPort: 15000
-      #   - name: proxy-inbound
-      #     containerPort: 15003
-      #   volumeMounts:
-      #   - name: terminus-sidecar-config
-      #     readOnly: true
-      #     mountPath: /etc/envoy/envoy.yaml
-      #     subPath: envoy.yaml
-      #   command:
-      #   - /usr/local/bin/envoy
-      #   - --log-level
-      #   - debug
-      #   - -c
-      #   - /etc/envoy/envoy.yaml
-      #   env:
-      #   - name: POD_UID
-      #     valueFrom:
-      #       fieldRef:
-      #         fieldPath: metadata.uid
-      #   - name: POD_NAME
-      #     valueFrom:
-      #       fieldRef:
-      #         fieldPath: metadata.name
-      #   - name: POD_NAMESPACE
-      #     valueFrom:
-      #       fieldRef:
-      #         fieldPath: metadata.namespace
-      #   - name: POD_IP
-      #     valueFrom:
-      #       fieldRef:
-      #         fieldPath: status.podIP
       volumes:
       - name: userspace-dir
         hostPath:
           type: Directory
           path: "{{ .Values.userspace.userData }}"
-      # - name: terminus-sidecar-config
-      #   configMap:
-      #     name: sidecar-configs
-      #     items:
-      #     - key: envoy.yaml
-      #       path: envoy.yaml
 
 ---
 apiVersion: v1

apps/.olares/config/user/helm-charts/wizard/values.yaml

@@ -34,5 +34,3 @@ os:
   appstore:
     appKey: '${ks[0]}'
     appSecret: test
-kubesphere:
-  redis_password: ""

apps/README.md

@@ -0,0 +1,20 @@
+# Olares Apps
+
+## Overview
+
+This directory contains the code for system applications, primarily for LarePass. The following are the pre-installed system applications that offer tools for managing files, knowledge, passwords, and the system itself.
+
+## System Applications Overview
+
+| Application | Description |
+| --- | --- |
+| Files | A file management app that manages and synchronizes files across devices and sources, enabling seamless sharing and access. |
+| Wise | A local-first and AI-native modern reader that helps to collect, read, and manage information from various platforms. Users can run self-hosted recommendation algorithms to filter and sort online content. |
+| Vault | A secure password manager for storing and managing sensitive information across devices. |
+| Market | A decentralized and permissionless app store for installing, uninstalling, and updating applications and recommendation algorithms. |
+| Desktop | A hub for managing and interacting with installed applications. File and application searching are also supported. |
+| Profile | An app to customize the user's profile page. |
+| Settings | A system configuration application. |
+| Dashboard | An app for monitoring system resource usage. |
+| Control Hub | The console for Olares, providing precise and autonomous control over the system and its environment. |
+| DevBox | A development tool for building and deploying Olares applications. |

build/base-package/install.sh

@@ -10,7 +10,7 @@ function command_exists() {
 if [[ x"$VERSION" == x"" ]]; then
     if [[ "$LOCAL_RELEASE" == "1" ]]; then
         ts=$(date +%Y%m%d%H%M%S)
-        export VERSION="1.12.0-$ts"
+        export VERSION="1.12.1-$ts"
         echo "will build and use a local release of Olares with version: $VERSION"
         echo ""
     else
@@ -20,7 +20,7 @@ fi
 
 if [[ "x${VERSION}" == "x" || "x${VERSION:3}" == "xVERSION__" ]]; then
     echo "error: Olares version is unspecified, please set the VERSION env var and rerun this script."
-    echo "for example: VERSION=1.12.0-20241124 bash $0"
+    echo "for example: VERSION=1.12.1-20241124 bash $0"
     exit 1
 fi
 

build/base-package/joincluster.sh

@@ -149,7 +149,7 @@ export VERSION="#__VERSION__"
 
 if [[ "x${VERSION}" == "x" || "x${VERSION:3}" == "xVERSION__" ]]; then
     echo "error: Olares version is unspecified, please set the VERSION env var and rerun this script."
-    echo "for example: VERSION=1.12.0-20241124 bash $0"
+    echo "for example: VERSION=1.12.1-20241124 bash $0"
     exit 1
 fi
 

build/base-package/publicRestoreInstaller.sh

@@ -1003,7 +1003,7 @@ _get_sts_bfl() {
 
 _get_deployment_backup_server() {
     local res
-    res=$($sh_c "${KUBECTL} -n os-system get deployment backup-server 2>/dev/null")
+    res=$($sh_c "${KUBECTL} -n os-framework get deployment backup 2>/dev/null")
     if [ "$?" -ne 0 ]; then
         echo 0
     fi

build/base-package/refresh_sts.sh

@@ -30,7 +30,7 @@ repaire_crd_terminus() {
 
     if [ ! -z "${AWS_SESSION_TOKEN_SETUP}" ]; then
         patch='[{"op":"add","path":"/metadata/annotations/bytetrade.io~1s3-sts","value":"'"$AWS_SESSION_TOKEN_SETUP"'"},{"op":"add","path":"/metadata/annotations/bytetrade.io~1s3-ak","value":"'"$AWS_ACCESS_KEY_ID_SETUP"'"},{"op":"add","path":"/metadata/annotations/bytetrade.io~1s3-sk","value":"'"$AWS_SECRET_ACCESS_KEY_SETUP"'"},{"op":"add","path":"/metadata/annotations/bytetrade.io~1cluster-id","value":"'"$CLUSTER_ID"'"}]'
-        $sh_c "${KUBECTL} patch terminus.sys.bytetrade.io terminus -n os-system --type='json' -p='$patch'"
+        $sh_c "${KUBECTL} patch terminus.sys.bytetrade.io terminus --type='json' -p='$patch'"
     fi
 }
 

build/base-package/upgrade_cmd.sh

@@ -1,616 +0,0 @@
-#!/usr/bin/env bash
-
-
-
-
-# Upgrading will be executed in  app-service container based on kubesphere/kubectl:v1.22.9
-# By default, the tool packages will be installed via apt during the docker build
-
-# env:
-# BASE_DIR
-
-
-function command_exists() {
-	command -v "$@" > /dev/null 2>&1
-}
-
-function get_shell_exec(){
-    user="$(id -un 2>/dev/null || true)"
-
-    sh_c='sh -c'
-	if [ "$user" != 'root' ]; then
-		if command_exists sudo && command_exists su; then
-			sh_c='sudo su -c'
-		else
-			cat >&2 <<-'EOF'
-			Error: this installer needs the ability to run commands as root.
-			We are unable to find either "sudo" or "su" available to make this happen.
-			EOF
-			exit 1
-		fi
-	fi
-}
-
-function get_bfl_api_port(){
-    local username=$1
-    $sh_c "${KUBECTL} get svc bfl -n user-space-${username} -o jsonpath='{.spec.ports[0].nodePort}'"
-}
-
-# function get_docs_port(){
-#     local username=$1
-#     $sh_c "${KUBECTL} get svc swagger-ui -n user-space-${username} -o jsonpath='{.spec.ports[0].nodePort}'"
-# }
-
-function get_desktop_port(){
-    local username=$1
-    $sh_c "${KUBECTL} get svc edge-desktop -n user-space-${username} -o jsonpath='{.spec.ports[0].nodePort}'"
-}
-
-function get_user_password(){
-    local username=$1
-    $sh_c "${KUBECTL} get user ${username} -o jsonpath='{.spec.password}'"
-}
-
-function get_user_email(){
-    local username=$1
-    $sh_c "${KUBECTL} get user ${username} -o jsonpath='{.spec.email}'"
-}
-
-
-function ensure_success() {
-    "$@"
-    local ret=$?
-
-    if [ $ret -ne 0 ]; then
-        echo "Fatal error, command: '$@'"
-        exit $ret
-    fi
-
-    return $ret
-}
-
-function validate_user(){
-    local username=$1
-    $sh_c "${KUBECTL} get ns user-space-${username} > /dev/null" 
-    local ret=$?
-    if [ $ret -ne 0 ]; then
-        echo "no"
-    else
-        echo "yes"
-    fi
-}
-
-function get_bfl_node(){
-    local username=$1
-    $sh_c "${KUBECTL} get pod  -n user-space-${username} -l 'tier=bfl' -o jsonpath='{.items[*].spec.nodeName}'"
-}
-
-function get_bfl_url() {
-    local username=$1
-    local user_bfl_port=$(get_bfl_api_port ${username})
-
-    bfl_ip=$(curl -s http://checkip.dyndns.org/ | grep -o "[[:digit:].]\+")
-    echo "http://$bfl_ip:${user_bfl_port}/bfl/apidocs.json"
-}
-
-function get_userspace_dir(){
-    local username=$1
-    local space_dir=$2
-    $sh_c "${KUBECTL} get pod  -n user-space-${username} -l 'tier=bfl' -o \
-    jsonpath='{range .items[0].spec.volumes[*]}{.name}{\" \"}{.persistentVolumeClaim.claimName}{\"\\n\"}{end}'" | \
-    while read pvc; do
-        local pvc_data=($pvc)
-        if [ ${#pvc_data[@]} -gt 1 ]; then
-            if [ "x${pvc_data[0]}" == "x${space_dir}" ]; then
-                local USERSPACE_PVC="${pvc_data[1]}"
-                local pv=$($sh_c "${KUBECTL} get pvc -n user-space-${username} ${pvc_data[1]} -o jsonpath='{.spec.volumeName}'")
-                local pv_path=$($sh_c "${KUBECTL} get pv ${pv} -o jsonpath='{.spec.hostPath.path}'")
-                local USERSPACE_PV_PATH="${pv_path}"
-
-                echo "${USERSPACE_PVC} ${USERSPACE_PV_PATH} ${pv}"
-                break
-            fi
-        fi
-    done 
-}
-
-function get_bfl_rand16(){
-    local username=$1
-    local prefix=$2
-
-    $sh_c "${KUBECTL} get sts -n user-space-${username} bfl -o jsonpath='{.metadata.annotations.${prefix}_rand16}'"
-}
-
-function gen_app_key_secret(){
-    local app=$1
-    local key="bytetrade_${app}_${RANDOM}"
-    local t=$(date +%s)
-    local secret=$(echo -n "${key}|${t}"|md5sum|cut -d" " -f1)
-
-    echo "${key} ${secret:0:16}"
-}
-
-function get_app_key_secret(){
-    local username=$1
-    local app=$2
-
-    local ks=$($sh_c "${KUBECTL} get appperm ${app} -n user-system-${username} -o jsonpath='{.spec.key} {.spec.secret}'")
-
-    if [ "x${ks}" == "x" ]; then
-        ks=$(gen_app_key_secret "${app}")
-    fi
-
-    echo "${ks}"
-}
-
-
-function get_app_settings(){
-    local username=$1
-    local apps=("vault" "desktop" "message" "wise" "search" "appstore" "notification" "dashboard" "settings" "studio" "profile" "agent" "files")
-    for a in ${apps[@]};do
-        ks=($(get_app_key_secret "$username" "$a"))
-        echo '
-  '${a}':
-    appKey: '${ks[0]}'    
-    appSecret: "'${ks[1]}'"    
-        '
-    done
-}
-
-
-
-function gen_bfl_values(){
-    local username=$1
-    local user_bfl_port=$(get_bfl_api_port ${username})
-
-    echo "Try to find the current bfl pv ..."
-    local pvc_path=($(get_userspace_dir ${username} "userspace-dir"))
-    local appcache_pvc_path=($(get_userspace_dir ${username} "appcache-dir"))
-    local dbdata_pvc_path=($(get_userspace_dir ${username} "dbdata-dir"))
-
-    local userspace_rand16=$(get_userspace_dir ${username} "userspace")
-    local appcache_rand16=$(get_userspace_dir ${username} "Cache")
-    local dbdata_rand16=$(get_userspace_dir ${username} "dbdata")
-
-    echo '
-bfl:
-  nodeport: '${user_bfl_port}'
-  username: '${username}'
-
-  userspace_rand16: '${userspace_rand16}'
-  userspace_pv: '${pvc_path[2]}'
-  userspace_pvc: '${pvc_path[0]}'
-
-  appcache_rand16: '${appcache_rand16}'
-  appcache_pv: '${appcache_pvc_path[2]}'
-  appcache_pvc: '${appcache_pvc_path[0]}'
-
-  dbdata_rand16: '${dbdata_rand16}'
-  dbdata_pv: '${dbdata_pvc_path[2]}'
-  dbdata_pvc: '${dbdata_pvc_path[0]}'
-  ' > ${BASE_DIR}/wizard/config/launcher/values.yaml
-}
-
-
-function gen_settings_values(){
-    local username=$1
-    # local userpwd="$(get_user_password ${username})"
-    # local useremail="$(get_user_email ${username})"
-
-    echo '
-namespace:
-  name: user-space-'${username}'
-  role: admin
-
-user:
-  name: '${username}'
-    ' > ${BASE_DIR}/wizard/config/settings/values.yaml
-}
-
-function gen_app_values(){
-    local username=$1
-
-    local bfl_node=$(get_bfl_node ${username})
-    local bfl_doc_url=$(get_bfl_url ${username})
-    local desktop_ports=$(get_desktop_port ${username})
-#    local docs_ports=$(get_docs_port ${username})
-
-    echo "Try to find pv ..."
-    local pvc_path=($(get_userspace_dir ${username} "userspace-dir"))
-    local appcache_pvc_path=($(get_userspace_dir ${username} "appcache-dir"))
-    local dbdata_pvc_path=($(get_userspace_dir ${username} "dbdata-dir"))
-
-    local app_perm_settings=$(get_app_settings ${username})
-    cat ${BASE_DIR}/wizard/config/launcher/values.yaml > ${BASE_DIR}/wizard/config/apps/values.yaml
-    cat << EOF >> ${BASE_DIR}/wizard/config/apps/values.yaml
-  url: '${bfl_doc_url}'
-  nodeName: ${bfl_node}
-pvc:
-  userspace: ${pvc_path[0]}
-userspace:
-  appCache: ${appcache_pvc_path[1]}
-  dbdata: ${dbdata_pvc_path[1]}
-  userData: ${pvc_path[1]}/Home
-  appData: ${pvc_path[1]}/Data
-
-desktop:
-  nodeport: ${desktop_ports}
-os:
-  ${app_perm_settings}
-EOF
-}
-
-function close_apps(){
-    local username=$1
-    local app_list=(
-        "vault-deployment"
-    )
-
-
-    for app in ${app_list[@]} ; do
-        $sh_c "${KUBECTL} scale deployment ${app} -n user-space-${username} --replicas=0"
-    done
-}
-
-repeat(){
-    for i in $(seq 1 $1); do
-        echo -n $2
-    done
-}
-
-function get_appservice_pod(){
-    $sh_c "${KUBECTL} get pod  -n os-system -l 'tier=app-service' -o jsonpath='{.items[*].metadata.name}'"
-}
-
-function get_appservice_status(){
-    $sh_c "${KUBECTL} get pod  -n os-system -l 'tier=app-service' -o jsonpath='{.items[*].status.phase}'"
-}
-
-function get_desktop_status(){
-    local username=$1
-    $sh_c "${KUBECTL} get pod  -n user-space-${username} -l 'app=edge-desktop' -o jsonpath='{.items[*].status.phase}'"
-}
-
-function get_vault_status(){
-    local username=$1
-    $sh_c "${KUBECTL} get pod  -n user-space-${username} -l 'app=vault' -o jsonpath='{.items[*].status.phase}'"
-}
-
-
-function get_bfl_status(){
-    local username=$1
-    $sh_c "${KUBECTL} get pod  -n user-space-${username} -l 'tier=bfl' -o jsonpath='{.items[*].status.phase}'"
-}
-
-function get_fileserver_status(){
-    $sh_c "${KUBECTL} get pod  -n os-system -l 'app=files' -o jsonpath='{.items[*].status.phase}'"
-}
-
-function get_filefe_status(){
-    local username=$1
-    $sh_c "${KUBECTL} get pod  -n user-space-${username} -l 'app=files' -o jsonpath='{.items[*].status.phase}'"
-}
-
-function check_fileserver(){
-    local status=$(get_fileserver_status)
-    local n=0
-    while [ "x${status}" != "xRunning" ]; do
-        n=$(expr $n + 1)
-        local dotn=$(($n % 10))
-        local dot=$(repeat $dotn '>')
-
-        echo -ne "\rWaiting for file-server starting ${dot}"
-        sleep 0.5
-
-        status=$(get_fileserver_status)
-        echo -ne "\rWaiting for file-server starting          "
-
-    done
-    echo
-}
-
-function check_appservice(){
-    local status=$(get_appservice_status)
-    local n=0
-    while [ "x${status}" != "xRunning" ]; do
-        n=$(expr $n + 1)
-        local dotn=$(($n % 10))
-        local dot=$(repeat $dotn '>')
-
-        echo -ne "\rWaiting for app-service starting ${dot}"
-        sleep 0.5
-
-        status=$(get_appservice_status)
-        echo -ne "\rWaiting for app-service starting          "
-
-    done
-    echo
-}
-
-function check_filesfe(){
-    local username=$1
-    local status=$(get_filefe_status ${username})
-    local n=0
-    while [ "x${status}" != "xRunning" ]; do
-        n=$(expr $n + 1)
-        local dotn=$(($n % 10))
-        local dot=$(repeat $dotn '>')
-
-        echo -ne "\rPlease waiting ${dot}"
-        sleep 0.5
-
-        status=$(get_filefe_status ${username})
-        echo -ne "\rPlease waiting          "
-
-    done
-    echo
-}
-
-function check_bfl(){
-    local username=$1
-    local status=$(get_bfl_status ${username})
-    local n=0
-    while [ "x${status}" != "xRunning" ]; do
-        n=$(expr $n + 1)
-        local dotn=$(($n % 10))
-        local dot=$(repeat $dotn '>')
-
-        echo -ne "\rPlease waiting ${dot}"
-        sleep 0.5
-
-        status=$(get_bfl_status ${username})
-        echo -ne "\rPlease waiting          "
-
-    done
-    echo
-}
-
-function check_desktop(){
-    local username=$1
-    local status=$(get_desktop_status ${username})
-    local n=0
-    while [ "x${status}" != "xRunning" ]; do
-        n=$(expr $n + 1)
-        local dotn=$(($n % 10))
-        local dot=$(repeat $dotn '>')
-
-        echo -ne "\rPlease waiting ${dot}"
-        sleep 0.5
-
-        status=$(get_desktop_status ${username})
-        echo -ne "\rPlease waiting          "
-
-    done
-    echo
-}
-
-function check_vault(){
-    local username=$1
-    local status=$(get_vault_status ${username})
-    local n=0
-    while [ "x${status}" != "xRunning" ]; do
-        n=$(expr $n + 1)
-        local dotn=$(($n % 10))
-        local dot=$(repeat $dotn '>')
-
-        echo -ne "\rPlease waiting ${dot}"
-        sleep 0.5
-
-        status=$(get_vault_status ${username})
-        echo -ne "\rPlease waiting          "
-
-    done
-    echo
-}
-
-function check_all(){
-    local pods=$@
-    for p in ${pods[@]}; do
-        local n=$(echo "${p}"|awk -F"@" '{print $1}')
-        local ns=$(echo "${p}"|awk -F"@" '{print $2}')
-        local s=$($sh_c "${KUBECTL} get pod  -n ${ns} -l 'app=${n}' -o jsonpath='{.items[*].status.phase}'")
-        echo -ne "\rPlease wait: ${p}"
-        while [ "x${s}" != "xRunning" ];do
-            echo -ne "\rPlease wait: ${p}"
-
-            s=$($sh_c "${KUBECTL} get pod  -n ${ns} -l 'app=${n}' -o jsonpath='{.items[*].status.phase}'")
-        done
-        echo
-    done
-}
-
-function upgrade_ksapi(){
-    local users=$@
-    local current_version="beclab/ks-apiserver:v3.3.0-ext-3"
-    local image=$($sh_c "${KUBECTL} get deploy ks-apiserver -n kubesphere-system -o jsonpath='{.spec.template.spec.containers[0].image}'")
-    if [ "x${image}" != "x${current_version}" ]; then
-        echo "upgrade ks-apiserver and restore token ..."
-
-        secret=$(echo -n "ks_redis_${RANDOM}"|md5sum|cut -d" " -f1)
-        $sh_c "${KUBECTL} -n kubesphere-system create secret generic redis-secret --from-literal=auth=${secret:0:12}"
-
-        local old_jwt=$($sh_c "${KUBECTL} get configmap  kubesphere-config -n kubesphere-system -o jsonpath='{.data.kubesphere\.yaml}'|grep jwtSecret|awk -F':' '{print \$2}'")
-        sed -i -e "s/__jwtkey__/${old_jwt}/" ${BASE_DIR}/deploy/cm-kubesphere-config.yaml
-
-        $sh_c "${KUBECTL} apply -f ${BASE_DIR}/deploy/redis-deploy.yaml"
-        $sh_c "${KUBECTL} apply -f ${BASE_DIR}/deploy/cm-kubesphere-config.yaml"
-        check_all "redis@kubesphere-system"
-
-        $sh_c "${KUBECTL} -n kubesphere-system set image deployment/ks-apiserver ks-apiserver=beclab/ks-apiserver:v3.3.0-ext-3"
-        $sh_c "${KUBECTL} patch deploy ks-apiserver -n kubesphere-system --patch-file=${BASE_DIR}/deploy/ks-apiserver-patch.yaml"
-
-        check_all "ks-apiserver@kubesphere-system"
-
-        for username in ${users[@]}; do
-            $sh_c "${KUBECTL} rollout restart deploy authelia-backend -n user-system-${username}"
-
-            check_all "authelia-backend@user-system-${username}"
-        done
-    fi
-}
-
-function upgrade_jfs(){
-    local users=$@
-    local JFS_VERSION="11.1.1"
-    local current_jfs_version=$(/usr/local/bin/juicefs --version|awk '{print $3}'|awk -F'+' '{print $1}')
-
-    if [ "x${JFS_VERSION}" != "x${current_jfs_version}" ]; then
-        echo "upgrade JuiceFS ..."
-        local juicefs_bin="/usr/local/bin/juicefs"
-        ensure_success $sh_c "curl ${CURL_TRY} -kLO https://github.com/beclab/juicefs-ext/releases/download/v${JFS_VERSION}/juicefs-v${JFS_VERSION}-linux-amd64.tar.gz"
-        ensure_success $sh_c "tar -zxf juicefs-v${JFS_VERSION}-linux-amd64.tar.gz"
-        ensure_success $sh_c "chmod +x juicefs"
-
-        ensure_success $sh_c "systemctl stop juicefs"
-        ensure_success $sh_c "mv juicefs ${juicefs_bin}"
-        ensure_success $sh_c "rm -f /tmp/JuiceFS-IPC.sock"
-        ensure_success $sh_c "systemctl start juicefs"
-
-        echo "restart pods ... "
-
-        ensure_success $sh_c "${KUBECTL} rollout restart sts app-service -n os-system"
-
-        local tf=$(mktemp)
-        ensure_success $sh_c "${KUBECTL} get deployment -A -o jsonpath='{range .items[*]}{.metadata.name} {.metadata.namespace} {.spec.template.spec.volumes}{\"\n\"}{end}' | grep '/olares/rootfs'" > $tf
-        while read dep; do
-            local depinfo=($dep)
-            ensure_success $sh_c "${KUBECTL} rollout restart deployment ${depinfo[0]} -n ${depinfo[1]}"
-        done < $tf
-
-        for user in ${users[@]}; do
-            ensure_success $sh_c "${KUBECTL} rollout restart sts bfl -n user-space-${user}"
-        done
-        
-        sleep 10  # waiting for restarting to begin
-    fi
-}
-
-
-function upgrade_terminus(){
-    HELM=$(command -v helm)
-    KUBECTL=$(command -v kubectl)
-
-    # find sudo 
-    get_shell_exec
-
-    # fetch user list
-    local users=()
-    local admin_user=""
-    local tf=$(mktemp)
-    ensure_success $sh_c "${KUBECTL} get user -o jsonpath='{range .items[*]}{.metadata.name} {.metadata.annotations.bytetrade\.io\/owner-role}{\"\n\"}{end}'" > $tf
-    while read userdata; do
-        local userinfo=($userdata)
-        local valid=$(validate_user "${userinfo[0]}")
-        if [ "x-${valid}" == "x-yes" ]; then
-            if [ "x-${userinfo[1]}" == "x-platform-admin" ]; then 
-                admin_user="${userinfo[0]}"
-            fi
-
-            i=${#users[@]}
-            users[$i]=${userinfo[0]}
-        fi
-    done < $tf
-
-    if [ "x${admin_user}" == "x" ]; then
-        echo "Admin user not found. Upgrading failed." >&2
-        exit -1
-    fi
-
-    # upgrade_jfs ${users[@]}
-    local selfhosted=$($sh_c "${KUBECTL} get terminus terminus -o jsonpath='{.spec.settings.selfhosted}'")
-    local domainname=$($sh_c "${KUBECTL} get terminus terminus -o jsonpath='{.spec.settings.domainName}'")
-    sed -i "s/#__DOMAIN_NAME__/${domainname}/" ${BASE_DIR}/wizard/config/settings/templates/terminus_cr.yaml
-    sed -i "s/#__SELFHOSTED__/${selfhosted}/" ${BASE_DIR}/wizard/config/settings/templates/terminus_cr.yaml
-
-    echo "Upgrading olares system components ... "
-    gen_settings_values ${admin_user}
-    ensure_success $sh_c "${HELM} upgrade -i settings ${BASE_DIR}/wizard/config/settings -n default --reuse-values"
-
-    # patch
-    ensure_success $sh_c "${KUBECTL} apply -f ${BASE_DIR}/deploy/patch-globalrole-workspace-manager.yaml"
-    # ensure_success $sh_c "$KUBECTL apply -f ${BASE_DIR}/deploy/patch-notification-manager.yaml"
-
-    # clear apps values.yaml
-    cat /dev/null > ${BASE_DIR}/wizard/config/apps/values.yaml
-    cat /dev/null > ${BASE_DIR}/wizard/config/launcher/values.yaml
-    local appservice_pod=$(get_appservice_pod)
-    local copy_charts=("launcher" "apps")
-    for cc in ${copy_charts[@]}; do
-        ensure_success $sh_c "${KUBECTL} cp ${BASE_DIR}/wizard/config/${cc} os-system/${appservice_pod}:/userapps"
-    done
-
-    local ks_redis_pwd=$($sh_c "${KUBECTL} get secret -n kubesphere-system redis-secret -o jsonpath='{.data.auth}' |base64 -d")
-    for user in ${users[@]}; do
-        echo "Upgrading user ${user} ... "
-        gen_bfl_values ${user}
-
-        # gen bfl app key and secret
-        bfl_ks=($(get_app_key_secret ${user} "bfl"))
-
-        # install launcher , and init pv
-        ensure_success $sh_c "${HELM} upgrade -i launcher-${user} ${BASE_DIR}/wizard/config/launcher -n user-space-${user} --set bfl.appKey=${bfl_ks[0]} --set bfl.appSecret=${bfl_ks[1]} -f ${BASE_DIR}/wizard/config/launcher/values.yaml --reuse-values"
-
-        gen_app_values ${user}
-        close_apps ${user}
-
-        for appdir in "${BASE_DIR}/wizard/config/apps"/*/; do
-          if [ -d "$appdir" ]; then
-            releasename=$(basename "$appdir")
-
-            # ignore wizard
-            # FIXME: unintitialized user's wizard should be upgrade
-            if [ x"${releasename}" == x"wizard" ]; then 
-                continue
-            fi
-
-            if [ "$user" != "$admin_user" ];then
-                releasename=${releasename}-${user}
-            fi
-            ensure_success $sh_c "${HELM} upgrade -i ${releasename} ${appdir} -n user-space-${user} --reuse-values --set kubesphere.redis_password=${ks_redis_pwd} -f ${BASE_DIR}/wizard/config/apps/values.yaml"
-          fi
-        done
-
-    done
-
-    # upgrade app service in the last. keep app service online longer
-    local terminus_is_cloud_version=$($sh_c "${KUBECTL} get cm -n os-system backup-config -o jsonpath='{.data.terminus-is-cloud-version}'")
-    local backup_cluster_bucket=$($sh_c "${KUBECTL} get cm -n os-system backup-config -o jsonpath='{.data.backup-cluster-bucket}'")
-    local backup_key_prefix=$($sh_c "${KUBECTL} get cm -n os-system backup-config -o jsonpath='{.data.backup-key-prefix}'")
-    local backup_secret=$($sh_c "${KUBECTL} get cm -n os-system backup-config -o jsonpath='{.data.backup-secret}'")
-    local backup_server_data=$($sh_c "${KUBECTL} get cm -n os-system backup-config -o jsonpath='{.data.backup-server-data}'")
-
-    ensure_success $sh_c "${HELM} upgrade -i system ${BASE_DIR}/wizard/config/system -n os-system --reuse-values \
-        --set kubesphere.redis_password=${ks_redis_pwd} --set backup.bucket=\"${backup_cluster_bucket}\" \
-        --set backup.key_prefix=\"${backup_key_prefix}\" --set backup.is_cloud_version=\"${terminus_is_cloud_version}\" \
-        --set backup.sync_secret=\"${backup_secret}\""
-
-    echo 'Waiting for App-Service ...'
-    sleep 2 # wait for controller reconiling
-    check_appservice
-    echo
-
-    echo 'Waiting for Vault ...'
-    check_vault ${admin_user}
-    echo
-
-    echo 'Starting BFL ...'
-    check_bfl ${admin_user}
-    echo
-
-    echo 'Starting files ...'
-    check_fileserver
-    check_filesfe ${admin_user}
-    echo
-
-    echo 'Starting Desktop ...'
-    check_desktop ${admin_user}
-    echo
-
-}
-
-
-echo "Start to upgrade olares ... "
-
-upgrade_terminus
-
-echo -e "\e[91m Success to upgrade olares.\e[0m Open your new desktop in the browser and have fun !"

build/base-package/version.hint

@@ -1,2 +1,2 @@
 upgrade:
-  minVersion: 1.12.0-1
+  minVersion: 1.12.0-0

build/base-package/wizard/config/account/templates/account.yaml

@@ -6,7 +6,7 @@ metadata:
   annotations:
     iam.kubesphere.io/uninitialized: "true"
     helm.sh/resource-policy: keep
-    bytetrade.io/owner-role: platform-admin
+    bytetrade.io/owner-role: owner
     bytetrade.io/terminus-name: "{{.Values.user.terminus_name}}"
     bytetrade.io/launcher-auth-policy: two_factor
     bytetrade.io/launcher-access-level: "1"
@@ -23,4 +23,4 @@ spec:
   groups:
   - lldap_admin
 status:
-  state: Active
+  state: Created

build/base-package/wizard/config/account/templates/sync.yaml

@@ -5,7 +5,7 @@ metadata:
 spec:
   lldap:
     name: ldap
-    url: "http://lldap-service.os-system:17170"
+    url: "http://lldap-service.os-platform:17170"
     userBlacklist:
       - admin
       - terminus
@@ -15,4 +15,4 @@ spec:
     credentialsSecret:
       kind: Secret
       name: lldap-credentials
-      namespace: os-system
+      namespace: os-platform

build/base-package/wizard/config/os-chart-template/templates/_helpers.tpl

@@ -60,3 +60,29 @@ Create the name of the service account to use
 {{- default "default" .Values.serviceAccount.name }}
 {{- end }}
 {{- end }}
+
+{{- define "opentelemetry-operator.fullname" -}}
+{{- "otel-opentelemetry-operator" }}
+{{- end }}
+
+{{- define "opentelemetry-operator.WebhookCert" -}}
+{{- $caCertEnc := "" }}
+{{- $certCrtEnc := "" }}
+{{- $certKeyEnc := "" }}
+{{- $prevSecret := (lookup "v1" "Secret" .Release.Namespace (printf "%s-controller-manager-service-cert" (include "opentelemetry-operator.fullname" .) )) }}
+{{- if $prevSecret }}
+{{- $certCrtEnc = index $prevSecret "data" "tls.crt" }}
+{{- $certKeyEnc = index $prevSecret "data" "tls.key" }}
+{{- $caCertEnc = index $prevSecret "data" "ca.crt" }}
+{{- else }}
+{{- $altNames := list ( printf "%s-webhook.%s" (include "opentelemetry-operator.fullname" .) .Release.Namespace ) ( printf "%s-webhook.%s.svc" (include "opentelemetry-operator.fullname" .) .Release.Namespace ) -}}
+{{- $tmpperioddays := 36500 }}
+{{- $ca := genCA "opentelemetry-operator-operator-ca" $tmpperioddays }}
+{{- $cert := genSignedCert (include "opentelemetry-operator.fullname" .) nil $altNames $tmpperioddays $ca }}
+{{- $certCrtEnc = b64enc $cert.Cert }}
+{{- $certKeyEnc = b64enc $cert.Key }}
+{{- $caCertEnc = b64enc $ca.Cert }}
+{{- end }}
+{{- $result := dict "crt" $certCrtEnc "key" $certKeyEnc "ca" $caCertEnc }}
+{{- $result | toYaml }}
+{{- end }}

build/base-package/wizard/config/os-chart-template/values.yaml

@@ -1,5 +1,3 @@
-kubesphere:
-  redis_password: ""
 backup:
   bucket: "${BACKUP_CLUSTER_BUCKET}"
   key_prefix: "${BACKUP_KEY_PREFIX}"

build/base-package/wizard/config/settings/templates/system-serviceaccount.yaml

@@ -4,17 +4,31 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  namespace: os-system
+  namespace: os-platform
   name: os-internal
 
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  namespace: os-framework
+  name: os-internal
+
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  namespace: os-network
+  name: os-network-internal
+
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  name: os-internal-rb
+  name: os-platform:os-internal-rb
 subjects:
   - kind: ServiceAccount
-    namespace: os-system
+    namespace: os-platform
     name: os-internal
 roleRef:
   # kind: Role
@@ -22,6 +36,36 @@ roleRef:
   name: cluster-admin
   apiGroup: rbac.authorization.k8s.io
 
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: os-framework:os-internal-rb
+subjects:
+  - kind: ServiceAccount
+    namespace: os-framework
+    name: os-internal
+roleRef:
+  # kind: Role
+  kind: ClusterRole
+  name: cluster-admin
+  apiGroup: rbac.authorization.k8s.io
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: os-network:os-network-rb
+subjects:
+  - kind: ServiceAccount
+    namespace: os-network
+    name: os-network-internal
+roleRef:
+  # kind: Role
+  kind: ClusterRole
+  name: l4-proxy-role
+  apiGroup: rbac.authorization.k8s.io
+
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
@@ -194,4 +238,21 @@ rules:
   - update
   - patch
   - delete
-  - deletecollection
+  - deletecollection
+
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: l4-proxy-role
+rules:
+- apiGroups:
+  - '*'
+  resources:
+  - users
+  - applications
+  verbs:
+  - get
+  - list
+  - watch

build/base-package/wizard/config/settings/templates/system_namespace.yaml

@@ -1,5 +1,5 @@
 
-
+---
 apiVersion: v1
 kind: Namespace
 metadata:
@@ -7,4 +7,26 @@ metadata:
     kubesphere.io/creator: '{{ .Values.user.name }}'
   labels:
     kubesphere.io/workspace: system-workspace
-  name: os-system
+  name: os-network
+
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  annotations:
+    kubesphere.io/creator: '{{ .Values.user.name }}'
+  labels:
+    kubesphere.io/workspace: system-workspace
+  name: os-platform
+
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  annotations:
+    kubesphere.io/creator: '{{ .Values.user.name }}'
+  labels:
+    kubesphere.io/workspace: system-workspace
+  name: os-framework
+
+

build/base-package/wizard/config/settings/templates/terminus_cr.yaml

@@ -1,12 +1,14 @@
 # chart-testing: ignore-file
 
 {{ $cluster_id := randAlphaNum 16 }}
+{{ $version := "#__VERSION__" }}
 {{ if .Values.cluster_id }}
 {{ $cluster_id = .Values.cluster_id }}
 {{ end }}
-{{ $cr := (lookup "sys.bytetrade.io/v1alpha1" "terminus.sys.bytetrade.io" "" "terminus") }}
+{{ $cr := (lookup "sys.bytetrade.io/v1alpha1" "Terminus" "" "terminus") }}
 {{ if $cr }}
 {{ $cluster_id = (index $cr "metadata" "labels" "bytetrade.io/cluster-id") }}
+{{ $version = (index $cr "spec" "version") }}
 {{ end }}
 
 ---
@@ -22,7 +24,7 @@ metadata:
     bytetrade.io/s3-sk: '{{ .Values.s3_sk }}'
 spec:
   name: terminus-1
-  version: #__VERSION__
+  version: {{ .Values.version | default $version }}
   display: Terminus One
   releaseServer:
     serverType: github

build/build-full.sh

@@ -24,6 +24,7 @@ cp ${BASE_DIR}/.dependencies/components ${BASE_DIR}/.manifest/.
 cp ${BASE_DIR}/.dependencies/components ${BASE_DIR}/.manifest/.
 pushd ${BASE_DIR}.manifest
 bash ${BASE_DIR}/build-manifest.sh ${BASE_DIR}/../.manifest/installation.manifest
+python3 ${BASE_DIR}/build-manifest.py ${BASE_DIR}/../.manifest/installation.manifest
 popd
 
 

build/build-manifest.py

@@ -0,0 +1,187 @@
+#!/usr/bin/env python3
+
+import argparse
+import hashlib
+import os
+import requests
+import sys
+import json
+
+CDN_URL = "https://dc3p1870nn3cj.cloudfront.net"
+
+def get_file_size(objectid, fileid):
+    url = f"{CDN_URL}/{objectid}"
+    try:
+        response = requests.head(url)
+        response.raise_for_status()
+        content_length = response.headers.get('Content-Length')
+        if content_length:
+            return int(content_length)
+        else:
+            print(f"Content-Length header missing for {fileid} from {url}", file=sys.stderr)
+            sys.exit(1)
+    except requests.RequestException as e:
+        print(f"Error getting file size for {fileid} from {url}: {e}", file=sys.stderr)
+        sys.exit(1)
+
+def download_checksum(name):
+    """Downloads the checksum for a given name."""
+    url = f"{CDN_URL}/{name}.checksum.txt"
+    try:
+        response = requests.get(url)
+        response.raise_for_status()
+        return response.text.split()[0]
+    except requests.exceptions.RequestException as e:
+        print(f"Error getting checksum for {name} from {url}: {e}", file=sys.stderr)
+        sys.exit(1)
+
+def get_image_manifest(name):
+    """Downloads the image manifest for a given name."""
+    url = f"{CDN_URL}/{name}.manifest.json"
+    try:
+        response = requests.get(url)
+        response.raise_for_status()
+        return response.json()
+    except requests.exceptions.RequestException as e:
+        print(f"Error getting manifest for {name} from {url}: {e}", file=sys.stderr)
+        sys.exit(1)        
+
+def main():
+    """Main function."""
+    parser = argparse.ArgumentParser()
+    parser.add_argument("manifest_file", help="The manifest file to write to.")
+    args = parser.parse_args()
+
+    manifest_file = args.manifest_file
+    version = os.environ.get("VERSION", "")
+    repo_path = os.environ.get("REPO_PATH", "/")
+    manifest_amd64_data = {}
+    manifest_arm64_data = {}
+
+    # Process components
+    try:
+        with open("components", "r") as f:
+            for line in f:
+                line = line.strip()
+                if not line:
+                    continue
+
+                # Replace version
+                if version:
+                    line = line.replace("#__VERSION__", version)
+
+                # Replace repo path
+                if repo_path:
+                    line = line.replace("#__REPO_PATH__", repo_path)
+
+                fields = line.split(",")
+                if len(fields) < 5:
+                    print(f"Format error in components file: {line}", file=sys.stderr)
+                    sys.exit(1)
+
+                filename, path, deps, _, fileid = fields[:5]
+                print(f"Downloading file checksum for {filename}")
+
+                name = hashlib.md5(filename.encode()).hexdigest()
+                url_amd64 = name
+                url_arm64 = f"arm64/{name}"
+
+                checksum_amd64 = download_checksum(url_amd64)
+                checksum_arm64 = download_checksum(url_arm64)
+
+                file_size_amd64 = get_file_size(url_amd64, fileid)
+                file_size_arm64 = get_file_size(url_arm64, fileid)
+
+                manifest_amd64_data[filename] = {
+                    "type": "component",
+                    "path": path,
+                    "deps": deps,
+                    "url_amd64": url_amd64,
+                    "checksum_amd64": checksum_amd64,
+                    "fileid": fileid,
+                    "size": file_size_amd64,
+                }
+
+
+                manifest_arm64_data[filename] = {
+                    "type": "component",
+                    "path": path,
+                    "deps": deps,
+                    "url_arm64": url_arm64,
+                    "checksum_arm64": checksum_arm64,
+                    "fileid": fileid,
+                    "size": file_size_arm64,
+                }
+
+    except FileNotFoundError:
+        print("Error: 'components' file not found.", file=sys.stderr)
+        sys.exit(1)
+
+    # Process images
+    path = "images"
+    for deps_file in ["images.mf"]:
+        try:
+            with open(deps_file, "r") as f:
+                for line in f:
+                    line = line.strip()
+                    if not line:
+                        continue
+
+                    print(f"Downloading file checksum for {line}")
+                    name = hashlib.md5(line.encode()).hexdigest()
+                    url_amd64 = f"{name}.tar.gz"
+                    url_arm64 = f"arm64/{name}.tar.gz"
+
+                    checksum_amd64 = download_checksum(name)
+                    checksum_arm64 = download_checksum(f"arm64/{name}")
+
+                    file_size_amd64 = get_file_size(url_amd64, line)
+                    file_size_arm64 = get_file_size(url_arm64, line)
+
+                    # Get the image manifest
+                    image_manifest_amd64 = get_image_manifest(name)
+                    image_manifest_arm64 = get_image_manifest(f"arm64/{name}")
+
+                    filename = f"{name}.tar.gz"
+                    manifest_amd64_data[filename] = {
+                        "type": "image",
+                        "path": path,
+                        "deps": deps_file,
+                        "url_amd64": url_amd64,
+                        "checksum_amd64": checksum_amd64,
+                        "fileid": line,
+                        "size": file_size_amd64,
+                        "manifest": image_manifest_amd64
+                    }
+
+                    manifest_arm64_data[filename] = {
+                        "type": "image",
+                        "path": path,
+                        "deps": deps_file,
+                        "url_arm64": url_arm64,
+                        "checksum_arm64": checksum_arm64,
+                        "fileid": line,
+                        "size": file_size_arm64,
+                        "manifest": image_manifest_arm64
+                    }
+                    
+
+        except FileNotFoundError:
+            print(f"Warning: '{deps_file}' not found, skipping.", file=sys.stderr)
+            sys.exit(1)
+
+
+    # Write the manifest file
+    amd64_manifest_file = f"{manifest_file}.amd64"
+    with open(amd64_manifest_file, "w") as mf:
+        json.dump(manifest_amd64_data, mf, indent=2)
+    
+    arm64_manifest_file = f"{manifest_file}.arm64"
+    with open(arm64_manifest_file, "w") as mf:
+        json.dump(manifest_arm64_data, mf, indent=2)
+
+
+    # TODO: compress the manifest files
+
+if __name__ == "__main__":
+    main()

build/build-manifest.sh

@@ -46,6 +46,9 @@ while read line; do
 done < components
 sed -i "s/#__VERSION__/${VERSION}/g" $manifest_file
 
+path="${REPO_PATH:-/}"
+sed -i "s|#__REPO_PATH__|${path}|g" $manifest_file
+
 path="images"
 for deps in "images.mf"; do
     while read line; do

build/build.sh

@@ -5,6 +5,22 @@ rm -rf ${BASE_DIR}/../.dist
 DIST_PATH="${BASE_DIR}/../.dist/install-wizard" 
 export VERSION=$1
 
+
+# vendor replace
+if [[ "${REPO_PATH}" != "" && "$REPO_PATH" != "/" ]]; then
+    path="vendor${REPO_PATH}"
+    echo "replace vendor path: ${path}"
+    find ${BASE_DIR}/../$path -type f | while read l; 
+    do 
+        file=$(awk -F "$path" '{print $1$2}' <<< "$l")  
+        if [[ "$file" != ".gitkeep" ]]; then
+            echo "replace [$file] with [$l]"
+            cp -f "$l" "$file"
+        fi
+    done
+fi
+
+
 DIST_PATH=${DIST_PATH} bash ${BASE_DIR}/package.sh
 
 bash ${BASE_DIR}/image-manifest.sh
@@ -16,6 +32,7 @@ rm -rf ${BASE_DIR}/../.dependencies
 set -e
 pushd ${BASE_DIR}/../.manifest
 bash ${BASE_DIR}/build-manifest.sh ${BASE_DIR}/../.manifest/installation.manifest
+python3 ${BASE_DIR}/build-manifest.py ${BASE_DIR}/../.manifest/installation.manifest
 popd
 
 pushd $DIST_PATH
@@ -42,7 +59,6 @@ else
     VERSION="debug"
 fi
 
-
 $TAR --exclude=wizard/tools --exclude=.git -zcvf ${BASE_DIR}/../install-wizard-${VERSION}.tar.gz .
 
 popd

build/deps-manifest.sh

@@ -20,6 +20,21 @@ function get_key(){
     fi
 }
 
+# vendor replace
+if [[ "${REPO_PATH}" != "" && "$REPO_PATH" != "/" ]]; then
+    path="vendor${REPO_PATH}"
+    echo "replace vendor path: ${path}"
+    find ${BASE_DIR}/../$path -type f | while read l; 
+    do 
+        file=$(awk -F "$path" '{print $1$2}' <<< "$l")  
+        if [[ "$file" != ".gitkeep" ]]; then
+            echo "replace [$file] with [$l]"
+            cp -f "$l" "$file"
+        fi
+    done
+fi
+
+
 find $BASE_DIR/../ -type f -name Olares.yaml | while read f; do
   echo "Processing $f"
   declare -a bins
@@ -77,3 +92,5 @@ find $BASE_DIR/../ -type f -name Olares.yaml | while read f; do
 done
 
 sed -i "s/#__VERSION__/${VERSION}/g" ${manifest}
+path="${REPO_PATH:-/}"
+sed -i "s|#__REPO_PATH__|${path}|g" ${manifest}

build/get-manifest.py

@@ -0,0 +1,200 @@
+#!/usr/bin/env python3
+
+import requests
+import json
+import argparse
+import re
+import sys
+import platform
+
+def parse_image_name(image_name):
+    """
+    Parses a full image name into registry, repository, and reference (tag/digest).
+    Handles defaults for Docker Hub.
+    """
+    # Default to 'latest' tag if no tag or digest is specified
+    if ":" not in image_name and "@" not in image_name:
+        image_name += ":latest"
+    
+    # Split repository from reference (tag or digest)
+    if "@" in image_name:
+        repo_part, reference = image_name.rsplit("@", 1)
+    else:
+        repo_part, reference = image_name.rsplit(":", 1)
+
+    # Determine registry and repository
+    if "/" not in repo_part:
+        # This is an official Docker Hub image, e.g., "ubuntu"
+        registry = "registry-1.docker.io"
+        repository = f"library/{repo_part}"
+    else:
+        parts = repo_part.split("/")
+        # If the first part looks like a domain name, it's the registry
+        if "." in parts[0] or ":" in parts[0]:
+            registry = parts[0]
+            repository = "/".join(parts[1:])
+        else:
+            # A scoped Docker Hub image, e.g., "bitnami/nginx"
+            registry = "registry-1.docker.io"
+            repository = repo_part
+            
+    return registry, repository, reference
+
+def get_auth_token(registry, repository):
+    """
+    Gets an authentication token from the registry's auth service.
+    """
+    # First, probe the registry to get the auth challenge
+    try:
+        probe_url = f"https://{registry}/v2/"
+        response = requests.get(probe_url, timeout=10)
+    except requests.exceptions.RequestException as e:
+        print(f"Error: Could not connect to registry at {probe_url}. Details: {e}", file=sys.stderr)
+        sys.exit(1)
+
+    if response.status_code != 401:
+        # Either public or something is wrong, we can try without a token
+        return None
+
+    auth_header = response.headers.get("Www-Authenticate")
+    if not auth_header:
+        print(f"Error: Registry {registry} returned 401 but did not provide Www-Authenticate header.", file=sys.stderr)
+        sys.exit(1)
+
+    # Parse the Www-Authenticate header to find realm, service, and scope
+    try:
+        realm = re.search('realm="([^"]+)"', auth_header).group(1)
+        service = re.search('service="([^"]+)"', auth_header).group(1)
+        # Scope for the specific repository is needed
+        scope = f"repository:{repository}:pull"
+    except AttributeError:
+        print(f"Error: Could not parse Www-Authenticate header: {auth_header}", file=sys.stderr)
+        sys.exit(1)
+
+    # Request the actual token from the auth realm
+    auth_params = {
+        "service": service,
+        "scope": scope
+    }
+    
+    try:
+        auth_response = requests.get(realm, params=auth_params, timeout=10)
+        auth_response.raise_for_status()
+        return auth_response.json().get("token")
+    except requests.exceptions.RequestException as e:
+        print(f"Error: Failed to get auth token from {realm}. Details: {e}", file=sys.stderr)
+        sys.exit(1)
+    except json.JSONDecodeError:
+        print(f"Error: Failed to decode JSON response from auth server: {auth_response.text}", file=sys.stderr)
+        sys.exit(1)
+
+
+def get_manifest(registry, repository, reference, token):
+    """
+    Fetches the image manifest from the registry.
+    """
+    manifest_url = f"https://{registry}/v2/{repository}/manifests/{reference}"
+    
+    headers = {
+        # Request multiple manifest types, the registry will return the correct one
+        "Accept": "application/vnd.oci.image.index.v1+json, application/vnd.oci.image.manifest.v1+json, application/vnd.docker.distribution.manifest.v2+json, application/vnd.docker.distribution.manifest.list.v2+json"
+    }
+
+    if token:
+        headers["Authorization"] = f"Bearer {token}"
+
+    try:
+        response = requests.get(manifest_url, headers=headers, timeout=10)
+        response.raise_for_status()
+        return response.json()
+    except requests.exceptions.HTTPError as e:
+        if e.response.status_code == 401 and not token:
+             print("Error: Received 401 Unauthorized. Attempting to get a token...", file=sys.stderr)
+             # The initial probe might have passed, but manifest access requires auth.
+             # We re-run the token acquisition logic.
+             new_token = get_auth_token(registry, repository)
+             if new_token:
+                 return get_manifest(registry, repository, reference, new_token)
+        print(f"Error: Failed to fetch manifest from {manifest_url}. Status: {e.response.status_code}", file=sys.stderr)
+        print(f"Response: {e.response.text}", file=sys.stderr)
+        sys.exit(1)
+    except requests.exceptions.RequestException as e:
+        print(f"Error: A network error occurred. Details: {e}", file=sys.stderr)
+        sys.exit(1)
+
+
+def main():
+    parser = argparse.ArgumentParser(
+        description="Fetch an OCI/Docker image manifest from a container registry.",
+        epilog="""Examples:
+  python get_manifest.py ubuntu:22.04
+  python get_manifest.py quay.io/brancz/kube-rbac-proxy:v0.18.1 -o manifest.json
+  python get_manifest.py gcr.io/google-containers/pause:3.9""",
+        formatter_class=argparse.RawTextHelpFormatter
+    )
+    parser.add_argument("image_name", help="Full name of the container image (e.g., 'ubuntu:latest' or 'quay.io/prometheus/node-exporter:v1.7.0')")
+    parser.add_argument("-o", "--output-file", help="Optional. Path to write the final manifest JSON to. If not provided, prints to stdout.")
+    args = parser.parse_args()
+
+    registry, repository, reference = parse_image_name(args.image_name)
+
+    # Suppress informational prints if writing to a file
+    verbose_print = print if not args.output_file else lambda *a, **k: None
+
+    verbose_print(f"Registry:   {registry}")
+    verbose_print(f"Repository: {repository}")
+    verbose_print(f"Reference:  {reference}", end='\n\n', flush=True)
+
+    token = get_auth_token(registry, repository)
+
+    if not token and not args.output_file:
+        print("No authentication token needed or could be retrieved. Proceeding without token...", file=sys.stderr)
+
+    manifest = get_manifest(registry, repository, reference, token)
+    final_manifest = None
+
+    media_type = manifest.get("mediaType", "")
+    if "manifest.list" in media_type or "image.index" in media_type:
+        verbose_print("Detected a multi-platform image index. Finding manifest for current architecture...")
+
+        system_arch = platform.machine()
+        arch_map = {"x86_64": "amd64", "aarch64": "arm64"}
+        target_arch = arch_map.get(system_arch, system_arch)
+
+        verbose_print(f"System architecture: {system_arch} -> Target: linux/{target_arch}")
+
+        target_digest = None
+        for m in manifest.get("manifests", []):
+            plat = m.get("platform", {})
+            if plat.get("os") == "linux" and plat.get("architecture") == target_arch:
+                target_digest = m.get("digest")
+                break
+
+        if target_digest:
+            verbose_print(f"Found manifest for linux/{target_arch} with digest: {target_digest}\n")
+            final_manifest = get_manifest(registry, repository, target_digest, token)
+        else:
+            print(f"Error: Could not find a manifest for 'linux/{target_arch}' in the index.", file=sys.stderr)
+            if not args.output_file:
+                print("Available platforms:", file=sys.stderr)
+                for m in manifest.get("manifests", []):
+                    print(f"  - {m.get('platform', {}).get('os')}/{m.get('platform', {}).get('architecture')}", file=sys.stderr)
+            sys.exit(1)
+    else:
+        final_manifest = manifest
+
+    if final_manifest:
+        if args.output_file:
+            try:
+                with open(args.output_file, 'w') as f:
+                    json.dump(final_manifest, f, indent=2)
+                print(f"Successfully wrote manifest to {args.output_file}")
+            except IOError as e:
+                print(f"Error: Could not write to file {args.output_file}. Details: {e}", file=sys.stderr)
+                sys.exit(1)
+        else:
+            print(json.dumps(final_manifest, indent=2))
+
+
+if __name__ == "__main__":
+    main()

build/package.sh

@@ -21,19 +21,26 @@ if [ ! -d ${DIST} ]; then
     mkdir -p ${DIST}
     cp -rf ${BUILD_TEMPLATE}/* ${DIST}/.
     cp -rf ${BUILD_TEMPLATE}/.env ${DIST}/.
+    cp -rf ${BUILD_TEMPLATE}/wizard/config/os-chart-template ${DIST}/wizard/config/os-framework
+    cp -rf ${BUILD_TEMPLATE}/wizard/config/os-chart-template ${DIST}/wizard/config/os-platform
+    rm -rf ${DIST}/wizard/config/os-chart-template
 fi
 
 APP_DIST=${DIST}/wizard/config/apps
-SYSTEM_DIST=${DIST}/wizard/config/system/templates
 SETTINGS_DIST=${DIST}/wizard/config/settings/templates
 CRD_DIST=${SETTINGS_DIST}/crds
-DEPLOY_DIST=${SYSTEM_DIST}/deploy
 mkdir -p ${APP_DIST}
 mkdir -p ${CRD_DIST}
-mkdir -p ${DEPLOY_DIST}
 
 for mod in "${PACKAGE_MODULE[@]}";do
     echo "packaging ${mod} ..."
+    SYSTEM_DIST=${DIST}/wizard/config/os-framework/templates
+    if [ ${mod} == "platform" ]; then
+        SYSTEM_DIST=${DIST}/wizard/config/os-platform/templates
+    fi
+    DEPLOY_DIST=${SYSTEM_DIST}/deploy
+    mkdir -p ${DEPLOY_DIST}
+
     find ${mod} -type d -name .olares | while read app; do
 
         # package user app charts to install wizard
@@ -67,6 +74,6 @@ echo "packaging launcher ..."
 run_cmd "cp -rf framework/bfl/.olares/config/launcher ${DIST}/wizard/config/"
 
 echo "packaging gpu ..."
-run_cmd "cp -rf framework/gpu/.olares/config/gpu ${DIST}/wizard/config/"
+run_cmd "cp -rf infrastructure/gpu/.olares/config/gpu ${DIST}/wizard/config/"
 
 echo "packaging completed"

build/upload-deps.sh

@@ -23,26 +23,28 @@ while read line; do
         continue
     fi
     
-    bash ${BASE_DIR}/download-deps.sh $PLATFORM $line
-    if [ $? -ne 0 ]; then
-        exit -1
-    fi
-
     filename=$(echo "$line"|awk -F"," '{print $1}')
-    echo "if exists $filename ... "
     name=$(echo -n "$filename"|md5sum|awk '{print $1}')
     checksum="$name.checksum.txt"
-    md5sum $name > $checksum
-    backup_file=$(awk '{print $1}' $checksum)
-    if [ x"$backup_file"  == x""  ]; then
-        echo  "invalid checksum"
-        exit 1
-    fi
 
+    echo "if exists $filename ... "
     curl -fsSLI https://dc3p1870nn3cj.cloudfront.net/$path$name > /dev/null
     if [ $? -ne 0 ]; then
-        code=$(curl -o /dev/null -fsSLI -w "%{http_code}" https://dc3p1870nn3cj.cloudfront.net/$path$name.tar.gz)
+        code=$(curl -o /dev/null -fsSLI -w "%{http_code}" https://dc3p1870nn3cj.cloudfront.net/$path$name)
         if [ $code -eq 403 ]; then
+
+            bash ${BASE_DIR}/download-deps.sh $PLATFORM $line
+            if [ $? -ne 0 ]; then
+                exit -1
+            fi
+
+            md5sum $name > $checksum
+            backup_file=$(awk '{print $1}' $checksum)
+            if [ x"$backup_file"  == x""  ]; then
+                echo  "invalid checksum"
+                exit 1
+            fi
+
             set -ex
             aws s3 cp $name s3://terminus-os-install/$path$name --acl=public-read
             aws s3 cp $name s3://terminus-os-install/backup/$path$backup_file --acl=public-read

build/upload-images.sh

@@ -10,14 +10,14 @@ cat $1|while read image; do
     echo "if exists $image ... "
     name=$(echo -n "$image"|md5sum|awk '{print $1}')
     checksum="$name.checksum.txt"
+    manifest="$name.manifest.json"
 
     curl -fsSLI https://dc3p1870nn3cj.cloudfront.net/$path$name.tar.gz > /dev/null
     if [ $? -ne 0 ]; then
         code=$(curl -o /dev/null -fsSLI -w "%{http_code}" https://dc3p1870nn3cj.cloudfront.net/$path$name.tar.gz)
         if [ $code -eq 403 ]; then
             set -ex
-            docker pull $image
-            docker save $image -o $name.tar
+            skopeo copy --insecure-policy docker://$image oci-archive:$name.tar
             gzip $name.tar
 
             md5sum $name.tar.gz > $checksum
@@ -50,8 +50,7 @@ cat $1|while read image; do
         code=$(curl -o /dev/null -fsSLI -w "%{http_code}" https://dc3p1870nn3cj.cloudfront.net/$path$checksum)
         if [ $code -eq 403 ]; then
             set -ex
-            docker pull $image
-            docker save $image -o $name.tar
+            skopeo copy --insecure-policy docker://$image oci-archive:$name.tar
             gzip $name.tar
 
             md5sum $name.tar.gz > $checksum
@@ -68,48 +67,29 @@ cat $1|while read image; do
             set +ex
         else
             if [ $code -ne 200  ]; then
-                echo  "failed to check image"
+                echo  "failed to check image checksum"
                 exit -1
             fi
         fi
     fi
 
-    # upload to tencent cloud cos
-
-    # curl -fsSLI https://cdn.joinolares.cn/$path$name.tar.gz > /dev/null
-    # if [ $? -ne 0 ]; then
-    #     set -e
-    #     docker pull $image
-    #     docker save $image -o $name.tar
-    #     gzip $name.tar
-
-    #     md5sum $name.tar.gz > $checksum
-
-    #     coscmd upload ./$name.tar.gz /$path$name.tar.gz
-    #     coscmd upload ./$checksum /$path$checksum
-    #     echo "upload $name to cos completed"
-
-    #     set +e
-    # fi
-
-    
-
-    # # re-upload checksum.txt
-    # curl -fsSLI https://cdn.joinolares.cn/$path$checksum > /dev/null
-    # if [ $? -ne 0 ]; then
-    #     set -e
-    #     docker pull $image
-    #     docker save $image -o $name.tar
-    #     gzip $name.tar
-
-    #     md5sum $name.tar.gz > $checksum
-
-    #     coscmd upload ./$name.tar.gz /$path$name.tar.gz
-    #     coscmd upload ./$checksum /$path$checksum
-    #     echo "upload $name to cos completed"
-
-    #     set +e
-    # fi
-    
+    # upload manifest.json
+    curl -fsSLI https://dc3p1870nn3cj.cloudfront.net/$path$manifest > /dev/null
+    if [ $? -ne 0 ]; then   
+        code=$(curl -o /dev/null -fsSLI -w "%{http_code}" https://dc3p1870nn3cj.cloudfront.net/$path$manifest)
+        if [ $code -eq 403 ]; then
+            set -ex
+            BASE_DIR=$(dirname $(realpath -s $0))
+            python3 $BASE_DIR/get-manifest.py $image -o $manifest
 
+            aws s3 cp $manifest s3://terminus-os-install/$path$manifest --acl=public-read
+            echo "upload $name manifest completed"
+            set +ex
+        else
+            if [ $code -ne 200  ]; then
+                echo  "failed to check image manifest"
+                exit -1
+            fi
+        fi
+    fi
 done

cli/.goreleaser.yaml

@@ -15,24 +15,30 @@ builds:
     goarm:
       - 7
     ignore:
-      - goos: linux
-        goarch: arm64
       - goos: darwin
         goarch: arm
+      - goos: darwin
+        goarch: amd64
       - goos: windows
         goarch: arm
+      - goos: windows
+        goarch: arm64
     ldflags:
       - -s
       - -w
-      - -X bytetrade.io/web3os/installer/version.VERSION={{ .Version }}
+      - -X github.com/beclab/Olares/cli/version.VERSION={{ .Version }}
+      - >-
+        {{- if index .Env "OLARES_VENDOR_TYPE" }}
+        -X github.com/beclab/Olares/cli/version.VENDOR={{ .Env.OLARES_VENDOR_TYPE }}
+        {{- end }}
+      - >-
+        {{- if index .Env "OLARES_VENDOR_REPO_PATH" }}
+        -X github.com/beclab/Olares/cli/version.VENDOR_REPO_PATH={{ .Env.OLARES_VENDOR_REPO_PATH }}
+        {{- end }}
 dist: ./output
 archives:
   - id: olares-cli
     name_template: "{{ .ProjectName }}-v{{ .Version }}_{{ .Os }}_{{ .Arch }}"
-    replacements:
-      linux: linux
-      amd64: amd64
-      arm: arm64
 checksum:
   name_template: "checksums.txt"
 release:

cli/README.md

@@ -1 +1,92 @@
-# installer
+# Olares CLI
+
+This directory contains the code for **olares-cli**, the official command-line interface for administering an **Olares** cluster. It provides a modular, pipeline-based architecture for orchestrating complex system operations. See the full [Olares CLI Documentation](https://docs.olares.com/developer/install/cli-1.12/olares-cli.html) for command reference and tutorials.
+
+Key responsibilities include: 
+- **Cluster management**: Installing, upgrading, restarting, and maintaining an Olares cluster.
+- **Node management**: Adding to or removing nodes from an Olares cluster.
+
+
+## Execution Model
+
+For most of the commands, `olares-cli` is executed through a four-tier hierarchy:
+
+```
+Pipeline ➜ Module ➜ Task ➜ Action
+````
+
+### Example: `install-olares` Pipeline
+
+```text
+Pipeline: Install Olares
+├── ...other modules
+└── Module: Bootstrap OS
+    ├── ...other tasks
+    ├── Task: Check Prerequisites
+    │   └── Action: run-precheck.sh
+    └── Task: Configure System
+        └── Action: apply-sysctl
+````
+
+
+## Repository layout
+
+```text
+cli/
+├── cmd/                  # Cobra command definitions
+│   ├── main.go           # CLI entry point
+│   └── ctl/
+│       ├── root.go
+│       ├── os/           # OS-level maintenance commands
+│       ├── node/         # Cluster node operations
+│       └── gpu/          # GPU management
+└── pkg/
+    ├── core/
+    │   ├── action/       # Re-usable action primitives
+    │   ├── module/       # Module abstractions
+    │   ├── pipeline/     # Pipeline abstractions
+    │   └── task/         # Task abstractions
+    └── pipelines/        # Pre-built pipelines
+    │   ├── ...           # actual modules and tasks for various commands and components
+```
+
+
+## Build from source
+
+### Prerequisites
+
+* **Go 1.24+**
+* **GoReleaser** (optional, for cross-compiling and packaging)
+
+### Sample commands
+
+```bash
+# Clone the repo and enter the CLI folder
+cd cli
+
+# 1) Build for the host OS/ARCH
+go build -o olares-cli ./cmd/main.go
+
+# 2) Cross-compile for Linux amd64 (from macOS, for example)
+GOOS=linux GOARCH=amd64 go build -o olares-cli ./cmd/main.go
+
+# 3) Produce multi-platform artifacts (tar.gz, checksums, etc.)
+goreleaser release --snapshot --clean
+```
+
+---
+
+## Development workflow
+
+### Add a new command
+
+1. Create the command file in `cmd/ctl/<category>/`.
+2. Define a pipeline in `pkg/pipelines/`.
+3. Implement modules & tasks inside the relevant `pkg/` sub-packages.
+
+
+### Test your build
+
+1. Upload the self-built `olares-cli` binary to a machine that's running Olares.
+2. Replace the existing `olares-cli` binary on the machine using `sudo cp -f olares-cli /usr/local/bin`.
+3. Execute arbitrary commands using `olares-cli`

cli/apis/kubekey/v1alpha1/cluster_types.go

@@ -22,8 +22,8 @@ import (
 	"strconv"
 	"strings"
 
-	"bytetrade.io/web3os/installer/pkg/core/logger"
-	"bytetrade.io/web3os/installer/pkg/core/util"
+	"github.com/beclab/Olares/cli/pkg/core/logger"
+	"github.com/beclab/Olares/cli/pkg/core/util"
 	"github.com/pkg/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )

cli/apis/kubekey/v1alpha1/default.go

@@ -21,7 +21,7 @@ import (
 	"os"
 	"strings"
 
-	"bytetrade.io/web3os/installer/pkg/core/util"
+	"github.com/beclab/Olares/cli/pkg/core/util"
 )
 
 const (

cli/apis/kubekey/v1alpha2/cluster_types.go

@@ -22,9 +22,9 @@ import (
 	"strconv"
 	"strings"
 
-	"bytetrade.io/web3os/installer/pkg/core/connector"
-	"bytetrade.io/web3os/installer/pkg/core/logger"
-	"bytetrade.io/web3os/installer/pkg/core/util"
+	"github.com/beclab/Olares/cli/pkg/core/connector"
+	"github.com/beclab/Olares/cli/pkg/core/logger"
+	"github.com/beclab/Olares/cli/pkg/core/util"
 	"github.com/pkg/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"

cli/apis/kubekey/v1alpha2/default.go

@@ -21,7 +21,7 @@ import (
 	"os"
 	"strings"
 
-	"bytetrade.io/web3os/installer/pkg/core/util"
+	"github.com/beclab/Olares/cli/pkg/core/util"
 )
 
 const (

cli/clients/clientset/versioned/clientset.go

@@ -20,8 +20,8 @@ package versioned
 import (
 	"fmt"
 
-	kubekeyv1alpha1 "bytetrade.io/web3os/installer/clients/clientset/versioned/typed/kubekey/v1alpha1"
-	kubekeyv1alpha2 "bytetrade.io/web3os/installer/clients/clientset/versioned/typed/kubekey/v1alpha2"
+	kubekeyv1alpha1 "github.com/beclab/Olares/cli/clients/clientset/versioned/typed/kubekey/v1alpha1"
+	kubekeyv1alpha2 "github.com/beclab/Olares/cli/clients/clientset/versioned/typed/kubekey/v1alpha2"
 	discovery "k8s.io/client-go/discovery"
 	rest "k8s.io/client-go/rest"
 	flowcontrol "k8s.io/client-go/util/flowcontrol"

cli/clients/clientset/versioned/fake/clientset_generated.go

@@ -18,11 +18,11 @@ limitations under the License.
 package fake
 
 import (
-	clientset "bytetrade.io/web3os/installer/clients/clientset/versioned"
-	kubekeyv1alpha1 "bytetrade.io/web3os/installer/clients/clientset/versioned/typed/kubekey/v1alpha1"
-	fakekubekeyv1alpha1 "bytetrade.io/web3os/installer/clients/clientset/versioned/typed/kubekey/v1alpha1/fake"
-	kubekeyv1alpha2 "bytetrade.io/web3os/installer/clients/clientset/versioned/typed/kubekey/v1alpha2"
-	fakekubekeyv1alpha2 "bytetrade.io/web3os/installer/clients/clientset/versioned/typed/kubekey/v1alpha2/fake"
+	clientset "github.com/beclab/Olares/cli/clients/clientset/versioned"
+	kubekeyv1alpha1 "github.com/beclab/Olares/cli/clients/clientset/versioned/typed/kubekey/v1alpha1"
+	fakekubekeyv1alpha1 "github.com/beclab/Olares/cli/clients/clientset/versioned/typed/kubekey/v1alpha1/fake"
+	kubekeyv1alpha2 "github.com/beclab/Olares/cli/clients/clientset/versioned/typed/kubekey/v1alpha2"
+	fakekubekeyv1alpha2 "github.com/beclab/Olares/cli/clients/clientset/versioned/typed/kubekey/v1alpha2/fake"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/watch"
 	"k8s.io/client-go/discovery"

cli/clients/clientset/versioned/fake/register.go

@@ -18,8 +18,8 @@ limitations under the License.
 package fake
 
 import (
-	kubekeyv1alpha1 "bytetrade.io/web3os/installer/apis/kubekey/v1alpha1"
-	kubekeyv1alpha2 "bytetrade.io/web3os/installer/apis/kubekey/v1alpha2"
+	kubekeyv1alpha1 "github.com/beclab/Olares/cli/apis/kubekey/v1alpha1"
+	kubekeyv1alpha2 "github.com/beclab/Olares/cli/apis/kubekey/v1alpha2"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	runtime "k8s.io/apimachinery/pkg/runtime"
 	schema "k8s.io/apimachinery/pkg/runtime/schema"

cli/clients/clientset/versioned/scheme/register.go

@@ -18,8 +18,8 @@ limitations under the License.
 package scheme
 
 import (
-	kubekeyv1alpha1 "bytetrade.io/web3os/installer/apis/kubekey/v1alpha1"
-	kubekeyv1alpha2 "bytetrade.io/web3os/installer/apis/kubekey/v1alpha2"
+	kubekeyv1alpha1 "github.com/beclab/Olares/cli/apis/kubekey/v1alpha1"
+	kubekeyv1alpha2 "github.com/beclab/Olares/cli/apis/kubekey/v1alpha2"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	runtime "k8s.io/apimachinery/pkg/runtime"
 	schema "k8s.io/apimachinery/pkg/runtime/schema"

cli/clients/clientset/versioned/typed/kubekey/v1alpha1/cluster.go

@@ -21,8 +21,8 @@ import (
 	"context"
 	"time"
 
-	v1alpha1 "bytetrade.io/web3os/installer/apis/kubekey/v1alpha1"
-	scheme "bytetrade.io/web3os/installer/clients/clientset/versioned/scheme"
+	v1alpha1 "github.com/beclab/Olares/cli/apis/kubekey/v1alpha1"
+	scheme "github.com/beclab/Olares/cli/clients/clientset/versioned/scheme"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	types "k8s.io/apimachinery/pkg/types"
 	watch "k8s.io/apimachinery/pkg/watch"

cli/clients/clientset/versioned/typed/kubekey/v1alpha1/fake/fake_cluster.go

@@ -20,7 +20,7 @@ package fake
 import (
 	"context"
 
-	v1alpha1 "bytetrade.io/web3os/installer/apis/kubekey/v1alpha1"
+	v1alpha1 "github.com/beclab/Olares/cli/apis/kubekey/v1alpha1"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	labels "k8s.io/apimachinery/pkg/labels"
 	schema "k8s.io/apimachinery/pkg/runtime/schema"

cli/clients/clientset/versioned/typed/kubekey/v1alpha1/fake/fake_kubekey_client.go

@@ -18,7 +18,7 @@ limitations under the License.
 package fake
 
 import (
-	v1alpha1 "bytetrade.io/web3os/installer/clients/clientset/versioned/typed/kubekey/v1alpha1"
+	v1alpha1 "github.com/beclab/Olares/cli/clients/clientset/versioned/typed/kubekey/v1alpha1"
 	rest "k8s.io/client-go/rest"
 	testing "k8s.io/client-go/testing"
 )

cli/clients/clientset/versioned/typed/kubekey/v1alpha1/kubekey_client.go

@@ -18,8 +18,8 @@ limitations under the License.
 package v1alpha1
 
 import (
-	v1alpha1 "bytetrade.io/web3os/installer/apis/kubekey/v1alpha1"
-	"bytetrade.io/web3os/installer/clients/clientset/versioned/scheme"
+	v1alpha1 "github.com/beclab/Olares/cli/apis/kubekey/v1alpha1"
+	"github.com/beclab/Olares/cli/clients/clientset/versioned/scheme"
 	rest "k8s.io/client-go/rest"
 )
 

cli/clients/clientset/versioned/typed/kubekey/v1alpha2/cluster.go

@@ -21,8 +21,8 @@ import (
 	"context"
 	"time"
 
-	v1alpha2 "bytetrade.io/web3os/installer/apis/kubekey/v1alpha2"
-	scheme "bytetrade.io/web3os/installer/clients/clientset/versioned/scheme"
+	v1alpha2 "github.com/beclab/Olares/cli/apis/kubekey/v1alpha2"
+	scheme "github.com/beclab/Olares/cli/clients/clientset/versioned/scheme"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	types "k8s.io/apimachinery/pkg/types"
 	watch "k8s.io/apimachinery/pkg/watch"

cli/clients/clientset/versioned/typed/kubekey/v1alpha2/fake/fake_cluster.go

@@ -20,7 +20,7 @@ package fake
 import (
 	"context"
 
-	v1alpha2 "bytetrade.io/web3os/installer/apis/kubekey/v1alpha2"
+	v1alpha2 "github.com/beclab/Olares/cli/apis/kubekey/v1alpha2"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	labels "k8s.io/apimachinery/pkg/labels"
 	schema "k8s.io/apimachinery/pkg/runtime/schema"

cli/clients/clientset/versioned/typed/kubekey/v1alpha2/fake/fake_kubekey_client.go

@@ -18,7 +18,7 @@ limitations under the License.
 package fake
 
 import (
-	v1alpha2 "bytetrade.io/web3os/installer/clients/clientset/versioned/typed/kubekey/v1alpha2"
+	v1alpha2 "github.com/beclab/Olares/cli/clients/clientset/versioned/typed/kubekey/v1alpha2"
 	rest "k8s.io/client-go/rest"
 	testing "k8s.io/client-go/testing"
 )

cli/clients/clientset/versioned/typed/kubekey/v1alpha2/kubekey_client.go

@@ -18,8 +18,8 @@ limitations under the License.
 package v1alpha2
 
 import (
-	v1alpha2 "bytetrade.io/web3os/installer/apis/kubekey/v1alpha2"
-	"bytetrade.io/web3os/installer/clients/clientset/versioned/scheme"
+	v1alpha2 "github.com/beclab/Olares/cli/apis/kubekey/v1alpha2"
+	"github.com/beclab/Olares/cli/clients/clientset/versioned/scheme"
 	rest "k8s.io/client-go/rest"
 )
 

cli/clients/informers/externalversions/factory.go

@@ -22,9 +22,9 @@ import (
 	sync "sync"
 	time "time"
 
-	versioned "bytetrade.io/web3os/installer/clients/clientset/versioned"
-	internalinterfaces "bytetrade.io/web3os/installer/clients/informers/externalversions/internalinterfaces"
-	kubekey "bytetrade.io/web3os/installer/clients/informers/externalversions/kubekey"
+	versioned "github.com/beclab/Olares/cli/clients/clientset/versioned"
+	internalinterfaces "github.com/beclab/Olares/cli/clients/informers/externalversions/internalinterfaces"
+	kubekey "github.com/beclab/Olares/cli/clients/informers/externalversions/kubekey"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	runtime "k8s.io/apimachinery/pkg/runtime"
 	schema "k8s.io/apimachinery/pkg/runtime/schema"

cli/clients/informers/externalversions/generic.go

@@ -20,8 +20,8 @@ package externalversions
 import (
 	"fmt"
 
-	v1alpha1 "bytetrade.io/web3os/installer/apis/kubekey/v1alpha1"
-	v1alpha2 "bytetrade.io/web3os/installer/apis/kubekey/v1alpha2"
+	v1alpha1 "github.com/beclab/Olares/cli/apis/kubekey/v1alpha1"
+	v1alpha2 "github.com/beclab/Olares/cli/apis/kubekey/v1alpha2"
 	schema "k8s.io/apimachinery/pkg/runtime/schema"
 	cache "k8s.io/client-go/tools/cache"
 )

cli/clients/informers/externalversions/internalinterfaces/factory_interfaces.go

@@ -20,7 +20,7 @@ package internalinterfaces
 import (
 	time "time"
 
-	versioned "bytetrade.io/web3os/installer/clients/clientset/versioned"
+	versioned "github.com/beclab/Olares/cli/clients/clientset/versioned"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	runtime "k8s.io/apimachinery/pkg/runtime"
 	cache "k8s.io/client-go/tools/cache"

cli/clients/informers/externalversions/kubekey/interface.go

@@ -18,9 +18,9 @@ limitations under the License.
 package kubekey
 
 import (
-	internalinterfaces "bytetrade.io/web3os/installer/clients/informers/externalversions/internalinterfaces"
-	v1alpha1 "bytetrade.io/web3os/installer/clients/informers/externalversions/kubekey/v1alpha1"
-	v1alpha2 "bytetrade.io/web3os/installer/clients/informers/externalversions/kubekey/v1alpha2"
+	internalinterfaces "github.com/beclab/Olares/cli/clients/informers/externalversions/internalinterfaces"
+	v1alpha1 "github.com/beclab/Olares/cli/clients/informers/externalversions/kubekey/v1alpha1"
+	v1alpha2 "github.com/beclab/Olares/cli/clients/informers/externalversions/kubekey/v1alpha2"
 )
 
 // Interface provides access to each of this group's versions.

cli/clients/informers/externalversions/kubekey/v1alpha1/cluster.go

@@ -21,10 +21,10 @@ import (
 	"context"
 	time "time"
 
-	kubekeyv1alpha1 "bytetrade.io/web3os/installer/apis/kubekey/v1alpha1"
-	versioned "bytetrade.io/web3os/installer/clients/clientset/versioned"
-	internalinterfaces "bytetrade.io/web3os/installer/clients/informers/externalversions/internalinterfaces"
-	v1alpha1 "bytetrade.io/web3os/installer/clients/listers/kubekey/v1alpha1"
+	kubekeyv1alpha1 "github.com/beclab/Olares/cli/apis/kubekey/v1alpha1"
+	versioned "github.com/beclab/Olares/cli/clients/clientset/versioned"
+	internalinterfaces "github.com/beclab/Olares/cli/clients/informers/externalversions/internalinterfaces"
+	v1alpha1 "github.com/beclab/Olares/cli/clients/listers/kubekey/v1alpha1"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	runtime "k8s.io/apimachinery/pkg/runtime"
 	watch "k8s.io/apimachinery/pkg/watch"

cli/clients/informers/externalversions/kubekey/v1alpha1/interface.go

@@ -18,7 +18,7 @@ limitations under the License.
 package v1alpha1
 
 import (
-	internalinterfaces "bytetrade.io/web3os/installer/clients/informers/externalversions/internalinterfaces"
+	internalinterfaces "github.com/beclab/Olares/cli/clients/informers/externalversions/internalinterfaces"
 )
 
 // Interface provides access to all the informers in this group version.

cli/clients/informers/externalversions/kubekey/v1alpha2/cluster.go

@@ -21,10 +21,10 @@ import (
 	"context"
 	time "time"
 
-	kubekeyv1alpha2 "bytetrade.io/web3os/installer/apis/kubekey/v1alpha2"
-	versioned "bytetrade.io/web3os/installer/clients/clientset/versioned"
-	internalinterfaces "bytetrade.io/web3os/installer/clients/informers/externalversions/internalinterfaces"
-	v1alpha2 "bytetrade.io/web3os/installer/clients/listers/kubekey/v1alpha2"
+	kubekeyv1alpha2 "github.com/beclab/Olares/cli/apis/kubekey/v1alpha2"
+	versioned "github.com/beclab/Olares/cli/clients/clientset/versioned"
+	internalinterfaces "github.com/beclab/Olares/cli/clients/informers/externalversions/internalinterfaces"
+	v1alpha2 "github.com/beclab/Olares/cli/clients/listers/kubekey/v1alpha2"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	runtime "k8s.io/apimachinery/pkg/runtime"
 	watch "k8s.io/apimachinery/pkg/watch"

cli/clients/informers/externalversions/kubekey/v1alpha2/interface.go

@@ -18,7 +18,7 @@ limitations under the License.
 package v1alpha2
 
 import (
-	internalinterfaces "bytetrade.io/web3os/installer/clients/informers/externalversions/internalinterfaces"
+	internalinterfaces "github.com/beclab/Olares/cli/clients/informers/externalversions/internalinterfaces"
 )
 
 // Interface provides access to all the informers in this group version.

cli/clients/listers/kubekey/v1alpha1/cluster.go

@@ -18,7 +18,7 @@ limitations under the License.
 package v1alpha1
 
 import (
-	v1alpha1 "bytetrade.io/web3os/installer/apis/kubekey/v1alpha1"
+	v1alpha1 "github.com/beclab/Olares/cli/apis/kubekey/v1alpha1"
 	"k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/labels"
 	"k8s.io/client-go/tools/cache"

cli/clients/listers/kubekey/v1alpha2/cluster.go

@@ -18,7 +18,7 @@ limitations under the License.
 package v1alpha2
 
 import (
-	v1alpha2 "bytetrade.io/web3os/installer/apis/kubekey/v1alpha2"
+	v1alpha2 "github.com/beclab/Olares/cli/apis/kubekey/v1alpha2"
 	"k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/labels"
 	"k8s.io/client-go/tools/cache"

cli/cmd/ctl/gpu/disable.go

@@ -3,7 +3,7 @@ package gpu
 import (
 	"log"
 
-	"bytetrade.io/web3os/installer/pkg/pipelines"
+	"github.com/beclab/Olares/cli/pkg/pipelines"
 	"github.com/spf13/cobra"
 )
 

cli/cmd/ctl/gpu/enable.go

@@ -3,7 +3,7 @@ package gpu
 import (
 	"log"
 
-	"bytetrade.io/web3os/installer/pkg/pipelines"
+	"github.com/beclab/Olares/cli/pkg/pipelines"
 	"github.com/spf13/cobra"
 )
 

cli/cmd/ctl/gpu/install.go

@@ -3,8 +3,8 @@ package gpu
 import (
 	"log"
 
-	"bytetrade.io/web3os/installer/cmd/ctl/options"
-	"bytetrade.io/web3os/installer/pkg/pipelines"
+	"github.com/beclab/Olares/cli/cmd/ctl/options"
+	"github.com/beclab/Olares/cli/pkg/pipelines"
 	"github.com/spf13/cobra"
 )
 

cli/cmd/ctl/gpu/status.go

@@ -3,7 +3,7 @@ package gpu
 import (
 	"log"
 
-	"bytetrade.io/web3os/installer/pkg/pipelines"
+	"github.com/beclab/Olares/cli/pkg/pipelines"
 	"github.com/spf13/cobra"
 )
 

cli/cmd/ctl/gpu/uninstall.go

@@ -3,7 +3,7 @@ package gpu
 import (
 	"log"
 
-	"bytetrade.io/web3os/installer/pkg/pipelines"
+	"github.com/beclab/Olares/cli/pkg/pipelines"
 	"github.com/spf13/cobra"
 )
 

cli/cmd/ctl/gpu/upgrade.go

@@ -3,8 +3,8 @@ package gpu
 import (
 	"log"
 
-	"bytetrade.io/web3os/installer/cmd/ctl/options"
-	"bytetrade.io/web3os/installer/pkg/pipelines"
+	"github.com/beclab/Olares/cli/cmd/ctl/options"
+	"github.com/beclab/Olares/cli/pkg/pipelines"
 	"github.com/spf13/cobra"
 )
 

cli/cmd/ctl/node/add.go

@@ -1,10 +1,11 @@
 package node
 
 import (
-	"bytetrade.io/web3os/installer/cmd/ctl/options"
-	"bytetrade.io/web3os/installer/pkg/pipelines"
-	"github.com/spf13/cobra"
 	"log"
+
+	"github.com/beclab/Olares/cli/cmd/ctl/options"
+	"github.com/beclab/Olares/cli/pkg/pipelines"
+	"github.com/spf13/cobra"
 )
 
 func NewCmdAddNode() *cobra.Command {

cli/cmd/ctl/node/masterinfo.go

@@ -1,10 +1,11 @@
 package node
 
 import (
-	"bytetrade.io/web3os/installer/cmd/ctl/options"
-	"bytetrade.io/web3os/installer/pkg/pipelines"
-	"github.com/spf13/cobra"
 	"log"
+
+	"github.com/beclab/Olares/cli/cmd/ctl/options"
+	"github.com/beclab/Olares/cli/pkg/pipelines"
+	"github.com/spf13/cobra"
 )
 
 func NewCmdMasterInfo() *cobra.Command {

cli/cmd/ctl/options/cli_options.go

@@ -1,9 +1,9 @@
 package options
 
 import (
-	"bytetrade.io/web3os/installer/pkg/common"
-	cc "bytetrade.io/web3os/installer/pkg/core/common"
-	"bytetrade.io/web3os/installer/pkg/phase/cluster"
+	"github.com/beclab/Olares/cli/pkg/common"
+	cc "github.com/beclab/Olares/cli/pkg/core/common"
+	"github.com/beclab/Olares/cli/pkg/phase/cluster"
 	"github.com/spf13/cobra"
 )
 

cli/cmd/ctl/options/download_options.go

@@ -1,7 +1,7 @@
 package options
 
 import (
-	cc "bytetrade.io/web3os/installer/pkg/core/common"
+	cc "github.com/beclab/Olares/cli/pkg/core/common"
 	"github.com/spf13/cobra"
 )
 
@@ -10,6 +10,7 @@ type CliDownloadWizardOptions struct {
 	KubeType       string
 	BaseDir        string
 	DownloadCdnUrl string
+	UrlOverride    string
 }
 
 func NewCliDownloadWizardOptions() *CliDownloadWizardOptions {
@@ -21,6 +22,7 @@ func (o *CliDownloadWizardOptions) AddFlags(cmd *cobra.Command) {
 	cmd.Flags().StringVarP(&o.BaseDir, "base-dir", "b", "", "Set Olares package base dir, defaults to $HOME/"+cc.DefaultBaseDir)
 	cmd.Flags().StringVar(&o.KubeType, "kube", "k3s", "Set kube type, e.g., k3s or k8s")
 	cmd.Flags().StringVar(&o.DownloadCdnUrl, "download-cdn-url", "", "Set the CDN accelerated download address in the format https://example.cdn.com. If not set, the default download address will be used")
+	cmd.Flags().StringVar(&o.UrlOverride, "url-override", "", "Set another URL for wizard download explicitly")
 }
 
 type CliDownloadOptions struct {

cli/cmd/ctl/options/gpu_options.go

@@ -1,9 +1,10 @@
 package options
 
 import (
-	"bytetrade.io/web3os/installer/pkg/common"
-	cc "bytetrade.io/web3os/installer/pkg/core/common"
 	"fmt"
+
+	"github.com/beclab/Olares/cli/pkg/common"
+	cc "github.com/beclab/Olares/cli/pkg/core/common"
 	"github.com/spf13/cobra"
 )
 

cli/cmd/ctl/os/changeip.go

@@ -1,10 +1,11 @@
 package os
 
 import (
-	"bytetrade.io/web3os/installer/cmd/ctl/options"
-	"bytetrade.io/web3os/installer/pkg/pipelines"
-	"github.com/spf13/cobra"
 	"log"
+
+	"github.com/beclab/Olares/cli/cmd/ctl/options"
+	"github.com/beclab/Olares/cli/pkg/pipelines"
+	"github.com/spf13/cobra"
 )
 
 func NewCmdChangeIP() *cobra.Command {

cli/cmd/ctl/os/download.go

@@ -1,10 +1,11 @@
 package os
 
 import (
-	"bytetrade.io/web3os/installer/cmd/ctl/options"
-	"bytetrade.io/web3os/installer/pkg/pipelines"
-	"github.com/spf13/cobra"
 	"log"
+
+	"github.com/beclab/Olares/cli/cmd/ctl/options"
+	"github.com/beclab/Olares/cli/pkg/pipelines"
+	"github.com/spf13/cobra"
 )
 
 func NewCmdRootDownload() *cobra.Command {

cli/cmd/ctl/os/info.go

@@ -1,7 +1,7 @@
 package os
 
 import (
-	"bytetrade.io/web3os/installer/pkg/pipelines"
+	"github.com/beclab/Olares/cli/pkg/pipelines"
 	"github.com/spf13/cobra"
 )
 

cli/cmd/ctl/os/install.go

@@ -3,8 +3,8 @@ package os
 import (
 	"log"
 
-	"bytetrade.io/web3os/installer/cmd/ctl/options"
-	"bytetrade.io/web3os/installer/pkg/pipelines"
+	"github.com/beclab/Olares/cli/cmd/ctl/options"
+	"github.com/beclab/Olares/cli/pkg/pipelines"
 	"github.com/spf13/cobra"
 )
 

cli/cmd/ctl/os/logs.go

@@ -2,8 +2,6 @@ package os
 
 import (
 	"archive/tar"
-	"bytetrade.io/web3os/installer/pkg/common"
-	"bytetrade.io/web3os/installer/pkg/core/util"
 	"compress/gzip"
 	"fmt"
 	"io"
@@ -14,6 +12,9 @@ import (
 	"strings"
 	"time"
 
+	"github.com/beclab/Olares/cli/pkg/common"
+	"github.com/beclab/Olares/cli/pkg/core/util"
+
 	"github.com/spf13/cobra"
 )
 

cli/cmd/ctl/os/precheck.go

@@ -1,10 +1,11 @@
 package os
 
 import (
-	"bytetrade.io/web3os/installer/cmd/ctl/options"
-	"bytetrade.io/web3os/installer/pkg/pipelines"
-	"github.com/spf13/cobra"
 	"log"
+
+	"github.com/beclab/Olares/cli/cmd/ctl/options"
+	"github.com/beclab/Olares/cli/pkg/pipelines"
+	"github.com/spf13/cobra"
 )
 
 func NewCmdPrecheck() *cobra.Command {

cli/cmd/ctl/os/prepare.go

@@ -3,8 +3,8 @@ package os
 import (
 	"log"
 
-	"bytetrade.io/web3os/installer/cmd/ctl/options"
-	"bytetrade.io/web3os/installer/pkg/pipelines"
+	"github.com/beclab/Olares/cli/cmd/ctl/options"
+	"github.com/beclab/Olares/cli/pkg/pipelines"
 	"github.com/spf13/cobra"
 )
 

cli/cmd/ctl/os/release.go

@@ -1,9 +1,6 @@
 package os
 
 import (
-	"bytetrade.io/web3os/installer/pkg/core/common"
-	"bytetrade.io/web3os/installer/pkg/core/util"
-	"bytetrade.io/web3os/installer/pkg/release/builder"
 	"fmt"
 	"os"
 	"os/user"
@@ -11,6 +8,10 @@ import (
 	"strings"
 	"time"
 
+	"github.com/beclab/Olares/cli/pkg/core/common"
+	"github.com/beclab/Olares/cli/pkg/core/util"
+	"github.com/beclab/Olares/cli/pkg/release/builder"
+
 	"github.com/spf13/cobra"
 )
 
@@ -48,7 +49,7 @@ func NewCmdRelease() *cobra.Command {
 			}
 
 			if version == "" {
-				version = fmt.Sprintf("1.12.0-%s", time.Now().Format("20060102150405"))
+				version = fmt.Sprintf("1.12.1-%s", time.Now().Format("20060102150405"))
 				fmt.Printf("--version unspecified, using: %s\n", version)
 				time.Sleep(1 * time.Second)
 			}

cli/cmd/ctl/os/root.go

@@ -1,15 +1,10 @@
 package os
 
 import (
-	"os/exec"
-
 	"github.com/spf13/cobra"
 )
 
 func NewOSCommands() []*cobra.Command {
-	_ = exec.Command("/bin/bash", "-c", "ulimit -u 65535").Run()
-	_ = exec.Command("/bin/bash", "-c", "ulimit -n 65535").Run()
-
 	return []*cobra.Command{
 		NewCmdPrecheck(),
 		NewCmdRootDownload(),

cli/cmd/ctl/os/startstop.go

@@ -3,9 +3,10 @@ package os
 import (
 	"time"
 
-	"bytetrade.io/web3os/installer/pkg/pipelines"
-	"github.com/spf13/cobra"
 	"log"
+
+	"github.com/beclab/Olares/cli/pkg/pipelines"
+	"github.com/spf13/cobra"
 )
 
 func NewCmdStart() *cobra.Command {

cli/cmd/ctl/os/storage.go

@@ -1,10 +1,11 @@
 package os
 
 import (
-	"bytetrade.io/web3os/installer/cmd/ctl/options"
-	"bytetrade.io/web3os/installer/pkg/pipelines"
-	"github.com/spf13/cobra"
 	"log"
+
+	"github.com/beclab/Olares/cli/cmd/ctl/options"
+	"github.com/beclab/Olares/cli/pkg/pipelines"
+	"github.com/spf13/cobra"
 )
 
 func NewCmdInstallStorage() *cobra.Command {

cli/cmd/ctl/os/uninstall.go

@@ -1,10 +1,11 @@
 package os
 
 import (
-	"bytetrade.io/web3os/installer/cmd/ctl/options"
-	"bytetrade.io/web3os/installer/pkg/pipelines"
-	"github.com/spf13/cobra"
 	"log"
+
+	"github.com/beclab/Olares/cli/cmd/ctl/options"
+	"github.com/beclab/Olares/cli/pkg/pipelines"
+	"github.com/spf13/cobra"
 )
 
 type UninstallOsOptions struct {