fix: files sync paste dir out bug

* feat(user-service): update dataStore use redis

* feat(wise): remove from system-frontend
fix(settings): some bugs
fix(files): some bugs

* knowledge: remove knowledge, rss, argo

---------

Co-authored-by: eball <liuy102@hotmail.com>

.github/workflows/check.yaml

@@ -64,6 +64,17 @@ jobs:
     secrets: inherit
     with:
       version: ${{ needs.test-version.outputs.version }}
+      ref: ${{ github.event.pull_request.head.ref }}
+      repository: ${{ github.event.pull_request.head.repo.full_name }}
+
+  upload-daemon:
+    needs: test-version
+    uses: ./.github/workflows/release-daemon.yaml
+    secrets: inherit
+    with:
+      version: ${{ needs.test-version.outputs.version }}
+      ref: ${{ github.event.pull_request.head.ref }}
+      repository: ${{ github.event.pull_request.head.repo.full_name }}
 
   push-image:
     runs-on: ubuntu-latest
@@ -106,6 +117,7 @@ jobs:
 
 
   push-deps:
+    needs: [test-version, upload-daemon]
     runs-on: ubuntu-latest
 
     steps:
@@ -121,10 +133,13 @@ jobs:
           AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           AWS_DEFAULT_REGION: "us-east-1"
+          VERSION: ${{ needs.test-version.outputs.version }}
+          REPO_PATH: '${{ secrets.REPO_PATH }}'
         run: |
           bash build/deps-manifest.sh && bash build/upload-deps.sh
 
   push-deps-arm64:
+    needs: [test-version, upload-daemon]
     runs-on: [self-hosted, linux, ARM64]
 
     steps:
@@ -143,6 +158,8 @@ jobs:
           AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           AWS_DEFAULT_REGION: "us-east-1"
+          VERSION: ${{ needs.test-version.outputs.version }}
+          REPO_PATH: '${{ secrets.REPO_PATH }}'
         run: |
           export PATH=$PATH:/usr/local/bin:/home/ubuntu/.local/bin
           bash build/deps-manifest.sh linux/arm64 && bash build/upload-deps.sh linux/arm64

.github/workflows/push-deps-to-s3.yml

@@ -11,27 +11,13 @@ jobs:
       - name: "Checkout source code"
         uses: actions/checkout@v3
 
-      - name: Install coscmd
-        run: pip install coscmd        
-
-      - name: Configure coscmd
-        env:
-          TENCENT_SECRET_ID: ${{ secrets.TENCENT_SECRET_ID }}
-          TENCENT_SECRET_KEY: ${{ secrets.TENCENT_SECRET_KEY }}
-          COS_BUCKET: ${{ secrets.COS_BUCKET }}
-          COS_REGION: ${{ secrets.COS_REGION }}
-          END_POINT: ${{ secrets.END_POINT }}
-        run: |
-          coscmd config -a $TENCENT_SECRET_ID \
-                        -s $TENCENT_SECRET_KEY \
-                        -b $COS_BUCKET \
-                        -r $COS_REGION 
 
       # test
       - env:
           AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           AWS_DEFAULT_REGION: "us-east-1"
+          REPO_PATH: '${{ secrets.REPO_PATH }}'
         run: |
           bash build/deps-manifest.sh && bash build/upload-deps.sh
 
@@ -42,28 +28,12 @@ jobs:
       - name: "Checkout source code"
         uses: actions/checkout@v3
 
-      - name: Install coscmd
-        run: pip install coscmd        
-
-      - name: Configure coscmd
-        env:
-          TENCENT_SECRET_ID: ${{ secrets.TENCENT_SECRET_ID }}
-          TENCENT_SECRET_KEY: ${{ secrets.TENCENT_SECRET_KEY }}
-          COS_BUCKET: ${{ secrets.COS_BUCKET }}
-          COS_REGION: ${{ secrets.COS_REGION }}
-          END_POINT: ${{ secrets.END_POINT }}
-        run: |
-          export PATH=$PATH:/usr/local/bin:/home/ubuntu/.local/bin
-          coscmd config -m 10 -p 10 -a $TENCENT_SECRET_ID \
-                        -s $TENCENT_SECRET_KEY \
-                        -b $COS_BUCKET \
-                        -r $COS_REGION 
-
       # test
       - env:
           AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           AWS_DEFAULT_REGION: "us-east-1"
+          REPO_PATH: '${{ secrets.REPO_PATH }}'
         run: |
           export PATH=$PATH:/usr/local/bin:/home/ubuntu/.local/bin
           bash build/deps-manifest.sh linux/arm64 && bash build/upload-deps.sh linux/arm64

.github/workflows/push-to-s3.yaml

@@ -11,22 +11,6 @@ jobs:
       - name: "Checkout source code"
         uses: actions/checkout@v3
 
-      - name: Install coscmd
-        run: pip install coscmd        
-
-      - name: Configure coscmd
-        env:
-          TENCENT_SECRET_ID: ${{ secrets.TENCENT_SECRET_ID }}
-          TENCENT_SECRET_KEY: ${{ secrets.TENCENT_SECRET_KEY }}
-          COS_BUCKET: ${{ secrets.COS_BUCKET }}
-          COS_REGION: ${{ secrets.COS_REGION }}
-          END_POINT: ${{ secrets.END_POINT }}
-        run: |
-          coscmd config -a $TENCENT_SECRET_ID \
-                        -s $TENCENT_SECRET_KEY \
-                        -b $COS_BUCKET \
-                        -r $COS_REGION 
-
       # test
       - env:
           AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
@@ -42,23 +26,6 @@ jobs:
       - name: "Checkout source code"
         uses: actions/checkout@v3
 
-      - name: Install coscmd
-        run: pip install coscmd        
-
-      - name: Configure coscmd
-        env:
-          TENCENT_SECRET_ID: ${{ secrets.TENCENT_SECRET_ID }}
-          TENCENT_SECRET_KEY: ${{ secrets.TENCENT_SECRET_KEY }}
-          COS_BUCKET: ${{ secrets.COS_BUCKET }}
-          COS_REGION: ${{ secrets.COS_REGION }}
-          END_POINT: ${{ secrets.END_POINT }}
-        run: |
-          export PATH=$PATH:/usr/local/bin:/home/ubuntu/.local/bin
-          coscmd config -m 10 -p 10 -a $TENCENT_SECRET_ID \
-                        -s $TENCENT_SECRET_KEY \
-                        -b $COS_BUCKET \
-                        -r $COS_REGION 
-
       - env:
           AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

.github/workflows/release-cli.yaml

@@ -6,7 +6,19 @@ on:
       version:
         type: string
         required: true
+      ref:
+        type: string
+      repository:
+        type: string
   workflow_dispatch:
+    inputs:
+      version:
+        type: string
+        required: true
+      ref:
+        type: string
+      repository:
+        type: string
 jobs:
   goreleaser:
     runs-on: ubuntu-22.04
@@ -15,6 +27,8 @@ jobs:
         uses: actions/checkout@v3
         with:
           fetch-depth: 1
+          ref: ${{ inputs.ref }}
+          repository: ${{ inputs.repository }}
 
       - name: Add Local Git Tag For GoReleaser
         run: git tag ${{ inputs.version }}
@@ -23,7 +37,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v3
         with:
-          go-version: 1.22.4
+          go-version: 1.24.3
           
       - name: Install x86_64 cross-compiler
         run: sudo apt-get update && sudo apt-get install -y build-essential
@@ -48,6 +62,5 @@ jobs:
           AWS_DEFAULT_REGION: "us-east-1"
         run: |
           cd cli/output && for file in *.tar.gz; do
-            aws s3 cp "$file" s3://terminus-os-install/$file --acl=public-read
-            # coscmd upload $file /$file
+            aws s3 cp "$file" s3://terminus-os-install${{ secrets.REPO_PATH }}${file} --acl=public-read
           done

.github/workflows/release-daemon.yaml

@@ -0,0 +1,69 @@
+name: Release Daemon
+
+on:
+  workflow_call:
+    inputs:
+      version:
+        type: string
+        required: true
+      ref:
+        type: string
+      repository:
+        type: string
+  workflow_dispatch:
+    inputs:
+      version:
+        type: string
+        required: true
+      ref:
+        type: string
+      repository:
+        type: string
+
+jobs:
+  goreleaser:
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 1
+          ref: ${{ inputs.ref }}
+          repository: ${{ inputs.repository }}
+
+      - name: Add Local Git Tag For GoReleaser
+        run: git tag ${{ inputs.version }}
+        continue-on-error: true
+
+      - name: Set up Go
+        uses: actions/setup-go@v3
+        with:
+          go-version: 1.22.1
+
+      - name: install udev-devel
+        run: |
+          sudo apt update && sudo apt install -y libudev-dev
+
+      - name: Install x86_64 cross-compiler
+        run: sudo apt-get update && sudo apt-get install -y build-essential
+
+      - name: Install ARM cross-compiler
+        run: sudo apt-get update && sudo apt-get install -y gcc-aarch64-linux-gnu
+
+      - name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@v3.1.0
+        with:
+          distribution: goreleaser
+          workdir: './daemon'
+          version: v1.18.2
+          args: release --clean
+
+      - name: Upload to CDN
+        env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          AWS_DEFAULT_REGION: 'us-east-1'
+        run: |
+          cd daemon/output && for file in *.tar.gz; do
+            aws s3 cp "$file" s3://terminus-os-install${{ secrets.REPO_PATH }}${file} --acl=public-read
+          done

.github/workflows/release-daily.yaml

@@ -27,6 +27,13 @@ jobs:
     with:
       version: ${{ needs.daily-version.outputs.version }}
 
+  release-daemon:
+    needs: daily-version
+    uses: ./.github/workflows/release-daemon.yaml
+    secrets: inherit
+    with:
+      version: ${{ needs.daily-version.outputs.version }}
+
   push-images:
     runs-on: ubuntu-22.04
 
@@ -57,6 +64,7 @@ jobs:
           bash build/image-manifest.sh && bash build/upload-images.sh .manifest/images.mf linux/arm64
 
   push-deps:
+    needs: [daily-version, release-daemon]
     runs-on: ubuntu-latest
 
     steps:
@@ -68,10 +76,13 @@ jobs:
           AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           AWS_DEFAULT_REGION: "us-east-1"
+          VERSION: ${{ needs.daily-version.outputs.version }}
+          REPO_PATH: '${{ secrets.REPO_PATH }}'
         run: |
           bash build/deps-manifest.sh && bash build/upload-deps.sh
 
   push-deps-arm64:
+    needs: [daily-version, release-daemon]
     runs-on: [self-hosted, linux, ARM64]
 
     steps:
@@ -83,6 +94,8 @@ jobs:
           AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           AWS_DEFAULT_REGION: "us-east-1"
+          VERSION: ${{ needs.daily-version.outputs.version }}
+          REPO_PATH: '${{ secrets.REPO_PATH }}'
         run: |
           export PATH=$PATH:/usr/local/bin:/home/ubuntu/.local/bin
           bash build/deps-manifest.sh linux/arm64 && bash build/upload-deps.sh linux/arm64
@@ -110,8 +123,8 @@ jobs:
           AWS_DEFAULT_REGION: 'us-east-1'
         run: |
           md5sum install-wizard-v${{ needs.daily-version.outputs.version }}.tar.gz > install-wizard-v${{ needs.daily-version.outputs.version }}.md5sum.txt && \
-          aws s3 cp install-wizard-v${{ needs.daily-version.outputs.version }}.md5sum.txt s3://terminus-os-install/install-wizard-v${{ needs.daily-version.outputs.version }}.md5sum.txt --acl=public-read && \
-          aws s3 cp install-wizard-v${{ needs.daily-version.outputs.version }}.tar.gz s3://terminus-os-install/install-wizard-v${{ needs.daily-version.outputs.version }}.tar.gz --acl=public-read && \
+          aws s3 cp install-wizard-v${{ needs.daily-version.outputs.version }}.md5sum.txt s3://terminus-os-install${{ secrets.REPO_PATH }}install-wizard-v${{ needs.daily-version.outputs.version }}.md5sum.txt --acl=public-read && \
+          aws s3 cp install-wizard-v${{ needs.daily-version.outputs.version }}.tar.gz s3://terminus-os-install${{ secrets.REPO_PATH }}install-wizard-v${{ needs.daily-version.outputs.version }}.tar.gz --acl=public-read && \
           echo "md5sum=$(awk '{print $1}' install-wizard-v${{ needs.daily-version.outputs.version }}.md5sum.txt)" >> "$GITHUB_OUTPUT"
 
 
@@ -139,6 +152,7 @@ jobs:
           cp .dist/install-wizard/install.sh build/base-package
           cp build/base-package/install.sh build/base-package/publicInstaller.sh
           cp .dist/install-wizard/install.ps1 build/base-package
+          cp .dist/install-wizard/joincluster.sh build/base-package
 
       - name: Release public files
         uses: softprops/action-gh-release@v1

.github/workflows/release-mdns-agent.yaml

@@ -0,0 +1,71 @@
+name: Publish mdns-agent to Dockerhub
+
+on:
+  workflow_dispatch:
+    inputs:
+      version:
+        type: string
+        required: true
+
+jobs:
+  update_dockerhub:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_PASS }}
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v3
+        with:
+          push: true
+          context: ./daemon
+          tags: beclab/olaresd:${{ inputs.version }}
+          file: ./daemon/docker/Dockerfile.agent
+          platforms: linux/amd64,linux/arm64
+
+  upload_release_package:
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 1
+      - name: Add Local Git Tag For GoReleaser
+        run: git tag ${{ inputs.version }}
+        continue-on-error: true
+      - name: Set up Go
+        uses: actions/setup-go@v3
+        with:
+          go-version: 1.22.1
+
+      - name: Install x86_64 cross-compiler
+        run: sudo apt-get update && sudo apt-get install -y build-essential
+
+      - name: Install ARM cross-compiler
+        run: sudo apt-get update && sudo apt-get install -y gcc-aarch64-linux-gnu
+
+      - name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@v3.1.0
+        with:
+          distribution: goreleaser
+          version: v1.18.2
+          args: release --clean --skip-validate -f .goreleaser.agent.yml
+          workdir: './daemon'
+
+      - name: Upload to CDN
+        env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          AWS_DEFAULT_REGION: 'us-east-1'
+        run: |
+          cd daemon/output && for file in *.tar.gz; do
+            aws s3 cp "$file" s3://terminus-os-install/$file --acl=public-read
+          done

.github/workflows/release.yaml

@@ -15,6 +15,14 @@ jobs:
     secrets: inherit
     with:
       version: ${{ github.event.inputs.tags }}
+      ref: ${{ github.event.inputs.tags }}
+
+  release-daemon:
+    uses: ./.github/workflows/release-daemon.yaml
+    secrets: inherit
+    with:
+      version: ${{ github.event.inputs.tags }}
+      ref: ${{ github.event.inputs.tags }}
 
   push:
     runs-on: ubuntu-22.04
@@ -29,6 +37,7 @@ jobs:
           AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           AWS_DEFAULT_REGION: 'us-east-1'
+          VERSION: ${{ github.event.inputs.tags }}
         run: |
           bash build/image-manifest.sh && bash build/upload-images.sh .manifest/images.mf
 
@@ -45,12 +54,13 @@ jobs:
           AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           AWS_DEFAULT_REGION: 'us-east-1'
+          VERSION: ${{ github.event.inputs.tags }}
         run: |
           export PATH=$PATH:/usr/local/bin:/home/ubuntu/.local/bin
           bash build/image-manifest.sh && bash build/upload-images.sh .manifest/images.mf linux/arm64
 
   upload-package:
-    needs: [push, push-arm64]
+    needs: [push, push-arm64, release-daemon]
     runs-on: ubuntu-latest
 
     steps:
@@ -70,8 +80,8 @@ jobs:
           AWS_DEFAULT_REGION: 'us-east-1'
         run: |
           md5sum install-wizard-v${{ github.event.inputs.tags }}.tar.gz > install-wizard-v${{ github.event.inputs.tags }}.md5sum.txt && \
-          aws s3 cp install-wizard-v${{ github.event.inputs.tags }}.md5sum.txt s3://terminus-os-install/install-wizard-v${{ github.event.inputs.tags }}.md5sum.txt --acl=public-read && \
-          aws s3 cp install-wizard-v${{ github.event.inputs.tags }}.tar.gz s3://terminus-os-install/install-wizard-v${{ github.event.inputs.tags }}.tar.gz --acl=public-read
+          aws s3 cp install-wizard-v${{ github.event.inputs.tags }}.md5sum.txt s3://terminus-os-install${{ secrets.REPO_PATH }}install-wizard-v${{ github.event.inputs.tags }}.md5sum.txt --acl=public-read && \
+          aws s3 cp install-wizard-v${{ github.event.inputs.tags }}.tar.gz s3://terminus-os-install${{ secrets.REPO_PATH }}install-wizard-v${{ github.event.inputs.tags }}.tar.gz --acl=public-read
 
   release:
     runs-on: ubuntu-latest
@@ -91,7 +101,7 @@ jobs:
       - name: Get checksum
         id: vars
         run: |
-          echo "version_md5sum=$(curl -sSfL https://dc3p1870nn3cj.cloudfront.net/install-wizard-v${{ github.event.inputs.tags }}.md5sum.txt|awk '{print $1}')" >> $GITHUB_OUTPUT
+          echo "version_md5sum=$(curl -sSfL https://dc3p1870nn3cj.cloudfront.net${{ secrets.REPO_PATH }}install-wizard-v${{ github.event.inputs.tags }}.md5sum.txt|awk '{print $1}')" >> $GITHUB_OUTPUT
 
       - name: Update checksum
         uses: eball/write-tag-to-version-file@latest
@@ -111,6 +121,7 @@ jobs:
           cp build/base-package/install.sh build/base-package/publicInstaller.latest
           cp .dist/install-wizard/install.ps1 build/insbase-packagetaller
           cp build/base-package/install.ps1 build/base-package/publicInstaller.latest.ps1
+          cp .dist/install-wizard/joincluster.sh build/base-package
 
       - name: Release public files
         uses: softprops/action-gh-release@v1

.gitignore

@@ -30,3 +30,5 @@ olares-cli-*.tar.gz
 .vscode
 .DS_Store
 cli/output
+daemon/output
+daemon/bin

README.md

@@ -1,6 +1,6 @@
 <div align="center">
 
-# Olares: An Open-Source Personal Cloud OS to Reclaim Your Data<!-- omit in toc -->
+# Olares: An Open-Source Personal Cloud to </br>Reclaim Your Data<!-- omit in toc -->
 
 [![Mission](https://img.shields.io/badge/Mission-Let%20people%20own%20their%20data%20again-purple)](#)<br/>
 [![Last Commit](https://img.shields.io/github/last-commit/beclab/olares)](https://github.com/beclab/olares/commits/main)
@@ -18,10 +18,6 @@
 
 </div>
 
-https://github.com/user-attachments/assets/3089a524-c135-4f96-ad2b-c66bf4ee7471
-
-*Build your local AI assistants, sync data across places, self-host your workspace, stream your own media, and more—all in your personal cloud on Olares.*
-
 <p align="center">
   <a href="https://olares.com">Website</a> ·
   <a href="https://docs.olares.com">Documentation</a> ·
@@ -34,13 +30,54 @@ https://github.com/user-attachments/assets/3089a524-c135-4f96-ad2b-c66bf4ee7471
 >
 >*It's time for a change.* 
 
+![Personal Cloud](https://file.bttcdn.com/github/olares/public-cloud-to-personal-cloud.jpg)
 We believe you have a fundamental right to control your digital life. The most effective way to uphold this right is by hosting your data locally, on your own hardware.
 
 Olares is an **open-source personal cloud operating system** designed to empower you to own and manage your digital assets locally. Instead of relying on public cloud services, you can deploy powerful open-source alternatives locally on Olares, such as Ollama for hosting LLMs, SD WebUI for image generation, and Mastodon for building censor free social space. Imagine the power of the cloud, but with you in complete command.
 
 > 🌟 *Star us to receive instant notifications about new releases and updates.* 
 
-## Key Features & Use Cases
+## Architecture 
+
+Just as Public clouds offer IaaS, PaaS, and SaaS layers, Olares provides open-source alternatives to each of these layers.
+
+  ![Tech Stacks](https://file.bttcdn.com/github/olares/olares-architecture.jpg)
+
+ For detailed description of each component, refer to [Olares architecture](https://docs.olares.com/manual/system-architecture.html).
+
+> 🔍 **How is Olares different from traditional NAS?**
+>
+> Olares focuses on building an all-in-one self-hosted personal cloud experience. Its core features and target users differ significantly from traditional Network Attached Storage (NAS) systems, which primarily focus on network storage. For more details, see [Compare Olares and NAS](https://docs.olares.com/manual/olares-vs-nas.html).
+
+## Features
+
+Olares offers a wide array of features designed to enhance security, ease of use, and development flexibility:
+
+- **Enterprise-grade security**: Simplified network configuration using Tailscale, Headscale, Cloudflare Tunnel, and FRP.
+- **Secure and permissionless application ecosystem**: Sandboxing ensures application isolation and security.
+- **Unified file system and database**: Automated scaling, backups, and high availability.
+- **Single sign-on**: Log in once to access all applications within Olares with a shared authentication service.
+- **AI capabilities**: Comprehensive solution for GPU management, local AI model hosting, and private knowledge bases while maintaining data privacy.
+- **Built-in applications**: Includes file manager, sync drive, vault, reader, app market, settings, and dashboard.
+- **Seamless anywhere access**: Access your devices from anywhere using dedicated clients for mobile, desktop, and browsers.
+- **Development tools**: Comprehensive development tools for effortless application development and porting.
+
+Here are some screenshots from the UI for a sneak peek:
+
+| **Desktop–Streamlined and familiar portal**     |  **Files–A secure home to your data**
+| :--------: | :-------: |
+| ![Desktop](https://file.bttcdn.com/github/terminus/v2/desktop.jpg) | ![Files](https://file.bttcdn.com/github/terminus/v2/files.jpg) |
+| **Vault–1Password alternative**|**Market–App ecosystem in your control** |
+| ![vault](https://file.bttcdn.com/github/terminus/v2/vault.jpg) | ![market](https://file.bttcdn.com/github/terminus/v2/market.jpg) |
+|**Wise–Your digital secret garden** | **Settings–Manage Olares efficiently** |
+| ![settings](https://file.bttcdn.com/github/terminus/v2/wise.jpg) | ![](https://file.bttcdn.com/github/terminus/v2/settings.jpg) |
+|**Dashboard–Constant system monitoring**  | **Profile–Your unique homepage** |
+| ![dashboard](https://file.bttcdn.com/github/terminus/v2/dashboard.jpg) | ![profile](https://file.bttcdn.com/github/terminus/v2/profile.jpg) |
+| **Studio–Develop, debug, and deploy**|**Control Hub–Manage Kubernetes clusters easily**  |
+| ![Studio](https://file.bttcdn.com/github/terminus/v2/devbox.jpg) | ![Controlhub](https://file.bttcdn.com/github/terminus/v2/controlhub.jpg)|
+
+
+## Key use cases
 
 Here is why and where you can count on Olares for private, powerful, and secure sovereign cloud experience:
 
@@ -58,10 +95,6 @@ Here is why and where you can count on Olares for private, powerful, and secure
 
 📚 **Learning platform**: Explore self-hosting, container orchestration, and cloud technologies hands-on.
 
-> 🔍 **How is Olares different from traditional NAS?**
->
-> Olares focuses on building an all-in-one self-hosted personal cloud experience. Its core features and target users differ significantly from traditional Network Attached Storage (NAS) systems, which primarily focus on network storage. For more details, see [Compare Olares and NAS](https://docs.olares.com/manual/olares-vs-nas.html).
-
 ## Getting started
 
 ### System compatibility
@@ -74,42 +107,16 @@ Olares has been tested and verified on the following Linux platforms:
 ### Set up Olares
 To get started with Olares on your own device, follow the [Getting Started Guide](https://docs.olares.com/manual/get-started/) for step-by-step instructions.
 
-## Architecture 
-
-Olares' architecture is based on two core principles:
-- Adopts an Android-like approach to control software permissions and interactivity, ensuring smooth and secure system operations.
-- Leverages cloud-native technologies to manage hardware and middleware services efficiently.
-
-  ![Olares Architecture](https://file.bttcdn.com/github/terminus/v2/olares-arch-3.png)
-
- For detailed description of each component, refer to [Olares architecture](https://docs.olares.com/manual/system-architecture.html).
-
-## Features
-
-Olares offers a wide array of features designed to enhance security, ease of use, and development flexibility:
-
-- **Enterprise-grade security**: Simplified network configuration using Tailscale, Headscale, Cloudflare Tunnel, and FRP.
-- **Secure and permissionless application ecosystem**: Sandboxing ensures application isolation and security.
-- **Unified file system and database**: Automated scaling, backups, and high availability.
-- **Single sign-on**: Log in once to access all applications within Olares with a shared authentication service.
-- **AI capabilities**: Comprehensive solution for GPU management, local AI model hosting, and private knowledge bases while maintaining data privacy.
-- **Built-in applications**: Includes file manager, sync drive, vault, reader, app market, settings, and dashboard.
-- **Seamless anywhere access**: Access your devices from anywhere using dedicated clients for mobile, desktop, and browsers.
-- **Development tools**: Comprehensive development tools for effortless application development and porting.
-
-## Project Navigation
-> We are currently migrating the code of subprojects from other repositories within the organization to this repository. This process may take a few months. Once completed, you will be able to get a comprehensive view of the Olares system through this repository.
-
-
+## Project navigation
 This section lists the main directories in the Olares repository:
 
-* **`apps`**: Contains the code for system applications, primarily for `larepass`.
-* **`cli`**: Contains the code for `olares-cli`, the command-line interface tool for Olares.
-* **`daemon`**: Contains the code for `olaresd`, the system daemon process.
+* **[`apps`](./apps)**: Contains the code for system applications, primarily for `larepass`.
+* **[`cli`](./cli)**: Contains the code for `olares-cli`, the command-line interface tool for Olares.
+* **[`daemon`](./daemon)**: Contains the code for `olaresd`, the system daemon process.
 * **`docs`**: Contains documentation for the project.
-* **`framework`**: Contains the Olares system services.
-* **`infrastructure`**: Contains code related to infrastructure components such as computing, storage, networking, and GPUs.
-* **`platform`**: Contains code for cloud-native components like databases and message queues.
+* **[`framework`](./framework)**: Contains the Olares system services.
+* **[`infrastructure`](./infrastructure)**: Contains code related to infrastructure components such as computing, storage, networking, and GPUs.
+* **[`platform`](./platform)**: Contains code for cloud-native components like databases and message queues.
 * **`vendor`**: Contains code from third-party hardware vendors.
 
 ## Contributing to Olares

README_CN.md

@@ -1,6 +1,6 @@
 <div align="center">
 
-# Olares：开源个人云操作系统，助您重获数据主权
+# Olares：助您重获数据主权的开源个人云
 
 [![Mission](https://img.shields.io/badge/Mission-Let%20people%20own%20their%20data%20again-purple)](#)<br/>
 [![Last Commit](https://img.shields.io/github/last-commit/beclab/terminus)](https://github.com/beclab/olares/commits/main)
@@ -18,11 +18,6 @@
 
 </div>
 
-
-https://github.com/user-attachments/assets/3089a524-c135-4f96-ad2b-c66bf4ee7471
-
-*Olares 让你体验更多可能：构建个人 AI 助理、随时随地同步数据、自托管团队协作空间、打造私人影视厅——无缝整合你的数字生活。*
-
 <p align="center">
   <a href="https://olares.com">网站</a> ·
   <a href="https://docs.olares.com">文档</a> ·
@@ -35,12 +30,54 @@ https://github.com/user-attachments/assets/3089a524-c135-4f96-ad2b-c66bf4ee7471
 >
 > *是时候做出改变了。*
 
+![个人云](https://file.bttcdn.com/github/olares/public-cloud-to-personal-cloud.jpg)
+
 我们坚信，**您拥有掌控自己数字生活的基本权利**。维护这一权利最有效的方式，就是将您的数据托管在本地，在您自己的硬件上。
 
 Olares 是一款开源个人云操作系统，旨在让您能够轻松在本地拥有并管理自己的数字资产。您无需再依赖公有云服务，而可以在 Olares 上本地部署强大的开源平替服务或应用，例如可以使用 Ollama 托管大语言模型，使用 SD WebUI 用于图像生成，以及使用 Mastodon 构建不受审查的社交空间。Olares 让你坐拥云计算的强大威力，又能完全将其置于自己掌控之下。
 
 > 为 Olares 点亮 🌟 以及时获取新版本和更新的通知。
 
+## 系统架构
+
+公有云具有基础设施即服务（IaaS）、平台即服务（PaaS）和软件即服务（SaaS）等层级。Olares 为这些层级提供了开源替代方案。
+
+  ![技术栈](https://file.bttcdn.com/github/olares/olares-architecture.jpg)
+
+详细描述请参考 [Olares 架构](https://docs.olares.cn/zh/manual/system-architecture.html)文档。
+
+>🔍**Olares 和 NAS 有什么不同？**
+>
+> Olares 致力于打造一站式的自托管个人云体验。其核心功能与用户定位，均与专注于网络存储的传统 NAS 有着显著的不同，详情请参考 [Olares 与 NAS 对比](https://docs.olares.com/zh/manual/olares-vs-nas.html)。
+
+
+## 功能特性
+
+Olares 提供了一系列功能，旨在提升安全性、使用便捷性以及开发的灵活性：
+
+- **企业级安全**：使用 Tailscale、Headscale、Cloudflare Tunnel 和 FRP 简化网络配置，确保安全连接。
+- **安全且无需许可的应用生态系统**：应用通过沙箱化技术实现隔离，保障应用运行的安全性。
+- **统一文件系统和数据库**：提供自动扩展、数据备份和高可用性功能，确保数据的持久安全。
+- **单点登录**：用户仅需一次登录，即可访问 Olares 中所有应用的共享认证服务。
+- **AI 功能**：包括全面的 GPU 管理、本地 AI 模型托管及私有知识库，同时严格保护数据隐私。
+- **内置应用程序**：涵盖文件管理器、同步驱动器、密钥管理器、阅读器、应用市场、设置和面板等，提供全面的应用支持。
+- **无缝访问**：通过移动端、桌面端和网页浏览器客户端，从全球任何地方访问设备。
+- **开发工具**：提供全面的工具支持，便于开发和移植应用，加速开发进程。
+
+以下是用户界面的一些截图预览：
+
+| **桌面：熟悉高效的访问入口**     |  **文件管理器：安全存储数据**
+| :--------: | :-------: |
+| ![桌面](https://file.bttcdn.com/github/terminus/v2/desktop.jpg) | ![文件](https://file.bttcdn.com/github/terminus/v2/files.jpg) |
+| **Vault：密码无忧管理**|**市场：可控的应用生态系统** |
+| ![vault](https://file.bttcdn.com/github/terminus/v2/vault.jpg) | ![市场](https://file.bttcdn.com/github/terminus/v2/market.jpg) |
+|**Wise：数字后花园** | **设置：高效管理 Olares** |
+| ![设置](https://file.bttcdn.com/github/terminus/v2/wise.jpg) | ![](https://file.bttcdn.com/github/terminus/v2/settings.jpg) |
+|**仪表盘：持续监控 Olares**  | **Profile：独特的个人主页** |
+| ![面板](https://file.bttcdn.com/github/terminus/v2/dashboard.jpg) | ![profile](https://file.bttcdn.com/github/terminus/v2/profile.jpg) |
+| **Studio：一站式开发、调试和部署**|**控制面板：轻松管理 Kubernetes 集群**  |
+| ![Devbox](https://file.bttcdn.com/github/terminus/v2/devbox.jpg) | ![控制中心](https://file.bttcdn.com/github/terminus/v2/controlhub.jpg)|
+
 ## 使用场景
 
 在以下场景中，Olares 为您带来私密、强大且安全的私有云体验：
@@ -59,10 +96,6 @@ Olares 是一款开源个人云操作系统，旨在让您能够轻松在本地
 
 📚**学习探索**：深入学习自托管服务、容器技术和云计算，并上手实践。<br>
 
-> 🔍**Olares 和 NAS 有什么不同？** 
->
-> Olares 致力于打造一站式的自托管个人云体验。其核心功能与用户定位，均与专注于网络存储的传统 NAS 有着显著的不同，详情请参考 [Olares 与 NAS 对比](https://docs.olares.com/zh/manual/olares-vs-nas.html)。
-
 ## 快速开始
 
 ### 系统兼容性
@@ -74,43 +107,18 @@ Olares 已在以下 Linux 平台完成测试与验证：
 
 ### 安装 Olares
  
-参考[快速上手指南](https://docs.joinolares.cn/zh/manual/get-started/)安装并激活 Olares。
-
-## 系统架构
-Olares 的架构设计遵循两个核心原则：
-- 参考 Android 模式，控制软件权限和交互性，确保系统的流畅性和安全性。
-- 借鉴云原生技术，高效管理硬件和中间件服务。
-
-  ![架构](https://file.bttcdn.com/github/terminus/v2/olares-arch-3.png)
-
-详细描述请参考 [Olares 架构](https://docs.joinolares.cn/zh/manual/system-architecture.html)文档。
-
-## 功能特性
-
-Olares 提供了一系列功能，旨在提升安全性、使用便捷性以及开发的灵活性：
-
-- **企业级安全**：使用 Tailscale、Headscale、Cloudflare Tunnel 和 FRP 简化网络配置，确保安全连接。
-- **安全且无需许可的应用生态系统**：应用通过沙箱化技术实现隔离，保障应用运行的安全性。
-- **统一文件系统和数据库**：提供自动扩展、数据备份和高可用性功能，确保数据的持久安全。
-- **单点登录**：用户仅需一次登录，即可访问 Olares 中所有应用的共享认证服务。
-- **AI 功能**：包括全面的 GPU 管理、本地 AI 模型托管及私有知识库，同时严格保护数据隐私。
-- **内置应用程序**：涵盖文件管理器、同步驱动器、密钥管理器、阅读器、应用市场、设置和面板等，提供全面的应用支持。
-- **无缝访问**：通过移动端、桌面端和网页浏览器客户端，从全球任何地方访问设备。
-- **开发工具**：提供全面的工具支持，便于开发和移植应用，加速开发进程。
+参考[快速上手指南](https://docs.olares.cn/zh/manual/get-started/)安装并激活 Olares。
 
 ## 项目目录
-
-> 我们正将子项目的代码从组织中其他代码仓库移动到当前仓库，这个过程可能会持续几个月。届时您就可以通过本仓库了解 Olares 系统的全貌
-> 
 Olares 代码库中的主要目录如下：
 
-* **`apps`**: 用于存放系统应用，主要是 `larepass` 的代码。
-* **`cli`**: 用于存放 `olares-cli`（Olares 的命令行界面工具）的代码。
-* **`daemon`**: 用于存放 `olaresd`（系统守护进程）的代码。
+* **[`apps`](./apps)**: 用于存放系统应用，主要是 `larepass` 的代码。
+* **[`cli`](./cli)**: 用于存放 `olares-cli`（Olares 的命令行界面工具）的代码。
+* **[`daemon`](./daemon)**: 用于存放 `olaresd`（系统守护进程）的代码。
 * **`docs`**: 用于存放 Olares 项目的文档。
-* **`framework`**: 用来存放 Olares 系统服务代码。
-* **`infrastructure`**: 用于存放计算，存储，网络，GPU 等基础设施的代码。
-* **`platform`**: 用于存放数据库、消息队列等云原生组件的代码。
+* **[`framework`](./framework)**: 用来存放 Olares 系统服务代码。
+* **[`infrastructure`](./infrastructure)**: 用于存放计算，存储，网络，GPU 等基础设施的代码。
+* **[`platform`](./platform)**: 用于存放数据库、消息队列等云原生组件的代码。
 * **`vendor`**: 用于存放来自第三方硬件供应商的代码。
 
 ## 社区贡献

README_JP.md

@@ -18,10 +18,6 @@
 
 </div>
 
-https://github.com/user-attachments/assets/3089a524-c135-4f96-ad2b-c66bf4ee7471
-
-*Olaresを使って、ローカルAIアシスタントを構築し、データを場所を問わず同期し、ワークスペースをセルフホストし、独自のメディアをストリーミングし、その他多くのことを実現できます。*
-
 <p align="center">
   <a href="https://olares.com">ウェブサイト</a> ·
   <a href="https://docs.olares.com">ドキュメント</a> ·
@@ -30,18 +26,57 @@ https://github.com/user-attachments/assets/3089a524-c135-4f96-ad2b-c66bf4ee7471
   <a href="https://space.olares.com">Olares Space</a>
 </p>
 
-> [!IMPORTANT]  
-> 最近、TerminusからOlaresへのリブランディングを完了しました。詳細については、[リブランディングブログ](https://blog.olares.com/terminus-is-now-olares/)をご覧ください。
+> *パブリッククラウドを基盤とする現代のインターネットは、あなたの個人データのプライバシーをますます脅かしています。ChatGPT、Midjourney、Facebookといったサービスへの依存が深まるにつれ、デジタル主権に対するあなたのコントロールも弱まっています。あなたのデータは他者のサーバーに保存され、その利用規約に縛られ、追跡され、検閲されているのです。*
+>
+>*今こそ、変革の時です。*
 
-Olaresを使用して、ハードウェアをAIホームサーバーに変換します。Olaresは、ローカルAIのためのオープンソース主権クラウドOSです。
+![自身のデジタル](https://file.bttcdn.com/github/olares/public-cloud-to-personal-cloud.jpg)
 
-- **最先端のAIモデルを自分の条件で実行**: LLaMA、Stable Diffusion、Whisper、Flux.1などの強力なオープンAIモデルをハードウェア上で簡単にホストし、AI環境を完全に制御します。
-- **簡単にデプロイ**: Olares Marketから幅広いオープンソースAIアプリを数クリックで発見してインストールします。複雑な設定やセットアップは不要です。
-- **いつでもどこでもアクセス**: ブラウザを通じて、必要なときにAIアプリやモデルにアクセスします。
-- **統合されたAIでスマートなAI体験**: [Model Context Protocol](https://spec.modelcontextprotocol.io/specification/)（MCP）に似たメカニズムを使用して、OlaresはAIモデルとAIアプリ、およびプライベートデータセットをシームレスに接続します。これにより、ニーズに応じて適応する高度にパーソナライズされたコンテキスト対応のAIインタラクションが実現します。
+私たちは、あなたが自身のデジタルライフをコントロールする基本的な権利を有すると確信しています。この権利を守る最も効果的な方法は、あなたのデータをローカルの、あなた自身のハードウェア上でホストすることです。
+
+Olaresは、あなたが自身のデジタル資産をローカルで容易に所有し管理できるよう設計された、オープンソースのパーソナルクラウドOSです。もはやパブリッククラウドサービスに依存する必要はありません。Olares上で、例えばOllamaを利用した大規模言語モデルのホスティング、SD WebUIによる画像生成、Mastodonを用いた検閲のないソーシャルスペースの構築など、強力なオープンソースの代替サービスやアプリケーションをローカルにデプロイできます。Olaresは、クラウドコンピューティングの絶大な力を活用しつつ、それを完全に自身のコントロール下に置くことを可能にします。
 
 > 🌟 *新しいリリースや更新についての通知を受け取るために、スターを付けてください。*
 
+## アーキテクチャ
+
+パブリッククラウドは、IaaS (Infrastructure as a Service)、PaaS (Platform as a Service)、SaaS (Software as a Service) といったサービスレイヤーで構成されています。Olaresは、これら各レイヤーに対するオープンソースの代替ソリューションを提供しています。
+
+  ![Olaresのアーキテクチ](https://file.bttcdn.com/github/olares/olares-architecture.jpg)
+
+各コンポーネントの詳細については、[Olares アーキテクチャ](https://docs.olares.com/manual/system-architecture.html)（英語版）をご参照ください。
+
+> 🔍**OlaresとNASの違いは何ですか？**
+>
+> Olaresは、ワンストップのセルフホスティング・パーソナルクラウド体験の実現を目指しています。そのコア機能とユーザーの位置付けは、ネットワークストレージに特化した従来のNASとは大きく異なります。詳細は、[OlaresとNASの比較](https://docs.olares.com/manual/olares-vs-nas.html)（英語版）をご参照ください。
+
+## 機能
+
+Olaresは、セキュリティ、使いやすさ、開発の柔軟性を向上させるための幅広い機能を提供します：
+
+- **エンタープライズグレードのセキュリティ**: Tailscale、Headscale、Cloudflare Tunnel、FRPを使用してネットワーク構成を簡素化します。
+- **安全で許可のないアプリケーションエコシステム**: サンドボックス化によりアプリケーションの分離とセキュリティを確保します。
+- **統一ファイルシステムとデータベース**: 自動スケーリング、バックアップ、高可用性を提供します。
+- **シングルサインオン**: 一度ログインするだけで、Olares内のすべてのアプリケーションに共有認証サービスを使用してアクセスできます。
+- **AI機能**: GPU管理、ローカルAIモデルホスティング、プライベートナレッジベースの包括的なソリューションを提供し、データプライバシーを維持します。
+- **内蔵アプリケーション**: ファイルマネージャー、同期ドライブ、ボールト、リーダー、アプリマーケット、設定、ダッシュボードを含みます。
+- **どこからでもシームレスにアクセス**: モバイル、デスクトップ、ブラウザ用の専用クライアントを使用して、どこからでもデバイスにアクセスできます。
+- **開発ツール**: アプリケーションの開発と移植を容易にする包括的な開発ツールを提供します。
+
+以下はUIのスクリーンショットプレビューです。
+
+| **デスクトップ：馴染みやすく効率的なアクセスポイント** |  **ファイルマネージャー：データを安全に保管** |
+| :--------: | :-------: |
+| ![桌面](https://file.bttcdn.com/github/terminus/v2/desktop.jpg) | ![文件](https://file.bttcdn.com/github/terminus/v2/files.jpg) |
+| **Vault：安心のパスワード管理**|**マーケット：コントロール可能なアプリエコシステム** |
+| ![vault](https://file.bttcdn.com/github/terminus/v2/vault.jpg) | ![市场](https://file.bttcdn.com/github/terminus/v2/market.jpg) |
+| **Wise：あなただけのデジタルガーデン** | **設定：Olaresを効率的に管理** |
+| ![设置](https://file.bttcdn.com/github/terminus/v2/wise.jpg) | ![](https://file.bttcdn.com/github/terminus/v2/settings.jpg) |
+| **ダッシュボード：Olaresを継続的に監視** | **プロフィール：ユニークなパーソナルページ** |
+| ![面板](https://file.bttcdn.com/github/terminus/v2/dashboard.jpg) | ![profile](https://file.bttcdn.com/github/terminus/v2/profile.jpg) |
+| **Studio：開発、デバッグ、デプロイをワンストップで**|**コントロールパネル：Kubernetesクラスターを簡単に管理** |
+| ![Devbox](https://file.bttcdn.com/github/terminus/v2/devbox.jpg) | ![控制中心](https://file.bttcdn.com/github/terminus/v2/controlhub.jpg)|
+
 ## なぜOlaresなのか？
 
 以下の理由とシナリオで、Olaresはプライベートで強力かつ安全な主権クラウド体験を提供します：
@@ -72,40 +107,18 @@ Olaresは以下のLinuxプラットフォームで動作検証を完了してい
 ### Olaresのセットアップ
 自分のデバイスでOlaresを始めるには、[はじめにガイド](https://docs.olares.com/manual/get-started/)に従ってステップバイステップの手順を確認してください。
 
-## アーキテクチャ
-
-Olaresのアーキテクチャは、次の2つの基本原則に基づいています：
-- Androidの設計思想を取り入れ、ソフトウェアの権限と対話性を制御することで、システムの安全かつ円滑な運用を実現します。
-- クラウドネイティブ技術を活用し、ハードウェアとミドルウェアサービスを効率的に管理します。
-
-  ![Olaresのアーキテクチ](https://file.bttcdn.com/github/terminus/v2/olares-arch-3.png)
-
-各コンポーネントの詳細については、[Olares アーキテクチャ](https://docs.olares.com/manual/system-architecture.html)（英語版）をご参照ください。
-
-## 機能
-
-Olaresは、セキュリティ、使いやすさ、開発の柔軟性を向上させるための幅広い機能を提供します：
-
-- **エンタープライズグレードのセキュリティ**: Tailscale、Headscale、Cloudflare Tunnel、FRPを使用してネットワーク構成を簡素化します。
-- **安全で許可のないアプリケーションエコシステム**: サンドボックス化によりアプリケーションの分離とセキュリティを確保します。
-- **統一ファイルシステムとデータベース**: 自動スケーリング、バックアップ、高可用性を提供します。
-- **シングルサインオン**: 一度ログインするだけで、Olares内のすべてのアプリケーションに共有認証サービスを使用してアクセスできます。
-- **AI機能**: GPU管理、ローカルAIモデルホスティング、プライベートナレッジベースの包括的なソリューションを提供し、データプライバシーを維持します。
-- **内蔵アプリケーション**: ファイルマネージャー、同期ドライブ、ボールト、リーダー、アプリマーケット、設定、ダッシュボードを含みます。
-- **どこからでもシームレスにアクセス**: モバイル、デスクトップ、ブラウザ用の専用クライアントを使用して、どこからでもデバイスにアクセスできます。
-- **開発ツール**: アプリケーションの開発と移植を容易にする包括的な開発ツールを提供します。
 
 ## プロジェクトナビゲーション
 
 このセクションでは、Olares リポジトリ内の主要なディレクトリをリストアップしています：
 
-* **`apps`**: システムアプリケーションのコードが含まれており、主に `larepass` 用です。
-* **`cli`**: Olares のコマンドラインインターフェースツールである `olares-cli` のコードが含まれています。
-* **`daemon`**: システムデーモンプロセスである `olaresd` のコードが含まれています。
+* **[`apps`](./apps)**: システムアプリケーションのコードが含まれており、主に `larepass` 用です。
+* **[`cli`](./cli)**: Olares のコマンドラインインターフェースツールである `olares-cli` のコードが含まれています。
+* **[`daemon`](./daemon)**: システムデーモンプロセスである `olaresd` のコードが含まれています。
 * **`docs`**: プロジェクトのドキュメントが含まれています。
-* **`framework`**: Olares システムサービスが含まれています。
-* **`infrastructure`**: コンピューティング、ストレージ、ネットワーキング、GPU などのインフラストラクチャコンポーネントに関連するコードが含まれています。
-* **`platform`**: データベースやメッセージキューなどのクラウドネイティブコンポーネントのコードが含まれています。
+* **[`framework`](./framework)**: Olares システムサービスが含まれています。
+* **[`infrastructure`](./infrastructure)**: コンピューティング、ストレージ、ネットワーキング、GPU などのインフラストラクチャコンポーネントに関連するコードが含まれています。
+* **[`platform`](./platform)**: データベースやメッセージキューなどのクラウドネイティブコンポーネントのコードが含まれています。
 * **`vendor`**: サードパーティのハードウェアベンダーからのコードが含まれています。
 
 ## Olaresへの貢献

apps/.olares/config/user/helm-charts/market/Chart.yaml

@@ -1,26 +0,0 @@
-apiVersion: v2
-name: appstore
-description: A Helm chart for Kubernetes
-maintainers:
-- name: bytetrade
-
-# A chart can be either an 'application' or a 'library' chart.
-#
-# Application charts are a collection of templates that can be packaged into versioned archives
-# to be deployed.
-#
-# Library charts provide useful utilities or functions for the chart developer. They're included as
-# a dependency of application charts to inject those utilities and functions into the rendering
-# pipeline. Library charts do not define any templates and therefore cannot be deployed.
-type: application
-
-# This is the chart version. This version number should be incremented each time you make changes
-# to the chart and its templates, including the app version.
-# Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.0.1
-
-# This is the version number of the application being deployed. This version number should be
-# incremented each time you make changes to the application. Versions are not expected to
-# follow Semantic Versioning. They should reflect the version the application is using.
-# It is recommended to use it with quotes.
-appVersion: "1.16.0"

apps/.olares/config/user/helm-charts/market/templates/_helpers.tpl

@@ -1,62 +0,0 @@
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "appstore.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "appstore.fullname" -}}
-{{- if .Values.fullnameOverride }}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- $name := default .Chart.Name .Values.nameOverride }}
-{{- if contains $name .Release.Name }}
-{{- .Release.Name | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
-{{- end }}
-{{- end }}
-{{- end }}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "appstore.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Common labels
-*/}}
-{{- define "appstore.labels" -}}
-helm.sh/chart: {{ include "appstore.chart" . }}
-{{ include "appstore.selectorLabels" . }}
-{{- if .Chart.AppVersion }}
-app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
-{{- end }}
-app.kubernetes.io/managed-by: {{ .Release.Service }}
-{{- end }}
-
-{{/*
-Selector labels
-*/}}
-{{- define "appstore.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "appstore.name" . }}
-app.kubernetes.io/instance: {{ .Release.Name }}
-{{- end }}
-
-{{/*
-Create the name of the service account to use
-*/}}
-{{- define "appstore.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
-{{- default (include "appstore.fullname" .) .Values.serviceAccount.name }}
-{{- else }}
-{{- default "default" .Values.serviceAccount.name }}
-{{- end }}
-{{- end }}

apps/.olares/config/user/helm-charts/market/templates/market_deploy.yaml

@@ -1,291 +0,0 @@
-{{- $market_secret := (lookup "v1" "Secret" .Release.Namespace "market-secrets") -}}
-
-{{- $redis_password := "" -}}
-{{ if $market_secret -}}
-{{ $redis_password = (index $market_secret "data" "redis-passwords") }}
-{{ else -}}
-{{ $redis_password = randAlphaNum 16 | b64enc }}
-{{- end -}}
-
-apiVersion: v1
-kind: Secret
-metadata:
-  name: market-secrets
-  namespace: {{ .Release.Namespace }}
-type: Opaque
-data:
-  redis-passwords: {{ $redis_password }}
-
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: market-deployment
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app: appstore
-    applications.app.bytetrade.io/author: bytetrade.io
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: appstore
-  template:
-    metadata:
-      labels:
-        app: appstore
-        io.bytetrade.app: "true"
-      annotations:
-        instrumentation.opentelemetry.io/inject-go: "olares-instrumentation"
-        instrumentation.opentelemetry.io/go-container-names: "appstore-backend"    
-        instrumentation.opentelemetry.io/otel-go-auto-target-exe: "/opt/app/market"
-    spec:
-      priorityClassName: "system-cluster-critical"
-      initContainers:
-        - args:
-          - -it
-          - authelia-backend.os-system:9091
-          image: owncloudci/wait-for:latest
-          imagePullPolicy: IfNotPresent
-          name: check-auth
-        - name: terminus-sidecar-init
-          image: openservicemesh/init:v1.2.3
-          imagePullPolicy: IfNotPresent
-          securityContext:
-            privileged: true
-            capabilities: 
-              add:
-              - NET_ADMIN
-            runAsNonRoot: false
-            runAsUser: 0
-          command:
-          - /bin/sh
-          - -c
-          - |
-            iptables-restore --noflush <<EOF
-            # sidecar interception rules
-            *nat
-            :PROXY_IN_REDIRECT - [0:0]
-            :PROXY_INBOUND - [0:0]
-            -A PROXY_IN_REDIRECT -p tcp -j REDIRECT --to-port 15003
-            -A PROXY_INBOUND -p tcp --dport 15000 -j RETURN
-            -A PROXY_INBOUND -p tcp -j PROXY_IN_REDIRECT
-            -A PREROUTING -p tcp -j PROXY_INBOUND
-            COMMIT
-            EOF
-          
-          env:
-          - name: POD_IP
-            valueFrom:
-              fieldRef:
-                apiVersion: v1
-                fieldPath: status.podIP         
-      containers:
-      - name: appstore-backend
-        image: beclab/market-backend:v0.3.12
-        imagePullPolicy: IfNotPresent
-        ports:
-          - containerPort: 81
-        env:
-          - name: OS_SYSTEM_SERVER
-            value: system-server.user-system-{{ .Values.bfl.username }}
-          - name: OS_APP_SECRET
-            value: '{{ .Values.os.appstore.appSecret }}'
-          - name: OS_APP_KEY
-            value: {{ .Values.os.appstore.appKey }}
-          - name: APP_SOTRE_SERVICE_SERVICE_HOST
-            value: appstore-server-prod.bttcdn.com
-          - name: MARKET_PROVIDER
-            value: '{{ .Values.os.appstore.marketProvider }}'
-          - name: APP_SOTRE_SERVICE_SERVICE_PORT
-            value: '443'
-          - name: APP_SERVICE_SERVICE_HOST
-            value: app-service.os-system
-          - name: APP_SERVICE_SERVICE_PORT
-            value: '6755'
-          - name: REPO_URL_PORT
-            value: "82"
-          - name: REDIS_ADDRESS
-            value: 'redis-cluster-proxy.user-system-{{ .Values.bfl.username }}:6379'
-          - name: REDIS_PASSWORD
-            valueFrom:
-              secretKeyRef:
-                name: market-secrets
-                key: redis-passwords
-          - name: REDIS_DB_NUMBER
-            value: '0'
-          - name: REPO_URL_HOST
-            valueFrom:
-              fieldRef:
-                fieldPath: status.podIP
-
-        volumeMounts:
-          - name: opt-data
-            mountPath: /opt/app/data
-      - name: terminus-envoy-sidecar
-        image: bytetrade/envoy:v1.25.11
-        imagePullPolicy: IfNotPresent
-        securityContext:
-          allowPrivilegeEscalation: false
-          runAsUser: 1000
-        ports:
-        - name: proxy-admin
-          containerPort: 15000
-        - name: proxy-inbound
-          containerPort: 15003
-        volumeMounts:
-        - name: terminus-sidecar-config
-          readOnly: true
-          mountPath: /etc/envoy/envoy.yaml
-          subPath: envoy.yaml
-        command:
-        - /usr/local/bin/envoy
-        - --log-level
-        - debug
-        - -c
-        - /etc/envoy/envoy.yaml
-        env:
-        - name: POD_UID
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.uid
-        - name: POD_NAME
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.name
-        - name: POD_NAMESPACE
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.namespace
-        - name: POD_IP
-          valueFrom:
-            fieldRef:
-              fieldPath: status.podIP
-      - name: terminus-ws-sidecar
-        image: 'beclab/ws-gateway:v1.0.5'
-        command:
-          - /ws-gateway
-        env:
-          - name: WS_PORT
-            value: '81'
-          - name: WS_URL
-            value: /app-store/v1/websocket/message
-        resources: { }
-        terminationMessagePath: /dev/termination-log
-        terminationMessagePolicy: File
-        imagePullPolicy: IfNotPresent
-      volumes:
-      - name: terminus-sidecar-config
-        configMap:
-          name: sidecar-ws-configs
-          items:
-          - key: envoy.yaml
-            path: envoy.yaml
-      - name: opt-data
-        hostPath:
-          path: '{{ .Values.userspace.appData}}/appstore/data'
-          type: DirectoryOrCreate
-      - name: app
-        emptyDir: {}
-      - name: nginx-confd
-        emptyDir: {}
-
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: appstore-service
-  namespace: {{ .Release.Namespace }}
-spec:
-  selector:
-    app: appstore
-  type: ClusterIP
-  ports:
-    - protocol: TCP
-      name: appstore-backend
-      port: 81
-      targetPort: 81
-
----
-apiVersion: sys.bytetrade.io/v1alpha1
-kind: ApplicationPermission
-metadata:
-  name: appstore
-  namespace: user-system-{{ .Values.bfl.username }}
-spec:
-  app: appstore
-  appid: appstore
-  key: {{ .Values.os.appstore.appKey }}
-  secret: {{ .Values.os.appstore.appSecret }}
-  permissions:
-  - dataType: event
-    group: message-disptahcer.system-server
-    ops:
-      - Create
-    version: v1
-  - dataType: app
-    group: service.bfl
-    ops:
-      - UserApps
-    version: v1
-status:
-  state: active
-
----
-apiVersion: sys.bytetrade.io/v1alpha1
-kind: ProviderRegistry
-metadata:
-  name: appstore-backend-provider
-  namespace: user-system-{{ .Values.bfl.username }}
-spec:
-  dataType: app
-  deployment: market
-  description: app store provider
-  endpoint: appstore-service.{{ .Release.Namespace }}
-  group: service.appstore
-  kind: provider
-  namespace: {{ .Release.Namespace }}
-  opApis:
-    - name: InstallDevApp
-      uri: /app-store/v1/applications/provider/installdev
-    - name: UninstallDevApp
-      uri: /app-store/v1/applications/provider/uninstalldev
-  version: v1
-status:
-  state: active
----
-apiVersion: apr.bytetrade.io/v1alpha1
-kind: MiddlewareRequest
-metadata:
-  name: market-redis
-  namespace: {{ .Release.Namespace }}
-spec:
-  app: market
-  appNamespace: {{ .Release.Namespace }}
-  middleware: redis
-  redis:
-    password:
-      valueFrom:
-        secretKeyRef:
-          key: redis-passwords
-          name: market-secrets
-    namespace: market
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: appstore-svc
-  namespace: {{ .Release.Namespace }}
-spec:
-  type: ClusterIP
-  selector:
-    app: appstore
-  ports:
-    - name: "appstore-backend"
-      protocol: TCP
-      port: 81
-      targetPort: 81
-    - name: "appstore-websocket"
-      protocol: TCP
-      port: 40010
-      targetPort: 40010

apps/.olares/config/user/helm-charts/market/values.yaml

@@ -1,44 +0,0 @@
-bfl:
-  nodeport: 30883
-  nodeport_ingress_http: 30083
-  nodeport_ingress_https: 30082
-  username: 'test'
-  url: 'test'
-  nodeName: test
-pvc:
-  userspace: test
-userspace:
-  userData: test/Home
-  appData: test/Data
-  appCache: test
-  dbdata: test
-docs:
-  nodeport: 30881
-desktop:
-  nodeport: 30180
-os:
-  portfolio:
-    appKey: '${ks[0]}'
-    appSecret: test
-  vault:
-    appKey: '${ks[0]}'
-    appSecret: test
-  desktop:
-    appKey: '${ks[0]}'
-    appSecret: test
-  message:
-    appKey: '${ks[0]}'
-    appSecret: test
-  rss:
-    appKey: '${ks[0]}'
-    appSecret: test
-  search:
-    appKey: '${ks[0]}'
-    appSecret: test
-  search2:
-    appKey: '${ks[0]}'
-    appSecret: test
-  appstore:
-    marketProvider: ''
-kubesphere:
-  redis_password: ""

apps/.olares/config/user/helm-charts/studio/templates/deployment.yaml

@@ -1,549 +1,13 @@
-{{- $namespace := printf "%s%s" "user-system-" .Values.bfl.username -}}
-{{- $studio_secret := (lookup "v1" "Secret" $namespace "studio-secrets") -}}
-
-{{- $pg_password := "" -}}
-{{ if $studio_secret -}}
-{{ $pg_password = (index $studio_secret "data" "pg_password") }}
-{{ else -}}
-{{ $pg_password = randAlphaNum 16 | b64enc }}
-{{- end -}}
-
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: studio-secrets
-  namespace: user-system-{{ .Values.bfl.username }}
-type: Opaque
-data:
-  pg_password: {{ $pg_password }}
-
----
-apiVersion: apr.bytetrade.io/v1alpha1
-kind: MiddlewareRequest
-metadata:
-  name: studio-pg
-  namespace: user-system-{{ .Values.bfl.username }}
-spec:
-  app: studio
-  appNamespace: {{ .Release.Namespace }}
-  middleware: postgres
-  postgreSQL:
-    user: studio_{{ .Values.bfl.username }}
-    password:
-      valueFrom:
-        secretKeyRef:
-          key: pg_password
-          name: studio-secrets
-    databases:
-      - name: studio
----
 apiVersion: v1
 kind: Service
 metadata:
   name: studio-server
-  namespace: {{ .Release.Namespace }}
+  namespace: user-space-{{ .Values.bfl.username }}
 spec:
-  selector:
-    app: studio-server
+  type: ExternalName
+  externalName: studio-server.os-framework.svc.cluster.local
   ports:
     - protocol: TCP
+      name: studio-server
       port: 8080
-      targetPort: 8088
-      name: http
-    - protocol: TCP
-      port: 8083
-      targetPort: 8083
-      name: https
-
----
-kind: Service
-apiVersion: v1
-metadata:
-  name: chartmuseum-studio
-  namespace: {{ .Release.Namespace }}
-spec:
-  ports:
-    - name: http
-      protocol: TCP
-      port: 8080
-      targetPort: 8888
-  selector:
-    app: studio-server
-
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: studio-san-cnf
-  namespace: {{ .Release.Namespace }}
-data:
-  san.cnf: |
-    [req]
-    distinguished_name = req_distinguished_name
-    req_extensions = v3_req
-    prompt = no
-
-    [req_distinguished_name]
-    countryName = CN
-    stateOrProvinceName = Beijing
-    localityName = Beijing
-    0.organizationName = bytetrade
-    commonName = studio-server.{{ .Release.Namespace }}.svc
-
-    [v3_req]
-    basicConstraints = CA:FALSE
-    keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-    subjectAltName = @bytetrade
-
-    [bytetrade]
-    DNS.1 = studio-server.{{ .Release.Namespace }}.svc
-
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: studio-server
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app: studio-server
-    applications.app.bytetrade.io/author: bytetrade.io
-spec:
-  replicas: 1
-  strategy:
-    type: Recreate
-  selector:
-    matchLabels:
-      app: studio-server
-  template:
-    metadata:
-      labels:
-        app: studio-server
-    spec:
-      serviceAccountName: bytetrade-controller
-      volumes:
-        - name: chart
-          hostPath:
-            type: DirectoryOrCreate
-            path: '{{ .Values.userspace.appData}}/studio/Chart'
-        - name: data
-          hostPath:
-            type: DirectoryOrCreate
-            path: '{{ .Values.userspace.appData }}/studio/Data'
-        - name: storage-volume
-          hostPath:
-            path: '{{ .Values.userspace.appData }}/studio/helm-repo-dev'
-            type: DirectoryOrCreate
-        - name: config-san
-          configMap:
-            name: studio-san-cnf
-            items:
-              - key: san.cnf
-                path: san.cnf
-        - name: sidecar-configs-studio
-          configMap:
-            name: sidecar-configs-studio
-            items:
-              - key: envoy.yaml
-                path: envoy.yaml
-        - name: certs
-          emptyDir: {}
-      initContainers:
-        - name: init-chmod-data
-          image: busybox:1.28
-          imagePullPolicy: IfNotPresent
-          command:
-            - sh
-            - '-c'
-            - |
-              chown -R 1000:1000 /home/coder
-              chown -R 65532:65532 /charts
-              chown -R 65532:65532 /data
-          securityContext:
-            runAsUser: 0
-          resources: { }
-          volumeMounts:
-            - name: storage-volume
-              mountPath: /home/coder
-            - name: chart
-              mountPath: /charts
-            - name: data
-              mountPath: /data
-        - name: terminus-sidecar-init
-          image: aboveos/openservicemesh-init:v1.2.3
-          imagePullPolicy: IfNotPresent
-          command:
-            - /bin/sh
-            - -c
-            - |
-              iptables-restore --noflush <<EOF
-              # sidecar interception rules
-              *nat
-              :PROXY_IN_REDIRECT - [0:0]
-              :PROXY_INBOUND - [0:0]
-              :PROXY_OUTBOUND - [0:0]
-              :PROXY_OUT_REDIRECT - [0:0]
-
-              -A PREROUTING -p tcp -j PROXY_INBOUND
-              -A OUTPUT -p tcp -j PROXY_OUTBOUND
-              -A PROXY_INBOUND -p tcp --dport 15000 -j RETURN
-              -A PROXY_INBOUND -p tcp --dport 8083 -j RETURN
-              -A PROXY_INBOUND -p tcp -j PROXY_IN_REDIRECT
-              -A PROXY_IN_REDIRECT -p tcp -j REDIRECT --to-port 15003
-
-
-              -A PROXY_OUTBOUND -p tcp --dport 5432 -j RETURN
-              -A PROXY_OUTBOUND -p tcp --dport 6379 -j RETURN
-              -A PROXY_OUTBOUND -p tcp --dport 27017 -j RETURN
-              -A PROXY_OUTBOUND -p tcp --dport 443 -j RETURN
-              -A PROXY_OUTBOUND -p tcp --dport 8080 -j RETURN
-
-              -A PROXY_OUTBOUND -d ${POD_IP}/32 -j RETURN
-
-              -A PROXY_OUTBOUND -o lo ! -d 127.0.0.1/32 -m owner --uid-owner 1555 -j PROXY_IN_REDIRECT
-              -A PROXY_OUTBOUND -o lo -m owner ! --uid-owner 1555 -j RETURN
-              -A PROXY_OUTBOUND -m owner --uid-owner 1555 -j RETURN
-              -A PROXY_OUTBOUND -d 127.0.0.1/32 -j RETURN
-
-              -A PROXY_OUTBOUND -j PROXY_OUT_REDIRECT
-              -A PROXY_OUT_REDIRECT -p tcp -j REDIRECT --to-port 15001
-
-              COMMIT
-              EOF
-          env:
-            - name: POD_IP
-              valueFrom:
-                fieldRef:
-                  apiVersion: v1
-                  fieldPath: status.podIP
-          securityContext:
-            privileged: true
-            capabilities:
-              add:
-                - NET_ADMIN
-            runAsNonRoot: false
-            runAsUser: 0
-
-        - name: generate-certs
-          image: beclab/openssl:v3
-          imagePullPolicy: IfNotPresent
-          command: [ "/bin/sh", "-c" ]
-          args:
-            - |
-              openssl genrsa -out /etc/certs/ca.key 2048
-              openssl req -new -x509 -days 3650 -key /etc/certs/ca.key -out /etc/certs/ca.crt \
-                -subj "/CN=bytetrade CA/O=bytetrade/C=CN"
-              openssl req -new -newkey rsa:2048 -nodes \
-                -keyout /etc/certs/server.key -out /etc/certs/server.csr \
-                -config /etc/san/san.cnf
-              openssl x509 -req -days 3650 -in /etc/certs/server.csr \
-                -CA /etc/certs/ca.crt -CAkey /etc/certs/ca.key \
-                -CAcreateserial -out /etc/certs/server.crt \
-                -extensions v3_req -extfile /etc/san/san.cnf
-              chown -R 65532 /etc/certs/*
-          volumeMounts:
-            - name: config-san
-              mountPath: /etc/san
-            - name: certs
-              mountPath: /etc/certs
-
-      containers:
-        - name: studio
-          image: beclab/studio-server:v0.1.50
-          imagePullPolicy: IfNotPresent
-          args:
-            - server
-          ports:
-            - name: port
-              containerPort: 8088
-              protocol: TCP
-            - name: ssl-port
-              containerPort: 8083
-              protocol: TCP
-          volumeMounts:
-            - name: chart
-              mountPath: /charts
-            - name: data
-              mountPath: /data
-            - mountPath: /etc/certs
-              name: certs
-          lifecycle:
-            preStop:
-              exec:
-                command:
-                  - "/studio"
-                  - "clean"
-          env:
-            - name: BASE_DIR
-              value: /charts
-            - name: OS_API_KEY
-              value: {{ .Values.os.studio.appKey }}
-            - name: OS_API_SECRET
-              value: {{ .Values.os.studio.appSecret }}
-            - name: OS_SYSTEM_SERVER
-              value: system-server.user-system-{{ .Values.bfl.username }}
-            - name: NAME_SPACE
-              value: {{ .Release.Namespace }}
-            - name: OWNER
-              value: '{{ .Values.bfl.username }}'
-            - name: DB_HOST
-              value: citus-master-svc.user-system-{{ .Values.bfl.username }}
-            - name: DB_USERNAME
-              value: studio_{{ .Values.bfl.username }}
-            - name: DB_PASSWORD
-              value: "{{ $pg_password | b64dec }}"
-            - name: DB_NAME
-              value: user_space_{{ .Values.bfl.username }}_studio
-            - name: DB_PORT
-              value: "5432"
-          resources:
-            requests:
-              cpu: "50m"
-              memory: 100Mi
-            limits:
-              cpu: "0.5"
-              memory: 1000Mi
-        - name: terminus-envoy-sidecar
-          image: bytetrade/envoy:v1.25.11.1
-          imagePullPolicy: IfNotPresent
-          securityContext:
-            allowPrivilegeEscalation: false
-            runAsUser: 1555
-          ports:
-            - name: proxy-admin
-              containerPort: 15000
-            - name: proxy-inbound
-              containerPort: 15003
-            - name: proxy-outbound
-              containerPort: 15001
-          resources:
-            requests:
-              cpu: "50m"
-              memory: 100Mi
-            limits:
-              cpu: "0.5"
-              memory: 200Mi
-          volumeMounts:
-            - name: sidecar-configs-studio
-              readOnly: true
-              mountPath: /etc/envoy/envoy.yaml
-              subPath: envoy.yaml
-          command:
-            - /usr/local/bin/envoy
-            - --log-level
-            - debug
-            - -c
-            - /etc/envoy/envoy.yaml
-          env:
-            - name: POD_UID
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.uid
-            - name: POD_NAME
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.name
-            - name: POD_NAMESPACE
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.namespace
-            - name: POD_IP
-              valueFrom:
-                fieldRef:
-                  fieldPath: status.podIP
-            - name: APP_KEY
-              value: {{ .Values.os.studio.appKey }}
-            - name: APP_SECRET
-              value: {{ .Values.os.studio.appSecret }}
-        - name: chartmuseum
-          image: aboveos/helm-chartmuseum:v0.15.0
-          args:
-            - '--port=8888'
-            - '--storage-local-rootdir=/storage'
-          ports:
-            - name: http
-              containerPort: 8888
-              protocol: TCP
-          env:
-            - name: CHART_POST_FORM_FIELD_NAME
-              value: chart
-            - name: DISABLE_API
-              value: 'false'
-            - name: LOG_JSON
-              value: 'true'
-            - name: PROV_POST_FORM_FIELD_NAME
-              value: prov
-            - name: STORAGE
-              value: local
-          resources:
-            requests:
-              cpu: "50m"
-              memory: 100Mi
-            limits:
-              cpu: 1000m
-              memory: 512Mi
-          volumeMounts:
-            - name: storage-volume
-              mountPath: /storage
-          livenessProbe:
-            httpGet:
-              path: /health
-              port: http
-              scheme: HTTP
-            initialDelaySeconds: 5
-            timeoutSeconds: 1
-            periodSeconds: 10
-            successThreshold: 1
-            failureThreshold: 3
-          readinessProbe:
-            httpGet:
-              path: /health
-              port: http
-              scheme: HTTP
-            initialDelaySeconds: 5
-            timeoutSeconds: 1
-            periodSeconds: 10
-            successThreshold: 1
-            failureThreshold: 3
-
----
-apiVersion: v1
-data:
-  envoy.yaml: |
-    admin:
-      access_log_path: "/dev/stdout"
-      address:
-        socket_address:
-          address: 0.0.0.0
-          port_value: 15000
-    static_resources:
-      listeners:
-        - name: listener_0
-          address:
-            socket_address:
-              address: 0.0.0.0
-              port_value: 15003
-          listener_filters:
-            - name: envoy.filters.listener.original_dst
-              typed_config:
-                "@type": type.googleapis.com/envoy.extensions.filters.listener.original_dst.v3.OriginalDst
-          filter_chains:
-            - filters:
-                - name: envoy.filters.network.http_connection_manager
-                  typed_config:
-                    "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
-                    stat_prefix: desktop_http
-                    upgrade_configs:
-                      - upgrade_type: websocket
-                      - upgrade_type: tailscale-control-protocol
-                    skip_xff_append: false
-                    codec_type: AUTO
-                    route_config:
-                      name: local_route
-                      virtual_hosts:
-                        - name: service
-                          domains: ["*"]
-                          routes:
-                            - match:
-                                prefix: "/"
-                              route:
-                                cluster: original_dst
-                                timeout: 1800s
-                    http_protocol_options:
-                      accept_http_10: true
-                    http_filters:
-                      - name: envoy.filters.http.router
-                        typed_config:
-                          "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
-        - name: listener_1
-          address:
-            socket_address:
-              address: 0.0.0.0
-              port_value: 15001
-          listener_filters:
-            - name: envoy.filters.listener.original_dst
-              typed_config:
-                "@type": type.googleapis.com/envoy.extensions.filters.listener.original_dst.v3.OriginalDst
-          filter_chains:
-            - filters:
-                - name: envoy.filters.network.http_connection_manager
-                  typed_config:
-                    "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
-                    stat_prefix: studio_out_http
-                    skip_xff_append: false
-                    codec_type: AUTO
-                    route_config:
-                      name: local_route
-                      virtual_hosts:
-                        - name: service
-                          domains: ["*"]
-                          routes:
-                            - match:
-                                prefix: "/server/intent/send"
-                              request_headers_to_add:
-                                - header:
-                                    key: X-App-Key
-                                    value: {{ .Values.os.studio.appKey }}
-                              route:
-                                cluster: system-server
-                                prefix_rewrite: /system-server/v2/legacy_api/api.intent/v2/server/intent/send
-                            - match:
-                                prefix: "/"
-                              route:
-                                cluster: original_dst
-                                timeout: 1800s
-                              typed_per_filter_config:
-                                envoy.filters.http.lua:
-                                  "@type": type.googleapis.com/envoy.extensions.filters.http.lua.v3.LuaPerRoute
-                                  disabled: true
-
-                    http_protocol_options:
-                      accept_http_10: true
-                    http_filters:
-                      - name: envoy.filters.http.lua
-                        typed_config:
-                          "@type": type.googleapis.com/envoy.extensions.filters.http.lua.v3.Lua
-                          inline_code:
-                            local sha = require("lib.sha2")
-                            function envoy_on_request(request_handle)
-                            local app_key = os.getenv("APP_KEY")
-                            local app_secret = os.getenv("APP_SECRET")
-                            local current_time = os.time()
-                            local minute_level_time = current_time - (current_time % 60)
-                            local time_string = tostring(minute_level_time)
-                            local s = app_key .. app_secret .. time_string
-                            request_handle:logInfo("originstring:" .. s)
-                            local hash = sha.sha256(s)
-                            request_handle:logInfo("Hello World.")
-                            request_handle:logInfo(hash)
-                            request_handle:headers():add("X-Auth-Signature",hash)
-                            end
-                      - name: envoy.filters.http.router
-                        typed_config:
-                          "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
-
-
-      clusters:
-        - name: original_dst
-          connect_timeout: 5000s
-          type: ORIGINAL_DST
-          lb_policy: CLUSTER_PROVIDED
-        - name: system-server
-          connect_timeout: 2s
-          type: LOGICAL_DNS
-          dns_lookup_family: V4_ONLY
-          dns_refresh_rate: 600s
-          lb_policy: ROUND_ROBIN
-          load_assignment:
-            cluster_name: system-server
-            endpoints:
-              - lb_endpoints:
-                  - endpoint:
-                      address:
-                        socket_address:
-                          address: system-server.user-system-{{ .Values.bfl.username }}
-                          port_value: 80
-kind: ConfigMap
-metadata:
-  name: sidecar-configs-studio
-  namespace: {{ .Release.Namespace }}
+      targetPort: 8080

apps/.olares/config/user/helm-charts/wizard/templates/wizard_deploy.yaml

@@ -22,42 +22,10 @@ spec:
       initContainers:
       - args:
         - -it
-        - authelia-backend.os-system:9091
+        - authelia-backend.os-framework:9091
         image: owncloudci/wait-for:latest
         imagePullPolicy: IfNotPresent
         name: check-auth
-      # - name: terminus-sidecar-init
-      #   image: openservicemesh/init:v1.2.3
-      #   imagePullPolicy: IfNotPresent
-      #   securityContext:
-      #     privileged: true
-      #     capabilities: 
-      #       add:
-      #       - NET_ADMIN
-      #     runAsNonRoot: false
-      #     runAsUser: 0
-      #   command:
-      #   - /bin/sh
-      #   - -c
-      #   - |
-      #     iptables-restore --noflush <<EOF
-      #     # sidecar interception rules
-      #     *nat
-      #     :PROXY_IN_REDIRECT - [0:0]
-      #     :PROXY_INBOUND - [0:0]
-      #     -A PROXY_IN_REDIRECT -p tcp -j REDIRECT --to-port 15003
-      #     -A PROXY_INBOUND -p tcp --dport 15000 -j RETURN
-      #     -A PROXY_INBOUND -p tcp -j PROXY_IN_REDIRECT
-      #     -A PREROUTING -p tcp -j PROXY_INBOUND
-      #     COMMIT
-      #     EOF
-        
-      #   env:
-      #   - name: POD_IP
-      #     valueFrom:
-      #       fieldRef:
-      #         apiVersion: v1
-      #         fieldPath: status.podIP
 
       containers:
       - name: wizard
@@ -68,77 +36,11 @@ spec:
         env:
           - name: apiServerURL
             value: http://bfl.{{ .Release.Namespace }}:8080
-
-      # - name: wizard-server
-      #   image: aboveos/wizard-server:v0.4.2
-      #   imagePullPolicy: IfNotPresent
-      #   volumeMounts:
-      #   - name: userspace-dir
-      #     mountPath: /Home
-      #   ports:
-      #   - containerPort: 3000
-      #   env:
-      #   - name: OS_SYSTEM_SERVER
-      #     value: system-server.user-system-{{ .Values.bfl.username }}
-      #   - name: OS_APP_SECRET
-      #     value: '{{ .Values.os.desktop.appSecret }}'
-      #   - name: OS_APP_KEY
-      #     value: {{ .Values.os.desktop.appKey }}
-      #   - name: APP_SERVICE_SERVICE_HOST
-      #     value: app-service.os-system
-      #   - name: APP_SERVICE_SERVICE_PORT
-      #     value: '6755'
-
-      # - name: terminus-envoy-sidecar
-      #   image: bytetrade/envoy:v1.25.11
-      #   imagePullPolicy: IfNotPresent
-      #   securityContext:
-      #     allowPrivilegeEscalation: false
-      #     runAsUser: 1000
-      #   ports:
-      #   - name: proxy-admin
-      #     containerPort: 15000
-      #   - name: proxy-inbound
-      #     containerPort: 15003
-      #   volumeMounts:
-      #   - name: terminus-sidecar-config
-      #     readOnly: true
-      #     mountPath: /etc/envoy/envoy.yaml
-      #     subPath: envoy.yaml
-      #   command:
-      #   - /usr/local/bin/envoy
-      #   - --log-level
-      #   - debug
-      #   - -c
-      #   - /etc/envoy/envoy.yaml
-      #   env:
-      #   - name: POD_UID
-      #     valueFrom:
-      #       fieldRef:
-      #         fieldPath: metadata.uid
-      #   - name: POD_NAME
-      #     valueFrom:
-      #       fieldRef:
-      #         fieldPath: metadata.name
-      #   - name: POD_NAMESPACE
-      #     valueFrom:
-      #       fieldRef:
-      #         fieldPath: metadata.namespace
-      #   - name: POD_IP
-      #     valueFrom:
-      #       fieldRef:
-      #         fieldPath: status.podIP
       volumes:
       - name: userspace-dir
         hostPath:
           type: Directory
           path: "{{ .Values.userspace.userData }}"
-      # - name: terminus-sidecar-config
-      #   configMap:
-      #     name: sidecar-configs
-      #     items:
-      #     - key: envoy.yaml
-      #       path: envoy.yaml
 
 ---
 apiVersion: v1

apps/README.md

@@ -0,0 +1,20 @@
+# Olares Apps
+
+## Overview
+
+This directory contains the code for system applications, primarily for LarePass. The following are the pre-installed system applications that offer tools for managing files, knowledge, passwords, and the system itself.
+
+## System Applications Overview
+
+| Application | Description |
+| --- | --- |
+| Files | A file management app that manages and synchronizes files across devices and sources, enabling seamless sharing and access. |
+| Wise | A local-first and AI-native modern reader that helps to collect, read, and manage information from various platforms. Users can run self-hosted recommendation algorithms to filter and sort online content. |
+| Vault | A secure password manager for storing and managing sensitive information across devices. |
+| Market | A decentralized and permissionless app store for installing, uninstalling, and updating applications and recommendation algorithms. |
+| Desktop | A hub for managing and interacting with installed applications. File and application searching are also supported. |
+| Profile | An app to customize the user's profile page. |
+| Settings | A system configuration application. |
+| Dashboard | An app for monitoring system resource usage. |
+| Control Hub | The console for Olares, providing precise and autonomous control over the system and its environment. |
+| DevBox | A development tool for building and deploying Olares applications. |

build/base-package/deploy/nvshare-system-quotas.yaml

@@ -1,42 +0,0 @@
-# Copyright (c) 2023 Georgios Alexopoulos
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# We must create the `ResourceQuota` object for the namespace in order for the
-# K8s API server to allow creation of resources with the `system-node-critical`
-# and `system-cluster-critical` PriorityClasses in this namespace.
-
-apiVersion: v1
-kind: ResourceQuota
-metadata:
-  name: pods-system-cluster-critical
-  namespace: nvshare-system
-spec:
-  scopeSelector:
-    matchExpressions:
-      - operator : In
-        scopeName: PriorityClass
-        values: ["system-cluster-critical"]
----
-apiVersion: v1
-kind: ResourceQuota
-metadata:
-  name: pods-system-node-critical
-  namespace: nvshare-system
-spec:
-  scopeSelector:
-    matchExpressions:
-      - operator : In
-        scopeName: PriorityClass
-        values: ["system-node-critical"]
-

build/base-package/deploy/nvshare-system.yaml

@@ -1,19 +0,0 @@
-# Copyright (c) 2023 Georgios Alexopoulos
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: nvshare-system
-

build/base-package/deploy/scheduler.yaml

@@ -1,66 +0,0 @@
-# Copyright (c) 2023 Georgios Alexopoulos
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: apps/v1
-kind: DaemonSet
-metadata:
-  name: nvshare-scheduler
-  namespace: nvshare-system
-spec:
-  selector:
-    matchLabels:
-      name: nvshare-scheduler
-  template:
-    metadata:
-      labels:
-        name: nvshare-scheduler
-    spec:
-      priorityClassName: system-node-critical
-      nodeSelector:
-        gpu.bytetrade.io/cuda-supported: 'true'
-      initContainers:
-      - name: init-dir
-        image: busybox:1.28
-        volumeMounts:
-        - name: nvshare-socket-directory
-          mountPath: /var/run/nvshare
-        command:
-        - sh
-        - -c
-        - "[ -d /var/run/nvshare/scheduler.sock ] && rm -rf /var/run/nvshare/scheduler.sock || true"
-      containers:
-      - name: nvshare-scheduler
-        image: bytetrade/nvshare:nvshare-scheduler
-        imagePullPolicy: IfNotPresent
-        securityContext:
-          allowPrivilegeEscalation: false
-          capabilities:
-            drop: ["ALL"]
-        command:
-        - sh
-        - -c
-        - "test -f /var/run/nvshare/scheduler.sock && rm -rf /var/run/nvshare/scheduler.sock; pid1 nvshare-scheduler"
-        volumeMounts:
-          - name: nvshare-socket-directory
-            mountPath: /var/run/nvshare
-      volumes:
-        - name: nvshare-socket-directory
-          hostPath:
-            path: /var/run/nvshare
-            type: DirectoryOrCreate
-      tolerations:
-      - key: nvidia.com/gpu
-        operator: Exists
-        effect: NoSchedule
-

build/base-package/install.sh

@@ -10,7 +10,7 @@ function command_exists() {
 if [[ x"$VERSION" == x"" ]]; then
     if [[ "$LOCAL_RELEASE" == "1" ]]; then
         ts=$(date +%Y%m%d%H%M%S)
-        export VERSION="0.0.0-local-dev-$ts"
+        export VERSION="1.12.0-$ts"
         echo "will build and use a local release of Olares with version: $VERSION"
         echo ""
     else
@@ -79,47 +79,55 @@ if [[ x"$os_type" == x"Darwin" ]]; then
     CLI_FILE="olares-cli-v${VERSION}_darwin_${ARCH}.tar.gz"
 fi
 
-if command_exists olares-cli && [[ "$(olares-cli -v | awk '{print $3}')" == "$VERSION" ]]; then
+if [[ "$LOCAL_RELEASE" == "1" ]]; then
+    if ! command_exists olares-cli ; then
+        echo "error: LOCAL_RELEASE specified but olares-cli not found"
+        exit 1
+    fi
     INSTALL_OLARES_CLI=$(which olares-cli)
-    echo "olares-cli already installed and is the expected version"
-    echo ""
 else
-    if [[ ! -f ${CLI_FILE} ]]; then
-        CLI_URL="${cdn_url}/${CLI_FILE}"
-
-        echo "downloading Olares installer from ${CLI_URL} ..."
+    if command_exists olares-cli && [[ "$(olares-cli -v | awk '{print $3}')" == "$VERSION" ]]; then
+        INSTALL_OLARES_CLI=$(which olares-cli)
+        echo "olares-cli already installed and is the expected version"
         echo ""
+    else
+        if [[ ! -f ${CLI_FILE} ]]; then
+            CLI_URL="${cdn_url}/${CLI_FILE}"
 
-        curl -Lo ${CLI_FILE} ${CLI_URL}
+            echo "downloading Olares installer from ${CLI_URL} ..."
+            echo ""
+
+            curl -Lo ${CLI_FILE} ${CLI_URL}
+
+            if [[ $? -ne 0 ]]; then
+                echo "error: failed to download Olares installer"
+                exit 1
+            else
+                echo "Olares installer ${VERSION} download complete!"
+                echo ""
+            fi
+        fi
+        INSTALL_OLARES_CLI="/usr/local/bin/olares-cli"
+        echo "unpacking Olares installer to $INSTALL_OLARES_CLI..."
+        echo ""
+        tar -zxf ${CLI_FILE} olares-cli && chmod +x olares-cli
+        if [[ x"$os_type" == x"Darwin" ]]; then
+            if [ ! -f "/usr/local/Cellar/olares" ]; then
+                current_user=$(whoami)
+                $sh_c "sudo mkdir -p /usr/local/Cellar/olares && sudo chown ${current_user}:staff /usr/local/Cellar/olares"
+            fi
+            $sh_c "mv olares-cli /usr/local/Cellar/olares/olares-cli && \
+                   sudo rm -rf /usr/local/bin/olares-cli && \
+                   sudo ln -s /usr/local/Cellar/olares/olares-cli $INSTALL_OLARES_CLI"
+        else
+            $sh_c "mv olares-cli $INSTALL_OLARES_CLI"
+        fi
 
         if [[ $? -ne 0 ]]; then
-            echo "error: failed to download Olares installer"
+            echo "error: failed to unpack Olares installer"
             exit 1
-        else
-            echo "Olares installer ${VERSION} download complete!"
-            echo ""
         fi
     fi
-    INSTALL_OLARES_CLI="/usr/local/bin/olares-cli"
-    echo "unpacking Olares installer to $INSTALL_OLARES_CLI..."
-    echo ""
-    tar -zxf ${CLI_FILE} olares-cli && chmod +x olares-cli
-    if [[ x"$os_type" == x"Darwin" ]]; then
-        if [ ! -f "/usr/local/Cellar/olares" ]; then
-            current_user=$(whoami)
-            $sh_c "sudo mkdir -p /usr/local/Cellar/olares && sudo chown ${current_user}:staff /usr/local/Cellar/olares"
-        fi
-        $sh_c "mv olares-cli /usr/local/Cellar/olares/olares-cli && \
-               sudo rm -rf /usr/local/bin/olares-cli && \
-               sudo ln -s /usr/local/Cellar/olares/olares-cli $INSTALL_OLARES_CLI"
-    else
-        $sh_c "mv olares-cli $INSTALL_OLARES_CLI"
-    fi
-
-    if [[ $? -ne 0 ]]; then
-        echo "error: failed to unpack Olares installer"
-        exit 1
-    fi
 fi
 
 PARAMS="--version $VERSION --base-dir $BASE_DIR"

build/base-package/publicRestoreInstaller.sh

@@ -1003,7 +1003,7 @@ _get_sts_bfl() {
 
 _get_deployment_backup_server() {
     local res
-    res=$($sh_c "${KUBECTL} -n os-system get deployment backup-server 2>/dev/null")
+    res=$($sh_c "${KUBECTL} -n os-framework get deployment backup 2>/dev/null")
     if [ "$?" -ne 0 ]; then
         echo 0
     fi

build/base-package/refresh_sts.sh

@@ -30,7 +30,7 @@ repaire_crd_terminus() {
 
     if [ ! -z "${AWS_SESSION_TOKEN_SETUP}" ]; then
         patch='[{"op":"add","path":"/metadata/annotations/bytetrade.io~1s3-sts","value":"'"$AWS_SESSION_TOKEN_SETUP"'"},{"op":"add","path":"/metadata/annotations/bytetrade.io~1s3-ak","value":"'"$AWS_ACCESS_KEY_ID_SETUP"'"},{"op":"add","path":"/metadata/annotations/bytetrade.io~1s3-sk","value":"'"$AWS_SECRET_ACCESS_KEY_SETUP"'"},{"op":"add","path":"/metadata/annotations/bytetrade.io~1cluster-id","value":"'"$CLUSTER_ID"'"}]'
-        $sh_c "${KUBECTL} patch terminus.sys.bytetrade.io terminus -n os-system --type='json' -p='$patch'"
+        $sh_c "${KUBECTL} patch terminus.sys.bytetrade.io terminus --type='json' -p='$patch'"
     fi
 }
 

build/base-package/upgrade_cmd.sh

@@ -1,616 +0,0 @@
-#!/usr/bin/env bash
-
-
-
-
-# Upgrading will be executed in  app-service container based on kubesphere/kubectl:v1.22.9
-# By default, the tool packages will be installed via apt during the docker build
-
-# env:
-# BASE_DIR
-
-
-function command_exists() {
-	command -v "$@" > /dev/null 2>&1
-}
-
-function get_shell_exec(){
-    user="$(id -un 2>/dev/null || true)"
-
-    sh_c='sh -c'
-	if [ "$user" != 'root' ]; then
-		if command_exists sudo && command_exists su; then
-			sh_c='sudo su -c'
-		else
-			cat >&2 <<-'EOF'
-			Error: this installer needs the ability to run commands as root.
-			We are unable to find either "sudo" or "su" available to make this happen.
-			EOF
-			exit 1
-		fi
-	fi
-}
-
-function get_bfl_api_port(){
-    local username=$1
-    $sh_c "${KUBECTL} get svc bfl -n user-space-${username} -o jsonpath='{.spec.ports[0].nodePort}'"
-}
-
-# function get_docs_port(){
-#     local username=$1
-#     $sh_c "${KUBECTL} get svc swagger-ui -n user-space-${username} -o jsonpath='{.spec.ports[0].nodePort}'"
-# }
-
-function get_desktop_port(){
-    local username=$1
-    $sh_c "${KUBECTL} get svc edge-desktop -n user-space-${username} -o jsonpath='{.spec.ports[0].nodePort}'"
-}
-
-function get_user_password(){
-    local username=$1
-    $sh_c "${KUBECTL} get user ${username} -o jsonpath='{.spec.password}'"
-}
-
-function get_user_email(){
-    local username=$1
-    $sh_c "${KUBECTL} get user ${username} -o jsonpath='{.spec.email}'"
-}
-
-
-function ensure_success() {
-    "$@"
-    local ret=$?
-
-    if [ $ret -ne 0 ]; then
-        echo "Fatal error, command: '$@'"
-        exit $ret
-    fi
-
-    return $ret
-}
-
-function validate_user(){
-    local username=$1
-    $sh_c "${KUBECTL} get ns user-space-${username} > /dev/null" 
-    local ret=$?
-    if [ $ret -ne 0 ]; then
-        echo "no"
-    else
-        echo "yes"
-    fi
-}
-
-function get_bfl_node(){
-    local username=$1
-    $sh_c "${KUBECTL} get pod  -n user-space-${username} -l 'tier=bfl' -o jsonpath='{.items[*].spec.nodeName}'"
-}
-
-function get_bfl_url() {
-    local username=$1
-    local user_bfl_port=$(get_bfl_api_port ${username})
-
-    bfl_ip=$(curl -s http://checkip.dyndns.org/ | grep -o "[[:digit:].]\+")
-    echo "http://$bfl_ip:${user_bfl_port}/bfl/apidocs.json"
-}
-
-function get_userspace_dir(){
-    local username=$1
-    local space_dir=$2
-    $sh_c "${KUBECTL} get pod  -n user-space-${username} -l 'tier=bfl' -o \
-    jsonpath='{range .items[0].spec.volumes[*]}{.name}{\" \"}{.persistentVolumeClaim.claimName}{\"\\n\"}{end}'" | \
-    while read pvc; do
-        local pvc_data=($pvc)
-        if [ ${#pvc_data[@]} -gt 1 ]; then
-            if [ "x${pvc_data[0]}" == "x${space_dir}" ]; then
-                local USERSPACE_PVC="${pvc_data[1]}"
-                local pv=$($sh_c "${KUBECTL} get pvc -n user-space-${username} ${pvc_data[1]} -o jsonpath='{.spec.volumeName}'")
-                local pv_path=$($sh_c "${KUBECTL} get pv ${pv} -o jsonpath='{.spec.hostPath.path}'")
-                local USERSPACE_PV_PATH="${pv_path}"
-
-                echo "${USERSPACE_PVC} ${USERSPACE_PV_PATH} ${pv}"
-                break
-            fi
-        fi
-    done 
-}
-
-function get_bfl_rand16(){
-    local username=$1
-    local prefix=$2
-
-    $sh_c "${KUBECTL} get sts -n user-space-${username} bfl -o jsonpath='{.metadata.annotations.${prefix}_rand16}'"
-}
-
-function gen_app_key_secret(){
-    local app=$1
-    local key="bytetrade_${app}_${RANDOM}"
-    local t=$(date +%s)
-    local secret=$(echo -n "${key}|${t}"|md5sum|cut -d" " -f1)
-
-    echo "${key} ${secret:0:16}"
-}
-
-function get_app_key_secret(){
-    local username=$1
-    local app=$2
-
-    local ks=$($sh_c "${KUBECTL} get appperm ${app} -n user-system-${username} -o jsonpath='{.spec.key} {.spec.secret}'")
-
-    if [ "x${ks}" == "x" ]; then
-        ks=$(gen_app_key_secret "${app}")
-    fi
-
-    echo "${ks}"
-}
-
-
-function get_app_settings(){
-    local username=$1
-    local apps=("vault" "desktop" "message" "wise" "search" "appstore" "notification" "dashboard" "settings" "studio" "profile" "agent" "files")
-    for a in ${apps[@]};do
-        ks=($(get_app_key_secret "$username" "$a"))
-        echo '
-  '${a}':
-    appKey: '${ks[0]}'    
-    appSecret: "'${ks[1]}'"    
-        '
-    done
-}
-
-
-
-function gen_bfl_values(){
-    local username=$1
-    local user_bfl_port=$(get_bfl_api_port ${username})
-
-    echo "Try to find the current bfl pv ..."
-    local pvc_path=($(get_userspace_dir ${username} "userspace-dir"))
-    local appcache_pvc_path=($(get_userspace_dir ${username} "appcache-dir"))
-    local dbdata_pvc_path=($(get_userspace_dir ${username} "dbdata-dir"))
-
-    local userspace_rand16=$(get_userspace_dir ${username} "userspace")
-    local appcache_rand16=$(get_userspace_dir ${username} "Cache")
-    local dbdata_rand16=$(get_userspace_dir ${username} "dbdata")
-
-    echo '
-bfl:
-  nodeport: '${user_bfl_port}'
-  username: '${username}'
-
-  userspace_rand16: '${userspace_rand16}'
-  userspace_pv: '${pvc_path[2]}'
-  userspace_pvc: '${pvc_path[0]}'
-
-  appcache_rand16: '${appcache_rand16}'
-  appcache_pv: '${appcache_pvc_path[2]}'
-  appcache_pvc: '${appcache_pvc_path[0]}'
-
-  dbdata_rand16: '${dbdata_rand16}'
-  dbdata_pv: '${dbdata_pvc_path[2]}'
-  dbdata_pvc: '${dbdata_pvc_path[0]}'
-  ' > ${BASE_DIR}/wizard/config/launcher/values.yaml
-}
-
-
-function gen_settings_values(){
-    local username=$1
-    # local userpwd="$(get_user_password ${username})"
-    # local useremail="$(get_user_email ${username})"
-
-    echo '
-namespace:
-  name: user-space-'${username}'
-  role: admin
-
-user:
-  name: '${username}'
-    ' > ${BASE_DIR}/wizard/config/settings/values.yaml
-}
-
-function gen_app_values(){
-    local username=$1
-
-    local bfl_node=$(get_bfl_node ${username})
-    local bfl_doc_url=$(get_bfl_url ${username})
-    local desktop_ports=$(get_desktop_port ${username})
-#    local docs_ports=$(get_docs_port ${username})
-
-    echo "Try to find pv ..."
-    local pvc_path=($(get_userspace_dir ${username} "userspace-dir"))
-    local appcache_pvc_path=($(get_userspace_dir ${username} "appcache-dir"))
-    local dbdata_pvc_path=($(get_userspace_dir ${username} "dbdata-dir"))
-
-    local app_perm_settings=$(get_app_settings ${username})
-    cat ${BASE_DIR}/wizard/config/launcher/values.yaml > ${BASE_DIR}/wizard/config/apps/values.yaml
-    cat << EOF >> ${BASE_DIR}/wizard/config/apps/values.yaml
-  url: '${bfl_doc_url}'
-  nodeName: ${bfl_node}
-pvc:
-  userspace: ${pvc_path[0]}
-userspace:
-  appCache: ${appcache_pvc_path[1]}
-  dbdata: ${dbdata_pvc_path[1]}
-  userData: ${pvc_path[1]}/Home
-  appData: ${pvc_path[1]}/Data
-
-desktop:
-  nodeport: ${desktop_ports}
-os:
-  ${app_perm_settings}
-EOF
-}
-
-function close_apps(){
-    local username=$1
-    local app_list=(
-        "vault-deployment"
-    )
-
-
-    for app in ${app_list[@]} ; do
-        $sh_c "${KUBECTL} scale deployment ${app} -n user-space-${username} --replicas=0"
-    done
-}
-
-repeat(){
-    for i in $(seq 1 $1); do
-        echo -n $2
-    done
-}
-
-function get_appservice_pod(){
-    $sh_c "${KUBECTL} get pod  -n os-system -l 'tier=app-service' -o jsonpath='{.items[*].metadata.name}'"
-}
-
-function get_appservice_status(){
-    $sh_c "${KUBECTL} get pod  -n os-system -l 'tier=app-service' -o jsonpath='{.items[*].status.phase}'"
-}
-
-function get_desktop_status(){
-    local username=$1
-    $sh_c "${KUBECTL} get pod  -n user-space-${username} -l 'app=edge-desktop' -o jsonpath='{.items[*].status.phase}'"
-}
-
-function get_vault_status(){
-    local username=$1
-    $sh_c "${KUBECTL} get pod  -n user-space-${username} -l 'app=vault' -o jsonpath='{.items[*].status.phase}'"
-}
-
-
-function get_bfl_status(){
-    local username=$1
-    $sh_c "${KUBECTL} get pod  -n user-space-${username} -l 'tier=bfl' -o jsonpath='{.items[*].status.phase}'"
-}
-
-function get_fileserver_status(){
-    $sh_c "${KUBECTL} get pod  -n os-system -l 'app=files' -o jsonpath='{.items[*].status.phase}'"
-}
-
-function get_filefe_status(){
-    local username=$1
-    $sh_c "${KUBECTL} get pod  -n user-space-${username} -l 'app=files' -o jsonpath='{.items[*].status.phase}'"
-}
-
-function check_fileserver(){
-    local status=$(get_fileserver_status)
-    local n=0
-    while [ "x${status}" != "xRunning" ]; do
-        n=$(expr $n + 1)
-        local dotn=$(($n % 10))
-        local dot=$(repeat $dotn '>')
-
-        echo -ne "\rWaiting for file-server starting ${dot}"
-        sleep 0.5
-
-        status=$(get_fileserver_status)
-        echo -ne "\rWaiting for file-server starting          "
-
-    done
-    echo
-}
-
-function check_appservice(){
-    local status=$(get_appservice_status)
-    local n=0
-    while [ "x${status}" != "xRunning" ]; do
-        n=$(expr $n + 1)
-        local dotn=$(($n % 10))
-        local dot=$(repeat $dotn '>')
-
-        echo -ne "\rWaiting for app-service starting ${dot}"
-        sleep 0.5
-
-        status=$(get_appservice_status)
-        echo -ne "\rWaiting for app-service starting          "
-
-    done
-    echo
-}
-
-function check_filesfe(){
-    local username=$1
-    local status=$(get_filefe_status ${username})
-    local n=0
-    while [ "x${status}" != "xRunning" ]; do
-        n=$(expr $n + 1)
-        local dotn=$(($n % 10))
-        local dot=$(repeat $dotn '>')
-
-        echo -ne "\rPlease waiting ${dot}"
-        sleep 0.5
-
-        status=$(get_filefe_status ${username})
-        echo -ne "\rPlease waiting          "
-
-    done
-    echo
-}
-
-function check_bfl(){
-    local username=$1
-    local status=$(get_bfl_status ${username})
-    local n=0
-    while [ "x${status}" != "xRunning" ]; do
-        n=$(expr $n + 1)
-        local dotn=$(($n % 10))
-        local dot=$(repeat $dotn '>')
-
-        echo -ne "\rPlease waiting ${dot}"
-        sleep 0.5
-
-        status=$(get_bfl_status ${username})
-        echo -ne "\rPlease waiting          "
-
-    done
-    echo
-}
-
-function check_desktop(){
-    local username=$1
-    local status=$(get_desktop_status ${username})
-    local n=0
-    while [ "x${status}" != "xRunning" ]; do
-        n=$(expr $n + 1)
-        local dotn=$(($n % 10))
-        local dot=$(repeat $dotn '>')
-
-        echo -ne "\rPlease waiting ${dot}"
-        sleep 0.5
-
-        status=$(get_desktop_status ${username})
-        echo -ne "\rPlease waiting          "
-
-    done
-    echo
-}
-
-function check_vault(){
-    local username=$1
-    local status=$(get_vault_status ${username})
-    local n=0
-    while [ "x${status}" != "xRunning" ]; do
-        n=$(expr $n + 1)
-        local dotn=$(($n % 10))
-        local dot=$(repeat $dotn '>')
-
-        echo -ne "\rPlease waiting ${dot}"
-        sleep 0.5
-
-        status=$(get_vault_status ${username})
-        echo -ne "\rPlease waiting          "
-
-    done
-    echo
-}
-
-function check_all(){
-    local pods=$@
-    for p in ${pods[@]}; do
-        local n=$(echo "${p}"|awk -F"@" '{print $1}')
-        local ns=$(echo "${p}"|awk -F"@" '{print $2}')
-        local s=$($sh_c "${KUBECTL} get pod  -n ${ns} -l 'app=${n}' -o jsonpath='{.items[*].status.phase}'")
-        echo -ne "\rPlease wait: ${p}"
-        while [ "x${s}" != "xRunning" ];do
-            echo -ne "\rPlease wait: ${p}"
-
-            s=$($sh_c "${KUBECTL} get pod  -n ${ns} -l 'app=${n}' -o jsonpath='{.items[*].status.phase}'")
-        done
-        echo
-    done
-}
-
-function upgrade_ksapi(){
-    local users=$@
-    local current_version="beclab/ks-apiserver:v3.3.0-ext-3"
-    local image=$($sh_c "${KUBECTL} get deploy ks-apiserver -n kubesphere-system -o jsonpath='{.spec.template.spec.containers[0].image}'")
-    if [ "x${image}" != "x${current_version}" ]; then
-        echo "upgrade ks-apiserver and restore token ..."
-
-        secret=$(echo -n "ks_redis_${RANDOM}"|md5sum|cut -d" " -f1)
-        $sh_c "${KUBECTL} -n kubesphere-system create secret generic redis-secret --from-literal=auth=${secret:0:12}"
-
-        local old_jwt=$($sh_c "${KUBECTL} get configmap  kubesphere-config -n kubesphere-system -o jsonpath='{.data.kubesphere\.yaml}'|grep jwtSecret|awk -F':' '{print \$2}'")
-        sed -i -e "s/__jwtkey__/${old_jwt}/" ${BASE_DIR}/deploy/cm-kubesphere-config.yaml
-
-        $sh_c "${KUBECTL} apply -f ${BASE_DIR}/deploy/redis-deploy.yaml"
-        $sh_c "${KUBECTL} apply -f ${BASE_DIR}/deploy/cm-kubesphere-config.yaml"
-        check_all "redis@kubesphere-system"
-
-        $sh_c "${KUBECTL} -n kubesphere-system set image deployment/ks-apiserver ks-apiserver=beclab/ks-apiserver:v3.3.0-ext-3"
-        $sh_c "${KUBECTL} patch deploy ks-apiserver -n kubesphere-system --patch-file=${BASE_DIR}/deploy/ks-apiserver-patch.yaml"
-
-        check_all "ks-apiserver@kubesphere-system"
-
-        for username in ${users[@]}; do
-            $sh_c "${KUBECTL} rollout restart deploy authelia-backend -n user-system-${username}"
-
-            check_all "authelia-backend@user-system-${username}"
-        done
-    fi
-}
-
-function upgrade_jfs(){
-    local users=$@
-    local JFS_VERSION="11.1.1"
-    local current_jfs_version=$(/usr/local/bin/juicefs --version|awk '{print $3}'|awk -F'+' '{print $1}')
-
-    if [ "x${JFS_VERSION}" != "x${current_jfs_version}" ]; then
-        echo "upgrade JuiceFS ..."
-        local juicefs_bin="/usr/local/bin/juicefs"
-        ensure_success $sh_c "curl ${CURL_TRY} -kLO https://github.com/beclab/juicefs-ext/releases/download/v${JFS_VERSION}/juicefs-v${JFS_VERSION}-linux-amd64.tar.gz"
-        ensure_success $sh_c "tar -zxf juicefs-v${JFS_VERSION}-linux-amd64.tar.gz"
-        ensure_success $sh_c "chmod +x juicefs"
-
-        ensure_success $sh_c "systemctl stop juicefs"
-        ensure_success $sh_c "mv juicefs ${juicefs_bin}"
-        ensure_success $sh_c "rm -f /tmp/JuiceFS-IPC.sock"
-        ensure_success $sh_c "systemctl start juicefs"
-
-        echo "restart pods ... "
-
-        ensure_success $sh_c "${KUBECTL} rollout restart sts app-service -n os-system"
-
-        local tf=$(mktemp)
-        ensure_success $sh_c "${KUBECTL} get deployment -A -o jsonpath='{range .items[*]}{.metadata.name} {.metadata.namespace} {.spec.template.spec.volumes}{\"\n\"}{end}' | grep '/olares/rootfs'" > $tf
-        while read dep; do
-            local depinfo=($dep)
-            ensure_success $sh_c "${KUBECTL} rollout restart deployment ${depinfo[0]} -n ${depinfo[1]}"
-        done < $tf
-
-        for user in ${users[@]}; do
-            ensure_success $sh_c "${KUBECTL} rollout restart sts bfl -n user-space-${user}"
-        done
-        
-        sleep 10  # waiting for restarting to begin
-    fi
-}
-
-
-function upgrade_terminus(){
-    HELM=$(command -v helm)
-    KUBECTL=$(command -v kubectl)
-
-    # find sudo 
-    get_shell_exec
-
-    # fetch user list
-    local users=()
-    local admin_user=""
-    local tf=$(mktemp)
-    ensure_success $sh_c "${KUBECTL} get user -o jsonpath='{range .items[*]}{.metadata.name} {.metadata.annotations.bytetrade\.io\/owner-role}{\"\n\"}{end}'" > $tf
-    while read userdata; do
-        local userinfo=($userdata)
-        local valid=$(validate_user "${userinfo[0]}")
-        if [ "x-${valid}" == "x-yes" ]; then
-            if [ "x-${userinfo[1]}" == "x-platform-admin" ]; then 
-                admin_user="${userinfo[0]}"
-            fi
-
-            i=${#users[@]}
-            users[$i]=${userinfo[0]}
-        fi
-    done < $tf
-
-    if [ "x${admin_user}" == "x" ]; then
-        echo "Admin user not found. Upgrading failed." >&2
-        exit -1
-    fi
-
-    # upgrade_jfs ${users[@]}
-    local selfhosted=$($sh_c "${KUBECTL} get terminus terminus -o jsonpath='{.spec.settings.selfhosted}'")
-    local domainname=$($sh_c "${KUBECTL} get terminus terminus -o jsonpath='{.spec.settings.domainName}'")
-    sed -i "s/#__DOMAIN_NAME__/${domainname}/" ${BASE_DIR}/wizard/config/settings/templates/terminus_cr.yaml
-    sed -i "s/#__SELFHOSTED__/${selfhosted}/" ${BASE_DIR}/wizard/config/settings/templates/terminus_cr.yaml
-
-    echo "Upgrading olares system components ... "
-    gen_settings_values ${admin_user}
-    ensure_success $sh_c "${HELM} upgrade -i settings ${BASE_DIR}/wizard/config/settings -n default --reuse-values"
-
-    # patch
-    ensure_success $sh_c "${KUBECTL} apply -f ${BASE_DIR}/deploy/patch-globalrole-workspace-manager.yaml"
-    # ensure_success $sh_c "$KUBECTL apply -f ${BASE_DIR}/deploy/patch-notification-manager.yaml"
-
-    # clear apps values.yaml
-    cat /dev/null > ${BASE_DIR}/wizard/config/apps/values.yaml
-    cat /dev/null > ${BASE_DIR}/wizard/config/launcher/values.yaml
-    local appservice_pod=$(get_appservice_pod)
-    local copy_charts=("launcher" "apps")
-    for cc in ${copy_charts[@]}; do
-        ensure_success $sh_c "${KUBECTL} cp ${BASE_DIR}/wizard/config/${cc} os-system/${appservice_pod}:/userapps"
-    done
-
-    local ks_redis_pwd=$($sh_c "${KUBECTL} get secret -n kubesphere-system redis-secret -o jsonpath='{.data.auth}' |base64 -d")
-    for user in ${users[@]}; do
-        echo "Upgrading user ${user} ... "
-        gen_bfl_values ${user}
-
-        # gen bfl app key and secret
-        bfl_ks=($(get_app_key_secret ${user} "bfl"))
-
-        # install launcher , and init pv
-        ensure_success $sh_c "${HELM} upgrade -i launcher-${user} ${BASE_DIR}/wizard/config/launcher -n user-space-${user} --set bfl.appKey=${bfl_ks[0]} --set bfl.appSecret=${bfl_ks[1]} -f ${BASE_DIR}/wizard/config/launcher/values.yaml --reuse-values"
-
-        gen_app_values ${user}
-        close_apps ${user}
-
-        for appdir in "${BASE_DIR}/wizard/config/apps"/*/; do
-          if [ -d "$appdir" ]; then
-            releasename=$(basename "$appdir")
-
-            # ignore wizard
-            # FIXME: unintitialized user's wizard should be upgrade
-            if [ x"${releasename}" == x"wizard" ]; then 
-                continue
-            fi
-
-            if [ "$user" != "$admin_user" ];then
-                releasename=${releasename}-${user}
-            fi
-            ensure_success $sh_c "${HELM} upgrade -i ${releasename} ${appdir} -n user-space-${user} --reuse-values --set kubesphere.redis_password=${ks_redis_pwd} -f ${BASE_DIR}/wizard/config/apps/values.yaml"
-          fi
-        done
-
-    done
-
-    # upgrade app service in the last. keep app service online longer
-    local terminus_is_cloud_version=$($sh_c "${KUBECTL} get cm -n os-system backup-config -o jsonpath='{.data.terminus-is-cloud-version}'")
-    local backup_cluster_bucket=$($sh_c "${KUBECTL} get cm -n os-system backup-config -o jsonpath='{.data.backup-cluster-bucket}'")
-    local backup_key_prefix=$($sh_c "${KUBECTL} get cm -n os-system backup-config -o jsonpath='{.data.backup-key-prefix}'")
-    local backup_secret=$($sh_c "${KUBECTL} get cm -n os-system backup-config -o jsonpath='{.data.backup-secret}'")
-    local backup_server_data=$($sh_c "${KUBECTL} get cm -n os-system backup-config -o jsonpath='{.data.backup-server-data}'")
-
-    ensure_success $sh_c "${HELM} upgrade -i system ${BASE_DIR}/wizard/config/system -n os-system --reuse-values \
-        --set kubesphere.redis_password=${ks_redis_pwd} --set backup.bucket=\"${backup_cluster_bucket}\" \
-        --set backup.key_prefix=\"${backup_key_prefix}\" --set backup.is_cloud_version=\"${terminus_is_cloud_version}\" \
-        --set backup.sync_secret=\"${backup_secret}\""
-
-    echo 'Waiting for App-Service ...'
-    sleep 2 # wait for controller reconiling
-    check_appservice
-    echo
-
-    echo 'Waiting for Vault ...'
-    check_vault ${admin_user}
-    echo
-
-    echo 'Starting BFL ...'
-    check_bfl ${admin_user}
-    echo
-
-    echo 'Starting files ...'
-    check_fileserver
-    check_filesfe ${admin_user}
-    echo
-
-    echo 'Starting Desktop ...'
-    check_desktop ${admin_user}
-    echo
-
-}
-
-
-echo "Start to upgrade olares ... "
-
-upgrade_terminus
-
-echo -e "\e[91m Success to upgrade olares.\e[0m Open your new desktop in the browser and have fun !"

build/base-package/wizard/config/account/templates/account.yaml

@@ -6,7 +6,7 @@ metadata:
   annotations:
     iam.kubesphere.io/uninitialized: "true"
     helm.sh/resource-policy: keep
-    bytetrade.io/owner-role: platform-admin
+    bytetrade.io/owner-role: owner
     bytetrade.io/terminus-name: "{{.Values.user.terminus_name}}"
     bytetrade.io/launcher-auth-policy: two_factor
     bytetrade.io/launcher-access-level: "1"
@@ -23,4 +23,4 @@ spec:
   groups:
   - lldap_admin
 status:
-  state: Active
+  state: Created

build/base-package/wizard/config/account/templates/sync.yaml

@@ -5,7 +5,7 @@ metadata:
 spec:
   lldap:
     name: ldap
-    url: "http://lldap-service.os-system:17170"
+    url: "http://lldap-service.os-platform:17170"
     userBlacklist:
       - admin
       - terminus
@@ -15,4 +15,4 @@ spec:
     credentialsSecret:
       kind: Secret
       name: lldap-credentials
-      namespace: os-system
+      namespace: os-platform

build/base-package/wizard/config/os-chart-template/templates/_helpers.tpl

@@ -60,3 +60,29 @@ Create the name of the service account to use
 {{- default "default" .Values.serviceAccount.name }}
 {{- end }}
 {{- end }}
+
+{{- define "opentelemetry-operator.fullname" -}}
+{{- "otel-opentelemetry-operator" }}
+{{- end }}
+
+{{- define "opentelemetry-operator.WebhookCert" -}}
+{{- $caCertEnc := "" }}
+{{- $certCrtEnc := "" }}
+{{- $certKeyEnc := "" }}
+{{- $prevSecret := (lookup "v1" "Secret" .Release.Namespace (printf "%s-controller-manager-service-cert" (include "opentelemetry-operator.fullname" .) )) }}
+{{- if $prevSecret }}
+{{- $certCrtEnc = index $prevSecret "data" "tls.crt" }}
+{{- $certKeyEnc = index $prevSecret "data" "tls.key" }}
+{{- $caCertEnc = index $prevSecret "data" "ca.crt" }}
+{{- else }}
+{{- $altNames := list ( printf "%s-webhook.%s" (include "opentelemetry-operator.fullname" .) .Release.Namespace ) ( printf "%s-webhook.%s.svc" (include "opentelemetry-operator.fullname" .) .Release.Namespace ) -}}
+{{- $tmpperioddays := 3650 }}
+{{- $ca := genCA "opentelemetry-operator-operator-ca" $tmpperioddays }}
+{{- $cert := genSignedCert (include "opentelemetry-operator.fullname" .) nil $altNames $tmpperioddays $ca }}
+{{- $certCrtEnc = b64enc $cert.Cert }}
+{{- $certKeyEnc = b64enc $cert.Key }}
+{{- $caCertEnc = b64enc $ca.Cert }}
+{{- end }}
+{{- $result := dict "crt" $certCrtEnc "key" $certKeyEnc "ca" $caCertEnc }}
+{{- $result | toYaml }}
+{{- end }}

build/base-package/wizard/config/settings/templates/system-serviceaccount.yaml

@@ -4,17 +4,31 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  namespace: os-system
+  namespace: os-platform
   name: os-internal
 
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  namespace: os-framework
+  name: os-internal
+
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  namespace: os-network
+  name: os-network-internal
+
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  name: os-internal-rb
+  name: os-platform:os-internal-rb
 subjects:
   - kind: ServiceAccount
-    namespace: os-system
+    namespace: os-platform
     name: os-internal
 roleRef:
   # kind: Role
@@ -22,6 +36,36 @@ roleRef:
   name: cluster-admin
   apiGroup: rbac.authorization.k8s.io
 
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: os-framework:os-internal-rb
+subjects:
+  - kind: ServiceAccount
+    namespace: os-framework
+    name: os-internal
+roleRef:
+  # kind: Role
+  kind: ClusterRole
+  name: cluster-admin
+  apiGroup: rbac.authorization.k8s.io
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: os-network:os-network-rb
+subjects:
+  - kind: ServiceAccount
+    namespace: os-network
+    name: os-network-internal
+roleRef:
+  # kind: Role
+  kind: ClusterRole
+  name: l4-proxy-role
+  apiGroup: rbac.authorization.k8s.io
+
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
@@ -194,4 +238,21 @@ rules:
   - update
   - patch
   - delete
-  - deletecollection
+  - deletecollection
+
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: l4-proxy-role
+rules:
+- apiGroups:
+  - '*'
+  resources:
+  - users
+  - applications
+  verbs:
+  - get
+  - list
+  - watch

build/base-package/wizard/config/settings/templates/system_namespace.yaml

@@ -1,5 +1,5 @@
 
-
+---
 apiVersion: v1
 kind: Namespace
 metadata:
@@ -7,4 +7,26 @@ metadata:
     kubesphere.io/creator: '{{ .Values.user.name }}'
   labels:
     kubesphere.io/workspace: system-workspace
-  name: os-system
+  name: os-network
+
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  annotations:
+    kubesphere.io/creator: '{{ .Values.user.name }}'
+  labels:
+    kubesphere.io/workspace: system-workspace
+  name: os-platform
+
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  annotations:
+    kubesphere.io/creator: '{{ .Values.user.name }}'
+  labels:
+    kubesphere.io/workspace: system-workspace
+  name: os-framework
+
+

build/build-full.sh

@@ -24,6 +24,7 @@ cp ${BASE_DIR}/.dependencies/components ${BASE_DIR}/.manifest/.
 cp ${BASE_DIR}/.dependencies/components ${BASE_DIR}/.manifest/.
 pushd ${BASE_DIR}.manifest
 bash ${BASE_DIR}/build-manifest.sh ${BASE_DIR}/../.manifest/installation.manifest
+python3 ${BASE_DIR}/build-manifest.py ${BASE_DIR}/../.manifest/installation.manifest
 popd
 
 

build/build-manifest.py

@@ -0,0 +1,162 @@
+#!/usr/bin/env python3
+
+import argparse
+import hashlib
+import os
+import requests
+import sys
+import json
+
+CDN_URL = "https://dc3p1870nn3cj.cloudfront.net"
+
+def download_checksum(name):
+    """Downloads the checksum for a given name."""
+    url = f"{CDN_URL}/{name}.checksum.txt"
+    try:
+        response = requests.get(url)
+        response.raise_for_status()
+        return response.text.split()[0]
+    except requests.exceptions.RequestException as e:
+        print(f"Error getting checksum for {name} from {url}: {e}", file=sys.stderr)
+        sys.exit(1)
+
+def get_image_manifest(name):
+    """Downloads the image manifest for a given name."""
+    url = f"{CDN_URL}/{name}.manifest.json"
+    try:
+        response = requests.get(url)
+        response.raise_for_status()
+        return response.json()
+    except requests.exceptions.RequestException as e:
+        print(f"Error getting manifest for {name} from {url}: {e}", file=sys.stderr)
+        sys.exit(1)        
+
+def main():
+    """Main function."""
+    parser = argparse.ArgumentParser()
+    parser.add_argument("manifest_file", help="The manifest file to write to.")
+    args = parser.parse_args()
+
+    manifest_file = args.manifest_file
+    version = os.environ.get("VERSION", "")
+    repo_path = os.environ.get("REPO_PATH", "/")
+    manifest_amd64_data = {}
+    manifest_arm64_data = {}
+
+    # Process components
+    try:
+        with open("components", "r") as f:
+            for line in f:
+                line = line.strip()
+                if not line:
+                    continue
+
+                # Replace version
+                if version:
+                    line = line.replace("#__VERSION__", version)
+
+                # Replace repo path
+                if repo_path:
+                    line = line.replace("#__REPO_PATH__", repo_path)
+
+                fields = line.split(",")
+                if len(fields) < 5:
+                    print(f"Format error in components file: {line}", file=sys.stderr)
+                    sys.exit(1)
+
+                filename, path, deps, _, fileid = fields[:5]
+                print(f"Downloading file checksum for {filename}")
+
+                name = hashlib.md5(filename.encode()).hexdigest()
+                url_amd64 = name
+                url_arm64 = f"arm64/{name}"
+
+                checksum_amd64 = download_checksum(url_amd64)
+                checksum_arm64 = download_checksum(url_arm64)
+
+                manifest_amd64_data[filename] = {
+                    "type": "component",
+                    "path": path,
+                    "deps": deps,
+                    "url_amd64": url_amd64,
+                    "checksum_amd64": checksum_amd64,
+                    "fileid": fileid
+                }
+
+
+                manifest_arm64_data[filename] = {
+                    "type": "component",
+                    "path": path,
+                    "deps": deps,
+                    "url_arm64": url_arm64,
+                    "checksum_arm64": checksum_arm64,
+                    "fileid": fileid
+                }
+
+    except FileNotFoundError:
+        print("Error: 'components' file not found.", file=sys.stderr)
+        sys.exit(1)
+
+    # Process images
+    path = "images"
+    for deps_file in ["images.mf"]:
+        try:
+            with open(deps_file, "r") as f:
+                for line in f:
+                    line = line.strip()
+                    if not line:
+                        continue
+
+                    print(f"Downloading file checksum for {line}")
+                    name = hashlib.md5(line.encode()).hexdigest()
+                    url_amd64 = f"{name}.tar.gz"
+                    url_arm64 = f"arm64/{name}.tar.gz"
+
+                    checksum_amd64 = download_checksum(name)
+                    checksum_arm64 = download_checksum(f"arm64/{name}")
+
+                    # Get the image manifest
+                    image_manifest_amd64 = get_image_manifest(name)
+                    image_manifest_arm64 = get_image_manifest(f"arm64/{name}")
+
+                    filename = f"{name}.tar.gz"
+                    manifest_amd64_data[filename] = {
+                        "type": "image",
+                        "path": path,
+                        "deps": deps_file,
+                        "url_amd64": url_amd64,
+                        "checksum_amd64": checksum_amd64,
+                        "fileid": line,
+                        "manifest": image_manifest_amd64
+                    }
+
+                    manifest_arm64_data[filename] = {
+                        "type": "image",
+                        "path": path,
+                        "deps": deps_file,
+                        "url_arm64": url_arm64,
+                        "checksum_arm64": checksum_arm64,
+                        "fileid": line,
+                        "manifest": image_manifest_arm64
+                    }
+                    
+
+        except FileNotFoundError:
+            print(f"Warning: '{deps_file}' not found, skipping.", file=sys.stderr)
+            sys.exit(1)
+
+
+    # Write the manifest file
+    amd64_manifest_file = f"{manifest_file}.amd64"
+    with open(amd64_manifest_file, "w") as mf:
+        json.dump(manifest_amd64_data, mf, indent=2)
+    
+    arm64_manifest_file = f"{manifest_file}.arm64"
+    with open(arm64_manifest_file, "w") as mf:
+        json.dump(manifest_arm64_data, mf, indent=2)
+
+
+    # TODO: compress the manifest files
+
+if __name__ == "__main__":
+    main()

build/build-manifest.sh

@@ -44,6 +44,10 @@ while read line; do
     echo "$filename,$path,$deps,$url_amd64,$checksum_amd64,$url_arm64,$checksum_arm64,$fileid" >> $manifest_file
 
 done < components
+sed -i "s/#__VERSION__/${VERSION}/g" $manifest_file
+
+path="${REPO_PATH:-/}"
+sed -i "s|#__REPO_PATH__|${path}|g" $manifest_file
 
 path="images"
 for deps in "images.mf"; do

build/build.sh

@@ -3,7 +3,7 @@
 BASE_DIR=$(dirname $(realpath -s $0))
 rm -rf ${BASE_DIR}/../.dist
 DIST_PATH="${BASE_DIR}/../.dist/install-wizard" 
-VERSION=$1
+export VERSION=$1
 
 DIST_PATH=${DIST_PATH} bash ${BASE_DIR}/package.sh
 
@@ -16,6 +16,7 @@ rm -rf ${BASE_DIR}/../.dependencies
 set -e
 pushd ${BASE_DIR}/../.manifest
 bash ${BASE_DIR}/build-manifest.sh ${BASE_DIR}/../.manifest/installation.manifest
+python3 ${BASE_DIR}/build-manifest.py ${BASE_DIR}/../.manifest/installation.manifest
 popd
 
 pushd $DIST_PATH

build/deps-manifest.sh

@@ -75,3 +75,7 @@ find $BASE_DIR/../ -type f -name Olares.yaml | while read f; do
 
   unset bins
 done
+
+sed -i "s/#__VERSION__/${VERSION}/g" ${manifest}
+path="${REPO_PATH:-/}"
+sed -i "s|#__REPO_PATH__|${path}|g" ${manifest}

build/get-manifest.py

@@ -0,0 +1,200 @@
+#!/usr/bin/env python3
+
+import requests
+import json
+import argparse
+import re
+import sys
+import platform
+
+def parse_image_name(image_name):
+    """
+    Parses a full image name into registry, repository, and reference (tag/digest).
+    Handles defaults for Docker Hub.
+    """
+    # Default to 'latest' tag if no tag or digest is specified
+    if ":" not in image_name and "@" not in image_name:
+        image_name += ":latest"
+    
+    # Split repository from reference (tag or digest)
+    if "@" in image_name:
+        repo_part, reference = image_name.rsplit("@", 1)
+    else:
+        repo_part, reference = image_name.rsplit(":", 1)
+
+    # Determine registry and repository
+    if "/" not in repo_part:
+        # This is an official Docker Hub image, e.g., "ubuntu"
+        registry = "registry-1.docker.io"
+        repository = f"library/{repo_part}"
+    else:
+        parts = repo_part.split("/")
+        # If the first part looks like a domain name, it's the registry
+        if "." in parts[0] or ":" in parts[0]:
+            registry = parts[0]
+            repository = "/".join(parts[1:])
+        else:
+            # A scoped Docker Hub image, e.g., "bitnami/nginx"
+            registry = "registry-1.docker.io"
+            repository = repo_part
+            
+    return registry, repository, reference
+
+def get_auth_token(registry, repository):
+    """
+    Gets an authentication token from the registry's auth service.
+    """
+    # First, probe the registry to get the auth challenge
+    try:
+        probe_url = f"https://{registry}/v2/"
+        response = requests.get(probe_url, timeout=10)
+    except requests.exceptions.RequestException as e:
+        print(f"Error: Could not connect to registry at {probe_url}. Details: {e}", file=sys.stderr)
+        sys.exit(1)
+
+    if response.status_code != 401:
+        # Either public or something is wrong, we can try without a token
+        return None
+
+    auth_header = response.headers.get("Www-Authenticate")
+    if not auth_header:
+        print(f"Error: Registry {registry} returned 401 but did not provide Www-Authenticate header.", file=sys.stderr)
+        sys.exit(1)
+
+    # Parse the Www-Authenticate header to find realm, service, and scope
+    try:
+        realm = re.search('realm="([^"]+)"', auth_header).group(1)
+        service = re.search('service="([^"]+)"', auth_header).group(1)
+        # Scope for the specific repository is needed
+        scope = f"repository:{repository}:pull"
+    except AttributeError:
+        print(f"Error: Could not parse Www-Authenticate header: {auth_header}", file=sys.stderr)
+        sys.exit(1)
+
+    # Request the actual token from the auth realm
+    auth_params = {
+        "service": service,
+        "scope": scope
+    }
+    
+    try:
+        auth_response = requests.get(realm, params=auth_params, timeout=10)
+        auth_response.raise_for_status()
+        return auth_response.json().get("token")
+    except requests.exceptions.RequestException as e:
+        print(f"Error: Failed to get auth token from {realm}. Details: {e}", file=sys.stderr)
+        sys.exit(1)
+    except json.JSONDecodeError:
+        print(f"Error: Failed to decode JSON response from auth server: {auth_response.text}", file=sys.stderr)
+        sys.exit(1)
+
+
+def get_manifest(registry, repository, reference, token):
+    """
+    Fetches the image manifest from the registry.
+    """
+    manifest_url = f"https://{registry}/v2/{repository}/manifests/{reference}"
+    
+    headers = {
+        # Request multiple manifest types, the registry will return the correct one
+        "Accept": "application/vnd.oci.image.index.v1+json, application/vnd.oci.image.manifest.v1+json, application/vnd.docker.distribution.manifest.v2+json, application/vnd.docker.distribution.manifest.list.v2+json"
+    }
+
+    if token:
+        headers["Authorization"] = f"Bearer {token}"
+
+    try:
+        response = requests.get(manifest_url, headers=headers, timeout=10)
+        response.raise_for_status()
+        return response.json()
+    except requests.exceptions.HTTPError as e:
+        if e.response.status_code == 401 and not token:
+             print("Error: Received 401 Unauthorized. Attempting to get a token...", file=sys.stderr)
+             # The initial probe might have passed, but manifest access requires auth.
+             # We re-run the token acquisition logic.
+             new_token = get_auth_token(registry, repository)
+             if new_token:
+                 return get_manifest(registry, repository, reference, new_token)
+        print(f"Error: Failed to fetch manifest from {manifest_url}. Status: {e.response.status_code}", file=sys.stderr)
+        print(f"Response: {e.response.text}", file=sys.stderr)
+        sys.exit(1)
+    except requests.exceptions.RequestException as e:
+        print(f"Error: A network error occurred. Details: {e}", file=sys.stderr)
+        sys.exit(1)
+
+
+def main():
+    parser = argparse.ArgumentParser(
+        description="Fetch an OCI/Docker image manifest from a container registry.",
+        epilog="""Examples:
+  python get_manifest.py ubuntu:22.04
+  python get_manifest.py quay.io/brancz/kube-rbac-proxy:v0.18.1 -o manifest.json
+  python get_manifest.py gcr.io/google-containers/pause:3.9""",
+        formatter_class=argparse.RawTextHelpFormatter
+    )
+    parser.add_argument("image_name", help="Full name of the container image (e.g., 'ubuntu:latest' or 'quay.io/prometheus/node-exporter:v1.7.0')")
+    parser.add_argument("-o", "--output-file", help="Optional. Path to write the final manifest JSON to. If not provided, prints to stdout.")
+    args = parser.parse_args()
+
+    registry, repository, reference = parse_image_name(args.image_name)
+
+    # Suppress informational prints if writing to a file
+    verbose_print = print if not args.output_file else lambda *a, **k: None
+
+    verbose_print(f"Registry:   {registry}")
+    verbose_print(f"Repository: {repository}")
+    verbose_print(f"Reference:  {reference}", end='\n\n', flush=True)
+
+    token = get_auth_token(registry, repository)
+
+    if not token and not args.output_file:
+        print("No authentication token needed or could be retrieved. Proceeding without token...", file=sys.stderr)
+
+    manifest = get_manifest(registry, repository, reference, token)
+    final_manifest = None
+
+    media_type = manifest.get("mediaType", "")
+    if "manifest.list" in media_type or "image.index" in media_type:
+        verbose_print("Detected a multi-platform image index. Finding manifest for current architecture...")
+
+        system_arch = platform.machine()
+        arch_map = {"x86_64": "amd64", "aarch64": "arm64"}
+        target_arch = arch_map.get(system_arch, system_arch)
+
+        verbose_print(f"System architecture: {system_arch} -> Target: linux/{target_arch}")
+
+        target_digest = None
+        for m in manifest.get("manifests", []):
+            plat = m.get("platform", {})
+            if plat.get("os") == "linux" and plat.get("architecture") == target_arch:
+                target_digest = m.get("digest")
+                break
+
+        if target_digest:
+            verbose_print(f"Found manifest for linux/{target_arch} with digest: {target_digest}\n")
+            final_manifest = get_manifest(registry, repository, target_digest, token)
+        else:
+            print(f"Error: Could not find a manifest for 'linux/{target_arch}' in the index.", file=sys.stderr)
+            if not args.output_file:
+                print("Available platforms:", file=sys.stderr)
+                for m in manifest.get("manifests", []):
+                    print(f"  - {m.get('platform', {}).get('os')}/{m.get('platform', {}).get('architecture')}", file=sys.stderr)
+            sys.exit(1)
+    else:
+        final_manifest = manifest
+
+    if final_manifest:
+        if args.output_file:
+            try:
+                with open(args.output_file, 'w') as f:
+                    json.dump(final_manifest, f, indent=2)
+                print(f"Successfully wrote manifest to {args.output_file}")
+            except IOError as e:
+                print(f"Error: Could not write to file {args.output_file}. Details: {e}", file=sys.stderr)
+                sys.exit(1)
+        else:
+            print(json.dumps(final_manifest, indent=2))
+
+
+if __name__ == "__main__":
+    main()

build/package.sh

@@ -21,19 +21,26 @@ if [ ! -d ${DIST} ]; then
     mkdir -p ${DIST}
     cp -rf ${BUILD_TEMPLATE}/* ${DIST}/.
     cp -rf ${BUILD_TEMPLATE}/.env ${DIST}/.
+    cp -rf ${BUILD_TEMPLATE}/wizard/config/os-chart-template ${DIST}/wizard/config/os-framework
+    cp -rf ${BUILD_TEMPLATE}/wizard/config/os-chart-template ${DIST}/wizard/config/os-platform
+    rm -rf ${DIST}/wizard/config/os-chart-template
 fi
 
 APP_DIST=${DIST}/wizard/config/apps
-SYSTEM_DIST=${DIST}/wizard/config/system/templates
 SETTINGS_DIST=${DIST}/wizard/config/settings/templates
 CRD_DIST=${SETTINGS_DIST}/crds
-DEPLOY_DIST=${SYSTEM_DIST}/deploy
 mkdir -p ${APP_DIST}
 mkdir -p ${CRD_DIST}
-mkdir -p ${DEPLOY_DIST}
 
 for mod in "${PACKAGE_MODULE[@]}";do
     echo "packaging ${mod} ..."
+    SYSTEM_DIST=${DIST}/wizard/config/os-framework/templates
+    if [ ${mod} == "platform" ]; then
+        SYSTEM_DIST=${DIST}/wizard/config/os-platform/templates
+    fi
+    DEPLOY_DIST=${SYSTEM_DIST}/deploy
+    mkdir -p ${DEPLOY_DIST}
+
     find ${mod} -type d -name .olares | while read app; do
 
         # package user app charts to install wizard
@@ -67,6 +74,6 @@ echo "packaging launcher ..."
 run_cmd "cp -rf framework/bfl/.olares/config/launcher ${DIST}/wizard/config/"
 
 echo "packaging gpu ..."
-run_cmd "cp -rf framework/gpu/.olares/config/gpu ${DIST}/wizard/config/"
+run_cmd "cp -rf infrastructure/gpu/.olares/config/gpu ${DIST}/wizard/config/"
 
 echo "packaging completed"

build/upload-deps.sh

@@ -23,26 +23,28 @@ while read line; do
         continue
     fi
     
-    bash ${BASE_DIR}/download-deps.sh $PLATFORM $line
-    if [ $? -ne 0 ]; then
-        exit -1
-    fi
-
     filename=$(echo "$line"|awk -F"," '{print $1}')
-    echo "if exists $filename ... "
     name=$(echo -n "$filename"|md5sum|awk '{print $1}')
     checksum="$name.checksum.txt"
-    md5sum $name > $checksum
-    backup_file=$(awk '{print $1}' $checksum)
-    if [ x"$backup_file"  == x""  ]; then
-        echo  "invalid checksum"
-        exit 1
-    fi
 
+    echo "if exists $filename ... "
     curl -fsSLI https://dc3p1870nn3cj.cloudfront.net/$path$name > /dev/null
     if [ $? -ne 0 ]; then
-        code=$(curl -o /dev/null -fsSLI -w "%{http_code}" https://dc3p1870nn3cj.cloudfront.net/$path$name.tar.gz)
+        code=$(curl -o /dev/null -fsSLI -w "%{http_code}" https://dc3p1870nn3cj.cloudfront.net/$path$name)
         if [ $code -eq 403 ]; then
+
+            bash ${BASE_DIR}/download-deps.sh $PLATFORM $line
+            if [ $? -ne 0 ]; then
+                exit -1
+            fi
+
+            md5sum $name > $checksum
+            backup_file=$(awk '{print $1}' $checksum)
+            if [ x"$backup_file"  == x""  ]; then
+                echo  "invalid checksum"
+                exit 1
+            fi
+
             set -ex
             aws s3 cp $name s3://terminus-os-install/$path$name --acl=public-read
             aws s3 cp $name s3://terminus-os-install/backup/$path$backup_file --acl=public-read

build/upload-images.sh

@@ -10,6 +10,7 @@ cat $1|while read image; do
     echo "if exists $image ... "
     name=$(echo -n "$image"|md5sum|awk '{print $1}')
     checksum="$name.checksum.txt"
+    manifest="$name.manifest.json"
 
     curl -fsSLI https://dc3p1870nn3cj.cloudfront.net/$path$name.tar.gz > /dev/null
     if [ $? -ne 0 ]; then
@@ -68,48 +69,29 @@ cat $1|while read image; do
             set +ex
         else
             if [ $code -ne 200  ]; then
-                echo  "failed to check image"
+                echo  "failed to check image checksum"
                 exit -1
             fi
         fi
     fi
 
-    # upload to tencent cloud cos
-
-    # curl -fsSLI https://cdn.joinolares.cn/$path$name.tar.gz > /dev/null
-    # if [ $? -ne 0 ]; then
-    #     set -e
-    #     docker pull $image
-    #     docker save $image -o $name.tar
-    #     gzip $name.tar
-
-    #     md5sum $name.tar.gz > $checksum
-
-    #     coscmd upload ./$name.tar.gz /$path$name.tar.gz
-    #     coscmd upload ./$checksum /$path$checksum
-    #     echo "upload $name to cos completed"
-
-    #     set +e
-    # fi
-
-    
-
-    # # re-upload checksum.txt
-    # curl -fsSLI https://cdn.joinolares.cn/$path$checksum > /dev/null
-    # if [ $? -ne 0 ]; then
-    #     set -e
-    #     docker pull $image
-    #     docker save $image -o $name.tar
-    #     gzip $name.tar
-
-    #     md5sum $name.tar.gz > $checksum
-
-    #     coscmd upload ./$name.tar.gz /$path$name.tar.gz
-    #     coscmd upload ./$checksum /$path$checksum
-    #     echo "upload $name to cos completed"
-
-    #     set +e
-    # fi
-    
+    # upload manifest.json
+    curl -fsSLI https://dc3p1870nn3cj.cloudfront.net/$path$manifest > /dev/null
+    if [ $? -ne 0 ]; then   
+        code=$(curl -o /dev/null -fsSLI -w "%{http_code}" https://dc3p1870nn3cj.cloudfront.net/$path$manifest)
+        if [ $code -eq 403 ]; then
+            set -ex
+            BASE_DIR=$(dirname $(realpath -s $0))
+            python3 $BASE_DIR/get-manifest.py $image -o $manifest
 
+            aws s3 cp $manifest s3://terminus-os-install/$path$manifest --acl=public-read
+            echo "upload $name manifest completed"
+            set +ex
+        else
+            if [ $code -ne 200  ]; then
+                echo  "failed to check image manifest"
+                exit -1
+            fi
+        fi
+    fi
 done

cli/.goreleaser.yaml

@@ -15,24 +15,22 @@ builds:
     goarm:
       - 7
     ignore:
-      - goos: linux
-        goarch: arm64
       - goos: darwin
         goarch: arm
+      - goos: darwin
+        goarch: amd64
       - goos: windows
         goarch: arm
+      - goos: windows
+        goarch: arm64
     ldflags:
       - -s
       - -w
-      - -X bytetrade.io/web3os/installer/version.VERSION={{ .Version }}
+      - -X github.com/beclab/Olares/cli/version.VERSION={{ .Version }}
 dist: ./output
 archives:
   - id: olares-cli
     name_template: "{{ .ProjectName }}-v{{ .Version }}_{{ .Os }}_{{ .Arch }}"
-    replacements:
-      linux: linux
-      amd64: amd64
-      arm: arm64
 checksum:
   name_template: "checksums.txt"
 release:

cli/README.md

@@ -1 +1,92 @@
-# installer
+# Olares CLI
+
+This directory contains the code for **olares-cli**, the official command-line interface for administering an **Olares** cluster. It provides a modular, pipeline-based architecture for orchestrating complex system operations. See the full [Olares CLI Documentation](https://docs.olares.com/developer/install/cli-1.12/olares-cli.html) for command reference and tutorials.
+
+Key responsibilities include: 
+- **Cluster management**: Installing, upgrading, restarting, and maintaining an Olares cluster.
+- **Node management**: Adding to or removing nodes from an Olares cluster.
+
+
+## Execution Model
+
+For most of the commands, `olares-cli` is executed through a four-tier hierarchy:
+
+```
+Pipeline ➜ Module ➜ Task ➜ Action
+````
+
+### Example: `install-olares` Pipeline
+
+```text
+Pipeline: Install Olares
+├── ...other modules
+└── Module: Bootstrap OS
+    ├── ...other tasks
+    ├── Task: Check Prerequisites
+    │   └── Action: run-precheck.sh
+    └── Task: Configure System
+        └── Action: apply-sysctl
+````
+
+
+## Repository layout
+
+```text
+cli/
+├── cmd/                  # Cobra command definitions
+│   ├── main.go           # CLI entry point
+│   └── ctl/
+│       ├── root.go
+│       ├── os/           # OS-level maintenance commands
+│       ├── node/         # Cluster node operations
+│       └── gpu/          # GPU management
+└── pkg/
+    ├── core/
+    │   ├── action/       # Re-usable action primitives
+    │   ├── module/       # Module abstractions
+    │   ├── pipeline/     # Pipeline abstractions
+    │   └── task/         # Task abstractions
+    └── pipelines/        # Pre-built pipelines
+    │   ├── ...           # actual modules and tasks for various commands and components
+```
+
+
+## Build from source
+
+### Prerequisites
+
+* **Go 1.24+**
+* **GoReleaser** (optional, for cross-compiling and packaging)
+
+### Sample commands
+
+```bash
+# Clone the repo and enter the CLI folder
+cd cli
+
+# 1) Build for the host OS/ARCH
+go build -o olares-cli ./cmd/main.go
+
+# 2) Cross-compile for Linux amd64 (from macOS, for example)
+GOOS=linux GOARCH=amd64 go build -o olares-cli ./cmd/main.go
+
+# 3) Produce multi-platform artifacts (tar.gz, checksums, etc.)
+goreleaser release --snapshot --clean
+```
+
+---
+
+## Development workflow
+
+### Add a new command
+
+1. Create the command file in `cmd/ctl/<category>/`.
+2. Define a pipeline in `pkg/pipelines/`.
+3. Implement modules & tasks inside the relevant `pkg/` sub-packages.
+
+
+### Test your build
+
+1. Upload the self-built `olares-cli` binary to a machine that's running Olares.
+2. Replace the existing `olares-cli` binary on the machine using `sudo cp -f olares-cli /usr/local/bin`.
+3. Execute arbitrary commands using `olares-cli`

cli/apis/kubekey/v1alpha1/cluster_types.go

@@ -22,8 +22,8 @@ import (
 	"strconv"
 	"strings"
 
-	"bytetrade.io/web3os/installer/pkg/core/logger"
-	"bytetrade.io/web3os/installer/pkg/core/util"
+	"github.com/beclab/Olares/cli/pkg/core/logger"
+	"github.com/beclab/Olares/cli/pkg/core/util"
 	"github.com/pkg/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )

cli/apis/kubekey/v1alpha1/default.go

@@ -21,7 +21,7 @@ import (
 	"os"
 	"strings"
 
-	"bytetrade.io/web3os/installer/pkg/core/util"
+	"github.com/beclab/Olares/cli/pkg/core/util"
 )
 
 const (

cli/apis/kubekey/v1alpha2/cluster_types.go

@@ -22,9 +22,9 @@ import (
 	"strconv"
 	"strings"
 
-	"bytetrade.io/web3os/installer/pkg/core/connector"
-	"bytetrade.io/web3os/installer/pkg/core/logger"
-	"bytetrade.io/web3os/installer/pkg/core/util"
+	"github.com/beclab/Olares/cli/pkg/core/connector"
+	"github.com/beclab/Olares/cli/pkg/core/logger"
+	"github.com/beclab/Olares/cli/pkg/core/util"
 	"github.com/pkg/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"

cli/apis/kubekey/v1alpha2/default.go

@@ -21,7 +21,7 @@ import (
 	"os"
 	"strings"
 
-	"bytetrade.io/web3os/installer/pkg/core/util"
+	"github.com/beclab/Olares/cli/pkg/core/util"
 )
 
 const (

cli/clients/clientset/versioned/clientset.go

@@ -20,8 +20,8 @@ package versioned
 import (
 	"fmt"
 
-	kubekeyv1alpha1 "bytetrade.io/web3os/installer/clients/clientset/versioned/typed/kubekey/v1alpha1"
-	kubekeyv1alpha2 "bytetrade.io/web3os/installer/clients/clientset/versioned/typed/kubekey/v1alpha2"
+	kubekeyv1alpha1 "github.com/beclab/Olares/cli/clients/clientset/versioned/typed/kubekey/v1alpha1"
+	kubekeyv1alpha2 "github.com/beclab/Olares/cli/clients/clientset/versioned/typed/kubekey/v1alpha2"
 	discovery "k8s.io/client-go/discovery"
 	rest "k8s.io/client-go/rest"
 	flowcontrol "k8s.io/client-go/util/flowcontrol"

cli/clients/clientset/versioned/fake/clientset_generated.go

@@ -18,11 +18,11 @@ limitations under the License.
 package fake
 
 import (
-	clientset "bytetrade.io/web3os/installer/clients/clientset/versioned"
-	kubekeyv1alpha1 "bytetrade.io/web3os/installer/clients/clientset/versioned/typed/kubekey/v1alpha1"
-	fakekubekeyv1alpha1 "bytetrade.io/web3os/installer/clients/clientset/versioned/typed/kubekey/v1alpha1/fake"
-	kubekeyv1alpha2 "bytetrade.io/web3os/installer/clients/clientset/versioned/typed/kubekey/v1alpha2"
-	fakekubekeyv1alpha2 "bytetrade.io/web3os/installer/clients/clientset/versioned/typed/kubekey/v1alpha2/fake"
+	clientset "github.com/beclab/Olares/cli/clients/clientset/versioned"
+	kubekeyv1alpha1 "github.com/beclab/Olares/cli/clients/clientset/versioned/typed/kubekey/v1alpha1"
+	fakekubekeyv1alpha1 "github.com/beclab/Olares/cli/clients/clientset/versioned/typed/kubekey/v1alpha1/fake"
+	kubekeyv1alpha2 "github.com/beclab/Olares/cli/clients/clientset/versioned/typed/kubekey/v1alpha2"
+	fakekubekeyv1alpha2 "github.com/beclab/Olares/cli/clients/clientset/versioned/typed/kubekey/v1alpha2/fake"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/watch"
 	"k8s.io/client-go/discovery"

cli/clients/clientset/versioned/fake/register.go

@@ -18,8 +18,8 @@ limitations under the License.
 package fake
 
 import (
-	kubekeyv1alpha1 "bytetrade.io/web3os/installer/apis/kubekey/v1alpha1"
-	kubekeyv1alpha2 "bytetrade.io/web3os/installer/apis/kubekey/v1alpha2"
+	kubekeyv1alpha1 "github.com/beclab/Olares/cli/apis/kubekey/v1alpha1"
+	kubekeyv1alpha2 "github.com/beclab/Olares/cli/apis/kubekey/v1alpha2"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	runtime "k8s.io/apimachinery/pkg/runtime"
 	schema "k8s.io/apimachinery/pkg/runtime/schema"

cli/clients/clientset/versioned/scheme/register.go

@@ -18,8 +18,8 @@ limitations under the License.
 package scheme
 
 import (
-	kubekeyv1alpha1 "bytetrade.io/web3os/installer/apis/kubekey/v1alpha1"
-	kubekeyv1alpha2 "bytetrade.io/web3os/installer/apis/kubekey/v1alpha2"
+	kubekeyv1alpha1 "github.com/beclab/Olares/cli/apis/kubekey/v1alpha1"
+	kubekeyv1alpha2 "github.com/beclab/Olares/cli/apis/kubekey/v1alpha2"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	runtime "k8s.io/apimachinery/pkg/runtime"
 	schema "k8s.io/apimachinery/pkg/runtime/schema"

cli/clients/clientset/versioned/typed/kubekey/v1alpha1/cluster.go

@@ -21,8 +21,8 @@ import (
 	"context"
 	"time"
 
-	v1alpha1 "bytetrade.io/web3os/installer/apis/kubekey/v1alpha1"
-	scheme "bytetrade.io/web3os/installer/clients/clientset/versioned/scheme"
+	v1alpha1 "github.com/beclab/Olares/cli/apis/kubekey/v1alpha1"
+	scheme "github.com/beclab/Olares/cli/clients/clientset/versioned/scheme"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	types "k8s.io/apimachinery/pkg/types"
 	watch "k8s.io/apimachinery/pkg/watch"

cli/clients/clientset/versioned/typed/kubekey/v1alpha1/fake/fake_cluster.go

@@ -20,7 +20,7 @@ package fake
 import (
 	"context"
 
-	v1alpha1 "bytetrade.io/web3os/installer/apis/kubekey/v1alpha1"
+	v1alpha1 "github.com/beclab/Olares/cli/apis/kubekey/v1alpha1"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	labels "k8s.io/apimachinery/pkg/labels"
 	schema "k8s.io/apimachinery/pkg/runtime/schema"

cli/clients/clientset/versioned/typed/kubekey/v1alpha1/fake/fake_kubekey_client.go

@@ -18,7 +18,7 @@ limitations under the License.
 package fake
 
 import (
-	v1alpha1 "bytetrade.io/web3os/installer/clients/clientset/versioned/typed/kubekey/v1alpha1"
+	v1alpha1 "github.com/beclab/Olares/cli/clients/clientset/versioned/typed/kubekey/v1alpha1"
 	rest "k8s.io/client-go/rest"
 	testing "k8s.io/client-go/testing"
 )

cli/clients/clientset/versioned/typed/kubekey/v1alpha1/kubekey_client.go

@@ -18,8 +18,8 @@ limitations under the License.
 package v1alpha1
 
 import (
-	v1alpha1 "bytetrade.io/web3os/installer/apis/kubekey/v1alpha1"
-	"bytetrade.io/web3os/installer/clients/clientset/versioned/scheme"
+	v1alpha1 "github.com/beclab/Olares/cli/apis/kubekey/v1alpha1"
+	"github.com/beclab/Olares/cli/clients/clientset/versioned/scheme"
 	rest "k8s.io/client-go/rest"
 )
 

cli/clients/clientset/versioned/typed/kubekey/v1alpha2/cluster.go

@@ -21,8 +21,8 @@ import (
 	"context"
 	"time"
 
-	v1alpha2 "bytetrade.io/web3os/installer/apis/kubekey/v1alpha2"
-	scheme "bytetrade.io/web3os/installer/clients/clientset/versioned/scheme"
+	v1alpha2 "github.com/beclab/Olares/cli/apis/kubekey/v1alpha2"
+	scheme "github.com/beclab/Olares/cli/clients/clientset/versioned/scheme"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	types "k8s.io/apimachinery/pkg/types"
 	watch "k8s.io/apimachinery/pkg/watch"

cli/clients/clientset/versioned/typed/kubekey/v1alpha2/fake/fake_cluster.go

@@ -20,7 +20,7 @@ package fake
 import (
 	"context"
 
-	v1alpha2 "bytetrade.io/web3os/installer/apis/kubekey/v1alpha2"
+	v1alpha2 "github.com/beclab/Olares/cli/apis/kubekey/v1alpha2"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	labels "k8s.io/apimachinery/pkg/labels"
 	schema "k8s.io/apimachinery/pkg/runtime/schema"

cli/clients/clientset/versioned/typed/kubekey/v1alpha2/fake/fake_kubekey_client.go

@@ -18,7 +18,7 @@ limitations under the License.
 package fake
 
 import (
-	v1alpha2 "bytetrade.io/web3os/installer/clients/clientset/versioned/typed/kubekey/v1alpha2"
+	v1alpha2 "github.com/beclab/Olares/cli/clients/clientset/versioned/typed/kubekey/v1alpha2"
 	rest "k8s.io/client-go/rest"
 	testing "k8s.io/client-go/testing"
 )

cli/clients/clientset/versioned/typed/kubekey/v1alpha2/kubekey_client.go

@@ -18,8 +18,8 @@ limitations under the License.
 package v1alpha2
 
 import (
-	v1alpha2 "bytetrade.io/web3os/installer/apis/kubekey/v1alpha2"
-	"bytetrade.io/web3os/installer/clients/clientset/versioned/scheme"
+	v1alpha2 "github.com/beclab/Olares/cli/apis/kubekey/v1alpha2"
+	"github.com/beclab/Olares/cli/clients/clientset/versioned/scheme"
 	rest "k8s.io/client-go/rest"
 )
 

cli/clients/informers/externalversions/factory.go

@@ -22,9 +22,9 @@ import (
 	sync "sync"
 	time "time"
 
-	versioned "bytetrade.io/web3os/installer/clients/clientset/versioned"
-	internalinterfaces "bytetrade.io/web3os/installer/clients/informers/externalversions/internalinterfaces"
-	kubekey "bytetrade.io/web3os/installer/clients/informers/externalversions/kubekey"
+	versioned "github.com/beclab/Olares/cli/clients/clientset/versioned"
+	internalinterfaces "github.com/beclab/Olares/cli/clients/informers/externalversions/internalinterfaces"
+	kubekey "github.com/beclab/Olares/cli/clients/informers/externalversions/kubekey"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	runtime "k8s.io/apimachinery/pkg/runtime"
 	schema "k8s.io/apimachinery/pkg/runtime/schema"

cli/clients/informers/externalversions/generic.go

@@ -20,8 +20,8 @@ package externalversions
 import (
 	"fmt"
 
-	v1alpha1 "bytetrade.io/web3os/installer/apis/kubekey/v1alpha1"
-	v1alpha2 "bytetrade.io/web3os/installer/apis/kubekey/v1alpha2"
+	v1alpha1 "github.com/beclab/Olares/cli/apis/kubekey/v1alpha1"
+	v1alpha2 "github.com/beclab/Olares/cli/apis/kubekey/v1alpha2"
 	schema "k8s.io/apimachinery/pkg/runtime/schema"
 	cache "k8s.io/client-go/tools/cache"
 )

cli/clients/informers/externalversions/internalinterfaces/factory_interfaces.go

@@ -20,7 +20,7 @@ package internalinterfaces
 import (
 	time "time"
 
-	versioned "bytetrade.io/web3os/installer/clients/clientset/versioned"
+	versioned "github.com/beclab/Olares/cli/clients/clientset/versioned"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	runtime "k8s.io/apimachinery/pkg/runtime"
 	cache "k8s.io/client-go/tools/cache"

cli/clients/informers/externalversions/kubekey/interface.go

@@ -18,9 +18,9 @@ limitations under the License.
 package kubekey
 
 import (
-	internalinterfaces "bytetrade.io/web3os/installer/clients/informers/externalversions/internalinterfaces"
-	v1alpha1 "bytetrade.io/web3os/installer/clients/informers/externalversions/kubekey/v1alpha1"
-	v1alpha2 "bytetrade.io/web3os/installer/clients/informers/externalversions/kubekey/v1alpha2"
+	internalinterfaces "github.com/beclab/Olares/cli/clients/informers/externalversions/internalinterfaces"
+	v1alpha1 "github.com/beclab/Olares/cli/clients/informers/externalversions/kubekey/v1alpha1"
+	v1alpha2 "github.com/beclab/Olares/cli/clients/informers/externalversions/kubekey/v1alpha2"
 )
 
 // Interface provides access to each of this group's versions.

cli/clients/informers/externalversions/kubekey/v1alpha1/cluster.go

@@ -21,10 +21,10 @@ import (
 	"context"
 	time "time"
 
-	kubekeyv1alpha1 "bytetrade.io/web3os/installer/apis/kubekey/v1alpha1"
-	versioned "bytetrade.io/web3os/installer/clients/clientset/versioned"
-	internalinterfaces "bytetrade.io/web3os/installer/clients/informers/externalversions/internalinterfaces"
-	v1alpha1 "bytetrade.io/web3os/installer/clients/listers/kubekey/v1alpha1"
+	kubekeyv1alpha1 "github.com/beclab/Olares/cli/apis/kubekey/v1alpha1"
+	versioned "github.com/beclab/Olares/cli/clients/clientset/versioned"
+	internalinterfaces "github.com/beclab/Olares/cli/clients/informers/externalversions/internalinterfaces"
+	v1alpha1 "github.com/beclab/Olares/cli/clients/listers/kubekey/v1alpha1"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	runtime "k8s.io/apimachinery/pkg/runtime"
 	watch "k8s.io/apimachinery/pkg/watch"

cli/clients/informers/externalversions/kubekey/v1alpha1/interface.go

@@ -18,7 +18,7 @@ limitations under the License.
 package v1alpha1
 
 import (
-	internalinterfaces "bytetrade.io/web3os/installer/clients/informers/externalversions/internalinterfaces"
+	internalinterfaces "github.com/beclab/Olares/cli/clients/informers/externalversions/internalinterfaces"
 )
 
 // Interface provides access to all the informers in this group version.

cli/clients/informers/externalversions/kubekey/v1alpha2/cluster.go

@@ -21,10 +21,10 @@ import (
 	"context"
 	time "time"
 
-	kubekeyv1alpha2 "bytetrade.io/web3os/installer/apis/kubekey/v1alpha2"
-	versioned "bytetrade.io/web3os/installer/clients/clientset/versioned"
-	internalinterfaces "bytetrade.io/web3os/installer/clients/informers/externalversions/internalinterfaces"
-	v1alpha2 "bytetrade.io/web3os/installer/clients/listers/kubekey/v1alpha2"
+	kubekeyv1alpha2 "github.com/beclab/Olares/cli/apis/kubekey/v1alpha2"
+	versioned "github.com/beclab/Olares/cli/clients/clientset/versioned"
+	internalinterfaces "github.com/beclab/Olares/cli/clients/informers/externalversions/internalinterfaces"
+	v1alpha2 "github.com/beclab/Olares/cli/clients/listers/kubekey/v1alpha2"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	runtime "k8s.io/apimachinery/pkg/runtime"
 	watch "k8s.io/apimachinery/pkg/watch"

cli/clients/informers/externalversions/kubekey/v1alpha2/interface.go

@@ -18,7 +18,7 @@ limitations under the License.
 package v1alpha2
 
 import (
-	internalinterfaces "bytetrade.io/web3os/installer/clients/informers/externalversions/internalinterfaces"
+	internalinterfaces "github.com/beclab/Olares/cli/clients/informers/externalversions/internalinterfaces"
 )
 
 // Interface provides access to all the informers in this group version.

cli/clients/listers/kubekey/v1alpha1/cluster.go

@@ -18,7 +18,7 @@ limitations under the License.
 package v1alpha1
 
 import (
-	v1alpha1 "bytetrade.io/web3os/installer/apis/kubekey/v1alpha1"
+	v1alpha1 "github.com/beclab/Olares/cli/apis/kubekey/v1alpha1"
 	"k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/labels"
 	"k8s.io/client-go/tools/cache"

cli/clients/listers/kubekey/v1alpha2/cluster.go

@@ -18,7 +18,7 @@ limitations under the License.
 package v1alpha2
 
 import (
-	v1alpha2 "bytetrade.io/web3os/installer/apis/kubekey/v1alpha2"
+	v1alpha2 "github.com/beclab/Olares/cli/apis/kubekey/v1alpha2"
 	"k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/labels"
 	"k8s.io/client-go/tools/cache"

cli/cmd/ctl/gpu/disable.go

@@ -3,7 +3,7 @@ package gpu
 import (
 	"log"
 
-	"bytetrade.io/web3os/installer/pkg/pipelines"
+	"github.com/beclab/Olares/cli/pkg/pipelines"
 	"github.com/spf13/cobra"
 )
 

cli/cmd/ctl/gpu/enable.go

@@ -3,7 +3,7 @@ package gpu
 import (
 	"log"
 
-	"bytetrade.io/web3os/installer/pkg/pipelines"
+	"github.com/beclab/Olares/cli/pkg/pipelines"
 	"github.com/spf13/cobra"
 )
 

cli/cmd/ctl/gpu/install.go

@@ -3,8 +3,8 @@ package gpu
 import (
 	"log"
 
-	"bytetrade.io/web3os/installer/cmd/ctl/options"
-	"bytetrade.io/web3os/installer/pkg/pipelines"
+	"github.com/beclab/Olares/cli/cmd/ctl/options"
+	"github.com/beclab/Olares/cli/pkg/pipelines"
 	"github.com/spf13/cobra"
 )
 

cli/cmd/ctl/gpu/status.go

@@ -3,7 +3,7 @@ package gpu
 import (
 	"log"
 
-	"bytetrade.io/web3os/installer/pkg/pipelines"
+	"github.com/beclab/Olares/cli/pkg/pipelines"
 	"github.com/spf13/cobra"
 )
 

cli/cmd/ctl/gpu/uninstall.go

@@ -3,7 +3,7 @@ package gpu
 import (
 	"log"
 
-	"bytetrade.io/web3os/installer/pkg/pipelines"
+	"github.com/beclab/Olares/cli/pkg/pipelines"
 	"github.com/spf13/cobra"
 )
 

cli/cmd/ctl/gpu/upgrade.go

@@ -3,8 +3,8 @@ package gpu
 import (
 	"log"
 
-	"bytetrade.io/web3os/installer/cmd/ctl/options"
-	"bytetrade.io/web3os/installer/pkg/pipelines"
+	"github.com/beclab/Olares/cli/cmd/ctl/options"
+	"github.com/beclab/Olares/cli/pkg/pipelines"
 	"github.com/spf13/cobra"
 )
 

cli/cmd/ctl/node/add.go

@@ -1,10 +1,11 @@
 package node
 
 import (
-	"bytetrade.io/web3os/installer/cmd/ctl/options"
-	"bytetrade.io/web3os/installer/pkg/pipelines"
-	"github.com/spf13/cobra"
 	"log"
+
+	"github.com/beclab/Olares/cli/cmd/ctl/options"
+	"github.com/beclab/Olares/cli/pkg/pipelines"
+	"github.com/spf13/cobra"
 )
 
 func NewCmdAddNode() *cobra.Command {

cli/cmd/ctl/node/masterinfo.go

@@ -1,10 +1,11 @@
 package node
 
 import (
-	"bytetrade.io/web3os/installer/cmd/ctl/options"
-	"bytetrade.io/web3os/installer/pkg/pipelines"
-	"github.com/spf13/cobra"
 	"log"
+
+	"github.com/beclab/Olares/cli/cmd/ctl/options"
+	"github.com/beclab/Olares/cli/pkg/pipelines"
+	"github.com/spf13/cobra"
 )
 
 func NewCmdMasterInfo() *cobra.Command {

cli/cmd/ctl/options/cli_options.go

@@ -1,9 +1,9 @@
 package options
 
 import (
-	"bytetrade.io/web3os/installer/pkg/common"
-	cc "bytetrade.io/web3os/installer/pkg/core/common"
-	"bytetrade.io/web3os/installer/pkg/phase/cluster"
+	"github.com/beclab/Olares/cli/pkg/common"
+	cc "github.com/beclab/Olares/cli/pkg/core/common"
+	"github.com/beclab/Olares/cli/pkg/phase/cluster"
 	"github.com/spf13/cobra"
 )
 

cli/cmd/ctl/options/download_options.go

@@ -1,7 +1,7 @@
 package options
 
 import (
-	cc "bytetrade.io/web3os/installer/pkg/core/common"
+	cc "github.com/beclab/Olares/cli/pkg/core/common"
 	"github.com/spf13/cobra"
 )
 

cli/cmd/ctl/options/gpu_options.go

@@ -1,9 +1,10 @@
 package options
 
 import (
-	"bytetrade.io/web3os/installer/pkg/common"
-	cc "bytetrade.io/web3os/installer/pkg/core/common"
 	"fmt"
+
+	"github.com/beclab/Olares/cli/pkg/common"
+	cc "github.com/beclab/Olares/cli/pkg/core/common"
 	"github.com/spf13/cobra"
 )
 

cli/cmd/ctl/os/changeip.go

@@ -1,10 +1,11 @@
 package os
 
 import (
-	"bytetrade.io/web3os/installer/cmd/ctl/options"
-	"bytetrade.io/web3os/installer/pkg/pipelines"
-	"github.com/spf13/cobra"
 	"log"
+
+	"github.com/beclab/Olares/cli/cmd/ctl/options"
+	"github.com/beclab/Olares/cli/pkg/pipelines"
+	"github.com/spf13/cobra"
 )
 
 func NewCmdChangeIP() *cobra.Command {

cli/cmd/ctl/os/download.go

@@ -1,10 +1,11 @@
 package os
 
 import (
-	"bytetrade.io/web3os/installer/cmd/ctl/options"
-	"bytetrade.io/web3os/installer/pkg/pipelines"
-	"github.com/spf13/cobra"
 	"log"
+
+	"github.com/beclab/Olares/cli/cmd/ctl/options"
+	"github.com/beclab/Olares/cli/pkg/pipelines"
+	"github.com/spf13/cobra"
 )
 
 func NewCmdRootDownload() *cobra.Command {

cli/cmd/ctl/os/info.go

@@ -1,7 +1,7 @@
 package os
 
 import (
-	"bytetrade.io/web3os/installer/pkg/pipelines"
+	"github.com/beclab/Olares/cli/pkg/pipelines"
 	"github.com/spf13/cobra"
 )
 

cli/cmd/ctl/os/install.go

@@ -3,8 +3,8 @@ package os
 import (
 	"log"
 
-	"bytetrade.io/web3os/installer/cmd/ctl/options"
-	"bytetrade.io/web3os/installer/pkg/pipelines"
+	"github.com/beclab/Olares/cli/cmd/ctl/options"
+	"github.com/beclab/Olares/cli/pkg/pipelines"
 	"github.com/spf13/cobra"
 )
 

cli/cmd/ctl/os/logs.go

@@ -2,8 +2,6 @@ package os
 
 import (
 	"archive/tar"
-	"bytetrade.io/web3os/installer/pkg/common"
-	"bytetrade.io/web3os/installer/pkg/core/util"
 	"compress/gzip"
 	"fmt"
 	"io"
@@ -14,6 +12,9 @@ import (
 	"strings"
 	"time"
 
+	"github.com/beclab/Olares/cli/pkg/common"
+	"github.com/beclab/Olares/cli/pkg/core/util"
+
 	"github.com/spf13/cobra"
 )
 

cli/cmd/ctl/os/precheck.go

@@ -1,10 +1,11 @@
 package os
 
 import (
-	"bytetrade.io/web3os/installer/cmd/ctl/options"
-	"bytetrade.io/web3os/installer/pkg/pipelines"
-	"github.com/spf13/cobra"
 	"log"
+
+	"github.com/beclab/Olares/cli/cmd/ctl/options"
+	"github.com/beclab/Olares/cli/pkg/pipelines"
+	"github.com/spf13/cobra"
 )
 
 func NewCmdPrecheck() *cobra.Command {

cli/cmd/ctl/os/prepare.go

@@ -3,8 +3,8 @@ package os
 import (
 	"log"
 
-	"bytetrade.io/web3os/installer/cmd/ctl/options"
-	"bytetrade.io/web3os/installer/pkg/pipelines"
+	"github.com/beclab/Olares/cli/cmd/ctl/options"
+	"github.com/beclab/Olares/cli/pkg/pipelines"
 	"github.com/spf13/cobra"
 )
 

cli/cmd/ctl/os/release.go

@@ -1,9 +1,6 @@
 package os
 
 import (
-	"bytetrade.io/web3os/installer/pkg/core/common"
-	"bytetrade.io/web3os/installer/pkg/core/util"
-	"bytetrade.io/web3os/installer/pkg/release/builder"
 	"fmt"
 	"os"
 	"os/user"
@@ -11,6 +8,10 @@ import (
 	"strings"
 	"time"
 
+	"github.com/beclab/Olares/cli/pkg/core/common"
+	"github.com/beclab/Olares/cli/pkg/core/util"
+	"github.com/beclab/Olares/cli/pkg/release/builder"
+
 	"github.com/spf13/cobra"
 )
 
@@ -48,7 +49,7 @@ func NewCmdRelease() *cobra.Command {
 			}
 
 			if version == "" {
-				version = fmt.Sprintf("0.0.0-local-dev-%s", time.Now().Format("20060102150405"))
+				version = fmt.Sprintf("1.12.0-%s", time.Now().Format("20060102150405"))
 				fmt.Printf("--version unspecified, using: %s\n", version)
 				time.Sleep(1 * time.Second)
 			}

cli/cmd/ctl/os/startstop.go

@@ -3,9 +3,10 @@ package os
 import (
 	"time"
 
-	"bytetrade.io/web3os/installer/pkg/pipelines"
-	"github.com/spf13/cobra"
 	"log"
+
+	"github.com/beclab/Olares/cli/pkg/pipelines"
+	"github.com/spf13/cobra"
 )
 
 func NewCmdStart() *cobra.Command {

cli/cmd/ctl/os/storage.go

@@ -1,10 +1,11 @@
 package os
 
 import (
-	"bytetrade.io/web3os/installer/cmd/ctl/options"
-	"bytetrade.io/web3os/installer/pkg/pipelines"
-	"github.com/spf13/cobra"
 	"log"
+
+	"github.com/beclab/Olares/cli/cmd/ctl/options"
+	"github.com/beclab/Olares/cli/pkg/pipelines"
+	"github.com/spf13/cobra"
 )
 
 func NewCmdInstallStorage() *cobra.Command {