LATEST 8.8.0 Release 
EVE is Edge Virtualization Engine
EVE aims to develop an open, agnostic, and standardized architecture unifying the approach to developing and orchestrating cloud-native applications across the enterprise on-premises edge. It offers users new levels of control through hardware-assisted virtualization of on-prem edge devices.
LATEST 8.10.0 Release https://github.com/lf-edge/eve/releases/tag/8.10.0 🎉
NEW:
📡wwan: Explicitly request IPv4 connection
Without explicitly asking for IPv4 (which we only support for wwan), for some LTE networks the connect request may fail with:
error: couldn't start network: QMI protocol error (14): 'CallFailed'
call end reason (1): generic-unspecified
verbose call end reason (6,50): [3gpp] ipv4-only-allowed
The network returns this error to indicate that only PDN type IPv4 is allowed for the requested PDN connectivity (which we want but need to be explicit about it).
💿Support for ISO format
This PR adds support for ISO format to support attach of iso images to VM to boot from or to install required data from iso. Also, PR contains small refactoring of volumemgr which makes zvol usage configurable for zfs persist type.
🔏Add new signing service athttp://169.254.169.254/eve/v1/tpm/signer
Applications might want to get some application-specific data signed by EVE-OS so that they can verify it was indeed generated by an app instance running on a particular device.
✉️Bootstrap config protobuf message + config timestamp
Also some high-level documentation is included. However, later there will be a separate markdown document with a detailed description of the newly proposed bootstrapping mechanism (once we figure out all the details).
🎱Enable draid feature for persist pool
We had a bug with mismatch of libzfs and zfs module versions. Let's set draid feature enabled as we started with zfs 2.1.x which supports this feature. With disabled we will see errors from zpool status.
🎛Build zfs libs and binaries in dom0-ztools
We should use the same version of libzfs as we use in the kernel module. Let's add a build of binaries for zfs into dom0-ztools.
🗂Pillar with zfs files from dom0-ztools
We use zpool and zfs in pillar. Let's use binaries we built inside dom0-ztools.
🎉Update functions in the ZFS package that use base.Exec() to get information
This commit changes the functions in the ZFS package where we used base.Exec() to get information.
After this commit, data will be collected through the go-libzfs.
FIX:
🛠Fix PCIe BAR allocation on HPE m750
By default, Linux reassigns BAR addresses if there are devices with 64-bit addresses. However, on m750 it fails to assign BAR registers in some HW configurations e.g. P1000 NVIDIA GPU is installed into slot 1. We just force using UEFI assignments in this case. We set it only for m750 to be on a safe side.
🛠use explicit specific version of strongswan in Dockerfile and local file
pkg/strongswan: explicitly specify a version rather than just downloading link to latest. Note that we checked which version we currently are using via the md5 hash and used the same one. This PR does not change the version used, only explicitly references it.
🛠use explicit busybox commit version in pkg/fw
pkg/fw: use an explicit FROM busybox@sha256:<hash> instead of just FROM busybox
🛠Fix dom0-ztools version
Seems version of dom0-ztools changed before the merge of #2746 PR.
🛠Fix live gcp target
We have a problem with live-gcp target because of the wrong directory to find disks.
🛠Some Edgeview enhancements and fixes
STATS:
GitHub:⭐️359(+1) DockerHub: 300k🚀 (+6397) pulls
Changelog: https://github.com/lf-edge/eve/compare/8.9.0...8.10.0
8.9.0 Release https://github.com/lf-edge/eve/releases/tag/8.9.0 🎉
NEW:
🎛Do not defer on subsequent boot
On the first boot we want to defer until the EdgeNodeCerts have been published to the controller, but on a subsequent boot we need to proceed and use a checkpointed config. As part of this we make sure we do not attempt to restart the attestation if we didn't yet try.
📈Increase default turbo-mode clock to 1.8GHz
According to https://www.raspberrypi.com/documentation/computers/config_txt.html#arm_boost-raspberry-pi-4-only newer revisions of the Raspberry Pi 4B are equipped with a second switch-mode power supply for the SoC voltage rail, and this allows the default turbo-mode clock to be increased from 1.5GHz to 1.8GHz. This change should be safe for all such boards.
⛔️Remove alpine edge usage
We use alpine:edge in pkg/fw which is suboptimal in terms of controlling of versions of software. Let's jump to defined versions of upstream repositories to grub blobs from. Now it reproduces the same logic as we have using alpine:edge.
🎚Enable frequency control support for RPi4
Seems without CONFIG_ARM_RASPBERRYPI_CPUFREQ we use 600MHz in all cases on RPi4.
📄Refactor verification of AuthContainer
This prepares for being able to checkpoint the received configuration with its AuthContainer wrapper.
☑️Checkpoint EdgeDevConfig with AuthContainer
Means we can verify the signature when using the checkpoint
📄Populate meta data API with edge node info
Returns enterprise, project and device information in http://169.254.169.254/eve/v1/network.json
STATS:
GitHub:⭐️358(+0) DockerHub: 294394 (+4620) pulls
Changelog: https://github.com/lf-edge/eve/compare/8.8.0...8.9.0
8.8.0 Release https://github.com/lf-edge/eve/releases/tag/8.8.0 🎉 🎉
EVE is Edge Virtualization Engine
...
- it offers EVE side log search, network-related debugging,
system related debugging, and show pubsub data - it offers copying files from a device, such as log files, onto e.g. operator's laptop
- it offers 'virtual port mapping' which allows TCP services into device or apps
- this patch does not include the session token/dispatcher ip,port privisionning,
for which one can use e.g. temp config for edge-view with configitem #2269 to build a
private image and use 'zcli' to supply those configures for testing - with the patch, one can build a client-side 'edge-view' container for query
or local virtual-port mapping endpoints, the container can also be used
for ssh-mode access into the EVE for device debugging - this patch has the Golang example program for 'edge-view' dispatcher which
is needed for non-ssh mode with a device running behind fw/nat/lte/proxy - going to generate an EVE wiki doc to describe 'edge-view' in more detail
...
update the docs with instruction how to use dev builds
Eve can be built in "development" mode, by specifying `DEV=y` flag. Currently, this affects only the pillar package. Specifically, the pillar is built with debug symbols and includes https://github.com/go-delve/delve.
STATS:
Github:⭐️354(+2) DockerHub: 289164 (+3132) pulls
Changelog: https://github.com/lf-edge/eve/compare/8.4.0...8.5.0
...
The EVE Design Summit is taking place on June 23 in Berlin, Germany. Top EVE developers and contributors will collaborate with industry users and community members to plan the way forward. An open-source community keynote will be followed by lunch, then we’ll complete the remaining technical expert talks and break into groups to strategize for the future. We’ll wrap the day with an evening social event.
https://www.lfedge.org/event/eve-design-summit-2/
8.2.0 Release https://github.com/lf-edge/eve/releases/tag/8.2.0🎉
...
🛠Fix accidental loop for poweroff command
This was introduced in PR #2609 and discovered as part of the review for PR #2610
🛠Fix attestation restart on 403 config response
We should restart attestation on 403 code as config response and this code is assumed as an error, so we should move handling to the proper place inside error from SendOnAllIntf handling.
...
The EVE Design Summit is taking place on June 23 in Berlin, Germany. Top EVE developers and contributors will collaborate with industry users and community members to plan the way forward. An open-source community keynote will be followed by lunch, then we’ll complete the remaining technical expert talks and break into groups to strategize for the future. We’ll wrap the day with an evening social event.
https://www.lfedge.org/event/eve-design-summit-2/
8.1.0 Released https://github.com/lf-edge/eve/releases/tag/8.1.0 🎉
...
📍Geographic coordinates reported by EVE #2600
EVE is able to obtain location information from a GNSS receiver integrated into an LTE modem.
This information is then propagated to 3 destinations:
...
By default, location reporting is disabled and has to be explicitly enabled under the cellular configuration.
Learn more https://wikilf-lfedge.lfedgeatlassian.orgnet/wiki/display/EVE/GPS+coordinates+exposed+by+EVE
DOCS:
🎛add edgeview container/api doc
Edge-View as a service on EVE, it needs to receive/update user configurations from the controller; and it needs to send/update Edge-View running status to the controller.
...
- Implement configurators for VLANs and Bonds ✅
This is the last missing piece needed to enable support for VLANs and LAGs for EVE management and local network instances. This functionality is described and designed in this document: https://wikilf-lfedge.lfedgeatlassian.orgnet/wiki/display/EVE/EVE+VLAN+support+-+create+VLAN+and+bond+interfaces . A part of this commit is also a fix for Switch network VLANs, where we forgot to configure the network uplink port as the trunk, therefore all tagged packets coming in and out of it would be dropped by bridge VLAN filtering. As a result, VLANs were working correctly only for air-gapped switch networks. - Handle EVE-OS reinstall with TPM + ZFS 🔒
If we have previously installed EVE-OS on this device and there was no TPM clear done in the BIOS, then we need to clear the keys associated with persist/vault as part of creating persist/vault. - Do not skip DNS State check in client 🚦
We do not update networkState in the client if only DNS State changes. It may block the onboarding process.| - add zinfo type for edgeview and zedagent publish to controller ℹ️
Missed the zinfo type in proto define for edgeview in PR Edge-View API and JWT #2427 and added zedagent publish the edgeviewStatus to the controller. - Reduce memory usage for DownloadedParts Hash 📉
We can use a JSON encoder to stream checksum calculations instead of using all data in place to reduce memory usage. Around 25KB per GB of image.
...
- NIM refactoring ✍️
This PR substantially refactors NIM microservice. Contains several commits to improve the code of NIM, split code into several files, and avoid files with 2000+ lines. - Support zfs raid levels during install 🎛
Provides grub parameters to explicitly install zfs and pick the raid level. Support for single disk installation of ZFS is added. - Show string status for zpool in case of not online ℹ️
Show string status for zpool in case of not online (i.e. One or more devices have been taken offline by the administrator. Sufficient replicas exist for the pool to continue functioning in a degraded state.). The library we use has no support for showing this, so I parse the output of zpool status here. - Support for multiple top-level vdevs in pool 🛠
We will fill children info for multiple top-level vdevs and fill CurrentRaid as the lowest redundancy of all included vdevs. - Support to install EVE and ZFS on same disk 🎛
Installed with grub parameters eve_install_zfs_with_raid_level=none eve_install_disk=nvme0n1 - Pass grub config file for iso installer 💿
Seems we still need to have the possibility to pass options from grub.cfg comes with config.img file in case of iso installer.
The solution to sort disks (#2309) discussed #2303 (comment) is not enough and we still need to define explicitly the disk to install EVE onto with eve_install_disk option
...
STATS:
Github:⭐️340(+1) stars 121(+3) forks DockerHub: 280472(+1351)pulls🚀
Changelog: https://github.com/lf-edge/eve/compare/7.11.0...8.0.0
...
- Extract raw filename from mime
This is necessary to handle new version of the mime package and allow creating the CDROM directory layout for cloud-init. Note that the handling guards against the directory/filename escaping from the target directory. - Use 32byte TPM keys only for vault protection 🔒
Starting this commit a new install of EVE-OS will create a vault config file on systems with TPM support. That file will be used to determine whether to use only the TPM key or merge the TPM and controller key. This applies to both ext4 and zfs filesystems. - Add functionality to send information about disks ℹ️
Add functionality to send information about disks via a separate HardwareInfo message with a rare sending rate. Add serial number assembly for disks in ZFS. Add information about the disk from which information could not be retrieved. Also rewrote the GetSerialNumberForDisk function because an error occurred if the input disk name was a partition (eg /dev/sda1). - Run tests against zfs-kvm 🛠
We can use zfs-KVM HV to run the single-disk zfs mode of EVE and use it in our tests. We changed the version of EVE in eveupdate tests to recent ones. - Add S.M.A.R.T data collector for disks 🎛
This PR adds features for collecting disk information, including SMART attributes. Also, a package has been added here that allows you to read the file system, to obtain information about available disks and information about them. - API update to send more disks information for storage system to EVE ℹ️
Update API to send more disk information (including s.m.a.r.t ones) for the storage system in EVE. - Add possibility to define nested structures in DisksConfig 🎛
To use stripe of two pairs of mirrored disks we should define DisksConfig without disks with array_type DISKS_ARRAY_TYPE_RAID0 with two children with properly defined disks inside and with array_type DISKS_ARRAY_TYPE_RAID1 and empty children - Set max_sectors explicitly to run Windows VM with vhost-scsi-pci 🪟
We can see [ 259.573575] vhost_scsi_calc_sgls: requested sgl_count: 2649 exceeds pre-allocated max_sgls: 2048 in kernel messages and Windows VM do not boot with zfs/vhost-scsi-pci. As discussed in https://edk2.groups.io/g/discuss/topic/windows_2019_vm_fails_to_boot/74465994: I/O size exceeds the max SCSI I/O limitation(8M) of vhost-scsi in KVM and we should adjust options to run Windows VM with vhost-scsi-pci. - Split bucket and path from ds config for AWS ☁️
We can have files located in directories inside the bucket, but now path from datastore assuming as bucket name. We should split the path into bucket names and file paths if we can see '/' inside the bucket. - Have installer default to fixed disk/partition UUIDs 📝
This is needed to make PCR5 in the TPM measured boot be the same for otherwise identical hardware and firmware/software. The new eve_install_random_disk_uuids can be set to get the old behavior. storage-init recreates as fixed if IMGA has the fixed UUID.
...
- Run potentialUUIDUpdate on 400 and on attest problems ☑️
As described in the APIv2 documentation, we should assume that the device does not exist in the controller if the controller returns 400.
Also seems we do not run potentialUUIDUpdate before successful attestation, but we should. Also, we must remove the old attest message on change and push new. - CONFIG_IGC for Intel Ethernet Controller 🎛
CONFIG_IGC for Intel Ethernet Controller I225-LM/I225-V/I225-IT - Use TLS with S3 🔑
Some old code had this disabled, thus we relied on the image SHA256 for verification. However, this means that firewalls need to open up outbound port 80 when port 443 should be sufficient. Verified that the S3 downloads work correctly even when a TLS MiTM proxy is in use thus the proxy certificate is passed into the S3 download code. - Implement appinfo extension for purge/restart command requests ℹ️
This commit implements the extension to the /api/v1/appinfo local profile endpoint, which allows the server to submit purge/restart commands for locally running application instances. This functionality is already documented in api/PROFILE.md under "AppInfo". Plus test lf-edge/eden#744 - Rework ECO to show information to log and VNC 📺
Now we cannot see information from the app in logs if VNC is enabled, with this change we will output information to both places. - Allow /30 subnets for local network instance 📡
The current MinSubnetSize of > 8 is too restrictive. We these changes we can handle /30 subnet, which means that there is one IP address available for an app instance (and one for "zedrouter").
...
- fix broken calculation of downloaded parts for azure ☁️
In case of successfully downloading the last part (it is a special one, which is in general not equal SingleMB), on retry we can hit. The range specified is invalid for the current size of the resource because of the wrong check for the last partNum (Developer mistakenly checked not for partNum == partsCount - 1 in #2420) and we hit the situation with downloading 0 bytes starting from the end of the file. In this PR I removed complex logic and just check if the range for download is greater than 0 or not. - fix make-raw to properly handle stdin and to not adjust partitions for usbconf 🧹
It comes from lines where we check for /parts and if it does not exist, we extract file comes from tar in stdin. But /parts exist, we create it in Dockerfile. So, the developer adds a check for tty connected to stdin, if not, we assume that it is a pipe from tar. - Remove unused package 🧹
There is a CVE flagged against a dependency in pkg/lisp and since we no longer use it the easiest resolution is to remove the code.
Full Changelog: https://github.com/lf-edge/eve/compare/7.5.0...7.6.0
EVE 7.5.0 https://github.com/lf-edge/eve/releases/tag/7.5.0
NEW:
- Added riscv64 support 🎉
Add necessary patches to boot eve on riscv64
...
Full Changelog: https://github.com/lf-edge/eve/compare/7.4.0...7.5.0
EVE 7.4.0 https://github.com/lf-edge/eve/releases/tag/7.4.0
NEW:
- Do not allow to impose radio silence during EVE update testing
If edge node is going through EVE update and radio silence is imposed during the 10 minutes testing period, then the access to the controller may be lost and device will fallback to the previous release. This is in violation with the radio silence requirements, which state that edge node should not trigger port config or EVE image fallback during a (temporarily) imposed radio silence. To prevent the EVE fallback from happening, zedagent will simply return error back to the Local profile server if radio silence is requested during EVE update testing period. - azure partial download
This allow us to keep information about downloaded parts for s3 datastore in memory and resume download from the previous try. New updates added Azure support. Also added file with .progress in the end to keep information about downloaded parts across reboots.
...
- configure network broadcast address on container interfaces
Network bcast address on container interfaces is currently not being set. It shows as 0.0.0.0 in ifconfig output from inside the container.
This fix should make sure that ip command while setting the ucast address also computes the bcast address and adds it to interface of containers. - Fix publishedEdgeNodeCerts set too early.
Even in case messages are deferred due to failures we should not set publishedEdgeNodeCerts until after the ZAttestReqType_ATTEST_REQ_CERT message has been sent. - fix an issue of tlsconfig initialization in diag.go
this crash was due to a change in PR #2333 that added at the diag start of init tlsConfig to the session resume, but not the caroot.
this is to remove that init, and during the tryPing time to get the tlsConfig normally and add the session-resume option
...
Full Changelog : https://github.com/lf-edge/eve/compare/7.3.0...7.4.0
EVE 6.10.0 https://github.com/lf-edge/eve/releases/tag/6.10.0
NEW:
- retry eve image update
Possibility to retry eve image update by incrementing the counter (EdgeDevConfig->Baseos->RetryUpdate→Counter). If the currently configured image is in FAILED state in the other partition, retry the image upgrade. ELSE Do nothing. Just update the BaseosUpdateCounter counter in the Info message and send an Info message to zedcloud.
Warning! If you try this from the UI and the device is running <6.10 it will silently be a no-op. - run selfRegister to overcome node re-creation
To keep connection with controller after node re-creation with the same onboard certificate we should run selfRegister on reboot - support zfs zvols as volumes
Now it works in a progress state due to a lack of accounting features and refactoring needs.
One drawback I cannot solve here for now: we cannot convert qcow2 (one another format) to raw on the fly, we need to use a temporary file for this now. - generated vendor files for PR#2163
- Add display print example plus + qemu test
- Avoid setting freeUplink in model; better handling of wwan and wlan
...
Full Changelog : https://github.com/lf-edge/eve/compare/6.9.0...6.10.0
...