From 0cb93ed1bb3df79343782d3aafc7dcb4e346e999 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Thu, 22 Aug 2024 12:21:40 +0200 Subject: [PATCH] kata-deploy: helm: Add INSTALLATION_PREFIX option MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This will allow users to properly set the INSTALLATION_PREFIX when deploying Kata Containers. Signed-off-by: Fabiano FidĂȘncio --- .../kata-deploy/templates/kata-deploy.yaml | 2 + .../helm-chart/kata-deploy/values.yaml | 1 + .../kata-deploy/base/kata-deploy.yaml | 2 + .../kata-deploy/scripts/kata-deploy.sh | 61 ++++++++++++++++++- 4 files changed, 64 insertions(+), 2 deletions(-) diff --git a/tools/packaging/kata-deploy/helm-chart/kata-deploy/templates/kata-deploy.yaml b/tools/packaging/kata-deploy/helm-chart/kata-deploy/templates/kata-deploy.yaml index cd64dfbd7e..5d339e47b5 100644 --- a/tools/packaging/kata-deploy/helm-chart/kata-deploy/templates/kata-deploy.yaml +++ b/tools/packaging/kata-deploy/helm-chart/kata-deploy/templates/kata-deploy.yaml @@ -52,6 +52,8 @@ spec: value: {{ .Values.env.agentNoProxy | quote }} - name: PULL_TYPE_MAPPING value: {{ .Values.env.pullTypeMapping | quote }} + - name: INSTALLATION_PREFIX + value: {{ .Values.env.installationPrefix | quote }} {{- with .Values.env.hostOS }} - name: HOST_OS value: {{ . | quote }} diff --git a/tools/packaging/kata-deploy/helm-chart/kata-deploy/values.yaml b/tools/packaging/kata-deploy/helm-chart/kata-deploy/values.yaml index b1f195d1f1..a59fb51068 100644 --- a/tools/packaging/kata-deploy/helm-chart/kata-deploy/values.yaml +++ b/tools/packaging/kata-deploy/helm-chart/kata-deploy/values.yaml @@ -16,4 +16,5 @@ env: agentHttpsProxy: "" agentNoProxy: "" pullTypeMapping: "" + installationPrefix: "" hostOS: "" diff --git a/tools/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml b/tools/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml index 19b0a381db..5f5f9d93bb 100644 --- a/tools/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml +++ b/tools/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml @@ -50,6 +50,8 @@ spec: value: "" - name: PULL_TYPE_MAPPING value: "" + - name: INSTALLATION_PREFIX + value: "" securityContext: privileged: true volumeMounts: diff --git a/tools/packaging/kata-deploy/scripts/kata-deploy.sh b/tools/packaging/kata-deploy/scripts/kata-deploy.sh index efce08c152..03e602b1a0 100755 --- a/tools/packaging/kata-deploy/scripts/kata-deploy.sh +++ b/tools/packaging/kata-deploy/scripts/kata-deploy.sh @@ -36,8 +36,17 @@ AGENT_NO_PROXY="${AGENT_NO_PROXY:-}" PULL_TYPE_MAPPING="${PULL_TYPE_MAPPING:-}" IFS=',' read -a pull_types <<< "$PULL_TYPE_MAPPING" -dest_dir="/opt/kata" -host_install_dir="/host/${dest_dir}" +INSTALLATION_PREFIX="${INSTALLATION_PREFIX:-}" +default_dest_dir="/opt/kata" +dest_dir="${default_dest_dir}" +if [ -n "${INSTALLATION_PREFIX}" ]; then + # There's no `/` in between ${INSTALLATION_PREFIX} and ${default_dest_dir} + # as, otherwise, we'd have it doubled there, as: `/foo/bar//opt/kata` + dest_dir="${INSTALLATION_PREFIX}${default_dest_dir}" +fi +# Here, again, there's no `/` between /host and ${dest_dir}, otherwise we'd have it +# doubled here as well, as: `/host//opt/kata` +host_install_dir="/host${dest_dir}" # If we fail for any reason a message will be displayed die() { @@ -238,6 +247,43 @@ function get_tdx_ovmf_path_from_distro() { esac } +function adjust_qemu_cmdline() { + shim="${1}" + config_path="${2}" + qemu_share="${shim}" + + # The paths on the kata-containers tarball side look like: + # ${dest_dir}/opt/kata/share/kata-qemu/qemu + # ${dest_dir}/opt/kata/share/kata-qemu-snp-experimnental/qemu + [[ "${shim}" =~ ^(qemu-snp|qemu-nvidia-snp)$ ]] && qemu_share=${shim}-experimental + + qemu_binary=$(tomlq '.hypervisor.qemu.path' ${config_path} | tr -d \") + qemu_binary_script="${qemu_binary}-installation-prefix" + qemu_binary_script_host_path="/host/${qemu_binary_script}" + + if [[ ! -f ${qemu_binary_script_host_path} ]]; then + # From the QEMU man page: + # ``` + # -L path + # Set the directory for the BIOS, VGA BIOS and keymaps. + # To list all the data directories, use -L help. + # ``` + # + # The reason we have to do this here, is because otherwise QEMU + # will only look for those files in specific paths, which are + # tied to the location of the PREFIX used during build time + # (/opt/kata, in our case). + cat <${qemu_binary_script_host_path} +#!/usr/bin/env bash + +exec ${qemu_binary} "\$@" -L ${dest_dir}/share/kata-${qemu_share}/qemu/ +EOF + chmod +x ${qemu_binary_script_host_path} + fi + + sed -i -e "s|${qemu_binary}|${qemu_binary_script}|" ${config_path} +} + function install_artifacts() { echo "copying kata artifacts onto host" @@ -303,6 +349,16 @@ function install_artifacts() { ;; esac fi + + if [ -n "${INSTALLATION_PREFIX}" ]; then + # We could always do this sed, regardless, but I have a strong preference + # on not touching the configuration files unless extremelly needed + sed -i -e "s|${default_dest_dir}|${dest_dir}|g" "${kata_config_file}" + + # Let's only adjust qemu_cmdline for the QEMUs that we build and ship ourselves + [[ "${shim}" =~ ^(qemu|qemu-snp|qemu-nvidia-gpu|qemu-nvidia-gpu-snp|qemu-sev|qemu-se)$ ]] && \ + adjust_qemu_cmdline "${shim}" "${kata_config_file}" + fi done # Allow Mariner to use custom configuration. @@ -602,6 +658,7 @@ function main() { echo "* AGENT_HTTPS_PROXY: ${AGENT_HTTPS_PROXY}" echo "* AGENT_NO_PROXY: ${AGENT_NO_PROXY}" echo "* PULL_TYPE_MAPPING: ${PULL_TYPE_MAPPING}" + echo "* INSTALLATION_PREFIX: ${INSTALLATION_PREFIX}" # script requires that user is root euid=$(id -u)