Merge pull request #3954 from bergwolf/github/backport-stable-2.4

backport main commits to stable 2.4

src/runtime/Makefile

@@ -589,12 +589,10 @@ $(GENERATED_FILES): %: %.in $(MAKEFILE_LIST) VERSION .git-commit
 
 generate-config: $(CONFIGS)
 
-test: install-hook go-test
+test: hook go-test
 
-install-hook:
+hook:
 	make -C virtcontainers hook
-	echo "installing mock hook"
-	sudo -E make -C virtcontainers install
 
 go-test: $(GENERATED_FILES)
 	go clean -testcache

src/runtime/pkg/katautils/hook_test.go

@@ -20,7 +20,7 @@ import (
 var testKeyHook = "test-key"
 var testContainerIDHook = "test-container-id"
 var testControllerIDHook = "test-controller-id"
-var testBinHookPath = "/usr/bin/virtcontainers/bin/test/hook"
+var testBinHookPath = "../../virtcontainers/hook/mock/hook"
 var testBundlePath = "/test/bundle"
 
 func getMockHookBinPath() string {

tools/packaging/kata-deploy/README.md

@@ -143,7 +143,7 @@ $ kubectl -n kube-system wait --timeout=10m --for=delete -l name=kata-deploy pod
 
 After ensuring kata-deploy has been deleted, cleanup the cluster:
 ```sh
-$ kubectl apply -f https://raw.githubusercontent.com/kata-containers/kata-containers/main/tools/packaging/kata-deploy/kata-cleanup/base/kata-cleanup-stabe.yaml
+$ kubectl apply -f https://raw.githubusercontent.com/kata-containers/kata-containers/main/tools/packaging/kata-deploy/kata-cleanup/base/kata-cleanup-stable.yaml
 ```
 
 The cleanup daemon-set will run a single time, cleaning up the node-label, which makes it difficult to check in an automated fashion.

tools/packaging/kernel/kata_config_version

@@ -1 +1 @@
-89
+90

utils/kata-manager.sh

@@ -208,11 +208,14 @@ Description: Install $kata_project [1] (and optionally $containerd_project [2])
 Options:
 
  -c <version> : Specify containerd version.
+ -d           : Enable debug for all components.
  -f           : Force installation (use with care).
  -h           : Show this help statement.
  -k <version> : Specify Kata Containers version.
  -o           : Only install Kata Containers.
  -r           : Don't cleanup on failure (retain files).
+ -t           : Disable self test (don't try to create a container after install).
+ -T           : Only run self test (do not install anything).
 
 Notes:
 
@@ -402,13 +405,21 @@ install_containerd()
 
 	sudo tar -C /usr/local -xvf "${file}"
 
-	sudo ln -sf /usr/local/bin/ctr "${link_dir}"
+	for file in \
+		/usr/local/bin/containerd \
+		/usr/local/bin/ctr
+		do
+			sudo ln -sf "$file" "${link_dir}"
+		done
 
 	info "$project installed\n"
 }
 
 configure_containerd()
 {
+	local enable_debug="${1:-}"
+	[ -z "$enable_debug" ] && die "no enable debug value"
+
 	local project="$containerd_project"
 
 	info "Configuring $project"
@@ -460,10 +471,18 @@ configure_containerd()
 		info "Backed up $cfg to $original"
 	}
 
+	local modified="false"
+
 	# Add the Kata Containers configuration details:
 
+	local comment_text
+	comment_text=$(printf "%s: Added by %s\n" \
+		"$(date -Iseconds)" \
+		"$script_name")
+
 	sudo grep -q "$kata_runtime_type" "$cfg" || {
 		cat <<-EOT | sudo tee -a "$cfg"
+		# $comment_text
 		[plugins]
 		  [plugins."io.containerd.grpc.v1.cri"]
 		    [plugins."io.containerd.grpc.v1.cri".containerd]
@@ -473,13 +492,34 @@ configure_containerd()
 		          runtime_type = "${kata_runtime_type}"
 		EOT
 
-		info "Modified $cfg"
+		modified="true"
 	}
 
+	if [ "$enable_debug" = "true" ]
+	then
+		local debug_enabled
+		debug_enabled=$(awk -v RS='' '/\[debug\]/' "$cfg" |\
+			grep -E "^\s*\<level\>\s*=\s*.*\<debug\>" || true)
+
+		[ -n "$debug_enabled" ] || {
+			cat <<-EOT | sudo tee -a "$cfg"
+			# $comment_text
+			[debug]
+				level = "debug"
+			EOT
+		}
+
+		modified="true"
+	fi
+
+	[ "$modified" = "true" ] && info "Modified $cfg"
 	sudo systemctl enable containerd
 	sudo systemctl start containerd
 
-	info "Configured $project\n"
+	local msg="disabled"
+	[ "$enable_debug" = "true" ] && msg="enabled"
+
+	info "Configured $project (debug $msg)\n"
 }
 
 install_kata()
@@ -540,11 +580,48 @@ install_kata()
 	info "$project installed\n"
 }
 
+configure_kata()
+{
+	local enable_debug="${1:-}"
+	[ -z "$enable_debug" ] && die "no enable debug value"
+
+	[ "$enable_debug" = "false" ] && \
+		info "Using default $kata_project configuration" && \
+		return 0
+
+	local config_file='configuration.toml'
+	local kata_dir='/etc/kata-containers'
+
+	sudo mkdir -p "$kata_dir"
+
+	local cfg_from
+	local cfg_to
+
+	cfg_from="${kata_install_dir}/share/defaults/kata-containers/${config_file}"
+	cfg_to="${kata_dir}/${config_file}"
+
+	[ -e "$cfg_from" ] || die "cannot find $kata_project configuration file"
+
+	sudo install -o root -g root -m 0644 "$cfg_from" "$cfg_to"
+
+	sudo sed -i \
+		-e 's/^# *\(enable_debug\).*=.*$/\1 = true/g' \
+		-e 's/^kernel_params = "\(.*\)"/kernel_params = "\1 agent.log=debug initcall_debug"/g' \
+		"$cfg_to"
+
+	info "Configured $kata_project for full debug (delete $cfg_to to use pristine $kata_project configuration)"
+}
+
 handle_kata()
 {
 	local version="${1:-}"
 
-	install_kata "$version"
+	local enable_debug="${2:-}"
+	[ -z "$enable_debug" ] && die "no enable debug value"
+
+	install_kata "$version" "$enable_debug"
+
+	configure_kata "$enable_debug"
 
 	kata-runtime --version
 }
@@ -556,6 +633,9 @@ handle_containerd()
 	local force="${2:-}"
 	[ -z "$force" ] && die "need force value"
 
+	local enable_debug="${3:-}"
+	[ -z "$enable_debug" ] && die "no enable debug value"
+
 	local ret
 
 	if [ "$force" = "true" ]
@@ -572,7 +652,7 @@ handle_containerd()
 		fi
 	fi
 
-	configure_containerd
+	configure_containerd "$enable_debug"
 
 	containerd --version
 }
@@ -617,20 +697,32 @@ handle_installation()
 	local only_kata="${3:-}"
 	[ -z "$only_kata" ] && die "no only Kata value"
 
+	local enable_debug="${4:-}"
+	[ -z "$enable_debug" ] && die "no enable debug value"
+
+	local disable_test="${5:-}"
+	[ -z "$disable_test" ] && die "no disable test value"
+
+	local only_run_test="${6:-}"
+	[ -z "$only_run_test" ] && die "no only run test value"
+
 	# These params can be blank
-	local kata_version="${4:-}"
-	local containerd_version="${5:-}"
+	local kata_version="${7:-}"
+	local containerd_version="${8:-}"
+
+	[ "$only_run_test" = "true" ] && test_installation && return 0
 
 	setup "$cleanup" "$force"
 
-	handle_kata "$kata_version"
+	handle_kata "$kata_version" "$enable_debug"
 
 	[ "$only_kata" = "false" ] && \
 		handle_containerd \
 		"$containerd_version" \
-		"$force"
+		"$force" \
+		"$enable_debug"
 
-	test_installation
+	[ "$disable_test" = "false" ] && test_installation
 
 	if [ "$only_kata" = "true" ]
 	then
@@ -647,21 +739,27 @@ handle_args()
 	local cleanup="true"
 	local force="false"
 	local only_kata="false"
+	local disable_test="false"
+	local only_run_test="false"
+	local enable_debug="false"
 
 	local opt
 
 	local kata_version=""
 	local containerd_version=""
 
-	while getopts "c:fhk:or" opt "$@"
+	while getopts "c:dfhk:ortT" opt "$@"
 	do
 		case "$opt" in
 			c) containerd_version="$OPTARG" ;;
+			d) enable_debug="true" ;;
 			f) force="true" ;;
 			h) usage; exit 0 ;;
 			k) kata_version="$OPTARG" ;;
 			o) only_kata="true" ;;
 			r) cleanup="false" ;;
+			t) disable_test="true" ;;
+			T) only_run_test="true" ;;
 		esac
 	done
 
@@ -674,6 +772,9 @@ handle_args()
 		"$cleanup" \
 		"$force" \
 		"$only_kata" \
+		"$enable_debug" \
+		"$disable_test" \
+		"$only_run_test" \
 		"$kata_version" \
 		"$containerd_version"
 }

versions.yaml

@@ -153,7 +153,7 @@ assets:
   kernel:
     description: "Linux kernel optimised for virtual machines"
     url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/"
-    version: "v5.15.23"
+    version: "v5.15.26"
     tdx:
       description: "Linux kernel that supports TDX"
       url: "https://github.com/intel/tdx/archive/refs/tags"