OSbuilder : Add support for Ubuntu rootfs

Fixes #32 #141

Signed-off-by: Yash Jain <ydjainopensource@gmail.com>

rootfs-builder/rootfs.sh

@@ -84,6 +84,19 @@ check_function_exist()
 	[ "$(type -t ${function_name})" == "function" ] || die "${function_name} function was not defined"
 }
 
+distro_needs_admin_caps()
+{
+		if [ "$1" = "ubuntu" ]
+		then
+			echo "true"
+		elif [ "$1" = "debian" ]
+		then 
+			echo "true"
+		else
+			echo "false"
+		fi
+}
+
 generate_dockerfile()
 {
 	dir="$1"
@@ -222,12 +235,26 @@ if [ -n "${USE_DOCKER}" ] ; then
 	# fake mapping if KERNEL_MODULES_DIR is unset
 	kernel_mod_dir=${KERNEL_MODULES_DIR:-${ROOTFS_DIR}}
 
+	docker_run_args=""
+	docker_run_args+=" --rm"
+	docker_run_args+=" --runtime runc"
+
+	admin_caps=$(distro_needs_admin_caps "$distro")
+	if [ "$admin_caps" = "true" ]; then
+		# Required by debootstrap to mount inside a container
+		docker_run_args+=" --cap-add SYS_ADMIN"
+		# Requred to chroot
+		docker_run_args+=" --cap-add SYS_CHROOT"
+		# debootstrap needs to create device nodes to properly function
+		docker_run_args+=" --cap-add MKNOD"
+		# See https://github.com/moby/moby/issues/16429
+		docker_run_args+=" --security-opt apparmor:unconfined"
+	fi
+
 	#Make sure we use a compatible runtime to build rootfs
 	# In case Clear Containers Runtime is installed we dont want to hit issue:
 	#https://github.com/clearcontainers/runtime/issues/828
 	docker run  \
-		--rm \
-		--runtime runc  \
 		--env https_proxy="${https_proxy}" \
 		--env http_proxy="${http_proxy}" \
 		--env AGENT_VERSION="${AGENT_VERSION}" \
@@ -244,6 +271,7 @@ if [ -n "${USE_DOCKER}" ] ; then
 		-v "${script_dir}/../scripts":"/scripts" \
 		-v "${kernel_mod_dir}":"${kernel_mod_dir}" \
 		-v "${GOPATH_LOCAL}":"${GOPATH_LOCAL}" \
+		$docker_run_args \
 		${image_name} \
 		bash /osbuilder/rootfs.sh "${distro}"
 

rootfs-builder/ubuntu/Dockerfile.in

@@ -0,0 +1,17 @@
+#
+# Copyright (c) 2018  Yash Jain
+#
+# SPDX-License-Identifier: Apache-2.0
+
+#ubuntu: docker image to be used to create a rootfs
+#@OS_VERSION@: Docker image version to build this dockerfile
+from ubuntu:@OS_VERSION@
+
+# This dockerfile needs to provide all the componets need to build a rootfs
+# Install any package need to create a rootfs (package manager, extra tools)
+
+# RUN commands
+RUN apt-get update && apt-get install -y curl wget systemd debootstrap git build-essential
+# This will install the proper golang to build Kata components
+@INSTALL_GO@
+

rootfs-builder/ubuntu/config.sh

@@ -0,0 +1,24 @@
+# This is a configuration file add extra variables to
+#
+# Copyright (c) 2018  Yash Jain
+#
+# SPDX-License-Identifier: Apache-2.0
+# be used by build_rootfs() from rootfs_lib.sh the variables will be
+# loaded just before call the function. For more information see the
+# rootfs-builder/README.md file.
+
+OS_VERSION=${OS_VERSION:-18.04}
+# this should be ubuntu's codename eg bionic for 18.04
+OS_NAME=${OS_NAME:-"bionic"}
+
+# packages to be installed by default
+PACKAGES="systemd iptables init"
+
+DEBOOTSTRAP=${PACKAGE_MANAGER:-"debootstrap"}
+
+case $(arch) in
+	x86_64) ARCHITECTURE="amd64";;
+	ppc64le) ARCHITECTURE="ppc64el";;
+	aarch64) ARCHITECTURE="arm64";;
+	(*) die "$(arch) not supported "
+esac

rootfs-builder/ubuntu/rootfs_lib.sh

@@ -0,0 +1,84 @@
+# - Arguments
+#
+# Copyright (c) 2018  Yash Jain
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+#
+# rootfs_dir=$1
+#
+# - Optional environment variables
+#
+# EXTRA_PKGS: Variable to add extra PKGS provided by the user
+#
+# BIN_AGENT: Name of the Kata-Agent binary
+#
+# REPO_URL: URL to distribution repository ( should be configured in 
+#			config.sh file)
+#
+# Any other configuration variable for a specific distro must be added 
+# and documented on its own config.sh
+# 
+# - Expected result
+#
+# rootfs_dir populated with rootfs pkgs
+# It must provide a binary in /sbin/init
+#
+build_rootfs() {
+	# Mandatory
+	local ROOTFS_DIR=$1
+
+	# Name of the Kata-Agent binary
+	local BIN_AGENT=${BIN_AGENT}
+
+	# In case of support EXTRA packages, use it to allow
+	# users to add more packages to the base rootfs
+	local EXTRA_PKGS=${EXTRA_PKGS:-}
+
+	# In case rootfs is created using repositories allow user to modify
+	# the default URL
+	local REPO_URL=${REPO_URL:-YOUR_REPO}
+
+	# PATH where files this script is placed
+	# Use it to refer to files in the same directory
+	# Example: ${CONFIG_DIR}/foo
+	local CONFIG_DIR=${CONFIG_DIR}
+
+
+	# Populate ROOTFS_DIR
+	# Must provide /sbin/init and /bin/${BIN_AGENT}
+	DEBOOTSTRAP="debootstrap"
+	check_root
+	mkdir -p "${ROOTFS_DIR}"
+	if [ -n "${PKG_MANAGER}"  ]; then
+		info "debootstrap path provided by user: ${PKG_MANAGER}"
+	elif check_program $DEBOOTSTRAP ; then
+		PKG_MANAGER=$DEBOOTSTRAP
+	else
+		die "$DEBOOTSTRAP is not installed"
+	fi
+	# trim whitespace
+	PACKAGES=$(echo $PACKAGES |xargs )
+	EXTRA_PKGS=$(echo $EXTRA_PKGS |xargs)
+	# add comma as debootstrap needs , separated package names.
+	# Don't change $PACKAGES in config.sh to include ','
+	# This is done to maintain consistency
+	PACKAGES=$(echo $PACKAGES | sed  -e 's/ /,/g' )
+	EXTRA_PKGS=$(echo $EXTRA_PKGS | sed  -e 's/ /,/g' )
+	
+	# extra packages are added to packages and finally passed to debootstrap
+	if [ "${EXTRA_PKGS}" = ""  ]; then
+		echo "no extra packages"
+	else
+		PACKAGES="${PACKAGES},${EXTRA_PKGS}"
+	fi
+	
+	${PKG_MANAGER} --variant=minbase \
+		--arch=${ARCHITECTURE}\
+		--include="$PACKAGES" \
+		${OS_NAME} \
+		${ROOTFS_DIR} 
+
+	chroot $ROOTFS_DIR ln -s /lib/systemd/systemd /usr/lib/systemd/systemd
+}
+

tests/test_images.sh

@@ -360,6 +360,13 @@ run_test()
 	create_and_run "${distro}" "${image_options}" "${initrd_options}"
 }
 
+test_distro_ubuntu()
+{
+       local -r name="Can create and run ubuntu image"
+       run_test "${name}" "" "ubuntu" "service" "no"
+}
+
+
 test_distro_fedora()
 {
 	local -r name="Can create and run fedora image"
@@ -444,7 +451,7 @@ test_all_distros()
 	test_distro_fedora
 	test_distro_centos
 	test_distro_alpine
-
+	test_distro_ubuntu
 	if [ $MACHINE_TYPE != "ppc64le" ]; then
 	   test_distro_clearlinux