snap: add yaml to build snap image

the yaml file is the recipe to build a snap image
with all Kata Containers components inside.

fixes #81

Signed-off-by: Julio Montes <julio.montes@intel.com>

.ci/lib.sh

@@ -24,3 +24,38 @@ check_kata_kernel_version(){
 	fi
 
 }
+
+install_yq() {
+	GOPATH=${GOPATH:-${HOME}/go}
+	local yq_path="${GOPATH}/bin/yq"
+	local yq_pkg="github.com/mikefarah/yq"
+	[ -x  "${GOPATH}/bin/yq" ] && return
+
+	case "$(arch)" in
+	"aarch64")
+		goarch=arm64
+		;;
+
+	"x86_64")
+		goarch=amd64
+		;;
+	"*")
+		echo "Arch $(arch) not supported"
+		exit
+		;;
+	esac
+
+	mkdir -p "${GOPATH}/bin"
+
+	# Workaround to get latest release from github (to not use github token).
+	# Get the redirection to latest release on github.
+	yq_latest_url=$(curl -Ls -o /dev/null -w %{url_effective} "https://${yq_pkg}/releases/latest")
+	# The redirected url should include the latest release version
+	# https://github.com/mikefarah/yq/releases/tag/<VERSION-HERE>
+	yq_version=$(basename "${yq_latest_url}")
+
+
+	local yq_url="https://${yq_pkg}/releases/download/${yq_version}/yq_linux_${goarch}"
+	curl -o "${yq_path}" -L ${yq_url}
+	chmod +x ${yq_path}
+}

.ci/run.sh

@@ -11,8 +11,14 @@ set -o pipefail
 
 cidir=$(dirname "$0")
 source "${cidir}/lib.sh"
+source /etc/os-release
 
 # This script will execute packaging tests suite
 # TODO: Add steps needed to build packages
 
 check_kata_kernel_version
+
+if [ "$ID" == ubuntu ];then
+	echo  "Building snap image"
+	make snap
+fi

.ci/setup.sh

@@ -9,4 +9,10 @@ set -o errexit
 set -o nounset
 set -o pipefail
 
+source /etc/os-release
+
 echo  "Setup script for packaging"
+
+if [ "$ID" == ubuntu ];then
+	sudo apt-get install -y snapd snapcraft
+fi

.gitignore

@@ -3,3 +3,9 @@ debian.series
 *.img
 *.initrd
 *.tar.gz
+*.snap
+parts/
+prime/
+stage/
+snap/.snapcraft/
+snap/snapcraft.yaml

Makefile

@@ -6,7 +6,17 @@
 #
 
 MK_DIR :=$(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
-.PHONY: test test-release-tools
+SED := sed
+YQ := $(shell go env GOPATH)/bin/yq
+SNAPCRAFT_FILE := snap/snapcraft.yaml
+VERSIONS_YAML_FILE := versions.yaml
+VERSIONS_YAML_FILE_URL := https://raw.githubusercontent.com/kata-containers/runtime/master/versions.yaml
+VERSION_FILE := VERSION
+VERSION_FILE_URL := https://raw.githubusercontent.com/kata-containers/runtime/master/VERSION
+
+export YQ
+export VERSION_FILE
+export VERSIONS_YAML_FILE
 
 test:
 	@$(MK_DIR)/.ci/test.sh
@@ -19,3 +29,33 @@ test-static-build:
 
 test-packaging-tools:
 	@$(MK_DIR)/obs-packaging/build_from_docker.sh
+
+$(YQ):
+	@bash -c "source .ci/lib.sh; install_yq"
+
+$(VERSION_FILE):
+	@curl -sO $(VERSION_FILE_URL)
+
+$(VERSIONS_YAML_FILE):
+	@curl -sO $(VERSIONS_YAML_FILE_URL)
+
+$(SNAPCRAFT_FILE): %: %.in Makefile $(YQ) $(VERSIONS_YAML_FILE) $(VERSION_FILE)
+	$(SED) \
+		-e "s|@KATA_RUNTIME_VERSION@|$$(cat $${VERSION_FILE})|g" \
+		-e "s|@KATA_PROXY_VERSION@|$$(cat $${VERSION_FILE})|g" \
+		-e "s|@KATA_SHIM_VERSION@|$$(cat $${VERSION_FILE})|g" \
+		-e "s|@KSM_THROTTLER_VERSION@|$$(cat $${VERSION_FILE})|g" \
+		-e "s|@QEMU_LITE_BRANCH@|$$($${YQ} r $${VERSIONS_YAML_FILE} assets.hypervisor.qemu-lite.branch)|g" \
+		-e "s|@KERNEL_URL@|$$($${YQ} r $${VERSIONS_YAML_FILE} assets.kernel.url)|g" \
+		-e "s|@KERNEL_VERSION@|$$($${YQ} r $${VERSIONS_YAML_FILE} assets.kernel.version | tr -d v)|g" \
+		-e "s|@GO_VERSION@|$$($${YQ} r $${VERSIONS_YAML_FILE} languages.golang.meta.newest-version)|g" \
+		$< > $@
+
+snap: $(SNAPCRAFT_FILE)
+	snapcraft -d
+
+clean:
+	rm $(SNAPCRAFT_FILE)
+
+.PHONY: test test-release-tools test-static-build test-packaging-tools snap clean \
+	$(VERSION_FILE) $(VERSIONS_YAML_FILE)

snap/README.md

@@ -0,0 +1,99 @@
+# Kata Containers snap image
+
+* [Kata Containers snap image](#kata-containers-snap-image)
+* [Initial setup](#initial-setup)
+* [Build snap image](#build-snap-image)
+* [Install snap (developer)](#install-snap-developer)
+* [Integration with docker](#integration-with-docker)
+* [Limitations](#limitations)
+
+This directory contains the resources needed to build the Kata Containers
+[snap][1] image.
+
+## Initial setup
+
+*Ubuntu 18.04*
+
+```sh
+$ sudo apt-get install -y snapd snapcraft
+```
+
+## Build snap image
+
+Run next command at the root directory of the packaging repository.
+
+```sh
+$ make snap
+```
+
+## Install snap (developer)
+
+To install the resulting snap image, snap must be put in [classic mode][3] and the
+security confinement must be disabled (*--classic*). Also since the resulting snap
+has not been signed the verification of signature must be omitted (*--dangerous*).
+
+```sh
+$ sudo snap install --classic --dangerous kata-containers_[VERSION]_[ARCH].snap
+```
+
+Replace `VERSION` with the current version of Kata Containers and `ARCH` with
+the system architecture.
+
+## Configuring Kata Containers ##
+
+By default Kata Containers snap image is mounted at `/snap/kata-containers` as a
+read-only file system, therefore default configuration file can not be edited.
+Fortunately [kata-runtime][4] supports loading a configuration file from another
+path than the default.
+
+```sh
+$ sudo mkdir -p /etc/kata-containers
+$ sudo cp /snap/kata-containers/current/usr/share/defaults/kata-containers/configuration.toml /etc/kata-containers/
+$ $EDITOR /etc/kata-containers/configuration.toml
+```
+
+## Integration with docker ##
+
+the path to the runtime provided by the Kata Containers snap image is
+`/snap/kata-containers/current/usr/bin/kata-runtime`, this runtime must be added to
+[dockerd][5] via `systemd` or `dockerd` configuration file.
+
+`/etc/systemd/system/docker.service.d/runtime.conf`
+
+```ini
+[Service]
+ExecStart=/usr/bin/dockerd -D --add-runtime kata-runtime=/snap/kata-containers/current/usr/bin/kata-runtime --default-runtime=kata-runtime
+```
+
+or
+
+`/etc/docker/daemon.json`
+
+```json
+{
+	"default-runtime": "kata-runtime",
+	"runtimes": {
+		"kata-runtime": {
+			"path": "/snap/kata-containers/current/usr/bin/kata-runtime"
+		}
+	}
+}
+```
+
+after having added the new runtime, the service must be reloaded and restarted
+
+```
+$ sudo systemctl daemon-reload
+$ sudo systemctl restart docker
+```
+
+## Limitations
+
+The [miniOS image][2] is not included in the snap image as it is not possible for
+QEMU to open a guest RAM backing store on a read-only filesystem.
+
+[1]: https://docs.snapcraft.io/snaps/intro
+[2]: https://github.com/kata-containers/documentation/blob/master/architecture.md#root-filesystem-image
+[3]: https://docs.snapcraft.io/reference/confinement#classic
+[4]: https://github.com/kata-containers/runtime
+[5]: https://docs.docker.com/engine/reference/commandline/dockerd

snap/snapcraft.yaml.in

@@ -0,0 +1,263 @@
+name: kata-containers
+version: @KATA_RUNTIME_VERSION@
+summary: Build lightweight VMs that seamlessly plug into the containers ecosystem
+description: |
+  Kata Containers is an open source project and community working to build a
+  standard implementation of lightweight Virtual Machines (VMs) that feel and
+  perform like containers, but provide the workload isolation and security
+  advantages of VMs
+grade: stable
+confinement: classic
+
+parts:
+  go:
+    source-tag: go@GO_VERSION@
+  runtime:
+    source: http://github.com/kata-containers/runtime
+    source-type: git
+    source-tag: @KATA_RUNTIME_VERSION@
+    after: [go]
+    plugin: go
+    go-importpath: github.com/kata-containers/runtime
+    build-attributes: [no-patchelf]
+    override-build: |
+      # Don't use installed GOROOT
+      unset GOROOT
+      export GOPATH=$(realpath ../go)
+      cd ${GOPATH}/src/github.com/${SNAPCRAFT_PROJECT_NAME}/runtime
+      make \
+        QEMUPATH=/snap/${SNAPCRAFT_PROJECT_NAME}/current/usr/bin/qemu-system-x86_64 \
+        PROXYPATH=/snap/${SNAPCRAFT_PROJECT_NAME}/current/usr/libexec/${SNAPCRAFT_PROJECT_NAME}/kata-proxy \
+        SHIMPATH=/snap/${SNAPCRAFT_PROJECT_NAME}/current/usr/libexec/${SNAPCRAFT_PROJECT_NAME}/kata-shim \
+        KERNELPATH=/snap/${SNAPCRAFT_PROJECT_NAME}/current/usr/share/${SNAPCRAFT_PROJECT_NAME}/vmlinuz.container \
+        INITRDPATH=/snap/${SNAPCRAFT_PROJECT_NAME}/current/usr/share/${SNAPCRAFT_PROJECT_NAME}/kata-containers-initrd.img \
+        CONFIG_PATH=/snap/${SNAPCRAFT_PROJECT_NAME}/current/usr/share/defaults/${SNAPCRAFT_PROJECT_NAME}/configuration.toml
+      make install \
+        PREFIX=/usr \
+        DESTDIR=${SNAPCRAFT_PART_INSTALL} \
+        QEMUPATH=/snap/${SNAPCRAFT_PROJECT_NAME}/current/usr/bin/qemu-system-x86_64 \
+        PROXYPATH=/snap/${SNAPCRAFT_PROJECT_NAME}/current/usr/libexec/${SNAPCRAFT_PROJECT_NAME}/kata-proxy \
+        SHIMPATH=/snap/${SNAPCRAFT_PROJECT_NAME}/current/usr/libexec/${SNAPCRAFT_PROJECT_NAME}/kata-shim \
+        KERNELPATH=/snap/${SNAPCRAFT_PROJECT_NAME}/current/usr/share/${SNAPCRAFT_PROJECT_NAME}/vmlinuz.container \
+        INITRDPATH=/snap/${SNAPCRAFT_PROJECT_NAME}/current/usr/share/${SNAPCRAFT_PROJECT_NAME}/kata-containers-initrd.img
+      sed -i -e '/^image =/d' ${SNAPCRAFT_PART_INSTALL}/usr/share/defaults/${SNAPCRAFT_PROJECT_NAME}/configuration.toml
+
+  proxy:
+    source: http://github.com/kata-containers/proxy
+    source-type: git
+    source-tag: @KATA_PROXY_VERSION@
+    after: [go]
+    plugin: go
+    go-importpath: github.com/kata-containers/proxy
+    build-attributes: [no-patchelf]
+    override-build: |
+      # Don't use installed GOROOT
+      unset GOROOT
+      export GOPATH=$(realpath ../go)
+      cd ${GOPATH}/src/github.com/${SNAPCRAFT_PROJECT_NAME}/proxy
+      make
+      make install LIBEXECDIR=${SNAPCRAFT_PART_INSTALL}/usr/libexec
+
+  shim:
+    source: http://github.com/kata-containers/shim
+    source-type: git
+    source-tag: @KATA_SHIM_VERSION@
+    after: [go]
+    plugin: go
+    go-importpath: github.com/kata-containers/shim
+    build-attributes: [no-patchelf]
+    build-packages:
+      - libelf-dev
+    override-build: |
+      # Don't use installed GOROOT
+      unset GOROOT
+      export GOPATH=$(realpath ../go)
+      cd ${GOPATH}/src/github.com/${SNAPCRAFT_PROJECT_NAME}/shim
+      make
+      make install LIBEXECDIR=${SNAPCRAFT_PART_INSTALL}/usr/libexec
+
+  image:
+    source: http://github.com/kata-containers/osbuilder
+    source-type: git
+    after: [go]
+    plugin: make
+    build-packages:
+      - docker.io
+    override-build: |
+      # Don't use installed GOROOT
+      unset GOROOT
+      if [ -n "$http_proxy" ]; then
+        echo "Setting proxy $http_proxy"
+        systemctl set-environment http_proxy=$http_proxy || true
+        systemctl set-environment https_proxy=$https_proxy || true
+      fi
+
+      echo "Starting docker"
+      systemctl start docker || true
+
+      export GOPATH=$(realpath ../go)
+      mkdir -p $GOPATH
+
+      sed -i 's|^GO_VERSION=.*|GO_VERSION='$(go version | cut -d' ' -f3 | tr -d go)'|g' rootfs-builder/versions.txt
+
+      sudo -E PATH=$PATH make DISTRO=alpine USE_DOCKER=true AGENT_VERSION=${SNAPCRAFT_PROJECT_VERSION} AGENT_INIT=yes rootfs
+      sudo -E PATH=$PATH make DISTRO=alpine AGENT_INIT=yes initrd-only
+
+      kata_image_dir=${SNAPCRAFT_PART_INSTALL}/usr/share/kata-containers
+      mkdir -p ${kata_image_dir}
+      cp kata-containers-initrd.img ${kata_image_dir}
+
+  ksm-throttler:
+    source: http://github.com/kata-containers/ksm-throttler
+    source-type: git
+    source-tag: @KSM_THROTTLER_VERSION@
+    after: [go]
+    plugin: go
+    go-importpath: github.com/kata-containers/ksm-throttler
+    build-attributes: [no-patchelf]
+    override-build: |
+      # Don't use installed GOROOT
+      unset GOROOT
+      export GOPATH=$(realpath ../go)
+      cd ${GOPATH}/src/github.com/${SNAPCRAFT_PROJECT_NAME}/ksm-throttler
+      make TARGET=kata-ksm-throttler
+      make install \
+        DESTDIR=${SNAPCRAFT_PART_INSTALL} \
+        TARGET=kata-ksm-throttler
+
+  kernel:
+    source: @KERNEL_URL@/linux-@KERNEL_VERSION@.tar.xz
+    source-type: tar
+    after: [kernel-dump]
+    plugin: kernel
+    override-build: |
+      case "$(arch)" in
+        "x86_64")
+          config=x86_64_kata_kvm_4.14.x
+        ;;
+
+        "ppc64le")
+          config=ppc64le_kata_kvm_4.14.x
+        ;;
+
+        "aarch64")
+          config=arm64_kata_kvm_4.14.x
+        ;;
+
+        *)
+          echo "ERROR: Unsupported architecture $(arch)"
+          exit 1
+        ;;
+      esac
+
+      make mrproper
+
+      # Apply patches
+      for patch in ${SNAPCRAFT_STAGE}/kernel/patches/*.patch; do
+        echo "Applying $(basename "$patch") ..."
+        patch \
+          --batch \
+          --forward \
+          --strip 1 \
+          --input "$patch"
+        echo
+      done
+
+      # Copy config file
+      cp ${SNAPCRAFT_STAGE}/kernel/configs/${config} .config
+      make -s oldconfig EXTRAVERSION=".container" > /dev/null
+      make -j $(nproc) EXTRAVERSION=".container"
+
+      kernel_suffix=@KERNEL_VERSION@.container
+      kata_kernel_dir=${SNAPCRAFT_PART_INSTALL}/usr/share/kata-containers
+      mkdir -p ${kata_kernel_dir}
+
+      # Install bz kernel
+      make install INSTALL_PATH=${kata_kernel_dir} EXTRAVERSION=".container" || true
+      vmlinuz_name=vmlinuz-${kernel_suffix}
+      ln -sf ${vmlinuz_name} ${kata_kernel_dir}/vmlinuz.container
+
+      # Install raw kernel
+      vmlinux_name=vmlinux-${kernel_suffix}
+      cp vmlinux ${kata_kernel_dir}/${vmlinux_name}
+      ln -sf ${vmlinux_name} ${kata_kernel_dir}/vmlinux.container
+
+  kernel-dump:
+    source: kernel
+    plugin: dump
+    organize:
+      '*' : kernel/
+    prime:
+      - -*
+
+  qemu:
+    source: https://github.com/kata-containers/qemu/archive/@QEMU_LITE_BRANCH@.tar.gz
+    source-type: tar
+    plugin: make
+    after: [qemu-scripts-dump, qemu-patches-dump]
+    build-packages:
+      - gcc
+      - python
+      - zlib1g-dev
+      - libcap-ng-dev
+      - libglib2.0-dev
+      - libpixman-1-dev
+      - libnuma-dev
+      - libltdl-dev
+      - libcap-dev
+      - libattr1-dev
+    override-build: |
+      chmod +x ${SNAPCRAFT_STAGE}/qemu/scripts/configure-hypervisor.sh
+      # static build
+      echo "$(${SNAPCRAFT_STAGE}/qemu/scripts/configure-hypervisor.sh -s qemu) \
+        --disable-rbd
+        --prefix=/snap/${SNAPCRAFT_PROJECT_NAME}/current/usr \
+        --datadir=/snap/${SNAPCRAFT_PROJECT_NAME}/current/usr/share \
+        --libexecdir=/snap/${SNAPCRAFT_PROJECT_NAME}/current/usr/libexec/qemu" \
+        | xargs ./configure
+
+      git clone https://github.com/qemu/keycodemapdb ui/keycodemapdb/
+      cd ui/keycodemapdb; git checkout 10739aa; cd ../..
+
+      git clone https://github.com/qemu/capstone capstone
+      cd capstone; git checkout 22ead3e; cd ..
+
+      # Apply patches
+      for patch in ${SNAPCRAFT_STAGE}/qemu/patches/*.patch; do
+        echo "Applying $(basename "$patch") ..."
+        patch \
+          --batch \
+          --forward \
+          --strip 1 \
+          --input "$patch"
+        echo
+      done
+      make -j $(nproc)
+      make install DESTDIR=${SNAPCRAFT_PART_INSTALL}
+    prime:
+      - -snap/*
+      - -usr/var/*
+      - usr/*
+      - lib/*
+    organize:
+      # Hack: move qemu to /
+      "snap/kata-containers/current/": "./"
+
+  qemu-scripts-dump:
+    source: scripts
+    plugin: dump
+    organize:
+      '*' : qemu/scripts/
+    prime:
+      - -*
+  qemu-patches-dump:
+    source: obs-packaging/qemu-lite/patches/
+    plugin: dump
+    organize:
+      '*' : qemu/patches/
+    prime:
+      - -*
+
+apps:
+  runtime:
+    command: usr/bin/kata-runtime