mirror of
https://github.com/kata-containers/kata-containers.git
synced 2025-08-27 20:18:57 +00:00
snap: add yaml to build snap image
the yaml file is the recipe to build a snap image with all Kata Containers components inside. fixes #81 Signed-off-by: Julio Montes <julio.montes@intel.com>
This commit is contained in:
parent
ce470dc8af
commit
38a82d725e
35
.ci/lib.sh
35
.ci/lib.sh
@ -24,3 +24,38 @@ check_kata_kernel_version(){
|
||||
fi
|
||||
|
||||
}
|
||||
|
||||
install_yq() {
|
||||
GOPATH=${GOPATH:-${HOME}/go}
|
||||
local yq_path="${GOPATH}/bin/yq"
|
||||
local yq_pkg="github.com/mikefarah/yq"
|
||||
[ -x "${GOPATH}/bin/yq" ] && return
|
||||
|
||||
case "$(arch)" in
|
||||
"aarch64")
|
||||
goarch=arm64
|
||||
;;
|
||||
|
||||
"x86_64")
|
||||
goarch=amd64
|
||||
;;
|
||||
"*")
|
||||
echo "Arch $(arch) not supported"
|
||||
exit
|
||||
;;
|
||||
esac
|
||||
|
||||
mkdir -p "${GOPATH}/bin"
|
||||
|
||||
# Workaround to get latest release from github (to not use github token).
|
||||
# Get the redirection to latest release on github.
|
||||
yq_latest_url=$(curl -Ls -o /dev/null -w %{url_effective} "https://${yq_pkg}/releases/latest")
|
||||
# The redirected url should include the latest release version
|
||||
# https://github.com/mikefarah/yq/releases/tag/<VERSION-HERE>
|
||||
yq_version=$(basename "${yq_latest_url}")
|
||||
|
||||
|
||||
local yq_url="https://${yq_pkg}/releases/download/${yq_version}/yq_linux_${goarch}"
|
||||
curl -o "${yq_path}" -L ${yq_url}
|
||||
chmod +x ${yq_path}
|
||||
}
|
||||
|
@ -11,8 +11,14 @@ set -o pipefail
|
||||
|
||||
cidir=$(dirname "$0")
|
||||
source "${cidir}/lib.sh"
|
||||
source /etc/os-release
|
||||
|
||||
# This script will execute packaging tests suite
|
||||
# TODO: Add steps needed to build packages
|
||||
|
||||
check_kata_kernel_version
|
||||
|
||||
if [ "$ID" == ubuntu ];then
|
||||
echo "Building snap image"
|
||||
make snap
|
||||
fi
|
||||
|
@ -9,4 +9,10 @@ set -o errexit
|
||||
set -o nounset
|
||||
set -o pipefail
|
||||
|
||||
source /etc/os-release
|
||||
|
||||
echo "Setup script for packaging"
|
||||
|
||||
if [ "$ID" == ubuntu ];then
|
||||
sudo apt-get install -y snapd snapcraft
|
||||
fi
|
||||
|
6
.gitignore
vendored
6
.gitignore
vendored
@ -3,3 +3,9 @@ debian.series
|
||||
*.img
|
||||
*.initrd
|
||||
*.tar.gz
|
||||
*.snap
|
||||
parts/
|
||||
prime/
|
||||
stage/
|
||||
snap/.snapcraft/
|
||||
snap/snapcraft.yaml
|
||||
|
42
Makefile
42
Makefile
@ -6,7 +6,17 @@
|
||||
#
|
||||
|
||||
MK_DIR :=$(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
|
||||
.PHONY: test test-release-tools
|
||||
SED := sed
|
||||
YQ := $(shell go env GOPATH)/bin/yq
|
||||
SNAPCRAFT_FILE := snap/snapcraft.yaml
|
||||
VERSIONS_YAML_FILE := versions.yaml
|
||||
VERSIONS_YAML_FILE_URL := https://raw.githubusercontent.com/kata-containers/runtime/master/versions.yaml
|
||||
VERSION_FILE := VERSION
|
||||
VERSION_FILE_URL := https://raw.githubusercontent.com/kata-containers/runtime/master/VERSION
|
||||
|
||||
export YQ
|
||||
export VERSION_FILE
|
||||
export VERSIONS_YAML_FILE
|
||||
|
||||
test:
|
||||
@$(MK_DIR)/.ci/test.sh
|
||||
@ -19,3 +29,33 @@ test-static-build:
|
||||
|
||||
test-packaging-tools:
|
||||
@$(MK_DIR)/obs-packaging/build_from_docker.sh
|
||||
|
||||
$(YQ):
|
||||
@bash -c "source .ci/lib.sh; install_yq"
|
||||
|
||||
$(VERSION_FILE):
|
||||
@curl -sO $(VERSION_FILE_URL)
|
||||
|
||||
$(VERSIONS_YAML_FILE):
|
||||
@curl -sO $(VERSIONS_YAML_FILE_URL)
|
||||
|
||||
$(SNAPCRAFT_FILE): %: %.in Makefile $(YQ) $(VERSIONS_YAML_FILE) $(VERSION_FILE)
|
||||
$(SED) \
|
||||
-e "s|@KATA_RUNTIME_VERSION@|$$(cat $${VERSION_FILE})|g" \
|
||||
-e "s|@KATA_PROXY_VERSION@|$$(cat $${VERSION_FILE})|g" \
|
||||
-e "s|@KATA_SHIM_VERSION@|$$(cat $${VERSION_FILE})|g" \
|
||||
-e "s|@KSM_THROTTLER_VERSION@|$$(cat $${VERSION_FILE})|g" \
|
||||
-e "s|@QEMU_LITE_BRANCH@|$$($${YQ} r $${VERSIONS_YAML_FILE} assets.hypervisor.qemu-lite.branch)|g" \
|
||||
-e "s|@KERNEL_URL@|$$($${YQ} r $${VERSIONS_YAML_FILE} assets.kernel.url)|g" \
|
||||
-e "s|@KERNEL_VERSION@|$$($${YQ} r $${VERSIONS_YAML_FILE} assets.kernel.version | tr -d v)|g" \
|
||||
-e "s|@GO_VERSION@|$$($${YQ} r $${VERSIONS_YAML_FILE} languages.golang.meta.newest-version)|g" \
|
||||
$< > $@
|
||||
|
||||
snap: $(SNAPCRAFT_FILE)
|
||||
snapcraft -d
|
||||
|
||||
clean:
|
||||
rm $(SNAPCRAFT_FILE)
|
||||
|
||||
.PHONY: test test-release-tools test-static-build test-packaging-tools snap clean \
|
||||
$(VERSION_FILE) $(VERSIONS_YAML_FILE)
|
||||
|
99
snap/README.md
Normal file
99
snap/README.md
Normal file
@ -0,0 +1,99 @@
|
||||
# Kata Containers snap image
|
||||
|
||||
* [Kata Containers snap image](#kata-containers-snap-image)
|
||||
* [Initial setup](#initial-setup)
|
||||
* [Build snap image](#build-snap-image)
|
||||
* [Install snap (developer)](#install-snap-developer)
|
||||
* [Integration with docker](#integration-with-docker)
|
||||
* [Limitations](#limitations)
|
||||
|
||||
This directory contains the resources needed to build the Kata Containers
|
||||
[snap][1] image.
|
||||
|
||||
## Initial setup
|
||||
|
||||
*Ubuntu 18.04*
|
||||
|
||||
```sh
|
||||
$ sudo apt-get install -y snapd snapcraft
|
||||
```
|
||||
|
||||
## Build snap image
|
||||
|
||||
Run next command at the root directory of the packaging repository.
|
||||
|
||||
```sh
|
||||
$ make snap
|
||||
```
|
||||
|
||||
## Install snap (developer)
|
||||
|
||||
To install the resulting snap image, snap must be put in [classic mode][3] and the
|
||||
security confinement must be disabled (*--classic*). Also since the resulting snap
|
||||
has not been signed the verification of signature must be omitted (*--dangerous*).
|
||||
|
||||
```sh
|
||||
$ sudo snap install --classic --dangerous kata-containers_[VERSION]_[ARCH].snap
|
||||
```
|
||||
|
||||
Replace `VERSION` with the current version of Kata Containers and `ARCH` with
|
||||
the system architecture.
|
||||
|
||||
## Configuring Kata Containers ##
|
||||
|
||||
By default Kata Containers snap image is mounted at `/snap/kata-containers` as a
|
||||
read-only file system, therefore default configuration file can not be edited.
|
||||
Fortunately [kata-runtime][4] supports loading a configuration file from another
|
||||
path than the default.
|
||||
|
||||
```sh
|
||||
$ sudo mkdir -p /etc/kata-containers
|
||||
$ sudo cp /snap/kata-containers/current/usr/share/defaults/kata-containers/configuration.toml /etc/kata-containers/
|
||||
$ $EDITOR /etc/kata-containers/configuration.toml
|
||||
```
|
||||
|
||||
## Integration with docker ##
|
||||
|
||||
the path to the runtime provided by the Kata Containers snap image is
|
||||
`/snap/kata-containers/current/usr/bin/kata-runtime`, this runtime must be added to
|
||||
[dockerd][5] via `systemd` or `dockerd` configuration file.
|
||||
|
||||
`/etc/systemd/system/docker.service.d/runtime.conf`
|
||||
|
||||
```ini
|
||||
[Service]
|
||||
ExecStart=/usr/bin/dockerd -D --add-runtime kata-runtime=/snap/kata-containers/current/usr/bin/kata-runtime --default-runtime=kata-runtime
|
||||
```
|
||||
|
||||
or
|
||||
|
||||
`/etc/docker/daemon.json`
|
||||
|
||||
```json
|
||||
{
|
||||
"default-runtime": "kata-runtime",
|
||||
"runtimes": {
|
||||
"kata-runtime": {
|
||||
"path": "/snap/kata-containers/current/usr/bin/kata-runtime"
|
||||
}
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
after having added the new runtime, the service must be reloaded and restarted
|
||||
|
||||
```
|
||||
$ sudo systemctl daemon-reload
|
||||
$ sudo systemctl restart docker
|
||||
```
|
||||
|
||||
## Limitations
|
||||
|
||||
The [miniOS image][2] is not included in the snap image as it is not possible for
|
||||
QEMU to open a guest RAM backing store on a read-only filesystem.
|
||||
|
||||
[1]: https://docs.snapcraft.io/snaps/intro
|
||||
[2]: https://github.com/kata-containers/documentation/blob/master/architecture.md#root-filesystem-image
|
||||
[3]: https://docs.snapcraft.io/reference/confinement#classic
|
||||
[4]: https://github.com/kata-containers/runtime
|
||||
[5]: https://docs.docker.com/engine/reference/commandline/dockerd
|
263
snap/snapcraft.yaml.in
Normal file
263
snap/snapcraft.yaml.in
Normal file
@ -0,0 +1,263 @@
|
||||
name: kata-containers
|
||||
version: @KATA_RUNTIME_VERSION@
|
||||
summary: Build lightweight VMs that seamlessly plug into the containers ecosystem
|
||||
description: |
|
||||
Kata Containers is an open source project and community working to build a
|
||||
standard implementation of lightweight Virtual Machines (VMs) that feel and
|
||||
perform like containers, but provide the workload isolation and security
|
||||
advantages of VMs
|
||||
grade: stable
|
||||
confinement: classic
|
||||
|
||||
parts:
|
||||
go:
|
||||
source-tag: go@GO_VERSION@
|
||||
runtime:
|
||||
source: http://github.com/kata-containers/runtime
|
||||
source-type: git
|
||||
source-tag: @KATA_RUNTIME_VERSION@
|
||||
after: [go]
|
||||
plugin: go
|
||||
go-importpath: github.com/kata-containers/runtime
|
||||
build-attributes: [no-patchelf]
|
||||
override-build: |
|
||||
# Don't use installed GOROOT
|
||||
unset GOROOT
|
||||
export GOPATH=$(realpath ../go)
|
||||
cd ${GOPATH}/src/github.com/${SNAPCRAFT_PROJECT_NAME}/runtime
|
||||
make \
|
||||
QEMUPATH=/snap/${SNAPCRAFT_PROJECT_NAME}/current/usr/bin/qemu-system-x86_64 \
|
||||
PROXYPATH=/snap/${SNAPCRAFT_PROJECT_NAME}/current/usr/libexec/${SNAPCRAFT_PROJECT_NAME}/kata-proxy \
|
||||
SHIMPATH=/snap/${SNAPCRAFT_PROJECT_NAME}/current/usr/libexec/${SNAPCRAFT_PROJECT_NAME}/kata-shim \
|
||||
KERNELPATH=/snap/${SNAPCRAFT_PROJECT_NAME}/current/usr/share/${SNAPCRAFT_PROJECT_NAME}/vmlinuz.container \
|
||||
INITRDPATH=/snap/${SNAPCRAFT_PROJECT_NAME}/current/usr/share/${SNAPCRAFT_PROJECT_NAME}/kata-containers-initrd.img \
|
||||
CONFIG_PATH=/snap/${SNAPCRAFT_PROJECT_NAME}/current/usr/share/defaults/${SNAPCRAFT_PROJECT_NAME}/configuration.toml
|
||||
make install \
|
||||
PREFIX=/usr \
|
||||
DESTDIR=${SNAPCRAFT_PART_INSTALL} \
|
||||
QEMUPATH=/snap/${SNAPCRAFT_PROJECT_NAME}/current/usr/bin/qemu-system-x86_64 \
|
||||
PROXYPATH=/snap/${SNAPCRAFT_PROJECT_NAME}/current/usr/libexec/${SNAPCRAFT_PROJECT_NAME}/kata-proxy \
|
||||
SHIMPATH=/snap/${SNAPCRAFT_PROJECT_NAME}/current/usr/libexec/${SNAPCRAFT_PROJECT_NAME}/kata-shim \
|
||||
KERNELPATH=/snap/${SNAPCRAFT_PROJECT_NAME}/current/usr/share/${SNAPCRAFT_PROJECT_NAME}/vmlinuz.container \
|
||||
INITRDPATH=/snap/${SNAPCRAFT_PROJECT_NAME}/current/usr/share/${SNAPCRAFT_PROJECT_NAME}/kata-containers-initrd.img
|
||||
sed -i -e '/^image =/d' ${SNAPCRAFT_PART_INSTALL}/usr/share/defaults/${SNAPCRAFT_PROJECT_NAME}/configuration.toml
|
||||
|
||||
proxy:
|
||||
source: http://github.com/kata-containers/proxy
|
||||
source-type: git
|
||||
source-tag: @KATA_PROXY_VERSION@
|
||||
after: [go]
|
||||
plugin: go
|
||||
go-importpath: github.com/kata-containers/proxy
|
||||
build-attributes: [no-patchelf]
|
||||
override-build: |
|
||||
# Don't use installed GOROOT
|
||||
unset GOROOT
|
||||
export GOPATH=$(realpath ../go)
|
||||
cd ${GOPATH}/src/github.com/${SNAPCRAFT_PROJECT_NAME}/proxy
|
||||
make
|
||||
make install LIBEXECDIR=${SNAPCRAFT_PART_INSTALL}/usr/libexec
|
||||
|
||||
shim:
|
||||
source: http://github.com/kata-containers/shim
|
||||
source-type: git
|
||||
source-tag: @KATA_SHIM_VERSION@
|
||||
after: [go]
|
||||
plugin: go
|
||||
go-importpath: github.com/kata-containers/shim
|
||||
build-attributes: [no-patchelf]
|
||||
build-packages:
|
||||
- libelf-dev
|
||||
override-build: |
|
||||
# Don't use installed GOROOT
|
||||
unset GOROOT
|
||||
export GOPATH=$(realpath ../go)
|
||||
cd ${GOPATH}/src/github.com/${SNAPCRAFT_PROJECT_NAME}/shim
|
||||
make
|
||||
make install LIBEXECDIR=${SNAPCRAFT_PART_INSTALL}/usr/libexec
|
||||
|
||||
image:
|
||||
source: http://github.com/kata-containers/osbuilder
|
||||
source-type: git
|
||||
after: [go]
|
||||
plugin: make
|
||||
build-packages:
|
||||
- docker.io
|
||||
override-build: |
|
||||
# Don't use installed GOROOT
|
||||
unset GOROOT
|
||||
if [ -n "$http_proxy" ]; then
|
||||
echo "Setting proxy $http_proxy"
|
||||
systemctl set-environment http_proxy=$http_proxy || true
|
||||
systemctl set-environment https_proxy=$https_proxy || true
|
||||
fi
|
||||
|
||||
echo "Starting docker"
|
||||
systemctl start docker || true
|
||||
|
||||
export GOPATH=$(realpath ../go)
|
||||
mkdir -p $GOPATH
|
||||
|
||||
sed -i 's|^GO_VERSION=.*|GO_VERSION='$(go version | cut -d' ' -f3 | tr -d go)'|g' rootfs-builder/versions.txt
|
||||
|
||||
sudo -E PATH=$PATH make DISTRO=alpine USE_DOCKER=true AGENT_VERSION=${SNAPCRAFT_PROJECT_VERSION} AGENT_INIT=yes rootfs
|
||||
sudo -E PATH=$PATH make DISTRO=alpine AGENT_INIT=yes initrd-only
|
||||
|
||||
kata_image_dir=${SNAPCRAFT_PART_INSTALL}/usr/share/kata-containers
|
||||
mkdir -p ${kata_image_dir}
|
||||
cp kata-containers-initrd.img ${kata_image_dir}
|
||||
|
||||
ksm-throttler:
|
||||
source: http://github.com/kata-containers/ksm-throttler
|
||||
source-type: git
|
||||
source-tag: @KSM_THROTTLER_VERSION@
|
||||
after: [go]
|
||||
plugin: go
|
||||
go-importpath: github.com/kata-containers/ksm-throttler
|
||||
build-attributes: [no-patchelf]
|
||||
override-build: |
|
||||
# Don't use installed GOROOT
|
||||
unset GOROOT
|
||||
export GOPATH=$(realpath ../go)
|
||||
cd ${GOPATH}/src/github.com/${SNAPCRAFT_PROJECT_NAME}/ksm-throttler
|
||||
make TARGET=kata-ksm-throttler
|
||||
make install \
|
||||
DESTDIR=${SNAPCRAFT_PART_INSTALL} \
|
||||
TARGET=kata-ksm-throttler
|
||||
|
||||
kernel:
|
||||
source: @KERNEL_URL@/linux-@KERNEL_VERSION@.tar.xz
|
||||
source-type: tar
|
||||
after: [kernel-dump]
|
||||
plugin: kernel
|
||||
override-build: |
|
||||
case "$(arch)" in
|
||||
"x86_64")
|
||||
config=x86_64_kata_kvm_4.14.x
|
||||
;;
|
||||
|
||||
"ppc64le")
|
||||
config=ppc64le_kata_kvm_4.14.x
|
||||
;;
|
||||
|
||||
"aarch64")
|
||||
config=arm64_kata_kvm_4.14.x
|
||||
;;
|
||||
|
||||
*)
|
||||
echo "ERROR: Unsupported architecture $(arch)"
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
|
||||
make mrproper
|
||||
|
||||
# Apply patches
|
||||
for patch in ${SNAPCRAFT_STAGE}/kernel/patches/*.patch; do
|
||||
echo "Applying $(basename "$patch") ..."
|
||||
patch \
|
||||
--batch \
|
||||
--forward \
|
||||
--strip 1 \
|
||||
--input "$patch"
|
||||
echo
|
||||
done
|
||||
|
||||
# Copy config file
|
||||
cp ${SNAPCRAFT_STAGE}/kernel/configs/${config} .config
|
||||
make -s oldconfig EXTRAVERSION=".container" > /dev/null
|
||||
make -j $(nproc) EXTRAVERSION=".container"
|
||||
|
||||
kernel_suffix=@KERNEL_VERSION@.container
|
||||
kata_kernel_dir=${SNAPCRAFT_PART_INSTALL}/usr/share/kata-containers
|
||||
mkdir -p ${kata_kernel_dir}
|
||||
|
||||
# Install bz kernel
|
||||
make install INSTALL_PATH=${kata_kernel_dir} EXTRAVERSION=".container" || true
|
||||
vmlinuz_name=vmlinuz-${kernel_suffix}
|
||||
ln -sf ${vmlinuz_name} ${kata_kernel_dir}/vmlinuz.container
|
||||
|
||||
# Install raw kernel
|
||||
vmlinux_name=vmlinux-${kernel_suffix}
|
||||
cp vmlinux ${kata_kernel_dir}/${vmlinux_name}
|
||||
ln -sf ${vmlinux_name} ${kata_kernel_dir}/vmlinux.container
|
||||
|
||||
kernel-dump:
|
||||
source: kernel
|
||||
plugin: dump
|
||||
organize:
|
||||
'*' : kernel/
|
||||
prime:
|
||||
- -*
|
||||
|
||||
qemu:
|
||||
source: https://github.com/kata-containers/qemu/archive/@QEMU_LITE_BRANCH@.tar.gz
|
||||
source-type: tar
|
||||
plugin: make
|
||||
after: [qemu-scripts-dump, qemu-patches-dump]
|
||||
build-packages:
|
||||
- gcc
|
||||
- python
|
||||
- zlib1g-dev
|
||||
- libcap-ng-dev
|
||||
- libglib2.0-dev
|
||||
- libpixman-1-dev
|
||||
- libnuma-dev
|
||||
- libltdl-dev
|
||||
- libcap-dev
|
||||
- libattr1-dev
|
||||
override-build: |
|
||||
chmod +x ${SNAPCRAFT_STAGE}/qemu/scripts/configure-hypervisor.sh
|
||||
# static build
|
||||
echo "$(${SNAPCRAFT_STAGE}/qemu/scripts/configure-hypervisor.sh -s qemu) \
|
||||
--disable-rbd
|
||||
--prefix=/snap/${SNAPCRAFT_PROJECT_NAME}/current/usr \
|
||||
--datadir=/snap/${SNAPCRAFT_PROJECT_NAME}/current/usr/share \
|
||||
--libexecdir=/snap/${SNAPCRAFT_PROJECT_NAME}/current/usr/libexec/qemu" \
|
||||
| xargs ./configure
|
||||
|
||||
git clone https://github.com/qemu/keycodemapdb ui/keycodemapdb/
|
||||
cd ui/keycodemapdb; git checkout 10739aa; cd ../..
|
||||
|
||||
git clone https://github.com/qemu/capstone capstone
|
||||
cd capstone; git checkout 22ead3e; cd ..
|
||||
|
||||
# Apply patches
|
||||
for patch in ${SNAPCRAFT_STAGE}/qemu/patches/*.patch; do
|
||||
echo "Applying $(basename "$patch") ..."
|
||||
patch \
|
||||
--batch \
|
||||
--forward \
|
||||
--strip 1 \
|
||||
--input "$patch"
|
||||
echo
|
||||
done
|
||||
make -j $(nproc)
|
||||
make install DESTDIR=${SNAPCRAFT_PART_INSTALL}
|
||||
prime:
|
||||
- -snap/*
|
||||
- -usr/var/*
|
||||
- usr/*
|
||||
- lib/*
|
||||
organize:
|
||||
# Hack: move qemu to /
|
||||
"snap/kata-containers/current/": "./"
|
||||
|
||||
qemu-scripts-dump:
|
||||
source: scripts
|
||||
plugin: dump
|
||||
organize:
|
||||
'*' : qemu/scripts/
|
||||
prime:
|
||||
- -*
|
||||
qemu-patches-dump:
|
||||
source: obs-packaging/qemu-lite/patches/
|
||||
plugin: dump
|
||||
organize:
|
||||
'*' : qemu/patches/
|
||||
prime:
|
||||
- -*
|
||||
|
||||
apps:
|
||||
runtime:
|
||||
command: usr/bin/kata-runtime
|
Loading…
Reference in New Issue
Block a user