diff --git a/.ci/lib.sh b/.ci/lib.sh index 194cf5296a..ca954da59a 100644 --- a/.ci/lib.sh +++ b/.ci/lib.sh @@ -24,3 +24,38 @@ check_kata_kernel_version(){ fi } + +install_yq() { + GOPATH=${GOPATH:-${HOME}/go} + local yq_path="${GOPATH}/bin/yq" + local yq_pkg="github.com/mikefarah/yq" + [ -x "${GOPATH}/bin/yq" ] && return + + case "$(arch)" in + "aarch64") + goarch=arm64 + ;; + + "x86_64") + goarch=amd64 + ;; + "*") + echo "Arch $(arch) not supported" + exit + ;; + esac + + mkdir -p "${GOPATH}/bin" + + # Workaround to get latest release from github (to not use github token). + # Get the redirection to latest release on github. + yq_latest_url=$(curl -Ls -o /dev/null -w %{url_effective} "https://${yq_pkg}/releases/latest") + # The redirected url should include the latest release version + # https://github.com/mikefarah/yq/releases/tag/ + yq_version=$(basename "${yq_latest_url}") + + + local yq_url="https://${yq_pkg}/releases/download/${yq_version}/yq_linux_${goarch}" + curl -o "${yq_path}" -L ${yq_url} + chmod +x ${yq_path} +} diff --git a/.ci/run.sh b/.ci/run.sh index 50eedb5585..6e0c28570f 100755 --- a/.ci/run.sh +++ b/.ci/run.sh @@ -11,8 +11,14 @@ set -o pipefail cidir=$(dirname "$0") source "${cidir}/lib.sh" +source /etc/os-release # This script will execute packaging tests suite # TODO: Add steps needed to build packages check_kata_kernel_version + +if [ "$ID" == ubuntu ];then + echo "Building snap image" + make snap +fi diff --git a/.ci/setup.sh b/.ci/setup.sh index c084cec081..89e312c33c 100755 --- a/.ci/setup.sh +++ b/.ci/setup.sh @@ -9,4 +9,10 @@ set -o errexit set -o nounset set -o pipefail +source /etc/os-release + echo "Setup script for packaging" + +if [ "$ID" == ubuntu ];then + sudo apt-get install -y snapd snapcraft +fi diff --git a/.gitignore b/.gitignore index e79e32ecbf..0d6184c00c 100644 --- a/.gitignore +++ b/.gitignore @@ -3,3 +3,9 @@ debian.series *.img *.initrd *.tar.gz +*.snap +parts/ +prime/ +stage/ +snap/.snapcraft/ +snap/snapcraft.yaml diff --git a/Makefile b/Makefile index 4510c6b14f..14308d14e9 100644 --- a/Makefile +++ b/Makefile @@ -6,7 +6,17 @@ # MK_DIR :=$(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) -.PHONY: test test-release-tools +SED := sed +YQ := $(shell go env GOPATH)/bin/yq +SNAPCRAFT_FILE := snap/snapcraft.yaml +VERSIONS_YAML_FILE := versions.yaml +VERSIONS_YAML_FILE_URL := https://raw.githubusercontent.com/kata-containers/runtime/master/versions.yaml +VERSION_FILE := VERSION +VERSION_FILE_URL := https://raw.githubusercontent.com/kata-containers/runtime/master/VERSION + +export YQ +export VERSION_FILE +export VERSIONS_YAML_FILE test: @$(MK_DIR)/.ci/test.sh @@ -19,3 +29,33 @@ test-static-build: test-packaging-tools: @$(MK_DIR)/obs-packaging/build_from_docker.sh + +$(YQ): + @bash -c "source .ci/lib.sh; install_yq" + +$(VERSION_FILE): + @curl -sO $(VERSION_FILE_URL) + +$(VERSIONS_YAML_FILE): + @curl -sO $(VERSIONS_YAML_FILE_URL) + +$(SNAPCRAFT_FILE): %: %.in Makefile $(YQ) $(VERSIONS_YAML_FILE) $(VERSION_FILE) + $(SED) \ + -e "s|@KATA_RUNTIME_VERSION@|$$(cat $${VERSION_FILE})|g" \ + -e "s|@KATA_PROXY_VERSION@|$$(cat $${VERSION_FILE})|g" \ + -e "s|@KATA_SHIM_VERSION@|$$(cat $${VERSION_FILE})|g" \ + -e "s|@KSM_THROTTLER_VERSION@|$$(cat $${VERSION_FILE})|g" \ + -e "s|@QEMU_LITE_BRANCH@|$$($${YQ} r $${VERSIONS_YAML_FILE} assets.hypervisor.qemu-lite.branch)|g" \ + -e "s|@KERNEL_URL@|$$($${YQ} r $${VERSIONS_YAML_FILE} assets.kernel.url)|g" \ + -e "s|@KERNEL_VERSION@|$$($${YQ} r $${VERSIONS_YAML_FILE} assets.kernel.version | tr -d v)|g" \ + -e "s|@GO_VERSION@|$$($${YQ} r $${VERSIONS_YAML_FILE} languages.golang.meta.newest-version)|g" \ + $< > $@ + +snap: $(SNAPCRAFT_FILE) + snapcraft -d + +clean: + rm $(SNAPCRAFT_FILE) + +.PHONY: test test-release-tools test-static-build test-packaging-tools snap clean \ + $(VERSION_FILE) $(VERSIONS_YAML_FILE) diff --git a/snap/README.md b/snap/README.md new file mode 100644 index 0000000000..0ade99e827 --- /dev/null +++ b/snap/README.md @@ -0,0 +1,99 @@ +# Kata Containers snap image + +* [Kata Containers snap image](#kata-containers-snap-image) +* [Initial setup](#initial-setup) +* [Build snap image](#build-snap-image) +* [Install snap (developer)](#install-snap-developer) +* [Integration with docker](#integration-with-docker) +* [Limitations](#limitations) + +This directory contains the resources needed to build the Kata Containers +[snap][1] image. + +## Initial setup + +*Ubuntu 18.04* + +```sh +$ sudo apt-get install -y snapd snapcraft +``` + +## Build snap image + +Run next command at the root directory of the packaging repository. + +```sh +$ make snap +``` + +## Install snap (developer) + +To install the resulting snap image, snap must be put in [classic mode][3] and the +security confinement must be disabled (*--classic*). Also since the resulting snap +has not been signed the verification of signature must be omitted (*--dangerous*). + +```sh +$ sudo snap install --classic --dangerous kata-containers_[VERSION]_[ARCH].snap +``` + +Replace `VERSION` with the current version of Kata Containers and `ARCH` with +the system architecture. + +## Configuring Kata Containers ## + +By default Kata Containers snap image is mounted at `/snap/kata-containers` as a +read-only file system, therefore default configuration file can not be edited. +Fortunately [kata-runtime][4] supports loading a configuration file from another +path than the default. + +```sh +$ sudo mkdir -p /etc/kata-containers +$ sudo cp /snap/kata-containers/current/usr/share/defaults/kata-containers/configuration.toml /etc/kata-containers/ +$ $EDITOR /etc/kata-containers/configuration.toml +``` + +## Integration with docker ## + +the path to the runtime provided by the Kata Containers snap image is +`/snap/kata-containers/current/usr/bin/kata-runtime`, this runtime must be added to +[dockerd][5] via `systemd` or `dockerd` configuration file. + +`/etc/systemd/system/docker.service.d/runtime.conf` + +```ini +[Service] +ExecStart=/usr/bin/dockerd -D --add-runtime kata-runtime=/snap/kata-containers/current/usr/bin/kata-runtime --default-runtime=kata-runtime +``` + +or + +`/etc/docker/daemon.json` + +```json +{ + "default-runtime": "kata-runtime", + "runtimes": { + "kata-runtime": { + "path": "/snap/kata-containers/current/usr/bin/kata-runtime" + } + } +} +``` + +after having added the new runtime, the service must be reloaded and restarted + +``` +$ sudo systemctl daemon-reload +$ sudo systemctl restart docker +``` + +## Limitations + +The [miniOS image][2] is not included in the snap image as it is not possible for +QEMU to open a guest RAM backing store on a read-only filesystem. + +[1]: https://docs.snapcraft.io/snaps/intro +[2]: https://github.com/kata-containers/documentation/blob/master/architecture.md#root-filesystem-image +[3]: https://docs.snapcraft.io/reference/confinement#classic +[4]: https://github.com/kata-containers/runtime +[5]: https://docs.docker.com/engine/reference/commandline/dockerd diff --git a/snap/snapcraft.yaml.in b/snap/snapcraft.yaml.in new file mode 100644 index 0000000000..ab92409aba --- /dev/null +++ b/snap/snapcraft.yaml.in @@ -0,0 +1,263 @@ +name: kata-containers +version: @KATA_RUNTIME_VERSION@ +summary: Build lightweight VMs that seamlessly plug into the containers ecosystem +description: | + Kata Containers is an open source project and community working to build a + standard implementation of lightweight Virtual Machines (VMs) that feel and + perform like containers, but provide the workload isolation and security + advantages of VMs +grade: stable +confinement: classic + +parts: + go: + source-tag: go@GO_VERSION@ + runtime: + source: http://github.com/kata-containers/runtime + source-type: git + source-tag: @KATA_RUNTIME_VERSION@ + after: [go] + plugin: go + go-importpath: github.com/kata-containers/runtime + build-attributes: [no-patchelf] + override-build: | + # Don't use installed GOROOT + unset GOROOT + export GOPATH=$(realpath ../go) + cd ${GOPATH}/src/github.com/${SNAPCRAFT_PROJECT_NAME}/runtime + make \ + QEMUPATH=/snap/${SNAPCRAFT_PROJECT_NAME}/current/usr/bin/qemu-system-x86_64 \ + PROXYPATH=/snap/${SNAPCRAFT_PROJECT_NAME}/current/usr/libexec/${SNAPCRAFT_PROJECT_NAME}/kata-proxy \ + SHIMPATH=/snap/${SNAPCRAFT_PROJECT_NAME}/current/usr/libexec/${SNAPCRAFT_PROJECT_NAME}/kata-shim \ + KERNELPATH=/snap/${SNAPCRAFT_PROJECT_NAME}/current/usr/share/${SNAPCRAFT_PROJECT_NAME}/vmlinuz.container \ + INITRDPATH=/snap/${SNAPCRAFT_PROJECT_NAME}/current/usr/share/${SNAPCRAFT_PROJECT_NAME}/kata-containers-initrd.img \ + CONFIG_PATH=/snap/${SNAPCRAFT_PROJECT_NAME}/current/usr/share/defaults/${SNAPCRAFT_PROJECT_NAME}/configuration.toml + make install \ + PREFIX=/usr \ + DESTDIR=${SNAPCRAFT_PART_INSTALL} \ + QEMUPATH=/snap/${SNAPCRAFT_PROJECT_NAME}/current/usr/bin/qemu-system-x86_64 \ + PROXYPATH=/snap/${SNAPCRAFT_PROJECT_NAME}/current/usr/libexec/${SNAPCRAFT_PROJECT_NAME}/kata-proxy \ + SHIMPATH=/snap/${SNAPCRAFT_PROJECT_NAME}/current/usr/libexec/${SNAPCRAFT_PROJECT_NAME}/kata-shim \ + KERNELPATH=/snap/${SNAPCRAFT_PROJECT_NAME}/current/usr/share/${SNAPCRAFT_PROJECT_NAME}/vmlinuz.container \ + INITRDPATH=/snap/${SNAPCRAFT_PROJECT_NAME}/current/usr/share/${SNAPCRAFT_PROJECT_NAME}/kata-containers-initrd.img + sed -i -e '/^image =/d' ${SNAPCRAFT_PART_INSTALL}/usr/share/defaults/${SNAPCRAFT_PROJECT_NAME}/configuration.toml + + proxy: + source: http://github.com/kata-containers/proxy + source-type: git + source-tag: @KATA_PROXY_VERSION@ + after: [go] + plugin: go + go-importpath: github.com/kata-containers/proxy + build-attributes: [no-patchelf] + override-build: | + # Don't use installed GOROOT + unset GOROOT + export GOPATH=$(realpath ../go) + cd ${GOPATH}/src/github.com/${SNAPCRAFT_PROJECT_NAME}/proxy + make + make install LIBEXECDIR=${SNAPCRAFT_PART_INSTALL}/usr/libexec + + shim: + source: http://github.com/kata-containers/shim + source-type: git + source-tag: @KATA_SHIM_VERSION@ + after: [go] + plugin: go + go-importpath: github.com/kata-containers/shim + build-attributes: [no-patchelf] + build-packages: + - libelf-dev + override-build: | + # Don't use installed GOROOT + unset GOROOT + export GOPATH=$(realpath ../go) + cd ${GOPATH}/src/github.com/${SNAPCRAFT_PROJECT_NAME}/shim + make + make install LIBEXECDIR=${SNAPCRAFT_PART_INSTALL}/usr/libexec + + image: + source: http://github.com/kata-containers/osbuilder + source-type: git + after: [go] + plugin: make + build-packages: + - docker.io + override-build: | + # Don't use installed GOROOT + unset GOROOT + if [ -n "$http_proxy" ]; then + echo "Setting proxy $http_proxy" + systemctl set-environment http_proxy=$http_proxy || true + systemctl set-environment https_proxy=$https_proxy || true + fi + + echo "Starting docker" + systemctl start docker || true + + export GOPATH=$(realpath ../go) + mkdir -p $GOPATH + + sed -i 's|^GO_VERSION=.*|GO_VERSION='$(go version | cut -d' ' -f3 | tr -d go)'|g' rootfs-builder/versions.txt + + sudo -E PATH=$PATH make DISTRO=alpine USE_DOCKER=true AGENT_VERSION=${SNAPCRAFT_PROJECT_VERSION} AGENT_INIT=yes rootfs + sudo -E PATH=$PATH make DISTRO=alpine AGENT_INIT=yes initrd-only + + kata_image_dir=${SNAPCRAFT_PART_INSTALL}/usr/share/kata-containers + mkdir -p ${kata_image_dir} + cp kata-containers-initrd.img ${kata_image_dir} + + ksm-throttler: + source: http://github.com/kata-containers/ksm-throttler + source-type: git + source-tag: @KSM_THROTTLER_VERSION@ + after: [go] + plugin: go + go-importpath: github.com/kata-containers/ksm-throttler + build-attributes: [no-patchelf] + override-build: | + # Don't use installed GOROOT + unset GOROOT + export GOPATH=$(realpath ../go) + cd ${GOPATH}/src/github.com/${SNAPCRAFT_PROJECT_NAME}/ksm-throttler + make TARGET=kata-ksm-throttler + make install \ + DESTDIR=${SNAPCRAFT_PART_INSTALL} \ + TARGET=kata-ksm-throttler + + kernel: + source: @KERNEL_URL@/linux-@KERNEL_VERSION@.tar.xz + source-type: tar + after: [kernel-dump] + plugin: kernel + override-build: | + case "$(arch)" in + "x86_64") + config=x86_64_kata_kvm_4.14.x + ;; + + "ppc64le") + config=ppc64le_kata_kvm_4.14.x + ;; + + "aarch64") + config=arm64_kata_kvm_4.14.x + ;; + + *) + echo "ERROR: Unsupported architecture $(arch)" + exit 1 + ;; + esac + + make mrproper + + # Apply patches + for patch in ${SNAPCRAFT_STAGE}/kernel/patches/*.patch; do + echo "Applying $(basename "$patch") ..." + patch \ + --batch \ + --forward \ + --strip 1 \ + --input "$patch" + echo + done + + # Copy config file + cp ${SNAPCRAFT_STAGE}/kernel/configs/${config} .config + make -s oldconfig EXTRAVERSION=".container" > /dev/null + make -j $(nproc) EXTRAVERSION=".container" + + kernel_suffix=@KERNEL_VERSION@.container + kata_kernel_dir=${SNAPCRAFT_PART_INSTALL}/usr/share/kata-containers + mkdir -p ${kata_kernel_dir} + + # Install bz kernel + make install INSTALL_PATH=${kata_kernel_dir} EXTRAVERSION=".container" || true + vmlinuz_name=vmlinuz-${kernel_suffix} + ln -sf ${vmlinuz_name} ${kata_kernel_dir}/vmlinuz.container + + # Install raw kernel + vmlinux_name=vmlinux-${kernel_suffix} + cp vmlinux ${kata_kernel_dir}/${vmlinux_name} + ln -sf ${vmlinux_name} ${kata_kernel_dir}/vmlinux.container + + kernel-dump: + source: kernel + plugin: dump + organize: + '*' : kernel/ + prime: + - -* + + qemu: + source: https://github.com/kata-containers/qemu/archive/@QEMU_LITE_BRANCH@.tar.gz + source-type: tar + plugin: make + after: [qemu-scripts-dump, qemu-patches-dump] + build-packages: + - gcc + - python + - zlib1g-dev + - libcap-ng-dev + - libglib2.0-dev + - libpixman-1-dev + - libnuma-dev + - libltdl-dev + - libcap-dev + - libattr1-dev + override-build: | + chmod +x ${SNAPCRAFT_STAGE}/qemu/scripts/configure-hypervisor.sh + # static build + echo "$(${SNAPCRAFT_STAGE}/qemu/scripts/configure-hypervisor.sh -s qemu) \ + --disable-rbd + --prefix=/snap/${SNAPCRAFT_PROJECT_NAME}/current/usr \ + --datadir=/snap/${SNAPCRAFT_PROJECT_NAME}/current/usr/share \ + --libexecdir=/snap/${SNAPCRAFT_PROJECT_NAME}/current/usr/libexec/qemu" \ + | xargs ./configure + + git clone https://github.com/qemu/keycodemapdb ui/keycodemapdb/ + cd ui/keycodemapdb; git checkout 10739aa; cd ../.. + + git clone https://github.com/qemu/capstone capstone + cd capstone; git checkout 22ead3e; cd .. + + # Apply patches + for patch in ${SNAPCRAFT_STAGE}/qemu/patches/*.patch; do + echo "Applying $(basename "$patch") ..." + patch \ + --batch \ + --forward \ + --strip 1 \ + --input "$patch" + echo + done + make -j $(nproc) + make install DESTDIR=${SNAPCRAFT_PART_INSTALL} + prime: + - -snap/* + - -usr/var/* + - usr/* + - lib/* + organize: + # Hack: move qemu to / + "snap/kata-containers/current/": "./" + + qemu-scripts-dump: + source: scripts + plugin: dump + organize: + '*' : qemu/scripts/ + prime: + - -* + qemu-patches-dump: + source: obs-packaging/qemu-lite/patches/ + plugin: dump + organize: + '*' : qemu/patches/ + prime: + - -* + +apps: + runtime: + command: usr/bin/kata-runtime