From 5208386ab18a3e7873b4ec9a9efa9c8aeaddc7b0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Tue, 3 Oct 2023 14:20:23 +0200 Subject: [PATCH] packaging: Build the kata-agent MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Let's add the needed functions to start building the kata-agent, with or without the OPA support. For now this build is not used as part of the rootfs build, but later on this will (not as part of this series, though). Fixes: #8099 Signed-off-by: Fabiano FidĂȘncio --- .../kata-deploy/local-build/Makefile | 6 +++ .../kata-deploy-binaries-in-docker.sh | 2 + .../local-build/kata-deploy-binaries.sh | 35 ++++++++++++++++++ tools/packaging/static-build/agent/Dockerfile | 21 +++++++++++ .../static-build/agent/build-static-agent.sh | 37 +++++++++++++++++++ tools/packaging/static-build/agent/build.sh | 31 ++++++++++++++++ 6 files changed, 132 insertions(+) create mode 100644 tools/packaging/static-build/agent/Dockerfile create mode 100755 tools/packaging/static-build/agent/build-static-agent.sh create mode 100755 tools/packaging/static-build/agent/build.sh diff --git a/tools/packaging/kata-deploy/local-build/Makefile b/tools/packaging/kata-deploy/local-build/Makefile index 041cd5c800..db9218ac22 100644 --- a/tools/packaging/kata-deploy/local-build/Makefile +++ b/tools/packaging/kata-deploy/local-build/Makefile @@ -52,6 +52,12 @@ serial-targets: %-tarball-build: $(MK_DIR)/dockerbuild/install_yq.sh $(call BUILD,$*) +agent-tarball: + ${MAKE} $@-build + +agent-opa-tarball: + ${MAKE} $@-build + agent-ctl-tarball: ${MAKE} $@-build diff --git a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries-in-docker.sh b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries-in-docker.sh index 47cf2dd1dd..64f505cd50 100755 --- a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries-in-docker.sh +++ b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries-in-docker.sh @@ -84,6 +84,7 @@ ARTEFACT_REGISTRY_PASSWORD="${ARTEFACT_REGISTRY_PASSWORD:-}" TARGET_BRANCH="${TARGET_BRANCH:-}" BUILDER_REGISTRY="${BUILDER_REGISTRY:-}" PUSH_TO_REGISTRY="${PUSH_TO_REGISTRY:-"no"}" +AGENT_CONTAINER_BUILDER="${AGENT_CONTAINER_BUILDER:-}" INITRAMFS_CONTAINER_BUILDER="${INITRAMFS_CONTAINER_BUILDER:-}" KERNEL_CONTAINER_BUILDER="${KERNEL_CONTAINER_BUILDER:-}" OVMF_CONTAINER_BUILDER="${OVMF_CONTAINER_BUILDER:-}" @@ -106,6 +107,7 @@ docker run \ --env TARGET_BRANCH="${TARGET_BRANCH}" \ --env BUILDER_REGISTRY="${BUILDER_REGISTRY}" \ --env PUSH_TO_REGISTRY="${PUSH_TO_REGISTRY}" \ + --env AGENT_CONTAINER_BUILDER="${AGENT_CONTAINER_BUILDER}" \ --env INITRAMFS_CONTAINER_BUILDER="${INITRAMFS_CONTAINER_BUILDER}" \ --env KERNEL_CONTAINER_BUILDER="${KERNEL_CONTAINER_BUILDER}" \ --env OVMF_CONTAINER_BUILDER="${OVMF_CONTAINER_BUILDER}" \ diff --git a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh index 0000ad7104..fcbade0113 100755 --- a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh +++ b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh @@ -22,6 +22,7 @@ readonly static_build_dir="${repo_root_dir}/tools/packaging/static-build" readonly version_file="${repo_root_dir}/VERSION" readonly versions_yaml="${repo_root_dir}/versions.yaml" +readonly agent_builder="${static_build_dir}/agent/build.sh" readonly clh_builder="${static_build_dir}/cloud-hypervisor/build-static-clh.sh" readonly firecracker_builder="${static_build_dir}/firecracker/build-static-firecracker.sh" readonly initramfs_builder="${static_build_dir}/initramfs/build.sh" @@ -81,6 +82,8 @@ options: -s : Silent mode (produce output in case of failure only) --build= : all + agent + agent-opa agent-ctl cloud-hypervisor cloud-hypervisor-glibc @@ -625,6 +628,32 @@ install_ovmf_sev() { install_ovmf "sev" "edk2-sev.tar.gz" } +install_agent_helper() { + agent_policy="${1:-no}" + + latest_artefact="$(git log -1 --pretty=format:"%h" ${repo_root_dir}/src/agent)" + latest_builder_image="$(get_agent_image_name)" + + install_cached_tarball_component \ + "${build_target}" \ + "${latest_artefact}" \ + "${latest_builder_image}" \ + "${final_tarball_name}" \ + "${final_tarball_path}" \ + && return 0 + + info "build static agent" + DESTDIR="${destdir}" AGENT_POLICY=${agent_policy} "${agent_builder}" +} + +install_agent() { + install_agent_helper +} + +install_agent_opa() { + install_agent_helper "yes" +} + install_tools_helper() { tool=${1} @@ -720,6 +749,10 @@ handle_build() { install_virtiofsd ;; + agent) install_agent ;; + + agent-opa) install_agent_opa ;; + agent-ctl) install_agent_ctl ;; cloud-hypervisor) install_clh ;; @@ -827,6 +860,8 @@ main() { local build_targets local silent build_targets=( + agent + agent-opa agent-ctl cloud-hypervisor firecracker diff --git a/tools/packaging/static-build/agent/Dockerfile b/tools/packaging/static-build/agent/Dockerfile new file mode 100644 index 0000000000..c72104cb59 --- /dev/null +++ b/tools/packaging/static-build/agent/Dockerfile @@ -0,0 +1,21 @@ +# Copyright (c) 2023 Intel +# +# SPDX-License-Identifier: Apache-2.0 + +FROM alpine:3.18 +ARG RUST_TOOLCHAIN + +SHELL ["/bin/ash", "-o", "pipefail", "-c"] +RUN apk --no-cache add \ + bash \ + curl \ + gcc \ + git \ + libcap-ng-static \ + libseccomp-static \ + make \ + musl-dev \ + openssl-dev \ + openssl-libs-static \ + protoc && \ + curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain ${RUST_TOOLCHAIN} diff --git a/tools/packaging/static-build/agent/build-static-agent.sh b/tools/packaging/static-build/agent/build-static-agent.sh new file mode 100755 index 0000000000..1d7389c33a --- /dev/null +++ b/tools/packaging/static-build/agent/build-static-agent.sh @@ -0,0 +1,37 @@ +#!/usr/bin/env bash +# +# Copyright (c) 2023 Intel Corporation +# +# SPDX-License-Identifier: Apache-2.0 + +set -o errexit +set -o nounset +set -o pipefail + +script_dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" + +source "${script_dir}/../../scripts/lib.sh" + +init_env() { + source "$HOME/.cargo/env" + + export LIBC=musl + export LIBSECCOMP_LINK_TYPE=static + export LIBSECCOMP_LIB_PATH=/usr/lib + + # This is needed to workaround + # https://github.com/sfackler/rust-openssl/issues/1624 + export OPENSSL_NO_VENDOR=Y +} + +build_agent_from_source() { + echo "build agent from source" + + init_env + + cd src/agent + DESTDIR=${DESTDIR} AGENT_POLICY=${AGENT_POLICY} make + DESTDIR=${DESTDIR} AGENT_POLICY=${AGENT_POLICY} make install +} + +build_agent_from_source $@ diff --git a/tools/packaging/static-build/agent/build.sh b/tools/packaging/static-build/agent/build.sh new file mode 100755 index 0000000000..d847092e4d --- /dev/null +++ b/tools/packaging/static-build/agent/build.sh @@ -0,0 +1,31 @@ +#!/usr/bin/env bash +# +# Copyright (c) 2023 Intel +# +# SPDX-License-Identifier: Apache-2.0 + +set -o errexit +set -o nounset +set -o pipefail + +script_dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +readonly agent_builder="${script_dir}/build-static-agent.sh" + +source "${script_dir}/../../scripts/lib.sh" + +container_image="${AGENT_CONTAINER_BUILDER:-$(get_agent_image_name)}" +[ "${CROSS_BUILD}" == "true" ] && container_image="${container_image}-cross-build" + +sudo docker pull ${container_image} || \ + (sudo docker $BUILDX build $PLATFORM \ + --build-arg RUST_TOOLCHAIN="$(get_from_kata_deps "languages.rust.meta.newest-version")" \ + -t "${container_image}" "${script_dir}" && \ + # No-op unless PUSH_TO_REGISTRY is exported as "yes" + push_to_registry "${container_image}") + +sudo docker run --rm -i -v "${repo_root_dir}:${repo_root_dir}" \ + --env DESTDIR=${DESTDIR} \ + --env AGENT_POLICY=${AGENT_POLICY:-no} \ + -w "${repo_root_dir}" \ + "${container_image}" \ + bash -c "${agent_builder}"