mirror of
https://github.com/kata-containers/kata-containers.git
synced 2025-04-30 04:34:27 +00:00
tests: Build Mariner rootfs initrd
* Adds a new `rootfs-initrd-mariner` build target. * Sets the custom initrd path via annotation in `setup.sh` at test time. * Adapts versions.yaml to specify a `cbl-mariner` initrd variant. * Introduces env variable `HOST_OS` at deploy time to enable using a custom initrd. * Refactors the image builder so that its caller specifies the desired guest OS. Signed-off-by: Aurélien Bombo <abombo@microsoft.com>
This commit is contained in:
Aurélien Bombo
parent
b535c7cbd8
commit
532755ce31
@ -9,7 +9,8 @@ set -o nounset
|
|||||||
set -o pipefail
|
set -o pipefail
|
||||||
|
|
||||||
integration_dir="$(dirname "$(readlink -f "$0")")"
|
integration_dir="$(dirname "$(readlink -f "$0")")"
|
||||||
tools_dir="${integration_dir}/../../tools"
|
repo_root_dir="$(cd "${integration_dir}/../../" && pwd)"
|
||||||
|
tools_dir="${repo_root_dir}/tools"
|
||||||
|
|
||||||
function _print_cluster_name() {
|
function _print_cluster_name() {
|
||||||
short_sha="$(git rev-parse --short=12 HEAD)"
|
short_sha="$(git rev-parse --short=12 HEAD)"
|
||||||
@ -56,9 +57,13 @@ function get_cluster_credentials() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
function run_tests() {
|
function run_tests() {
|
||||||
|
INSTALL_IN_GOPATH=false bash "${repo_root_dir}/ci/install_yq.sh"
|
||||||
|
|
||||||
platform="${1}"
|
platform="${1}"
|
||||||
|
|
||||||
sed -i -e "s|quay.io/kata-containers/kata-deploy:latest|${DOCKER_REGISTRY}/${DOCKER_REPO}:${DOCKER_TAG}|g" "${tools_dir}/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml"
|
sed -i -e "s|quay.io/kata-containers/kata-deploy:latest|${DOCKER_REGISTRY}/${DOCKER_REPO}:${DOCKER_TAG}|g" "${tools_dir}/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml"
|
||||||
|
yq write -i "${tools_dir}/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml" 'spec.template.spec.containers[0].env[+].name' "HOST_OS"
|
||||||
|
yq write -i "${tools_dir}/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml" 'spec.template.spec.containers[0].env[-1].value' "${KATA_HOST_OS}"
|
||||||
cat "${tools_dir}/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml"
|
cat "${tools_dir}/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml"
|
||||||
cat "${tools_dir}/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml" | grep "${DOCKER_REGISTRY}/${DOCKER_REPO}:${DOCKER_TAG}" || die "Failed to setup the tests image"
|
cat "${tools_dir}/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml" | grep "${DOCKER_REGISTRY}/${DOCKER_REPO}:${DOCKER_TAG}" || die "Failed to setup the tests image"
|
||||||
|
|
||||||
|
|||||||
@ -8,13 +8,23 @@ set -o nounset
|
|||||||
set -o pipefail
|
set -o pipefail
|
||||||
|
|
||||||
kubernetes_dir=$(dirname "$(readlink -f "$0")")
|
kubernetes_dir=$(dirname "$(readlink -f "$0")")
|
||||||
|
repo_root_dir="$(cd "${kubernetes_dir}/../../../" && pwd)"
|
||||||
|
|
||||||
set_runtime_class() {
|
set_runtime_class() {
|
||||||
sed -i -e "s|runtimeClassName: kata|runtimeClassName: kata-${KATA_HYPERVISOR}|" ${kubernetes_dir}/runtimeclass_workloads/*.yaml
|
sed -i -e "s|runtimeClassName: kata|runtimeClassName: kata-${KATA_HYPERVISOR}|" ${kubernetes_dir}/runtimeclass_workloads/*.yaml
|
||||||
}
|
}
|
||||||
|
|
||||||
|
set_initrd_path() {
|
||||||
|
if [[ "${KATA_HOST_OS}" = "cbl-mariner" ]]; then
|
||||||
|
initrd_path="/opt/kata/share/kata-containers/kata-containers-initrd-cbl-mariner.img"
|
||||||
|
find ${kubernetes_dir}/runtimeclass_workloads/*.yaml -exec yq write -i {} 'metadata.annotations[io.katacontainers.config.hypervisor.initrd]' "${initrd_path}" \;
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
main() {
|
main() {
|
||||||
|
INSTALL_IN_GOPATH=false bash "${repo_root_dir}/ci/install_yq.sh"
|
||||||
set_runtime_class
|
set_runtime_class
|
||||||
|
set_initrd_path
|
||||||
}
|
}
|
||||||
|
|
||||||
main "$@"
|
main "$@"
|
||||||
|
|||||||
@ -22,45 +22,44 @@ readonly osbuilder_dir="$(cd "${repo_root_dir}/tools/osbuilder" && pwd)"
|
|||||||
export GOPATH=${GOPATH:-${HOME}/go}
|
export GOPATH=${GOPATH:-${HOME}/go}
|
||||||
|
|
||||||
arch_target="$(uname -m)"
|
arch_target="$(uname -m)"
|
||||||
final_image_name="kata-containers"
|
final_artifact_name="kata-containers"
|
||||||
final_initrd_name="kata-containers-initrd"
|
|
||||||
image_initrd_extension=".img"
|
image_initrd_extension=".img"
|
||||||
|
|
||||||
build_initrd() {
|
build_initrd() {
|
||||||
info "Build initrd"
|
info "Build initrd"
|
||||||
info "initrd os: $initrd_distro"
|
info "initrd os: $os_name"
|
||||||
info "initrd os version: $initrd_os_version"
|
info "initrd os version: $os_version"
|
||||||
sudo -E PATH="$PATH" make initrd \
|
sudo -E PATH="$PATH" make initrd \
|
||||||
DISTRO="$initrd_distro" \
|
DISTRO="$os_name" \
|
||||||
DEBUG="${DEBUG:-}" \
|
DEBUG="${DEBUG:-}" \
|
||||||
OS_VERSION="${initrd_os_version}" \
|
OS_VERSION="${os_version}" \
|
||||||
ROOTFS_BUILD_DEST="${builddir}/initrd-image" \
|
ROOTFS_BUILD_DEST="${builddir}/initrd-image" \
|
||||||
USE_DOCKER=1 \
|
USE_DOCKER=1 \
|
||||||
AGENT_INIT="yes"
|
AGENT_INIT="yes"
|
||||||
mv "kata-containers-initrd.img" "${install_dir}/${initrd_name}"
|
mv "kata-containers-initrd.img" "${install_dir}/${artifact_name}"
|
||||||
(
|
(
|
||||||
cd "${install_dir}"
|
cd "${install_dir}"
|
||||||
ln -sf "${initrd_name}" "${final_initrd_name}${image_initrd_extension}"
|
ln -sf "${artifact_name}" "${final_artifact_name}${image_initrd_extension}"
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
build_image() {
|
build_image() {
|
||||||
info "Build image"
|
info "Build image"
|
||||||
info "image os: $img_distro"
|
info "image os: $os_name"
|
||||||
info "image os version: $img_os_version"
|
info "image os version: $os_version"
|
||||||
sudo -E PATH="${PATH}" make image \
|
sudo -E PATH="${PATH}" make image \
|
||||||
DISTRO="${img_distro}" \
|
DISTRO="${os_name}" \
|
||||||
DEBUG="${DEBUG:-}" \
|
DEBUG="${DEBUG:-}" \
|
||||||
USE_DOCKER="1" \
|
USE_DOCKER="1" \
|
||||||
IMG_OS_VERSION="${img_os_version}" \
|
IMG_OS_VERSION="${os_version}" \
|
||||||
ROOTFS_BUILD_DEST="${builddir}/rootfs-image"
|
ROOTFS_BUILD_DEST="${builddir}/rootfs-image"
|
||||||
mv -f "kata-containers.img" "${install_dir}/${image_name}"
|
mv -f "kata-containers.img" "${install_dir}/${artifact_name}"
|
||||||
if [ -e "root_hash.txt" ]; then
|
if [ -e "root_hash.txt" ]; then
|
||||||
cp root_hash.txt "${install_dir}/"
|
cp root_hash.txt "${install_dir}/"
|
||||||
fi
|
fi
|
||||||
(
|
(
|
||||||
cd "${install_dir}"
|
cd "${install_dir}"
|
||||||
ln -sf "${image_name}" "${final_image_name}${image_initrd_extension}"
|
ln -sf "${artifact_name}" "${final_artifact_name}${image_initrd_extension}"
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -74,6 +73,8 @@ Usage:
|
|||||||
${script_name} [options]
|
${script_name} [options]
|
||||||
|
|
||||||
Options:
|
Options:
|
||||||
|
--osname=${os_name}
|
||||||
|
--osversion=${os_version}
|
||||||
--imagetype=${image_type}
|
--imagetype=${image_type}
|
||||||
--prefix=${prefix}
|
--prefix=${prefix}
|
||||||
--destdir=${destdir}
|
--destdir=${destdir}
|
||||||
@ -94,33 +95,20 @@ main() {
|
|||||||
case "$opt" in
|
case "$opt" in
|
||||||
-)
|
-)
|
||||||
case "${OPTARG}" in
|
case "${OPTARG}" in
|
||||||
|
osname=*)
|
||||||
|
os_name=${OPTARG#*=}
|
||||||
|
;;
|
||||||
|
osversion=*)
|
||||||
|
os_version=${OPTARG#*=}
|
||||||
|
;;
|
||||||
imagetype=image)
|
imagetype=image)
|
||||||
image_type=image
|
image_type=image
|
||||||
#image information
|
|
||||||
img_distro=$(get_from_kata_deps "assets.image.architecture.${arch_target}.name")
|
|
||||||
img_os_version=$(get_from_kata_deps "assets.image.architecture.${arch_target}.version")
|
|
||||||
image_name="kata-${img_distro}-${img_os_version}.${image_type}"
|
|
||||||
;;
|
;;
|
||||||
imagetype=initrd)
|
imagetype=initrd)
|
||||||
image_type=initrd
|
image_type=initrd
|
||||||
#initrd information
|
|
||||||
initrd_distro=$(get_from_kata_deps "assets.initrd.architecture.${arch_target}.name")
|
|
||||||
initrd_os_version=$(get_from_kata_deps "assets.initrd.architecture.${arch_target}.version")
|
|
||||||
initrd_name="kata-${initrd_distro}-${initrd_os_version}.${image_type}"
|
|
||||||
;;
|
;;
|
||||||
image_initrd_suffix=*)
|
image_initrd_suffix=*)
|
||||||
image_initrd_suffix=${OPTARG#*=}
|
image_initrd_suffix=${OPTARG#*=}
|
||||||
if [ "${image_initrd_suffix}" == "sev" ]; then
|
|
||||||
initrd_distro=$(get_from_kata_deps "assets.initrd.architecture.${arch_target}.sev.name")
|
|
||||||
initrd_os_version=$(get_from_kata_deps "assets.initrd.architecture.${arch_target}.sev.version")
|
|
||||||
initrd_name="kata-${initrd_distro}-${initrd_os_version}-${image_initrd_suffix}.${image_type}"
|
|
||||||
final_initrd_name="${final_initrd_name}-${image_initrd_suffix}"
|
|
||||||
elif [ "${image_initrd_suffix}" == "tdx" ]; then
|
|
||||||
img_distro=$(get_from_kata_deps "assets.image.architecture.${arch_target}.name")
|
|
||||||
img_os_version=$(get_from_kata_deps "assets.image.architecture.${arch_target}.version")
|
|
||||||
image_name="kata-${img_distro}-${img_os_version}-${image_initrd_suffix}.${image_type}"
|
|
||||||
final_image_name="${final_image_name}-${image_initrd_suffix}"
|
|
||||||
fi
|
|
||||||
;;
|
;;
|
||||||
prefix=*)
|
prefix=*)
|
||||||
prefix=${OPTARG#*=}
|
prefix=${OPTARG#*=}
|
||||||
@ -149,7 +137,16 @@ main() {
|
|||||||
|
|
||||||
echo "build ${image_type}"
|
echo "build ${image_type}"
|
||||||
|
|
||||||
|
if [ "${image_type}" = "initrd" ]; then
|
||||||
|
final_artifact_name+="-initrd"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -n "${image_initrd_suffix}" ]; then
|
||||||
|
artifact_name="kata-${os_name}-${os_version}-${image_initrd_suffix}.${image_type}"
|
||||||
|
final_artifact_name+="-${image_initrd_suffix}"
|
||||||
|
else
|
||||||
|
artifact_name="kata-${os_name}-${os_version}.${image_type}"
|
||||||
|
fi
|
||||||
|
|
||||||
install_dir="${destdir}/${prefix}/share/kata-containers/"
|
install_dir="${destdir}/${prefix}/share/kata-containers/"
|
||||||
readonly install_dir
|
readonly install_dir
|
||||||
|
|||||||
@ -97,6 +97,7 @@ options:
|
|||||||
rootfs-image
|
rootfs-image
|
||||||
rootfs-image-tdx
|
rootfs-image-tdx
|
||||||
rootfs-initrd
|
rootfs-initrd
|
||||||
|
rootfs-initrd-mariner
|
||||||
rootfs-initrd-sev
|
rootfs-initrd-sev
|
||||||
shim-v2
|
shim-v2
|
||||||
tdvf
|
tdvf
|
||||||
@ -136,8 +137,13 @@ install_cached_tarball_component() {
|
|||||||
|
|
||||||
#Install guest image
|
#Install guest image
|
||||||
install_image() {
|
install_image() {
|
||||||
local image_type="${1:-"image"}"
|
local variant="${1:-}"
|
||||||
local initrd_suffix="${2:-""}"
|
|
||||||
|
image_type="image"
|
||||||
|
if [ -n "${variant}" ]; then
|
||||||
|
image_type+="-${variant}"
|
||||||
|
fi
|
||||||
|
|
||||||
local jenkins="${jenkins_url}/job/kata-containers-main-rootfs-${image_type}-$(uname -m)/${cached_artifacts_path}"
|
local jenkins="${jenkins_url}/job/kata-containers-main-rootfs-${image_type}-$(uname -m)/${cached_artifacts_path}"
|
||||||
local component="rootfs-${image_type}"
|
local component="rootfs-${image_type}"
|
||||||
|
|
||||||
@ -152,25 +158,39 @@ install_image() {
|
|||||||
install_cached_tarball_component \
|
install_cached_tarball_component \
|
||||||
"${component}" \
|
"${component}" \
|
||||||
"${jenkins}" \
|
"${jenkins}" \
|
||||||
"${osbuilder_last_commit}-${guest_image_last_commit}-${agent_last_commit}-${libs_last_commit}-${gperf_version}-${libseccomp_version}-${rust_version}-image" \
|
"${osbuilder_last_commit}-${guest_image_last_commit}-${agent_last_commit}-${libs_last_commit}-${gperf_version}-${libseccomp_version}-${rust_version}-${image_type}" \
|
||||||
"" \
|
"" \
|
||||||
"${final_tarball_name}" \
|
"${final_tarball_name}" \
|
||||||
"${final_tarball_path}" \
|
"${final_tarball_path}" \
|
||||||
&& return 0
|
&& return 0
|
||||||
|
|
||||||
info "Create image"
|
info "Create image"
|
||||||
"${rootfs_builder}" --imagetype=image --prefix="${prefix}" --destdir="${destdir}" --image_initrd_suffix="${initrd_suffix}"
|
|
||||||
|
if [ -n "${variant}" ]; then
|
||||||
|
os_name="$(get_from_kata_deps "assets.image.architecture.${ARCH}.${variant}.name")"
|
||||||
|
os_version="$(get_from_kata_deps "assets.image.architecture.${ARCH}.${variant}.version")"
|
||||||
|
else
|
||||||
|
os_name="$(get_from_kata_deps "assets.image.architecture.${ARCH}.name")"
|
||||||
|
os_version="$(get_from_kata_deps "assets.image.architecture.${ARCH}.version")"
|
||||||
|
fi
|
||||||
|
|
||||||
|
"${rootfs_builder}" --osname="${os_name}" --osversion="${os_version}" --imagetype=image --prefix="${prefix}" --destdir="${destdir}" --image_initrd_suffix="${variant}"
|
||||||
}
|
}
|
||||||
|
|
||||||
#Install guest image for tdx
|
#Install guest image for tdx
|
||||||
install_image_tdx() {
|
install_image_tdx() {
|
||||||
install_image "image-tdx" "tdx"
|
install_image "tdx"
|
||||||
}
|
}
|
||||||
|
|
||||||
#Install guest initrd
|
#Install guest initrd
|
||||||
install_initrd() {
|
install_initrd() {
|
||||||
local initrd_type="${1:-"initrd"}"
|
local variant="${1:-}"
|
||||||
local initrd_suffix="${2:-""}"
|
|
||||||
|
initrd_type="initrd"
|
||||||
|
if [ -n "${variant}" ]; then
|
||||||
|
initrd_type+="-${variant}"
|
||||||
|
fi
|
||||||
|
|
||||||
local jenkins="${jenkins_url}/job/kata-containers-main-rootfs-${initrd_type}-$(uname -m)/${cached_artifacts_path}"
|
local jenkins="${jenkins_url}/job/kata-containers-main-rootfs-${initrd_type}-$(uname -m)/${cached_artifacts_path}"
|
||||||
local component="rootfs-${initrd_type}"
|
local component="rootfs-${initrd_type}"
|
||||||
|
|
||||||
@ -192,12 +212,26 @@ install_initrd() {
|
|||||||
&& return 0
|
&& return 0
|
||||||
|
|
||||||
info "Create initrd"
|
info "Create initrd"
|
||||||
"${rootfs_builder}" --imagetype=initrd --prefix="${prefix}" --destdir="${destdir}" --image_initrd_suffix="${initrd_suffix}"
|
|
||||||
|
if [ -n "${variant}" ]; then
|
||||||
|
os_name="$(get_from_kata_deps "assets.initrd.architecture.${ARCH}.${variant}.name")"
|
||||||
|
os_version="$(get_from_kata_deps "assets.initrd.architecture.${ARCH}.${variant}.version")"
|
||||||
|
else
|
||||||
|
os_name="$(get_from_kata_deps "assets.initrd.architecture.${ARCH}.name")"
|
||||||
|
os_version="$(get_from_kata_deps "assets.initrd.architecture.${ARCH}.version")"
|
||||||
|
fi
|
||||||
|
|
||||||
|
"${rootfs_builder}" --osname="${os_name}" --osversion="${os_version}" --imagetype=initrd --prefix="${prefix}" --destdir="${destdir}" --image_initrd_suffix="${variant}"
|
||||||
|
}
|
||||||
|
|
||||||
|
#Install Mariner guest initrd
|
||||||
|
install_initrd_mariner() {
|
||||||
|
install_initrd "cbl-mariner"
|
||||||
}
|
}
|
||||||
|
|
||||||
#Install guest initrd for sev
|
#Install guest initrd for sev
|
||||||
install_initrd_sev() {
|
install_initrd_sev() {
|
||||||
install_initrd "initrd-sev" "sev"
|
install_initrd "sev"
|
||||||
}
|
}
|
||||||
|
|
||||||
#Install kernel component helper
|
#Install kernel component helper
|
||||||
@ -561,6 +595,7 @@ handle_build() {
|
|||||||
install_firecracker
|
install_firecracker
|
||||||
install_image
|
install_image
|
||||||
install_initrd
|
install_initrd
|
||||||
|
install_initrd_mariner
|
||||||
install_initrd_sev
|
install_initrd_sev
|
||||||
install_kernel
|
install_kernel
|
||||||
install_kernel_dragonball_experimental
|
install_kernel_dragonball_experimental
|
||||||
@ -616,7 +651,7 @@ handle_build() {
|
|||||||
|
|
||||||
rootfs-initrd) install_initrd ;;
|
rootfs-initrd) install_initrd ;;
|
||||||
|
|
||||||
rootfs-initrd-mariner) ;;
|
rootfs-initrd-mariner) install_initrd_mariner ;;
|
||||||
|
|
||||||
rootfs-initrd-sev) install_initrd_sev ;;
|
rootfs-initrd-sev) install_initrd_sev ;;
|
||||||
|
|
||||||
@ -662,6 +697,7 @@ main() {
|
|||||||
qemu
|
qemu
|
||||||
rootfs-image
|
rootfs-image
|
||||||
rootfs-initrd
|
rootfs-initrd
|
||||||
|
rootfs-initrd-mariner
|
||||||
shim-v2
|
shim-v2
|
||||||
virtiofsd
|
virtiofsd
|
||||||
)
|
)
|
||||||
|
|||||||
@ -64,6 +64,11 @@ function install_artifacts() {
|
|||||||
chmod +x /opt/kata/bin/*
|
chmod +x /opt/kata/bin/*
|
||||||
[ -d /opt/kata/runtime-rs/bin ] && \
|
[ -d /opt/kata/runtime-rs/bin ] && \
|
||||||
chmod +x /opt/kata/runtime-rs/bin/*
|
chmod +x /opt/kata/runtime-rs/bin/*
|
||||||
|
|
||||||
|
# Allow Mariner to specify a Mariner guest initrd.
|
||||||
|
if [ "${HOST_OS:-}" == "cbl-mariner" ]; then
|
||||||
|
sed -i -E 's|(enable_annotations) = .+|\1 = ["enable_iommu", "initrd"]|' /opt/kata/share/defaults/kata-containers/configuration-clh.toml
|
||||||
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
function wait_till_node_is_ready() {
|
function wait_till_node_is_ready() {
|
||||||
|
|||||||
@ -122,17 +122,20 @@ assets:
|
|||||||
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
|
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
|
||||||
architecture:
|
architecture:
|
||||||
aarch64:
|
aarch64:
|
||||||
name: "ubuntu"
|
|
||||||
version: "latest"
|
|
||||||
ppc64le:
|
|
||||||
name: "ubuntu"
|
|
||||||
version: "latest"
|
|
||||||
s390x:
|
|
||||||
name: "ubuntu"
|
|
||||||
version: "latest"
|
|
||||||
x86_64:
|
|
||||||
name: &default-image-name "ubuntu"
|
name: &default-image-name "ubuntu"
|
||||||
version: "latest"
|
version: &default-image-version "latest"
|
||||||
|
ppc64le:
|
||||||
|
name: *default-image-name
|
||||||
|
version: *default-image-version
|
||||||
|
s390x:
|
||||||
|
name: *default-image-name
|
||||||
|
version: *default-image-version
|
||||||
|
x86_64:
|
||||||
|
name: *default-image-name
|
||||||
|
version: *default-image-version
|
||||||
|
tdx:
|
||||||
|
name: *default-image-name
|
||||||
|
version: *default-image-version
|
||||||
meta:
|
meta:
|
||||||
image-type: *default-image-name
|
image-type: *default-image-name
|
||||||
|
|
||||||
@ -156,6 +159,9 @@ assets:
|
|||||||
x86_64:
|
x86_64:
|
||||||
name: *default-initrd-name
|
name: *default-initrd-name
|
||||||
version: *default-initrd-version
|
version: *default-initrd-version
|
||||||
|
cbl-mariner:
|
||||||
|
name: "cbl-mariner"
|
||||||
|
version: "2.0"
|
||||||
sev:
|
sev:
|
||||||
name: *glibc-initrd-name
|
name: *glibc-initrd-name
|
||||||
version: *glibc-initrd-version
|
version: *glibc-initrd-version
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user