mirror of
https://github.com/kata-containers/kata-containers.git
synced 2025-04-29 12:14:48 +00:00
tests: Build Mariner rootfs initrd
* Adds a new `rootfs-initrd-mariner` build target. * Sets the custom initrd path via annotation in `setup.sh` at test time. * Adapts versions.yaml to specify a `cbl-mariner` initrd variant. * Introduces env variable `HOST_OS` at deploy time to enable using a custom initrd. * Refactors the image builder so that its caller specifies the desired guest OS. Signed-off-by: Aurélien Bombo <abombo@microsoft.com>
This commit is contained in:
Aurélien Bombo
parent
b535c7cbd8
commit
532755ce31
@ -9,7 +9,8 @@ set -o nounset
|
||||
set -o pipefail
|
||||
|
||||
integration_dir="$(dirname "$(readlink -f "$0")")"
|
||||
tools_dir="${integration_dir}/../../tools"
|
||||
repo_root_dir="$(cd "${integration_dir}/../../" && pwd)"
|
||||
tools_dir="${repo_root_dir}/tools"
|
||||
|
||||
function _print_cluster_name() {
|
||||
short_sha="$(git rev-parse --short=12 HEAD)"
|
||||
@ -56,9 +57,13 @@ function get_cluster_credentials() {
|
||||
}
|
||||
|
||||
function run_tests() {
|
||||
INSTALL_IN_GOPATH=false bash "${repo_root_dir}/ci/install_yq.sh"
|
||||
|
||||
platform="${1}"
|
||||
|
||||
sed -i -e "s|quay.io/kata-containers/kata-deploy:latest|${DOCKER_REGISTRY}/${DOCKER_REPO}:${DOCKER_TAG}|g" "${tools_dir}/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml"
|
||||
yq write -i "${tools_dir}/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml" 'spec.template.spec.containers[0].env[+].name' "HOST_OS"
|
||||
yq write -i "${tools_dir}/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml" 'spec.template.spec.containers[0].env[-1].value' "${KATA_HOST_OS}"
|
||||
cat "${tools_dir}/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml"
|
||||
cat "${tools_dir}/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml" | grep "${DOCKER_REGISTRY}/${DOCKER_REPO}:${DOCKER_TAG}" || die "Failed to setup the tests image"
|
||||
|
||||
|
||||
@ -8,13 +8,23 @@ set -o nounset
|
||||
set -o pipefail
|
||||
|
||||
kubernetes_dir=$(dirname "$(readlink -f "$0")")
|
||||
repo_root_dir="$(cd "${kubernetes_dir}/../../../" && pwd)"
|
||||
|
||||
set_runtime_class() {
|
||||
sed -i -e "s|runtimeClassName: kata|runtimeClassName: kata-${KATA_HYPERVISOR}|" ${kubernetes_dir}/runtimeclass_workloads/*.yaml
|
||||
}
|
||||
|
||||
set_initrd_path() {
|
||||
if [[ "${KATA_HOST_OS}" = "cbl-mariner" ]]; then
|
||||
initrd_path="/opt/kata/share/kata-containers/kata-containers-initrd-cbl-mariner.img"
|
||||
find ${kubernetes_dir}/runtimeclass_workloads/*.yaml -exec yq write -i {} 'metadata.annotations[io.katacontainers.config.hypervisor.initrd]' "${initrd_path}" \;
|
||||
fi
|
||||
}
|
||||
|
||||
main() {
|
||||
INSTALL_IN_GOPATH=false bash "${repo_root_dir}/ci/install_yq.sh"
|
||||
set_runtime_class
|
||||
set_initrd_path
|
||||
}
|
||||
|
||||
main "$@"
|
||||
|
||||
@ -22,45 +22,44 @@ readonly osbuilder_dir="$(cd "${repo_root_dir}/tools/osbuilder" && pwd)"
|
||||
export GOPATH=${GOPATH:-${HOME}/go}
|
||||
|
||||
arch_target="$(uname -m)"
|
||||
final_image_name="kata-containers"
|
||||
final_initrd_name="kata-containers-initrd"
|
||||
final_artifact_name="kata-containers"
|
||||
image_initrd_extension=".img"
|
||||
|
||||
build_initrd() {
|
||||
info "Build initrd"
|
||||
info "initrd os: $initrd_distro"
|
||||
info "initrd os version: $initrd_os_version"
|
||||
info "initrd os: $os_name"
|
||||
info "initrd os version: $os_version"
|
||||
sudo -E PATH="$PATH" make initrd \
|
||||
DISTRO="$initrd_distro" \
|
||||
DISTRO="$os_name" \
|
||||
DEBUG="${DEBUG:-}" \
|
||||
OS_VERSION="${initrd_os_version}" \
|
||||
OS_VERSION="${os_version}" \
|
||||
ROOTFS_BUILD_DEST="${builddir}/initrd-image" \
|
||||
USE_DOCKER=1 \
|
||||
AGENT_INIT="yes"
|
||||
mv "kata-containers-initrd.img" "${install_dir}/${initrd_name}"
|
||||
mv "kata-containers-initrd.img" "${install_dir}/${artifact_name}"
|
||||
(
|
||||
cd "${install_dir}"
|
||||
ln -sf "${initrd_name}" "${final_initrd_name}${image_initrd_extension}"
|
||||
ln -sf "${artifact_name}" "${final_artifact_name}${image_initrd_extension}"
|
||||
)
|
||||
}
|
||||
|
||||
build_image() {
|
||||
info "Build image"
|
||||
info "image os: $img_distro"
|
||||
info "image os version: $img_os_version"
|
||||
info "image os: $os_name"
|
||||
info "image os version: $os_version"
|
||||
sudo -E PATH="${PATH}" make image \
|
||||
DISTRO="${img_distro}" \
|
||||
DISTRO="${os_name}" \
|
||||
DEBUG="${DEBUG:-}" \
|
||||
USE_DOCKER="1" \
|
||||
IMG_OS_VERSION="${img_os_version}" \
|
||||
IMG_OS_VERSION="${os_version}" \
|
||||
ROOTFS_BUILD_DEST="${builddir}/rootfs-image"
|
||||
mv -f "kata-containers.img" "${install_dir}/${image_name}"
|
||||
mv -f "kata-containers.img" "${install_dir}/${artifact_name}"
|
||||
if [ -e "root_hash.txt" ]; then
|
||||
cp root_hash.txt "${install_dir}/"
|
||||
fi
|
||||
(
|
||||
cd "${install_dir}"
|
||||
ln -sf "${image_name}" "${final_image_name}${image_initrd_extension}"
|
||||
ln -sf "${artifact_name}" "${final_artifact_name}${image_initrd_extension}"
|
||||
)
|
||||
}
|
||||
|
||||
@ -74,6 +73,8 @@ Usage:
|
||||
${script_name} [options]
|
||||
|
||||
Options:
|
||||
--osname=${os_name}
|
||||
--osversion=${os_version}
|
||||
--imagetype=${image_type}
|
||||
--prefix=${prefix}
|
||||
--destdir=${destdir}
|
||||
@ -94,33 +95,20 @@ main() {
|
||||
case "$opt" in
|
||||
-)
|
||||
case "${OPTARG}" in
|
||||
osname=*)
|
||||
os_name=${OPTARG#*=}
|
||||
;;
|
||||
osversion=*)
|
||||
os_version=${OPTARG#*=}
|
||||
;;
|
||||
imagetype=image)
|
||||
image_type=image
|
||||
#image information
|
||||
img_distro=$(get_from_kata_deps "assets.image.architecture.${arch_target}.name")
|
||||
img_os_version=$(get_from_kata_deps "assets.image.architecture.${arch_target}.version")
|
||||
image_name="kata-${img_distro}-${img_os_version}.${image_type}"
|
||||
;;
|
||||
imagetype=initrd)
|
||||
image_type=initrd
|
||||
#initrd information
|
||||
initrd_distro=$(get_from_kata_deps "assets.initrd.architecture.${arch_target}.name")
|
||||
initrd_os_version=$(get_from_kata_deps "assets.initrd.architecture.${arch_target}.version")
|
||||
initrd_name="kata-${initrd_distro}-${initrd_os_version}.${image_type}"
|
||||
;;
|
||||
image_initrd_suffix=*)
|
||||
image_initrd_suffix=${OPTARG#*=}
|
||||
if [ "${image_initrd_suffix}" == "sev" ]; then
|
||||
initrd_distro=$(get_from_kata_deps "assets.initrd.architecture.${arch_target}.sev.name")
|
||||
initrd_os_version=$(get_from_kata_deps "assets.initrd.architecture.${arch_target}.sev.version")
|
||||
initrd_name="kata-${initrd_distro}-${initrd_os_version}-${image_initrd_suffix}.${image_type}"
|
||||
final_initrd_name="${final_initrd_name}-${image_initrd_suffix}"
|
||||
elif [ "${image_initrd_suffix}" == "tdx" ]; then
|
||||
img_distro=$(get_from_kata_deps "assets.image.architecture.${arch_target}.name")
|
||||
img_os_version=$(get_from_kata_deps "assets.image.architecture.${arch_target}.version")
|
||||
image_name="kata-${img_distro}-${img_os_version}-${image_initrd_suffix}.${image_type}"
|
||||
final_image_name="${final_image_name}-${image_initrd_suffix}"
|
||||
fi
|
||||
;;
|
||||
prefix=*)
|
||||
prefix=${OPTARG#*=}
|
||||
@ -149,7 +137,16 @@ main() {
|
||||
|
||||
echo "build ${image_type}"
|
||||
|
||||
if [ "${image_type}" = "initrd" ]; then
|
||||
final_artifact_name+="-initrd"
|
||||
fi
|
||||
|
||||
if [ -n "${image_initrd_suffix}" ]; then
|
||||
artifact_name="kata-${os_name}-${os_version}-${image_initrd_suffix}.${image_type}"
|
||||
final_artifact_name+="-${image_initrd_suffix}"
|
||||
else
|
||||
artifact_name="kata-${os_name}-${os_version}.${image_type}"
|
||||
fi
|
||||
|
||||
install_dir="${destdir}/${prefix}/share/kata-containers/"
|
||||
readonly install_dir
|
||||
|
||||
@ -97,6 +97,7 @@ options:
|
||||
rootfs-image
|
||||
rootfs-image-tdx
|
||||
rootfs-initrd
|
||||
rootfs-initrd-mariner
|
||||
rootfs-initrd-sev
|
||||
shim-v2
|
||||
tdvf
|
||||
@ -136,8 +137,13 @@ install_cached_tarball_component() {
|
||||
|
||||
#Install guest image
|
||||
install_image() {
|
||||
local image_type="${1:-"image"}"
|
||||
local initrd_suffix="${2:-""}"
|
||||
local variant="${1:-}"
|
||||
|
||||
image_type="image"
|
||||
if [ -n "${variant}" ]; then
|
||||
image_type+="-${variant}"
|
||||
fi
|
||||
|
||||
local jenkins="${jenkins_url}/job/kata-containers-main-rootfs-${image_type}-$(uname -m)/${cached_artifacts_path}"
|
||||
local component="rootfs-${image_type}"
|
||||
|
||||
@ -152,25 +158,39 @@ install_image() {
|
||||
install_cached_tarball_component \
|
||||
"${component}" \
|
||||
"${jenkins}" \
|
||||
"${osbuilder_last_commit}-${guest_image_last_commit}-${agent_last_commit}-${libs_last_commit}-${gperf_version}-${libseccomp_version}-${rust_version}-image" \
|
||||
"${osbuilder_last_commit}-${guest_image_last_commit}-${agent_last_commit}-${libs_last_commit}-${gperf_version}-${libseccomp_version}-${rust_version}-${image_type}" \
|
||||
"" \
|
||||
"${final_tarball_name}" \
|
||||
"${final_tarball_path}" \
|
||||
&& return 0
|
||||
|
||||
info "Create image"
|
||||
"${rootfs_builder}" --imagetype=image --prefix="${prefix}" --destdir="${destdir}" --image_initrd_suffix="${initrd_suffix}"
|
||||
|
||||
if [ -n "${variant}" ]; then
|
||||
os_name="$(get_from_kata_deps "assets.image.architecture.${ARCH}.${variant}.name")"
|
||||
os_version="$(get_from_kata_deps "assets.image.architecture.${ARCH}.${variant}.version")"
|
||||
else
|
||||
os_name="$(get_from_kata_deps "assets.image.architecture.${ARCH}.name")"
|
||||
os_version="$(get_from_kata_deps "assets.image.architecture.${ARCH}.version")"
|
||||
fi
|
||||
|
||||
"${rootfs_builder}" --osname="${os_name}" --osversion="${os_version}" --imagetype=image --prefix="${prefix}" --destdir="${destdir}" --image_initrd_suffix="${variant}"
|
||||
}
|
||||
|
||||
#Install guest image for tdx
|
||||
install_image_tdx() {
|
||||
install_image "image-tdx" "tdx"
|
||||
install_image "tdx"
|
||||
}
|
||||
|
||||
#Install guest initrd
|
||||
install_initrd() {
|
||||
local initrd_type="${1:-"initrd"}"
|
||||
local initrd_suffix="${2:-""}"
|
||||
local variant="${1:-}"
|
||||
|
||||
initrd_type="initrd"
|
||||
if [ -n "${variant}" ]; then
|
||||
initrd_type+="-${variant}"
|
||||
fi
|
||||
|
||||
local jenkins="${jenkins_url}/job/kata-containers-main-rootfs-${initrd_type}-$(uname -m)/${cached_artifacts_path}"
|
||||
local component="rootfs-${initrd_type}"
|
||||
|
||||
@ -192,12 +212,26 @@ install_initrd() {
|
||||
&& return 0
|
||||
|
||||
info "Create initrd"
|
||||
"${rootfs_builder}" --imagetype=initrd --prefix="${prefix}" --destdir="${destdir}" --image_initrd_suffix="${initrd_suffix}"
|
||||
|
||||
if [ -n "${variant}" ]; then
|
||||
os_name="$(get_from_kata_deps "assets.initrd.architecture.${ARCH}.${variant}.name")"
|
||||
os_version="$(get_from_kata_deps "assets.initrd.architecture.${ARCH}.${variant}.version")"
|
||||
else
|
||||
os_name="$(get_from_kata_deps "assets.initrd.architecture.${ARCH}.name")"
|
||||
os_version="$(get_from_kata_deps "assets.initrd.architecture.${ARCH}.version")"
|
||||
fi
|
||||
|
||||
"${rootfs_builder}" --osname="${os_name}" --osversion="${os_version}" --imagetype=initrd --prefix="${prefix}" --destdir="${destdir}" --image_initrd_suffix="${variant}"
|
||||
}
|
||||
|
||||
#Install Mariner guest initrd
|
||||
install_initrd_mariner() {
|
||||
install_initrd "cbl-mariner"
|
||||
}
|
||||
|
||||
#Install guest initrd for sev
|
||||
install_initrd_sev() {
|
||||
install_initrd "initrd-sev" "sev"
|
||||
install_initrd "sev"
|
||||
}
|
||||
|
||||
#Install kernel component helper
|
||||
@ -561,6 +595,7 @@ handle_build() {
|
||||
install_firecracker
|
||||
install_image
|
||||
install_initrd
|
||||
install_initrd_mariner
|
||||
install_initrd_sev
|
||||
install_kernel
|
||||
install_kernel_dragonball_experimental
|
||||
@ -616,7 +651,7 @@ handle_build() {
|
||||
|
||||
rootfs-initrd) install_initrd ;;
|
||||
|
||||
rootfs-initrd-mariner) ;;
|
||||
rootfs-initrd-mariner) install_initrd_mariner ;;
|
||||
|
||||
rootfs-initrd-sev) install_initrd_sev ;;
|
||||
|
||||
@ -662,6 +697,7 @@ main() {
|
||||
qemu
|
||||
rootfs-image
|
||||
rootfs-initrd
|
||||
rootfs-initrd-mariner
|
||||
shim-v2
|
||||
virtiofsd
|
||||
)
|
||||
|
||||
@ -64,6 +64,11 @@ function install_artifacts() {
|
||||
chmod +x /opt/kata/bin/*
|
||||
[ -d /opt/kata/runtime-rs/bin ] && \
|
||||
chmod +x /opt/kata/runtime-rs/bin/*
|
||||
|
||||
# Allow Mariner to specify a Mariner guest initrd.
|
||||
if [ "${HOST_OS:-}" == "cbl-mariner" ]; then
|
||||
sed -i -E 's|(enable_annotations) = .+|\1 = ["enable_iommu", "initrd"]|' /opt/kata/share/defaults/kata-containers/configuration-clh.toml
|
||||
fi
|
||||
}
|
||||
|
||||
function wait_till_node_is_ready() {
|
||||
|
||||
@ -122,17 +122,20 @@ assets:
|
||||
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
|
||||
architecture:
|
||||
aarch64:
|
||||
name: "ubuntu"
|
||||
version: "latest"
|
||||
ppc64le:
|
||||
name: "ubuntu"
|
||||
version: "latest"
|
||||
s390x:
|
||||
name: "ubuntu"
|
||||
version: "latest"
|
||||
x86_64:
|
||||
name: &default-image-name "ubuntu"
|
||||
version: "latest"
|
||||
version: &default-image-version "latest"
|
||||
ppc64le:
|
||||
name: *default-image-name
|
||||
version: *default-image-version
|
||||
s390x:
|
||||
name: *default-image-name
|
||||
version: *default-image-version
|
||||
x86_64:
|
||||
name: *default-image-name
|
||||
version: *default-image-version
|
||||
tdx:
|
||||
name: *default-image-name
|
||||
version: *default-image-version
|
||||
meta:
|
||||
image-type: *default-image-name
|
||||
|
||||
@ -156,6 +159,9 @@ assets:
|
||||
x86_64:
|
||||
name: *default-initrd-name
|
||||
version: *default-initrd-version
|
||||
cbl-mariner:
|
||||
name: "cbl-mariner"
|
||||
version: "2.0"
|
||||
sev:
|
||||
name: *glibc-initrd-name
|
||||
version: *glibc-initrd-version
|
||||
|
||||
Loading…
Reference in New Issue
Block a user