github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-04-30 20:54:26 +00:00
Code Issues Projects Releases Wiki Activity

osbuilder: Port QAT Dockerfile to 2.0 repo

Browse Source 
Update the Intel QAT Dockerfile to work with the 2.0 repos, fix some
bugs with building Debian/Ubuntu rootfs, and update the latest QAT
driver. Updated copyright.

Fixes: #1419

Signed-off-by: Adams, Eric <eric.adams@intel.com>
This commit is contained in:
Adams, Eric 2021-03-01 17:34:04 -08:00
parent b412e159f9
commit 6417067d62
3 changed files with 41 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
tools/osbuilder/dockerfiles/QAT/Dockerfile
View File

@ -1,4 +1,4 @@
# Copyright (c) 2021 Intel Corporation # Copyright (c) 2020 Intel Corporation
# #
# SPDX-License-Identifier: Apache-2.0 # SPDX-License-Identifier: Apache-2.0
@ -44,10 +44,17 @@ RUN dnf install -y \
sudo \ sudo \
xz xz
# Add in non-privileged user
RUN useradd qatbuilder -p "" && \
echo "qatbuilder ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
# Pull in our local files # Pull in our local files
COPY ./run.sh /input/ COPY ./run.sh /input/
COPY ./qat.conf /input/ COPY ./qat.conf /input/
# Change to a less privileged user before running the commands
USER qatbuilder
# Output is placed in the /output directory. # Output is placed in the /output directory.
# We could make this a VOLUME to force it to be attached to the host, but let's # We could make this a VOLUME to force it to be attached to the host, but let's
# just leave it as a container dir that can then be over-ridden from a host commandline # just leave it as a container dir that can then be over-ridden from a host commandline

14
tools/osbuilder/dockerfiles/QAT/README.md
View File

@ -74,13 +74,13 @@ latest stable version of Kata Containers.
| Variable | Definition | Default value | | Variable | Definition | Default value |
| -------- | ---------- | ------------- | | -------- | ---------- | ------------- |
| AGENT_VERSION | Kata agent that is installed into the rootfs | | | `AGENT_VERSION` | Kata agent that is installed into the rootfs | |
| KATA_REPO_VERSION | Kata Branch or Tag to build from | `main` | | `KATA_REPO_VERSION` | Kata Branch or Tag to build from | `main` |
| OUTPUT_DIR | Directory inside container where results are stored | `/output` | | `OUTPUT_DIR` | Directory inside container where results are stored | `/output` |
| QAT_CONFIGURE_OPTIONS | `configure` options for QAT driver | `--enable-icp-sriov=guest` | | `QAT_CONFIGURE_OPTIONS` | `configure` options for QAT driver | `--enable-icp-sriov=guest` |
| QAT_DRIVER_URL | URL to curl QAT driver from | `https://01.org/sites/default/files/downloads/${QAT_DRIVER_VER}` | | `QAT_DRIVER_URL` | URL to curl QAT driver from | `https://01.org/sites/default/files/downloads/${QAT_DRIVER_VER}` |
| QAT_DRIVER_VER | QAT driver version to use | `qat1.7.l.4.9.0-00008.tar.gz` | | `QAT_DRIVER_VER` | QAT driver version to use | `qat1.7.l.4.9.0-00008.tar.gz` |
| ROOTFS_OS | Operating system to use for the rootfs | `debian` | | `ROOTFS_OS` | Operating system to use for the rootfs | `debian` |
Variables can be set on the `docker run` commandline, for example: Variables can be set on the `docker run` commandline, for example:

52
tools/osbuilder/dockerfiles/QAT/run.sh
View File

@ -14,11 +14,11 @@ export ROOTFS_DIR=~/src/rootfs
export GOPATH=~/src/go export GOPATH=~/src/go
export PATH=${PATH}:/usr/local/go/bin:${GOPATH}/bin export PATH=${PATH}:/usr/local/go/bin:${GOPATH}/bin
katarepo=github.com/kata-containers/kata-containers kata_repo=github.com/kata-containers/kata-containers
katarepopath=${GOPATH}/src/${katarepo} kata_repo_path=${GOPATH}/src/${kata_repo}
testsrepo=github.com/kata-containers/tests tests_repo=github.com/kata-containers/tests
testsrepopath=${GOPATH}/src/${testsrepo} tests_repo_path=${GOPATH}/src/${tests_repo}
grab_kata_repos() grab_kata_repos()
{ {
@ -26,24 +26,24 @@ grab_kata_repos()
# Only check out the branch needed, and make it shallow and thus space/bandwidth efficient # Only check out the branch needed, and make it shallow and thus space/bandwidth efficient
# Use a green prompt with white text for easy viewing # Use a green prompt with white text for easy viewing
bin/echo -e "\n\e[1;42mClone and checkout Kata repos\e[0m" bin/echo -e "\n\e[1;42mClone and checkout Kata repos\e[0m"
git clone --single-branch --branch $KATA_REPO_VERSION --depth=1 https://${katarepo} ${katarepopath} git clone --single-branch --branch $KATA_REPO_VERSION --depth=1 https://${kata_repo} ${kata_repo_path}
git clone --single-branch --branch $KATA_REPO_VERSION --depth=1 https://${testsrepo} ${testsrepopath} git clone --single-branch --branch $KATA_REPO_VERSION --depth=1 https://${tests_repo} ${tests_repo_path}
} }
configure_kernel() configure_kernel()
{ {
cp /input/qat.conf ${katarepopath}/tools/packaging/kernel/configs/fragments/common/qat.conf cp /input/qat.conf ${kata_repo_path}/tools/packaging/kernel/configs/fragments/common/qat.conf
# We need yq and go to grab kernel versions etc. # We need yq and go to grab kernel versions etc.
${testsrepopath}/.ci/install_yq.sh ${tests_repo_path}/.ci/install_yq.sh
${testsrepopath}/.ci/install_go.sh -p ${tests_repo_path}/.ci/install_go.sh -p
cd ${katarepopath} cd ${kata_repo_path}
/bin/echo -e "\n\e[1;42mDownload and configure Kata kernel with CRYPTO support\e[0m" /bin/echo -e "\n\e[1;42mDownload and configure Kata kernel with CRYPTO support\e[0m"
./tools/packaging/kernel/build-kernel.sh setup ./tools/packaging/kernel/build-kernel.sh setup
} }
build_kernel() build_kernel()
{ {
cd ${katarepopath} cd ${kata_repo_path}
LINUX_VER=$(ls -d kata-linux-*) LINUX_VER=$(ls -d kata-linux-*)
sed -i 's/EXTRAVERSION =/EXTRAVERSION = .qat.container/' $LINUX_VER/Makefile sed -i 's/EXTRAVERSION =/EXTRAVERSION = .qat.container/' $LINUX_VER/Makefile
/bin/echo -e "\n\e[1;42mBuild Kata kernel with CRYPTO support\e[0m" /bin/echo -e "\n\e[1;42mBuild Kata kernel with CRYPTO support\e[0m"
@ -61,7 +61,7 @@ build_rootfs()
cd /proc cd /proc
fi fi
/bin/echo -e "\n\e[1;42mDownload ${ROOTFS_OS} based rootfs\e[0m" /bin/echo -e "\n\e[1;42mDownload ${ROOTFS_OS} based rootfs\e[0m"
SECCOMP=no EXTRA_PKGS='kmod' ${katarepopath}/tools/osbuilder/rootfs-builder/rootfs.sh $ROOTFS_OS sudo -E SECCOMP=no EXTRA_PKGS='kmod' ${kata_repo_path}/tools/osbuilder/rootfs-builder/rootfs.sh $ROOTFS_OS
} }
grab_qat_drivers() grab_qat_drivers()
@ -75,8 +75,8 @@ grab_qat_drivers()
build_qat_drivers() build_qat_drivers()
{ {
/bin/echo -e "\n\e[1;42mCompile driver modules\e[0m" /bin/echo -e "\n\e[1;42mCompile driver modules\e[0m"
cd ${katarepopath} cd ${kata_repo_path}
linux_kernel_path=${katarepopath}/${LINUX_VER} linux_kernel_path=${kata_repo_path}/${LINUX_VER}
KERNEL_MAJOR_VERSION=$(awk '/^VERSION =/{print $NF}' ${linux_kernel_path}/Makefile) KERNEL_MAJOR_VERSION=$(awk '/^VERSION =/{print $NF}' ${linux_kernel_path}/Makefile)
KERNEL_PATHLEVEL=$(awk '/^PATCHLEVEL =/{print $NF}' ${linux_kernel_path}/Makefile) KERNEL_PATHLEVEL=$(awk '/^PATCHLEVEL =/{print $NF}' ${linux_kernel_path}/Makefile)
KERNEL_SUBLEVEL=$(awk '/^SUBLEVEL =/{print $NF}' ${linux_kernel_path}/Makefile) KERNEL_SUBLEVEL=$(awk '/^SUBLEVEL =/{print $NF}' ${linux_kernel_path}/Makefile)
@ -91,28 +91,28 @@ add_qat_to_rootfs()
{ {
/bin/echo -e "\n\e[1;42mCopy driver modules to rootfs\e[0m" /bin/echo -e "\n\e[1;42mCopy driver modules to rootfs\e[0m"
cd $QAT_SRC cd $QAT_SRC
make INSTALL_MOD_PATH=${ROOTFS_DIR} qat-driver-install -j$(nproc) sudo -E make INSTALL_MOD_PATH=${ROOTFS_DIR} qat-driver-install -j$(nproc)
cp $QAT_SRC/build/usdm_drv.ko ${ROOTFS_DIR}/lib/modules/${KERNEL_ROOTFS_DIR}/updates/drivers sudo cp $QAT_SRC/build/usdm_drv.ko ${ROOTFS_DIR}/lib/modules/${KERNEL_ROOTFS_DIR}/updates/drivers
depmod -a -b ${ROOTFS_DIR} ${KERNEL_ROOTFS_DIR} sudo depmod -a -b ${ROOTFS_DIR} ${KERNEL_ROOTFS_DIR}
cd ${katarepopath}/tools/osbuilder/image-builder cd ${kata_repo_path}/tools/osbuilder/image-builder
/bin/echo -e "\n\e[1;42mBuild rootfs image\e[0m" /bin/echo -e "\n\e[1;42mBuild rootfs image\e[0m"
./image_builder.sh ${ROOTFS_DIR} sudo -E ./image_builder.sh ${ROOTFS_DIR}
} }
copy_outputs() copy_outputs()
{ {
/bin/echo -e "\n\e[1;42mCopy kernel and rootfs to the output directory and provide sample configuration files\e[0m" /bin/echo -e "\n\e[1;42mCopy kernel and rootfs to the output directory and provide sample configuration files\e[0m"
mkdir -p ${OUTPUT_DIR} || true mkdir -p ${OUTPUT_DIR} || true
cp ${linux_kernel_path}/arch/x86/boot/bzImage $OUTPUT_DIR/vmlinuz-${LINUX_VER}_qat sudo cp ${linux_kernel_path}/arch/x86/boot/bzImage $OUTPUT_DIR/vmlinuz-${LINUX_VER}_qat
cp ${linux_kernel_path}/vmlinux $OUTPUT_DIR/vmlinux-${LINUX_VER}_qat sudo cp ${linux_kernel_path}/vmlinux $OUTPUT_DIR/vmlinux-${LINUX_VER}_qat
cp ${katarepopath}/tools/osbuilder/image-builder/kata-containers.img $OUTPUT_DIR sudo cp ${kata_repo_path}/tools/osbuilder/image-builder/kata-containers.img $OUTPUT_DIR
mkdir -p ${OUTPUT_DIR}/configs || true sudo mkdir -p ${OUTPUT_DIR}/configs || true
# Change extension from .conf.vm to just .conf and change the SSL section to # Change extension from .conf.vm to just .conf and change the SSL section to
# SHIM so it works with Kata containers # SHIM so it works with Kata containers
for f in $QAT_SRC/quickassist/utilities/adf_ctl/conf_files/*.conf.vm; do for f in $QAT_SRC/quickassist/utilities/adf_ctl/conf_files/*.conf.vm; do
output_conf_file=$(basename -- "$f" .conf.vm).conf output_conf_file=$(basename -- "$f" .conf.vm).conf
cp -- "$f" "${OUTPUT_DIR}/configs/${output_conf_file}" sudo cp -- "$f" "${OUTPUT_DIR}/configs/${output_conf_file}"
sed -i 's/\[SSL\]/\[SHIM\]/g' ${OUTPUT_DIR}/configs/${output_conf_file} sudo sed -i 's/\[SSL\]/\[SHIM\]/g' ${OUTPUT_DIR}/configs/${output_conf_file}
done done
} }
@ -131,7 +131,7 @@ EOF
main() main()
{ {
local check_in_container=${OUTPUT_DIR:-} local check_in_container=${OUTPUT_DIR:-}
if [ -z "${check_in_container}" ]; then if [ -z "${check_in_container}" ]; then
echo "Error: 'OUTPUT_DIR' not set" >&2 echo "Error: 'OUTPUT_DIR' not set" >&2
echo "$0 should be run using the Dockerfile supplied." >&2 echo "$0 should be run using the Dockerfile supplied." >&2
exit -1 exit -1