From 3f87835a0ef42319482a62079a97246d2c8c701c Mon Sep 17 00:00:00 2001 From: "James O. D. Hunt" Date: Tue, 15 Feb 2022 08:55:54 +0000 Subject: [PATCH 1/9] utils: Switch kata manager to use getopts Use `getopts(1)` for command line argument parsing in `kata-manager.sh`. Signed-off-by: James O. D. Hunt --- utils/kata-manager.sh | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/utils/kata-manager.sh b/utils/kata-manager.sh index 52416b920e..7330aece20 100755 --- a/utils/kata-manager.sh +++ b/utils/kata-manager.sh @@ -560,9 +560,16 @@ handle_installation() handle_args() { - case "${1:-}" in - -h|--help|help) usage; exit 0;; - esac + local opt + + while getopts "h" opt "$@" + do + case "$opt" in + h) usage; exit 0 ;; + esac + done + + shift $[$OPTIND-1] local kata_version="${1:-}" local containerd_version="${2:-}" From f4d1e45c33ee3349176d92c6753871f36c3b58e2 Mon Sep 17 00:00:00 2001 From: "James O. D. Hunt" Date: Tue, 15 Feb 2022 08:58:36 +0000 Subject: [PATCH 2/9] utils: Add kata-manager CLI options for kata and containerd Add options to `kata-manager.sh` to allow the version of Kata and containerd to be specified. Signed-off-by: James O. D. Hunt --- utils/kata-manager.sh | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/utils/kata-manager.sh b/utils/kata-manager.sh index 7330aece20..45c8448315 100755 --- a/utils/kata-manager.sh +++ b/utils/kata-manager.sh @@ -191,7 +191,9 @@ Description: Install $kata_project [1] and $containerd_project [2] from GitHub r Options: - -h : Show this help statement. + -c : Specify containerd version. + -h : Show this help statement. + -k : Specify Kata Containers version. Notes: @@ -562,17 +564,22 @@ handle_args() { local opt - while getopts "h" opt "$@" + local kata_version="" + local containerd_version="" + + while getopts "c:hk:" opt "$@" do case "$opt" in + c) containerd_version="$OPTARG" ;; h) usage; exit 0 ;; + k) kata_version="$OPTARG" ;; esac done shift $[$OPTIND-1] - local kata_version="${1:-}" - local containerd_version="${2:-}" + [ -z "$kata_version" ] && kata_version="${1:-}" || true + [ -z "$containerd_version" ] && containerd_version="${2:-}" || true handle_installation \ "$kata_version" \ From ae21fcc799fb21ee8a8c65b3bf68fbcd8630b194 Mon Sep 17 00:00:00 2001 From: "James O. D. Hunt" Date: Tue, 15 Feb 2022 13:29:27 +0000 Subject: [PATCH 3/9] utils: Fix Kata tar archive check The static tar archive published on GitHub (now) contains `./` which is being being flagged as an "unknown path" and resulting in the `kata-manager.sh` script failing. Partially fixes: #3674. Signed-off-by: James O. D. Hunt --- utils/kata-manager.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utils/kata-manager.sh b/utils/kata-manager.sh index 45c8448315..1478911764 100755 --- a/utils/kata-manager.sh +++ b/utils/kata-manager.sh @@ -473,7 +473,7 @@ install_kata() # Since we're unpacking to the root directory, perform a sanity check # on the archive first. local unexpected=$(tar -tf "${file}" |\ - egrep -v "^(\./opt/$|\.${kata_install_dir}/)" || true) + egrep -v "^(\./$|\./opt/$|\.${kata_install_dir}/)" || true) [ -n "$unexpected" ] && die "File '$file' contains unexpected paths: '$unexpected'" From 601be4e63bd18561d3ce66b360f033821c992e8b Mon Sep 17 00:00:00 2001 From: "James O. D. Hunt" Date: Tue, 15 Feb 2022 13:31:30 +0000 Subject: [PATCH 4/9] utils: Fix containerd installation Fix bug introduced inadvertently on #3330 which fixes the Kata installation, but unfortunately breaks installing containerd. The new approach is to check that the download URL matches a project-specific regular expression. Also improves the architecture test to handle the containerd architecture name (`amd64` rather than `x86_64`). Fixes: #3674. Signed-off-by: James O. D. Hunt --- utils/kata-manager.sh | 29 ++++++++++++++++++++++------- 1 file changed, 22 insertions(+), 7 deletions(-) diff --git a/utils/kata-manager.sh b/utils/kata-manager.sh index 1478911764..1a494feacb 100755 --- a/utils/kata-manager.sh +++ b/utils/kata-manager.sh @@ -136,16 +136,31 @@ github_get_release_file_url() local url="${1:-}" local version="${2:-}" - download_urls=$(curl -sL "$url" |\ + local arch=$(uname -m) + + local regex="" + + case "$url" in + *kata*) + regex="kata-static-.*-${arch}.tar.xz" + ;; + + *containerd*) + [ "$arch" = "x86_64" ] && arch="amd64" + regex="containerd-.*-linux-${arch}.tar.gz" + ;; + + *) die "invalid url: '$url'" ;; + esac + + local download_url + + download_url=$(curl -sL "$url" |\ jq --arg version "$version" \ -r '.[] | select(.tag_name == $version) | .assets[].browser_download_url' |\ - grep static) + grep "/${regex}$") - [ -z "$download_urls" ] && die "Cannot determine download URL for version $version ($url)" - - local arch=$(uname -m) - local download_url=$(grep "$arch" <<< "$download_urls") - [ -z "$download_url" ] && die "No release for architecture '$arch' ($url)" + [ -z "$download_url" ] && die "Cannot determine download URL for version $version ($url)" echo "$download_url" } From 4755d004a724733f66447b11d13ec5a3ecc8ffa8 Mon Sep 17 00:00:00 2001 From: "James O. D. Hunt" Date: Tue, 15 Feb 2022 13:37:32 +0000 Subject: [PATCH 5/9] utils: Fix unused parameter Actually make use of the `requested_version` parameter in `kata-manager.sh` and added a comment. Signed-off-by: James O. D. Hunt --- utils/kata-manager.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/utils/kata-manager.sh b/utils/kata-manager.sh index 1a494feacb..3ee8245d1e 100755 --- a/utils/kata-manager.sh +++ b/utils/kata-manager.sh @@ -330,6 +330,8 @@ github_download_package() { local releases_url="${1:-}" local requested_version="${2:-}" + + # Only used for error message local project="${3:-}" [ -z "$releases_url" ] && die "need releases URL" @@ -337,7 +339,7 @@ github_download_package() local version=$(github_resolve_version_to_download \ "$releases_url" \ - "$version" || true) + "$requested_version" || true) [ -z "$version" ] && die "Unable to determine $project version to download" From c464f3267651d92ec1aed810fe38804d560faa4a Mon Sep 17 00:00:00 2001 From: "James O. D. Hunt" Date: Tue, 15 Feb 2022 14:02:17 +0000 Subject: [PATCH 6/9] utils: kata-manager: Force containerd sym link creation For consistency with the rest of the script force the creation of a symbolic link for containerd in `kata-manager.sh`. Signed-off-by: James O. D. Hunt --- utils/kata-manager.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utils/kata-manager.sh b/utils/kata-manager.sh index 3ee8245d1e..f7e11e425e 100755 --- a/utils/kata-manager.sh +++ b/utils/kata-manager.sh @@ -378,7 +378,7 @@ install_containerd() sudo tar -C /usr/local -xvf "${file}" - sudo ln -s /usr/local/bin/ctr "${link_dir}" + sudo ln -sf /usr/local/bin/ctr "${link_dir}" info "$project installed\n" } From 714c9f56fdad47fcad4df58fee7c8425f4559899 Mon Sep 17 00:00:00 2001 From: "James O. D. Hunt" Date: Tue, 15 Feb 2022 14:05:06 +0000 Subject: [PATCH 7/9] utils: Improve containerd configuration `kata-manager.sh` improvements for containerd: - Fixed containerd default branch (which is now `main`). - Only install service file if it doesn't already exist. - Enable the containerd service to ensure it can be started. Signed-off-by: James O. D. Hunt --- utils/kata-manager.sh | 41 +++++++++++++++++++++++------------------ 1 file changed, 23 insertions(+), 18 deletions(-) diff --git a/utils/kata-manager.sh b/utils/kata-manager.sh index f7e11e425e..e0cc954575 100755 --- a/utils/kata-manager.sh +++ b/utils/kata-manager.sh @@ -391,31 +391,35 @@ configure_containerd() local cfg="/etc/containerd/config.toml" - pushd "$tmpdir" >/dev/null - - local service_url=$(printf "%s/%s/%s/%s" \ - "https://raw.githubusercontent.com" \ - "${containerd_slug}" \ - "master" \ - "${containerd_service_name}") - - curl -LO "$service_url" - - printf "# %s: Service installed for Kata Containers\n" \ - "$(date -Iseconds)" |\ - tee -a "$containerd_service_name" - local systemd_unit_dir="/etc/systemd/system" sudo mkdir -p "$systemd_unit_dir" local dest="${systemd_unit_dir}/${containerd_service_name}" - sudo cp "${containerd_service_name}" "${dest}" - sudo systemctl daemon-reload + if [ ! -f "$dest" ] + then + pushd "$tmpdir" >/dev/null - info "Installed ${dest}" + local service_url=$(printf "%s/%s/%s/%s" \ + "https://raw.githubusercontent.com" \ + "${containerd_slug}" \ + "main" \ + "${containerd_service_name}") - popd >/dev/null + curl -LO "$service_url" + + printf "# %s: Service installed for Kata Containers\n" \ + "$(date -Iseconds)" |\ + tee -a "$containerd_service_name" + + + sudo cp "${containerd_service_name}" "${dest}" + sudo systemctl daemon-reload + + info "Installed ${dest}" + + popd >/dev/null + fi # Backup the original containerd configuration: sudo mkdir -p "$(dirname $cfg)" @@ -448,6 +452,7 @@ EOT info "Modified $cfg" } + sudo systemctl enable containerd sudo systemctl start containerd info "Configured $project\n" From 34b2e67d48a29bf8be2e2422b2feda22946ebbcf Mon Sep 17 00:00:00 2001 From: "James O. D. Hunt" Date: Tue, 15 Feb 2022 14:08:18 +0000 Subject: [PATCH 8/9] utils: Added more kata manager cli options Added CLI options to the `kata-manager.sh` script to: - Force installation - Disable cleanup (retain downloaded files) - Only install Kata (don't consider containerd). > **Note:** > > This change introduces a subtle behaviour difference: > > - Previously, the script would error if containerd was already installed. > > - Now, the script will detect the existing installation and skip > trying to install containerd. > > This new behaviour makes more sense for most users but if you wish > to use the old behaviour, you (now) need to run the script specifying > the `-f` (force) option. Signed-off-by: James O. D. Hunt --- utils/kata-manager.sh | 98 ++++++++++++++++++++++++++++++++++++------- 1 file changed, 84 insertions(+), 14 deletions(-) diff --git a/utils/kata-manager.sh b/utils/kata-manager.sh index e0cc954575..38260c865b 100755 --- a/utils/kata-manager.sh +++ b/utils/kata-manager.sh @@ -202,13 +202,17 @@ usage() cat < []] -Description: Install $kata_project [1] and $containerd_project [2] from GitHub release binaries. +Description: Install $kata_project [1] (and optionally $containerd_project [2]) + from GitHub release binaries. Options: -c : Specify containerd version. + -f : Force installation (use with care). -h : Show this help statement. -k : Specify Kata Containers version. + -o : Only install Kata Containers. + -r : Don't cleanup on failure (retain files). Notes: @@ -248,6 +252,18 @@ only_supports_cgroups_v2() return 0 } +# Return 0 if containerd is already installed, else return 1. +containerd_installed() +{ + command -v containerd &>/dev/null && return 0 + + systemctl list-unit-files --type service |\ + egrep -q "^${containerd_service_name}\>" \ + && return 0 + + return 1 +} + pre_checks() { info "Running pre-checks" @@ -255,12 +271,11 @@ pre_checks() command -v "${kata_shim_v2}" &>/dev/null \ && die "Please remove existing $kata_project installation" - command -v containerd &>/dev/null \ - && die "$containerd_project already installed" + local ret - systemctl list-unit-files --type service |\ - egrep -q "^${containerd_service_name}\>" \ - && die "$containerd_project already installed" + { containerd_installed; ret=$?; } || true + + [ "$ret" -eq 0 ] && die "$containerd_project already installed" local cgroups_v2_only=$(only_supports_cgroups_v2 || true) @@ -315,9 +330,18 @@ check_deps() setup() { - trap cleanup EXIT + local cleanup="${1:-}" + [ -z "$cleanup" ] && die "no cleanup value" + + local force="${2:-}" + [ -z "$force" ] && die "no force value" + + [ "$cleanup" = "true" ] && trap cleanup EXIT + source /etc/os-release || source /usr/lib/os-release + [ "$force" = "true" ] && return 0 + pre_checks check_deps } @@ -529,7 +553,24 @@ handle_containerd() { local version="${1:-}" - install_containerd "$version" + local force="${2:-}" + [ -z "$force" ] && die "need force value" + + local ret + + if [ "$force" = "true" ] + then + install_containerd "$version" + else + { containerd_installed; ret=$?; } || true + + if [ "$ret" -eq 0 ] + then + info "Using existing containerd installation" + else + install_containerd "$version" + fi + fi configure_containerd @@ -567,34 +608,60 @@ test_installation() handle_installation() { - local kata_version="${1:-}" - local containerd_version="${2:-}" + local cleanup="${1:-}" + [ -z "$cleanup" ] && die "no cleanup value" - setup + local force="${2:-}" + [ -z "$force" ] && die "no force value" + + local only_kata="${3:-}" + [ -z "$only_kata" ] && die "no only Kata value" + + # These params can be blank + local kata_version="${4:-}" + local containerd_version="${5:-}" + + setup "$cleanup" "$force" handle_kata "$kata_version" - handle_containerd "$containerd_version" + + [ "$only_kata" = "false" ] && \ + handle_containerd \ + "$containerd_version" \ + "$force" test_installation - info "$kata_project and $containerd_project are now installed" + if [ "$only_kata" = "true" ] + then + info "$kata_project is now installed" + else + info "$kata_project and $containerd_project are now installed" + fi echo -e "\n${warnings}\n" } handle_args() { + local cleanup="true" + local force="false" + local only_kata="false" + local opt local kata_version="" local containerd_version="" - while getopts "c:hk:" opt "$@" + while getopts "c:fhk:or" opt "$@" do case "$opt" in c) containerd_version="$OPTARG" ;; + f) force="true" ;; h) usage; exit 0 ;; k) kata_version="$OPTARG" ;; + o) only_kata="true" ;; + r) cleanup="false" ;; esac done @@ -604,6 +671,9 @@ handle_args() [ -z "$containerd_version" ] && containerd_version="${2:-}" || true handle_installation \ + "$cleanup" \ + "$force" \ + "$only_kata" \ "$kata_version" \ "$containerd_version" } From 493ebc8ca5a17925ae5de2afa1eb1ec8f1c1ce25 Mon Sep 17 00:00:00 2001 From: "James O. D. Hunt" Date: Tue, 15 Feb 2022 14:27:08 +0000 Subject: [PATCH 9/9] utils: Update kata manager docs Update the `kata-manager.sh` README to recommend users view the available options before running the script. Signed-off-by: James O. D. Hunt --- utils/README.md | 38 ++++++++++++++++++++++++++++---------- 1 file changed, 28 insertions(+), 10 deletions(-) diff --git a/utils/README.md b/utils/README.md index 57e9a879b6..255568a71a 100644 --- a/utils/README.md +++ b/utils/README.md @@ -38,18 +38,36 @@ If you still wish to continue, but prefer a manual installation, see ## Install a minimal Kata Containers system +By default, the script will attempt to install Kata Containers and +containerd, and then configure containerd to use Kata Containers. However, +the script provides a number of options to allow you to change its +behaviour. + +> **Note:** +> +> Before running the script to install Kata Containers, we recommend +> that you [review the available options](#show-available-options). + +### Show available options + +To show the available options without installing anything, run: + +```sh +$ bash -c "$(curl -fsSL https://raw.githubusercontent.com/kata-containers/kata-containers/main/utils/kata-manager.sh) -h" +``` + +### To install Kata Containers only + +If your system already has containerd installed, to install Kata Containers and only configure containerd, run: + +```sh +$ bash -c "$(curl -fsSL https://raw.githubusercontent.com/kata-containers/kata-containers/main/utils/kata-manager.sh) -o" +``` + +### To install Kata Containers and containerd + To install and configure a system with Kata Containers and containerd, run: ```bash $ bash -c "$(curl -fsSL https://raw.githubusercontent.com/kata-containers/kata-containers/main/utils/kata-manager.sh)" ``` - -> **Notes:** -> -> - The script must be run on a system that does not have Kata Containers or -> containerd already installed on it. -> -> - The script accepts up to two parameters which can be used to test -> pre-release versions (a Kata Containers version, and a containerd -> version). If either version is unspecified or specified as `""`, the -> latest official version will be installed.