github/kata-containers
1
0
Fork 2
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-09-19 15:58:25 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #4565 from fidencio/topic/cc-build-the-shim-with-the-needed-configurations

Browse Source 
CC | Build the shim-v2 with the needed configurations for Confidential Containers usage
This commit is contained in:
Fabiano Fidêncio
2022-06-30 20:42:43 +02:00
committed by GitHub
parent 3a655c4198 df486533fa
commit 8f6eca517a
6 changed files with 29 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/runtime/Makefile
View File

@@ -211,6 +211,9 @@ DEFSTATICRESOURCEMGMT ?= false
DEFBINDMOUNTS := [] DEFBINDMOUNTS := []
# Image Service Offload
DEFSERVICEOFFLOAD ?= false
SED = sed SED = sed
CLI_DIR = cmd CLI_DIR = cmd
@@ -479,6 +482,7 @@ USER_VARS += DEFSTATICRESOURCEMGMT_FC
USER_VARS += DEFBINDMOUNTS USER_VARS += DEFBINDMOUNTS
USER_VARS += DEFVFIOMODE USER_VARS += DEFVFIOMODE
USER_VARS += BUILDFLAGS USER_VARS += BUILDFLAGS
USER_VARS += DEFSERVICEOFFLOAD
V = @ V = @

2
src/runtime/config/configuration-clh.toml.in
View File

@@ -405,7 +405,7 @@ experimental=@DEFAULTEXPFEATURES@
# #
# Offload the CRI image management service to the Kata agent. # Offload the CRI image management service to the Kata agent.
# (default: false) # (default: false)
#service_offload = true service_offload = @DEFSERVICEOFFLOAD@
# Container image decryption keys provisioning. # Container image decryption keys provisioning.
# Applies only if service_offload is true. # Applies only if service_offload is true.

2
src/runtime/config/configuration-qemu.toml.in
View File

@@ -609,7 +609,7 @@ experimental=@DEFAULTEXPFEATURES@
# #
# Offload the CRI image management service to the Kata agent. # Offload the CRI image management service to the Kata agent.
# (default: false) # (default: false)
#service_offload = true service_offload = @DEFSERVICEOFFLOAD@
# Container image decryption keys provisioning. # Container image decryption keys provisioning.
# Applies only if service_offload is true. # Applies only if service_offload is true.

3
tools/packaging/kata-deploy/local-build/Makefile
View File

@@ -72,3 +72,6 @@ image: kata-tarball
cc-rootfs-image-tarball: cc-rootfs-image-tarball:
${MAKE} $@-build ${MAKE} $@-build
cc-shim-v2-tarball:
${MAKE} $@-build

11
tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh
View File

@@ -95,6 +95,14 @@ install_cc_image() {
"${rootfs_builder}" --imagetype=image --prefix="${cc_prefix}" --destdir="${destdir}" "${rootfs_builder}" --imagetype=image --prefix="${cc_prefix}" --destdir="${destdir}"
} }
#Install all components that are not assets
install_cc_shimv2() {
GO_VERSION="$(yq r ${versions_yaml} languages.golang.meta.newest-version)"
export GO_VERSION
export REMOVE_VMM_CONFIGS="acrn fc"
DESTDIR="${destdir}" PREFIX="${cc_prefix}" EXTRA_OPTS="DEFSERVICEOFFLOAD=true" "${shimv2_builder}"
}
#Install guest image #Install guest image
install_image() { install_image() {
info "Create image" info "Create image"
@@ -194,6 +202,8 @@ handle_build() {
cc-rootfs-image) install_cc_image ;; cc-rootfs-image) install_cc_image ;;
cc-shim-v2) install_cc_shimv2 ;;
cloud-hypervisor) install_clh ;; cloud-hypervisor) install_clh ;;
firecracker) install_firecracker ;; firecracker) install_firecracker ;;
@@ -242,6 +252,7 @@ main() {
local silent local silent
build_targets=( build_targets=(
cc-rootfs-image cc-rootfs-image
cc-shim-v2
cloud-hypervisor cloud-hypervisor
firecracker firecracker
kernel kernel

11
tools/packaging/static-build/shim-v2/build.sh
View File

@@ -19,6 +19,9 @@ DESTDIR=${DESTDIR:-${PWD}}
PREFIX=${PREFIX:-/opt/kata} PREFIX=${PREFIX:-/opt/kata}
container_image="shim-v2-builder" container_image="shim-v2-builder"
EXTRA_OPTS="${EXTRA_OPTS:-""}"
REMOVE_VMM_CONFIGS="${REMOVE_VMM_CONFIGS:-""}"
sudo docker build --build-arg GO_VERSION="${GO_VERSION}" -t "${container_image}" "${script_dir}" sudo docker build --build-arg GO_VERSION="${GO_VERSION}" -t "${container_image}" "${script_dir}"
arch=$(uname -m) arch=$(uname -m)
@@ -29,16 +32,20 @@ fi
sudo docker run --rm -i -v "${repo_root_dir}:${repo_root_dir}" \ sudo docker run --rm -i -v "${repo_root_dir}:${repo_root_dir}" \
-w "${repo_root_dir}/src/runtime" \ -w "${repo_root_dir}/src/runtime" \
"${container_image}" \ "${container_image}" \
bash -c "make PREFIX=${PREFIX} QEMUCMD=qemu-system-${arch}" bash -c "make PREFIX=${PREFIX} QEMUCMD=qemu-system-${arch} ${EXTRA_OPTS}"
sudo docker run --rm -i -v "${repo_root_dir}:${repo_root_dir}" \ sudo docker run --rm -i -v "${repo_root_dir}:${repo_root_dir}" \
-w "${repo_root_dir}/src/runtime" \ -w "${repo_root_dir}/src/runtime" \
"${container_image}" \ "${container_image}" \
bash -c "make PREFIX="${PREFIX}" DESTDIR="${DESTDIR}" install" bash -c "make PREFIX="${PREFIX}" DESTDIR="${DESTDIR}" ${EXTRA_OPTS} install"
sudo sed -i -e '/^initrd =/d' "${DESTDIR}/${PREFIX}/share/defaults/kata-containers/configuration-qemu.toml" sudo sed -i -e '/^initrd =/d' "${DESTDIR}/${PREFIX}/share/defaults/kata-containers/configuration-qemu.toml"
sudo sed -i -e '/^initrd =/d' "${DESTDIR}/${PREFIX}/share/defaults/kata-containers/configuration-fc.toml" sudo sed -i -e '/^initrd =/d' "${DESTDIR}/${PREFIX}/share/defaults/kata-containers/configuration-fc.toml"
for vmm in ${REMOVE_VMM_CONFIGS}; do
sudo rm "${DESTDIR}/${PREFIX}/share/defaults/kata-containers/configuration-$vmm.toml"
done
pushd "${DESTDIR}/${PREFIX}/share/defaults/kata-containers" pushd "${DESTDIR}/${PREFIX}/share/defaults/kata-containers"
sudo ln -sf "configuration-qemu.toml" configuration.toml sudo ln -sf "configuration-qemu.toml" configuration.toml
popd popd