github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-08-28 12:31:04 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #3368 from snir911/backports-2.3

Browse Source 
stable-2.3 Missing backports
This commit is contained in:
Archana Shinde 2022-01-04 06:42:42 -08:00 committed by GitHub
commit a0bb8c5599
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
35 changed files with 541 additions and 602 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
ci/openshift-ci/images/Dockerfile.buildroot
View File

@ -6,4 +6,9 @@
#
FROM registry.centos.org/centos:8
RUN yum -y update && yum -y install git sudo wget
RUN yum -y update && \
yum -y install \
git \
sudo \
wget && \
yum clean all

12
pkg/logging/Cargo.toml
View File

@ -7,15 +7,15 @@ edition = "2018"
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
[dependencies]
serde_json = "1.0.39"
serde_json = "1.0.73"
# slog:
# - Dynamic keys required to allow HashMap keys to be slog::Serialized.
# - The 'max_*' features allow changing the log level at runtime
# (by stopping the compiler from removing log calls).
slog = { version = "2.5.2", features = ["dynamic-keys", "max_level_trace", "release_max_level_debug"] }
slog-json = "2.3.0"
slog-async = "2.3.0"
slog-scope = "4.1.2"
slog = { version = "2.7.0", features = ["dynamic-keys", "max_level_trace", "release_max_level_debug"] }
slog-json = "2.4.0"
slog-async = "2.7.0"
slog-scope = "4.4.0"
[dev-dependencies]
tempfile = "3.1.0"
tempfile = "3.2.0"

746
src/agent/Cargo.lock generated
View File

File diff suppressed because it is too large Load Diff

8
src/agent/Cargo.toml
View File

@ -24,7 +24,7 @@ serial_test = "0.5.1"
# Async helpers
async-trait = "0.1.42"
async-recursion = "0.3.2"
futures = "0.3.12"
futures = "0.3.17"
# Async runtime
tokio = { version = "1", features = ["full"] }
@ -45,10 +45,10 @@ slog-scope = "4.1.2"
slog-stdlog = "4.0.0"
log = "0.4.11"
prometheus = { version = "0.9.0", features = ["process"] }
procfs = "0.7.9"
prometheus = { version = "0.13.0", features = ["process"] }
procfs = "0.12.0"
anyhow = "1.0.32"
cgroups = { package = "cgroups-rs", version = "0.2.5" }
cgroups = { package = "cgroups-rs", version = "0.2.8" }
# Tracing
tracing = "0.1.26"

8
src/agent/oci/Cargo.toml
View File

@ -5,7 +5,7 @@ authors = ["The Kata Containers community <kata-dev@lists.katacontainers.io>"]
edition = "2018"
[dependencies]
serde = "1.0.91"
serde_derive = "1.0.91"
serde_json = "1.0.39"
libc = "0.2.58"
serde = "1.0.131"
serde_derive = "1.0.131"
serde_json = "1.0.73"
libc = "0.2.112"

2
src/agent/rustjail/Cargo.toml
View File

@ -23,7 +23,7 @@ scan_fmt = "0.2"
regex = "1.1"
path-absolutize = "1.2.0"
anyhow = "1.0.32"
cgroups = { package = "cgroups-rs", version = "0.2.5" }
cgroups = { package = "cgroups-rs", version = "0.2.8" }
rlimit = "0.5.3"
tokio = { version = "1.2.0", features = ["sync", "io-util", "process", "time", "macros"] }

44
src/agent/src/metrics.rs
View File

@ -23,50 +23,50 @@ macro_rules! sl {
lazy_static! {
static ref AGENT_SCRAPE_COUNT: IntCounter =
prometheus::register_int_counter!(format!("{}_{}",NAMESPACE_KATA_AGENT,"scrape_count").as_ref(), "Metrics scrape count").unwrap();
prometheus::register_int_counter!(format!("{}_{}",NAMESPACE_KATA_AGENT,"scrape_count"), "Metrics scrape count").unwrap();
static ref AGENT_THREADS: Gauge =
prometheus::register_gauge!(format!("{}_{}",NAMESPACE_KATA_AGENT,"threads").as_ref(), "Agent process threads").unwrap();
prometheus::register_gauge!(format!("{}_{}",NAMESPACE_KATA_AGENT,"threads"), "Agent process threads").unwrap();
static ref AGENT_TOTAL_TIME: Gauge =
prometheus::register_gauge!(format!("{}_{}",NAMESPACE_KATA_AGENT,"total_time").as_ref(), "Agent process total time").unwrap();
prometheus::register_gauge!(format!("{}_{}",NAMESPACE_KATA_AGENT,"total_time"), "Agent process total time").unwrap();
static ref AGENT_TOTAL_VM: Gauge =
prometheus::register_gauge!(format!("{}_{}",NAMESPACE_KATA_AGENT,"total_vm").as_ref(), "Agent process total VM size").unwrap();
prometheus::register_gauge!(format!("{}_{}",NAMESPACE_KATA_AGENT,"total_vm"), "Agent process total VM size").unwrap();
static ref AGENT_TOTAL_RSS: Gauge =
prometheus::register_gauge!(format!("{}_{}",NAMESPACE_KATA_AGENT,"total_rss").as_ref(), "Agent process total RSS size").unwrap();
prometheus::register_gauge!(format!("{}_{}",NAMESPACE_KATA_AGENT,"total_rss"), "Agent process total RSS size").unwrap();
static ref AGENT_PROC_STATUS: GaugeVec =
prometheus::register_gauge_vec!(format!("{}_{}",NAMESPACE_KATA_AGENT,"proc_status").as_ref(), "Agent process status.", &["item"]).unwrap();
prometheus::register_gauge_vec!(format!("{}_{}",NAMESPACE_KATA_AGENT,"proc_status"), "Agent process status.", &["item"]).unwrap();
static ref AGENT_IO_STAT: GaugeVec =
prometheus::register_gauge_vec!(format!("{}_{}",NAMESPACE_KATA_AGENT,"io_stat").as_ref(), "Agent process IO statistics.", &["item"]).unwrap();
prometheus::register_gauge_vec!(format!("{}_{}",NAMESPACE_KATA_AGENT,"io_stat"), "Agent process IO statistics.", &["item"]).unwrap();
static ref AGENT_PROC_STAT: GaugeVec =
prometheus::register_gauge_vec!(format!("{}_{}",NAMESPACE_KATA_AGENT,"proc_stat").as_ref(), "Agent process statistics.", &["item"]).unwrap();
prometheus::register_gauge_vec!(format!("{}_{}",NAMESPACE_KATA_AGENT,"proc_stat"), "Agent process statistics.", &["item"]).unwrap();
// guest os metrics
static ref GUEST_LOAD: GaugeVec =
prometheus::register_gauge_vec!(format!("{}_{}",NAMESPACE_KATA_GUEST,"load").as_ref() , "Guest system load.", &["item"]).unwrap();
prometheus::register_gauge_vec!(format!("{}_{}",NAMESPACE_KATA_GUEST,"load") , "Guest system load.", &["item"]).unwrap();
static ref GUEST_TASKS: GaugeVec =
prometheus::register_gauge_vec!(format!("{}_{}",NAMESPACE_KATA_GUEST,"tasks").as_ref() , "Guest system load.", &["item"]).unwrap();
prometheus::register_gauge_vec!(format!("{}_{}",NAMESPACE_KATA_GUEST,"tasks") , "Guest system load.", &["item"]).unwrap();
static ref GUEST_CPU_TIME: GaugeVec =
prometheus::register_gauge_vec!(format!("{}_{}",NAMESPACE_KATA_GUEST,"cpu_time").as_ref() , "Guest CPU statistics.", &["cpu","item"]).unwrap();
prometheus::register_gauge_vec!(format!("{}_{}",NAMESPACE_KATA_GUEST,"cpu_time") , "Guest CPU statistics.", &["cpu","item"]).unwrap();
static ref GUEST_VM_STAT: GaugeVec =
prometheus::register_gauge_vec!(format!("{}_{}",NAMESPACE_KATA_GUEST,"vm_stat").as_ref() , "Guest virtual memory statistics.", &["item"]).unwrap();
prometheus::register_gauge_vec!(format!("{}_{}",NAMESPACE_KATA_GUEST,"vm_stat") , "Guest virtual memory statistics.", &["item"]).unwrap();
static ref GUEST_NETDEV_STAT: GaugeVec =
prometheus::register_gauge_vec!(format!("{}_{}",NAMESPACE_KATA_GUEST,"netdev_stat").as_ref() , "Guest net devices statistics.", &["interface","item"]).unwrap();
prometheus::register_gauge_vec!(format!("{}_{}",NAMESPACE_KATA_GUEST,"netdev_stat") , "Guest net devices statistics.", &["interface","item"]).unwrap();
static ref GUEST_DISKSTAT: GaugeVec =
prometheus::register_gauge_vec!(format!("{}_{}",NAMESPACE_KATA_GUEST,"diskstat").as_ref() , "Disks statistics in system.", &["disk","item"]).unwrap();
prometheus::register_gauge_vec!(format!("{}_{}",NAMESPACE_KATA_GUEST,"diskstat") , "Disks statistics in system.", &["disk","item"]).unwrap();
static ref GUEST_MEMINFO: GaugeVec =
prometheus::register_gauge_vec!(format!("{}_{}",NAMESPACE_KATA_GUEST,"meminfo").as_ref() , "Statistics about memory usage in the system.", &["item"]).unwrap();
prometheus::register_gauge_vec!(format!("{}_{}",NAMESPACE_KATA_GUEST,"meminfo") , "Statistics about memory usage in the system.", &["item"]).unwrap();
}
#[instrument]
@ -348,17 +348,17 @@ fn set_gauge_vec_cpu_time(gv: &prometheus::GaugeVec, cpu: &str, cpu_time: &procf
gv.with_label_values(&[cpu, "idle"])
.set(cpu_time.idle as f64);
gv.with_label_values(&[cpu, "iowait"])
.set(cpu_time.iowait.unwrap_or(0.0) as f64);
.set(cpu_time.iowait.unwrap_or(0) as f64);
gv.with_label_values(&[cpu, "irq"])
.set(cpu_time.irq.unwrap_or(0.0) as f64);
.set(cpu_time.irq.unwrap_or(0) as f64);
gv.with_label_values(&[cpu, "softirq"])
.set(cpu_time.softirq.unwrap_or(0.0) as f64);
.set(cpu_time.softirq.unwrap_or(0) as f64);
gv.with_label_values(&[cpu, "steal"])
.set(cpu_time.steal.unwrap_or(0.0) as f64);
.set(cpu_time.steal.unwrap_or(0) as f64);
gv.with_label_values(&[cpu, "guest"])
.set(cpu_time.guest.unwrap_or(0.0) as f64);
.set(cpu_time.guest.unwrap_or(0) as f64);
gv.with_label_values(&[cpu, "guest_nice"])
.set(cpu_time.guest_nice.unwrap_or(0.0) as f64);
.set(cpu_time.guest_nice.unwrap_or(0) as f64);
}
#[instrument]
@ -470,7 +470,7 @@ fn set_gauge_vec_proc_status(gv: &prometheus::GaugeVec, status: &procfs::process
gv.with_label_values(&["vmswap"])
.set(status.vmswap.unwrap_or(0) as f64);
gv.with_label_values(&["hugetlbpages"])
.set(status.hugetblpages.unwrap_or(0) as f64);
.set(status.hugetlbpages.unwrap_or(0) as f64);
gv.with_label_values(&["voluntary_ctxt_switches"])
.set(status.voluntary_ctxt_switches.unwrap_or(0) as f64);
gv.with_label_values(&["nonvoluntary_ctxt_switches"])

12
src/agent/src/mount.rs
View File

@ -405,14 +405,18 @@ async fn bind_watcher_storage_handler(
logger: &Logger,
storage: &Storage,
sandbox: Arc<Mutex<Sandbox>>,
cid: Option<String>,
) -> Result<()> {
let mut locked = sandbox.lock().await;
let container_id = locked.id.clone();
if let Some(cid) = cid {
locked
.bind_watcher
.add_container(container_id, iter::once(storage.clone()), logger)
.add_container(cid, iter::once(storage.clone()), logger)
.await
} else {
Ok(())
}
}
// mount_storage performs the mount described by the storage structure.
@ -518,6 +522,7 @@ pub async fn add_storages(
logger: Logger,
storages: Vec<Storage>,
sandbox: Arc<Mutex<Sandbox>>,
cid: Option<String>,
) -> Result<Vec<String>> {
let mut mount_list = Vec::new();
@ -548,7 +553,8 @@ pub async fn add_storages(
}
DRIVER_NVDIMM_TYPE => nvdimm_storage_handler(&logger, &storage, sandbox.clone()).await,
DRIVER_WATCHABLE_BIND_TYPE => {
bind_watcher_storage_handler(&logger, &storage, sandbox.clone()).await?;
bind_watcher_storage_handler(&logger, &storage, sandbox.clone(), cid.clone())
.await?;
// Don't register watch mounts, they're handled separately by the watcher.
Ok(String::new())
}

16
src/agent/src/rpc.rs
View File

@ -148,6 +148,10 @@ impl AgentService {
};
info!(sl!(), "receive createcontainer, spec: {:?}", &oci);
info!(
sl!(),
"receive createcontainer, storages: {:?}", &req.storages
);
// Some devices need some extra processing (the ones invoked with
// --device for instance), and that's what this call is doing. It
@ -163,7 +167,13 @@ impl AgentService {
// After all those storages have been processed, no matter the order
// here, the agent will rely on rustjail (using the oci.Mounts
// list) to bind mount all of them inside the container.
let m = add_storages(sl!(), req.storages.to_vec(), self.sandbox.clone()).await?;
let m = add_storages(
sl!(),
req.storages.to_vec(),
self.sandbox.clone(),
Some(req.container_id.clone()),
)
.await?;
{
sandbox = self.sandbox.clone();
s = sandbox.lock().await;
@ -573,6 +583,7 @@ impl protocols::agent_ttrpc::AgentService for AgentService {
) -> ttrpc::Result<Empty> {
trace_rpc_call!(ctx, "remove_container", req);
is_allowed!(req);
match self.do_remove_container(req).await {
Err(e) => Err(ttrpc_error(ttrpc::Code::INTERNAL, e.to_string())),
Ok(_) => Ok(Empty::new()),
@ -1002,7 +1013,7 @@ impl protocols::agent_ttrpc::AgentService for AgentService {
.map_err(|e| ttrpc_error(ttrpc::Code::INTERNAL, e.to_string()))?;
}
match add_storages(sl!(), req.storages.to_vec(), self.sandbox.clone()).await {
match add_storages(sl!(), req.storages.to_vec(), self.sandbox.clone(), None).await {
Ok(m) => {
let sandbox = self.sandbox.clone();
let mut s = sandbox.lock().await;
@ -1709,6 +1720,7 @@ mod tests {
fd: -1,
mh: MessageHeader::default(),
metadata: std::collections::HashMap::new(),
timeout_nano: 0,
}
}

8
src/trace-forwarder/Cargo.toml
View File

@ -13,7 +13,7 @@ edition = "2018"
futures = "0.3.15"
clap = "2.33.0"
vsock = "0.2.3"
nix = "0.21.0"
nix = "0.23.0"
libc = "0.2.94"
serde = { version = "1.0.126", features = ["derive"] }
bincode = "1.3.3"
@ -23,9 +23,9 @@ anyhow = "1.0.31"
opentelemetry = { version = "0.14.0", features=["serialize"] }
opentelemetry-jaeger = "0.13.0"
protobuf = "=2.14.0"
tracing-opentelemetry = "0.13.0"
tracing = "0.1.26"
tracing-subscriber = "0.2.18"
tracing-opentelemetry = "0.16.0"
tracing = "0.1.29"
tracing-subscriber = "0.3.3"
# Note: this crate sets the slog 'max_*' features which allows the log level
# to be modified at runtime.

16
tools/agent-ctl/Cargo.toml
View File

@ -21,19 +21,19 @@ hex = "0.4.2"
byteorder = "1.3.4"
logging = { path = "../../pkg/logging" }
slog = "2.5.2"
slog-scope = "4.3.0"
rand = "0.7.3"
slog = "2.7.0"
slog-scope = "4.4.0"
rand = "0.8.4"
protobuf = "2.14.0"
nix = "0.21.0"
libc = "0.2.69"
nix = "0.23.0"
libc = "0.2.112"
# XXX: Must be the same as the version used by the agent
ttrpc = { version = "0.5.0" }
# For parsing timeouts
humantime = "2.0.0"
humantime = "2.1.0"
# For Options (state passing)
serde = { version = "1.0.110", features = ["derive"] }
serde_json = "1.0.53"
serde = { version = "1.0.131", features = ["derive"] }
serde_json = "1.0.73"

2
tools/agent-ctl/src/utils.rs
View File

@ -234,7 +234,7 @@ pub fn generate_random_hex_string(len: u32) -> String {
let str: String = (0..len)
.map(|_| {
let idx = rng.gen_range(0, CHARSET.len());
let idx = rng.gen_range(0..CHARSET.len());
CHARSET[idx] as char
})
.collect();

3
tools/osbuilder/Makefile
View File

@ -182,7 +182,6 @@ SCRIPTS += image-builder/image_builder.sh
SCRIPTS += initrd-builder/initrd_builder.sh
HELPER_FILES :=
HELPER_FILES += rootfs-builder/versions.txt
HELPER_FILES += scripts/lib.sh
HELPER_FILES += image-builder/nsdax.gpl.c
@ -202,7 +201,7 @@ install-scripts:
@$(foreach f,$(SCRIPTS),$(call INSTALL_SCRIPT,$f,$(INSTALL_DIR)))
@echo "Installing helper files"
@$(foreach f,$(HELPER_FILES),$(call INSTALL_FILE,$f,$(INSTALL_DIR)))
@echo "Installing installing config files"
@echo "Installing config files"
@$(foreach f,$(DIST_CONFIGS),$(call INSTALL_FILE,$f,$(INSTALL_DIR)))
.PHONY: clean

3
tools/osbuilder/dockerfiles/QAT/Dockerfile
View File

@ -42,7 +42,8 @@ RUN dnf install -y \
systemd-devel \
sudo \
xz \
yasm
yasm && \
dnf clean all
# Add in non-privileged user
RUN useradd qatbuilder -p "" && \

5
tools/osbuilder/dracut/Dockerfile.in
View File

@ -3,8 +3,13 @@
#
# SPDX-License-Identifier: Apache-2.0
# openSUSE Tumbleweed image has only 'latest' tag so ignore DL3006 rule.
# hadolint ignore=DL3006
from opensuse/tumbleweed
# zypper -y or --non-interactive can be used interchangeably here so ignore
# DL3034 rule.
# hadolint ignore=DL3034
RUN zypper --non-interactive refresh; \
zypper --non-interactive install --no-recommends --force-resolution \
autoconf \

14
tools/osbuilder/image-builder/Dockerfile
View File

@ -5,6 +5,14 @@
ARG IMAGE_REGISTRY=registry.fedoraproject.org
FROM ${IMAGE_REGISTRY}/fedora:34
RUN [ -n "$http_proxy" ] && sed -i '$ a proxy='$http_proxy /etc/dnf/dnf.conf ; true
RUN dnf install -y qemu-img parted gdisk e2fsprogs gcc xfsprogs findutils
RUN ([ -n "$http_proxy" ] && \
sed -i '$ a proxy='$http_proxy /etc/dnf/dnf.conf ; true) && \
dnf install -y \
e2fsprogs \
findutils \
gcc \
gdisk \
parted \
qemu-img \
xfsprogs && \
dnf clean all

9
tools/osbuilder/image-builder/image_builder.sh
View File

@ -137,13 +137,16 @@ build_with_container() {
image_dir=$(readlink -f "$(dirname "${image}")")
image_name=$(basename "${image}")
REGISTRY_ARG=""
engine_build_args=""
if [ -n "${IMAGE_REGISTRY}" ]; then
REGISTRY_ARG="--build-arg IMAGE_REGISTRY=${IMAGE_REGISTRY}"
engine_build_args+=" --build-arg IMAGE_REGISTRY=${IMAGE_REGISTRY}"
fi
if [ -n "${USE_PODMAN}" ]; then
engine_build_args+=" --runtime ${DOCKER_RUNTIME}"
fi
"${container_engine}" build \
${REGISTRY_ARG} \
${engine_build_args} \
--build-arg http_proxy="${http_proxy}" \
--build-arg https_proxy="${https_proxy}" \
-t "${container_image_name}" "${script_dir}"

1
tools/osbuilder/rootfs-builder/alpine/Dockerfile.in
View File

@ -26,4 +26,5 @@ RUN apk update && apk add \
make \
musl \
musl-dev \
protoc \
tar

3
tools/osbuilder/rootfs-builder/centos/Dockerfile.in
View File

@ -32,7 +32,8 @@ RUN yum -y update && yum install -y \
sed \
tar \
vim \
which
which && \
yum clean all
# This will install the proper packages to build Kata components
@INSTALL_MUSL@

3
tools/osbuilder/rootfs-builder/clearlinux/Dockerfile.in
View File

@ -35,7 +35,8 @@ RUN dnf -y update && dnf install -y \
systemd \
tar \
vim \
which
which && \
dnf clean all
# This will install the proper packages to build Kata components
@INSTALL_MUSL@

3
tools/osbuilder/rootfs-builder/fedora/Dockerfile.in
View File

@ -35,7 +35,8 @@ RUN dnf -y update && dnf install -y \
systemd \
tar \
vim \
which
which && \
dnf clean all
# This will install the proper packages to build Kata components
@INSTALL_MUSL@

2
tools/osbuilder/rootfs-builder/gentoo/Dockerfile.in
View File

@ -4,6 +4,8 @@
# SPDX-License-Identifier: Apache-2.0
ARG IMAGE_REGISTRY=docker.io
# stage3-amd64 image has only 'latest' tag so ignore DL3006 rule.
# hadolint ignore=DL3007
FROM ${IMAGE_REGISTRY}/gentoo/stage3-amd64:latest
# This dockerfile needs to provide all the componets need to build a rootfs

27
tools/osbuilder/rootfs-builder/rootfs.sh
View File

@ -353,23 +353,24 @@ build_rootfs_distro()
info "build directly"
build_rootfs ${ROOTFS_DIR}
else
engine_build_args=""
if [ -n "${USE_DOCKER}" ]; then
container_engine="docker"
elif [ -n "${USE_PODMAN}" ]; then
container_engine="podman"
engine_build_args+=" --runtime ${DOCKER_RUNTIME}"
fi
image_name="${distro}-rootfs-osbuilder"
REGISTRY_ARG=""
if [ -n "${IMAGE_REGISTRY}" ]; then
REGISTRY_ARG="--build-arg IMAGE_REGISTRY=${IMAGE_REGISTRY}"
engine_build_args+=" --build-arg IMAGE_REGISTRY=${IMAGE_REGISTRY}"
fi
# setup to install rust here
generate_dockerfile "${distro_config_dir}"
"$container_engine" build \
${REGISTRY_ARG} \
${engine_build_args} \
--build-arg http_proxy="${http_proxy}" \
--build-arg https_proxy="${https_proxy}" \
-t "${image_name}" "${distro_config_dir}"
@ -377,21 +378,21 @@ build_rootfs_distro()
# fake mapping if KERNEL_MODULES_DIR is unset
kernel_mod_dir=${KERNEL_MODULES_DIR:-${ROOTFS_DIR}}
docker_run_args=""
docker_run_args+=" --rm"
engine_run_args=""
engine_run_args+=" --rm"
# apt sync scans all possible fds in order to close them, incredibly slow on VMs
docker_run_args+=" --ulimit nofile=262144:262144"
docker_run_args+=" --runtime ${DOCKER_RUNTIME}"
engine_run_args+=" --ulimit nofile=262144:262144"
engine_run_args+=" --runtime ${DOCKER_RUNTIME}"
if [ -z "${AGENT_SOURCE_BIN}" ] ; then
docker_run_args+=" -v ${GOPATH_LOCAL}:${GOPATH_LOCAL} --env GOPATH=${GOPATH_LOCAL}"
engine_run_args+=" -v ${GOPATH_LOCAL}:${GOPATH_LOCAL} --env GOPATH=${GOPATH_LOCAL}"
else
docker_run_args+=" --env AGENT_SOURCE_BIN=${AGENT_SOURCE_BIN}"
docker_run_args+=" -v ${AGENT_SOURCE_BIN}:${AGENT_SOURCE_BIN}"
docker_run_args+=" -v ${GOPATH_LOCAL}:${GOPATH_LOCAL} --env GOPATH=${GOPATH_LOCAL}"
engine_run_args+=" --env AGENT_SOURCE_BIN=${AGENT_SOURCE_BIN}"
engine_run_args+=" -v ${AGENT_SOURCE_BIN}:${AGENT_SOURCE_BIN}"
engine_run_args+=" -v ${GOPATH_LOCAL}:${GOPATH_LOCAL} --env GOPATH=${GOPATH_LOCAL}"
fi
docker_run_args+=" $(docker_extra_args $distro)"
engine_run_args+=" $(docker_extra_args $distro)"
# Relabel volumes so SELinux allows access (see docker-run(1))
if command -v selinuxenabled > /dev/null && selinuxenabled ; then
@ -432,7 +433,7 @@ build_rootfs_distro()
-v "${ROOTFS_DIR}":"/rootfs" \
-v "${script_dir}/../scripts":"/scripts" \
-v "${kernel_mod_dir}":"${kernel_mod_dir}" \
$docker_run_args \
$engine_run_args \
${image_name} \
bash /kata-containers/tools/osbuilder/rootfs-builder/rootfs.sh "${distro}"

2
tools/osbuilder/rootfs-builder/suse/Dockerfile.in
View File

@ -6,7 +6,7 @@
ARG IMAGE_REGISTRY=docker.io
#suse: docker image to be used to create a rootfs
#@OS_VERSION@: Docker image version to build this dockerfile
FROM ${IMAGE_REGISTRY}/opensuse/leap
FROM ${IMAGE_REGISTRY}/opensuse/leap:15.0
# This dockerfile needs to provide all the componets need to build a rootfs
# Install any package need to create a rootfs (package manager, extra tools)

4
tools/osbuilder/rootfs-builder/ubuntu/Dockerfile-aarch64.in
View File

@ -35,7 +35,9 @@ RUN apt-get update && apt-get install -y \
sed \
systemd \
tar \
vim
vim && \
apt-get clean && rm -rf /var/lib/apt/lists/
# This will install the proper packages to build Kata components
@INSTALL_MUSL@
@INSTALL_RUST@

6
tools/packaging/kata-deploy/Dockerfile
View File

@ -6,7 +6,7 @@ FROM registry.centos.org/centos:7 AS base
ENV container docker
RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \
RUN (cd /lib/systemd/system/sysinit.target.wants/ && for i in *; do [ "$i" = systemd-tmpfiles-setup.service ] || rm -f "$i"; done); \
rm -f /lib/systemd/system/multi-user.target.wants/*; \
rm -f /etc/systemd/system/*.wants/*; \
rm -f /lib/systemd/system/local-fs.target.wants/*; \
@ -25,7 +25,7 @@ ARG KUBE_ARCH=amd64
ARG KATA_ARTIFACTS=./kata-static.tar.xz
ARG DESTINATION=/opt/kata-artifacts
COPY ${KATA_ARTIFACTS} .
COPY ${KATA_ARTIFACTS} ${WORKDIR}
RUN \
yum -y update && \
@ -37,7 +37,7 @@ tar xvf ${KATA_ARTIFACTS} -C ${DESTINATION}/ && \
chown -R root:root ${DESTINATION}/
RUN \
curl -Lso /bin/kubectl https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/${KUBE_ARCH}/kubectl && \
curl -Lso /bin/kubectl "https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/${KUBE_ARCH}/kubectl" && \
chmod +x /bin/kubectl
COPY scripts ${DESTINATION}/scripts

12
tools/packaging/kata-deploy/action/Dockerfile
View File

@ -1,7 +1,7 @@
# Copyright (c) 2019 Intel Corporation
#
# SPDX-License-Identifier: Apache-2.0
FROM mcr.microsoft.com/azure-cli:latest
FROM mcr.microsoft.com/azure-cli:2.9.1
LABEL com.github.actions.name="Test kata-deploy in an AKS cluster"
LABEL com.github.actions.description="Test kata-deploy in an AKS cluster"
@ -16,14 +16,14 @@ ENV GITHUB_ACTION_NAME="Test kata-deploy in an AKS cluster"
# PKG_SHA environment variable
ENV PKG_SHA=HEAD
RUN curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/${ARCH}/kubectl \
RUN curl -LO "https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/${ARCH}/kubectl" \
&& chmod +x ./kubectl \
&& mv ./kubectl /usr/local/bin/kubectl
RUN curl -LO https://github.com/Azure/aks-engine/releases/download/${AKS_ENGINE_VER}/aks-engine-${AKS_ENGINE_VER}-linux-${ARCH}.tar.gz \
&& tar xvf aks-engine-${AKS_ENGINE_VER}-linux-${ARCH}.tar.gz \
&& mv aks-engine-${AKS_ENGINE_VER}-linux-${ARCH}/aks-engine /usr/local/bin/aks-engine \
&& rm aks-engine-${AKS_ENGINE_VER}-linux-${ARCH}.tar.gz
RUN curl -LO "https://github.com/Azure/aks-engine/releases/download/${AKS_ENGINE_VER}/aks-engine-${AKS_ENGINE_VER}-linux-${ARCH}.tar.gz" \
&& tar "xvf aks-engine-${AKS_ENGINE_VER}-linux-${ARCH}.tar.gz" \
&& mv "aks-engine-${AKS_ENGINE_VER}-linux-${ARCH}/aks-engine" /usr/local/bin/aks-engine \
&& rm "aks-engine-${AKS_ENGINE_VER}-linux-${ARCH}.tar.gz"
COPY kubernetes-containerd.json /
COPY setup-aks.sh test-kata.sh entrypoint.sh /

26
tools/packaging/kata-deploy/local-build/dockerbuild/Dockerfile
View File

@ -6,17 +6,19 @@ FROM ubuntu:20.04
ENV DEBIAN_FRONTEND=noninteractive
ENV INSTALL_IN_GOPATH=false
ADD install_yq.sh /usr/bin/install_yq.sh
COPY install_yq.sh /usr/bin/install_yq.sh
# yq installer deps
RUN apt update && apt-get install -y curl sudo
# Install yq
RUN install_yq.sh
RUN curl -fsSL https://get.docker.com -o get-docker.sh
RUN sh get-docker.sh
# Install yq and docker
RUN apt-get update && \
apt-get install -y --no-install-recommends \
ca-certificates \
curl \
sudo && \
apt-get clean && rm -rf /var/lib/apt/lists/ && \
install_yq.sh && \
curl -fsSL https://get.docker.com -o get-docker.sh && \
sh get-docker.sh
ARG IMG_USER=kata-builder
ARG UID=1000
@ -27,12 +29,14 @@ RUN sh -c "echo '${IMG_USER} ALL=NOPASSWD: ALL' >> /etc/sudoers"
#FIXME: gcc is required as agent is build out of a container build.
RUN apt-get update && \
apt install --no-install-recommends -y \
apt-get install --no-install-recommends -y \
build-essential \
cpio \
gcc \
git \
make \
xz-utils
xz-utils && \
apt-get clean && rm -rf /var/lib/apt/lists
ENV USER ${IMG_USER}
USER ${UID}:${GID}

5
tools/packaging/kata-deploy/scripts/kata-deploy.sh
View File

@ -266,6 +266,11 @@ function main() {
containerd_conf_file="${containerd_conf_tmpl_file}"
containerd_conf_file_backup="${containerd_conf_file}.bak"
else
# runtime == containerd
if [ ! -f "$containerd_conf_file" ]; then
containerd config default > "$containerd_conf_file"
fi
fi
action=${1:-}

9
tools/packaging/kata-monitor/Dockerfile
View File

@ -1,13 +1,14 @@
# Copyright (c) 2020 Eric Ernst
# SPDX-License-Identifier: Apache-2.0
FROM golang:1.15-alpine
FROM golang:1.15-alpine AS builder
RUN apk add bash curl git make
RUN apk add --no-cache bash curl git make
WORKDIR /go/src/github.com/kata-containers/kata-containers/src/runtime
COPY . /go/src/github.com/kata-containers/kata-containers
RUN SKIP_GO_VERSION_CHECK=true make monitor
FROM alpine:latest
COPY --from=0 /go/src/github.com/kata-containers/kata-containers/src/runtime/kata-monitor /usr/bin/kata-monitor
FROM alpine:3.14
COPY --from=builder /go/src/github.com/kata-containers/kata-containers/src/runtime/kata-monitor /usr/bin/kata-monitor
CMD ["-h"]
ENTRYPOINT ["/usr/bin/kata-monitor"]

13
tools/packaging/static-build/kernel/Dockerfile
View File

@ -2,19 +2,20 @@
#
# SPDX-License-Identifier: Apache-2.0
FROM ubuntu
FROM ubuntu:20.04
ENV DEBIAN_FRONTEND=noninteractive
# kernel deps
RUN apt update
RUN apt install -y \
RUN apt-get update && \
apt-get install -y --no-install-recommends \
bc \
bison \
build-essential \
ca-certificates \
curl \
flex \
git \
iptables \
libelf-dev
RUN [ "$(uname -m)" = "s390x" ] && apt-get install -y libssl-dev || true
libelf-dev && \
if [ "$(uname -m)" = "s390x" ]; then apt-get install -y --no-install-recommends libssl-dev; fi && \
apt-get clean && rm -rf /var/lib/lists/

55
tools/packaging/static-build/qemu/Dockerfile
View File

@ -12,8 +12,8 @@ WORKDIR /root/qemu
ARG CACHE_TIMEOUT
RUN echo "$CACHE_TIMEOUT"
RUN apt-get update && apt-get upgrade -y
RUN apt-get --no-install-recommends install -y \
RUN apt-get update && apt-get upgrade -y && \
apt-get --no-install-recommends install -y \
apt-utils \
autoconf \
automake \
@ -46,40 +46,33 @@ RUN apt-get --no-install-recommends install -y \
python \
python-dev \
rsync \
zlib1g-dev
RUN [ "$(uname -m)" != "s390x" ] && apt-get install -y libpmem-dev || true
zlib1g-dev && \
if [ "$(uname -m)" != "s390x" ]; then apt-get install -y --no-install-recommends libpmem-dev; fi && \
apt-get clean && rm -rf /var/lib/apt/lists/
ARG QEMU_REPO
RUN cd .. && git clone "${QEMU_REPO}" qemu
# commit/tag/branch
ARG QEMU_VERSION
RUN git checkout "${QEMU_VERSION}"
RUN git clone https://github.com/qemu/capstone.git capstone
RUN git clone https://github.com/qemu/keycodemapdb.git ui/keycodemapdb
RUN git clone https://github.com/qemu/meson.git meson
RUN git clone https://github.com/qemu/berkeley-softfloat-3.git tests/fp/berkeley-softfloat-3
RUN git clone https://github.com/qemu/berkeley-testfloat-3.git tests/fp/berkeley-testfloat-3
ADD scripts/configure-hypervisor.sh /root/configure-hypervisor.sh
ADD qemu /root/kata_qemu
ADD scripts/apply_patches.sh /root/apply_patches.sh
ADD scripts/patch_qemu.sh /root/patch_qemu.sh
RUN /root/patch_qemu.sh "${QEMU_VERSION}" "/root/kata_qemu/patches"
ARG PREFIX
ARG BUILD_SUFFIX
RUN PREFIX="${PREFIX}" /root/configure-hypervisor.sh -s "kata-qemu${BUILD_SUFFIX}" | xargs ./configure \
--with-pkgversion="kata-static${BUILD_SUFFIX}"
RUN make -j$(nproc)
ARG QEMU_DESTDIR
RUN make install DESTDIR="${QEMU_DESTDIR}"
ARG QEMU_TARBALL
ADD static-build/scripts/qemu-build-post.sh /root/static-build/scripts/qemu-build-post.sh
ADD static-build/qemu.blacklist /root/static-build/qemu.blacklist
RUN /root/static-build/scripts/qemu-build-post.sh
COPY scripts/configure-hypervisor.sh /root/configure-hypervisor.sh
COPY qemu /root/kata_qemu
COPY scripts/apply_patches.sh /root/apply_patches.sh
COPY scripts/patch_qemu.sh /root/patch_qemu.sh
COPY static-build/scripts/qemu-build-post.sh /root/static-build/scripts/qemu-build-post.sh
COPY static-build/qemu.blacklist /root/static-build/qemu.blacklist
SHELL ["/bin/bash", "-o", "pipefail", "-c"]
RUN git clone --depth=1 "${QEMU_REPO}" qemu && \
cd qemu && \
git fetch --depth=1 origin "${QEMU_VERSION}" && git checkout FETCH_HEAD && \
scripts/git-submodule.sh update meson capstone && \
/root/patch_qemu.sh "${QEMU_VERSION}" "/root/kata_qemu/patches" && \
(PREFIX="${PREFIX}" /root/configure-hypervisor.sh -s "kata-qemu${BUILD_SUFFIX}" | xargs ./configure \
--with-pkgversion="kata-static${BUILD_SUFFIX}") && \
make -j"$(nproc)" && \
make install DESTDIR="${QEMU_DESTDIR}" && \
/root/static-build/scripts/qemu-build-post.sh

11
tools/packaging/static-build/shim-v2/Dockerfile
View File

@ -2,18 +2,21 @@
#
# SPDX-License-Identifier: Apache-2.0
FROM ubuntu
FROM ubuntu:20.04
ENV DEBIAN_FRONTEND=noninteractive
RUN apt-get update && \
apt-get install -y \
apt-get install -y --no-install-recommends \
build-essential \
ca-certificates \
curl \
gcc \
git \
make \
sudo
sudo && \
apt-get clean && rm -rf /var/lib/apt/lists/
ADD install_go.sh /usr/bin/install_go.sh
COPY install_go.sh /usr/bin/install_go.sh
ARG GO_VERSION
RUN install_go.sh "${GO_VERSION}"
ENV PATH=/usr/local/go/bin:${PATH}

19
tools/packaging/tests/Dockerfile/FedoraDockerfile.in
View File

@ -14,15 +14,14 @@ ENV GOPATH=/home/go
ENV TESTS_REPOSITORY_PATH="${GOPATH}/src/${TESTS_REPO}"
ENV AGENT_INIT=yes TEST_INITRD=yes OSBUILDER_DISTRO=alpine
# Install packages
RUN sudo dnf -y install kata-proxy kata-ksm-throttler kata-osbuilder kata-runtime kata-shim
RUN sudo mkdir "${GOPATH}"
RUN sudo dnf config-manager --add-repo https://download.docker.com/linux/fedora/docker-ce.repo
RUN sudo dnf makecache
RUN sudo dnf -y install docker-ce
RUN go get -d "${TESTS_REPO}"
RUN cd "${TESTS_REPOSITORY_PATH}" && .ci/install_kata_image.sh
RUN cd "${TESTS_REPOSITORY_PATH}" && .ci/install_kata_kernel.sh
RUN kata-runtime kata-env
# Install packages and build and install Kata Containers
RUN dnf -y install kata-proxy kata-ksm-throttler kata-osbuilder kata-runtime kata-shim && \
mkdir "${GOPATH}" && \
dnf config-manager --add-repo https://download.docker.com/linux/fedora/docker-ce.repo && \
dnf makecache && dnf -y install docker-ce && dnf clean all && \
go get -d "${TESTS_REPO}" && \
cd "${TESTS_REPOSITORY_PATH}" && .ci/install_kata_image.sh && \
cd "${TESTS_REPOSITORY_PATH}" && .ci/install_kata_kernel.sh && \
kata-runtime kata-env
CMD ["/bin/bash"]

13
utils/kata-manager.sh
View File

@ -136,17 +136,16 @@ github_get_release_file_url()
local url="${1:-}"
local version="${2:-}"
download_url=$(curl -sL "$url" |\
download_urls=$(curl -sL "$url" |\
jq --arg version "$version" \
-r '.[] | select(.tag_name == $version) | .assets[0].browser_download_url' || true)
-r '.[] | select(.tag_name == $version) | .assets[].browser_download_url' |\
grep static)
[ "$download_url" = null ] && download_url=""
[ -z "$download_url" ] && die "Cannot determine download URL for version $version ($url)"
[ -z "$download_urls" ] && die "Cannot determine download URL for version $version ($url)"
local arch=$(uname -m)
[ "$arch" = x86_64 ] && arch="($arch|amd64)"
echo "$download_url" | egrep -q "$arch" || die "No release for '$arch architecture ($url)"
local download_url=$(grep "$arch" <<< "$download_urls")
[ -z "$download_url" ] && die "No release for architecture '$arch' ($url)"
echo "$download_url"
}