From 39f5cea3b1b13a3e5ac568bebca53710e59e2446 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Tue, 12 Dec 2023 11:47:15 +0100 Subject: [PATCH 1/5] kata-deploy: Fix k0s cri notation comment MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We can safely assume we're using the *newer* notation, not the *older* one. Signed-off-by: Fabiano Fidêncio --- tools/packaging/kata-deploy/scripts/kata-deploy.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/packaging/kata-deploy/scripts/kata-deploy.sh b/tools/packaging/kata-deploy/scripts/kata-deploy.sh index 58517480f6..9785fce67f 100755 --- a/tools/packaging/kata-deploy/scripts/kata-deploy.sh +++ b/tools/packaging/kata-deploy/scripts/kata-deploy.sh @@ -353,7 +353,7 @@ function configure_containerd_runtime() { local pluginid=cri # if we are running k0s auto containerd.toml generation, the base template is by default version 2 - # we can safely assume to reference the older version of cri + # we can safely assume to reference the newer version of cri if grep -q "version = 2\>" $containerd_conf_file || [ "$1" == "k0s-worker" ] || [ "$1" == "k0s-controller" ]; then pluginid=\"io.containerd.grpc.v1.cri\" fi From 4f01f294bb3ccc2792ca7d47b516a0734cb5ed25 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Tue, 12 Dec 2023 11:43:12 +0100 Subject: [PATCH 2/5] kata-deploy: Install `tomlq` to the base image MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This will help us to have an easier time playing with the containerd configuration, instead of having to sed the **** out of it, which is super error prone. `tomlq` is a tool that comes from https://github.com/kislyuk/yq, and that depends on `jq` to do the toml parsing / editing. Signed-off-by: Fabiano Fidêncio --- tools/packaging/kata-deploy/Dockerfile | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/tools/packaging/kata-deploy/Dockerfile b/tools/packaging/kata-deploy/Dockerfile index 95f07f1430..8bcd0f298a 100644 --- a/tools/packaging/kata-deploy/Dockerfile +++ b/tools/packaging/kata-deploy/Dockerfile @@ -10,6 +10,14 @@ ARG DESTINATION=/opt/kata-artifacts COPY ${KATA_ARTIFACTS} ${WORKDIR} +# I understand that in order to be on the safer side, it'd +# be good to have the alpine packages pointing to a very +# specific version, but this may break anyone else trying +# to use a different version of alpine for one reason or +# another. With this in mind, let's ignore DL3018. +# SC2086 is about using double quotes to prevent globbing and +# word splitting, which can also be ignored for now. +# hadolint ignore=DL3018,SC2086 RUN \ apk --no-cache add bash curl && \ ARCH=$(uname -m) && \ @@ -20,7 +28,9 @@ RUN \ mkdir -p ${DESTINATION} && \ tar xvf ${WORKDIR}/${KATA_ARTIFACTS} -C ${DESTINATION} && \ rm -f ${WORKDIR}/${KATA_ARTIFACTS} && \ - apk del curl + apk del curl && \ + apk --no-cache add jq py3-pip && \ + pip install --no-cache-dir yq==3.2.3 COPY scripts ${DESTINATION}/scripts COPY runtimeclasses ${DESTINATION}/runtimeclasses From dd9f5b07b9243ca152c3d7fe9df472e2f31eb103 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Tue, 12 Dec 2023 12:08:37 +0100 Subject: [PATCH 3/5] kata-deploy: Use tomlq to configure containerd MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This save us a lot of trouble on properly sed'ing content that may or may not be in the containerd configuration file. Fixes: #8638 Signed-off-by: Fabiano Fidêncio --- .../kata-deploy/scripts/kata-deploy.sh | 46 +++++-------------- 1 file changed, 11 insertions(+), 35 deletions(-) diff --git a/tools/packaging/kata-deploy/scripts/kata-deploy.sh b/tools/packaging/kata-deploy/scripts/kata-deploy.sh index 9785fce67f..0bc76258db 100755 --- a/tools/packaging/kata-deploy/scripts/kata-deploy.sh +++ b/tools/packaging/kata-deploy/scripts/kata-deploy.sh @@ -357,42 +357,18 @@ function configure_containerd_runtime() { if grep -q "version = 2\>" $containerd_conf_file || [ "$1" == "k0s-worker" ] || [ "$1" == "k0s-controller" ]; then pluginid=\"io.containerd.grpc.v1.cri\" fi - local runtime_table="plugins.${pluginid}.containerd.runtimes.$runtime" - local runtime_type="io.containerd.$runtime.v2" - local options_table="$runtime_table.options" - local config_path="$(get_kata_containers_config_path "$2")/$configuration.toml" - if grep -q "\[$runtime_table\]" $containerd_conf_file; then - echo "Configuration exists for $runtime_table, overwriting" - sed -i "/\[$runtime_table\]/,+1s#runtime_type.*#runtime_type = \"${runtime_type}\"#" $containerd_conf_file - else - cat < Date: Wed, 13 Dec 2023 09:50:15 +0100 Subject: [PATCH 4/5] kata-deploy: Remove useless comment from CRI-O drop-in MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The comment adds absolutely nothing to the runtime handler added, and it'd make our life slightly harder to properly say which VMM is being used when setting the default `kata` handler. Signed-off-by: Fabiano Fidêncio --- tools/packaging/kata-deploy/scripts/kata-deploy.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/tools/packaging/kata-deploy/scripts/kata-deploy.sh b/tools/packaging/kata-deploy/scripts/kata-deploy.sh index 0bc76258db..4312e675bd 100755 --- a/tools/packaging/kata-deploy/scripts/kata-deploy.sh +++ b/tools/packaging/kata-deploy/scripts/kata-deploy.sh @@ -309,7 +309,6 @@ function configure_crio_runtime() { cat < Date: Wed, 13 Dec 2023 10:52:54 +0100 Subject: [PATCH 5/5] kata-deploy: Simplify shim configuration MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We never have to add a configuration for the "default" case, as we're already creating the runtime class pointing to what should be the "default" handler. This helps to simplify the logic by quite a lot. Signed-off-by: Fabiano Fidêncio --- .../kata-deploy/scripts/kata-deploy.sh | 25 ++++++------------- 1 file changed, 8 insertions(+), 17 deletions(-) diff --git a/tools/packaging/kata-deploy/scripts/kata-deploy.sh b/tools/packaging/kata-deploy/scripts/kata-deploy.sh index 4312e675bd..7ff1b54d8a 100755 --- a/tools/packaging/kata-deploy/scripts/kata-deploy.sh +++ b/tools/packaging/kata-deploy/scripts/kata-deploy.sh @@ -294,14 +294,11 @@ function cleanup_different_shims_base() { } function configure_crio_runtime() { - local runtime="kata" - local configuration="configuration" - if [ -n "${1-}" ]; then - runtime+="-$1" - configuration+="-$1" - fi + local shim="${1}" + local runtime="kata-${shim}" + local configuration="configuration-${shim}" - local config_path=$(get_kata_containers_config_path "${1}") + local config_path=$(get_kata_containers_config_path "${shim}") local kata_path="/usr/local/bin/containerd-shim-${runtime}-v2" local kata_conf="crio.runtime.runtimes.${runtime}" @@ -343,12 +340,9 @@ EOF } function configure_containerd_runtime() { - local runtime="kata" - local configuration="configuration" - if [ -n "${2-}" ]; then - runtime+="-$2" - configuration+="-$2" - fi + local shim="$2" + local runtime="kata-${shim}" + local configuration="configuration-${shim}" local pluginid=cri # if we are running k0s auto containerd.toml generation, the base template is by default version 2 @@ -359,7 +353,7 @@ function configure_containerd_runtime() { local runtime_table=".plugins.${pluginid}.containerd.runtimes.\"${runtime}\"" local runtime_options_table="${runtime_table}.options" local runtime_type=\"io.containerd."${runtime}".v2\" - local runtime_config_path=\"$(get_kata_containers_config_path "${2-}")/${configuration}.toml\" + local runtime_config_path=\"$(get_kata_containers_config_path "${shim}")/${configuration}.toml\" tomlq -i -t $(printf '%s.runtime_type=%s' ${runtime_table} ${runtime_type}) ${containerd_conf_file} tomlq -i -t $(printf '%s.privileged_without_host_devices=true' ${runtime_table}) ${containerd_conf_file} @@ -382,9 +376,6 @@ function configure_containerd() { cp -n "$containerd_conf_file" "$containerd_conf_file_backup" fi - # Add default Kata runtime configuration - configure_containerd_runtime "$1" - for shim in "${shims[@]}"; do configure_containerd_runtime "$1" $shim done