Merge pull request #4039 from fidencio/wip/ccv0.sh-also-support-cloud-hypervisor

CCv0 | ccv0.sh: Expand to also using Cloud Hypervisor

docs/how-to/ccv0.sh

@@ -91,6 +91,7 @@ Commands:
 - build_and_install_all:            Build and install everything
 - build_and_install_rootfs:         Builds and installs the rootfs image
 - build_kata_runtime:               Build and install the kata runtime
+- build_cloud_hypervisor            Checkout, patch, build and install Cloud Hypervisor
 - build_qemu:                       Checkout, patch, build and install QEMU
 - configure:                        Configure Kata to use rootfs and enable debug
 - connect_to_ssh_demo_pod:          Ssh into the ssh demo pod, showing that the decryption succeeded
@@ -127,7 +128,18 @@ build_and_install_all() {
     create_a_local_rootfs
     build_and_install_rootfs
     install_guest_kernel_image
+    case "$KATA_HYPERVISOR" in
+        "qemu") 
             build_qemu
+            ;;
+        "cloud-hypervisor") 
+            build_cloud_hypervisor
+            ;;
+        *)
+            echo "Invalid option: $KATA_HYPERVISOR is not supported." >&2
+            ;;
+    esac
+
     check_kata_runtime
     if [ "${KUBERNETES}" == "yes" ]; then
         init_kubernetes
@@ -199,7 +211,7 @@ check_out_repos() {
 
 build_and_install_kata_runtime() {
     pushd ${katacontainers_repo_dir}/src/runtime
-    make clean && make && sudo -E PATH=$PATH make install
+    make clean && make DEFAULT_HYPERVISOR=${KATA_HYPERVISOR} && sudo -E PATH=$PATH make DEFAULT_HYPERVISOR=${KATA_HYPERVISOR} install
     debug_output "We should have created Kata runtime binaries:: /usr/local/bin/kata-runtime and /usr/local/bin/containerd-shim-kata-v2"
     debug_output "We should have made the Kata configuration file: /usr/share/defaults/kata-containers/configuration.toml"
     debug_output "kata-runtime version: $(kata-runtime version)"
@@ -330,6 +342,14 @@ build_qemu() {
     ${tests_repo_dir}/.ci/install_qemu.sh
 }
 
+build_cloud_hypervisor() {
+    # While we still rely on the C version of virtiofsd, let's
+    # install QEMU, which will then bring virtiofsd together.
+    build_qemu
+
+    ${tests_repo_dir}/.ci/install_cloud_hypervisor.sh
+}
+
 check_kata_runtime() {
     sudo kata-runtime check
 }
@@ -467,7 +487,7 @@ run_kata_and_capture_logs() {
 
 get_ids() {
     guest_cid=$(sudo ss -H --vsock | awk '{print $6}' | cut -d: -f1)
-    sandbox_id=$(ps -ef | grep qemu | egrep -o "sandbox-[^,][^,]*" | sed 's/sandbox-//g' | awk '{print $1}')
+    sandbox_id=$(ps -ef | grep containerd-shim-kata-v2 | egrep -o "id [^,][^,].* " | awk '{print $2}')
 }
 
 open_kata_shell() {
@@ -580,6 +600,9 @@ main() {
         install_guest_kernel)
             install_guest_kernel_image
             ;;
+        build_cloud_hypervisor)
+            build_cloud_hypervisor
+            ;;
         build_qemu)
             build_qemu
             ;;

docs/how-to/how-to-build-and-test-ccv0.md

@@ -44,6 +44,12 @@ $ chmod u+x ccv0.sh
       ```
       `skopeo` is
       required for passing source credentials and verifying container image signatures using the kata agent.
+    - By default the build and configuration are using `QEMU` as the hypervisor. In order to use `Cloud Hypervisor` instead
+      set:
+      ```
+      $ export KATA_HYPERVISOR="cloud-hypervisor"
+      ```
+      before running the build.
 
 - At this point you can provision a Kata confidential containers pod and container with either
   [`crictl`](#using-crictl-for-end-to-end-provisioning-of-a-kata-confidential-containers-pod-with-an-unencrypted-image),
@@ -52,9 +58,10 @@ $ chmod u+x ccv0.sh
 
 ### Using `crictl` for end-to-end provisioning of a Kata confidential containers pod with an unencrypted image
 
-- Run the full build process with Kubernetes off, so it's configure doesn't interfere with `crictl` using:
+- Run the full build process with Kubernetes turned off, so its configuration doesn't interfere with `crictl` using:
   ```bash
   $ export KUBERNETES="no"
+  $ export KATA_HYPERVISOR="qemu"
   $ ~/ccv0.sh -d build_and_install_all
   ```
     > **Note**: Much of this script has to be run as `sudo`, so you are likely to get prompted for your password.
@@ -70,7 +77,8 @@ $ chmod u+x ccv0.sh
         - Create, build and install a rootfs for the Kata hypervisor to use. For 'CCv0' this is currently based on Ubuntu
         20.04 and has extra packages like `umoci` added.
         - Build the Kata guest kernel
-        - Install QEMU
+        - Install the hypervisor (in order to select which hypervisor will be used, the `KATA_HYPERVISOR` environment
+        variable can be used to select between `qemu` or `cloud-hypervisor`)
     > **Note**: Depending on how where your VMs are hosted and how IPs are shared you might get an error from docker
     during matching `ERROR: toomanyrequests: Too Many Requests`. To get past
     this, login into Docker Hub and pull the images used with:
@@ -189,7 +197,7 @@ there.
   pulled on the guest:
     - Find all the `rootfs` directories under in the pod's shared directory with:
       ```bash
-      $ pod_id=$(ps -ef | grep qemu | egrep -o "sandbox-[^,][^,]*" | sed 's/sandbox-//g' | awk '{print $1}')
+      $ pod_id=$(ps -ef | grep containerd-shim-kata-v2 | egrep -o "id [^,][^,].* " | awk '{print $2}')
       $ sudo find /run/kata-containers/shared/sandboxes/${pod_id}/shared -name rootfs
       ```
       which should only show a single `rootfs` directory if the container image was pulled on the guest, not the host
@@ -454,8 +462,8 @@ it ever being available to the host.
 
 As well as being able to use the script as above to build all of `kata-containers` from scratch it can be used to just
 re-build bits of it by running the script with different parameters. For example after the first build you will often
-not need to re-install the dependencies, QEMU or the Guest kernel, but just test code changes made to the runtime and
+not need to re-install the dependencies, the hypervisor or the Guest kernel, but just test code changes made to the
-agent. This can be done by running `~/ccv0.sh rebuild_and_install_kata`. (*Note this does a hard checkout*
+runtime and agent. This can be done by running `~/ccv0.sh rebuild_and_install_kata`. (*Note this does a hard checkout*
 *from git, so if your changes are only made locally it is better to do the individual steps e.g.* 
 `~/ccv0.sh build_kata_runtime && ~/ccv0.sh build_and_add_agent_to_rootfs && ~/ccv0.sh build_and_install_rootfs`).
 There are commands for a lot of steps in building, setting up and testing and the full list can be seen by running
@@ -480,6 +488,7 @@ Commands:
 - build_and_add_agent_to_rootfs:Builds the kata-agent and adds it to the rootfs
 - build_and_install_rootfs:     Builds and installs the rootfs image
 - install_guest_kernel:         Setup, build and install the guest kernel
+- build_cloud_hypervisor        Checkout, patch, build and install Cloud Hypervisor
 - build_qemu:                   Checkout, patch, build and install QEMU
 - init_kubernetes:              initialize a Kubernetes cluster on this system
 - crictl_create_cc_pod          Use crictl to create a new kata cc pod