From 6d07e2cddb3128db885295a0e8a0ce9196cf1dc8 Mon Sep 17 00:00:00 2001 From: Samuel Ortiz Date: Mon, 13 Nov 2017 12:24:56 +0100 Subject: [PATCH 001/307] Initial commit --- LICENSE | 201 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 201 insertions(+) create mode 100644 LICENSE diff --git a/LICENSE b/LICENSE new file mode 100644 index 000000000..261eeb9e9 --- /dev/null +++ b/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. From 6a0d61363a69adc1b269b8320867cd9bfa84af58 Mon Sep 17 00:00:00 2001 From: Samuel Ortiz Date: Mon, 4 Dec 2017 23:35:38 +0100 Subject: [PATCH 002/307] CoC: Add Code of Conduct We follow the OpenStack Foundation CoC. Signed-off-by: Samuel Ortiz --- CODE_OF_CONDUCT.md | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 CODE_OF_CONDUCT.md diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md new file mode 100644 index 000000000..5a9e27d2f --- /dev/null +++ b/CODE_OF_CONDUCT.md @@ -0,0 +1,3 @@ +## Kata Containers OSBuiler Code of Conduct + +Kata Containers follows the [OpenStack Foundation Code of Conduct](https://www.openstack.org/legal/community-code-of-conduct/). From 5a3115e96512f951222d3bd070c25ac734fd25a8 Mon Sep 17 00:00:00 2001 From: Samuel Ortiz Date: Mon, 4 Dec 2017 23:36:49 +0100 Subject: [PATCH 003/307] pullapprove: Let the builder team approve PRs Signed-off-by: Samuel Ortiz --- .pullapprove.yml | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 .pullapprove.yml diff --git a/.pullapprove.yml b/.pullapprove.yml new file mode 100644 index 000000000..bf30ea143 --- /dev/null +++ b/.pullapprove.yml @@ -0,0 +1,31 @@ +version: 2 + +requirements: + signed_off_by: + required: true + +# Disallow approval of PRs still under development +always_pending: + title_regex: 'WIP' + labels: + - do-not-merge + - wip + explanation: 'Work in progress - do not merge' + +group_defaults: + approve_by_comment: + enabled: true + approve_regex: '^(LGTM|lgtm|Approved|\+1|:\+1:)' + reject_regex: '^(Rejected|-1|:-1:)' + reset_on_push: + enabled: false + reset_on_reopened: + enabled: false + author_approval: + ignored: true + +groups: + approvers: + required: 1 + teams: + - builder From f1b8da340e3d62093e3a66d230a0f93540ec8493 Mon Sep 17 00:00:00 2001 From: Jose Carlos Venegas Munoz Date: Sat, 25 Nov 2017 01:36:51 -0600 Subject: [PATCH 004/307] rootfs: Add rootfs.sh script Add script that will use helper bash scripts that provide a way to build a rootfs based in a OS. Signed-off-by: Jose Carlos Venegas Munoz --- rootfs-builder/rootfs.sh | 122 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 122 insertions(+) create mode 100755 rootfs-builder/rootfs.sh diff --git a/rootfs-builder/rootfs.sh b/rootfs-builder/rootfs.sh new file mode 100755 index 000000000..e88364c89 --- /dev/null +++ b/rootfs-builder/rootfs.sh @@ -0,0 +1,122 @@ +#!/bin/bash +# +# Copyright (c) 2017 Intel Corporation +# +# SPDX-License-Identifier: Apache-2.0 + +set -e + +script_name="${0##*/}" +script_dir="$(dirname $(realpath -s $0))" +ROOTFS_DIR=${ROOTFS_DIR:-${PWD}/rootfs} +AGENT_VERSION=${AGENT_VERSION:-master} +GO_AGENT_PKG=${GO_AGENT_PKG:-github.com/kata-containers/agent} +AGENT_BIN=${AGENT_BIN:-kata-agent} +# Name of file that will implement build_rootfs +typeset -r LIB_SH="rootfs_lib.sh" + +if [ -n "$DEBUG" ] ; then + set -x +fi + +#$1: Error code if want to exit differnt to 0 +usage(){ + error="${1:-0}" + cat < + + : Linux distribution to use as base OS. + +Supported Linux distributions: + +$(get_distros) + +Options: +-h : Show this help message +-a : agent version DEFAULT: ${AGENT_VERSION} ENV: AGENT_VERSION +-r : rootfs directory DEFAULT: ${ROOTFS_DIR} ENV: ROOTFS_DIR + +ENV VARIABLES: +GO_AGENT_PKG: Change the golang package url to get the agent source code + DEFAULT: ${AGENT_REPO} +EOT +exit "${error}" +} + +die() +{ + msg="$*" + echo "ERROR: ${msg}" >&2 + exit 1 +} + +info() +{ + msg="$*" + echo "INFO: ${msg}" >&2 +} + +OK() +{ + msg="$*" + echo "INFO: [OK] ${msg}" >&2 +} + +get_distros() { + cdirs=$(find "${script_dir}" -maxdepth 1 -type d) + find ${cdirs} -maxdepth 1 -name "${LIB_SH}" -printf '%H\n' | while read dir; do + basename "${dir}" + done +} + + +check_function_exist() { + function_name="$1" + [ "$(type -t ${function_name})" == "function" ] || die "${function_name} function was not defined" +} + + +while getopts c:hr: opt +do + case $opt in + a) AGENT_VERSION="${OPTARG}" ;; + h) usage ;; + r) ROOTFS_DIR="${OPTARG}" ;; + esac +done + +shift $(($OPTIND - 1)) + +distro="$1" + +[ -n "${distro}" ] || usage 1 +distro_config_dir="${script_dir}/${distro}" + +[ -d "${distro_config_dir}" ] || die "Not found configuration directory ${distro_config_dir}" +rootfs_lib="${distro_config_dir}/${LIB_SH}" +source "${rootfs_lib}" +rootfs_config="${distro_config_dir}/config.sh" +source "${rootfs_config}" + +CONFIG_DIR=${distro_config_dir} +check_function_exist "build_rootfs" +mkdir -p ${ROOTFS_DIR} +build_rootfs ${ROOTFS_DIR} + +info "Check init is installed" +init="${ROOTFS_DIR}/sbin/init" +[ -x "${init}" ] || [ -L ${init} ] || die "/sbin/init is not installed in ${ROOTFS_DIR}" +OK "init is installed" + +info "Pull Agent source code" +go get -d "${GO_AGENT_PKG}" || true +OK "Pull Agent source code" + +info "Build agent" +pushd "${GOPATH}/src/${GO_AGENT_PKG}" +make INIT=no +make install DESTDIR="${ROOTFS_DIR}" INIT=no +popd +[ -x "${ROOTFS_DIR}/bin/${AGENT_BIN}" ] || die "/bin/${AGENT_BIN} is not installed in ${ROOTFS_DIR}" +OK "Agent installed" From 91bf41011857853573827ee8c5fa9776451e0177 Mon Sep 17 00:00:00 2001 From: Jose Carlos Venegas Munoz Date: Sat, 25 Nov 2017 01:38:42 -0600 Subject: [PATCH 005/307] rootfs: Add script for Clear Linux base OS Add script and config to build a rootfs based in Clear Linux OS. Signed-off-by: Jose Carlos Venegas Munoz --- rootfs-builder/clearlinux/Dockerfile | 3 + rootfs-builder/clearlinux/config.sh | 8 +++ rootfs-builder/clearlinux/rootfs_lib.sh | 93 +++++++++++++++++++++++++ 3 files changed, 104 insertions(+) create mode 100644 rootfs-builder/clearlinux/Dockerfile create mode 100644 rootfs-builder/clearlinux/config.sh create mode 100755 rootfs-builder/clearlinux/rootfs_lib.sh diff --git a/rootfs-builder/clearlinux/Dockerfile b/rootfs-builder/clearlinux/Dockerfile new file mode 100644 index 000000000..fe52e95af --- /dev/null +++ b/rootfs-builder/clearlinux/Dockerfile @@ -0,0 +1,3 @@ +From fedora:27 + +RUN dnf -y update && dnf install -y git golang systemd pkgconfig diff --git a/rootfs-builder/clearlinux/config.sh b/rootfs-builder/clearlinux/config.sh new file mode 100644 index 000000000..4401ce249 --- /dev/null +++ b/rootfs-builder/clearlinux/config.sh @@ -0,0 +1,8 @@ +# +# Copyright (c) 2017 Intel Corporation +# +# SPDX-License-Identifier: Apache-2.0 + +#Use "latest" to always pull the last Clear Linux Release +OS_VERSION=${OS_VERSION:-latest} +PACKAGES="systemd iptables-bin libudev0-shim" diff --git a/rootfs-builder/clearlinux/rootfs_lib.sh b/rootfs-builder/clearlinux/rootfs_lib.sh new file mode 100755 index 000000000..d656092d5 --- /dev/null +++ b/rootfs-builder/clearlinux/rootfs_lib.sh @@ -0,0 +1,93 @@ +#!/bin/bash +# +# Copyright (c) 2017 Intel Corporation +# +# SPDX-License-Identifier: Apache-2.0 + +set -e + +check_program(){ + type "$1" >/dev/null 2>&1 +} + +generate_dnf_config() +{ + echo "WARNING: using not signed packages" + cat > "${DNF_CONF}" << EOF +[main] +cachedir=/var/cache/dnf-clear +keepcache=0 +debuglevel=2 +logfile=/var/log/dnf.log +exactarch=1 +obsoletes=1 +gpgcheck=0 +plugins=0 +installonly_limit=3 +#Dont use the default dnf reposdir +#this will prevent to use host repositories +reposdir=/root/mash + +[clear] +name=Clear +failovermethod=priority +baseurl=${REPO_URL} +enabled=1 +#Clear Linux based packages security limitations +#Although the Clear Linux rootfs is constructed from rpm packages, Clear Linux +#itself is not an rpm-based Linux distribution (the software installed on a +#Clear Linux system is not managed using rpm). The rpm packages used to +#generate the rootfs are not signed, so there is no way to ensure that +#downloaded packages are trustworthy. +gpgcheck=0 +EOF +} + +build_rootfs() +{ + # Mandatory + local ROOTFS_DIR=$1 + + #In case rootfs is created usig repositories allow user to modify + # the default URL + local REPO_URL=${REPO_URL:-https://download.clearlinux.org/current/x86_64/os/} + # In case of support EXTRA packages, use it to allow + # users add more packages to the base rootfs + local EXTRA_PKGS=${EXTRA_PKGS:-} + + #PATH where files this script is placed + #Use it to refer to files in the same directory + #Exmaple: ${CONFIG_DIR}/foo + #local CONFIG_DIR=${CONFIG_DIR} + + check_root + if [ ! -f "${DNF_CONF}" ]; then + DNF_CONF="./clear-dnf.conf" + generate_dnf_config + fi + mkdir -p "${ROOTFS_DIR}" + if [ -n "${PKG_MANAGER}" ]; then + info "DNF path provided by user: ${PKG_MANAGER}" + elif check_program "dnf"; then + PKG_MANAGER="dnf" + elif check_program "yum" ; then + PKG_MANAGER="yum" + else + die "neither yum nor dnf is installed" + fi + + info "Using : ${PKG_MANAGER} to pull packages from ${REPO_URL}" + + DNF="${PKG_MANAGER} --config=$DNF_CONF -y --installroot=${ROOTFS_DIR} --noplugins" + $DNF install ${EXTRA_PKGS} ${PACKAGES} + + [ -n "${ROOTFS_DIR}" ] && rm -r "${ROOTFS_DIR}/var/cache/dnf-clear" +} + +check_root() +{ + if [ "$(id -u)" != "0" ]; then + echo "Root is needed" + exit 1 + fi +} From 5b8478c4cf4deabb3a46a55d2869faa73ec867b9 Mon Sep 17 00:00:00 2001 From: Jose Carlos Venegas Munoz Date: Sat, 25 Nov 2017 01:41:06 -0600 Subject: [PATCH 006/307] rootfs: Add script for Fedora base OS Add scirpts to build a rootfs based on Fedora. Signed-off-by: Jose Carlos Venegas Munoz --- rootfs-builder/fedora/Dockerfile | 3 + rootfs-builder/fedora/config.sh | 8 +++ rootfs-builder/fedora/rootfs_lib.sh | 88 +++++++++++++++++++++++++++++ 3 files changed, 99 insertions(+) create mode 100644 rootfs-builder/fedora/Dockerfile create mode 100644 rootfs-builder/fedora/config.sh create mode 100755 rootfs-builder/fedora/rootfs_lib.sh diff --git a/rootfs-builder/fedora/Dockerfile b/rootfs-builder/fedora/Dockerfile new file mode 100644 index 000000000..fe52e95af --- /dev/null +++ b/rootfs-builder/fedora/Dockerfile @@ -0,0 +1,3 @@ +From fedora:27 + +RUN dnf -y update && dnf install -y git golang systemd pkgconfig diff --git a/rootfs-builder/fedora/config.sh b/rootfs-builder/fedora/config.sh new file mode 100644 index 000000000..58a51f491 --- /dev/null +++ b/rootfs-builder/fedora/config.sh @@ -0,0 +1,8 @@ +# +# Copyright (c) 2017 Intel Corporation +# +# SPDX-License-Identifier: Apache-2.0 + +#Fedora version to use +OS_VERSION=${OS_VERSION:-27} +PACKAGES="systemd iptables" diff --git a/rootfs-builder/fedora/rootfs_lib.sh b/rootfs-builder/fedora/rootfs_lib.sh new file mode 100755 index 000000000..4eb7533b7 --- /dev/null +++ b/rootfs-builder/fedora/rootfs_lib.sh @@ -0,0 +1,88 @@ +#!/bin/bash +# +# Copyright (c) 2017 Intel Corporation +# +# SPDX-License-Identifier: Apache-2.0 + +set -e + +check_program(){ + type "$1" >/dev/null 2>&1 +} + +generate_dnf_config() +{ + cat > "${DNF_CONF}" << EOF +[main] +cachedir=/var/cache/dnf/kata/ +keepcache=0 +debuglevel=2 +logfile=/var/log/dnf.log +exactarch=1 +obsoletes=1 +gpgcheck=0 +plugins=0 +installonly_limit=3 +#Dont use the default dnf reposdir +#this will prevent to use host repositories +reposdir=/root/mash + +[kata] +name=fedora +failovermethod=priority +baseurl=${REPO_URL} +enabled=1 +gpgcheck=0 +EOF +} + +build_rootfs() +{ + # Mandatory + local ROOTFS_DIR=$1 + + #In case rootfs is created usig repositories allow user to modify + # the default URL + local REPO_URL=${REPO_URL:-http://mirror.math.princeton.edu/pub/fedora/linux/releases/$OS_VERSION/Everything/x86_64/os/} + + # In case of support EXTRA packages, use it to allow + # users add more packages to the base rootfs + local EXTRA_PKGS=${EXTRA_PKGS:-""} + + #PATH where files this script is placed + #Use it to refer to files in the same directory + #Exmaple: ${CONFIG_DIR}/foo + #local CONFIG_DIR=${CONFIG_DIR} + + check_root + if [ ! -f "${DNF_CONF}" ]; then + DNF_CONF="./kata-fedora-dnf.conf" + generate_dnf_config + fi + mkdir -p "${ROOTFS_DIR}" + if [ -n "${PKG_MANAGER}" ]; then + info "DNF path provided by user: ${PKG_MANAGER}" + elif check_program "dnf"; then + PKG_MANAGER="dnf" + elif check_program "yum" ; then + PKG_MANAGER="yum" + else + die "neither yum nor dnf is installed" + fi + + info "Using : ${PKG_MANAGER} to pull packages from ${REPO_URL}" + + DNF="${PKG_MANAGER} --config=$DNF_CONF -y --installroot=${ROOTFS_DIR} --noplugins" + $DNF install ${EXTRA_PKGS} ${PACKAGES} + + [ -n "${ROOTFS_DIR}" ] && rm -r "${ROOTFS_DIR}/var/cache/dnf" +} + + +check_root() +{ + if [ "$(id -u)" != "0" ]; then + echo "Root is needed" + exit 1 + fi +} From 75a9d5eab78d1fd1b4288ea1ccf9e5b034624c2f Mon Sep 17 00:00:00 2001 From: Jose Carlos Venegas Munoz Date: Tue, 5 Dec 2017 06:39:39 +0000 Subject: [PATCH 007/307] rootfs: Add rootfs based on CentOS 7 Signed-off-by: Jose Carlos Venegas Munoz --- rootfs-builder/centos/Dockerfile | 1 + rootfs-builder/centos/RPM-GPG-KEY-CentOS-7 | 30 +++++ rootfs-builder/centos/config.sh | 15 +++ rootfs-builder/centos/rootfs_lib.sh | 134 +++++++++++++++++++++ 4 files changed, 180 insertions(+) create mode 100644 rootfs-builder/centos/Dockerfile create mode 100644 rootfs-builder/centos/RPM-GPG-KEY-CentOS-7 create mode 100644 rootfs-builder/centos/config.sh create mode 100644 rootfs-builder/centos/rootfs_lib.sh diff --git a/rootfs-builder/centos/Dockerfile b/rootfs-builder/centos/Dockerfile new file mode 100644 index 000000000..fc96ef0a7 --- /dev/null +++ b/rootfs-builder/centos/Dockerfile @@ -0,0 +1 @@ +FROM centos:7 diff --git a/rootfs-builder/centos/RPM-GPG-KEY-CentOS-7 b/rootfs-builder/centos/RPM-GPG-KEY-CentOS-7 new file mode 100644 index 000000000..47f6d4d6b --- /dev/null +++ b/rootfs-builder/centos/RPM-GPG-KEY-CentOS-7 @@ -0,0 +1,30 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.5 (GNU/Linux) + +mQINBFOn/0sBEADLDyZ+DQHkcTHDQSE0a0B2iYAEXwpPvs67cJ4tmhe/iMOyVMh9 +Yw/vBIF8scm6T/vPN5fopsKiW9UsAhGKg0epC6y5ed+NAUHTEa6pSOdo7CyFDwtn +4HF61Esyb4gzPT6QiSr0zvdTtgYBRZjAEPFVu3Dio0oZ5UQZ7fzdZfeixMQ8VMTQ +4y4x5vik9B+cqmGiq9AW71ixlDYVWasgR093fXiD9NLT4DTtK+KLGYNjJ8eMRqfZ +Ws7g7C+9aEGHfsGZ/SxLOumx/GfiTloal0dnq8TC7XQ/JuNdB9qjoXzRF+faDUsj +WuvNSQEqUXW1dzJjBvroEvgTdfCJfRpIgOrc256qvDMp1SxchMFltPlo5mbSMKu1 +x1p4UkAzx543meMlRXOgx2/hnBm6H6L0FsSyDS6P224yF+30eeODD4Ju4BCyQ0jO +IpUxmUnApo/m0eRelI6TRl7jK6aGqSYUNhFBuFxSPKgKYBpFhVzRM63Jsvib82rY +438q3sIOUdxZY6pvMOWRkdUVoz7WBExTdx5NtGX4kdW5QtcQHM+2kht6sBnJsvcB +JYcYIwAUeA5vdRfwLKuZn6SgAUKdgeOtuf+cPR3/E68LZr784SlokiHLtQkfk98j +NXm6fJjXwJvwiM2IiFyg8aUwEEDX5U+QOCA0wYrgUQ/h8iathvBJKSc9jQARAQAB +tEJDZW50T1MtNyBLZXkgKENlbnRPUyA3IE9mZmljaWFsIFNpZ25pbmcgS2V5KSA8 +c2VjdXJpdHlAY2VudG9zLm9yZz6JAjUEEwECAB8FAlOn/0sCGwMGCwkIBwMCBBUC +CAMDFgIBAh4BAheAAAoJECTGqKf0qA61TN0P/2730Th8cM+d1pEON7n0F1YiyxqG +QzwpC2Fhr2UIsXpi/lWTXIG6AlRvrajjFhw9HktYjlF4oMG032SnI0XPdmrN29lL +F+ee1ANdyvtkw4mMu2yQweVxU7Ku4oATPBvWRv+6pCQPTOMe5xPG0ZPjPGNiJ0xw +4Ns+f5Q6Gqm927oHXpylUQEmuHKsCp3dK/kZaxJOXsmq6syY1gbrLj2Anq0iWWP4 +Tq8WMktUrTcc+zQ2pFR7ovEihK0Rvhmk6/N4+4JwAGijfhejxwNX8T6PCuYs5Jiv +hQvsI9FdIIlTP4XhFZ4N9ndnEwA4AH7tNBsmB3HEbLqUSmu2Rr8hGiT2Plc4Y9AO +aliW1kOMsZFYrX39krfRk2n2NXvieQJ/lw318gSGR67uckkz2ZekbCEpj/0mnHWD +3R6V7m95R6UYqjcw++Q5CtZ2tzmxomZTf42IGIKBbSVmIS75WY+cBULUx3PcZYHD +ZqAbB0Dl4MbdEH61kOI8EbN/TLl1i077r+9LXR1mOnlC3GLD03+XfY8eEBQf7137 +YSMiW5r/5xwQk7xEcKlbZdmUJp3ZDTQBXT06vavvp3jlkqqH9QOE8ViZZ6aKQLqv +pL+4bs52jzuGwTMT7gOR5MzD+vT0fVS7Xm8MjOxvZgbHsAgzyFGlI1ggUQmU7lu3 +uPNL0eRx4S1G4Jn5 +=OGYX +-----END PGP PUBLIC KEY BLOCK----- diff --git a/rootfs-builder/centos/config.sh b/rootfs-builder/centos/config.sh new file mode 100644 index 000000000..8c5cf749c --- /dev/null +++ b/rootfs-builder/centos/config.sh @@ -0,0 +1,15 @@ +# This is a configuration file add extra variables to +# be used by build_rootfs() from rootfs_lib.sh the variables will be +# loaded just before call the function. + +# Here there are a couple of variables you may need. +# Remove them or add more + +# Centos Version +OS_VERSION=${OS_VERSION:-7} + +#Mandatory Packages that must be installed +# systemd: An init system that will start kata-agent +# iptables: Need by Kata agent +# udevlib.so: Need by Kata agent +PACKAGES="systemd iptables" diff --git a/rootfs-builder/centos/rootfs_lib.sh b/rootfs-builder/centos/rootfs_lib.sh new file mode 100644 index 000000000..499b5758a --- /dev/null +++ b/rootfs-builder/centos/rootfs_lib.sh @@ -0,0 +1,134 @@ +#!/bin/bash +# +# Copyright (c) 2017 Intel Corporation +# +# SPDX-License-Identifier: Apache-2.0 + +check_program(){ + type "$1" >/dev/null 2>&1 +} + +check_root() +{ + if [ "$(id -u)" != "0" ]; then + echo "Root is needed" + exit 1 + fi +} + +generate_dnf_config() +{ + cat > "${DNF_CONF}" << EOF +[main] +cachedir=/var/cache/centos-osbuilder +keepcache=0 +debuglevel=2 +logfile=/var/log/yum-centos.log +exactarch=1 +obsoletes=1 +gpgcheck=0 +plugins=0 +installonly_limit=3 +#Dont use the default dnf reposdir +#this will prevent to use host repositories +reposdir=/root/mash + +[base] +name=CentOS-7 - Base +mirrorlist=http://mirrorlist.centos.org/?release=7&arch=x86_64&repo=os&container=container +#baseurl=${REPO_URL}/os/x86_64/ +gpgcheck=1 +gpgkey=file://${CONFIG_DIR}/RPM-GPG-KEY-CentOS-7 + +#released updates +[updates] +name=CentOS-7 - Updates +mirrorlist=http://mirrorlist.centos.org/?release=7&arch=x86_64&repo=updates&container=container +#baseurl=${REPO_URL}/updates/x86_64/ +gpgcheck=1 +gpgkey=file://${CONFIG_DIR}/RPM-GPG-KEY-CentOS-7 + +#additional packages that may be useful +[extras] +name=CentOS-7 - Extras +mirrorlist=http://mirrorlist.centos.org/?release=7&arch=x86_64&repo=extras&container=container +#baseurl=${REPO_URL}/extras/x86_64/ +gpgcheck=1 +gpgkey=file://${CONFIG_DIR}/RPM-GPG-KEY-CentOS-7 + +#additional packages that extend functionality of existing packages +[centosplus] +name=CentOS-7 - Plus +mirrorlist=http://mirrorlist.centos.org/?release=7&arch=x86_64&repo=centosplus&container=container +#baseurl=${REPO_URL}/centosplus/x86_64/ +gpgcheck=1 +enabled=0 +gpgkey=file://${CONFIG_DIR}/RPM-GPG-KEY-CentOS-7 +EOF +} + +# - Arguments +# rootfs_dir=$1 +# +# - Optional environment variables +# +# EXTRA_PKGS: Variable to add extra PKGS provided by the user +# +# BIN_AGENT: Name of the Kata-Agent binary +# +# REPO_URL: URL to distribution repository ( should be configured in +# config.sh file) +# +# Any other configuration variable for a specific distro must be added +# and documented on its own config.sh +# +# - Expected result +# +# rootfs_dir populated with rootfs pkgs +# It must provide a binary in /sbin/init +build_rootfs() { + # Mandatory + local ROOTFS_DIR=$1 + + #Name of the Kata-Agent binary + local BIN_AGENT=${BIN_AGENT} + + # In case of support EXTRA packages, use it to allow + # users add more packages to the base rootfs + local EXTRA_PKGS=${EXTRA_PKGS:-} + + #In case rootfs is created usign repositories allow user to modify + # the default URL + local REPO_URL=${REPO_URL:-http://mirror.centos.org/centos/7} + + #PATH where files this script is placed + #Use it to refer to files in the same directory + #Exmaple: ${CONFIG_DIR}/foo + local CONFIG_DIR=${CONFIG_DIR} + + + # Populate ROOTFS_DIR + # Must provide /sbin/init and /bin/${BIN_AGENT} + check_root + if [ ! -f "${DNF_CONF}" ]; then + DNF_CONF="./kata-centos-dnf.conf" + generate_dnf_config + fi + mkdir -p "${ROOTFS_DIR}" + if [ -n "${PKG_MANAGER}" ]; then + info "DNF path provided by user: ${PKG_MANAGER}" + elif check_program "dnf"; then + PKG_MANAGER="dnf" + elif check_program "yum" ; then + PKG_MANAGER="yum" + else + die "neither yum nor dnf is installed" + fi + + info "Using : ${PKG_MANAGER} to pull packages from ${REPO_URL}" + + DNF="${PKG_MANAGER} --config=$DNF_CONF -y --installroot=${ROOTFS_DIR} --noplugins" + $DNF install ${EXTRA_PKGS} ${PACKAGES} + + [ -n "${ROOTFS_DIR}" ] && rm -r "${ROOTFS_DIR}/var/cache/centos-osbuilder" +} From 206db3d585dbe41b830502cfdb2b953bb3540e24 Mon Sep 17 00:00:00 2001 From: Jose Carlos Venegas Munoz Date: Wed, 29 Nov 2017 17:05:42 -0600 Subject: [PATCH 008/307] rootfs: Add template files for new distros Add template to add new distros. Added a Makefile to initialize new environment. Signed-off-by: Jose Carlos Venegas Munoz --- rootfs-builder/template/Makefile | 15 +++++++ rootfs-builder/template/config_template.sh | 15 +++++++ .../template/rootfs_lib_template.sh | 43 +++++++++++++++++++ 3 files changed, 73 insertions(+) create mode 100644 rootfs-builder/template/Makefile create mode 100644 rootfs-builder/template/config_template.sh create mode 100644 rootfs-builder/template/rootfs_lib_template.sh diff --git a/rootfs-builder/template/Makefile b/rootfs-builder/template/Makefile new file mode 100644 index 000000000..66e04e323 --- /dev/null +++ b/rootfs-builder/template/Makefile @@ -0,0 +1,15 @@ +# Copyright (c) 2017 Intel Corporation +# +# SPDX-License-Identifier: Apache-2.0 +# +# +MK_DIR :=$(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +## Default destdir is one level up where is rootfs.sh script +DESTDIR ?= "$(realpath $(MK_DIR)/../)/$(ROOTFS_BASE_NAME)" +all: +ifndef ROOTFS_BASE_NAME + $(error ROOTFS_BASE_NAME is not set, use $ make ROOTFS_BASE_NAME=new_supported_os) +endif + mkdir -p $(DESTDIR) + cp "$(MK_DIR)/rootfs_lib_template.sh" "$(DESTDIR)/rootfs_lib.sh" + cp "$(MK_DIR)/config_template.sh" "$(DESTDIR)/config.sh" diff --git a/rootfs-builder/template/config_template.sh b/rootfs-builder/template/config_template.sh new file mode 100644 index 000000000..48ce67663 --- /dev/null +++ b/rootfs-builder/template/config_template.sh @@ -0,0 +1,15 @@ +# This is a configuration file add extra variables to +# be used by build_rootfs() from rootfs_lib.sh the variables will be +# loaded just before call the function. + +# Here there are a couple of variables you may need. +# Remove them or add more + +#Use it rootfs is based in a system has different versions +OS_VERSION=${OS_VERSION:-DEFAULT_VERSION} + +#Mandatory Packages that must be installed +# systemd: An init system that will start kata-agent +# iptables: Need by Kata agent +# udevlib.so: Need by Kata agent +PACKAGES="systemd iptables udevlib.so" diff --git a/rootfs-builder/template/rootfs_lib_template.sh b/rootfs-builder/template/rootfs_lib_template.sh new file mode 100644 index 000000000..133834bf9 --- /dev/null +++ b/rootfs-builder/template/rootfs_lib_template.sh @@ -0,0 +1,43 @@ +# - Arguments +# rootfs_dir=$1 +# +# - Optional environment variables +# +# EXTRA_PKGS: Variable to add extra PKGS provided by the user +# +# BIN_AGENT: Name of the Kata-Agent binary +# +# REPO_URL: URL to distribution repository ( should be configured in +# config.sh file) +# +# Any other configuration variable for a specific distro must be added +# and documented on its own config.sh +# +# - Expected result +# +# rootfs_dir populated with rootfs pkgs +# It must provide a binary in /sbin/init +build_rootfs() { + # Mandatory + local ROOTFS_DIR=$1 + + #Name of the Kata-Agent binary + local BIN_AGENT=${BIN_AGENT} + + # In case of support EXTRA packages, use it to allow + # users add more packages to the base rootfs + local EXTRA_PKGS=${EXTRA_PKGS:-} + + #In case rootfs is created usign repositories allow user to modify + # the default URL + local REPO_URL=${REPO_URL:-YOUR_REPO} + + #PATH where files this script is placed + #Use it to refer to files in the same directory + #Exmaple: ${CONFIG_DIR}/foo + local CONFIG_DIR=${CONFIG_DIR} + + + # Populate ROOTFS_DIR + # Must provide /sbin/init and /bin/${BIN_AGENT} +} From 48992d3fdf15c5051e9465428a558db433d6dc5b Mon Sep 17 00:00:00 2001 From: Jose Carlos Venegas Munoz Date: Mon, 27 Nov 2017 20:58:40 -0600 Subject: [PATCH 009/307] rootfs: Add README Add docs about how rootfs generation. Signed-off-by: Jose Carlos Venegas Munoz --- rootfs-builder/README.md | 126 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 126 insertions(+) create mode 100644 rootfs-builder/README.md diff --git a/rootfs-builder/README.md b/rootfs-builder/README.md new file mode 100644 index 000000000..e977ace39 --- /dev/null +++ b/rootfs-builder/README.md @@ -0,0 +1,126 @@ +# Building a rootfs for Kata Containers Guest OS # + +The Kata Containers `rootfs` is created using `rootfs.sh`. + +## Supported base OSs ## + +The `rootfs.sh` script builds a `rootfs` based on a particular Linux\* +distribution. To build a `rootfs`for your chosen distribution, run: + +``` +$./rootfs.sh +``` + +To check the supported `rootfs` based OS run `$rootfs-builder/rootfs.sh +-h`, it will show the supported values of `` + + +## Adding support for new base OS ## + +The script `rootfs.sh` will it check for immediate sub-directories +containing the following expected files structure: + +- A `bash(1)` script called `rootfs_lib.sh` + + This file must contain a function called `build_rootfs()` this function + must receive as first argument the path where the `rootfs` will be + populated. Path: `rootfs-builder//rootfs_lib.sh`. + + +- A `bash(1)` file `config.sh` + + This represents the specific configuration for ``. It must + provide configuration specific variables for user to modify as needed. + The `config.sh` file will be loaded before executing `build_rootfs()` to + provide all the needed configuration to the function. Path: + `rootfs-builder//config.sh`. + +To create a directory with the expected file structure run: + +``` +make -f template/Makefile ROOTFS_BASE_NAME=my_new_awesome_rootfs +``` + +After run the command above, a new directory will be created in +`rootfs-builder/my_new_awesome_rootfs/`. To verify it is one of the +options to build a `rootfs` run `./rootfs.sh -h`, it will show +`my_new_awesome` as one of the options to use it for: + +``` +./rootfs.sh +``` + +Now that a new directory structure was created is need to: + +- If needed , add configuration variables to `rootfs-builder/my_new_awesome_rootfs/config.sh` +- Implement the stub `build_rootfs()` function from `rootfs-builder/my_new_awesome_rootfs/rootfs_lib.sh` + +### Expected `rootfs` directory content ### + +After the function `build_rootfs` is called, the script expects the +`rootfs` directory to contain /sbin/init and /sbin/kata-agent binaries. + +### (optional) Customise the `rootfs` ### + +For development uses cases, developers may want to modify the guest OS. +To do that it is possible to use following methods: + +- Use the environment variable `EXTRA_PKG` to provide a list of space + separated packages to be installed. + + *Note: The package names may vary among Linux* distributions, the extra + package names must exist in the base OS flavor you use to build the + `rootfs`* + + Example: + ``` + EXTRA_PKG="vim emacs" ./rootfs-builder/rootfs.sh \ + -r ${PWD}/myrootfs fedora + + ``` + +- In `rootfs-builder//config.sh` modify the variable `PACKAGES`. + This are the minimal set of packages needed. The configuration file must + use the package names from the distro was created for. + +- It is possible to customise the `rootfs` directory before create an + image based in on it. + + +## Build `rootfs` using Docker* ## + +Depending on the base OS to build the `rootfs` guest OS, it is required some +specific programs that probably are not available or installed in the system +that will build the guest image. For this case `rootfs.sh` can use +a Docker\* container to build the `rootfs`. The following requirements +must be met: + +1. Docker 1.12+ installed + +2. `runc` is configured as the default runtime + + To check if `runc` is the default runtime: + + ``` + $ docker info | grep 'Default Runtime: runc' + ``` + + Note: + This requirement is specifically when using Clear Containers runtime + see [issue](https://github.com/clearcontainers/runtime/issues/828) for + more information. + +3. Export `USE_DOCKER` variable + + ``` + $ export USE_DOCKER=true + ``` +4. Use `rootfs.sh: + Example: + ``` + $ export USE_DOCKER=true + $ # build guest O/S rootfs based on fedora + $ ./rootfs-builder/rootfs.sh -r "${PWD}/fedora_rootfs" fedora + $ # build image based rootfs created above + $ ./image-builder/image_builder.sh "${PWD}/fedora_rootfs" + ``` From b284e42aef502ab9561de8f923ced1db31f3bd00 Mon Sep 17 00:00:00 2001 From: Jose Carlos Venegas Munoz Date: Wed, 29 Nov 2017 10:14:15 +0000 Subject: [PATCH 010/307] rootfs: Add docker support Allow users build a rootfs using docker, this will make easy if they dont have dependencies need to pull packages from a distro. Signed-off-by: Jose Carlos Venegas Munoz --- rootfs-builder/README.md | 2 +- rootfs-builder/rootfs.sh | 37 +++++++++++++++++++++++++++++++++++-- 2 files changed, 36 insertions(+), 3 deletions(-) diff --git a/rootfs-builder/README.md b/rootfs-builder/README.md index e977ace39..c0a614756 100644 --- a/rootfs-builder/README.md +++ b/rootfs-builder/README.md @@ -52,7 +52,7 @@ options to build a `rootfs` run `./rootfs.sh -h`, it will show Now that a new directory structure was created is need to: -- If needed , add configuration variables to `rootfs-builder/my_new_awesome_rootfs/config.sh` +- If needed, add configuration variables to `rootfs-builder/my_new_awesome_rootfs/config.sh` - Implement the stub `build_rootfs()` function from `rootfs-builder/my_new_awesome_rootfs/rootfs_lib.sh` ### Expected `rootfs` directory content ### diff --git a/rootfs-builder/rootfs.sh b/rootfs-builder/rootfs.sh index e88364c89..9cd147f6d 100755 --- a/rootfs-builder/rootfs.sh +++ b/rootfs-builder/rootfs.sh @@ -33,13 +33,16 @@ Supported Linux distributions: $(get_distros) Options: --h : Show this help message -a : agent version DEFAULT: ${AGENT_VERSION} ENV: AGENT_VERSION +-h : Show this help message -r : rootfs directory DEFAULT: ${ROOTFS_DIR} ENV: ROOTFS_DIR ENV VARIABLES: GO_AGENT_PKG: Change the golang package url to get the agent source code - DEFAULT: ${AGENT_REPO} + DEFAULT: ${GO_AGENT_PKG} +AGENT_BIN : Name of the agent binary (needed to check if agent is installed) +USE_DOCKER: If set will build rootfs in a Docker Container (requries docker) + DEFAULT: not set EOT exit "${error}" } @@ -101,6 +104,36 @@ source "${rootfs_config}" CONFIG_DIR=${distro_config_dir} check_function_exist "build_rootfs" + +if [ -n "${USE_DOCKER}" ] ; then + image_name="${distro}-rootfs-osbuilder" + + docker build \ + --build-arg http_proxy="${http_proxy}" \ + --build-arg https_proxy="${https_proxy}" \ + -t "${image_name}" "${distro_config_dir}" + + #Make sure we use a compatible runtime to build rootfs + # In case Clear Containers Runtime is installed we dont want to hit issue: + #https://github.com/clearcontainers/runtime/issues/828 + docker run \ + --runtime runc \ + --env https_proxy="${https_proxy}" \ + --env http_proxy="${http_proxy}" \ + --env AGENT_VERSION="${AGENT_VERSION}" \ + --env ROOTFS_DIR="/rootfs" \ + --env GO_AGENT_PKG="${GO_AGENT_PKG}" \ + --env AGENT_BIN="${AGENT_BIN}" \ + --env GOPATH="${GOPATH}" \ + -v "${script_dir}":"/osbuilder" \ + -v "${ROOTFS_DIR}":"/rootfs" \ + -v "${GOPATH}":"${GOPATH}" \ + ${image_name} \ + bash /osbuilder/rootfs.sh "${distro}" + + exit $? +fi + mkdir -p ${ROOTFS_DIR} build_rootfs ${ROOTFS_DIR} From 52d6b044b725b40fcbee457fbec10849ab7ffee4 Mon Sep 17 00:00:00 2001 From: Jose Carlos Venegas Munoz Date: Sat, 25 Nov 2017 01:42:28 -0600 Subject: [PATCH 011/307] image: Add script to build image Add script to build image based on a rootfs directory. Signed-off-by: Jose Carlos Venegas Munoz --- image-builder/image_builder.sh | 130 +++++++++++++++++++++++++++++++++ 1 file changed, 130 insertions(+) create mode 100755 image-builder/image_builder.sh diff --git a/image-builder/image_builder.sh b/image-builder/image_builder.sh new file mode 100755 index 000000000..68d6187e6 --- /dev/null +++ b/image-builder/image_builder.sh @@ -0,0 +1,130 @@ +#!/bin/bash +# +# Copyright (c) 2017 Intel Corporation +# +# SPDX-License-Identifier: Apache-2.0 + +set -e +if [ -n "$DEBUG" ] ; then + set -x +fi + +SCRIPT_NAME="${0##*/}" +IMAGE="${IMAGE:-kata-containers.img}" +AGENT_BIN=${AGENT_BIN:-kata-agent} + +die() +{ + local msg="$*" + echo "ERROR: ${msg}" >&2 + exit 1 +} + +OK() +{ + local msg="$*" + echo "[OK] ${msg}" >&2 +} + +info() +{ + local msg="$*" + echo "INFO: ${msg}" +} + +usage() +{ + error="${1:-0}" + cat < + This script will create a Kata Containers image file based on the + directory. + +Options: + -h Show this help + -o path to generate image file ENV: IMAGE + -s Image size in MB (default $IMG_SIZE) ENV: IMG_SIZE + +Extra environment variables: + AGENT_BIN: use it to change the expected agent binary name" +EOT +exit "${error}" +} + +while getopts "ho:s:" opt +do + case "$opt" in + h) usage ;; + o) IMAGE="${OPTARG}" ;; + s) IMG_SIZE="${OPTARG}" ;; + esac +done + +shift $(( $OPTIND - 1 )) + +ROOTFS="$1" + +[ -n "${ROOTFS}" ] || usage +[ -d "${ROOTFS}" ] || die "${ROOTFS} is not a directory" +# The kata rootfs image expect init and kata-agent to be installed +init="${ROOTFS_DIR}/sbin/init" +[ -x "${init}" ] || [ -L ${init} ] || die "/sbin/init is not installed in ${ROOTFS_DIR}" +OK "init is installed" +[ -x "${ROOTFS}/bin/${AGENT_BIN}" ] || \ + die "/bin/${AGENT_BIN} is not installed in ${ROOTFS_DIR} + use AGENT_BIN env variable to change the expected agent binary name" +OK "Agent installed" +[ "$(id -u)" -eq 0 ] || die "$0: must be run as root" + +BLOCK_SIZE=${BLOCK_SIZE:-4096} +IMG_SIZE=${IMG_SIZE:-80} + +info "Creating raw disk with size ${IMG_SIZE}M" +qemu-img create -q -f raw "${IMAGE}" "${IMG_SIZE}M" +OK "Image file created" + +# Kata runtime expect an image with just one partition +# The partition is the rootfs content + +info "Creating partitions" +parted "${IMAGE}" --script "mklabel gpt" \ +"mkpart ext4 1M -1M" +OK "Partitions created" + +# Get the loop device bound to the image file (requires /dev mounted in the +# image build system and root privileges) +DEVICE=$(losetup -P -f --show "${IMAGE}") + +#Refresh partition table +partprobe "${DEVICE}" + +MOUNT_DIR=$(mktemp -d osbuilder-mount-dir.XXXX) +info "Formating Image using ext4 format" +mkfs.ext4 -q -F -b "${BLOCK_SIZE}" "${DEVICE}p1" +OK "Image formated" + +info "Mounting root paratition" +mount "${DEVICE}p1" "${MOUNT_DIR}" +OK "root paratition mounted" + +RESERVED_BLOCKS_PERCENTAGE=3 +info "Set filesystem reserved blocks percentage to ${RESERVED_BLOCKS_PERCENTAGE}%" +tune2fs -m "${RESERVED_BLOCKS_PERCENTAGE}" "${DEVICE}p1" + +#TODO: Calculate disk size based on rootfs +#FIXME: https://github.com/kata-containers/osbuilder/issues/2 +ROOTFS_SIZE=$(du -B 1MB -s "${ROOTFS}" | awk '{print $1}') +AVAIL_DISK=$(df -B M --output=avail "${DEVICE}p1" | tail -1) +AVAIL_DISK=${AVAIL_DISK/M} +info "Free space root partition ${AVAIL_DISK} MB" +info "rootfs size ${ROOTFS_SIZE} MB" +info "Copying content from rootfs to root partition" +cp -a "${ROOTFS}"/* ${MOUNT_DIR} +OK "rootfs copied" + +# Cleanup +sync +umount -l ${MOUNT_DIR} +fsck -D -y "${DEVICE}p1" +losetup -d "${DEVICE}" +info "Image created" From d9fe322a5f211bb86ff29d99e81989e37e69f1d0 Mon Sep 17 00:00:00 2001 From: Jose Carlos Venegas Munoz Date: Mon, 27 Nov 2017 22:31:15 -0600 Subject: [PATCH 012/307] image: Add README Add readme do document how to use ./image-builder/image_builder.sh Signed-off-by: Jose Carlos Venegas Munoz --- image-builder/README.md | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 image-builder/README.md diff --git a/image-builder/README.md b/image-builder/README.md new file mode 100644 index 000000000..929681970 --- /dev/null +++ b/image-builder/README.md @@ -0,0 +1,25 @@ +# Kata Containers image generation # + +A Kata Containers image is generated by the script `image_builder.sh` +which uses a `rootfs` directory created by the script +`rootfs-builder/rootfs.sh`. + +To create a guest OS image run: + +``` +$ ./image_builder.sh path/to/rootfs +``` + +Where `path/to/rootfs` is the directory pupulated by `rootfs.sh`. The +script will check for following required binaries: + +- `/sbin/init` : The image must contain a `init` binary +- `/bin/kata-agent` : The image contain the Kata [agent] + +More information about usage: + +``` +$ ./image_builder.sh -h +``` + +[agent]: https://github.com/kata-containers/agent "Kata agent" From 0e1b500fecad24778a8c82db0a9d050820e24f2a Mon Sep 17 00:00:00 2001 From: Jose Carlos Venegas Munoz Date: Fri, 1 Dec 2017 00:51:05 -0600 Subject: [PATCH 013/307] docs: Add README - Overview - Terms Signed-off-by: Jose Carlos Venegas Munoz --- README.md | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 README.md diff --git a/README.md b/README.md new file mode 100644 index 000000000..c14208b29 --- /dev/null +++ b/README.md @@ -0,0 +1,33 @@ +# Overview # + +`Kata Containers runtime` creates a Virtual Machine to isolate a set of +container workloads. The Virtual Machine requires a operating system +operating (`Guest OS`) to boot and create containers inside the guest +environment. + +This repository contains tools to create a `Guest OS` for `Kata +Containers`. + +## Terms ## + +This section describe the terms used as along all this document. + +- `Guest OS` + + It is the collection of a `virtual disk` or `disk image` and `kernel` + that in conjunction work as an operating system and it is different than + the host operating system. + + - `Virtual disk` or `Guest Image` + + It is a virtual disk witch contains a `rootfs` that will be used to boot + a Virtual Machine by for the `Kata Containers runtime`. + + - `rootfs` + + The root filesystem or rootfs is the filesystem that is contained in the + guest root directory. It can be built from any Linux Distribution but + must provide at least the following components: + - Kata agent + - A `init` system (for example `systemd`) witch allow to start + Kata agent at boot time. From 48820425ebdd37c34cd3e130b01bcee8560bd736 Mon Sep 17 00:00:00 2001 From: Jose Carlos Venegas Munoz Date: Tue, 28 Nov 2017 09:03:01 -0600 Subject: [PATCH 014/307] Makefile: Add image target Use as default base OS centos Signed-off-by: Jose Carlos Venegas Munoz --- Makefile | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 Makefile diff --git a/Makefile b/Makefile new file mode 100644 index 000000000..7637ea779 --- /dev/null +++ b/Makefile @@ -0,0 +1,16 @@ +# +# Copyright (c) 2017 Intel Corporation +# +# SPDX-License-Identifier: Apache-2.0 +# +MK_DIR :=$(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) + +DISTRO ?= centos +DISTRO_ROOTFS := "$(PWD)/$(DISTRO)_rootfs" +IMG_SIZE=500 + +image: + @echo Creating rootfs based on "$(DISTRO)" + "$(MK_DIR)/rootfs-builder/rootfs.sh" -r "$(DISTRO_ROOTFS)" "$(DISTRO)" + @echo Creating image based on "$(DISTRO_ROOTFS)" + AGENT_BIN="$(AGENT_BIN)" "$(MK_DIR)/image-builder/image_builder.sh" -s "$(IMG_SIZE)" "$(DISTRO_ROOTFS)" From 5c7a685f960b87ffd77efb8caed97b6ba999759d Mon Sep 17 00:00:00 2001 From: "James O. D. Hunt" Date: Mon, 18 Dec 2017 21:52:55 +0000 Subject: [PATCH 015/307] CI: Require 2 approvals for pullapprove Change the pullapprove configuration to require two acks before a PR can be approved (for parity with the agent). Fixes #10. Signed-off-by: James O. D. Hunt --- .pullapprove.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pullapprove.yml b/.pullapprove.yml index bf30ea143..ee290078f 100644 --- a/.pullapprove.yml +++ b/.pullapprove.yml @@ -26,6 +26,6 @@ group_defaults: groups: approvers: - required: 1 + required: 2 teams: - builder From c0d3ef8c1b4465ecc3e95f5771b6a893ea5e9a3c Mon Sep 17 00:00:00 2001 From: "James O. D. Hunt" Date: Mon, 18 Dec 2017 21:53:23 +0000 Subject: [PATCH 016/307] CI: Add rfc logic to pullapprove config For parity with the agent, disallow merging of RFC branches. Signed-off-by: James O. D. Hunt --- .pullapprove.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.pullapprove.yml b/.pullapprove.yml index ee290078f..56aa0126c 100644 --- a/.pullapprove.yml +++ b/.pullapprove.yml @@ -6,10 +6,11 @@ requirements: # Disallow approval of PRs still under development always_pending: - title_regex: 'WIP' + title_regex: '(WIP|RFC)' labels: - do-not-merge - wip + - rfc explanation: 'Work in progress - do not merge' group_defaults: From 8086e5b7a69ae84216ed67d6c87d0cadc453b0bf Mon Sep 17 00:00:00 2001 From: Harshal Patil Date: Mon, 15 Jan 2018 10:39:17 +0530 Subject: [PATCH 017/307] scripts: Exit if GOPATH is not set Changed the `rootfs.sh` script to exit with an error if `GOPATH` isn't set in the environment. Fixes #20. Signed-off-by: Harshal Patil --- rootfs-builder/rootfs.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/rootfs-builder/rootfs.sh b/rootfs-builder/rootfs.sh index 9cd147f6d..858b441ad 100755 --- a/rootfs-builder/rootfs.sh +++ b/rootfs-builder/rootfs.sh @@ -91,6 +91,8 @@ done shift $(($OPTIND - 1)) +[ -z "$GOPATH" ] && die "GOPATH not set" + distro="$1" [ -n "${distro}" ] || usage 1 From d46348a348f47a15055f24077f4139853a59bd72 Mon Sep 17 00:00:00 2001 From: Liang Chenye Date: Thu, 11 Jan 2018 17:00:12 +0800 Subject: [PATCH 018/307] rootfs: Add rootfs based on EulerOS 2 Fixes #17. Signed-off-by: Liang Chenye --- rootfs-builder/euleros/Dockerfile | 1 + rootfs-builder/euleros/RPM-GPG-KEY-EulerOS | 52 +++++++++++ rootfs-builder/euleros/config.sh | 15 ++++ rootfs-builder/euleros/rootfs_lib.sh | 100 +++++++++++++++++++++ 4 files changed, 168 insertions(+) create mode 100644 rootfs-builder/euleros/Dockerfile create mode 100644 rootfs-builder/euleros/RPM-GPG-KEY-EulerOS create mode 100644 rootfs-builder/euleros/config.sh create mode 100644 rootfs-builder/euleros/rootfs_lib.sh diff --git a/rootfs-builder/euleros/Dockerfile b/rootfs-builder/euleros/Dockerfile new file mode 100644 index 000000000..e6250b277 --- /dev/null +++ b/rootfs-builder/euleros/Dockerfile @@ -0,0 +1 @@ +FROM euleros:2.2 diff --git a/rootfs-builder/euleros/RPM-GPG-KEY-EulerOS b/rootfs-builder/euleros/RPM-GPG-KEY-EulerOS new file mode 100644 index 000000000..39495478d --- /dev/null +++ b/rootfs-builder/euleros/RPM-GPG-KEY-EulerOS @@ -0,0 +1,52 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v2 + +mQINBFhFFc8BEADu77vsD7rA1zCTreI9Ex9dIbWWR0Ntu4e7OL+VSIxXserWron2 +kTHagPIrDGtFqWTQgbt4tpjJ8vOAMzCADYq2eNRbEbUL/TOGfYk5Lgfo0P7F5Slr +dXNow2HrZhxehTwRSvseQg9Yrx2LVXDgr8wAMLldnkCSa0iyAE90ehDLOUaf2Lal +c99p+4tw8GhWP7C41pX4ywLrJ1FXodFTpg+I7p9EW5zt5mZhwX7NkhdoISnNAA6L +R5NA+6G8rCC1fdTGfqYPfNGrO9DBSZNfunWZsN+kYo4ac3GbZkdnh3LA2YCW4yiA +u5AoPv1UIkFMLh0KoJDxOORMkxI++3qFAIzShtMRAQencsM85bzdXNmk3VE+nY9V +J0BHCLMELtr/o6b+e5ak3qcG1sMFBEMn367/k6suIpTF5sEszQScWeqbhdeFmXt6 +mur2z6zDwwa5Y4n0x9Lsz50PxgkDrHXxeoLO5ByE8iTJqxhYSl0hb/bhSmBaYXnW +JiqtoLbYW/isgZ8OW414P2ZUwgByA9O4Tso37oEU69ycrxFVI63M5xUGkchI+HBo +VB9XZ7QzjU8SGoelj5YtjV7og974dcXC4NwUTnhJW3pd3MfiA3C96voCN/ozjzpg +uJGg0vzuTUcHAIMhujWPWCb0YN6fr5z+7Et8yqPv4qt3fgaxdVO5qQds1wARAQAB +tC5FdWxlck9TIChFdWxlck9TIDIuMCBTUDIpIDxFdWxlck9TQGh1YXdlaS5jb20+ +iQI/BBMBAgApBQJYRRXPAhsDBQkJZgGABwsJCAcDAgEGFQgCCQoLBBYCAwECHgEC +F4AACgkQYAMXvDgdesNPCxAAh7huw08/oFHpCSN9dYd/YlFfCs/+wb2KUqZZ2yIK +SSpmRmQiQdJRUiJly69WZL4H2NYCw3MQiV8Q433err3iQXMjumfl5hq2KplMgsAQ +sraOreJPeN1687rzEV9eDjuKV7btd2VaSyiMIaAFaWjoxl6E77x8ifNbXcnTHk+5 +39BCRn3WsSXbQKWolFEvwNr/SYzGIIdtmrlZSog/vAKPqzTsJDj/Qsf/0Uec1iCX +6pnZwMrQTlc+nnnAp9bMVla39uWGwyhhicTsokElm/4wD+OaLF2xz3gWk3l3fHjh +V8PtzhQxpHlyqR7pOvG5eun9VsBeWwH6TcHU1B+cPi4SmQcflvJCV/XCTTcK6Z1i +/35cmZdwCoDnM+Aadfywfoaliy5rnsvvMSljI+hw8gX3NACIDd2RBPmER3wknZw6 +bIpm0vtlaG1fcCio0kFo9CplLYbYHtx9Y7Icln3O3keODlR+rc8HI5X0YPkLa9Fs +mqP0fN2PGcEPm7CjoEdFdfOJn+1TvR7T1cnBiso5hLcMPtX8b6vzvIrFy5OKq90N +LYjgdn8LMmE6Gi/LA6yEBB958vGS5kAQI3HvCmw9vBeGdVZ+QXjmeVN6Vp9bEnBS +3oZbUXzo3CpeGxvj7+8s8j6MMvDLPLIdxXWi1ZTJkZFa+ElvZMG34SI/kSHHdSSO +gRG5Ag0EWEUVzwEQANBn+RzOAOl8OVPBtmDRIC/G7yssy7Q3ZGWUDIxs2NNk2oBH +9RsCm+vYeQkScloed+Cv6dkQvCPiFk+VtlLeSl0ugmvjNjZknuMhbgiC1ObR2SmV +uNpT3qMaNQQBJg0tJGU/1hLHDqjj2TGvj+WJDfzRoVie1dHq6bnogOErEXvKGmNZ +/cDuvmeURmFqx/+cwim2QFc95hcylBXRhnTnGblgxjzYXnXbIMvtCNz3Nnd1yT3P +9Z+h7Mwk746UEK2R1EgpVzZa9YF/mg2NRwBFuuJ4yP0MxmzP1AMgqQSp7XrMP6KG +6RbmDymrTHFTkP/lI3qZ1bgNB64bq/Eq1J3qgukEDN8JZKMiG+/vAg3lkPQwn3Uy +8IfBCqVrF0/dg+kJesgEMs6T+CsINWQ/SEPYHT/6LGytr+4MgDVqI1wxII8gBZzk +FHohleNRWvKKGLphECO7NwgrDFwWlIsT46d1Hga0uHNDSg1mczU2swYHD7/j1HQE +McByTVuzUjT/eAxmbN+DZ4cGBccqMP8RkZfBpalhB5lyjnIN2tMJ3y3yZrpmJkU1 +LaetdFqwycMmV7Mmi2dEdqumnmKhSZqyJ1ShuSm9pEBxahwJGdhtC6Id7iwzZ3uJ +53nhO7hvGC0gt3w0frX0TcvT7aFa4ZsgaJxUJy0MKDPZmv/3hYKpH/QkLiu7ABEB +AAGJAiUEGAECAA8FAlhFFc8CGwwFCQlmAYAACgkQYAMXvDgdesO+fw//bQImNhW0 +ZwG5FG7oP+KPgmma2+N/JnzemqEUzjRTIiEN4LCj8qvJ/aKYZJkfUcKvP4kpVW66 ++tlJ11Ie9Bnkqm3GdT1nkWDghzTK7/x6ktRwyuowmEYh01fW3bybB0RcQOJzGnMK +umnNzd4VUdMGwdbg/sQnKc6lMU9+hz/tCOU9Ok6Ps384gRXjmRQ+J9EFHq14kXtP +Xy584MD1+OBsPwlMViAAjV9L3pxtS1JoFplNPYogbBOKHdImS3dNOMLwV3dHAf1d +l0MqgMEabLBQusx2q7CUw4xBi5EJJtnos9bJvGSCplDyjlshDiY7wxcFLLb90VWs +TnJVbDswCjsdVi5x8eyPplygGxgt9Qg2XNYN5EgN9MLbmbC7Mi7oRf1E7QMLuuQ+ ++lkTb1rAe4YewwwAZHao4zGJelNXmSPN8u8s/zUrnFKG78qjLDZW9kGvkFpElOPj +KkgsSaTn8kbxWoyR9wKW56onTos6eMfhItLCFy5/oAD3sIp5aCsATuJZPSAtDKxw +1jzQRx4KOOYYrsS1qMd7gG151/QM15E56gdi+6gaeLcz8YQ2zcvxg5eabUDKp+bP +I47NsT6rLAhV5mTB0NneC//Yng7JJ0q0jkiJu49BQ1if6Pz8txDxBs4U3mvCw2rA +qSxRE/XMoebNx2CFQwFp7izDHwuG6uRRUQQ= +=3beT +-----END PGP PUBLIC KEY BLOCK----- diff --git a/rootfs-builder/euleros/config.sh b/rootfs-builder/euleros/config.sh new file mode 100644 index 000000000..86c0322b2 --- /dev/null +++ b/rootfs-builder/euleros/config.sh @@ -0,0 +1,15 @@ +# This is a configuration file add extra variables to +# be used by build_rootfs() from rootfs_lib.sh the variables will be +# loaded just before call the function. + +# Here there are a couple of variables you may need. +# Remove them or add more + +# EulerOS Version +OS_VERSION=${OS_VERSION:-2} + +#Mandatory Packages that must be installed +# systemd: An init system that will start kata-agent +# iptables: Need by Kata agent +# udevlib.so: Need by Kata agent +PACKAGES="systemd iptables" diff --git a/rootfs-builder/euleros/rootfs_lib.sh b/rootfs-builder/euleros/rootfs_lib.sh new file mode 100644 index 000000000..0b4ac19d7 --- /dev/null +++ b/rootfs-builder/euleros/rootfs_lib.sh @@ -0,0 +1,100 @@ +#!/bin/bash +# +# Copyright (c) 2018 Huawei Technologies Co., Ltd +# +# SPDX-License-Identifier: Apache-2.0 + +check_program(){ + type "$1" >/dev/null 2>&1 +} + +check_root() +{ + if [ "$(id -u)" != "0" ]; then + echo "Root is needed" + exit 1 + fi +} + +generate_yum_config() +{ + cat > "${DNF_CONF}" << EOF +[main] +cachedir=/var/cache/euleros-osbuilder +keepcache=0 +debuglevel=2 +logfile=/var/log/yum-euleros.log +exactarch=1 + +[Base] +name=EulerOS-2.2 Base +baseurl=http://developer.huawei.com/ict/site-euleros/euleros/repo/yum/2.2/os/x86_64/ +enabled=1 +gpgcheck=1 +gpgkey=file://${CONFIG_DIR}/RPM-GPG-KEY-EulerOS +EOF +} + +# - Arguments +# rootfs_dir=$1 +# +# - Optional environment variables +# +# EXTRA_PKGS: Variable to add extra PKGS provided by the user +# +# BIN_AGENT: Name of the Kata-Agent binary +# +# REPO_URL: URL to distribution repository ( should be configured in +# config.sh file) +# +# Any other configuration variable for a specific distro must be added +# and documented on its own config.sh +# +# - Expected result +# +# rootfs_dir populated with rootfs pkgs +# It must provide a binary in /sbin/init +build_rootfs() { + # Mandatory + local ROOTFS_DIR=$1 + + #Name of the Kata-Agent binary + local BIN_AGENT=${BIN_AGENT} + + # In case of support EXTRA packages, use it to allow + # users add more packages to the base rootfs + local EXTRA_PKGS=${EXTRA_PKGS:-} + + #In case rootfs is created usign repositories allow user to modify + # the default URL + local REPO_URL=${REPO_URL:-http://developer.huawei.com/ict/site-euleros/euleros/repo/yum/2.2} + + #PATH where files this script is placed + #Use it to refer to files in the same directory + #Exmaple: ${CONFIG_DIR}/foo + local CONFIG_DIR=${CONFIG_DIR} + + + # Populate ROOTFS_DIR + # Must provide /sbin/init and /bin/${BIN_AGENT} + check_root + if [ ! -f "{DNF_CONF}" ]; then + DNF_CONF="./kata-euleros-yum.repo" + generate_yum_config + fi + mkdir -p "${ROOTFS_DIR}" + if [ -n "${PKG_MANAGER}" ]; then + info "DNF path provided by user: ${PKG_MANAGER}" + elif check_program "yum" ; then + PKG_MANAGER="yum" + else + die "yum is not installed" + fi + + info "Using : ${PKG_MANAGER} to pull packages from ${REPO_URL}" + + DNF="${PKG_MANAGER} --config=$DNF_CONF -y --installroot=${ROOTFS_DIR} --noplugins" + $DNF install ${EXTRA_PKGS} ${PACKAGES} + + [ -n "${ROOTFS_DIR}" ] && rm -r "${ROOTFS_DIR}/var/cache/euleros-osbuilder" +} From 57617ea4af571a184165932a3726495aea4e3705 Mon Sep 17 00:00:00 2001 From: "James O. D. Hunt" Date: Tue, 16 Jan 2018 11:32:38 +0000 Subject: [PATCH 019/307] docs: General cleanup Rework the docs to make them simpler and more consistent. Also added of contents and corrected a few mistakes. Fixes #26. Signed-off-by: James O. D. Hunt --- README.md | 46 ++++----- image-builder/README.md | 23 ++--- rootfs-builder/README.md | 209 ++++++++++++++++++++++++--------------- 3 files changed, 165 insertions(+), 113 deletions(-) diff --git a/README.md b/README.md index c14208b29..f905cf228 100644 --- a/README.md +++ b/README.md @@ -1,33 +1,35 @@ -# Overview # +* [Overview](#overview) +* [Terms](#terms) -`Kata Containers runtime` creates a Virtual Machine to isolate a set of -container workloads. The Virtual Machine requires a operating system -operating (`Guest OS`) to boot and create containers inside the guest +# Overview + +The Kata Containers runtime creates a virtual machine (VM) to isolate a set of +container workloads. The VM requires a guest kernel and a guest operating system +("guest OS") to boot and create containers inside the guest environment. -This repository contains tools to create a `Guest OS` for `Kata -Containers`. +This repository contains tools to create a guest OS disk image. -## Terms ## +# Terms -This section describe the terms used as along all this document. +This section describes the terms used for all documentation in this repository. -- `Guest OS` +- rootfs - It is the collection of a `virtual disk` or `disk image` and `kernel` - that in conjunction work as an operating system and it is different than - the host operating system. + The root filesystem or "rootfs" is the set of files contained in the + guest root directory that builds into a filesystem. - - `Virtual disk` or `Guest Image` + See [the rootfs builder documentation](rootfs-builder/README.md). - It is a virtual disk witch contains a `rootfs` that will be used to boot - a Virtual Machine by for the `Kata Containers runtime`. +- "Guest OS" (or "Guest Image") - - `rootfs` + A "virtual disk" or "disk image" built from a rootfs. It contains a + filesystem that is used by the VM, in conjunction with a guest kernel, to + create an environment to host the container. Neither the guest OS nor the + guest kernel need to be the same as the host operating system. - The root filesystem or rootfs is the filesystem that is contained in the - guest root directory. It can be built from any Linux Distribution but - must provide at least the following components: - - Kata agent - - A `init` system (for example `systemd`) witch allow to start - Kata agent at boot time. + See [the image builder documentation](image-builder/README.md). + +- "Base OS" + + A particular version of a Linux distribution used to create a Guest OS from. diff --git a/image-builder/README.md b/image-builder/README.md index 929681970..af0b0f941 100644 --- a/image-builder/README.md +++ b/image-builder/README.md @@ -1,8 +1,12 @@ -# Kata Containers image generation # +* [Creating a guest OS image](#creating-a-guest-os-image) +* [Further information](#further-information) -A Kata Containers image is generated by the script `image_builder.sh` -which uses a `rootfs` directory created by the script -`rootfs-builder/rootfs.sh`. +# Kata Containers image generation + +A Kata Containers disk image is generated using the `image_builder.sh` script. +This uses a rootfs directory created by the `rootfs-builder/rootfs.sh` script. + +## Creating a guest OS image To create a guest OS image run: @@ -10,16 +14,13 @@ To create a guest OS image run: $ ./image_builder.sh path/to/rootfs ``` -Where `path/to/rootfs` is the directory pupulated by `rootfs.sh`. The -script will check for following required binaries: +Where `path/to/rootfs` is the directory populated by `rootfs.sh`. -- `/sbin/init` : The image must contain a `init` binary -- `/bin/kata-agent` : The image contain the Kata [agent] +## Further information -More information about usage: +For more information about usage (including how to adjust the size of the +image), run: ``` $ ./image_builder.sh -h ``` - -[agent]: https://github.com/kata-containers/agent "Kata agent" diff --git a/rootfs-builder/README.md b/rootfs-builder/README.md index c0a614756..7143f5fe4 100644 --- a/rootfs-builder/README.md +++ b/rootfs-builder/README.md @@ -1,103 +1,62 @@ -# Building a rootfs for Kata Containers Guest OS # +* [Supported base OSs](#supported-base-oss) +* [Creating a rootfs](#creating-a-rootfs) +* [Build a rootfs using Docker*](#build-a-rootfs-using-docker*) +* [Adding support for a new guest OS](#adding-support-for-a-new-guest-os) + * [Create template files](#create-template-files) + * [Modify template files](#modify-template-files) + * [Expected rootfs directory content](#expected-rootfs-directory-content) + * [(optional) Customise the rootfs](#(optional)-customise-the-rootfs) + * [Adding extra packages](#adding-extra-packages) + * [Arbitary rootfs changes](#arbitary-rootfs-changes) -The Kata Containers `rootfs` is created using `rootfs.sh`. +# Building a Guest OS rootfs for Kata Containers -## Supported base OSs ## +The Kata Containers rootfs is created using the `rootfs.sh` script. -The `rootfs.sh` script builds a `rootfs` based on a particular Linux\* -distribution. To build a `rootfs`for your chosen distribution, run: +## Supported base OSs + +The `rootfs.sh` script builds a rootfs based on a particular Linux\* +distribution. The script supports multiple distributions and can be extended +to add further ones. + +To list the supported distributions, run: ``` -$./rootfs.sh +$ ./rootfs.sh -h ``` -To check the supported `rootfs` based OS run `$rootfs-builder/rootfs.sh --h`, it will show the supported values of `` +## Rootfs requirements +The rootfs must provide at least the following components: -## Adding support for new base OS ## +- [Kata agent](https://github.com/kata-containers/agent) -The script `rootfs.sh` will it check for immediate sub-directories -containing the following expected files structure: + Path: `/bin/kata-agent` - Kata Containers guest. -- A `bash(1)` script called `rootfs_lib.sh` +- An `init` system (e.g. `systemd`) to start the Kata agent + when the guest OS boots. - This file must contain a function called `build_rootfs()` this function - must receive as first argument the path where the `rootfs` will be - populated. Path: `rootfs-builder//rootfs_lib.sh`. + Path: `/sbin/init` - init binary called by the kernel. +## Creating a rootfs -- A `bash(1)` file `config.sh` - - This represents the specific configuration for ``. It must - provide configuration specific variables for user to modify as needed. - The `config.sh` file will be loaded before executing `build_rootfs()` to - provide all the needed configuration to the function. Path: - `rootfs-builder//config.sh`. - -To create a directory with the expected file structure run: +To build a rootfs for your chosen distribution, run: ``` -make -f template/Makefile ROOTFS_BASE_NAME=my_new_awesome_rootfs +$ sudo ./rootfs.sh ``` -After run the command above, a new directory will be created in -`rootfs-builder/my_new_awesome_rootfs/`. To verify it is one of the -options to build a `rootfs` run `./rootfs.sh -h`, it will show -`my_new_awesome` as one of the options to use it for: +## Build a rootfs using Docker* -``` -./rootfs.sh -``` - -Now that a new directory structure was created is need to: - -- If needed, add configuration variables to `rootfs-builder/my_new_awesome_rootfs/config.sh` -- Implement the stub `build_rootfs()` function from `rootfs-builder/my_new_awesome_rootfs/rootfs_lib.sh` - -### Expected `rootfs` directory content ### - -After the function `build_rootfs` is called, the script expects the -`rootfs` directory to contain /sbin/init and /sbin/kata-agent binaries. - -### (optional) Customise the `rootfs` ### - -For development uses cases, developers may want to modify the guest OS. -To do that it is possible to use following methods: - -- Use the environment variable `EXTRA_PKG` to provide a list of space - separated packages to be installed. - - *Note: The package names may vary among Linux* distributions, the extra - package names must exist in the base OS flavor you use to build the - `rootfs`* - - Example: - ``` - EXTRA_PKG="vim emacs" ./rootfs-builder/rootfs.sh \ - -r ${PWD}/myrootfs fedora - - ``` - -- In `rootfs-builder//config.sh` modify the variable `PACKAGES`. - This are the minimal set of packages needed. The configuration file must - use the package names from the distro was created for. - -- It is possible to customise the `rootfs` directory before create an - image based in on it. - - -## Build `rootfs` using Docker* ## - -Depending on the base OS to build the `rootfs` guest OS, it is required some +Depending on the base OS to build the rootfs guest OS, it is required some specific programs that probably are not available or installed in the system that will build the guest image. For this case `rootfs.sh` can use -a Docker\* container to build the `rootfs`. The following requirements +a Docker\* container to build the rootfs. The following requirements must be met: -1. Docker 1.12+ installed +1. Docker 1.12+ installed. -2. `runc` is configured as the default runtime +2. `runc` is configured as the default runtime. To check if `runc` is the default runtime: @@ -106,16 +65,19 @@ must be met: ``` Note: - This requirement is specifically when using Clear Containers runtime - see [issue](https://github.com/clearcontainers/runtime/issues/828) for + + This requirement is specific to the Clear Containers runtime. + See [issue](https://github.com/clearcontainers/runtime/issues/828) for more information. -3. Export `USE_DOCKER` variable +3. Export `USE_DOCKER` variable. ``` $ export USE_DOCKER=true ``` -4. Use `rootfs.sh: + +4. Use `rootfs.sh`: + Example: ``` $ export USE_DOCKER=true @@ -124,3 +86,90 @@ must be met: $ # build image based rootfs created above $ ./image-builder/image_builder.sh "${PWD}/fedora_rootfs" ``` + +## Adding support for a new guest OS + +The `rootfs.sh` script will check for immediate sub-directories +containing the following expected files: + +- A `bash(1)` script called `rootfs_lib.sh` + + This file must contain a function called `build_rootfs()`, which must + receive the path to where the rootfs is created, as its first argument. + + Path: `rootfs-builder//rootfs_lib.sh`. + + +- A `bash(1)` script called `config.sh` + + This represents the specific configuration for ``. It must + provide configuration specific variables for the user to modify as needed. + The `config.sh` file will be loaded before executing `build_rootfs()` to + provide all the needed configuration to the function. + + Path: `rootfs-builder//config.sh`. + +### Create template files + +To create a directory with the expected file structure run: + +``` +$ make -f template/Makefile ROOTFS_BASE_NAME=my_new_awesome_rootfs +``` + +After running the previous command, a new directory is created in +`rootfs-builder/my_new_awesome_rootfs/`. + + +To verify the directory can be used to build a rootfs, run `./rootfs.sh -h`. +Running this script shows `my_new_awesome_rootfs` as one of the options for +use. To use the new guest OS, follow the instructions in [Creating a rootfs](#creating-a-rootfs). + +### Modify template files + +After the new directory structure is created: + +- If needed, add configuration variables to + `rootfs-builder/my_new_awesome_rootfs/config.sh`. + +- Implement the stub `build_rootfs()` function from + `rootfs-builder/my_new_awesome_rootfs/rootfs_lib.sh`. + +### Expected rootfs directory content + +After the function `build_rootfs` is called, the script expects the +rootfs directory to contain `/sbin/init` and `/sbin/kata-agent` binaries. + +### (optional) Customise the rootfs + +For particular use cases developers might want to modify the guest OS. + +#### Adding extra packages + +To add additional packages, use one of the following methods: + +- Use the environment variable `EXTRA_PKGS` to provide a list of space-separated + packages to install. + + Note: + + The package names might vary among Linux distributions, the extra + package names must exist in the base OS flavor you use to build the + rootfs from. + + Example: + + ``` + $ EXTRA_PKGS="vim emacs" ./rootfs-builder/rootfs.sh -r ${PWD}/myrootfs fedora + ``` + +- Modify the variable `PACKAGES` in `rootfs-builder//config.sh`. + + This variable specifies the minimal set of packages needed. The + configuration file must use the package names from the distro for which they + were created. + +#### Arbitary rootfs changes + +Once the rootfs directory is created, you can add and remove files as +needed. Changes affect the files included in the final guest image. From be3266fb005262f1772b56039ce37e823cdc2846 Mon Sep 17 00:00:00 2001 From: Jose Carlos Venegas Munoz Date: Thu, 18 Jan 2018 23:23:25 -0600 Subject: [PATCH 020/307] ci: Add travis basic testing Add basic a few tests to be run by travis. Signed-off-by: Jose Carlos Venegas Munoz --- .ci/run.sh | 15 ++++++++++++ .ci/setup.sh | 20 ++++++++++++++++ .travis.yml | 19 +++++++++++++++ tests/image_creation.bats | 49 +++++++++++++++++++++++++++++++++++++++ 4 files changed, 103 insertions(+) create mode 100755 .ci/run.sh create mode 100755 .ci/setup.sh create mode 100644 .travis.yml create mode 100644 tests/image_creation.bats diff --git a/.ci/run.sh b/.ci/run.sh new file mode 100755 index 000000000..57448a434 --- /dev/null +++ b/.ci/run.sh @@ -0,0 +1,15 @@ +#!/bin/bash +# +# Copyright (c) 2018 Intel Corporation +# +# SPDX-License-Identifier: Apache-2.0 +# + + +set -e + +export GOPATH="${GOPATH:-/tmp/go}" + +script_dir="$(dirname $(readlink -f $0))" + +sudo -E PATH="$PATH" bats "${script_dir}/../tests/image_creation.bats" diff --git a/.ci/setup.sh b/.ci/setup.sh new file mode 100755 index 000000000..ec9b2fd97 --- /dev/null +++ b/.ci/setup.sh @@ -0,0 +1,20 @@ +#!/bin/bash +# +# Copyright (c) 2018 Intel Corporation +# +# SPDX-License-Identifier: Apache-2.0 +# + +#Note: If add clearlinux as supported CI use a stateless os-release file +source /etc/os-release + +if [ "$ID" == fedora ];then + sudo -E dnf -y install automake bats +elif [ "$ID" == ubuntu ];then + #bats isn't available for Ubuntu trusty, need for travis + sudo add-apt-repository -y ppa:duggan/bats + sudo apt-get -qq update + sudo apt-get install -y -qq automake bats qemu-utils +else + echo "Linux distribution not supported" +fi diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 000000000..b81698ebe --- /dev/null +++ b/.travis.yml @@ -0,0 +1,19 @@ +# +# Copyright (c) 2018 Intel Corporation +# +# SPDX-License-Identifier: Apache-2.0 +# + +sudo: required +dist: trusty + +language: bash + +services: + - docker + +before_script: + - ".ci/setup.sh" + +script: +- ".ci/run.sh" diff --git a/tests/image_creation.bats b/tests/image_creation.bats new file mode 100644 index 000000000..b6e38104a --- /dev/null +++ b/tests/image_creation.bats @@ -0,0 +1,49 @@ +#!/usr/bin/env bats +# +# Copyright (c) 2018 Intel Corporation +# +# SPDX-License-Identifier: Apache-2.0 + + +rootfs_sh="$BATS_TEST_DIRNAME/../rootfs-builder/rootfs.sh" +image_builder_sh="$BATS_TEST_DIRNAME/../image-builder/image_builder.sh" +readonly tmp_dir=$(mktemp -t -d osbuilder-test.XXXXXXX) +#FIXME: Remove image size after https://github.com/kata-containers/osbuilder/issues/25 is fixed +readonly image_size=400 + + +setup() +{ + export USE_DOCKER=true +} + +teardown(){ + # Rootfs is own by root change it to remove it + sudo rm -rf "${tmp_dir}/rootfs-osbuilder" + rm -rf "${tmp_dir}" +} + +function build_image() +{ + distro="$1" + [ -n "$distro" ] + local rootfs="${tmp_dir}/rootfs-osbuilder" + sudo -E ${rootfs_sh} -r "${rootfs}" fedora + sudo ${image_builder_sh} -s ${image_size} -o "${tmp_dir}/image.img" "${rootfs}" +} + +@test "Can create fedora image" { + build_image fedora +} + +@test "Can create clearlinux image" { + build_image clearlinux +} + +@test "Can create centos image" { + build_image centos +} + +@test "Can create euleros image" { + build_image euleros +} From 853ef22eefde2e77b6805d64bb0f7c96adf65ebb Mon Sep 17 00:00:00 2001 From: Jose Carlos Venegas Munoz Date: Thu, 18 Jan 2018 23:42:42 -0600 Subject: [PATCH 021/307] rootfs: Change realpath for readlink readlink is more common than realpath Signed-off-by: Jose Carlos Venegas Munoz --- rootfs-builder/rootfs.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rootfs-builder/rootfs.sh b/rootfs-builder/rootfs.sh index 858b441ad..be5312865 100755 --- a/rootfs-builder/rootfs.sh +++ b/rootfs-builder/rootfs.sh @@ -7,7 +7,7 @@ set -e script_name="${0##*/}" -script_dir="$(dirname $(realpath -s $0))" +script_dir="$(dirname $(readlink -f $0))" ROOTFS_DIR=${ROOTFS_DIR:-${PWD}/rootfs} AGENT_VERSION=${AGENT_VERSION:-master} GO_AGENT_PKG=${GO_AGENT_PKG:-github.com/kata-containers/agent} From a9fef80feb20d79e2a8a5bc3107b1cacbdb169a0 Mon Sep 17 00:00:00 2001 From: Jose Carlos Venegas Munoz Date: Fri, 19 Jan 2018 00:43:16 -0600 Subject: [PATCH 022/307] image_builder: Allow build in a docker container In case host not has requried programs allow build image in a container when USE_DOCKER is set. Signed-off-by: Jose Carlos Venegas Munoz --- image-builder/Dockerfile | 3 +++ image-builder/image_builder.sh | 43 +++++++++++++++++++++++++++++++--- 2 files changed, 43 insertions(+), 3 deletions(-) create mode 100644 image-builder/Dockerfile diff --git a/image-builder/Dockerfile b/image-builder/Dockerfile new file mode 100644 index 000000000..68a0fda9a --- /dev/null +++ b/image-builder/Dockerfile @@ -0,0 +1,3 @@ +From fedora:latest + +RUN dnf install -y qemu-img parted gdisk e2fsprogs diff --git a/image-builder/image_builder.sh b/image-builder/image_builder.sh index 68d6187e6..12db51a01 100755 --- a/image-builder/image_builder.sh +++ b/image-builder/image_builder.sh @@ -5,6 +5,10 @@ # SPDX-License-Identifier: Apache-2.0 set -e + +script_name="${0##*/}" +script_dir="$(dirname $(readlink -f $0))" + if [ -n "$DEBUG" ] ; then set -x fi @@ -46,7 +50,9 @@ Options: -s Image size in MB (default $IMG_SIZE) ENV: IMG_SIZE Extra environment variables: - AGENT_BIN: use it to change the expected agent binary name" + AGENT_BIN: use it to change the expected agent binary name" + USE_DOCKER: If set will build image in a Docker Container (requries docker) + DEFAULT: not set EOT exit "${error}" } @@ -64,14 +70,45 @@ shift $(( $OPTIND - 1 )) ROOTFS="$1" + [ -n "${ROOTFS}" ] || usage [ -d "${ROOTFS}" ] || die "${ROOTFS} is not a directory" + +ROOTFS=$(readlink -f ${ROOTFS}) +IMAGE_DIR=$(dirname ${IMAGE}) +IMAGE_DIR=$(readlink -f ${IMAGE_DIR}) +IMAGE_NAME=$(basename ${IMAGE}) + +if [ -n "${USE_DOCKER}" ] ; then + image_name="image-builder-osbuilder" + + docker build \ + --build-arg http_proxy="${http_proxy}" \ + --build-arg https_proxy="${https_proxy}" \ + -t "${image_name}" "${script_dir}" + + #Make sure we use a compatible runtime to build rootfs + # In case Clear Containers Runtime is installed we dont want to hit issue: + #https://github.com/clearcontainers/runtime/issues/828 + docker run \ + --runtime runc \ + --privileged \ + --env IMG_SIZE="${IMG_SIZE}" \ + -v /dev:/dev \ + -v "${script_dir}":"/osbuilder" \ + -v "${ROOTFS}":"/rootfs" \ + -v "${IMAGE_DIR}":"/image" \ + ${image_name} \ + bash "/osbuilder/${script_name}" -o "/image/${IMAGE_NAME}" /rootfs + + exit $? +fi # The kata rootfs image expect init and kata-agent to be installed -init="${ROOTFS_DIR}/sbin/init" +init="${ROOTFS}/sbin/init" [ -x "${init}" ] || [ -L ${init} ] || die "/sbin/init is not installed in ${ROOTFS_DIR}" OK "init is installed" [ -x "${ROOTFS}/bin/${AGENT_BIN}" ] || \ - die "/bin/${AGENT_BIN} is not installed in ${ROOTFS_DIR} + die "/bin/${AGENT_BIN} is not installed in ${ROOTFS} use AGENT_BIN env variable to change the expected agent binary name" OK "Agent installed" [ "$(id -u)" -eq 0 ] || die "$0: must be run as root" From 525ae6aee7d79f980c661f1abb10ac5c5a8b54a5 Mon Sep 17 00:00:00 2001 From: Harshal Patil Date: Thu, 18 Jan 2018 15:45:07 +0530 Subject: [PATCH 023/307] scripts: Arch dependant repo url for fedora Changed rootfs-builder/fedora/rootfs_lib.sh to select repo URL based on arch. Fixes #21. Signed-off-by: Harshal Patil --- rootfs-builder/fedora/Dockerfile | 2 +- rootfs-builder/fedora/rootfs_lib.sh | 10 ++-------- 2 files changed, 3 insertions(+), 9 deletions(-) diff --git a/rootfs-builder/fedora/Dockerfile b/rootfs-builder/fedora/Dockerfile index fe52e95af..9ccf10412 100644 --- a/rootfs-builder/fedora/Dockerfile +++ b/rootfs-builder/fedora/Dockerfile @@ -1,3 +1,3 @@ From fedora:27 -RUN dnf -y update && dnf install -y git golang systemd pkgconfig +RUN dnf -y update && dnf install -y git golang redhat-release systemd pkgconfig diff --git a/rootfs-builder/fedora/rootfs_lib.sh b/rootfs-builder/fedora/rootfs_lib.sh index 4eb7533b7..e2660f4de 100755 --- a/rootfs-builder/fedora/rootfs_lib.sh +++ b/rootfs-builder/fedora/rootfs_lib.sh @@ -28,9 +28,9 @@ installonly_limit=3 reposdir=/root/mash [kata] -name=fedora +name=Fedora \$releasever - \$basearch failovermethod=priority -baseurl=${REPO_URL} +metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-\$releasever&arch=\$basearch enabled=1 gpgcheck=0 EOF @@ -41,10 +41,6 @@ build_rootfs() # Mandatory local ROOTFS_DIR=$1 - #In case rootfs is created usig repositories allow user to modify - # the default URL - local REPO_URL=${REPO_URL:-http://mirror.math.princeton.edu/pub/fedora/linux/releases/$OS_VERSION/Everything/x86_64/os/} - # In case of support EXTRA packages, use it to allow # users add more packages to the base rootfs local EXTRA_PKGS=${EXTRA_PKGS:-""} @@ -70,8 +66,6 @@ build_rootfs() die "neither yum nor dnf is installed" fi - info "Using : ${PKG_MANAGER} to pull packages from ${REPO_URL}" - DNF="${PKG_MANAGER} --config=$DNF_CONF -y --installroot=${ROOTFS_DIR} --noplugins" $DNF install ${EXTRA_PKGS} ${PACKAGES} From b946770c7476beb592c7efc274491a9abdd212a9 Mon Sep 17 00:00:00 2001 From: Jose Carlos Venegas Munoz Date: Mon, 22 Jan 2018 11:08:59 -0600 Subject: [PATCH 024/307] test: Fix tests - run test for all distros Not all the distros were executed due to typo Signed-off-by: Jose Carlos Venegas Munoz --- tests/image_creation.bats | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/image_creation.bats b/tests/image_creation.bats index b6e38104a..0261fd993 100644 --- a/tests/image_creation.bats +++ b/tests/image_creation.bats @@ -28,7 +28,7 @@ function build_image() distro="$1" [ -n "$distro" ] local rootfs="${tmp_dir}/rootfs-osbuilder" - sudo -E ${rootfs_sh} -r "${rootfs}" fedora + sudo -E ${rootfs_sh} -r "${rootfs}" "${distro}" sudo ${image_builder_sh} -s ${image_size} -o "${tmp_dir}/image.img" "${rootfs}" } From a617dd892ab43f028f6ca3ba2cc0a63511b4c17e Mon Sep 17 00:00:00 2001 From: Jose Carlos Venegas Munoz Date: Mon, 22 Jan 2018 13:18:15 -0600 Subject: [PATCH 025/307] dockerfiles: Add golang to centos anda euleros Signed-off-by: Jose Carlos Venegas Munoz --- rootfs-builder/centos/Dockerfile | 6 ++++++ rootfs-builder/euleros/Dockerfile | 6 ++++++ 2 files changed, 12 insertions(+) diff --git a/rootfs-builder/centos/Dockerfile b/rootfs-builder/centos/Dockerfile index fc96ef0a7..229f7a9c2 100644 --- a/rootfs-builder/centos/Dockerfile +++ b/rootfs-builder/centos/Dockerfile @@ -1 +1,7 @@ FROM centos:7 + +ADD https://storage.googleapis.com/golang/go1.9.2.linux-amd64.tar.gz /tmp +RUN tar -C /usr/ -xzf /tmp/go1.9.2.linux-amd64.tar.gz +RUN yum install -y make +ENV GOROOT=/usr/go +ENV PATH=$PATH:$GOROOT/bin:$GOPATH/bin diff --git a/rootfs-builder/euleros/Dockerfile b/rootfs-builder/euleros/Dockerfile index e6250b277..7c5a3c2c8 100644 --- a/rootfs-builder/euleros/Dockerfile +++ b/rootfs-builder/euleros/Dockerfile @@ -1 +1,7 @@ FROM euleros:2.2 + +ADD https://storage.googleapis.com/golang/go1.9.2.linux-amd64.tar.gz /tmp +RUN tar -C /usr/ -xzf /tmp/go1.9.2.linux-amd64.tar.gz +RUN yum install -y make +ENV GOROOT=/usr/go +ENV PATH=$PATH:$GOROOT/bin:$GOPATH/bin From 6dcaef7cf890f0207688893bf3a2fecac43e7721 Mon Sep 17 00:00:00 2001 From: Jose Carlos Venegas Munoz Date: Mon, 22 Jan 2018 13:19:28 -0600 Subject: [PATCH 026/307] fedora: use OS_VERSION instead of host version Use OS_VERSION provided by user configuration and not use host version. Also add retries before fail on a request. Signed-off-by: Jose Carlos Venegas Munoz --- rootfs-builder/fedora/rootfs_lib.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/rootfs-builder/fedora/rootfs_lib.sh b/rootfs-builder/fedora/rootfs_lib.sh index e2660f4de..b3098d47b 100755 --- a/rootfs-builder/fedora/rootfs_lib.sh +++ b/rootfs-builder/fedora/rootfs_lib.sh @@ -26,11 +26,12 @@ installonly_limit=3 #Dont use the default dnf reposdir #this will prevent to use host repositories reposdir=/root/mash +retries=5 [kata] -name=Fedora \$releasever - \$basearch +name=Fedora ${OS_VERSION} - \$basearch failovermethod=priority -metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-\$releasever&arch=\$basearch +metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-${OS_VERSION}&arch=\$basearch enabled=1 gpgcheck=0 EOF From 1ca1b71f9cf128e45188e69088dd26731565cd4f Mon Sep 17 00:00:00 2001 From: "James O. D. Hunt" Date: Mon, 22 Jan 2018 15:41:20 +0000 Subject: [PATCH 027/307] docs: Fix image builder instructions. The `image_builder.sh` script must be run as `root`. Fixes #36. Signed-off-by: James O. D. Hunt --- image-builder/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/image-builder/README.md b/image-builder/README.md index af0b0f941..21bb9c24b 100644 --- a/image-builder/README.md +++ b/image-builder/README.md @@ -11,7 +11,7 @@ This uses a rootfs directory created by the `rootfs-builder/rootfs.sh` script. To create a guest OS image run: ``` -$ ./image_builder.sh path/to/rootfs +$ sudo ./image_builder.sh path/to/rootfs ``` Where `path/to/rootfs` is the directory populated by `rootfs.sh`. From 30b47ddea1b9eb5da0e95ea1b30670ea4b221adf Mon Sep 17 00:00:00 2001 From: "James O. D. Hunt" Date: Wed, 24 Jan 2018 12:11:48 +0000 Subject: [PATCH 028/307] CI: Require doc team signoff for doc changes Require an additional approval from a `documentation` team member for PRs containing documentation changes. Fixes #41. Signed-off-by: James O. D. Hunt --- .pullapprove.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/.pullapprove.yml b/.pullapprove.yml index 56aa0126c..014b3cb6b 100644 --- a/.pullapprove.yml +++ b/.pullapprove.yml @@ -30,3 +30,14 @@ groups: required: 2 teams: - builder + + documentation: + required: 1 + teams: + - documentation + conditions: + files: + include: + - "*.md" + exclude: + - "vendor/*" From 612754fd2044fa0af8a958f5aea9b3b1f202c2ae Mon Sep 17 00:00:00 2001 From: Jose Carlos Venegas Munoz Date: Tue, 23 Jan 2018 11:42:08 -0600 Subject: [PATCH 029/307] rootfs: Add support to create dockerfiles based on templates To simplify maintaince, create dockerfiles based on templates. This way when golang version is updated it will be done in one place versions.txt. This also allow to allways intall the same version of golang in any dockerfile. Signed-off-by: Jose Carlos Venegas Munoz --- rootfs-builder/.gitignore | 1 + rootfs-builder/centos/Dockerfile | 7 ------ rootfs-builder/centos/Dockerfile.in | 6 +++++ rootfs-builder/clearlinux/Dockerfile | 3 --- rootfs-builder/clearlinux/Dockerfile.in | 6 +++++ rootfs-builder/euleros/Dockerfile | 7 ------ rootfs-builder/euleros/Dockerfile.in | 5 ++++ rootfs-builder/euleros/config.sh | 2 +- rootfs-builder/euleros/rootfs_lib.sh | 4 +-- rootfs-builder/fedora/Dockerfile | 3 --- rootfs-builder/fedora/Dockerfile.in | 6 +++++ rootfs-builder/rootfs.sh | 27 +++++++++++++++++++++ rootfs-builder/template/Dockerfile.template | 11 +++++++++ rootfs-builder/template/Makefile | 5 ++++ rootfs-builder/versions.txt | 1 + tests/image_creation.bats | 4 +++ 16 files changed, 75 insertions(+), 23 deletions(-) create mode 100644 rootfs-builder/.gitignore delete mode 100644 rootfs-builder/centos/Dockerfile create mode 100644 rootfs-builder/centos/Dockerfile.in delete mode 100644 rootfs-builder/clearlinux/Dockerfile create mode 100644 rootfs-builder/clearlinux/Dockerfile.in delete mode 100644 rootfs-builder/euleros/Dockerfile create mode 100644 rootfs-builder/euleros/Dockerfile.in delete mode 100644 rootfs-builder/fedora/Dockerfile create mode 100644 rootfs-builder/fedora/Dockerfile.in create mode 100644 rootfs-builder/template/Dockerfile.template create mode 100644 rootfs-builder/versions.txt diff --git a/rootfs-builder/.gitignore b/rootfs-builder/.gitignore new file mode 100644 index 000000000..94143827e --- /dev/null +++ b/rootfs-builder/.gitignore @@ -0,0 +1 @@ +Dockerfile diff --git a/rootfs-builder/centos/Dockerfile b/rootfs-builder/centos/Dockerfile deleted file mode 100644 index 229f7a9c2..000000000 --- a/rootfs-builder/centos/Dockerfile +++ /dev/null @@ -1,7 +0,0 @@ -FROM centos:7 - -ADD https://storage.googleapis.com/golang/go1.9.2.linux-amd64.tar.gz /tmp -RUN tar -C /usr/ -xzf /tmp/go1.9.2.linux-amd64.tar.gz -RUN yum install -y make -ENV GOROOT=/usr/go -ENV PATH=$PATH:$GOROOT/bin:$GOPATH/bin diff --git a/rootfs-builder/centos/Dockerfile.in b/rootfs-builder/centos/Dockerfile.in new file mode 100644 index 000000000..d16466d46 --- /dev/null +++ b/rootfs-builder/centos/Dockerfile.in @@ -0,0 +1,6 @@ +From centos:@OS_VERSION@ + +RUN yum -y update && yum install -y git make gcc + +# This will install the proper golang to build Kata components +@INSTALL_GO@ diff --git a/rootfs-builder/clearlinux/Dockerfile b/rootfs-builder/clearlinux/Dockerfile deleted file mode 100644 index fe52e95af..000000000 --- a/rootfs-builder/clearlinux/Dockerfile +++ /dev/null @@ -1,3 +0,0 @@ -From fedora:27 - -RUN dnf -y update && dnf install -y git golang systemd pkgconfig diff --git a/rootfs-builder/clearlinux/Dockerfile.in b/rootfs-builder/clearlinux/Dockerfile.in new file mode 100644 index 000000000..69c0b2bad --- /dev/null +++ b/rootfs-builder/clearlinux/Dockerfile.in @@ -0,0 +1,6 @@ +From fedora:27 + +RUN dnf -y update && dnf install -y git systemd pkgconfig gcc + +# This will install the proper golang to build Kata components +@INSTALL_GO@ diff --git a/rootfs-builder/euleros/Dockerfile b/rootfs-builder/euleros/Dockerfile deleted file mode 100644 index 7c5a3c2c8..000000000 --- a/rootfs-builder/euleros/Dockerfile +++ /dev/null @@ -1,7 +0,0 @@ -FROM euleros:2.2 - -ADD https://storage.googleapis.com/golang/go1.9.2.linux-amd64.tar.gz /tmp -RUN tar -C /usr/ -xzf /tmp/go1.9.2.linux-amd64.tar.gz -RUN yum install -y make -ENV GOROOT=/usr/go -ENV PATH=$PATH:$GOROOT/bin:$GOPATH/bin diff --git a/rootfs-builder/euleros/Dockerfile.in b/rootfs-builder/euleros/Dockerfile.in new file mode 100644 index 000000000..5378c6594 --- /dev/null +++ b/rootfs-builder/euleros/Dockerfile.in @@ -0,0 +1,5 @@ +FROM euleros:@OS_VERSION@ + +RUN yum -y update && yum install -y yum git make gcc +# This will install the proper golang to build Kata components +@INSTALL_GO@ diff --git a/rootfs-builder/euleros/config.sh b/rootfs-builder/euleros/config.sh index 86c0322b2..e3c627bfc 100644 --- a/rootfs-builder/euleros/config.sh +++ b/rootfs-builder/euleros/config.sh @@ -6,7 +6,7 @@ # Remove them or add more # EulerOS Version -OS_VERSION=${OS_VERSION:-2} +OS_VERSION=${OS_VERSION:-2.2} #Mandatory Packages that must be installed # systemd: An init system that will start kata-agent diff --git a/rootfs-builder/euleros/rootfs_lib.sh b/rootfs-builder/euleros/rootfs_lib.sh index 0b4ac19d7..62297a58f 100644 --- a/rootfs-builder/euleros/rootfs_lib.sh +++ b/rootfs-builder/euleros/rootfs_lib.sh @@ -27,8 +27,8 @@ logfile=/var/log/yum-euleros.log exactarch=1 [Base] -name=EulerOS-2.2 Base -baseurl=http://developer.huawei.com/ict/site-euleros/euleros/repo/yum/2.2/os/x86_64/ +name=EulerOS-${OS_VERSION} Base +baseurl=http://developer.huawei.com/ict/site-euleros/euleros/repo/yum/${OS_VERSION}/os/x86_64/ enabled=1 gpgcheck=1 gpgkey=file://${CONFIG_DIR}/RPM-GPG-KEY-EulerOS diff --git a/rootfs-builder/fedora/Dockerfile b/rootfs-builder/fedora/Dockerfile deleted file mode 100644 index 9ccf10412..000000000 --- a/rootfs-builder/fedora/Dockerfile +++ /dev/null @@ -1,3 +0,0 @@ -From fedora:27 - -RUN dnf -y update && dnf install -y git golang redhat-release systemd pkgconfig diff --git a/rootfs-builder/fedora/Dockerfile.in b/rootfs-builder/fedora/Dockerfile.in new file mode 100644 index 000000000..f98f36117 --- /dev/null +++ b/rootfs-builder/fedora/Dockerfile.in @@ -0,0 +1,6 @@ +From fedora:@OS_VERSION@ + +RUN dnf -y update && dnf install -y git redhat-release systemd pkgconfig gcc + +# This will install the proper golang to build Kata components +@INSTALL_GO@ diff --git a/rootfs-builder/rootfs.sh b/rootfs-builder/rootfs.sh index be5312865..b8ab4473c 100755 --- a/rootfs-builder/rootfs.sh +++ b/rootfs-builder/rootfs.sh @@ -12,6 +12,9 @@ ROOTFS_DIR=${ROOTFS_DIR:-${PWD}/rootfs} AGENT_VERSION=${AGENT_VERSION:-master} GO_AGENT_PKG=${GO_AGENT_PKG:-github.com/kata-containers/agent} AGENT_BIN=${AGENT_BIN:-kata-agent} +#Load default vesions for golang and other componets +source "${script_dir}/versions.txt" + # Name of file that will implement build_rootfs typeset -r LIB_SH="rootfs_lib.sh" @@ -79,6 +82,29 @@ check_function_exist() { [ "$(type -t ${function_name})" == "function" ] || die "${function_name} function was not defined" } +generate_dockerfile() { + dir="$1" + + readonly install_go=" +ADD https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz /tmp +RUN tar -C /usr/ -xzf /tmp/go${GO_VERSION}.linux-amd64.tar.gz +ENV GOROOT=/usr/go +ENV PATH=\$PATH:\$GOROOT/bin:\$GOPATH/bin +" + + readonly dockerfile_template="Dockerfile.in" + [ -d "${dir}" ] || die "${dir}: not a directory" + pushd ${dir} + [ -f "${dockerfile_template}" ] || die "${dockerfile_template}: file not found" + set -x + sed \ + -e "s|@OS_VERSION@|${OS_VERSION}|g" \ + -e "s|@INSTALL_GO@|${install_go//$'\n'/\\n}|g" \ + ${dockerfile_template} > Dockerfile + set +x + popd +} + while getopts c:hr: opt do @@ -110,6 +136,7 @@ check_function_exist "build_rootfs" if [ -n "${USE_DOCKER}" ] ; then image_name="${distro}-rootfs-osbuilder" + generate_dockerfile "${distro_config_dir}" docker build \ --build-arg http_proxy="${http_proxy}" \ --build-arg https_proxy="${https_proxy}" \ diff --git a/rootfs-builder/template/Dockerfile.template b/rootfs-builder/template/Dockerfile.template new file mode 100644 index 000000000..87c9b9fda --- /dev/null +++ b/rootfs-builder/template/Dockerfile.template @@ -0,0 +1,11 @@ +#@distro@: docker image to be used to create a rootfs +#@OS_VERSION@: Docker image version to build this dockerfile +from @distro@:@OS_VERSION@ + +# This dockerfile needs to provide all the componets need to build a rootfs +# Install any package need to create a rootfs (package manager, extra tools) + +# RUN commands + +# This will install the proper golang to build Kata components +@INSTALL_GO@ diff --git a/rootfs-builder/template/Makefile b/rootfs-builder/template/Makefile index 66e04e323..4315f6da2 100644 --- a/rootfs-builder/template/Makefile +++ b/rootfs-builder/template/Makefile @@ -13,3 +13,8 @@ endif mkdir -p $(DESTDIR) cp "$(MK_DIR)/rootfs_lib_template.sh" "$(DESTDIR)/rootfs_lib.sh" cp "$(MK_DIR)/config_template.sh" "$(DESTDIR)/config.sh" + sed \ + -e "s|@distro@|$(ROOTFS_BASE_NAME)|g" \ + Dockerfile.template > $(DESTDIR)/Dockerfile.in + + diff --git a/rootfs-builder/versions.txt b/rootfs-builder/versions.txt new file mode 100644 index 000000000..07aa19021 --- /dev/null +++ b/rootfs-builder/versions.txt @@ -0,0 +1 @@ +GO_VERSION=1.9.2 diff --git a/tests/image_creation.bats b/tests/image_creation.bats index 0261fd993..e018ea15a 100644 --- a/tests/image_creation.bats +++ b/tests/image_creation.bats @@ -45,5 +45,9 @@ function build_image() } @test "Can create euleros image" { + if [ "$TRAVIS" = true ] + then + skip "travis timout, see: https://github.com/kata-containers/osbuilder/issues/46" + fi build_image euleros } From 45d4e5fb625f877c237898b89ce9929b72e9acb0 Mon Sep 17 00:00:00 2001 From: Jose Carlos Venegas Munoz Date: Fri, 26 Jan 2018 11:04:57 -0600 Subject: [PATCH 030/307] travis: Wait more than 10 min Use travis configuration to wait more than 10 min Signed-off-by: Jose Carlos Venegas Munoz --- .travis.yml | 2 +- rootfs-builder/rootfs.sh | 2 -- tests/image_creation.bats | 4 ---- 3 files changed, 1 insertion(+), 7 deletions(-) diff --git a/.travis.yml b/.travis.yml index b81698ebe..303d4c4a6 100644 --- a/.travis.yml +++ b/.travis.yml @@ -16,4 +16,4 @@ before_script: - ".ci/setup.sh" script: -- ".ci/run.sh" +- "travis_wait .ci/run.sh" diff --git a/rootfs-builder/rootfs.sh b/rootfs-builder/rootfs.sh index b8ab4473c..0175d7294 100755 --- a/rootfs-builder/rootfs.sh +++ b/rootfs-builder/rootfs.sh @@ -96,12 +96,10 @@ ENV PATH=\$PATH:\$GOROOT/bin:\$GOPATH/bin [ -d "${dir}" ] || die "${dir}: not a directory" pushd ${dir} [ -f "${dockerfile_template}" ] || die "${dockerfile_template}: file not found" - set -x sed \ -e "s|@OS_VERSION@|${OS_VERSION}|g" \ -e "s|@INSTALL_GO@|${install_go//$'\n'/\\n}|g" \ ${dockerfile_template} > Dockerfile - set +x popd } diff --git a/tests/image_creation.bats b/tests/image_creation.bats index e018ea15a..0261fd993 100644 --- a/tests/image_creation.bats +++ b/tests/image_creation.bats @@ -45,9 +45,5 @@ function build_image() } @test "Can create euleros image" { - if [ "$TRAVIS" = true ] - then - skip "travis timout, see: https://github.com/kata-containers/osbuilder/issues/46" - fi build_image euleros } From 895aad108e3c131189d4f6c80fcab2355e217edf Mon Sep 17 00:00:00 2001 From: "James O. D. Hunt" Date: Tue, 23 Jan 2018 14:48:25 +0000 Subject: [PATCH 031/307] CI: Enable checkcommits Require all PRs to contain a "Fixes #XXX" comment and a "Signed-off-by:" comment by running the central static checks script. Note that the static checks script will detect if the repository contains golang code and only run those checks if it does. Fixes #12. Signed-off-by: James O. D. Hunt --- .ci/lib.sh | 25 +++++++++++++++++++++++++ .ci/setup.sh | 3 +++ .ci/static-checks.sh | 12 ++++++++++++ 3 files changed, 40 insertions(+) create mode 100644 .ci/lib.sh create mode 100755 .ci/static-checks.sh diff --git a/.ci/lib.sh b/.ci/lib.sh new file mode 100644 index 000000000..a3f163026 --- /dev/null +++ b/.ci/lib.sh @@ -0,0 +1,25 @@ +# +# Copyright (c) 2018 Intel Corporation +# +# SPDX-License-Identifier: Apache-2.0 + +export tests_repo="github.com/kata-containers/tests" +export tests_repo_dir="$GOPATH/src/$tests_repo" + +clone_tests_repo() +{ + # KATA_CI_NO_NETWORK is (has to be) ignored if there is + # no existing clone. + if [ -d "$tests_repo_dir" -a -n "$KATA_CI_NO_NETWORK" ] + then + return + fi + + go get -d -u "$tests_repo" || true +} + +run_static_checks() +{ + clone_tests_repo + bash "$tests_repo_dir/.ci/static-checks.sh" +} diff --git a/.ci/setup.sh b/.ci/setup.sh index ec9b2fd97..43b886837 100755 --- a/.ci/setup.sh +++ b/.ci/setup.sh @@ -5,6 +5,9 @@ # SPDX-License-Identifier: Apache-2.0 # +cidir=$(dirname "$0") +bash "${cidir}/static-checks.sh" + #Note: If add clearlinux as supported CI use a stateless os-release file source /etc/os-release diff --git a/.ci/static-checks.sh b/.ci/static-checks.sh new file mode 100755 index 000000000..cfadeaf8a --- /dev/null +++ b/.ci/static-checks.sh @@ -0,0 +1,12 @@ +#!/bin/bash +# +# Copyright (c) 2018 Intel Corporation +# +# SPDX-License-Identifier: Apache-2.0 + +set -e + +cidir=$(dirname "$0") +source "${cidir}/lib.sh" + +run_static_checks From 3e48c306c403ef839f42f860882a8cc065f73355 Mon Sep 17 00:00:00 2001 From: Yash Jain Date: Tue, 30 Jan 2018 22:01:48 +0530 Subject: [PATCH 032/307] Docs : Add minimal contribution guidelines Fixes : #50 See : kata-containers/community#5 Signed-off-by: Yash Jain --- CONTRIBUTING.md | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 CONTRIBUTING.md diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 000000000..8a3af744a --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,5 @@ +# Contributing + +## This repo is part of [Kata Containers](https://katacontainers.io) + +For details on how to contribute to the Kata Containers project, please see the main [contributing document](https://github.com/kata-containers/community/blob/master/CONTRIBUTING.md). \ No newline at end of file From 94e7b1da4f8b469a2cf5f21ff4cdf98e11fa96a0 Mon Sep 17 00:00:00 2001 From: Peng Tao Date: Tue, 30 Jan 2018 17:05:56 +0800 Subject: [PATCH 033/307] rootfs: allow to use agent as init process Add AGENT_INIT env to make it configurable. Signed-off-by: Peng Tao --- Makefile | 5 ++++- image-builder/image_builder.sh | 6 ++++-- rootfs-builder/rootfs.sh | 31 ++++++++++++++++++++++++------- 3 files changed, 32 insertions(+), 10 deletions(-) diff --git a/Makefile b/Makefile index 7637ea779..f042d5258 100644 --- a/Makefile +++ b/Makefile @@ -8,9 +8,12 @@ MK_DIR :=$(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) DISTRO ?= centos DISTRO_ROOTFS := "$(PWD)/$(DISTRO)_rootfs" IMG_SIZE=500 +AGENT_INIT ?= no -image: +rootfs: @echo Creating rootfs based on "$(DISTRO)" "$(MK_DIR)/rootfs-builder/rootfs.sh" -r "$(DISTRO_ROOTFS)" "$(DISTRO)" + +image: rootfs @echo Creating image based on "$(DISTRO_ROOTFS)" AGENT_BIN="$(AGENT_BIN)" "$(MK_DIR)/image-builder/image_builder.sh" -s "$(IMG_SIZE)" "$(DISTRO_ROOTFS)" diff --git a/image-builder/image_builder.sh b/image-builder/image_builder.sh index 12db51a01..60982650a 100755 --- a/image-builder/image_builder.sh +++ b/image-builder/image_builder.sh @@ -16,6 +16,7 @@ fi SCRIPT_NAME="${0##*/}" IMAGE="${IMAGE:-kata-containers.img}" AGENT_BIN=${AGENT_BIN:-kata-agent} +AGENT_INIT=${AGENT_INIT:-no} die() { @@ -50,7 +51,8 @@ Options: -s Image size in MB (default $IMG_SIZE) ENV: IMG_SIZE Extra environment variables: - AGENT_BIN: use it to change the expected agent binary name" + AGENT_BIN: use it to change the expected agent binary name + AGENT_INIT: use kata agent as init process USE_DOCKER: If set will build image in a Docker Container (requries docker) DEFAULT: not set EOT @@ -107,7 +109,7 @@ fi init="${ROOTFS}/sbin/init" [ -x "${init}" ] || [ -L ${init} ] || die "/sbin/init is not installed in ${ROOTFS_DIR}" OK "init is installed" -[ -x "${ROOTFS}/bin/${AGENT_BIN}" ] || \ +[ "${AGENT_INIT}" == "yes" ] || [ -x "${ROOTFS}/bin/${AGENT_BIN}" ] || \ die "/bin/${AGENT_BIN} is not installed in ${ROOTFS} use AGENT_BIN env variable to change the expected agent binary name" OK "Agent installed" diff --git a/rootfs-builder/rootfs.sh b/rootfs-builder/rootfs.sh index 0175d7294..0490c069b 100755 --- a/rootfs-builder/rootfs.sh +++ b/rootfs-builder/rootfs.sh @@ -12,6 +12,8 @@ ROOTFS_DIR=${ROOTFS_DIR:-${PWD}/rootfs} AGENT_VERSION=${AGENT_VERSION:-master} GO_AGENT_PKG=${GO_AGENT_PKG:-github.com/kata-containers/agent} AGENT_BIN=${AGENT_BIN:-kata-agent} +AGENT_INIT=${AGENT_INIT:-no} + #Load default vesions for golang and other componets source "${script_dir}/versions.txt" @@ -46,6 +48,8 @@ GO_AGENT_PKG: Change the golang package url to get the agent source code AGENT_BIN : Name of the agent binary (needed to check if agent is installed) USE_DOCKER: If set will build rootfs in a Docker Container (requries docker) DEFAULT: not set +AGENT_INIT : Use $(AGENT_BIN) as init process. + DEFAULT: no EOT exit "${error}" } @@ -103,6 +107,14 @@ ENV PATH=\$PATH:\$GOROOT/bin:\$GOPATH/bin popd } +setup_agent_init() { + agent_bin="$1" + init_bin="$2" + info "Install $agent_bin as init process" + mv -f "${agent_bin}" ${init_bin} + OK "Agent is installed as init process" +} + while getopts c:hr: opt do @@ -117,7 +129,10 @@ shift $(($OPTIND - 1)) [ -z "$GOPATH" ] && die "GOPATH not set" +[ "$AGENT_INIT" == "yes" -o "$AGENT_INIT" == "no" ] || die "AGENT_INIT($AGENT_INIT) is invalid (must be yes or no)" + distro="$1" +init="${ROOTFS_DIR}/sbin/init" [ -n "${distro}" ] || usage 1 distro_config_dir="${script_dir}/${distro}" @@ -151,6 +166,7 @@ if [ -n "${USE_DOCKER}" ] ; then --env ROOTFS_DIR="/rootfs" \ --env GO_AGENT_PKG="${GO_AGENT_PKG}" \ --env AGENT_BIN="${AGENT_BIN}" \ + --env AGENT_INIT="${AGENT_INIT}" \ --env GOPATH="${GOPATH}" \ -v "${script_dir}":"/osbuilder" \ -v "${ROOTFS_DIR}":"/rootfs" \ @@ -164,19 +180,20 @@ fi mkdir -p ${ROOTFS_DIR} build_rootfs ${ROOTFS_DIR} -info "Check init is installed" -init="${ROOTFS_DIR}/sbin/init" -[ -x "${init}" ] || [ -L ${init} ] || die "/sbin/init is not installed in ${ROOTFS_DIR}" -OK "init is installed" - info "Pull Agent source code" go get -d "${GO_AGENT_PKG}" || true OK "Pull Agent source code" info "Build agent" pushd "${GOPATH}/src/${GO_AGENT_PKG}" -make INIT=no -make install DESTDIR="${ROOTFS_DIR}" INIT=no +make INIT=${AGENT_INIT} +make install DESTDIR="${ROOTFS_DIR}" INIT=${AGENT_INIT} popd [ -x "${ROOTFS_DIR}/bin/${AGENT_BIN}" ] || die "/bin/${AGENT_BIN} is not installed in ${ROOTFS_DIR}" OK "Agent installed" + +[ "${AGENT_INIT}" == "yes" ] && setup_agent_init "${ROOTFS_DIR}/bin/${AGENT_BIN}" "${init}" + +info "Check init is installed" +[ -x "${init}" ] || [ -L ${init} ] || die "/sbin/init is not installed in ${ROOTFS_DIR}" +OK "init is installed" From 33c48db75878c4842814a0bd3d73749dc4ef2077 Mon Sep 17 00:00:00 2001 From: Liang Chenye Date: Thu, 1 Feb 2018 18:46:42 +0800 Subject: [PATCH 034/307] add travis build status to README.md Fixes:#54. Signed-off-by: Liang Chenye --- README.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index f905cf228..886c99aa8 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,4 @@ -* [Overview](#overview) -* [Terms](#terms) - -# Overview +# osbuilder [![Build Status](https://travis-ci.org/kata-containers/osbuilder.svg?branch=master)](https://travis-ci.org/kata-containers/osbuilder) The Kata Containers runtime creates a virtual machine (VM) to isolate a set of container workloads. The VM requires a guest kernel and a guest operating system @@ -10,7 +7,10 @@ environment. This repository contains tools to create a guest OS disk image. -# Terms +## Table of Contents +* [Terms](#terms) + +## Terms This section describes the terms used for all documentation in this repository. From 97c7e4b7bfa151a0439943d0229b416ff76161c6 Mon Sep 17 00:00:00 2001 From: Peng Tao Date: Tue, 30 Jan 2018 17:16:54 +0800 Subject: [PATCH 035/307] config.sh: do not install systemd if agent is init When agent is used as init process, there is no need to install systemd. Signed-off-by: Peng Tao --- rootfs-builder/centos/config.sh | 9 ++++++--- rootfs-builder/clearlinux/config.sh | 3 ++- rootfs-builder/euleros/config.sh | 9 ++++++--- rootfs-builder/fedora/config.sh | 3 ++- 4 files changed, 16 insertions(+), 8 deletions(-) diff --git a/rootfs-builder/centos/config.sh b/rootfs-builder/centos/config.sh index 8c5cf749c..5a1ba4ef2 100644 --- a/rootfs-builder/centos/config.sh +++ b/rootfs-builder/centos/config.sh @@ -9,7 +9,10 @@ OS_VERSION=${OS_VERSION:-7} #Mandatory Packages that must be installed -# systemd: An init system that will start kata-agent # iptables: Need by Kata agent -# udevlib.so: Need by Kata agent -PACKAGES="systemd iptables" +PACKAGES="iptables" + +#Optional packages: +# systemd: An init system that will start kata-agent if kata-agent +# itself is not configured as init process. +[ "$AGENT_INIT" == "no" ] && PACKAGES+=" systemd" || true diff --git a/rootfs-builder/clearlinux/config.sh b/rootfs-builder/clearlinux/config.sh index 4401ce249..5872a3648 100644 --- a/rootfs-builder/clearlinux/config.sh +++ b/rootfs-builder/clearlinux/config.sh @@ -5,4 +5,5 @@ #Use "latest" to always pull the last Clear Linux Release OS_VERSION=${OS_VERSION:-latest} -PACKAGES="systemd iptables-bin libudev0-shim" +PACKAGES="iptables-bin libudev0-shim" +[ "$AGENT_INIT" == "no" ] && PACKAGES+=" systemd" || true diff --git a/rootfs-builder/euleros/config.sh b/rootfs-builder/euleros/config.sh index e3c627bfc..7785bb313 100644 --- a/rootfs-builder/euleros/config.sh +++ b/rootfs-builder/euleros/config.sh @@ -9,7 +9,10 @@ OS_VERSION=${OS_VERSION:-2.2} #Mandatory Packages that must be installed -# systemd: An init system that will start kata-agent # iptables: Need by Kata agent -# udevlib.so: Need by Kata agent -PACKAGES="systemd iptables" +PACKAGES="iptables" + +#Optional packages: +# systemd: An init system that will start kata-agent if kata-agent +# itself is not configured as init process. +[ "$AGENT_INIT" == "no" ] && PACKAGES+=" systemd" || true diff --git a/rootfs-builder/fedora/config.sh b/rootfs-builder/fedora/config.sh index 58a51f491..85bbf60a9 100644 --- a/rootfs-builder/fedora/config.sh +++ b/rootfs-builder/fedora/config.sh @@ -5,4 +5,5 @@ #Fedora version to use OS_VERSION=${OS_VERSION:-27} -PACKAGES="systemd iptables" +PACKAGES="iptables" +[ "$AGENT_INIT" == "no" ] && PACKAGES+=" systemd" || true From 82759dac146ad9044e01810517b3250371409e56 Mon Sep 17 00:00:00 2001 From: Peng Tao Date: Tue, 30 Jan 2018 17:51:25 +0800 Subject: [PATCH 036/307] initrd: add script to build kata initrd image Build a kata initrd image based on rootfs created by rootfs.sh. Fixes: #5 Signed-off-by: Peng Tao --- Makefile | 6 +- image-builder/image_builder.sh | 1 + initrd-builder/README.md | 25 ++++++++ initrd-builder/initrd_builder.sh | 101 +++++++++++++++++++++++++++++++ 4 files changed, 132 insertions(+), 1 deletion(-) create mode 100644 initrd-builder/README.md create mode 100755 initrd-builder/initrd_builder.sh diff --git a/Makefile b/Makefile index f042d5258..6f3aaa596 100644 --- a/Makefile +++ b/Makefile @@ -16,4 +16,8 @@ rootfs: image: rootfs @echo Creating image based on "$(DISTRO_ROOTFS)" - AGENT_BIN="$(AGENT_BIN)" "$(MK_DIR)/image-builder/image_builder.sh" -s "$(IMG_SIZE)" "$(DISTRO_ROOTFS)" + "$(MK_DIR)/image-builder/image_builder.sh" -s "$(IMG_SIZE)" "$(DISTRO_ROOTFS)" + +initrd: rootfs + @echo Creating initrd image based on "$(DISTRO_ROOTFS)" + "$(MK_DIR)/initrd-builder/initrd_builder.sh" "$(DISTRO_ROOTFS)" diff --git a/image-builder/image_builder.sh b/image-builder/image_builder.sh index 60982650a..0c435fa66 100755 --- a/image-builder/image_builder.sh +++ b/image-builder/image_builder.sh @@ -96,6 +96,7 @@ if [ -n "${USE_DOCKER}" ] ; then --runtime runc \ --privileged \ --env IMG_SIZE="${IMG_SIZE}" \ + --env AGENT_INIT=${AGENT_INIT} \ -v /dev:/dev \ -v "${script_dir}":"/osbuilder" \ -v "${ROOTFS}":"/rootfs" \ diff --git a/initrd-builder/README.md b/initrd-builder/README.md new file mode 100644 index 000000000..66eee37eb --- /dev/null +++ b/initrd-builder/README.md @@ -0,0 +1,25 @@ +* [Creating a guest OS initrd image](#creating-a-guest-os-initrd-image) +* [Further information](#further-information) + +# Kata Containers initrd image generation + +A Kata Containers initrd image is generated using the `initrd_builder.sh` script. +This script uses a rootfs directory created by the `rootfs-builder/rootfs.sh` script. + +## Creating a guest OS initrd image + +To create a guest OS initrd image run: + +``` +$ sudo ./initrd_builder.sh path/to/rootfs +``` + +The `rootfs.sh` script populates the `path/to/rootfs` directory. + +## Further information + +For more information on how to use the `initrd_builder.sh` script, run: + +``` +$ ./initrd_builder.sh -h +``` diff --git a/initrd-builder/initrd_builder.sh b/initrd-builder/initrd_builder.sh new file mode 100755 index 000000000..fbe435913 --- /dev/null +++ b/initrd-builder/initrd_builder.sh @@ -0,0 +1,101 @@ +#!/bin/bash +# +# Copyright (c) 2018 HyperHQ Inc. +# +# SPDX-License-Identifier: Apache-2.0 + +set -e + +script_name="${0##*/}" +script_dir="$(dirname $(readlink -f $0))" + +if [ -n "$DEBUG" ] ; then + set -x +fi + +SCRIPT_NAME="${0##*/}" +INITRD_IMAGE="${INITRD_IMAGE:-kata-initrd.img}" +AGENT_BIN=${AGENT_BIN:-kata-agent} +AGENT_INIT=${AGENT_INIT:-no} + +die() +{ + local msg="$*" + echo "ERROR: ${msg}" >&2 + exit 1 +} + +OK() +{ + local msg="$*" + echo "[OK] ${msg}" >&2 +} + +info() +{ + local msg="$*" + echo "INFO: ${msg}" +} + +usage() +{ + error="${1:-0}" + cat < + This script creates a Kata Containers initrd image file based on the + directory. + +Options: + -h Show help + -o Set the path where the generated image file is stored. + DEFAULT: the path stored in the environment variable INITRD_IMAGE + +Extra environment variables: + AGENT_BIN: use it to change the expected agent binary name + DEFAULT: kata-agent + AGENT_INIT: use kata agent as init process + DEFAULT: no + USE_DOCKER: If set, the image builds in a Docker Container. Setting + this variable requires Docker. + DEFAULT: not set +EOT +exit "${error}" +} + +while getopts "ho:" opt +do + case "$opt" in + h) usage ;; + o) INITRD_IMAGE="${OPTARG}" ;; + esac +done + +shift $(( $OPTIND - 1 )) + +ROOTFS="$1" + + +[ -n "${ROOTFS}" ] || usage +[ -d "${ROOTFS}" ] || die "${ROOTFS} is not a directory" + +ROOTFS=$(readlink -f ${ROOTFS}) +IMAGE_DIR=$(dirname ${INITRD_IMAGE}) +IMAGE_DIR=$(readlink -f ${IMAGE_DIR}) +IMAGE_NAME=$(basename ${INITRD_IMAGE}) + +# The kata rootfs image expects init to be installed +init="${ROOTFS}/sbin/init" +[ -x "${init}" ] || [ -L ${init} ] || die "/sbin/init is not installed in ${ROOTFS_DIR}" +OK "init is installed" +[ "${AGENT_INIT}" == "yes" ] || [ -x "${ROOTFS}/bin/${AGENT_BIN}" ] || \ + die "/bin/${AGENT_BIN} is not installed in ${ROOTFS} + use AGENT_BIN env variable to change the expected agent binary name" +OK "Agent is installed" + +[ "$(id -u)" -eq 0 ] || die "$0: must be run as root" + +# initramfs expects /init +mv -f ${init} "${ROOTFS}/init" + +info "Creating ${IMAGE_DIR}/${IMAGE_NAME} based on rootfs at ${ROOTFS}" +( cd "${ROOTFS}" && find . | cpio -H newc -o | gzip -9 ) > "${IMAGE_DIR}"/"${IMAGE_NAME}" From 2a2a79aa87b1d32e8231e40b662900dc95decc4e Mon Sep 17 00:00:00 2001 From: Peng Tao Date: Tue, 30 Jan 2018 18:55:55 +0800 Subject: [PATCH 037/307] centos: clean up yum caches after installing packages So that we can get smaller rootfs. Signed-off-by: Peng Tao --- rootfs-builder/centos/rootfs_lib.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/rootfs-builder/centos/rootfs_lib.sh b/rootfs-builder/centos/rootfs_lib.sh index 499b5758a..9d5e67ca5 100644 --- a/rootfs-builder/centos/rootfs_lib.sh +++ b/rootfs-builder/centos/rootfs_lib.sh @@ -129,6 +129,7 @@ build_rootfs() { DNF="${PKG_MANAGER} --config=$DNF_CONF -y --installroot=${ROOTFS_DIR} --noplugins" $DNF install ${EXTRA_PKGS} ${PACKAGES} + $DNF clean all [ -n "${ROOTFS_DIR}" ] && rm -r "${ROOTFS_DIR}/var/cache/centos-osbuilder" } From 85a9a4a7bea556a66b4fd153629aad1f07e49caf Mon Sep 17 00:00:00 2001 From: Peng Tao Date: Tue, 30 Jan 2018 18:58:50 +0800 Subject: [PATCH 038/307] CI: enable agent as init process and kata initrd tests 1. let travis build w/ and w/o agent as init process 2. test building kata initrd images Signed-off-by: Peng Tao --- .travis.yml | 6 +++++- tests/image_creation.bats | 30 +++++++++++++++++++++++++++--- 2 files changed, 32 insertions(+), 4 deletions(-) diff --git a/.travis.yml b/.travis.yml index 303d4c4a6..a8b0b6a8b 100644 --- a/.travis.yml +++ b/.travis.yml @@ -9,11 +9,15 @@ dist: trusty language: bash +env: + - AGENT_INIT=no + - AGENT_INIT=yes + services: - docker before_script: - ".ci/setup.sh" -script: +script: - "travis_wait .ci/run.sh" diff --git a/tests/image_creation.bats b/tests/image_creation.bats index 0261fd993..3b60d8f7f 100644 --- a/tests/image_creation.bats +++ b/tests/image_creation.bats @@ -7,6 +7,7 @@ rootfs_sh="$BATS_TEST_DIRNAME/../rootfs-builder/rootfs.sh" image_builder_sh="$BATS_TEST_DIRNAME/../image-builder/image_builder.sh" +initrd_builder_sh="$BATS_TEST_DIRNAME/../initrd-builder/initrd_builder.sh" readonly tmp_dir=$(mktemp -t -d osbuilder-test.XXXXXXX) #FIXME: Remove image size after https://github.com/kata-containers/osbuilder/issues/25 is fixed readonly image_size=400 @@ -23,27 +24,50 @@ teardown(){ rm -rf "${tmp_dir}" } -function build_image() +function build_rootfs() { distro="$1" [ -n "$distro" ] local rootfs="${tmp_dir}/rootfs-osbuilder" sudo -E ${rootfs_sh} -r "${rootfs}" "${distro}" - sudo ${image_builder_sh} -s ${image_size} -o "${tmp_dir}/image.img" "${rootfs}" +} + +function build_image() +{ + distro="$1" + [ -n "$distro" ] + local rootfs="${tmp_dir}/rootfs-osbuilder" + sudo -E ${image_builder_sh} -s ${image_size} -o "${tmp_dir}/image.img" "${rootfs}" +} + +function build_initrd() +{ + distro="$1" + [ -n "$distro" ] + local rootfs="${tmp_dir}/rootfs-osbuilder" + sudo -E ${initrd_builder_sh} -o "${tmp_dir}/initrd-image.img" "${rootfs}" } @test "Can create fedora image" { + build_rootfs fedora build_image fedora + build_initrd fedora } @test "Can create clearlinux image" { + build_rootfs clearlinux build_image clearlinux + build_initrd clearlinux } @test "Can create centos image" { - build_image centos + build_rootfs centos + build_image centos + build_initrd centos } @test "Can create euleros image" { + build_rootfs euleros build_image euleros + build_initrd euleros } From 7245b21206d14ee2862781c0974cdc467abe2610 Mon Sep 17 00:00:00 2001 From: Peng Tao Date: Wed, 31 Jan 2018 00:30:59 +0800 Subject: [PATCH 039/307] rootfs: document about AGENT_INIT Signed-off-by: Peng Tao --- rootfs-builder/README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/rootfs-builder/README.md b/rootfs-builder/README.md index 7143f5fe4..4b863f982 100644 --- a/rootfs-builder/README.md +++ b/rootfs-builder/README.md @@ -38,6 +38,8 @@ The rootfs must provide at least the following components: Path: `/sbin/init` - init binary called by the kernel. +When `AGENT_INIT` environment variable is set to `yes`, use Kata agent as `/sbin/init`. + ## Creating a rootfs To build a rootfs for your chosen distribution, run: From 9680f08ebfe1b68af75f29e03e98973c9648eb2c Mon Sep 17 00:00:00 2001 From: Peng Tao Date: Thu, 1 Feb 2018 16:47:21 +0800 Subject: [PATCH 040/307] rootfs: support adding optional kernel modules Caller of rootfs.sh can define `KERNEL_MODULES_DIR` as a kernel module directory and then the directory will be copied to `/lib/modules/` of the created rootfs. This allows additional kernel modules to be put into rootfs image and initrd image. Signed-off-by: Peng Tao --- rootfs-builder/README.md | 10 ++++++++++ rootfs-builder/rootfs.sh | 23 +++++++++++++++++++++++ 2 files changed, 33 insertions(+) diff --git a/rootfs-builder/README.md b/rootfs-builder/README.md index 4b863f982..f077a84cf 100644 --- a/rootfs-builder/README.md +++ b/rootfs-builder/README.md @@ -1,5 +1,6 @@ * [Supported base OSs](#supported-base-oss) * [Creating a rootfs](#creating-a-rootfs) +* [Creating a rootfs with kernel modules](#creating-a-rootfs-with-kenrel-modules) * [Build a rootfs using Docker*](#build-a-rootfs-using-docker*) * [Adding support for a new guest OS](#adding-support-for-a-new-guest-os) * [Create template files](#create-template-files) @@ -48,6 +49,15 @@ To build a rootfs for your chosen distribution, run: $ sudo ./rootfs.sh ``` +## Creating a rootfs with kernel modules + +To build a rootfs with additional kernel modules, run: +``` +$ sudo KERNEL_MODULES_DIR=${kernel_mod_dir} ./rootfs.sh +``` +Where `kernel_mod_dir` points to the kernel modules directory to be put under +`/lib/modules/` directory of the created rootfs. + ## Build a rootfs using Docker* Depending on the base OS to build the rootfs guest OS, it is required some diff --git a/rootfs-builder/rootfs.sh b/rootfs-builder/rootfs.sh index 0490c069b..d9db308b7 100755 --- a/rootfs-builder/rootfs.sh +++ b/rootfs-builder/rootfs.sh @@ -13,6 +13,7 @@ AGENT_VERSION=${AGENT_VERSION:-master} GO_AGENT_PKG=${GO_AGENT_PKG:-github.com/kata-containers/agent} AGENT_BIN=${AGENT_BIN:-kata-agent} AGENT_INIT=${AGENT_INIT:-no} +KERNEL_MODULES_DIR=${KERNEL_MODULES_DIR:-""} #Load default vesions for golang and other componets source "${script_dir}/versions.txt" @@ -50,6 +51,8 @@ USE_DOCKER: If set will build rootfs in a Docker Container (requries docker) DEFAULT: not set AGENT_INIT : Use $(AGENT_BIN) as init process. DEFAULT: no +KERNEL_MODULES_DIR: Optional kernel modules to put into the rootfs. + DEFAULT: "" EOT exit "${error}" } @@ -115,6 +118,17 @@ setup_agent_init() { OK "Agent is installed as init process" } +copy_kernel_modules() { + local module_dir=$1 + local rootfs_dir=$2 + + [ -z "module_dir" -o -z "rootfs_dir" ] && die "module dir and rootfs dir must be specified" + + info "Copy kernel modules from ${KERNEL_MODULES_DIR}" + mkdir -p ${rootfs_dir}/lib/modules/ + cp -a ${KERNEL_MODULES_DIR} ${rootfs_dir}/lib/modules/ + OK "Kernel modules copied" +} while getopts c:hr: opt do @@ -131,6 +145,8 @@ shift $(($OPTIND - 1)) [ "$AGENT_INIT" == "yes" -o "$AGENT_INIT" == "no" ] || die "AGENT_INIT($AGENT_INIT) is invalid (must be yes or no)" +[ -n "${KERNEL_MODULES_DIR}" ] && [ ! -d "${KERNEL_MODULES_DIR}" ] && die "KERNEL_MODULES_DIR defined but is not an existing directory" + distro="$1" init="${ROOTFS_DIR}/sbin/init" @@ -155,6 +171,9 @@ if [ -n "${USE_DOCKER}" ] ; then --build-arg https_proxy="${https_proxy}" \ -t "${image_name}" "${distro_config_dir}" + # fake mapping if KERNEL_MODULES_DIR is unset + kernel_mod_dir=${KERNEL_MODULES_DIR:-${ROOTFS_DIR}} + #Make sure we use a compatible runtime to build rootfs # In case Clear Containers Runtime is installed we dont want to hit issue: #https://github.com/clearcontainers/runtime/issues/828 @@ -168,8 +187,10 @@ if [ -n "${USE_DOCKER}" ] ; then --env AGENT_BIN="${AGENT_BIN}" \ --env AGENT_INIT="${AGENT_INIT}" \ --env GOPATH="${GOPATH}" \ + --env KERNEL_MODULES_DIR="${KERNEL_MODULES_DIR}" \ -v "${script_dir}":"/osbuilder" \ -v "${ROOTFS_DIR}":"/rootfs" \ + -v "${kernel_mod_dir}":"${kernel_mod_dir}" \ -v "${GOPATH}":"${GOPATH}" \ ${image_name} \ bash /osbuilder/rootfs.sh "${distro}" @@ -180,6 +201,8 @@ fi mkdir -p ${ROOTFS_DIR} build_rootfs ${ROOTFS_DIR} +[ -n "${KERNEL_MODULES_DIR}" ] && copy_kernel_modules ${KERNEL_MODULES_DIR} ${ROOTFS_DIR} + info "Pull Agent source code" go get -d "${GO_AGENT_PKG}" || true OK "Pull Agent source code" From f503e66dd7c6462944698dc4f257b8b63487179f Mon Sep 17 00:00:00 2001 From: Peng Tao Date: Thu, 1 Feb 2018 22:53:22 +0800 Subject: [PATCH 041/307] doc: add initd term to top level readme Signed-off-by: Peng Tao --- README.md | 8 ++++++++ rootfs-builder/README.md | 4 ++-- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index f905cf228..5360dbb56 100644 --- a/README.md +++ b/README.md @@ -30,6 +30,14 @@ This section describes the terms used for all documentation in this repository. See [the image builder documentation](image-builder/README.md). +- initrd (or "initramfs") + + A compressed cpio archive loaded into memory and used as part of the Linux + startup process. During startup, the kernel unpacks it into a special + instance of a tmpfs that becomes the initial root file system. + + See [the initrd builder documentation](initrd-builder/README.md). + - "Base OS" A particular version of a Linux distribution used to create a Guest OS from. diff --git a/rootfs-builder/README.md b/rootfs-builder/README.md index f077a84cf..0227eaee3 100644 --- a/rootfs-builder/README.md +++ b/rootfs-builder/README.md @@ -39,7 +39,7 @@ The rootfs must provide at least the following components: Path: `/sbin/init` - init binary called by the kernel. -When `AGENT_INIT` environment variable is set to `yes`, use Kata agent as `/sbin/init`. +When the `AGENT_INIT` environment variable is set to `yes`, use Kata agent as `/sbin/init`. ## Creating a rootfs @@ -55,7 +55,7 @@ To build a rootfs with additional kernel modules, run: ``` $ sudo KERNEL_MODULES_DIR=${kernel_mod_dir} ./rootfs.sh ``` -Where `kernel_mod_dir` points to the kernel modules directory to be put under +Where `kernel_mod_dir` points to the kernel modules directory to be put under the `/lib/modules/` directory of the created rootfs. ## Build a rootfs using Docker* From 5fe3f4ae0be514d2a8e952471e99e4860579bbfe Mon Sep 17 00:00:00 2001 From: Harshal Patil Date: Fri, 19 Jan 2018 14:27:00 +0530 Subject: [PATCH 042/307] scripts: Add an "auto-size" feature Changed image-builder/image_builder.sh to automatically calculate the size of the root disk Fixes #25. Signed-off-by: Harshal Patil --- image-builder/image_builder.sh | 179 +++++++++++++++++++++++---------- 1 file changed, 128 insertions(+), 51 deletions(-) diff --git a/image-builder/image_builder.sh b/image-builder/image_builder.sh index 12db51a01..60bddd880 100755 --- a/image-builder/image_builder.sh +++ b/image-builder/image_builder.sh @@ -36,18 +36,26 @@ info() echo "INFO: ${msg}" } +warning() +{ + local msg="$*" + echo "WARNING: ${msg}" +} + usage() { error="${1:-0}" cat < - This script will create a Kata Containers image file based on the - directory. + This script will create a Kata Containers image file of + an adequate size based on the directory. + The size of the image can be also be specified manually + by '-s' flag. Options: -h Show this help -o path to generate image file ENV: IMAGE - -s Image size in MB (default $IMG_SIZE) ENV: IMG_SIZE + -s Image size in MB ENV: IMG_SIZE Extra environment variables: AGENT_BIN: use it to change the expected agent binary name" @@ -57,12 +65,32 @@ EOT exit "${error}" } -while getopts "ho:s:" opt +# Maximum allowed size in MB for root disk +MAX_IMG_SIZE_MB=2048 + +FS_TYPE=${FS_TYPE:-"ext4"} + +# In order to support memory hotplug, image must be aligned to 128M +MEM_BOUNDARY=128 + +# Maximum no of attempts to create a root disk before giving up +MAX_ATTEMPTS=5 + +ATTEMPT_NUM=0 +while getopts "ho:s:f:" opt do case "$opt" in h) usage ;; o) IMAGE="${OPTARG}" ;; - s) IMG_SIZE="${OPTARG}" ;; + s) IMG_SIZE=${OPTARG} + if [ ${IMG_SIZE} -lt 0 ]; then + die "Image size has to be greater than 0 MB." + fi + if [ ${IMG_SIZE} -gt ${MAX_IMG_SIZE_MB} ]; then + die "Image size should not be greater than ${MAX_IMG_SIZE_MB} MB." + fi + ;; + f) FS_TYPE="${OPTARG}" ;; esac done @@ -113,55 +141,104 @@ OK "init is installed" OK "Agent installed" [ "$(id -u)" -eq 0 ] || die "$0: must be run as root" -BLOCK_SIZE=${BLOCK_SIZE:-4096} -IMG_SIZE=${IMG_SIZE:-80} - -info "Creating raw disk with size ${IMG_SIZE}M" -qemu-img create -q -f raw "${IMAGE}" "${IMG_SIZE}M" -OK "Image file created" - -# Kata runtime expect an image with just one partition -# The partition is the rootfs content - -info "Creating partitions" -parted "${IMAGE}" --script "mklabel gpt" \ -"mkpart ext4 1M -1M" -OK "Partitions created" - -# Get the loop device bound to the image file (requires /dev mounted in the -# image build system and root privileges) -DEVICE=$(losetup -P -f --show "${IMAGE}") - -#Refresh partition table -partprobe "${DEVICE}" - -MOUNT_DIR=$(mktemp -d osbuilder-mount-dir.XXXX) -info "Formating Image using ext4 format" -mkfs.ext4 -q -F -b "${BLOCK_SIZE}" "${DEVICE}p1" -OK "Image formated" - -info "Mounting root paratition" -mount "${DEVICE}p1" "${MOUNT_DIR}" -OK "root paratition mounted" - -RESERVED_BLOCKS_PERCENTAGE=3 -info "Set filesystem reserved blocks percentage to ${RESERVED_BLOCKS_PERCENTAGE}%" -tune2fs -m "${RESERVED_BLOCKS_PERCENTAGE}" "${DEVICE}p1" - -#TODO: Calculate disk size based on rootfs -#FIXME: https://github.com/kata-containers/osbuilder/issues/2 ROOTFS_SIZE=$(du -B 1MB -s "${ROOTFS}" | awk '{print $1}') -AVAIL_DISK=$(df -B M --output=avail "${DEVICE}p1" | tail -1) -AVAIL_DISK=${AVAIL_DISK/M} -info "Free space root partition ${AVAIL_DISK} MB" +BLOCK_SIZE=${BLOCK_SIZE:-4096} +OLD_IMG_SIZE=0 + +align_memory() +{ + remaining=$(($IMG_SIZE % $MEM_BOUNDARY)) + if [ "$remaining" != "0" ];then + warning "image size '$IMG_SIZE' is not aligned to memory boundary '$MEM_BOUNDARY', aligning it" + IMG_SIZE=$(($IMG_SIZE + $MEM_BOUNDARY - $remaining)) + fi +} + +# Calculate image size based on the rootfs +calculate_img_size() +{ + IMG_SIZE=${IMG_SIZE:-$MEM_BOUNDARY} + align_memory +} + +# Cleanup +cleanup() +{ + sync + umount -l ${MOUNT_DIR} + rmdir ${MOUNT_DIR} + fsck -D -y "${DEVICE}p1" + losetup -d "${DEVICE}" +} + +create_rootfs_disk() +{ + ATTEMPT_NUM=$(($ATTEMPT_NUM+1)) + info "Create root disk image. Attempt ${ATTEMPT_NUM} out of ${MAX_ATTEMPTS}." + if [ ${ATTEMPT_NUM} -gt ${MAX_ATTEMPTS} ]; then + die "Unable to create root disk image." + fi + + calculate_img_size + if [ ${OLD_IMG_SIZE} -ne 0 ]; then + info "Image size ${OLD_IMG_SIZE}MB too small, trying again with size ${IMG_SIZE}MB" + fi + + info "Creating raw disk with size ${IMG_SIZE}M" + qemu-img create -q -f raw "${IMAGE}" "${IMG_SIZE}M" + OK "Image file created" + + # Kata runtime expect an image with just one partition + # The partition is the rootfs content + + info "Creating partitions" + parted "${IMAGE}" --script "mklabel gpt" \ + "mkpart ${FS_TYPE} 1M -1M" + OK "Partitions created" + + # Get the loop device bound to the image file (requires /dev mounted in the + # image build system and root privileges) + DEVICE=$(losetup -P -f --show "${IMAGE}") + + #Refresh partition table + partprobe "${DEVICE}" + + MOUNT_DIR=$(mktemp -d osbuilder-mount-dir.XXXX) + info "Formating Image using ext4 format" + mkfs.ext4 -q -F -b "${BLOCK_SIZE}" "${DEVICE}p1" + OK "Image formated" + + info "Mounting root paratition" + mount "${DEVICE}p1" "${MOUNT_DIR}" + OK "root paratition mounted" + RESERVED_BLOCKS_PERCENTAGE=3 + info "Set filesystem reserved blocks percentage to ${RESERVED_BLOCKS_PERCENTAGE}%" + tune2fs -m "${RESERVED_BLOCKS_PERCENTAGE}" "${DEVICE}p1" + + AVAIL_DISK=$(df -B M --output=avail "${DEVICE}p1" | tail -1) + AVAIL_DISK=${AVAIL_DISK/M} + info "Free space root partition ${AVAIL_DISK} MB" + + # if the available disk space is less than rootfs size, repeat the process + # of disk creation by adding 5% in the inital assumed value $ROOTFS_SIZE + if [ $ROOTFS_SIZE -gt $AVAIL_DISK ]; then + # Increase the size but remain aligned to 128 + MEM_BOUNDARY=$(($MEM_BOUNDARY+128)) + rm -f ${IMAGE} + OLD_IMG_SIZE=${IMG_SIZE} + unset IMG_SIZE + cleanup + create_rootfs_disk + fi +} + +create_rootfs_disk + info "rootfs size ${ROOTFS_SIZE} MB" info "Copying content from rootfs to root partition" cp -a "${ROOTFS}"/* ${MOUNT_DIR} OK "rootfs copied" -# Cleanup -sync -umount -l ${MOUNT_DIR} -fsck -D -y "${DEVICE}p1" -losetup -d "${DEVICE}" -info "Image created" +cleanup + +info "Image created. Size: ${IMG_SIZE}MB." From de6e4dc93f90a6ff8693e13045847f52040c7069 Mon Sep 17 00:00:00 2001 From: Peng Tao Date: Thu, 1 Feb 2018 01:12:32 +0800 Subject: [PATCH 043/307] builder: fix agent binary path kata agent is installed in `${ROOTFS}/usr/bin/` rather than `${ROOTFS}/bin/`. It just happended to work because `bin` is a symlink to `usr/bin`, which might not be true in some distros. So do not rely on it. Signed-off-by: Peng Tao --- image-builder/image_builder.sh | 4 ++-- initrd-builder/initrd_builder.sh | 4 ++-- rootfs-builder/rootfs.sh | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/image-builder/image_builder.sh b/image-builder/image_builder.sh index 526967e16..f79d583f5 100755 --- a/image-builder/image_builder.sh +++ b/image-builder/image_builder.sh @@ -138,8 +138,8 @@ fi init="${ROOTFS}/sbin/init" [ -x "${init}" ] || [ -L ${init} ] || die "/sbin/init is not installed in ${ROOTFS_DIR}" OK "init is installed" -[ "${AGENT_INIT}" == "yes" ] || [ -x "${ROOTFS}/bin/${AGENT_BIN}" ] || \ - die "/bin/${AGENT_BIN} is not installed in ${ROOTFS} +[ "${AGENT_INIT}" == "yes" ] || [ -x "${ROOTFS}/usr/bin/${AGENT_BIN}" ] || \ + die "/usr/bin/${AGENT_BIN} is not installed in ${ROOTFS} use AGENT_BIN env variable to change the expected agent binary name" OK "Agent installed" [ "$(id -u)" -eq 0 ] || die "$0: must be run as root" diff --git a/initrd-builder/initrd_builder.sh b/initrd-builder/initrd_builder.sh index fbe435913..a0bbc15d8 100755 --- a/initrd-builder/initrd_builder.sh +++ b/initrd-builder/initrd_builder.sh @@ -87,8 +87,8 @@ IMAGE_NAME=$(basename ${INITRD_IMAGE}) init="${ROOTFS}/sbin/init" [ -x "${init}" ] || [ -L ${init} ] || die "/sbin/init is not installed in ${ROOTFS_DIR}" OK "init is installed" -[ "${AGENT_INIT}" == "yes" ] || [ -x "${ROOTFS}/bin/${AGENT_BIN}" ] || \ - die "/bin/${AGENT_BIN} is not installed in ${ROOTFS} +[ "${AGENT_INIT}" == "yes" ] || [ -x "${ROOTFS}/usr/bin/${AGENT_BIN}" ] || \ + die "/usr/bin/${AGENT_BIN} is not installed in ${ROOTFS} use AGENT_BIN env variable to change the expected agent binary name" OK "Agent is installed" diff --git a/rootfs-builder/rootfs.sh b/rootfs-builder/rootfs.sh index d9db308b7..248635c55 100755 --- a/rootfs-builder/rootfs.sh +++ b/rootfs-builder/rootfs.sh @@ -212,10 +212,10 @@ pushd "${GOPATH}/src/${GO_AGENT_PKG}" make INIT=${AGENT_INIT} make install DESTDIR="${ROOTFS_DIR}" INIT=${AGENT_INIT} popd -[ -x "${ROOTFS_DIR}/bin/${AGENT_BIN}" ] || die "/bin/${AGENT_BIN} is not installed in ${ROOTFS_DIR}" +[ -x "${ROOTFS_DIR}/usr/bin/${AGENT_BIN}" ] || die "/usr/bin/${AGENT_BIN} is not installed in ${ROOTFS_DIR}" OK "Agent installed" -[ "${AGENT_INIT}" == "yes" ] && setup_agent_init "${ROOTFS_DIR}/bin/${AGENT_BIN}" "${init}" +[ "${AGENT_INIT}" == "yes" ] && setup_agent_init "${ROOTFS_DIR}/usr/bin/${AGENT_BIN}" "${init}" info "Check init is installed" [ -x "${init}" ] || [ -L ${init} ] || die "/sbin/init is not installed in ${ROOTFS_DIR}" From c8403836c04891dde016fce41f93e32a9849ec72 Mon Sep 17 00:00:00 2001 From: Peng Tao Date: Thu, 1 Feb 2018 01:18:23 +0800 Subject: [PATCH 044/307] rootfs: add alpine rootfs support Fixes: #52 Signed-off-by: Peng Tao --- rootfs-builder/alpine/Dockerfile.in | 3 ++ rootfs-builder/alpine/config.sh | 23 +++++++++++++ rootfs-builder/alpine/rootfs_lib.sh | 52 +++++++++++++++++++++++++++++ rootfs-builder/rootfs.sh | 2 ++ 4 files changed, 80 insertions(+) create mode 100644 rootfs-builder/alpine/Dockerfile.in create mode 100644 rootfs-builder/alpine/config.sh create mode 100644 rootfs-builder/alpine/rootfs_lib.sh diff --git a/rootfs-builder/alpine/Dockerfile.in b/rootfs-builder/alpine/Dockerfile.in new file mode 100644 index 000000000..538f84b61 --- /dev/null +++ b/rootfs-builder/alpine/Dockerfile.in @@ -0,0 +1,3 @@ +From golang:@GO_VERSION@-alpine3.7 + +RUN apk update && apk add git make bash gcc musl-dev linux-headers apk-tools-static diff --git a/rootfs-builder/alpine/config.sh b/rootfs-builder/alpine/config.sh new file mode 100644 index 000000000..9fe4a2b8c --- /dev/null +++ b/rootfs-builder/alpine/config.sh @@ -0,0 +1,23 @@ +# This is a configuration file add extra variables to +# be used by build_rootfs() from rootfs_lib.sh the variables will be +# loaded just before call the function. + +# Here there are a couple of variables you may need. +# Remove them or add more + +# alpine version +OS_VERSION=${OS_VERSION:-v3.7} + +# Essential base packages +BASE_PACKAGES="alpine-base" + +# Alpine mirror to use +# See a list of mirrors at http://nl.alpinelinux.org/alpine/MIRRORS.txt +MIRROR=http://dl-5.alpinelinux.org/alpine + +# Default Architecture +ARCH=${ARCH:-x86_64} + +# Mandatory Packages that must be installed +# - iptables: Need by Kata agent +PACKAGES="iptables" diff --git a/rootfs-builder/alpine/rootfs_lib.sh b/rootfs-builder/alpine/rootfs_lib.sh new file mode 100644 index 000000000..4143bce2e --- /dev/null +++ b/rootfs-builder/alpine/rootfs_lib.sh @@ -0,0 +1,52 @@ +#!/bin/bash +# +# Copyright (c) 2018 HyperHQ Inc. +# +# SPDX-License-Identifier: Apache-2.0 + +check_root() +{ + if [ "$(id -u)" != "0" ]; then + echo "Root is needed" + exit 1 + fi +} + +# - Arguments +# rootfs_dir=$1 +# +# - Optional environment variables +# +# EXTRA_PKGS: Variable to add extra PKGS provided by the user +# +# BIN_AGENT: Name of the Kata-Agent binary +# +# Any other configuration variable for a specific distro must be added +# and documented on its own config.sh +# +# - Expected result +# +# rootfs_dir populated with rootfs pkgs +# It must provide a binary in /sbin/init +build_rootfs() { + # Mandatory + local ROOTFS_DIR=$1 + + # In case of support EXTRA packages, use it to allow + # users add more packages to the base rootfs + local EXTRA_PKGS=${EXTRA_PKGS:-} + + # Populate ROOTFS_DIR + check_root + mkdir -p "${ROOTFS_DIR}" + + /sbin/apk.static \ + -X ${MIRROR}/${OS_VERSION}/main \ + -U \ + --allow-untrusted \ + --root ${ROOTFS_DIR}\ + --initdb add ${BASE_PACKAGES} ${EXTRA_PKGS} ${PACKAGES} + + mkdir -p ${ROOTFS_DIR}{/root,/etc/apk,/proc} + echo "${MIRROR}/${OS_VERSION}/main" > ${ROOTFS_DIR}/etc/apk/repositories +} diff --git a/rootfs-builder/rootfs.sh b/rootfs-builder/rootfs.sh index 248635c55..9d68283ec 100755 --- a/rootfs-builder/rootfs.sh +++ b/rootfs-builder/rootfs.sh @@ -104,6 +104,7 @@ ENV PATH=\$PATH:\$GOROOT/bin:\$GOPATH/bin pushd ${dir} [ -f "${dockerfile_template}" ] || die "${dockerfile_template}: file not found" sed \ + -e "s|@GO_VERSION@|${GO_VERSION}|g" \ -e "s|@OS_VERSION@|${OS_VERSION}|g" \ -e "s|@INSTALL_GO@|${install_go//$'\n'/\\n}|g" \ ${dockerfile_template} > Dockerfile @@ -209,6 +210,7 @@ OK "Pull Agent source code" info "Build agent" pushd "${GOPATH}/src/${GO_AGENT_PKG}" +make clean make INIT=${AGENT_INIT} make install DESTDIR="${ROOTFS_DIR}" INIT=${AGENT_INIT} popd From 58d8f0b2b562865dd5cd411943dd69c071d728eb Mon Sep 17 00:00:00 2001 From: Peng Tao Date: Thu, 1 Feb 2018 01:28:42 +0800 Subject: [PATCH 045/307] tests: add alpine image build tests Signed-off-by: Peng Tao --- tests/image_creation.bats | 43 ++++++++++++++++++--------------------- 1 file changed, 20 insertions(+), 23 deletions(-) diff --git a/tests/image_creation.bats b/tests/image_creation.bats index 3b60d8f7f..9e0f765a7 100644 --- a/tests/image_creation.bats +++ b/tests/image_creation.bats @@ -9,6 +9,7 @@ rootfs_sh="$BATS_TEST_DIRNAME/../rootfs-builder/rootfs.sh" image_builder_sh="$BATS_TEST_DIRNAME/../image-builder/image_builder.sh" initrd_builder_sh="$BATS_TEST_DIRNAME/../initrd-builder/initrd_builder.sh" readonly tmp_dir=$(mktemp -t -d osbuilder-test.XXXXXXX) +tmp_rootfs="${tmp_dir}/rootfs-osbuilder" #FIXME: Remove image size after https://github.com/kata-containers/osbuilder/issues/25 is fixed readonly image_size=400 @@ -20,54 +21,50 @@ setup() teardown(){ # Rootfs is own by root change it to remove it - sudo rm -rf "${tmp_dir}/rootfs-osbuilder" + sudo rm -rf "${tmp_rootfs}" rm -rf "${tmp_dir}" } function build_rootfs() { - distro="$1" - [ -n "$distro" ] - local rootfs="${tmp_dir}/rootfs-osbuilder" - sudo -E ${rootfs_sh} -r "${rootfs}" "${distro}" + sudo -E ${rootfs_sh} -r "${tmp_rootfs}" "${distro}" } function build_image() { - distro="$1" - [ -n "$distro" ] - local rootfs="${tmp_dir}/rootfs-osbuilder" - sudo -E ${image_builder_sh} -s ${image_size} -o "${tmp_dir}/image.img" "${rootfs}" + sudo -E ${image_builder_sh} -s ${image_size} -o "${tmp_dir}/image.img" "${tmp_rootfs}" } function build_initrd() +{ + sudo -E ${initrd_builder_sh} -o "${tmp_dir}/initrd-image.img" "${tmp_rootfs}" +} + +function build_rootfs_image_initrd() { distro="$1" [ -n "$distro" ] - local rootfs="${tmp_dir}/rootfs-osbuilder" - sudo -E ${initrd_builder_sh} -o "${tmp_dir}/initrd-image.img" "${rootfs}" + build_rootfs $distro + build_image + build_initrd } @test "Can create fedora image" { - build_rootfs fedora - build_image fedora - build_initrd fedora + build_rootfs_image_initrd fedora } @test "Can create clearlinux image" { - build_rootfs clearlinux - build_image clearlinux - build_initrd clearlinux + build_rootfs_image_initrd clearlinux } @test "Can create centos image" { - build_rootfs centos - build_image centos - build_initrd centos + build_rootfs_image_initrd centos } @test "Can create euleros image" { - build_rootfs euleros - build_image euleros - build_initrd euleros + build_rootfs_image_initrd euleros +} + +@test "Can create alpine image" { + build_rootfs_image_initrd alpine } From 132e812fe4b71a4d982415cd25c153cb457b5dec Mon Sep 17 00:00:00 2001 From: Harshal Patil Date: Mon, 5 Feb 2018 15:40:32 +0530 Subject: [PATCH 046/307] scripts : handle 0 and negative root disk sizes When user manually specifies root disk image size the value should be greater than 0. Fixes : #57 Signed-off-by: Harshal Patil --- image-builder/image_builder.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/image-builder/image_builder.sh b/image-builder/image_builder.sh index f79d583f5..d604fe3c9 100755 --- a/image-builder/image_builder.sh +++ b/image-builder/image_builder.sh @@ -85,7 +85,7 @@ do h) usage ;; o) IMAGE="${OPTARG}" ;; s) IMG_SIZE=${OPTARG} - if [ ${IMG_SIZE} -lt 0 ]; then + if [ ${IMG_SIZE} -le 0 ]; then die "Image size has to be greater than 0 MB." fi if [ ${IMG_SIZE} -gt ${MAX_IMG_SIZE_MB} ]; then From cd3fbcf86411107ff7add3421541fca0d451e1d9 Mon Sep 17 00:00:00 2001 From: Julio Montes Date: Thu, 8 Feb 2018 19:35:58 -0600 Subject: [PATCH 047/307] rootfs-builder: ARM64 support Install the right version of golang depending of the host architecture fixes #60 Signed-off-by: Julio Montes --- rootfs-builder/rootfs.sh | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/rootfs-builder/rootfs.sh b/rootfs-builder/rootfs.sh index 9d68283ec..7b41594b4 100755 --- a/rootfs-builder/rootfs.sh +++ b/rootfs-builder/rootfs.sh @@ -92,9 +92,19 @@ check_function_exist() { generate_dockerfile() { dir="$1" + case "$(arch)" in + "aarch64") + goarch=arm64 + ;; + + *) + goarch=amd64 + ;; + esac + readonly install_go=" -ADD https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz /tmp -RUN tar -C /usr/ -xzf /tmp/go${GO_VERSION}.linux-amd64.tar.gz +ADD https://storage.googleapis.com/golang/go${GO_VERSION}.linux-${goarch}.tar.gz /tmp +RUN tar -C /usr/ -xzf /tmp/go${GO_VERSION}.linux-${goarch}.tar.gz ENV GOROOT=/usr/go ENV PATH=\$PATH:\$GOROOT/bin:\$GOPATH/bin " From ea4063095dfec1075ea9e2a2f131594c3a962eb0 Mon Sep 17 00:00:00 2001 From: Erick Cardona Date: Wed, 14 Feb 2018 14:27:40 -0600 Subject: [PATCH 048/307] image-builder: Allow to specify root partition free space There is no way to specify the remaining free space of the root partition. It can vary depending on the upper bound size of the image aligned to 128MB and the size of the root filesystem. The following patch allow the user to specify that at least a certain amount of space (defined in MB) will be kept in the root partition. Fixes: #45 Signed-off-by: Erick Cardona --- image-builder/image_builder.sh | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/image-builder/image_builder.sh b/image-builder/image_builder.sh index d604fe3c9..c9561754a 100755 --- a/image-builder/image_builder.sh +++ b/image-builder/image_builder.sh @@ -57,6 +57,7 @@ Options: -h Show this help -o path to generate image file ENV: IMAGE -s Image size in MB ENV: IMG_SIZE + -r Free space of the root partition in MB ENV: ROOT_FREE_SPACE Extra environment variables: AGENT_BIN: use it to change the expected agent binary name @@ -79,11 +80,12 @@ MEM_BOUNDARY=128 MAX_ATTEMPTS=5 ATTEMPT_NUM=0 -while getopts "ho:s:f:" opt +while getopts "ho:r:s:f:" opt do case "$opt" in h) usage ;; o) IMAGE="${OPTARG}" ;; + r) ROOT_FREE_SPACE="${OPTARG}" ;; s) IMG_SIZE=${OPTARG} if [ ${IMG_SIZE} -le 0 ]; then die "Image size has to be greater than 0 MB." @@ -162,6 +164,11 @@ calculate_img_size() { IMG_SIZE=${IMG_SIZE:-$MEM_BOUNDARY} align_memory + if [ -n "$ROOT_FREE_SPACE" ] && [ "$IMG_SIZE" -gt "$ROOTFS_SIZE" ]; then + info "Ensure that root partition has at least ${ROOT_FREE_SPACE}MB of free space" + IMG_SIZE=$(($IMG_SIZE + $ROOT_FREE_SPACE)) + fi + } # Cleanup @@ -244,4 +251,4 @@ OK "rootfs copied" cleanup -info "Image created. Size: ${IMG_SIZE}MB." +info "Image created. Virtual size: ${IMG_SIZE}MB." From 55f03248782d0e4831c7ad826e38b0b5a38ae93f Mon Sep 17 00:00:00 2001 From: Liang Chenye Date: Thu, 1 Feb 2018 20:16:31 +0800 Subject: [PATCH 049/307] skip euleros build due to timeout reason Fixes #46. Signed-off-by: Liang Chenye --- tests/image_creation.bats | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/image_creation.bats b/tests/image_creation.bats index 9e0f765a7..5ff97b8b5 100644 --- a/tests/image_creation.bats +++ b/tests/image_creation.bats @@ -62,6 +62,10 @@ function build_rootfs_image_initrd() } @test "Can create euleros image" { + if [ "$TRAVIS" = true ] + then + skip "travis timeout, see: https://github.com/kata-containers/osbuilder/issues/46" + fi build_rootfs_image_initrd euleros } From b21db8fc7932f42b026c67779ad73ec73e3c5906 Mon Sep 17 00:00:00 2001 From: Nirmoy Das Date: Sun, 25 Feb 2018 22:49:49 +0100 Subject: [PATCH 050/307] makefile: fix makefile to find Dockerfile.template template rootfs creation fails: $make -f template/Makefile ROOTFS_BASE_NAME=opensuse <....> sed: can't read Dockerfile.template: No such file or directory make is unable to find Dockerfile.template, this patch fixes this. Fixes #67. Signed-off-by: Nirmoy Das --- rootfs-builder/template/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rootfs-builder/template/Makefile b/rootfs-builder/template/Makefile index 4315f6da2..a1c6892c6 100644 --- a/rootfs-builder/template/Makefile +++ b/rootfs-builder/template/Makefile @@ -15,6 +15,6 @@ endif cp "$(MK_DIR)/config_template.sh" "$(DESTDIR)/config.sh" sed \ -e "s|@distro@|$(ROOTFS_BASE_NAME)|g" \ - Dockerfile.template > $(DESTDIR)/Dockerfile.in + "$(MK_DIR)/Dockerfile.template" > $(DESTDIR)/Dockerfile.in From 90d7b4dad6de3bf6141e66ef58988f9dcab935c7 Mon Sep 17 00:00:00 2001 From: "James O. D. Hunt" Date: Mon, 26 Feb 2018 08:41:25 +0000 Subject: [PATCH 051/307] CI: Make setup script fail on error Run the `.ci/setup.sh` script with `set -e` to ensure all failures are fatal. Fixes #65. Signed-off-by: James O. D. Hunt --- .ci/setup.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.ci/setup.sh b/.ci/setup.sh index 43b886837..1bab32bf7 100755 --- a/.ci/setup.sh +++ b/.ci/setup.sh @@ -5,6 +5,8 @@ # SPDX-License-Identifier: Apache-2.0 # +set -e + cidir=$(dirname "$0") bash "${cidir}/static-checks.sh" From 56ab8c99fe4ac4b5d186a9fa4264afd577487d8b Mon Sep 17 00:00:00 2001 From: Peng Tao Date: Thu, 22 Mar 2018 23:18:07 +0800 Subject: [PATCH 052/307] initrd-builder: fix ROOTFS_DIR typo It should be just ROOTFS. Signed-off-by: Peng Tao --- initrd-builder/initrd_builder.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/initrd-builder/initrd_builder.sh b/initrd-builder/initrd_builder.sh index a0bbc15d8..3cb25a531 100755 --- a/initrd-builder/initrd_builder.sh +++ b/initrd-builder/initrd_builder.sh @@ -85,7 +85,7 @@ IMAGE_NAME=$(basename ${INITRD_IMAGE}) # The kata rootfs image expects init to be installed init="${ROOTFS}/sbin/init" -[ -x "${init}" ] || [ -L ${init} ] || die "/sbin/init is not installed in ${ROOTFS_DIR}" +[ -x "${init}" ] || [ -L ${init} ] || die "/sbin/init is not installed in ${ROOTFS}" OK "init is installed" [ "${AGENT_INIT}" == "yes" ] || [ -x "${ROOTFS}/usr/bin/${AGENT_BIN}" ] || \ die "/usr/bin/${AGENT_BIN} is not installed in ${ROOTFS} From 6e1f2e063d2f9371b839a4f9d82844e8d75f67be Mon Sep 17 00:00:00 2001 From: Peng Tao Date: Thu, 22 Mar 2018 23:20:53 +0800 Subject: [PATCH 053/307] Makefile: allow to build image and initrd based on existing rootfs Just so that we do not have to re-build rootfs every time for local build/testing. Fixes: #69 Signed-off-by: Peng Tao --- Makefile | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index 6f3aaa596..ccc2ea53e 100644 --- a/Makefile +++ b/Makefile @@ -10,14 +10,19 @@ DISTRO_ROOTFS := "$(PWD)/$(DISTRO)_rootfs" IMG_SIZE=500 AGENT_INIT ?= no +all: rootfs image initrd rootfs: @echo Creating rootfs based on "$(DISTRO)" "$(MK_DIR)/rootfs-builder/rootfs.sh" -r "$(DISTRO_ROOTFS)" "$(DISTRO)" -image: rootfs +image: rootfs image-only + +image-only: @echo Creating image based on "$(DISTRO_ROOTFS)" "$(MK_DIR)/image-builder/image_builder.sh" -s "$(IMG_SIZE)" "$(DISTRO_ROOTFS)" -initrd: rootfs +initrd: rootfs initrd-only + +initrd-only: @echo Creating initrd image based on "$(DISTRO_ROOTFS)" "$(MK_DIR)/initrd-builder/initrd_builder.sh" "$(DISTRO_ROOTFS)" From 7043e196711083e91e2709dc9f8dd66f642c788d Mon Sep 17 00:00:00 2001 From: Harshal Patil Date: Fri, 23 Mar 2018 13:25:54 +0530 Subject: [PATCH 054/307] rootfs: Pass EXTRA_PKGS var to docker to build rootfs When docker is used for building rootfs the EXTRA_PKGS should be passed as env var Fixes #74 Signed-off-by: Harshal Patil --- rootfs-builder/rootfs.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/rootfs-builder/rootfs.sh b/rootfs-builder/rootfs.sh index 7b41594b4..630d55a48 100755 --- a/rootfs-builder/rootfs.sh +++ b/rootfs-builder/rootfs.sh @@ -199,6 +199,7 @@ if [ -n "${USE_DOCKER}" ] ; then --env AGENT_INIT="${AGENT_INIT}" \ --env GOPATH="${GOPATH}" \ --env KERNEL_MODULES_DIR="${KERNEL_MODULES_DIR}" \ + --env EXTRA_PKGS="${EXTRA_PKGS}" \ -v "${script_dir}":"/osbuilder" \ -v "${ROOTFS_DIR}":"/rootfs" \ -v "${kernel_mod_dir}":"${kernel_mod_dir}" \ From 2972a335350d9bb4c2d5ce0807e2006b6909198c Mon Sep 17 00:00:00 2001 From: Harshal Patil Date: Fri, 23 Mar 2018 11:46:40 +0530 Subject: [PATCH 055/307] rootfs: Install the right golang binaries for ppc64le On ppc64le golang binaries should be pulled correctly Fixes #72 Signed-off-by: Harshal Patil --- rootfs-builder/rootfs.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/rootfs-builder/rootfs.sh b/rootfs-builder/rootfs.sh index 7b41594b4..0108dc52f 100755 --- a/rootfs-builder/rootfs.sh +++ b/rootfs-builder/rootfs.sh @@ -93,6 +93,10 @@ generate_dockerfile() { dir="$1" case "$(arch)" in + "ppc64le") + goarch=ppc64le + ;; + "aarch64") goarch=arm64 ;; From 93146d91dcc3ecd1359fc0d9b2e4cc599bee261f Mon Sep 17 00:00:00 2001 From: Graham whaley Date: Fri, 23 Mar 2018 09:54:59 +0000 Subject: [PATCH 056/307] ci: lib: allow override of tests_repo Only set the tests_repo url to the default if it is not set already. Fixes: #71 Signed-off-by: Graham whaley --- .ci/lib.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.ci/lib.sh b/.ci/lib.sh index a3f163026..c5c8582f4 100644 --- a/.ci/lib.sh +++ b/.ci/lib.sh @@ -3,7 +3,7 @@ # # SPDX-License-Identifier: Apache-2.0 -export tests_repo="github.com/kata-containers/tests" +export tests_repo="${tests_repo:-github.com/kata-containers/tests}" export tests_repo_dir="$GOPATH/src/$tests_repo" clone_tests_repo() From 52022701dbb6e5d9dc237604dab776f166d14832 Mon Sep 17 00:00:00 2001 From: Erick Cardona Date: Fri, 16 Feb 2018 17:16:33 -0600 Subject: [PATCH 057/307] rootfs-builder: Refactor rootfs.sh This patch introduces a bash library (scripts/lib.sh) that concentrates common functions. This also enhances future additions of other OSes, making it more simple. Also, new variables were introduced in each distro config.sh in order to parameterise the creation of package manager config (dnf/yum, in this case). A fix to the resulting rootfs directory name (include OS name) is also fixed in this patch. Fixes #39 Fixes #34 Signed-off-by: Erick Cardona --- rootfs-builder/README.md | 18 +-- rootfs-builder/alpine/config.sh | 15 +- rootfs-builder/alpine/rootfs_lib.sh | 8 -- rootfs-builder/centos/config.sh | 26 ++-- rootfs-builder/centos/rootfs_lib.sh | 135 ------------------ rootfs-builder/clearlinux/config.sh | 14 +- rootfs-builder/clearlinux/rootfs_lib.sh | 93 ------------ rootfs-builder/euleros/config.sh | 14 +- rootfs-builder/euleros/rootfs_lib.sh | 100 ------------- rootfs-builder/fedora/config.sh | 12 +- rootfs-builder/rootfs.sh | 41 ++++-- rootfs-builder/template/config_template.sh | 11 +- .../template/rootfs_lib_template.sh | 6 + .../fedora/rootfs_lib.sh => scripts/lib.sh | 68 +++++---- 14 files changed, 142 insertions(+), 419 deletions(-) delete mode 100644 rootfs-builder/centos/rootfs_lib.sh delete mode 100755 rootfs-builder/clearlinux/rootfs_lib.sh delete mode 100644 rootfs-builder/euleros/rootfs_lib.sh rename rootfs-builder/fedora/rootfs_lib.sh => scripts/lib.sh (61%) mode change 100755 => 100644 diff --git a/rootfs-builder/README.md b/rootfs-builder/README.md index 0227eaee3..36c3dc4a9 100644 --- a/rootfs-builder/README.md +++ b/rootfs-builder/README.md @@ -104,14 +104,6 @@ must be met: The `rootfs.sh` script will check for immediate sub-directories containing the following expected files: -- A `bash(1)` script called `rootfs_lib.sh` - - This file must contain a function called `build_rootfs()`, which must - receive the path to where the rootfs is created, as its first argument. - - Path: `rootfs-builder//rootfs_lib.sh`. - - - A `bash(1)` script called `config.sh` This represents the specific configuration for ``. It must @@ -121,6 +113,16 @@ containing the following expected files: Path: `rootfs-builder//config.sh`. +- (OPTIONAL) A `bash(1)` script called `rootfs_lib.sh` + + This file must contain a function called `build_rootfs()`, which must + receive the path to where the rootfs is created, as its first argument. + Normally, this file is needed if a new distro with a special requirement + is needed. This function will override the `build_rootfs()` function in + `scripts/lib.sh`. + + Path: `rootfs-builder//rootfs_lib.sh`. + ### Create template files To create a directory with the expected file structure run: diff --git a/rootfs-builder/alpine/config.sh b/rootfs-builder/alpine/config.sh index 9fe4a2b8c..bc8cf4345 100644 --- a/rootfs-builder/alpine/config.sh +++ b/rootfs-builder/alpine/config.sh @@ -1,23 +1,18 @@ -# This is a configuration file add extra variables to -# be used by build_rootfs() from rootfs_lib.sh the variables will be -# loaded just before call the function. +# +# Copyright (c) 2018 Intel Corporation +# +# SPDX-License-Identifier: Apache-2.0 -# Here there are a couple of variables you may need. -# Remove them or add more +OS_NAME="Alpine" -# alpine version OS_VERSION=${OS_VERSION:-v3.7} -# Essential base packages BASE_PACKAGES="alpine-base" # Alpine mirror to use # See a list of mirrors at http://nl.alpinelinux.org/alpine/MIRRORS.txt MIRROR=http://dl-5.alpinelinux.org/alpine -# Default Architecture -ARCH=${ARCH:-x86_64} - # Mandatory Packages that must be installed # - iptables: Need by Kata agent PACKAGES="iptables" diff --git a/rootfs-builder/alpine/rootfs_lib.sh b/rootfs-builder/alpine/rootfs_lib.sh index 4143bce2e..dd4c513aa 100644 --- a/rootfs-builder/alpine/rootfs_lib.sh +++ b/rootfs-builder/alpine/rootfs_lib.sh @@ -4,14 +4,6 @@ # # SPDX-License-Identifier: Apache-2.0 -check_root() -{ - if [ "$(id -u)" != "0" ]; then - echo "Root is needed" - exit 1 - fi -} - # - Arguments # rootfs_dir=$1 # diff --git a/rootfs-builder/centos/config.sh b/rootfs-builder/centos/config.sh index 5a1ba4ef2..14be86b7d 100644 --- a/rootfs-builder/centos/config.sh +++ b/rootfs-builder/centos/config.sh @@ -1,15 +1,25 @@ -# This is a configuration file add extra variables to -# be used by build_rootfs() from rootfs_lib.sh the variables will be -# loaded just before call the function. +# +# Copyright (c) 2018 Intel Corporation +# +# SPDX-License-Identifier: Apache-2.0 -# Here there are a couple of variables you may need. -# Remove them or add more +OS_NAME="Centos" -# Centos Version OS_VERSION=${OS_VERSION:-7} -#Mandatory Packages that must be installed -# iptables: Need by Kata agent +LOG_FILE="/var/log/yum-centos.log" + +MIRROR_LIST="http://mirrorlist.centos.org/?release=${OS_VERSION}&arch=${ARCH}&repo=os&container=container" + +# Aditional Repos +CENTOS_UPDATES_URL="http://mirrorlist.centos.org/?release=${OS_VERSION}&arch=${ARCH}&repo=updates&container=container" + +CENTOS_EXTRAS_URL="http://mirrorlist.centos.org/?release=${OS_VERSION}&arch=${ARCH}&repo=extras&container=container" + +CENTOS_PLUS_URL="http://mirrorlist.centos.org/?release=${OS_VERSION}&arch=${ARCH}&repo=centosplus&container=container" + +GPG_KEY_FILE="RPM-GPG-KEY-CentOS-7" + PACKAGES="iptables" #Optional packages: diff --git a/rootfs-builder/centos/rootfs_lib.sh b/rootfs-builder/centos/rootfs_lib.sh deleted file mode 100644 index 9d5e67ca5..000000000 --- a/rootfs-builder/centos/rootfs_lib.sh +++ /dev/null @@ -1,135 +0,0 @@ -#!/bin/bash -# -# Copyright (c) 2017 Intel Corporation -# -# SPDX-License-Identifier: Apache-2.0 - -check_program(){ - type "$1" >/dev/null 2>&1 -} - -check_root() -{ - if [ "$(id -u)" != "0" ]; then - echo "Root is needed" - exit 1 - fi -} - -generate_dnf_config() -{ - cat > "${DNF_CONF}" << EOF -[main] -cachedir=/var/cache/centos-osbuilder -keepcache=0 -debuglevel=2 -logfile=/var/log/yum-centos.log -exactarch=1 -obsoletes=1 -gpgcheck=0 -plugins=0 -installonly_limit=3 -#Dont use the default dnf reposdir -#this will prevent to use host repositories -reposdir=/root/mash - -[base] -name=CentOS-7 - Base -mirrorlist=http://mirrorlist.centos.org/?release=7&arch=x86_64&repo=os&container=container -#baseurl=${REPO_URL}/os/x86_64/ -gpgcheck=1 -gpgkey=file://${CONFIG_DIR}/RPM-GPG-KEY-CentOS-7 - -#released updates -[updates] -name=CentOS-7 - Updates -mirrorlist=http://mirrorlist.centos.org/?release=7&arch=x86_64&repo=updates&container=container -#baseurl=${REPO_URL}/updates/x86_64/ -gpgcheck=1 -gpgkey=file://${CONFIG_DIR}/RPM-GPG-KEY-CentOS-7 - -#additional packages that may be useful -[extras] -name=CentOS-7 - Extras -mirrorlist=http://mirrorlist.centos.org/?release=7&arch=x86_64&repo=extras&container=container -#baseurl=${REPO_URL}/extras/x86_64/ -gpgcheck=1 -gpgkey=file://${CONFIG_DIR}/RPM-GPG-KEY-CentOS-7 - -#additional packages that extend functionality of existing packages -[centosplus] -name=CentOS-7 - Plus -mirrorlist=http://mirrorlist.centos.org/?release=7&arch=x86_64&repo=centosplus&container=container -#baseurl=${REPO_URL}/centosplus/x86_64/ -gpgcheck=1 -enabled=0 -gpgkey=file://${CONFIG_DIR}/RPM-GPG-KEY-CentOS-7 -EOF -} - -# - Arguments -# rootfs_dir=$1 -# -# - Optional environment variables -# -# EXTRA_PKGS: Variable to add extra PKGS provided by the user -# -# BIN_AGENT: Name of the Kata-Agent binary -# -# REPO_URL: URL to distribution repository ( should be configured in -# config.sh file) -# -# Any other configuration variable for a specific distro must be added -# and documented on its own config.sh -# -# - Expected result -# -# rootfs_dir populated with rootfs pkgs -# It must provide a binary in /sbin/init -build_rootfs() { - # Mandatory - local ROOTFS_DIR=$1 - - #Name of the Kata-Agent binary - local BIN_AGENT=${BIN_AGENT} - - # In case of support EXTRA packages, use it to allow - # users add more packages to the base rootfs - local EXTRA_PKGS=${EXTRA_PKGS:-} - - #In case rootfs is created usign repositories allow user to modify - # the default URL - local REPO_URL=${REPO_URL:-http://mirror.centos.org/centos/7} - - #PATH where files this script is placed - #Use it to refer to files in the same directory - #Exmaple: ${CONFIG_DIR}/foo - local CONFIG_DIR=${CONFIG_DIR} - - - # Populate ROOTFS_DIR - # Must provide /sbin/init and /bin/${BIN_AGENT} - check_root - if [ ! -f "${DNF_CONF}" ]; then - DNF_CONF="./kata-centos-dnf.conf" - generate_dnf_config - fi - mkdir -p "${ROOTFS_DIR}" - if [ -n "${PKG_MANAGER}" ]; then - info "DNF path provided by user: ${PKG_MANAGER}" - elif check_program "dnf"; then - PKG_MANAGER="dnf" - elif check_program "yum" ; then - PKG_MANAGER="yum" - else - die "neither yum nor dnf is installed" - fi - - info "Using : ${PKG_MANAGER} to pull packages from ${REPO_URL}" - - DNF="${PKG_MANAGER} --config=$DNF_CONF -y --installroot=${ROOTFS_DIR} --noplugins" - $DNF install ${EXTRA_PKGS} ${PACKAGES} - $DNF clean all - - [ -n "${ROOTFS_DIR}" ] && rm -r "${ROOTFS_DIR}/var/cache/centos-osbuilder" -} diff --git a/rootfs-builder/clearlinux/config.sh b/rootfs-builder/clearlinux/config.sh index 5872a3648..ae6545918 100644 --- a/rootfs-builder/clearlinux/config.sh +++ b/rootfs-builder/clearlinux/config.sh @@ -1,9 +1,19 @@ # -# Copyright (c) 2017 Intel Corporation +# Copyright (c) 2018 Intel Corporation # # SPDX-License-Identifier: Apache-2.0 -#Use "latest" to always pull the last Clear Linux Release +OS_NAME="Clear" + OS_VERSION=${OS_VERSION:-latest} + +BASE_URL="https://download.clearlinux.org/current/${ARCH}/os/" + +REPO_NAME="clear" + PACKAGES="iptables-bin libudev0-shim" + +#Optional packages: +# systemd: An init system that will start kata-agent if kata-agent +# itself is not configured as init process. [ "$AGENT_INIT" == "no" ] && PACKAGES+=" systemd" || true diff --git a/rootfs-builder/clearlinux/rootfs_lib.sh b/rootfs-builder/clearlinux/rootfs_lib.sh deleted file mode 100755 index d656092d5..000000000 --- a/rootfs-builder/clearlinux/rootfs_lib.sh +++ /dev/null @@ -1,93 +0,0 @@ -#!/bin/bash -# -# Copyright (c) 2017 Intel Corporation -# -# SPDX-License-Identifier: Apache-2.0 - -set -e - -check_program(){ - type "$1" >/dev/null 2>&1 -} - -generate_dnf_config() -{ - echo "WARNING: using not signed packages" - cat > "${DNF_CONF}" << EOF -[main] -cachedir=/var/cache/dnf-clear -keepcache=0 -debuglevel=2 -logfile=/var/log/dnf.log -exactarch=1 -obsoletes=1 -gpgcheck=0 -plugins=0 -installonly_limit=3 -#Dont use the default dnf reposdir -#this will prevent to use host repositories -reposdir=/root/mash - -[clear] -name=Clear -failovermethod=priority -baseurl=${REPO_URL} -enabled=1 -#Clear Linux based packages security limitations -#Although the Clear Linux rootfs is constructed from rpm packages, Clear Linux -#itself is not an rpm-based Linux distribution (the software installed on a -#Clear Linux system is not managed using rpm). The rpm packages used to -#generate the rootfs are not signed, so there is no way to ensure that -#downloaded packages are trustworthy. -gpgcheck=0 -EOF -} - -build_rootfs() -{ - # Mandatory - local ROOTFS_DIR=$1 - - #In case rootfs is created usig repositories allow user to modify - # the default URL - local REPO_URL=${REPO_URL:-https://download.clearlinux.org/current/x86_64/os/} - # In case of support EXTRA packages, use it to allow - # users add more packages to the base rootfs - local EXTRA_PKGS=${EXTRA_PKGS:-} - - #PATH where files this script is placed - #Use it to refer to files in the same directory - #Exmaple: ${CONFIG_DIR}/foo - #local CONFIG_DIR=${CONFIG_DIR} - - check_root - if [ ! -f "${DNF_CONF}" ]; then - DNF_CONF="./clear-dnf.conf" - generate_dnf_config - fi - mkdir -p "${ROOTFS_DIR}" - if [ -n "${PKG_MANAGER}" ]; then - info "DNF path provided by user: ${PKG_MANAGER}" - elif check_program "dnf"; then - PKG_MANAGER="dnf" - elif check_program "yum" ; then - PKG_MANAGER="yum" - else - die "neither yum nor dnf is installed" - fi - - info "Using : ${PKG_MANAGER} to pull packages from ${REPO_URL}" - - DNF="${PKG_MANAGER} --config=$DNF_CONF -y --installroot=${ROOTFS_DIR} --noplugins" - $DNF install ${EXTRA_PKGS} ${PACKAGES} - - [ -n "${ROOTFS_DIR}" ] && rm -r "${ROOTFS_DIR}/var/cache/dnf-clear" -} - -check_root() -{ - if [ "$(id -u)" != "0" ]; then - echo "Root is needed" - exit 1 - fi -} diff --git a/rootfs-builder/euleros/config.sh b/rootfs-builder/euleros/config.sh index 7785bb313..4b7af6acd 100644 --- a/rootfs-builder/euleros/config.sh +++ b/rootfs-builder/euleros/config.sh @@ -1,15 +1,11 @@ -# This is a configuration file add extra variables to -# be used by build_rootfs() from rootfs_lib.sh the variables will be -# loaded just before call the function. +OS_NAME="EulerOS" -# Here there are a couple of variables you may need. -# Remove them or add more - -# EulerOS Version OS_VERSION=${OS_VERSION:-2.2} -#Mandatory Packages that must be installed -# iptables: Need by Kata agent +BASE_URL="http://developer.huawei.com/ict/site-euleros/euleros/repo/yum/${OS_VERSION}/os/${ARCH}/" + +GPG_KEY_FILE="RPM-GPG-KEY-EulerOS" + PACKAGES="iptables" #Optional packages: diff --git a/rootfs-builder/euleros/rootfs_lib.sh b/rootfs-builder/euleros/rootfs_lib.sh deleted file mode 100644 index 62297a58f..000000000 --- a/rootfs-builder/euleros/rootfs_lib.sh +++ /dev/null @@ -1,100 +0,0 @@ -#!/bin/bash -# -# Copyright (c) 2018 Huawei Technologies Co., Ltd -# -# SPDX-License-Identifier: Apache-2.0 - -check_program(){ - type "$1" >/dev/null 2>&1 -} - -check_root() -{ - if [ "$(id -u)" != "0" ]; then - echo "Root is needed" - exit 1 - fi -} - -generate_yum_config() -{ - cat > "${DNF_CONF}" << EOF -[main] -cachedir=/var/cache/euleros-osbuilder -keepcache=0 -debuglevel=2 -logfile=/var/log/yum-euleros.log -exactarch=1 - -[Base] -name=EulerOS-${OS_VERSION} Base -baseurl=http://developer.huawei.com/ict/site-euleros/euleros/repo/yum/${OS_VERSION}/os/x86_64/ -enabled=1 -gpgcheck=1 -gpgkey=file://${CONFIG_DIR}/RPM-GPG-KEY-EulerOS -EOF -} - -# - Arguments -# rootfs_dir=$1 -# -# - Optional environment variables -# -# EXTRA_PKGS: Variable to add extra PKGS provided by the user -# -# BIN_AGENT: Name of the Kata-Agent binary -# -# REPO_URL: URL to distribution repository ( should be configured in -# config.sh file) -# -# Any other configuration variable for a specific distro must be added -# and documented on its own config.sh -# -# - Expected result -# -# rootfs_dir populated with rootfs pkgs -# It must provide a binary in /sbin/init -build_rootfs() { - # Mandatory - local ROOTFS_DIR=$1 - - #Name of the Kata-Agent binary - local BIN_AGENT=${BIN_AGENT} - - # In case of support EXTRA packages, use it to allow - # users add more packages to the base rootfs - local EXTRA_PKGS=${EXTRA_PKGS:-} - - #In case rootfs is created usign repositories allow user to modify - # the default URL - local REPO_URL=${REPO_URL:-http://developer.huawei.com/ict/site-euleros/euleros/repo/yum/2.2} - - #PATH where files this script is placed - #Use it to refer to files in the same directory - #Exmaple: ${CONFIG_DIR}/foo - local CONFIG_DIR=${CONFIG_DIR} - - - # Populate ROOTFS_DIR - # Must provide /sbin/init and /bin/${BIN_AGENT} - check_root - if [ ! -f "{DNF_CONF}" ]; then - DNF_CONF="./kata-euleros-yum.repo" - generate_yum_config - fi - mkdir -p "${ROOTFS_DIR}" - if [ -n "${PKG_MANAGER}" ]; then - info "DNF path provided by user: ${PKG_MANAGER}" - elif check_program "yum" ; then - PKG_MANAGER="yum" - else - die "yum is not installed" - fi - - info "Using : ${PKG_MANAGER} to pull packages from ${REPO_URL}" - - DNF="${PKG_MANAGER} --config=$DNF_CONF -y --installroot=${ROOTFS_DIR} --noplugins" - $DNF install ${EXTRA_PKGS} ${PACKAGES} - - [ -n "${ROOTFS_DIR}" ] && rm -r "${ROOTFS_DIR}/var/cache/euleros-osbuilder" -} diff --git a/rootfs-builder/fedora/config.sh b/rootfs-builder/fedora/config.sh index 85bbf60a9..d14c0eb8c 100644 --- a/rootfs-builder/fedora/config.sh +++ b/rootfs-builder/fedora/config.sh @@ -1,9 +1,17 @@ # -# Copyright (c) 2017 Intel Corporation +# Copyright (c) 2018 Intel Corporation # # SPDX-License-Identifier: Apache-2.0 -#Fedora version to use +OS_NAME="Fedora" + OS_VERSION=${OS_VERSION:-27} + +MIRROR_LIST="https://mirrors.fedoraproject.org/metalink?repo=fedora-${OS_VERSION}&arch=\$basearch" + PACKAGES="iptables" + +#Optional packages: +# systemd: An init system that will start kata-agent if kata-agent +# itself is not configured as init process. [ "$AGENT_INIT" == "no" ] && PACKAGES+=" systemd" || true diff --git a/rootfs-builder/rootfs.sh b/rootfs-builder/rootfs.sh index 02bbf150c..292bb8925 100755 --- a/rootfs-builder/rootfs.sh +++ b/rootfs-builder/rootfs.sh @@ -1,6 +1,6 @@ #!/bin/bash # -# Copyright (c) 2017 Intel Corporation +# Copyright (c) 2018 Intel Corporation # # SPDX-License-Identifier: Apache-2.0 @@ -8,17 +8,22 @@ set -e script_name="${0##*/}" script_dir="$(dirname $(readlink -f $0))" -ROOTFS_DIR=${ROOTFS_DIR:-${PWD}/rootfs} AGENT_VERSION=${AGENT_VERSION:-master} GO_AGENT_PKG=${GO_AGENT_PKG:-github.com/kata-containers/agent} AGENT_BIN=${AGENT_BIN:-kata-agent} AGENT_INIT=${AGENT_INIT:-no} KERNEL_MODULES_DIR=${KERNEL_MODULES_DIR:-""} +# Default architecture +ARCH=${ARCH:-"x86_64"} + #Load default vesions for golang and other componets source "${script_dir}/versions.txt" -# Name of file that will implement build_rootfs +# config file +typeset -r CONFIG_SH="config.sh" + +# Name of the extra file that could implement build_rootfs typeset -r LIB_SH="rootfs_lib.sh" if [ -n "$DEBUG" ] ; then @@ -78,7 +83,7 @@ OK() get_distros() { cdirs=$(find "${script_dir}" -maxdepth 1 -type d) - find ${cdirs} -maxdepth 1 -name "${LIB_SH}" -printf '%H\n' | while read dir; do + find ${cdirs} -maxdepth 1 -name "${CONFIG_SH}" -printf '%H\n' | while read dir; do basename "${dir}" done } @@ -163,17 +168,32 @@ shift $(($OPTIND - 1)) [ -n "${KERNEL_MODULES_DIR}" ] && [ ! -d "${KERNEL_MODULES_DIR}" ] && die "KERNEL_MODULES_DIR defined but is not an existing directory" distro="$1" -init="${ROOTFS_DIR}/sbin/init" [ -n "${distro}" ] || usage 1 distro_config_dir="${script_dir}/${distro}" -[ -d "${distro_config_dir}" ] || die "Not found configuration directory ${distro_config_dir}" -rootfs_lib="${distro_config_dir}/${LIB_SH}" -source "${rootfs_lib}" -rootfs_config="${distro_config_dir}/config.sh" +# Source config.sh from distro +rootfs_config="${distro_config_dir}/${CONFIG_SH}" source "${rootfs_config}" +lib_file="${script_dir}/../scripts/lib.sh" +info "Source $lib_file" +[ -e "$lib_file" ] && source "$lib_file" || true + +[ -d "${distro_config_dir}" ] || die "Not found configuration directory ${distro_config_dir}" + +if [ -z "$ROOTFS_DIR" ]; then + ROOTFS_DIR="${script_dir}/rootfs-${OS_NAME}" +fi + +init="${ROOTFS_DIR}/sbin/init" + +if [ -e "${distro_config_dir}/${LIB_SH}" ];then + rootfs_lib="${distro_config_dir}/${LIB_SH}" + info "rootfs_lib.sh file found. Loading content" + source "${rootfs_lib}" +fi + CONFIG_DIR=${distro_config_dir} check_function_exist "build_rootfs" @@ -206,6 +226,7 @@ if [ -n "${USE_DOCKER}" ] ; then --env EXTRA_PKGS="${EXTRA_PKGS}" \ -v "${script_dir}":"/osbuilder" \ -v "${ROOTFS_DIR}":"/rootfs" \ + -v "${script_dir}/../scripts":"/scripts" \ -v "${kernel_mod_dir}":"${kernel_mod_dir}" \ -v "${GOPATH}":"${GOPATH}" \ ${image_name} \ @@ -235,5 +256,5 @@ OK "Agent installed" [ "${AGENT_INIT}" == "yes" ] && setup_agent_init "${ROOTFS_DIR}/usr/bin/${AGENT_BIN}" "${init}" info "Check init is installed" -[ -x "${init}" ] || [ -L ${init} ] || die "/sbin/init is not installed in ${ROOTFS_DIR}" +[ -x "${init}" ] || [ -L "${init}" ] || die "/sbin/init is not installed in ${ROOTFS_DIR}" OK "init is installed" diff --git a/rootfs-builder/template/config_template.sh b/rootfs-builder/template/config_template.sh index 48ce67663..cf3157f4e 100644 --- a/rootfs-builder/template/config_template.sh +++ b/rootfs-builder/template/config_template.sh @@ -1,15 +1,8 @@ # This is a configuration file add extra variables to # be used by build_rootfs() from rootfs_lib.sh the variables will be -# loaded just before call the function. +# loaded just before call the function. For more information see the +# rootfs-builder/README.md file. -# Here there are a couple of variables you may need. -# Remove them or add more - -#Use it rootfs is based in a system has different versions OS_VERSION=${OS_VERSION:-DEFAULT_VERSION} -#Mandatory Packages that must be installed -# systemd: An init system that will start kata-agent -# iptables: Need by Kata agent -# udevlib.so: Need by Kata agent PACKAGES="systemd iptables udevlib.so" diff --git a/rootfs-builder/template/rootfs_lib_template.sh b/rootfs-builder/template/rootfs_lib_template.sh index 133834bf9..49ad06407 100644 --- a/rootfs-builder/template/rootfs_lib_template.sh +++ b/rootfs-builder/template/rootfs_lib_template.sh @@ -17,6 +17,12 @@ # # rootfs_dir populated with rootfs pkgs # It must provide a binary in /sbin/init +# +# Note: For some distros, the build_rootfs() function provided in scripts/lib.sh +# will suffice. If a new distro is introduced with a special requirement, +# then, a rootfs_builder//rootfs_lib.sh file should be created +# using this template. + build_rootfs() { # Mandatory local ROOTFS_DIR=$1 diff --git a/rootfs-builder/fedora/rootfs_lib.sh b/scripts/lib.sh old mode 100755 new mode 100644 similarity index 61% rename from rootfs-builder/fedora/rootfs_lib.sh rename to scripts/lib.sh index b3098d47b..6e02c6f00 --- a/rootfs-builder/fedora/rootfs_lib.sh +++ b/scripts/lib.sh @@ -1,6 +1,6 @@ #!/bin/bash # -# Copyright (c) 2017 Intel Corporation +# Copyright (c) 2018 Intel Corporation # # SPDX-License-Identifier: Apache-2.0 @@ -10,37 +10,64 @@ check_program(){ type "$1" >/dev/null 2>&1 } +check_root() +{ + if [ "$(id -u)" != "0" ]; then + echo "Root is needed" + exit 1 + fi +} + generate_dnf_config() { + REPO_NAME=${REPO_NAME:-"base"} + CACHE_DIR=${CACHE_DIR:-"/var/cache/dnf-${OS_NAME}"} cat > "${DNF_CONF}" << EOF [main] -cachedir=/var/cache/dnf/kata/ +cachedir=${CACHE_DIR} +logfile=${LOG_FILE} keepcache=0 debuglevel=2 -logfile=/var/log/dnf.log exactarch=1 obsoletes=1 -gpgcheck=0 plugins=0 installonly_limit=3 -#Dont use the default dnf reposdir -#this will prevent to use host repositories reposdir=/root/mash retries=5 - -[kata] -name=Fedora ${OS_VERSION} - \$basearch -failovermethod=priority -metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-${OS_VERSION}&arch=\$basearch -enabled=1 -gpgcheck=0 EOF + if [ "$BASE_URL" != "" ]; then + cat >> "${DNF_CONF}" << EOF + +[base] +name=${OS_NAME}-${OS_VERSION} ${REPO_NAME} +failovermethod=priority +baseurl=${BASE_URL} +enabled=1 +EOF + elif [ "$MIRROR_LIST" != "" ]; then + cat >> "${DNF_CONF}" << EOF + +[base] +name=${OS_NAME}-${OS_VERSION} ${REPO_NAME} +mirrorlist=${MIRROR_LIST} +enabled=1 +EOF + fi + + if [ "$GPG_KEY_FILE" != "" ]; then + cat >> "${DNF_CONF}" << EOF +gpgcheck=1 +gpgkey=file://${CONFIG_DIR}/${GPG_KEY_FILE} + +EOF + fi + } build_rootfs() { # Mandatory - local ROOTFS_DIR=$1 + local ROOTFS_DIR="$1" # In case of support EXTRA packages, use it to allow # users add more packages to the base rootfs @@ -53,7 +80,7 @@ build_rootfs() check_root if [ ! -f "${DNF_CONF}" ]; then - DNF_CONF="./kata-fedora-dnf.conf" + DNF_CONF="./kata-${OS_NAME}-dnf.conf" generate_dnf_config fi mkdir -p "${ROOTFS_DIR}" @@ -70,14 +97,5 @@ build_rootfs() DNF="${PKG_MANAGER} --config=$DNF_CONF -y --installroot=${ROOTFS_DIR} --noplugins" $DNF install ${EXTRA_PKGS} ${PACKAGES} - [ -n "${ROOTFS_DIR}" ] && rm -r "${ROOTFS_DIR}/var/cache/dnf" -} - - -check_root() -{ - if [ "$(id -u)" != "0" ]; then - echo "Root is needed" - exit 1 - fi + [ -n "${ROOTFS_DIR}" ] && rm -r "${ROOTFS_DIR}${CACHE_DIR}" } From 6930c24d1499d411d78a781f8751e33664091d0a Mon Sep 17 00:00:00 2001 From: Nitesh Konkar Date: Wed, 4 Apr 2018 17:55:32 +0530 Subject: [PATCH 058/307] initrd-builder: fix initrd image name The initrd image name should be kata-containers-initrd.img, as its referenced by this name later on. Fixes #14 Signed-off-by: Nitesh Konkar --- initrd-builder/initrd_builder.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/initrd-builder/initrd_builder.sh b/initrd-builder/initrd_builder.sh index 3cb25a531..ab8383dfc 100755 --- a/initrd-builder/initrd_builder.sh +++ b/initrd-builder/initrd_builder.sh @@ -14,7 +14,7 @@ if [ -n "$DEBUG" ] ; then fi SCRIPT_NAME="${0##*/}" -INITRD_IMAGE="${INITRD_IMAGE:-kata-initrd.img}" +INITRD_IMAGE="${INITRD_IMAGE:-kata-containers-initrd.img}" AGENT_BIN=${AGENT_BIN:-kata-agent} AGENT_INIT=${AGENT_INIT:-no} From f3e89d38a9d69cc44833736f89a97f96adfed478 Mon Sep 17 00:00:00 2001 From: "James O. D. Hunt" Date: Thu, 19 Apr 2018 15:55:34 +0100 Subject: [PATCH 059/307] refactor: Simplify enabling debug Simplify the logic to enable debug and also enable debug as early as possible. Signed-off-by: James O. D. Hunt --- image-builder/image_builder.sh | 6 ++---- initrd-builder/initrd_builder.sh | 6 ++---- rootfs-builder/rootfs.sh | 6 ++---- 3 files changed, 6 insertions(+), 12 deletions(-) diff --git a/image-builder/image_builder.sh b/image-builder/image_builder.sh index c9561754a..99d0b27ee 100755 --- a/image-builder/image_builder.sh +++ b/image-builder/image_builder.sh @@ -6,13 +6,11 @@ set -e +[ -n "$DEBUG" ] && set -x + script_name="${0##*/}" script_dir="$(dirname $(readlink -f $0))" -if [ -n "$DEBUG" ] ; then - set -x -fi - SCRIPT_NAME="${0##*/}" IMAGE="${IMAGE:-kata-containers.img}" AGENT_BIN=${AGENT_BIN:-kata-agent} diff --git a/initrd-builder/initrd_builder.sh b/initrd-builder/initrd_builder.sh index ab8383dfc..eef7c7937 100755 --- a/initrd-builder/initrd_builder.sh +++ b/initrd-builder/initrd_builder.sh @@ -6,13 +6,11 @@ set -e +[ -n "$DEBUG" ] && set -x + script_name="${0##*/}" script_dir="$(dirname $(readlink -f $0))" -if [ -n "$DEBUG" ] ; then - set -x -fi - SCRIPT_NAME="${0##*/}" INITRD_IMAGE="${INITRD_IMAGE:-kata-containers-initrd.img}" AGENT_BIN=${AGENT_BIN:-kata-agent} diff --git a/rootfs-builder/rootfs.sh b/rootfs-builder/rootfs.sh index 292bb8925..031142abd 100755 --- a/rootfs-builder/rootfs.sh +++ b/rootfs-builder/rootfs.sh @@ -6,6 +6,8 @@ set -e +[ -n "$DEBUG" ] && set -x + script_name="${0##*/}" script_dir="$(dirname $(readlink -f $0))" AGENT_VERSION=${AGENT_VERSION:-master} @@ -26,10 +28,6 @@ typeset -r CONFIG_SH="config.sh" # Name of the extra file that could implement build_rootfs typeset -r LIB_SH="rootfs_lib.sh" -if [ -n "$DEBUG" ] ; then - set -x -fi - #$1: Error code if want to exit differnt to 0 usage(){ error="${1:-0}" From a18753b2fff32499803c01249d59b98112476c83 Mon Sep 17 00:00:00 2001 From: "James O. D. Hunt" Date: Thu, 19 Apr 2018 16:00:37 +0100 Subject: [PATCH 060/307] refactor: Remove duplicate variable Some of the scripts had two variables to refer to the program name. Signed-off-by: James O. D. Hunt --- image-builder/image_builder.sh | 3 +-- initrd-builder/initrd_builder.sh | 3 +-- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/image-builder/image_builder.sh b/image-builder/image_builder.sh index 99d0b27ee..61015a328 100755 --- a/image-builder/image_builder.sh +++ b/image-builder/image_builder.sh @@ -11,7 +11,6 @@ set -e script_name="${0##*/}" script_dir="$(dirname $(readlink -f $0))" -SCRIPT_NAME="${0##*/}" IMAGE="${IMAGE:-kata-containers.img}" AGENT_BIN=${AGENT_BIN:-kata-agent} AGENT_INIT=${AGENT_INIT:-no} @@ -45,7 +44,7 @@ usage() { error="${1:-0}" cat < +Usage: ${script_name} [options] This script will create a Kata Containers image file of an adequate size based on the directory. The size of the image can be also be specified manually diff --git a/initrd-builder/initrd_builder.sh b/initrd-builder/initrd_builder.sh index eef7c7937..23c808563 100755 --- a/initrd-builder/initrd_builder.sh +++ b/initrd-builder/initrd_builder.sh @@ -11,7 +11,6 @@ set -e script_name="${0##*/}" script_dir="$(dirname $(readlink -f $0))" -SCRIPT_NAME="${0##*/}" INITRD_IMAGE="${INITRD_IMAGE:-kata-containers-initrd.img}" AGENT_BIN=${AGENT_BIN:-kata-agent} AGENT_INIT=${AGENT_INIT:-no} @@ -39,7 +38,7 @@ usage() { error="${1:-0}" cat < +Usage: ${script_name} [options] This script creates a Kata Containers initrd image file based on the directory. From 019a80f30434ac7e12ba712c2cfaf62798586131 Mon Sep 17 00:00:00 2001 From: "James O. D. Hunt" Date: Thu, 19 Apr 2018 16:05:00 +0100 Subject: [PATCH 061/307] refactor: Move more functions to script library Moved the display functions to the script library to avoid duplication. Signed-off-by: James O. D. Hunt --- image-builder/image_builder.sh | 28 +++------------------------- initrd-builder/initrd_builder.sh | 22 +++------------------- rootfs-builder/rootfs.sh | 26 +++----------------------- scripts/lib.sh | 28 +++++++++++++++++++++++++++- 4 files changed, 36 insertions(+), 68 deletions(-) diff --git a/image-builder/image_builder.sh b/image-builder/image_builder.sh index 61015a328..c5d0ceb2f 100755 --- a/image-builder/image_builder.sh +++ b/image-builder/image_builder.sh @@ -11,35 +11,13 @@ set -e script_name="${0##*/}" script_dir="$(dirname $(readlink -f $0))" +lib_file="${script_dir}/../scripts/lib.sh" +source "$lib_file" + IMAGE="${IMAGE:-kata-containers.img}" AGENT_BIN=${AGENT_BIN:-kata-agent} AGENT_INIT=${AGENT_INIT:-no} -die() -{ - local msg="$*" - echo "ERROR: ${msg}" >&2 - exit 1 -} - -OK() -{ - local msg="$*" - echo "[OK] ${msg}" >&2 -} - -info() -{ - local msg="$*" - echo "INFO: ${msg}" -} - -warning() -{ - local msg="$*" - echo "WARNING: ${msg}" -} - usage() { error="${1:-0}" diff --git a/initrd-builder/initrd_builder.sh b/initrd-builder/initrd_builder.sh index 23c808563..3f42b812e 100755 --- a/initrd-builder/initrd_builder.sh +++ b/initrd-builder/initrd_builder.sh @@ -11,29 +11,13 @@ set -e script_name="${0##*/}" script_dir="$(dirname $(readlink -f $0))" +lib_file="${script_dir}/../scripts/lib.sh" +source "$lib_file" + INITRD_IMAGE="${INITRD_IMAGE:-kata-containers-initrd.img}" AGENT_BIN=${AGENT_BIN:-kata-agent} AGENT_INIT=${AGENT_INIT:-no} -die() -{ - local msg="$*" - echo "ERROR: ${msg}" >&2 - exit 1 -} - -OK() -{ - local msg="$*" - echo "[OK] ${msg}" >&2 -} - -info() -{ - local msg="$*" - echo "INFO: ${msg}" -} - usage() { error="${1:-0}" diff --git a/rootfs-builder/rootfs.sh b/rootfs-builder/rootfs.sh index 031142abd..badf1ebc5 100755 --- a/rootfs-builder/rootfs.sh +++ b/rootfs-builder/rootfs.sh @@ -16,6 +16,9 @@ AGENT_BIN=${AGENT_BIN:-kata-agent} AGENT_INIT=${AGENT_INIT:-no} KERNEL_MODULES_DIR=${KERNEL_MODULES_DIR:-""} +lib_file="${script_dir}/../scripts/lib.sh" +source "$lib_file" + # Default architecture ARCH=${ARCH:-"x86_64"} @@ -60,25 +63,6 @@ EOT exit "${error}" } -die() -{ - msg="$*" - echo "ERROR: ${msg}" >&2 - exit 1 -} - -info() -{ - msg="$*" - echo "INFO: ${msg}" >&2 -} - -OK() -{ - msg="$*" - echo "INFO: [OK] ${msg}" >&2 -} - get_distros() { cdirs=$(find "${script_dir}" -maxdepth 1 -type d) find ${cdirs} -maxdepth 1 -name "${CONFIG_SH}" -printf '%H\n' | while read dir; do @@ -174,10 +158,6 @@ distro_config_dir="${script_dir}/${distro}" rootfs_config="${distro_config_dir}/${CONFIG_SH}" source "${rootfs_config}" -lib_file="${script_dir}/../scripts/lib.sh" -info "Source $lib_file" -[ -e "$lib_file" ] && source "$lib_file" || true - [ -d "${distro_config_dir}" ] || die "Not found configuration directory ${distro_config_dir}" if [ -z "$ROOTFS_DIR" ]; then diff --git a/scripts/lib.sh b/scripts/lib.sh index 6e02c6f00..02aadfce4 100644 --- a/scripts/lib.sh +++ b/scripts/lib.sh @@ -6,7 +6,33 @@ set -e -check_program(){ +die() +{ + local msg="$*" + echo "ERROR: ${msg}" >&2 + exit 1 +} + +OK() +{ + local msg="$*" + echo "[OK] ${msg}" >&2 +} + +info() +{ + local msg="$*" + echo "INFO: ${msg}" +} + +warning() +{ + local msg="$*" + echo "WARNING: ${msg}" +} + +check_program() +{ type "$1" >/dev/null 2>&1 } From 48b1ddabed7bb9f7542eefd2a468dd37b91d9b58 Mon Sep 17 00:00:00 2001 From: "James O. D. Hunt" Date: Thu, 19 Apr 2018 16:19:42 +0100 Subject: [PATCH 062/307] rootfs: Fix comments Improve a few comments and fix a typo. Signed-off-by: James O. D. Hunt --- rootfs-builder/rootfs.sh | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/rootfs-builder/rootfs.sh b/rootfs-builder/rootfs.sh index badf1ebc5..7d5f7c6d2 100755 --- a/rootfs-builder/rootfs.sh +++ b/rootfs-builder/rootfs.sh @@ -22,16 +22,17 @@ source "$lib_file" # Default architecture ARCH=${ARCH:-"x86_64"} -#Load default vesions for golang and other componets +# Load default versions for golang and other componets source "${script_dir}/versions.txt" -# config file +# distro-specific config file typeset -r CONFIG_SH="config.sh" -# Name of the extra file that could implement build_rootfs +# Name of an optional distro-specific file which, if it exists, must implement the +# build_rootfs() function. typeset -r LIB_SH="rootfs_lib.sh" -#$1: Error code if want to exit differnt to 0 +#$1: Error code if want to exit different to 0 usage(){ error="${1:-0}" cat < Date: Thu, 19 Apr 2018 16:20:51 +0100 Subject: [PATCH 063/307] rootfs: Reformat functions For consistency with the rest of the code, put the opening brace on the line below the function name. Signed-off-by: James O. D. Hunt --- rootfs-builder/rootfs.sh | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/rootfs-builder/rootfs.sh b/rootfs-builder/rootfs.sh index 7d5f7c6d2..9a7ecff9d 100755 --- a/rootfs-builder/rootfs.sh +++ b/rootfs-builder/rootfs.sh @@ -33,7 +33,8 @@ typeset -r CONFIG_SH="config.sh" typeset -r LIB_SH="rootfs_lib.sh" #$1: Error code if want to exit different to 0 -usage(){ +usage() +{ error="${1:-0}" cat < Date: Thu, 19 Apr 2018 16:23:03 +0100 Subject: [PATCH 064/307] rootfs: Check function parameters Add some checks to ensure function parameters are set. This fixes a bug `copy_kernel_modules()` where a test would never fail due to missing dollars. Signed-off-by: James O. D. Hunt --- rootfs-builder/rootfs.sh | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/rootfs-builder/rootfs.sh b/rootfs-builder/rootfs.sh index 9a7ecff9d..d838009b7 100755 --- a/rootfs-builder/rootfs.sh +++ b/rootfs-builder/rootfs.sh @@ -119,6 +119,10 @@ setup_agent_init() { agent_bin="$1" init_bin="$2" + + [ -z "$agent_bin" ] && die "need agent binary path" + [ -z "$init_bin" ] && die "need init bin path" + info "Install $agent_bin as init process" mv -f "${agent_bin}" ${init_bin} OK "Agent is installed as init process" @@ -126,10 +130,11 @@ setup_agent_init() copy_kernel_modules() { - local module_dir=$1 - local rootfs_dir=$2 + local module_dir="$1" + local rootfs_dir="$2" - [ -z "module_dir" -o -z "rootfs_dir" ] && die "module dir and rootfs dir must be specified" + [ -z "$module_dir" ] && die "need module directory" + [ -z "$rootfs_dir" ] && die "need rootfs directory" info "Copy kernel modules from ${KERNEL_MODULES_DIR}" mkdir -p ${rootfs_dir}/lib/modules/ From b8f1a688340c7b1cfe5a1cb1bbe6a792dc97acf8 Mon Sep 17 00:00:00 2001 From: "James O. D. Hunt" Date: Thu, 19 Apr 2018 16:24:38 +0100 Subject: [PATCH 065/307] rootfs: Simplify code Use a variable in `copy_kernel_modules()` to avoid the duplicated string. Signed-off-by: James O. D. Hunt --- rootfs-builder/rootfs.sh | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/rootfs-builder/rootfs.sh b/rootfs-builder/rootfs.sh index d838009b7..517859d64 100755 --- a/rootfs-builder/rootfs.sh +++ b/rootfs-builder/rootfs.sh @@ -136,9 +136,11 @@ copy_kernel_modules() [ -z "$module_dir" ] && die "need module directory" [ -z "$rootfs_dir" ] && die "need rootfs directory" + local destdir="${rootfs_dir}/lib/modules" + info "Copy kernel modules from ${KERNEL_MODULES_DIR}" - mkdir -p ${rootfs_dir}/lib/modules/ - cp -a ${KERNEL_MODULES_DIR} ${rootfs_dir}/lib/modules/ + mkdir -p "${destdir}" + cp -a "${KERNEL_MODULES_DIR}" "${dest_dir}/" OK "Kernel modules copied" } From a2a65621a19e30f1967fc9befebf5b97a788c9c5 Mon Sep 17 00:00:00 2001 From: "James O. D. Hunt" Date: Thu, 19 Apr 2018 16:26:43 +0100 Subject: [PATCH 066/307] rootfs: Simplify code Use more variables to avoid duplication and make the code cleaner. Signed-off-by: James O. D. Hunt --- rootfs-builder/rootfs.sh | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/rootfs-builder/rootfs.sh b/rootfs-builder/rootfs.sh index 517859d64..f457427c5 100755 --- a/rootfs-builder/rootfs.sh +++ b/rootfs-builder/rootfs.sh @@ -240,10 +240,13 @@ make clean make INIT=${AGENT_INIT} make install DESTDIR="${ROOTFS_DIR}" INIT=${AGENT_INIT} popd -[ -x "${ROOTFS_DIR}/usr/bin/${AGENT_BIN}" ] || die "/usr/bin/${AGENT_BIN} is not installed in ${ROOTFS_DIR}" + +AGENT_DIR="${ROOTFS_DIR}/usr/bin" +AGENT_DEST="${AGENT_DIR}/${AGENT_BIN}" +[ -x "${AGENT_DEST}" ] || die "${AGENT_DEST} is not installed in ${ROOTFS_DIR}" OK "Agent installed" -[ "${AGENT_INIT}" == "yes" ] && setup_agent_init "${ROOTFS_DIR}/usr/bin/${AGENT_BIN}" "${init}" +[ "${AGENT_INIT}" == "yes" ] && setup_agent_init "${AGENT_DEST}" "${init}" info "Check init is installed" [ -x "${init}" ] || [ -L "${init}" ] || die "/sbin/init is not installed in ${ROOTFS_DIR}" From 5b6ced536b948d345114c23afd74777ade7bf49e Mon Sep 17 00:00:00 2001 From: "James O. D. Hunt" Date: Thu, 19 Apr 2018 16:30:11 +0100 Subject: [PATCH 067/307] rootfs/clearlinux: Resolve version If the Clear Linux `OS_VERSION` is specified as `latest`, resolve to an actual release number. Signed-off-by: James O. D. Hunt --- rootfs-builder/clearlinux/config.sh | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/rootfs-builder/clearlinux/config.sh b/rootfs-builder/clearlinux/config.sh index ae6545918..e9c3a9fe5 100644 --- a/rootfs-builder/clearlinux/config.sh +++ b/rootfs-builder/clearlinux/config.sh @@ -4,12 +4,16 @@ # SPDX-License-Identifier: Apache-2.0 OS_NAME="Clear" +REPO_NAME="clear" OS_VERSION=${OS_VERSION:-latest} -BASE_URL="https://download.clearlinux.org/current/${ARCH}/os/" +clr_url="https://download.clearlinux.org" -REPO_NAME="clear" +# resolve version +[ "${OS_VERSION}" = "latest" ] && OS_VERSION=$(curl -sL "${clr_url}/latest") + +BASE_URL="${clr_url}/releases/${OS_VERSION}/${REPO_NAME}/${ARCH}/os/" PACKAGES="iptables-bin libudev0-shim" From f17b5c29f3cfe5b665b3d91cfd0c185d94d21fb0 Mon Sep 17 00:00:00 2001 From: "James O. D. Hunt" Date: Thu, 19 Apr 2018 16:33:44 +0100 Subject: [PATCH 068/307] scripts/lib: Fix whitespace Make whitespace consistent. Signed-off-by: James O. D. Hunt --- scripts/lib.sh | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/scripts/lib.sh b/scripts/lib.sh index 02aadfce4..7405cb68c 100644 --- a/scripts/lib.sh +++ b/scripts/lib.sh @@ -62,7 +62,7 @@ reposdir=/root/mash retries=5 EOF if [ "$BASE_URL" != "" ]; then - cat >> "${DNF_CONF}" << EOF + cat >> "${DNF_CONF}" << EOF [base] name=${OS_NAME}-${OS_VERSION} ${REPO_NAME} @@ -71,7 +71,7 @@ baseurl=${BASE_URL} enabled=1 EOF elif [ "$MIRROR_LIST" != "" ]; then - cat >> "${DNF_CONF}" << EOF + cat >> "${DNF_CONF}" << EOF [base] name=${OS_NAME}-${OS_VERSION} ${REPO_NAME} @@ -81,13 +81,12 @@ EOF fi if [ "$GPG_KEY_FILE" != "" ]; then - cat >> "${DNF_CONF}" << EOF + cat >> "${DNF_CONF}" << EOF gpgcheck=1 gpgkey=file://${CONFIG_DIR}/${GPG_KEY_FILE} EOF fi - } build_rootfs() From ddb71e8ef5d7dd990b749f8c631961ba2a0b6e19 Mon Sep 17 00:00:00 2001 From: "James O. D. Hunt" Date: Fri, 20 Apr 2018 11:14:21 +0100 Subject: [PATCH 069/307] initrd: Remove mention of USE_DOCKER Removed `USE_DOCKER` from the initrd builder usage statement as that builder does not use Docker. Signed-off-by: James O. D. Hunt --- initrd-builder/initrd_builder.sh | 3 --- 1 file changed, 3 deletions(-) diff --git a/initrd-builder/initrd_builder.sh b/initrd-builder/initrd_builder.sh index 3f42b812e..56e3dacfe 100755 --- a/initrd-builder/initrd_builder.sh +++ b/initrd-builder/initrd_builder.sh @@ -36,9 +36,6 @@ Extra environment variables: DEFAULT: kata-agent AGENT_INIT: use kata agent as init process DEFAULT: no - USE_DOCKER: If set, the image builds in a Docker Container. Setting - this variable requires Docker. - DEFAULT: not set EOT exit "${error}" } From b14d117a8923c3207738355d76fc71761201ff29 Mon Sep 17 00:00:00 2001 From: "James O. D. Hunt" Date: Fri, 20 Apr 2018 11:15:45 +0100 Subject: [PATCH 070/307] image-builder: Fix incorrect error message Fixed an error message which was referring to an incorrect rootfs variable name. Signed-off-by: James O. D. Hunt --- image-builder/image_builder.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/image-builder/image_builder.sh b/image-builder/image_builder.sh index c5d0ceb2f..d484d40cc 100755 --- a/image-builder/image_builder.sh +++ b/image-builder/image_builder.sh @@ -113,7 +113,7 @@ if [ -n "${USE_DOCKER}" ] ; then fi # The kata rootfs image expect init and kata-agent to be installed init="${ROOTFS}/sbin/init" -[ -x "${init}" ] || [ -L ${init} ] || die "/sbin/init is not installed in ${ROOTFS_DIR}" +[ -x "${init}" ] || [ -L ${init} ] || die "/sbin/init is not installed in ${ROOTFS}" OK "init is installed" [ "${AGENT_INIT}" == "yes" ] || [ -x "${ROOTFS}/usr/bin/${AGENT_BIN}" ] || \ die "/usr/bin/${AGENT_BIN} is not installed in ${ROOTFS} From 93b632c3289377f448fe050571673e932aaef952 Mon Sep 17 00:00:00 2001 From: "James O. D. Hunt" Date: Thu, 19 Apr 2018 16:36:53 +0100 Subject: [PATCH 071/307] lib: Check rootfs parameter Add a check on the rootfs parameter in `build_rootfs()`. Signed-off-by: James O. D. Hunt --- scripts/lib.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/scripts/lib.sh b/scripts/lib.sh index 7405cb68c..ffc007e81 100644 --- a/scripts/lib.sh +++ b/scripts/lib.sh @@ -94,6 +94,8 @@ build_rootfs() # Mandatory local ROOTFS_DIR="$1" + [ -z "$ROOTFS_DIR" ] && die "need rootfs" + # In case of support EXTRA packages, use it to allow # users add more packages to the base rootfs local EXTRA_PKGS=${EXTRA_PKGS:-""} From f90f65247eb1599b036040d8979d0e13727d2bbc Mon Sep 17 00:00:00 2001 From: "James O. D. Hunt" Date: Thu, 19 Apr 2018 16:40:44 +0100 Subject: [PATCH 072/307] rootfs: Create a summary file inside the image Create a YAML metadata file inside the rootfs image containing information about the environment: ``` /var/lib/osbuilder/osbuilder.yaml ``` Example contents: ``` --- osbuilder: url: "https://github.com/kata-containers/osbuilder" version: "unknown" rootfs-creation-time: "2018-04-19T16:19:30.254610305+0000Z" description: "osbuilder rootfs" file-format-version: "0.0.1" architecture: "x86_64" base-distro: name: "Centos" version: "7" packages: - "iptables" - "systemd" agent: url: "https://github.com/kata-containers/agent" name: "kata-agent" version: "0.0.1-2ec0b9593845b9a5e0eab5a85b20d74c35a2ca52-dirty" agent-is-init-daemon: "no" ``` This change adds a new `-o` option to `rootfs.sh` for specifying the version of osbuilder to the rootfs builder. Fixes #35. Signed-off-by: James O. D. Hunt --- .ci/setup.sh | 5 +-- Makefile | 8 ++++- VERSION | 2 ++ image-builder/image_builder.sh | 1 + rootfs-builder/rootfs.sh | 12 ++++++- scripts/lib.sh | 62 ++++++++++++++++++++++++++++++++++ tests/image_creation.bats | 5 +++ 7 files changed, 91 insertions(+), 4 deletions(-) create mode 100644 VERSION diff --git a/.ci/setup.sh b/.ci/setup.sh index 1bab32bf7..c5f966886 100755 --- a/.ci/setup.sh +++ b/.ci/setup.sh @@ -14,12 +14,13 @@ bash "${cidir}/static-checks.sh" source /etc/os-release if [ "$ID" == fedora ];then - sudo -E dnf -y install automake bats + sudo -E dnf -y install automake bats yamllint elif [ "$ID" == ubuntu ];then #bats isn't available for Ubuntu trusty, need for travis sudo add-apt-repository -y ppa:duggan/bats sudo apt-get -qq update - sudo apt-get install -y -qq automake bats qemu-utils + sudo apt-get install -y -qq automake bats qemu-utils python-pip + sudo pip install yamllint else echo "Linux distribution not supported" fi diff --git a/Makefile b/Makefile index ccc2ea53e..4053ebe97 100644 --- a/Makefile +++ b/Makefile @@ -10,10 +10,16 @@ DISTRO_ROOTFS := "$(PWD)/$(DISTRO)_rootfs" IMG_SIZE=500 AGENT_INIT ?= no +VERSION_FILE := ./VERSION +VERSION := $(shell grep -v ^\# $(VERSION_FILE)) +COMMIT_NO := $(shell git rev-parse HEAD 2> /dev/null || true) +COMMIT := $(if $(shell git status --porcelain --untracked-files=no),${COMMIT_NO}-dirty,${COMMIT_NO}) +VERSION_COMMIT := $(if $(COMMIT),$(VERSION)-$(COMMIT),$(VERSION)) + all: rootfs image initrd rootfs: @echo Creating rootfs based on "$(DISTRO)" - "$(MK_DIR)/rootfs-builder/rootfs.sh" -r "$(DISTRO_ROOTFS)" "$(DISTRO)" + "$(MK_DIR)/rootfs-builder/rootfs.sh" -o $(VERSION_COMMIT) -r "$(DISTRO_ROOTFS)" "$(DISTRO)" image: rootfs image-only diff --git a/VERSION b/VERSION new file mode 100644 index 000000000..5bae440cc --- /dev/null +++ b/VERSION @@ -0,0 +1,2 @@ +# This is the version of osbuilder. +0.0.1 diff --git a/image-builder/image_builder.sh b/image-builder/image_builder.sh index d484d40cc..c843d35eb 100755 --- a/image-builder/image_builder.sh +++ b/image-builder/image_builder.sh @@ -104,6 +104,7 @@ if [ -n "${USE_DOCKER}" ] ; then --env AGENT_INIT=${AGENT_INIT} \ -v /dev:/dev \ -v "${script_dir}":"/osbuilder" \ + -v "${script_dir}/../scripts":"/scripts" \ -v "${ROOTFS}":"/rootfs" \ -v "${IMAGE_DIR}":"/image" \ ${image_name} \ diff --git a/rootfs-builder/rootfs.sh b/rootfs-builder/rootfs.sh index f457427c5..f29d220db 100755 --- a/rootfs-builder/rootfs.sh +++ b/rootfs-builder/rootfs.sh @@ -49,6 +49,7 @@ $(get_distros) Options: -a : agent version DEFAULT: ${AGENT_VERSION} ENV: AGENT_VERSION -h : Show this help message +-o : specify version of osbuilder -r : rootfs directory DEFAULT: ${ROOTFS_DIR} ENV: ROOTFS_DIR ENV VARIABLES: @@ -144,11 +145,14 @@ copy_kernel_modules() OK "Kernel modules copied" } -while getopts c:hr: opt +OSBUILDER_VERSION="unknown" + +while getopts c:ho:r: opt do case $opt in a) AGENT_VERSION="${OPTARG}" ;; h) usage ;; + o) OSBUILDER_VERSION="${OPTARG}" ;; r) ROOTFS_DIR="${OPTARG}" ;; esac done @@ -161,6 +165,8 @@ shift $(($OPTIND - 1)) [ -n "${KERNEL_MODULES_DIR}" ] && [ ! -d "${KERNEL_MODULES_DIR}" ] && die "KERNEL_MODULES_DIR defined but is not an existing directory" +[ -z "${OSBUILDER_VERSION}" ] && die "need osbuilder version" + distro="$1" [ -n "${distro}" ] || usage 1 @@ -214,6 +220,7 @@ if [ -n "${USE_DOCKER}" ] ; then --env GOPATH="${GOPATH}" \ --env KERNEL_MODULES_DIR="${KERNEL_MODULES_DIR}" \ --env EXTRA_PKGS="${EXTRA_PKGS}" \ + --env OSBUILDER_VERSION="${OSBUILDER_VERSION}" \ -v "${script_dir}":"/osbuilder" \ -v "${ROOTFS_DIR}":"/rootfs" \ -v "${script_dir}/../scripts":"/scripts" \ @@ -251,3 +258,6 @@ OK "Agent installed" info "Check init is installed" [ -x "${init}" ] || [ -L "${init}" ] || die "/sbin/init is not installed in ${ROOTFS_DIR}" OK "init is installed" + +info "Creating summary file" +create_summary_file "${ROOTFS_DIR}" diff --git a/scripts/lib.sh b/scripts/lib.sh index ffc007e81..f32300205 100644 --- a/scripts/lib.sh +++ b/scripts/lib.sh @@ -126,3 +126,65 @@ build_rootfs() [ -n "${ROOTFS_DIR}" ] && rm -r "${ROOTFS_DIR}${CACHE_DIR}" } + +# Create a YAML metadata file inside the rootfs. +# +# This provides useful information about the rootfs than can be interrogated +# once the rootfs has been converted into a image/initrd. +create_summary_file() +{ + local -r rootfs_dir="$1" + + [ -z "$rootfs_dir" ] && die "need rootfs" + + local -r file_dir="/var/lib/osbuilder" + local -r dir="${rootfs_dir}${file_dir}" + + local -r filename="osbuilder.yaml" + local file="${dir}/${filename}" + + local -r now=$(date '+%Y-%m-%dT%T.%N%zZ') + + # sanitise package list + PACKAGES=$(echo "$PACKAGES"|tr ' ' '\n'|sort -u|tr '\n' ' ') + + local -r packages=$(for pkg in ${PACKAGES}; do echo " - \"${pkg}\""; done) + + mkdir -p "$dir" + + # Semantic version of the summary file format. + # + # XXX: Increment every time the format of the summary file changes! + local -r format_version="0.0.1" + + local -r osbuilder_url="https://github.com/kata-containers/osbuilder" + + local agent="${AGENT_DEST}" + [ "$AGENT_INIT" = yes ] && agent="${init}" + + local -r agent_version=$("$agent" --version|awk '{print $NF}') + + cat >"$file"<<-EOT + --- + osbuilder: + url: "${osbuilder_url}" + version: "${OSBUILDER_VERSION}" + rootfs-creation-time: "${now}" + description: "osbuilder rootfs" + file-format-version: "${format_version}" + architecture: "${ARCH}" + base-distro: + name: "${OS_NAME}" + version: "${OS_VERSION}" + packages: +${packages} + agent: + url: "https://${GO_AGENT_PKG}" + name: "${AGENT_BIN}" + version: "${agent_version}" + agent-is-init-daemon: "${AGENT_INIT}" +EOT + + local rootfs_file="${file_dir}/$(basename "${file}")" + info "Created summary file '${rootfs_file}' inside rootfs" +} diff --git a/tests/image_creation.bats b/tests/image_creation.bats index 5ff97b8b5..724f098b9 100644 --- a/tests/image_creation.bats +++ b/tests/image_creation.bats @@ -27,7 +27,12 @@ teardown(){ function build_rootfs() { + local file="/var/lib/osbuilder/osbuilder.yaml" + local full="${tmp_rootfs}${file}" + sudo -E ${rootfs_sh} -r "${tmp_rootfs}" "${distro}" + + yamllint "${full}" } function build_image() From 3e0e112e2bcf43ab3c92e351b90bd5e6f1a0c8ec Mon Sep 17 00:00:00 2001 From: "James O. D. Hunt" Date: Fri, 20 Apr 2018 14:42:51 +0100 Subject: [PATCH 073/307] docs: Move TOC to top Move the table of contents to the top of the page. Signed-off-by: James O. D. Hunt --- README.md | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index fcf815af6..158a41a59 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,11 @@ -# osbuilder [![Build Status](https://travis-ci.org/kata-containers/osbuilder.svg?branch=master)](https://travis-ci.org/kata-containers/osbuilder) +[![Build Status](https://travis-ci.org/kata-containers/osbuilder.svg?branch=master)](https://travis-ci.org/kata-containers/osbuilder) + +# osbuilder + +* [Introduction](#introduction) +* [Terms](#terms) + +## Introduction The Kata Containers runtime creates a virtual machine (VM) to isolate a set of container workloads. The VM requires a guest kernel and a guest operating system @@ -7,9 +14,6 @@ environment. This repository contains tools to create a guest OS disk image. -## Table of Contents -* [Terms](#terms) - ## Terms This section describes the terms used for all documentation in this repository. From 3c19ea413e488b2758a6017393d5c485f4a932ba Mon Sep 17 00:00:00 2001 From: "James O. D. Hunt" Date: Fri, 20 Apr 2018 15:02:15 +0100 Subject: [PATCH 074/307] docs: Add a Usage section Add a new Usage section with basic examples of how to run the builders from the `Makefile`. Fixes #84. Signed-off-by: James O. D. Hunt --- README.md | 80 ++++++++++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 71 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index 158a41a59..fb17e8496 100644 --- a/README.md +++ b/README.md @@ -4,6 +4,14 @@ * [Introduction](#introduction) * [Terms](#terms) +* [Usage](#usage) + * [Rootfs creation](#rootfs-creation) + * [Rootfs with systemd as init](#rootfs-with-systemd-as-init) + * [Rootfs with the agent as init](#rootfs-with-the-agent-as-init) + * [Image creation](#image-creation) + * [Image with systemd as init](#image-with-systemd-as-init) + * [Image with the agent as init](#image-with-the-agent-as-init) + * [Initrd creation](#initrd-creation) ## Introduction @@ -20,10 +28,9 @@ This section describes the terms used for all documentation in this repository. - rootfs - The root filesystem or "rootfs" is the set of files contained in the - guest root directory that builds into a filesystem. + The root filesystem or "rootfs" is a slight misnomer as it is not a true filesystem. It is a tree of files contained in a particular directory, which represents the root disk layout. A rootfs can be turned into either an image or an initrd. - See [the rootfs builder documentation](rootfs-builder/README.md). + See the [rootfs creation](#rootfs-creation) section. - "Guest OS" (or "Guest Image") @@ -32,16 +39,71 @@ This section describes the terms used for all documentation in this repository. create an environment to host the container. Neither the guest OS nor the guest kernel need to be the same as the host operating system. - See [the image builder documentation](image-builder/README.md). + See the [image creation](#image-creation) section. - initrd (or "initramfs") - A compressed cpio archive loaded into memory and used as part of the Linux - startup process. During startup, the kernel unpacks it into a special - instance of a tmpfs that becomes the initial root file system. + A compressed `cpio(1)` archive, created from a rootfs which is loaded into memory and used as part of the Linux startup process. During startup, the kernel unpacks it into a special instance of a `tmpfs` that becomes the initial root filesystem. - See [the initrd builder documentation](initrd-builder/README.md). + See the [initrd creation](#initrd-creation) section. - "Base OS" - A particular version of a Linux distribution used to create a Guest OS from. + A particular version of a Linux distribution used to create a rootfs from. + +## Usage + +The top-level `Makefile` contains an example of how to use the available components. + +By default, components will run on the host system. However, some components +offer the ability to run from within Docker (for ease of setup) by setting the +`USE_DOCKER=true` variable. + +For more detailed information, consult the documentation for a particular component. + +### Rootfs creation + +This section shows how to build a basic rootfs using the default distribution. +For further details, see +[the rootfs builder documentation](rootfs-builder/README.md). + +#### Rootfs with systemd as init + +``` +$ sudo -E PATH=$PATH make USE_DOCKER=true rootfs +``` + +#### Rootfs with the agent as init + +``` +$ sudo -E PATH=$PATH make USE_DOCKER=true AGENT_INIT=yes rootfs +``` + +### Image creation + +This section shows how to create an image from the already-created rootfs. For +further details, see +[the image builder documentation](image-builder/README.md). + +#### Image with systemd as init + +``` +$ sudo -E PATH=$PATH make USE_DOCKER=true image-only +``` + +#### Image with the agent as init + +``` +$ sudo -E PATH=$PATH make USE_DOCKER=true AGENT_INIT=yes image-only +``` + +### Initrd creation + +To create an initrd from the already-created rootfs with the agent acting as the init daemon: + +``` +$ sudo -E PATH=$PATH make AGENT_INIT=yes initrd-only +``` + +For further details, +see[the initrd builder documentation](initrd-builder/README.md). From 32aee006736911d85061acaff389a8ce8e0e5969 Mon Sep 17 00:00:00 2001 From: Stefan Hajnoczi Date: Thu, 26 Apr 2018 09:00:32 +0100 Subject: [PATCH 075/307] image-builder: fix "paratition" typo Fixes: #89 Signed-off-by: Stefan Hajnoczi --- image-builder/image_builder.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/image-builder/image_builder.sh b/image-builder/image_builder.sh index c843d35eb..172d97663 100755 --- a/image-builder/image_builder.sh +++ b/image-builder/image_builder.sh @@ -194,9 +194,9 @@ create_rootfs_disk() mkfs.ext4 -q -F -b "${BLOCK_SIZE}" "${DEVICE}p1" OK "Image formated" - info "Mounting root paratition" + info "Mounting root partition" mount "${DEVICE}p1" "${MOUNT_DIR}" - OK "root paratition mounted" + OK "root partition mounted" RESERVED_BLOCKS_PERCENTAGE=3 info "Set filesystem reserved blocks percentage to ${RESERVED_BLOCKS_PERCENTAGE}%" tune2fs -m "${RESERVED_BLOCKS_PERCENTAGE}" "${DEVICE}p1" From c3ac7180f8e7d216d8b64ef3e2403964ee672c49 Mon Sep 17 00:00:00 2001 From: Penny Zheng Date: Tue, 24 Apr 2018 06:59:29 +0000 Subject: [PATCH 076/307] rootfs: Add support for multiple GOPATH directories Current rootfs.sh fails when GOPATH is a set of directories.We simply choose the first one as the working directory, as go get only works against the first item in the GOPATH. Fixes: #87 Signed-off-by: Penny Zheng --- rootfs-builder/rootfs.sh | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/rootfs-builder/rootfs.sh b/rootfs-builder/rootfs.sh index f29d220db..573499ee5 100755 --- a/rootfs-builder/rootfs.sh +++ b/rootfs-builder/rootfs.sh @@ -159,7 +159,10 @@ done shift $(($OPTIND - 1)) +# Fetch the first element from GOPATH as working directory +# as go get only works against the first item in the GOPATH [ -z "$GOPATH" ] && die "GOPATH not set" +GOPATH_LOCAL="${GOPATH%%:*}" [ "$AGENT_INIT" == "yes" -o "$AGENT_INIT" == "no" ] || die "AGENT_INIT($AGENT_INIT) is invalid (must be yes or no)" @@ -217,7 +220,7 @@ if [ -n "${USE_DOCKER}" ] ; then --env GO_AGENT_PKG="${GO_AGENT_PKG}" \ --env AGENT_BIN="${AGENT_BIN}" \ --env AGENT_INIT="${AGENT_INIT}" \ - --env GOPATH="${GOPATH}" \ + --env GOPATH="${GOPATH_LOCAL}" \ --env KERNEL_MODULES_DIR="${KERNEL_MODULES_DIR}" \ --env EXTRA_PKGS="${EXTRA_PKGS}" \ --env OSBUILDER_VERSION="${OSBUILDER_VERSION}" \ @@ -225,7 +228,7 @@ if [ -n "${USE_DOCKER}" ] ; then -v "${ROOTFS_DIR}":"/rootfs" \ -v "${script_dir}/../scripts":"/scripts" \ -v "${kernel_mod_dir}":"${kernel_mod_dir}" \ - -v "${GOPATH}":"${GOPATH}" \ + -v "${GOPATH_LOCAL}":"${GOPATH_LOCAL}" \ ${image_name} \ bash /osbuilder/rootfs.sh "${distro}" @@ -242,7 +245,7 @@ go get -d "${GO_AGENT_PKG}" || true OK "Pull Agent source code" info "Build agent" -pushd "${GOPATH}/src/${GO_AGENT_PKG}" +pushd "${GOPATH_LOCAL}/src/${GO_AGENT_PKG}" make clean make INIT=${AGENT_INIT} make install DESTDIR="${ROOTFS_DIR}" INIT=${AGENT_INIT} From 3151f35c860c634414b635f7187a8c056c23e68b Mon Sep 17 00:00:00 2001 From: "James O. D. Hunt" Date: Mon, 14 May 2018 14:04:29 +0100 Subject: [PATCH 077/307] rootfs: Add extra packages to summary file Added the extra packages the user requested to the summary file as previously only the default packages were listed. Fixes #92. Signed-off-by: James O. D. Hunt --- scripts/lib.sh | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/scripts/lib.sh b/scripts/lib.sh index f32300205..02e8dd5e6 100644 --- a/scripts/lib.sh +++ b/scripts/lib.sh @@ -145,17 +145,19 @@ create_summary_file() local -r now=$(date '+%Y-%m-%dT%T.%N%zZ') - # sanitise package list + # sanitise package lists PACKAGES=$(echo "$PACKAGES"|tr ' ' '\n'|sort -u|tr '\n' ' ') + EXTRA_PKGS=$(echo "$EXTRA_PKGS"|tr ' ' '\n'|sort -u|tr '\n' ' ') - local -r packages=$(for pkg in ${PACKAGES}; do echo " - \"${pkg}\""; done) + local -r packages=$(for pkg in ${PACKAGES}; do echo " - \"${pkg}\""; done) + local -r extra=$(for pkg in ${EXTRA_PKGS}; do echo " - \"${pkg}\""; done) mkdir -p "$dir" # Semantic version of the summary file format. # # XXX: Increment every time the format of the summary file changes! - local -r format_version="0.0.1" + local -r format_version="0.0.2" local -r osbuilder_url="https://github.com/kata-containers/osbuilder" @@ -177,7 +179,10 @@ create_summary_file() name: "${OS_NAME}" version: "${OS_VERSION}" packages: + default: ${packages} + extra: +${extra} agent: url: "https://${GO_AGENT_PKG}" name: "${AGENT_BIN}" From f7f267213cc631536023a49c0f3345be795a0e44 Mon Sep 17 00:00:00 2001 From: Penny Zheng Date: Wed, 2 May 2018 03:10:39 +0000 Subject: [PATCH 078/307] rootfs: Add "${AGENT_VERSION}"/"-a" functionality For now, the flag "-a" or relevant shell variant "${AGENT_VERSION}" hasn't been used, only defined. Using 'git checkout' command to go into requested branch. Fixes: #90 Signed-off-by: Penny Zheng --- rootfs-builder/rootfs.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/rootfs-builder/rootfs.sh b/rootfs-builder/rootfs.sh index 573499ee5..c9f219dc4 100755 --- a/rootfs-builder/rootfs.sh +++ b/rootfs-builder/rootfs.sh @@ -246,6 +246,7 @@ OK "Pull Agent source code" info "Build agent" pushd "${GOPATH_LOCAL}/src/${GO_AGENT_PKG}" +[ -n "${AGENT_VERSION}" ] && git checkout "${AGENT_VERSION}" && OK "git checkout successful" || true make clean make INIT=${AGENT_INIT} make install DESTDIR="${ROOTFS_DIR}" INIT=${AGENT_INIT} From 7732e0407aa2c1d0c73441bf085c1c029e81a749 Mon Sep 17 00:00:00 2001 From: Penny Zheng Date: Wed, 2 May 2018 03:12:36 +0000 Subject: [PATCH 079/307] rootfs: Fix incorrect getopts call The `getopts` call in the rootfs builder was incorrect meaning the `-a $agent_version` option would never have worked. Signed-off-by: Penny Zheng --- rootfs-builder/rootfs.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rootfs-builder/rootfs.sh b/rootfs-builder/rootfs.sh index c9f219dc4..95aa748b7 100755 --- a/rootfs-builder/rootfs.sh +++ b/rootfs-builder/rootfs.sh @@ -147,7 +147,7 @@ copy_kernel_modules() OSBUILDER_VERSION="unknown" -while getopts c:ho:r: opt +while getopts a:ho:r: opt do case $opt in a) AGENT_VERSION="${OPTARG}" ;; From fd8d9bdc2cd047c20fe6a38c4f412d3b09a725eb Mon Sep 17 00:00:00 2001 From: Stefan Hajnoczi Date: Wed, 16 May 2018 17:35:27 +0100 Subject: [PATCH 080/307] rootfs: copy kernel modules to correct location Commit b8f1a688340c7b1cfe5a1cb1bbe6a792dc97acf8 ("rootfs: Simplify code") introduced a variable called destdir but accidentally used dest_dir with cp(1) instead. This causes kernel modules to be copied to the wrong location. Rename the variable to dest_dir to be consistent with module_dir and rootfs_dir variables used in this function. Fixes: #94 Signed-off-by: Stefan Hajnoczi --- rootfs-builder/rootfs.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rootfs-builder/rootfs.sh b/rootfs-builder/rootfs.sh index 95aa748b7..13b846fbf 100755 --- a/rootfs-builder/rootfs.sh +++ b/rootfs-builder/rootfs.sh @@ -137,10 +137,10 @@ copy_kernel_modules() [ -z "$module_dir" ] && die "need module directory" [ -z "$rootfs_dir" ] && die "need rootfs directory" - local destdir="${rootfs_dir}/lib/modules" + local dest_dir="${rootfs_dir}/lib/modules" info "Copy kernel modules from ${KERNEL_MODULES_DIR}" - mkdir -p "${destdir}" + mkdir -p "${dest_dir}" cp -a "${KERNEL_MODULES_DIR}" "${dest_dir}/" OK "Kernel modules copied" } From 171eceb426533128816bc57d3e92f32c12531ba6 Mon Sep 17 00:00:00 2001 From: "James O. D. Hunt" Date: Fri, 18 May 2018 11:04:14 +0100 Subject: [PATCH 081/307] image: Use variable for referring to init Use a variable rather than hard-coding the expected init daemon path. Signed-off-by: James O. D. Hunt --- image-builder/image_builder.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/image-builder/image_builder.sh b/image-builder/image_builder.sh index 172d97663..492633f47 100755 --- a/image-builder/image_builder.sh +++ b/image-builder/image_builder.sh @@ -113,8 +113,9 @@ if [ -n "${USE_DOCKER}" ] ; then exit $? fi # The kata rootfs image expect init and kata-agent to be installed -init="${ROOTFS}/sbin/init" -[ -x "${init}" ] || [ -L ${init} ] || die "/sbin/init is not installed in ${ROOTFS}" +init_path="/sbin/init" +init="${ROOTFS}${init_path}" +[ -x "${init}" ] || [ -L ${init} ] || die "${init_path} is not installed in ${ROOTFS}" OK "init is installed" [ "${AGENT_INIT}" == "yes" ] || [ -x "${ROOTFS}/usr/bin/${AGENT_BIN}" ] || \ die "/usr/bin/${AGENT_BIN} is not installed in ${ROOTFS} From aca45c58207788bb9179f1ce9e128f10ea1967e9 Mon Sep 17 00:00:00 2001 From: "James O. D. Hunt" Date: Fri, 18 May 2018 11:05:12 +0100 Subject: [PATCH 082/307] image: Require systemd Building an image requires systemd to be installed in the rootfs as the init daemon, so assert that systemd is available. Updated tests so that alpine is only tested as an initrd (it cannot be an image as it doesn't use systemd). Added warning note about alpine to the docs. Fixes #98. Signed-off-by: James O. D. Hunt --- image-builder/README.md | 3 +++ image-builder/image_builder.sh | 9 +++++++++ rootfs-builder/README.md | 3 +++ tests/image_creation.bats | 18 +++++++++++------- 4 files changed, 26 insertions(+), 7 deletions(-) diff --git a/image-builder/README.md b/image-builder/README.md index 21bb9c24b..b4475fced 100644 --- a/image-builder/README.md +++ b/image-builder/README.md @@ -16,6 +16,9 @@ $ sudo ./image_builder.sh path/to/rootfs Where `path/to/rootfs` is the directory populated by `rootfs.sh`. +> **Note**: If you are building an image from an Alpine rootfs, see +> the important note [here](rootfs-builder/README.md#rootfs-requirements). + ## Further information For more information about usage (including how to adjust the size of the diff --git a/image-builder/image_builder.sh b/image-builder/image_builder.sh index 492633f47..0b78de357 100755 --- a/image-builder/image_builder.sh +++ b/image-builder/image_builder.sh @@ -117,6 +117,15 @@ init_path="/sbin/init" init="${ROOTFS}${init_path}" [ -x "${init}" ] || [ -L ${init} ] || die "${init_path} is not installed in ${ROOTFS}" OK "init is installed" + +if [ "${AGENT_INIT}" == "no" ] +then + systemd_path="/lib/systemd/systemd" + systemd="${ROOTFS}${systemd_path}" + [ -x "${systemd}" ] || [ -L ${systemd} ] || die "${systemd_path} is not installed in ${ROOTFS}" + OK "init is systemd" +fi + [ "${AGENT_INIT}" == "yes" ] || [ -x "${ROOTFS}/usr/bin/${AGENT_BIN}" ] || \ die "/usr/bin/${AGENT_BIN} is not installed in ${ROOTFS} use AGENT_BIN env variable to change the expected agent binary name" diff --git a/rootfs-builder/README.md b/rootfs-builder/README.md index 36c3dc4a9..56604fbc1 100644 --- a/rootfs-builder/README.md +++ b/rootfs-builder/README.md @@ -41,6 +41,9 @@ The rootfs must provide at least the following components: When the `AGENT_INIT` environment variable is set to `yes`, use Kata agent as `/sbin/init`. +> **Note**: `AGENT_INIT=yes` **must** be used for the Alpine distribution +> since it does not use `systemd` as its init daemon. + ## Creating a rootfs To build a rootfs for your chosen distribution, run: diff --git a/tests/image_creation.bats b/tests/image_creation.bats index 724f098b9..7c552c7c8 100644 --- a/tests/image_creation.bats +++ b/tests/image_creation.bats @@ -48,22 +48,26 @@ function build_initrd() function build_rootfs_image_initrd() { distro="$1" + image="$2" + initrd="$3" + [ -n "$distro" ] build_rootfs $distro - build_image - build_initrd + + [ "$image" = "yes" ] && build_image + [ "$initrd" = "yes" ] && build_initrd } @test "Can create fedora image" { - build_rootfs_image_initrd fedora + build_rootfs_image_initrd fedora yes yes } @test "Can create clearlinux image" { - build_rootfs_image_initrd clearlinux + build_rootfs_image_initrd clearlinux yes yes } @test "Can create centos image" { - build_rootfs_image_initrd centos + build_rootfs_image_initrd centos yes yes } @test "Can create euleros image" { @@ -71,9 +75,9 @@ function build_rootfs_image_initrd() then skip "travis timeout, see: https://github.com/kata-containers/osbuilder/issues/46" fi - build_rootfs_image_initrd euleros + build_rootfs_image_initrd euleros yes yes } @test "Can create alpine image" { - build_rootfs_image_initrd alpine + build_rootfs_image_initrd alpine no yes } From c1d22f98f6ce7e49faf1443ae904bad48fb9e79b Mon Sep 17 00:00:00 2001 From: "James O. D. Hunt" Date: Thu, 24 May 2018 14:53:19 +0100 Subject: [PATCH 083/307] rootfs: Default to host architecture Don't default to a hard-coded Intel architecture - default to the host architecture. This requires the `coreutils` package to be installed both inside each docker image (for `USE_DOCKER=true`) and in the host environments. Added missing SPDX headers to `Dockerfile` templates to pacify the CI checks. Fixes #100. Signed-off-by: James O. D. Hunt --- .ci/setup.sh | 4 ++-- rootfs-builder/alpine/Dockerfile.in | 9 ++++++++- rootfs-builder/centos/Dockerfile.in | 7 ++++++- rootfs-builder/clearlinux/Dockerfile.in | 7 ++++++- rootfs-builder/euleros/Dockerfile.in | 8 +++++++- rootfs-builder/fedora/Dockerfile.in | 7 ++++++- rootfs-builder/rootfs.sh | 2 +- rootfs-builder/template/Dockerfile.template | 5 +++++ 8 files changed, 41 insertions(+), 8 deletions(-) diff --git a/.ci/setup.sh b/.ci/setup.sh index c5f966886..ca66fc103 100755 --- a/.ci/setup.sh +++ b/.ci/setup.sh @@ -14,12 +14,12 @@ bash "${cidir}/static-checks.sh" source /etc/os-release if [ "$ID" == fedora ];then - sudo -E dnf -y install automake bats yamllint + sudo -E dnf -y install automake bats yamllint coreutils elif [ "$ID" == ubuntu ];then #bats isn't available for Ubuntu trusty, need for travis sudo add-apt-repository -y ppa:duggan/bats sudo apt-get -qq update - sudo apt-get install -y -qq automake bats qemu-utils python-pip + sudo apt-get install -y -qq automake bats qemu-utils python-pip coreutils sudo pip install yamllint else echo "Linux distribution not supported" diff --git a/rootfs-builder/alpine/Dockerfile.in b/rootfs-builder/alpine/Dockerfile.in index 538f84b61..19254b210 100644 --- a/rootfs-builder/alpine/Dockerfile.in +++ b/rootfs-builder/alpine/Dockerfile.in @@ -1,3 +1,10 @@ +# +# Copyright (c) 2018 HyperHQ Inc. +# +# SPDX-License-Identifier: Apache-2.0 + From golang:@GO_VERSION@-alpine3.7 -RUN apk update && apk add git make bash gcc musl-dev linux-headers apk-tools-static +# The "coreutils" package on alpine for reasons unknown does not provide arch(1), so simulate it. +RUN apk update && apk add git make bash gcc musl-dev linux-headers apk-tools-static && \ + echo -e '#!/bin/sh\nuname -m' > /usr/bin/arch && chmod +x /usr/bin/arch diff --git a/rootfs-builder/centos/Dockerfile.in b/rootfs-builder/centos/Dockerfile.in index d16466d46..4a93e322d 100644 --- a/rootfs-builder/centos/Dockerfile.in +++ b/rootfs-builder/centos/Dockerfile.in @@ -1,6 +1,11 @@ +# +# Copyright (c) 2018 Intel Corporation +# +# SPDX-License-Identifier: Apache-2.0 + From centos:@OS_VERSION@ -RUN yum -y update && yum install -y git make gcc +RUN yum -y update && yum install -y git make gcc coreutils # This will install the proper golang to build Kata components @INSTALL_GO@ diff --git a/rootfs-builder/clearlinux/Dockerfile.in b/rootfs-builder/clearlinux/Dockerfile.in index 69c0b2bad..4e38d364a 100644 --- a/rootfs-builder/clearlinux/Dockerfile.in +++ b/rootfs-builder/clearlinux/Dockerfile.in @@ -1,6 +1,11 @@ +# +# Copyright (c) 2018 Intel Corporation +# +# SPDX-License-Identifier: Apache-2.0 + From fedora:27 -RUN dnf -y update && dnf install -y git systemd pkgconfig gcc +RUN dnf -y update && dnf install -y git systemd pkgconfig gcc coreutils # This will install the proper golang to build Kata components @INSTALL_GO@ diff --git a/rootfs-builder/euleros/Dockerfile.in b/rootfs-builder/euleros/Dockerfile.in index 5378c6594..97cae78db 100644 --- a/rootfs-builder/euleros/Dockerfile.in +++ b/rootfs-builder/euleros/Dockerfile.in @@ -1,5 +1,11 @@ +# +# Copyright (C) 2018 Huawei Technologies Co., Ltd +# +# SPDX-License-Identifier: Apache-2.0 + FROM euleros:@OS_VERSION@ -RUN yum -y update && yum install -y yum git make gcc +RUN yum -y update && yum install -y yum git make gcc coreutils + # This will install the proper golang to build Kata components @INSTALL_GO@ diff --git a/rootfs-builder/fedora/Dockerfile.in b/rootfs-builder/fedora/Dockerfile.in index f98f36117..39fadc1a0 100644 --- a/rootfs-builder/fedora/Dockerfile.in +++ b/rootfs-builder/fedora/Dockerfile.in @@ -1,6 +1,11 @@ +# +# Copyright (c) 2018 Intel Corporation +# +# SPDX-License-Identifier: Apache-2.0 + From fedora:@OS_VERSION@ -RUN dnf -y update && dnf install -y git redhat-release systemd pkgconfig gcc +RUN dnf -y update && dnf install -y git redhat-release systemd pkgconfig gcc coreutils # This will install the proper golang to build Kata components @INSTALL_GO@ diff --git a/rootfs-builder/rootfs.sh b/rootfs-builder/rootfs.sh index 13b846fbf..be0fc7a73 100755 --- a/rootfs-builder/rootfs.sh +++ b/rootfs-builder/rootfs.sh @@ -20,7 +20,7 @@ lib_file="${script_dir}/../scripts/lib.sh" source "$lib_file" # Default architecture -ARCH=${ARCH:-"x86_64"} +ARCH=$(arch) # Load default versions for golang and other componets source "${script_dir}/versions.txt" diff --git a/rootfs-builder/template/Dockerfile.template b/rootfs-builder/template/Dockerfile.template index 87c9b9fda..95a07deec 100644 --- a/rootfs-builder/template/Dockerfile.template +++ b/rootfs-builder/template/Dockerfile.template @@ -1,3 +1,8 @@ +# +# Copyright (c) 2018 Intel Corporation +# +# SPDX-License-Identifier: Apache-2.0 + #@distro@: docker image to be used to create a rootfs #@OS_VERSION@: Docker image version to build this dockerfile from @distro@:@OS_VERSION@ From 60e1e7bc3161c6b2c8d5b1e2be2c50a1ec069184 Mon Sep 17 00:00:00 2001 From: "James O. D. Hunt" Date: Fri, 25 May 2018 13:58:37 +0100 Subject: [PATCH 084/307] tests: cleanup bats tests Removed redundant `function` keyword and extraneous blank lines. Signed-off-by: James O. D. Hunt --- tests/image_creation.bats | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/tests/image_creation.bats b/tests/image_creation.bats index 7c552c7c8..2fe2817a6 100644 --- a/tests/image_creation.bats +++ b/tests/image_creation.bats @@ -4,7 +4,6 @@ # # SPDX-License-Identifier: Apache-2.0 - rootfs_sh="$BATS_TEST_DIRNAME/../rootfs-builder/rootfs.sh" image_builder_sh="$BATS_TEST_DIRNAME/../image-builder/image_builder.sh" initrd_builder_sh="$BATS_TEST_DIRNAME/../initrd-builder/initrd_builder.sh" @@ -13,7 +12,6 @@ tmp_rootfs="${tmp_dir}/rootfs-osbuilder" #FIXME: Remove image size after https://github.com/kata-containers/osbuilder/issues/25 is fixed readonly image_size=400 - setup() { export USE_DOCKER=true @@ -25,7 +23,7 @@ teardown(){ rm -rf "${tmp_dir}" } -function build_rootfs() +build_rootfs() { local file="/var/lib/osbuilder/osbuilder.yaml" local full="${tmp_rootfs}${file}" @@ -35,17 +33,17 @@ function build_rootfs() yamllint "${full}" } -function build_image() +build_image() { sudo -E ${image_builder_sh} -s ${image_size} -o "${tmp_dir}/image.img" "${tmp_rootfs}" } -function build_initrd() +build_initrd() { sudo -E ${initrd_builder_sh} -o "${tmp_dir}/initrd-image.img" "${tmp_rootfs}" } -function build_rootfs_image_initrd() +build_rootfs_image_initrd() { distro="$1" image="$2" From aeb59479cb3268908783226aca0c73fa1cb16dcd Mon Sep 17 00:00:00 2001 From: "James O. D. Hunt" Date: Fri, 25 May 2018 14:03:51 +0100 Subject: [PATCH 085/307] tests: Don't pass size option to image builder As the comment in the code showed, now that https://github.com/kata-containers/osbuilder/issues/25 is fixed, it is no longer necessary to specify an image size to the image builder as it will auto-calculate it. Signed-off-by: James O. D. Hunt --- tests/image_creation.bats | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/tests/image_creation.bats b/tests/image_creation.bats index 2fe2817a6..4d08a8b76 100644 --- a/tests/image_creation.bats +++ b/tests/image_creation.bats @@ -9,8 +9,6 @@ image_builder_sh="$BATS_TEST_DIRNAME/../image-builder/image_builder.sh" initrd_builder_sh="$BATS_TEST_DIRNAME/../initrd-builder/initrd_builder.sh" readonly tmp_dir=$(mktemp -t -d osbuilder-test.XXXXXXX) tmp_rootfs="${tmp_dir}/rootfs-osbuilder" -#FIXME: Remove image size after https://github.com/kata-containers/osbuilder/issues/25 is fixed -readonly image_size=400 setup() { @@ -35,7 +33,7 @@ build_rootfs() build_image() { - sudo -E ${image_builder_sh} -s ${image_size} -o "${tmp_dir}/image.img" "${tmp_rootfs}" + sudo -E ${image_builder_sh} -o "${tmp_dir}/image.img" "${tmp_rootfs}" } build_initrd() From c69eb00f9b4808275306f7a027483f9e81beb278 Mon Sep 17 00:00:00 2001 From: "James O. D. Hunt" Date: Fri, 25 May 2018 14:05:05 +0100 Subject: [PATCH 086/307] tests: Make all globals readonly Some of the globals were set as read-only variables whilst others weren't. However, they can all be read-only. Signed-off-by: James O. D. Hunt --- tests/image_creation.bats | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/image_creation.bats b/tests/image_creation.bats index 4d08a8b76..9c3405dec 100644 --- a/tests/image_creation.bats +++ b/tests/image_creation.bats @@ -4,11 +4,11 @@ # # SPDX-License-Identifier: Apache-2.0 -rootfs_sh="$BATS_TEST_DIRNAME/../rootfs-builder/rootfs.sh" -image_builder_sh="$BATS_TEST_DIRNAME/../image-builder/image_builder.sh" -initrd_builder_sh="$BATS_TEST_DIRNAME/../initrd-builder/initrd_builder.sh" +readonly rootfs_sh="$BATS_TEST_DIRNAME/../rootfs-builder/rootfs.sh" +readonly image_builder_sh="$BATS_TEST_DIRNAME/../image-builder/image_builder.sh" +readonly initrd_builder_sh="$BATS_TEST_DIRNAME/../initrd-builder/initrd_builder.sh" readonly tmp_dir=$(mktemp -t -d osbuilder-test.XXXXXXX) -tmp_rootfs="${tmp_dir}/rootfs-osbuilder" +readonly tmp_rootfs="${tmp_dir}/rootfs-osbuilder" setup() { From 1c251bdf0574633e3249943dd444c1585b0a2ee7 Mon Sep 17 00:00:00 2001 From: "James O. D. Hunt" Date: Fri, 25 May 2018 14:06:51 +0100 Subject: [PATCH 087/307] tests: Move osbuilder metadata var to top Moved the variable specifying the path to the osbuilder metadata file to the top of the script and made it readonly. Signed-off-by: James O. D. Hunt --- tests/image_creation.bats | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/image_creation.bats b/tests/image_creation.bats index 9c3405dec..de44bd342 100644 --- a/tests/image_creation.bats +++ b/tests/image_creation.bats @@ -9,6 +9,7 @@ readonly image_builder_sh="$BATS_TEST_DIRNAME/../image-builder/image_builder.sh" readonly initrd_builder_sh="$BATS_TEST_DIRNAME/../initrd-builder/initrd_builder.sh" readonly tmp_dir=$(mktemp -t -d osbuilder-test.XXXXXXX) readonly tmp_rootfs="${tmp_dir}/rootfs-osbuilder" +readonly osbuilder_file="/var/lib/osbuilder/osbuilder.yaml" setup() { @@ -23,8 +24,7 @@ teardown(){ build_rootfs() { - local file="/var/lib/osbuilder/osbuilder.yaml" - local full="${tmp_rootfs}${file}" + local full="${tmp_rootfs}${osbuilder_file}" sudo -E ${rootfs_sh} -r "${tmp_rootfs}" "${distro}" From c8e7f4253e5879c37238314245762c8bfe7717e0 Mon Sep 17 00:00:00 2001 From: "James O. D. Hunt" Date: Fri, 25 May 2018 14:08:31 +0100 Subject: [PATCH 088/307] tests: Remove stale rootfs tree Remove the rootfs tree before attempting to generate one to avoid picking up any stale information if the function is run multiple times. Signed-off-by: James O. D. Hunt --- tests/image_creation.bats | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/image_creation.bats b/tests/image_creation.bats index de44bd342..695edbaf4 100644 --- a/tests/image_creation.bats +++ b/tests/image_creation.bats @@ -26,6 +26,9 @@ build_rootfs() { local full="${tmp_rootfs}${osbuilder_file}" + # clean up from any previous runs + [ -d "${tmp_rootfs}" ] && sudo rm -rf "${tmp_rootfs}" + sudo -E ${rootfs_sh} -r "${tmp_rootfs}" "${distro}" yamllint "${full}" From 3a8da5f10800ebdb597921d8d4fc740234fd23d8 Mon Sep 17 00:00:00 2001 From: "James O. D. Hunt" Date: Fri, 25 May 2018 14:16:34 +0100 Subject: [PATCH 089/307] tests: Pass parameters to functions Try to minimise the use of globals by passing parameters to the remaining functions. Signed-off-by: James O. D. Hunt --- tests/image_creation.bats | 25 +++++++++++++++++-------- 1 file changed, 17 insertions(+), 8 deletions(-) diff --git a/tests/image_creation.bats b/tests/image_creation.bats index 695edbaf4..e692d69cd 100644 --- a/tests/image_creation.bats +++ b/tests/image_creation.bats @@ -24,24 +24,33 @@ teardown(){ build_rootfs() { - local full="${tmp_rootfs}${osbuilder_file}" + local distro="$1" + local rootfs="$2" + + local full="${rootfs}${osbuilder_file}" # clean up from any previous runs - [ -d "${tmp_rootfs}" ] && sudo rm -rf "${tmp_rootfs}" + [ -d "${rootfs}" ] && sudo rm -rf "${rootfs}" - sudo -E ${rootfs_sh} -r "${tmp_rootfs}" "${distro}" + sudo -E ${rootfs_sh} -r "${rootfs}" "${distro}" yamllint "${full}" } build_image() { - sudo -E ${image_builder_sh} -o "${tmp_dir}/image.img" "${tmp_rootfs}" + local file="$1" + local rootfs="$2" + + sudo -E ${image_builder_sh} -o "${file}" "${rootfs}" } build_initrd() { - sudo -E ${initrd_builder_sh} -o "${tmp_dir}/initrd-image.img" "${tmp_rootfs}" + local file="$1" + local rootfs="$2" + + sudo -E ${initrd_builder_sh} -o "${file}" "${rootfs}" } build_rootfs_image_initrd() @@ -51,10 +60,10 @@ build_rootfs_image_initrd() initrd="$3" [ -n "$distro" ] - build_rootfs $distro + build_rootfs "${distro}" "${tmp_rootfs}" - [ "$image" = "yes" ] && build_image - [ "$initrd" = "yes" ] && build_initrd + [ "$image" = "yes" ] && build_image "${tmp_dir}/image.img" "${tmp_rootfs}" + [ "$initrd" = "yes" ] && build_initrd "${tmp_dir}/initrd-image.img" "${tmp_rootfs}" } @test "Can create fedora image" { From 340d7b2ad567aec76436f39b55d06fa6785efd35 Mon Sep 17 00:00:00 2001 From: "James O. D. Hunt" Date: Fri, 25 May 2018 14:20:58 +0100 Subject: [PATCH 090/307] tests: Rename function for brevity Renamed the `build_rootfs_image_initrd` function to `create_images`. Signed-off-by: James O. D. Hunt --- tests/image_creation.bats | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/tests/image_creation.bats b/tests/image_creation.bats index e692d69cd..91025fc8b 100644 --- a/tests/image_creation.bats +++ b/tests/image_creation.bats @@ -53,7 +53,14 @@ build_initrd() sudo -E ${initrd_builder_sh} -o "${file}" "${rootfs}" } -build_rootfs_image_initrd() +# Create an image and/or initrd for the specified distribution. +# +# Parameters: +# +# 1: distro name. +# 2: set to "yes" to build an image for the distro. +# 3: set to "yes" to build an initrd for the distro. +create_images() { distro="$1" image="$2" @@ -67,15 +74,15 @@ build_rootfs_image_initrd() } @test "Can create fedora image" { - build_rootfs_image_initrd fedora yes yes + create_images fedora yes yes } @test "Can create clearlinux image" { - build_rootfs_image_initrd clearlinux yes yes + create_images run clearlinux yes yes } @test "Can create centos image" { - build_rootfs_image_initrd centos yes yes + create_images centos yes yes } @test "Can create euleros image" { @@ -83,9 +90,10 @@ build_rootfs_image_initrd() then skip "travis timeout, see: https://github.com/kata-containers/osbuilder/issues/46" fi - build_rootfs_image_initrd euleros yes yes + + create_images euleros yes yes } @test "Can create alpine image" { - build_rootfs_image_initrd alpine no yes + create_images alpine no yes } From 4ae6d31d3e53ceeb5fba61172f8baa834bca68ea Mon Sep 17 00:00:00 2001 From: "James O. D. Hunt" Date: Fri, 25 May 2018 14:41:06 +0100 Subject: [PATCH 091/307] tests: Test generated images and initrd's After building the images, perform a very basic test by configuring the runtime to use them and creating a container. Fixes #97. Signed-off-by: James O. D. Hunt --- .ci/setup.sh | 6 +- tests/image_creation.bats | 233 ++++++++++++++++++++++++++++++++++---- 2 files changed, 212 insertions(+), 27 deletions(-) diff --git a/.ci/setup.sh b/.ci/setup.sh index ca66fc103..c52b2e602 100755 --- a/.ci/setup.sh +++ b/.ci/setup.sh @@ -14,12 +14,14 @@ bash "${cidir}/static-checks.sh" source /etc/os-release if [ "$ID" == fedora ];then - sudo -E dnf -y install automake bats yamllint coreutils + sudo -E dnf -y install automake bats yamllint coreutils moreutils +elif [ "$ID" == centos ];then + sudo -E dnf -y install automake bats yamllint coreutils moreutils elif [ "$ID" == ubuntu ];then #bats isn't available for Ubuntu trusty, need for travis sudo add-apt-repository -y ppa:duggan/bats sudo apt-get -qq update - sudo apt-get install -y -qq automake bats qemu-utils python-pip coreutils + sudo apt-get install -y -qq automake bats qemu-utils python-pip coreutils moreutils sudo pip install yamllint else echo "Linux distribution not supported" diff --git a/tests/image_creation.bats b/tests/image_creation.bats index 91025fc8b..94ca2ecdc 100644 --- a/tests/image_creation.bats +++ b/tests/image_creation.bats @@ -9,17 +9,89 @@ readonly image_builder_sh="$BATS_TEST_DIRNAME/../image-builder/image_builder.sh" readonly initrd_builder_sh="$BATS_TEST_DIRNAME/../initrd-builder/initrd_builder.sh" readonly tmp_dir=$(mktemp -t -d osbuilder-test.XXXXXXX) readonly tmp_rootfs="${tmp_dir}/rootfs-osbuilder" +readonly images_dir="${tmp_dir}/images" readonly osbuilder_file="/var/lib/osbuilder/osbuilder.yaml" +readonly docker_image="busybox" +readonly docker_config_file="/etc/systemd/system/docker.service.d/kata-containers.conf" +readonly tests_repo="github.com/kata-containers/tests" +readonly tests_repo_dir="$BATS_TEST_DIRNAME/../../tests" +readonly mgr="${tests_repo_dir}/cmd/kata-manager/kata-manager.sh" +readonly RUNTIME=${RUNTIME:-kata-runtime} + +# "docker build" does not work with a VM-based runtime +readonly docker_build_runtime="runc" + +info() +{ + s="$*" + echo -e "INFO: $s\n" >&2 +} + +set_runtime() +{ + local name="$1" + + # Travis doesn't support VT-x + [ -n "$TRAVIS" ] && return + + sudo -E sed -i "s/--default-runtime=[^ ][^ ]*/--default-runtime=${name}/g" \ + "${docker_config_file}" + sudo -E systemctl daemon-reload + sudo -E systemctl restart docker +} setup() { + mkdir -p "${images_dir}" + export USE_DOCKER=true + + # Travis doesn't support VT-x + [ -n "$TRAVIS" ] && return + + [ ! -d "${tests_repo_dir}" ] && git clone "https://${tests_repo}" "${tests_repo_dir}" + + chronic $mgr install-packages + chronic $mgr enable-debug + + # Ensure "docker build" works + set_runtime "${docker_build_runtime}" } -teardown(){ - # Rootfs is own by root change it to remove it - sudo rm -rf "${tmp_rootfs}" - rm -rf "${tmp_dir}" +teardown() +{ + if [ "$BATS_ERROR_STATUS" -eq 0 ] + then + # Rootfs and images are owned by root + sudo -E rm -rf "${tmp_rootfs}" + sudo -E rm -rf "${images_dir}" + + rm -rf "${tmp_dir}" + + return + fi + + # The test failed so dump what we can + + info "AGENT_INIT: '${AGENT_INIT}'" + + info "images:" + sudo -E ls -l "${images_dir}" >&2 + + info "rootfs:" + sudo -E ls -l "${tmp_rootfs}" >&2 + + info "local runtime config:" + cat /etc/kata-containers/configuration.toml >&2 + + info "main runtime config:" + cat /usr/share/defaults/kata-containers/configuration.toml >&2 + + info "collect script output:" + sudo -E kata-collect-data.sh >&2 + + info "processes:" + sudo -E ps -efwww | egrep "docker|kata" >&2 } build_rootfs() @@ -30,11 +102,15 @@ build_rootfs() local full="${rootfs}${osbuilder_file}" # clean up from any previous runs - [ -d "${rootfs}" ] && sudo rm -rf "${rootfs}" + [ -d "${rootfs}" ] && sudo -E rm -rf "${rootfs}" sudo -E ${rootfs_sh} -r "${rootfs}" "${distro}" yamllint "${full}" + + info "built rootfs for distro '$distro' at '$rootfs'" + info "osbuilder metadata file:" + cat "${full}" >&2 } build_image() @@ -43,6 +119,9 @@ build_image() local rootfs="$2" sudo -E ${image_builder_sh} -o "${file}" "${rootfs}" + + info "built image file '$file' for rootfs '$rootfs':" + sudo -E ls -l "$file" >&2 } build_initrd() @@ -51,49 +130,153 @@ build_initrd() local rootfs="$2" sudo -E ${initrd_builder_sh} -o "${file}" "${rootfs}" + + info "built initrd file '$file' for rootfs '$rootfs':" + sudo -E ls -l "$file" >&2 } -# Create an image and/or initrd for the specified distribution. +create_container() +{ + out=$(mktemp) + + local file="/proc/version" + + # Create a container using the runtime under test which displays a + # file that is expected to exist. + docker run --rm -i --runtime "${RUNTIME}" "$docker_image" cat "${file}" > "$out" + + info "contents of docker image ${docker_image} container file '${file}':" + cat "${out}" >&2 + + [ -s "$out" ] + rm -f "$out" +} + +install_image_create_container() +{ + local file="$1" + + # Travis doesn't support VT-x + [ -n "$TRAVIS" ] && return + + chronic $mgr reset-config + chronic $mgr configure-image "$file" + create_container +} + +install_initrd_create_container() +{ + local file="$1" + + # Travis doesn't support VT-x + [ -n "$TRAVIS" ] && return + + chronic $mgr reset-config + chronic $mgr configure-initrd "$file" + create_container +} + +handle_options() +{ + local distro="$1" + local type="$2" + local options="$3" + + local opt + local rootfs + + for opt in $options + do + # Set the crucial variable to determine if the agent will be + # PID 1 in the image or initrd. + case "$opt" in + init) export AGENT_INIT="yes";; + *) export AGENT_INIT="no";; + esac + + rootfs="${tmp_rootfs}/${distro}-agent-init-${AGENT_INIT}" + + build_rootfs "${distro}" "${rootfs}" + + if [ "$type" = "image" ] + then + # Images need systemd + [ "$opt" = "init" ] && continue + + local image_path="${images_dir}/${type}-${distro}-agent-init-${AGENT_INIT}.img" + + build_image "${image_path}" "${rootfs}" + install_image_create_container "${image_path}" + elif [ "$type" = "initrd" ] + then + local initrd_path="${images_dir}/${type}-${distro}-agent-init-${AGENT_INIT}.img" + + build_initrd "${initrd_path}" "${rootfs}" + install_initrd_create_container "${initrd_path}" + else + die "invalid type: '$type' for distro $distro option $opt" + fi + done +} + +# Create an image and/or initrd for the specified distribution, +# then test each by configuring the runtime and creating a container. +# +# The second and third parameters take the form of a space separated list of +# values which represent whether the agent should be the init daemon in the +# image/initrd. "init" means the agent should be configured to be the init +# daemon and "service" means it should run as a systemd service. +# +# The list value should be set to "no" if the image/initrd should not +# be built+tested. # # Parameters: # # 1: distro name. -# 2: set to "yes" to build an image for the distro. -# 3: set to "yes" to build an initrd for the distro. -create_images() +# 2: image options. +# 3: initrd options. +create_and_run() { - distro="$1" - image="$2" - initrd="$3" + local distro="$1" + local image_options="$2" + local initrd_options="$3" [ -n "$distro" ] - build_rootfs "${distro}" "${tmp_rootfs}" - [ "$image" = "yes" ] && build_image "${tmp_dir}/image.img" "${tmp_rootfs}" - [ "$initrd" = "yes" ] && build_initrd "${tmp_dir}/initrd-image.img" "${tmp_rootfs}" + local opt + + if [ "$image_options" != "no" ] + then + handle_options "$distro" "image" "$image_options" + fi + + if [ "$initrd_options" != "no" ] + then + handle_options "$distro" "initrd" "$initrd_options" + fi } -@test "Can create fedora image" { - create_images fedora yes yes +@test "Can create and run fedora image" { + create_and_run fedora "service" "no" } -@test "Can create clearlinux image" { - create_images run clearlinux yes yes +@test "Can create and run clearlinux image" { + create_and_run clearlinux "service" "no" } -@test "Can create centos image" { - create_images centos yes yes +@test "Can create and run centos image" { + create_and_run centos "service" "no" } -@test "Can create euleros image" { +@test "Can create and run euleros image" { if [ "$TRAVIS" = true ] then skip "travis timeout, see: https://github.com/kata-containers/osbuilder/issues/46" fi - create_images euleros yes yes + create_and_run euleros "service" "no" } -@test "Can create alpine image" { - create_images alpine no yes +@test "Can create and run alpine image" { + create_and_run alpine "no" "init" } From a81e7715736c9d2612925c895c600412a3f78471 Mon Sep 17 00:00:00 2001 From: Liu Changcheng Date: Wed, 6 Jun 2018 13:36:54 +0800 Subject: [PATCH 092/307] rootfs: correct rootfs script deference var value shell usage function use wrong way to get AGENT_BIN value Fixes #103 Signed-off-by: Liu Changcheng --- rootfs-builder/rootfs.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rootfs-builder/rootfs.sh b/rootfs-builder/rootfs.sh index be0fc7a73..86b357f0b 100755 --- a/rootfs-builder/rootfs.sh +++ b/rootfs-builder/rootfs.sh @@ -58,7 +58,7 @@ GO_AGENT_PKG: Change the golang package url to get the agent source code AGENT_BIN : Name of the agent binary (needed to check if agent is installed) USE_DOCKER: If set will build rootfs in a Docker Container (requries docker) DEFAULT: not set -AGENT_INIT : Use $(AGENT_BIN) as init process. +AGENT_INIT : Use ${AGENT_BIN} as init process. DEFAULT: no KERNEL_MODULES_DIR: Optional kernel modules to put into the rootfs. DEFAULT: "" From 6c8c60db8a8c6927eb6bff069a025677b4a16470 Mon Sep 17 00:00:00 2001 From: Salvador Fuentes Date: Wed, 6 Jun 2018 08:00:02 -0500 Subject: [PATCH 093/307] CI: use yum for resolving centos dependencies `.ci/setup.sh` is using dnf instead of yum to install centos dependencies. This fixes it to use yum. Fixes: #104. Signed-off-by: Salvador Fuentes --- .ci/setup.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.ci/setup.sh b/.ci/setup.sh index c52b2e602..1009f77f9 100755 --- a/.ci/setup.sh +++ b/.ci/setup.sh @@ -16,7 +16,7 @@ source /etc/os-release if [ "$ID" == fedora ];then sudo -E dnf -y install automake bats yamllint coreutils moreutils elif [ "$ID" == centos ];then - sudo -E dnf -y install automake bats yamllint coreutils moreutils + sudo -E yum -y install automake bats yamllint coreutils moreutils elif [ "$ID" == ubuntu ];then #bats isn't available for Ubuntu trusty, need for travis sudo add-apt-repository -y ppa:duggan/bats From 9f84cc8f1c5c06bd990ff83dc5c9edbcabde98ea Mon Sep 17 00:00:00 2001 From: Salvador Fuentes Date: Wed, 6 Jun 2018 09:30:19 -0500 Subject: [PATCH 094/307] CI: Install bats from sources CentOS and some versions of Ubuntu do not provide bats in their default repository. This change installs bats from sources. Signed-off-by: Salvador Fuentes --- .ci/lib.sh | 5 +++++ .ci/setup.sh | 12 +++++++----- 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/.ci/lib.sh b/.ci/lib.sh index c5c8582f4..4f5486067 100644 --- a/.ci/lib.sh +++ b/.ci/lib.sh @@ -23,3 +23,8 @@ run_static_checks() clone_tests_repo bash "$tests_repo_dir/.ci/static-checks.sh" } + +install_bats() +{ + bash "$tests_repo_dir/.ci/install_bats.sh" +} diff --git a/.ci/setup.sh b/.ci/setup.sh index 1009f77f9..e0b444ac8 100755 --- a/.ci/setup.sh +++ b/.ci/setup.sh @@ -8,20 +8,22 @@ set -e cidir=$(dirname "$0") +source "${cidir}/lib.sh" + bash "${cidir}/static-checks.sh" #Note: If add clearlinux as supported CI use a stateless os-release file source /etc/os-release +install_bats + if [ "$ID" == fedora ];then - sudo -E dnf -y install automake bats yamllint coreutils moreutils + sudo -E dnf -y install automake yamllint coreutils moreutils elif [ "$ID" == centos ];then - sudo -E yum -y install automake bats yamllint coreutils moreutils + sudo -E yum -y install automake yamllint coreutils moreutils elif [ "$ID" == ubuntu ];then - #bats isn't available for Ubuntu trusty, need for travis - sudo add-apt-repository -y ppa:duggan/bats sudo apt-get -qq update - sudo apt-get install -y -qq automake bats qemu-utils python-pip coreutils moreutils + sudo apt-get install -y -qq automake qemu-utils python-pip coreutils moreutils sudo pip install yamllint else echo "Linux distribution not supported" From 70155353a1cfd987f8701ad8fb79eb13b593339e Mon Sep 17 00:00:00 2001 From: Salvador Fuentes Date: Wed, 6 Jun 2018 10:42:10 -0500 Subject: [PATCH 095/307] CI: Install epel-repositories for centos yamllint and moreutils packages are available in the epel repositories from centos. Signed-off-by: Salvador Fuentes --- .ci/setup.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/.ci/setup.sh b/.ci/setup.sh index e0b444ac8..3aae75080 100755 --- a/.ci/setup.sh +++ b/.ci/setup.sh @@ -20,6 +20,7 @@ install_bats if [ "$ID" == fedora ];then sudo -E dnf -y install automake yamllint coreutils moreutils elif [ "$ID" == centos ];then + sudo -E yum -y install epel-release sudo -E yum -y install automake yamllint coreutils moreutils elif [ "$ID" == ubuntu ];then sudo apt-get -qq update From 11d1d07c042390c9e7270bfe34e1d2d7a93f8e93 Mon Sep 17 00:00:00 2001 From: Nitesh Konkar Date: Thu, 7 Jun 2018 19:45:08 +0530 Subject: [PATCH 096/307] docs: Update README, Fix a minor space issue Fixes: #108 Signed-off-by: Nitesh Konkar --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index fb17e8496..b6fc10c02 100644 --- a/README.md +++ b/README.md @@ -106,4 +106,4 @@ $ sudo -E PATH=$PATH make AGENT_INIT=yes initrd-only ``` For further details, -see[the initrd builder documentation](initrd-builder/README.md). +see [the initrd builder documentation](initrd-builder/README.md). From e86380aab79f0e8b3ee8019a65c45c229ab9e25b Mon Sep 17 00:00:00 2001 From: Penny Zheng Date: Tue, 12 Jun 2018 02:03:48 +0000 Subject: [PATCH 097/307] rootfs: add '-rm' to delete intermediate container If we set env USE_DOCKER true, we will use container as development environment. After docker run command, this temporary container would be no use. we could add -rm flag to automatically delete intermediate container. Fixes: #115 Signed-off-by: Penny Zheng --- image-builder/image_builder.sh | 1 + rootfs-builder/rootfs.sh | 1 + 2 files changed, 2 insertions(+) diff --git a/image-builder/image_builder.sh b/image-builder/image_builder.sh index 0b78de357..27cd12c05 100755 --- a/image-builder/image_builder.sh +++ b/image-builder/image_builder.sh @@ -98,6 +98,7 @@ if [ -n "${USE_DOCKER}" ] ; then # In case Clear Containers Runtime is installed we dont want to hit issue: #https://github.com/clearcontainers/runtime/issues/828 docker run \ + --rm \ --runtime runc \ --privileged \ --env IMG_SIZE="${IMG_SIZE}" \ diff --git a/rootfs-builder/rootfs.sh b/rootfs-builder/rootfs.sh index 86b357f0b..987996326 100755 --- a/rootfs-builder/rootfs.sh +++ b/rootfs-builder/rootfs.sh @@ -212,6 +212,7 @@ if [ -n "${USE_DOCKER}" ] ; then # In case Clear Containers Runtime is installed we dont want to hit issue: #https://github.com/clearcontainers/runtime/issues/828 docker run \ + --rm \ --runtime runc \ --env https_proxy="${https_proxy}" \ --env http_proxy="${http_proxy}" \ From 0451db9f4e05cbd3a84c0d766041975fb65455f3 Mon Sep 17 00:00:00 2001 From: Penny Zheng Date: Fri, 8 Jun 2018 08:00:03 +0000 Subject: [PATCH 098/307] rootfs-builder: Support building centos-rootfs on Arm64 For now, mirrorlist doesn't support non-x86_64 arch, so we need create baseurl for arm64. Furthermore, we also need to offer arm64-specific gpg keys along with the regular key. Fixes: #111 Signed-off-by: Penny Zheng --- rootfs-builder/centos/RPM-GPG-KEY-CentOS-7 | 30 ---------------------- rootfs-builder/centos/config.sh | 8 +++--- rootfs-builder/centos/config_aarch64.sh | 18 +++++++++++++ rootfs-builder/rootfs.sh | 9 +++++++ scripts/lib.sh | 16 ++++++++++-- 5 files changed, 46 insertions(+), 35 deletions(-) delete mode 100644 rootfs-builder/centos/RPM-GPG-KEY-CentOS-7 create mode 100644 rootfs-builder/centos/config_aarch64.sh diff --git a/rootfs-builder/centos/RPM-GPG-KEY-CentOS-7 b/rootfs-builder/centos/RPM-GPG-KEY-CentOS-7 deleted file mode 100644 index 47f6d4d6b..000000000 --- a/rootfs-builder/centos/RPM-GPG-KEY-CentOS-7 +++ /dev/null @@ -1,30 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- -Version: GnuPG v1.4.5 (GNU/Linux) - -mQINBFOn/0sBEADLDyZ+DQHkcTHDQSE0a0B2iYAEXwpPvs67cJ4tmhe/iMOyVMh9 -Yw/vBIF8scm6T/vPN5fopsKiW9UsAhGKg0epC6y5ed+NAUHTEa6pSOdo7CyFDwtn -4HF61Esyb4gzPT6QiSr0zvdTtgYBRZjAEPFVu3Dio0oZ5UQZ7fzdZfeixMQ8VMTQ -4y4x5vik9B+cqmGiq9AW71ixlDYVWasgR093fXiD9NLT4DTtK+KLGYNjJ8eMRqfZ -Ws7g7C+9aEGHfsGZ/SxLOumx/GfiTloal0dnq8TC7XQ/JuNdB9qjoXzRF+faDUsj -WuvNSQEqUXW1dzJjBvroEvgTdfCJfRpIgOrc256qvDMp1SxchMFltPlo5mbSMKu1 -x1p4UkAzx543meMlRXOgx2/hnBm6H6L0FsSyDS6P224yF+30eeODD4Ju4BCyQ0jO -IpUxmUnApo/m0eRelI6TRl7jK6aGqSYUNhFBuFxSPKgKYBpFhVzRM63Jsvib82rY -438q3sIOUdxZY6pvMOWRkdUVoz7WBExTdx5NtGX4kdW5QtcQHM+2kht6sBnJsvcB -JYcYIwAUeA5vdRfwLKuZn6SgAUKdgeOtuf+cPR3/E68LZr784SlokiHLtQkfk98j -NXm6fJjXwJvwiM2IiFyg8aUwEEDX5U+QOCA0wYrgUQ/h8iathvBJKSc9jQARAQAB -tEJDZW50T1MtNyBLZXkgKENlbnRPUyA3IE9mZmljaWFsIFNpZ25pbmcgS2V5KSA8 -c2VjdXJpdHlAY2VudG9zLm9yZz6JAjUEEwECAB8FAlOn/0sCGwMGCwkIBwMCBBUC -CAMDFgIBAh4BAheAAAoJECTGqKf0qA61TN0P/2730Th8cM+d1pEON7n0F1YiyxqG -QzwpC2Fhr2UIsXpi/lWTXIG6AlRvrajjFhw9HktYjlF4oMG032SnI0XPdmrN29lL -F+ee1ANdyvtkw4mMu2yQweVxU7Ku4oATPBvWRv+6pCQPTOMe5xPG0ZPjPGNiJ0xw -4Ns+f5Q6Gqm927oHXpylUQEmuHKsCp3dK/kZaxJOXsmq6syY1gbrLj2Anq0iWWP4 -Tq8WMktUrTcc+zQ2pFR7ovEihK0Rvhmk6/N4+4JwAGijfhejxwNX8T6PCuYs5Jiv -hQvsI9FdIIlTP4XhFZ4N9ndnEwA4AH7tNBsmB3HEbLqUSmu2Rr8hGiT2Plc4Y9AO -aliW1kOMsZFYrX39krfRk2n2NXvieQJ/lw318gSGR67uckkz2ZekbCEpj/0mnHWD -3R6V7m95R6UYqjcw++Q5CtZ2tzmxomZTf42IGIKBbSVmIS75WY+cBULUx3PcZYHD -ZqAbB0Dl4MbdEH61kOI8EbN/TLl1i077r+9LXR1mOnlC3GLD03+XfY8eEBQf7137 -YSMiW5r/5xwQk7xEcKlbZdmUJp3ZDTQBXT06vavvp3jlkqqH9QOE8ViZZ6aKQLqv -pL+4bs52jzuGwTMT7gOR5MzD+vT0fVS7Xm8MjOxvZgbHsAgzyFGlI1ggUQmU7lu3 -uPNL0eRx4S1G4Jn5 -=OGYX ------END PGP PUBLIC KEY BLOCK----- diff --git a/rootfs-builder/centos/config.sh b/rootfs-builder/centos/config.sh index 14be86b7d..a354ea74d 100644 --- a/rootfs-builder/centos/config.sh +++ b/rootfs-builder/centos/config.sh @@ -12,11 +12,13 @@ LOG_FILE="/var/log/yum-centos.log" MIRROR_LIST="http://mirrorlist.centos.org/?release=${OS_VERSION}&arch=${ARCH}&repo=os&container=container" # Aditional Repos -CENTOS_UPDATES_URL="http://mirrorlist.centos.org/?release=${OS_VERSION}&arch=${ARCH}&repo=updates&container=container" +CENTOS_UPDATES_MIRROR_LIST="http://mirrorlist.centos.org/?release=${OS_VERSION}&arch=${ARCH}&repo=updates&container=container" -CENTOS_EXTRAS_URL="http://mirrorlist.centos.org/?release=${OS_VERSION}&arch=${ARCH}&repo=extras&container=container" +CENTOS_EXTRAS_MIRROR_LIST="http://mirrorlist.centos.org/?release=${OS_VERSION}&arch=${ARCH}&repo=extras&container=container" -CENTOS_PLUS_URL="http://mirrorlist.centos.org/?release=${OS_VERSION}&arch=${ARCH}&repo=centosplus&container=container" +CENTOS_PLUS_MIRROR_LIST="http://mirrorlist.centos.org/?release=${OS_VERSION}&arch=${ARCH}&repo=centosplus&container=container" + +GPG_KEY_URL="https://www.centos.org/keys/RPM-GPG-KEY-CentOS-7" GPG_KEY_FILE="RPM-GPG-KEY-CentOS-7" diff --git a/rootfs-builder/centos/config_aarch64.sh b/rootfs-builder/centos/config_aarch64.sh new file mode 100644 index 000000000..b4c6a2677 --- /dev/null +++ b/rootfs-builder/centos/config_aarch64.sh @@ -0,0 +1,18 @@ +# +# Copyright (c) 2018 ARM Limited +# +# SPDX-License-Identifier: Apache-2.0 + +# Base Repos +BASE_URL="http://mirror.centos.org/altarch/${OS_VERSION}/os/${ARCH}/" + +# Additional Repos +CENTOS_UPDATES_URL="http://mirror.centos.org/altarch/${OS_VERSION}/updates/${ARCH}/" + +CENTOS_EXTRAS_URL="http://mirror.centos.org/altarch/${OS_VERSION}/extras/${ARCH}/" + +CENTOS_PLUS_URL="http://mirror.centos.org/altarch/${OS_VERSION}/centosplus/${ARCH}/" + +GPG_KEY_ARCH_URL="http://mirror.centos.org/altarch/7/os/aarch64/RPM-GPG-KEY-CentOS-7-aarch64" + +GPG_KEY_ARCH_FILE="RPM-GPG-KEY-CentOS-7-aarch64" diff --git a/rootfs-builder/rootfs.sh b/rootfs-builder/rootfs.sh index 987996326..01d8c3385 100755 --- a/rootfs-builder/rootfs.sh +++ b/rootfs-builder/rootfs.sh @@ -28,6 +28,9 @@ source "${script_dir}/versions.txt" # distro-specific config file typeset -r CONFIG_SH="config.sh" +# optional arch-specific config file +typeset -r CONFIG_ARCH_SH="config_${ARCH}.sh" + # Name of an optional distro-specific file which, if it exists, must implement the # build_rootfs() function. typeset -r LIB_SH="rootfs_lib.sh" @@ -179,6 +182,12 @@ distro_config_dir="${script_dir}/${distro}" rootfs_config="${distro_config_dir}/${CONFIG_SH}" source "${rootfs_config}" +# Source arch-specific config file +rootfs_arch_config="${distro_config_dir}/${CONFIG_ARCH_SH}" +if [ -f "${rootfs_arch_config}" ]; then + source "${rootfs_arch_config}" +fi + [ -d "${distro_config_dir}" ] || die "Not found configuration directory ${distro_config_dir}" if [ -z "$ROOTFS_DIR" ]; then diff --git a/scripts/lib.sh b/scripts/lib.sh index 02e8dd5e6..ca7f50001 100644 --- a/scripts/lib.sh +++ b/scripts/lib.sh @@ -80,13 +80,25 @@ enabled=1 EOF fi - if [ "$GPG_KEY_FILE" != "" ]; then + if [ -n "$GPG_KEY_URL" ]; then + if [ ! -f "${CONFIG_DIR}/${GPG_KEY_FILE}" ]; then + curl -L ${GPG_KEY_URL} -o ${CONFIG_DIR}/${GPG_KEY_FILE} + fi cat >> "${DNF_CONF}" << EOF gpgcheck=1 gpgkey=file://${CONFIG_DIR}/${GPG_KEY_FILE} - EOF fi + + if [ -n "$GPG_KEY_ARCH_URL" ]; then + if [ ! -f "${CONFIG_DIR}/${GPG_KEY_ARCH_FILE}" ]; then + curl -L ${GPG_KEY_ARCH_URL} -o ${CONFIG_DIR}/${GPG_KEY_ARCH_FILE} + fi + cat >> "${DNF_CONF}" << EOF + file://${CONFIG_DIR}/${GPG_KEY_ARCH_FILE} +EOF + fi + } build_rootfs() From 547c477f4e431cc461101064952e3c2fb01058ed Mon Sep 17 00:00:00 2001 From: "James O. D. Hunt" Date: Mon, 25 Jun 2018 11:51:02 +0100 Subject: [PATCH 099/307] CI: Fix static-checks script invocation The `static-checks.sh` script now requires the repo as an argument. Fixes #120. Signed-off-by: James O. D. Hunt --- .ci/lib.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.ci/lib.sh b/.ci/lib.sh index 4f5486067..25d30fb55 100644 --- a/.ci/lib.sh +++ b/.ci/lib.sh @@ -21,7 +21,7 @@ clone_tests_repo() run_static_checks() { clone_tests_repo - bash "$tests_repo_dir/.ci/static-checks.sh" + bash "$tests_repo_dir/.ci/static-checks.sh" "github.com/kata-containers/osbuilder" } install_bats() From 5b9b69a4b7e91ea5e0e38dce9424d25142a4418f Mon Sep 17 00:00:00 2001 From: "James O. D. Hunt" Date: Fri, 8 Jun 2018 11:47:07 +0100 Subject: [PATCH 100/307] tests: Update kata-manager command The `kata-manger.sh` utility is changing its behaviour so that `install-packages` *only* installs packages (no container manager). Update the command to both install Docker and the packages. Fixes #113. Signed-off-by: James O. D. Hunt --- tests/image_creation.bats | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/image_creation.bats b/tests/image_creation.bats index 94ca2ecdc..be90cd6e3 100644 --- a/tests/image_creation.bats +++ b/tests/image_creation.bats @@ -51,7 +51,7 @@ setup() [ ! -d "${tests_repo_dir}" ] && git clone "https://${tests_repo}" "${tests_repo_dir}" - chronic $mgr install-packages + chronic $mgr install-docker-system chronic $mgr enable-debug # Ensure "docker build" works From 7b581c25d80dc028dc8a1d0a1a3f3ec1ab828982 Mon Sep 17 00:00:00 2001 From: "James O. D. Hunt" Date: Mon, 25 Jun 2018 10:51:43 +0100 Subject: [PATCH 101/307] tests: Convert bats test to shell script The tests perform a lot of configuration and call other commands. Since the tests are running under BATS, any "stdout pollution" results in the test failing. This is too rigid for current purposes so convert the BATS test into a `set -e` test. This will still fail if any command fails, but does not impose the output pollution restriction. It also makes debugging easier. Signed-off-by: James O. D. Hunt --- .ci/lib.sh | 5 - .ci/run.sh | 2 +- .ci/setup.sh | 2 - ...{image_creation.bats => image_creation.sh} | 198 ++++++++++++------ 4 files changed, 139 insertions(+), 68 deletions(-) rename tests/{image_creation.bats => image_creation.sh} (68%) mode change 100644 => 100755 diff --git a/.ci/lib.sh b/.ci/lib.sh index 25d30fb55..5f0db4561 100644 --- a/.ci/lib.sh +++ b/.ci/lib.sh @@ -23,8 +23,3 @@ run_static_checks() clone_tests_repo bash "$tests_repo_dir/.ci/static-checks.sh" "github.com/kata-containers/osbuilder" } - -install_bats() -{ - bash "$tests_repo_dir/.ci/install_bats.sh" -} diff --git a/.ci/run.sh b/.ci/run.sh index 57448a434..a5d2ffc62 100755 --- a/.ci/run.sh +++ b/.ci/run.sh @@ -12,4 +12,4 @@ export GOPATH="${GOPATH:-/tmp/go}" script_dir="$(dirname $(readlink -f $0))" -sudo -E PATH="$PATH" bats "${script_dir}/../tests/image_creation.bats" +sudo -E PATH="$PATH" bash "${script_dir}/../tests/image_creation.sh" diff --git a/.ci/setup.sh b/.ci/setup.sh index 3aae75080..b014198b2 100755 --- a/.ci/setup.sh +++ b/.ci/setup.sh @@ -15,8 +15,6 @@ bash "${cidir}/static-checks.sh" #Note: If add clearlinux as supported CI use a stateless os-release file source /etc/os-release -install_bats - if [ "$ID" == fedora ];then sudo -E dnf -y install automake yamllint coreutils moreutils elif [ "$ID" == centos ];then diff --git a/tests/image_creation.bats b/tests/image_creation.sh old mode 100644 new mode 100755 similarity index 68% rename from tests/image_creation.bats rename to tests/image_creation.sh index be90cd6e3..a0dbd7490 --- a/tests/image_creation.bats +++ b/tests/image_creation.sh @@ -1,12 +1,16 @@ -#!/usr/bin/env bats +#!/bin/bash # # Copyright (c) 2018 Intel Corporation # # SPDX-License-Identifier: Apache-2.0 -readonly rootfs_sh="$BATS_TEST_DIRNAME/../rootfs-builder/rootfs.sh" -readonly image_builder_sh="$BATS_TEST_DIRNAME/../image-builder/image_builder.sh" -readonly initrd_builder_sh="$BATS_TEST_DIRNAME/../initrd-builder/initrd_builder.sh" +set -e + +readonly script_dir="$(dirname $(readlink -f $0))" + +readonly rootfs_sh="${script_dir}/../rootfs-builder/rootfs.sh" +readonly image_builder_sh="${script_dir}/../image-builder/image_builder.sh" +readonly initrd_builder_sh="${script_dir}/../initrd-builder/initrd_builder.sh" readonly tmp_dir=$(mktemp -t -d osbuilder-test.XXXXXXX) readonly tmp_rootfs="${tmp_dir}/rootfs-osbuilder" readonly images_dir="${tmp_dir}/images" @@ -14,53 +18,16 @@ readonly osbuilder_file="/var/lib/osbuilder/osbuilder.yaml" readonly docker_image="busybox" readonly docker_config_file="/etc/systemd/system/docker.service.d/kata-containers.conf" readonly tests_repo="github.com/kata-containers/tests" -readonly tests_repo_dir="$BATS_TEST_DIRNAME/../../tests" +readonly tests_repo_dir="${script_dir}/../../tests" readonly mgr="${tests_repo_dir}/cmd/kata-manager/kata-manager.sh" readonly RUNTIME=${RUNTIME:-kata-runtime} # "docker build" does not work with a VM-based runtime readonly docker_build_runtime="runc" -info() +exit_handler() { - s="$*" - echo -e "INFO: $s\n" >&2 -} - -set_runtime() -{ - local name="$1" - - # Travis doesn't support VT-x - [ -n "$TRAVIS" ] && return - - sudo -E sed -i "s/--default-runtime=[^ ][^ ]*/--default-runtime=${name}/g" \ - "${docker_config_file}" - sudo -E systemctl daemon-reload - sudo -E systemctl restart docker -} - -setup() -{ - mkdir -p "${images_dir}" - - export USE_DOCKER=true - - # Travis doesn't support VT-x - [ -n "$TRAVIS" ] && return - - [ ! -d "${tests_repo_dir}" ] && git clone "https://${tests_repo}" "${tests_repo_dir}" - - chronic $mgr install-docker-system - chronic $mgr enable-debug - - # Ensure "docker build" works - set_runtime "${docker_build_runtime}" -} - -teardown() -{ - if [ "$BATS_ERROR_STATUS" -eq 0 ] + if [ "$?" -eq 0 ] then # Rootfs and images are owned by root sudo -E rm -rf "${tmp_rootfs}" @@ -94,11 +61,63 @@ teardown() sudo -E ps -efwww | egrep "docker|kata" >&2 } +trap exit_handler EXIT ERR + +die() +{ + msg="$*" + echo "ERROR: $msg" >&2 + exit 1 +} + +info() +{ + s="$*" + echo -e "INFO: $s\n" >&2 +} + +set_runtime() +{ + local name="$1" + + [ -z "$name" ] && die "need name" + + # Travis doesn't support VT-x + [ -n "$TRAVIS" ] && return + + sudo -E sed -i "s/--default-runtime=[^ ][^ ]*/--default-runtime=${name}/g" \ + "${docker_config_file}" + sudo -E systemctl daemon-reload + sudo -E systemctl restart docker +} + +setup() +{ + [ -z "$images_dir" ] && die "need images directory" + mkdir -p "${images_dir}" + + export USE_DOCKER=true + + # Travis doesn't support VT-x + [ -n "$TRAVIS" ] && return + + [ ! -d "${tests_repo_dir}" ] && git clone "https://${tests_repo}" "${tests_repo_dir}" + + chronic $mgr install-docker-system + chronic $mgr enable-debug + + # Ensure "docker build" works + set_runtime "${docker_build_runtime}" +} + build_rootfs() { local distro="$1" local rootfs="$2" + [ -z "$distro" ] && die "need distro" + [ -z "$rootfs" ] && die "need rootfs" + local full="${rootfs}${osbuilder_file}" # clean up from any previous runs @@ -118,6 +137,9 @@ build_image() local file="$1" local rootfs="$2" + [ -z "$file" ] && die "need file" + [ -z "$rootfs" ] && die "need rootfs" + sudo -E ${image_builder_sh} -o "${file}" "${rootfs}" info "built image file '$file' for rootfs '$rootfs':" @@ -129,6 +151,9 @@ build_initrd() local file="$1" local rootfs="$2" + [ -z "$file" ] && die "need file" + [ -z "$rootfs" ] && die "need rootfs" + sudo -E ${initrd_builder_sh} -o "${file}" "${rootfs}" info "built initrd file '$file' for rootfs '$rootfs':" @@ -156,6 +181,9 @@ install_image_create_container() { local file="$1" + [ -z "$file" ] && die "need file" + [ ! -e "$file" ] && die "file does not exist: $file" + # Travis doesn't support VT-x [ -n "$TRAVIS" ] && return @@ -168,6 +196,9 @@ install_initrd_create_container() { local file="$1" + [ -z "$file" ] && die "need file" + [ ! -e "$file" ] && die "file does not exist: $file" + # Travis doesn't support VT-x [ -n "$TRAVIS" ] && return @@ -182,6 +213,9 @@ handle_options() local type="$2" local options="$3" + [ -z "$distro" ] && die "need distro" + [ -z "$type" ] && die "need type" + local opt local rootfs @@ -241,7 +275,9 @@ create_and_run() local image_options="$2" local initrd_options="$3" - [ -n "$distro" ] + [ -z "$distro" ] && die "need distro" + [ -z "$image_options" ] && die "need image options" + [ -z "$initrd_options" ] && die "need initrd options" local opt @@ -256,27 +292,69 @@ create_and_run() fi } -@test "Can create and run fedora image" { - create_and_run fedora "service" "no" +run_test() +{ + local -r name="$1" + local -r skip="$2" + local -r distro="$3" + local -r image_options="$4" + local -r initrd_options="$5" + + [ -z "$name" ] && die "need name" + [ -z "$distro" ] && die "need distro" + [ -z "$image_options" ] && die "need image options" + [ -z "$initrd_options" ] && die "need initrd options" + + [ -n "$skip" ] && info "Skipping test $name: $skip" && return + + info "Running test: ${name}" + + create_and_run "${distro}" "${image_options}" "${initrd_options}" } -@test "Can create and run clearlinux image" { - create_and_run clearlinux "service" "no" +test_fedora() +{ + local -r name="Can create and run fedora image" + run_test "${name}" "" "fedora" "service" "no" } -@test "Can create and run centos image" { - create_and_run centos "service" "no" +test_clearlinux() +{ + local -r name="Can create and run clearlinux image" + + run_test "${name}" "" "clearlinux" "service" "no" } -@test "Can create and run euleros image" { - if [ "$TRAVIS" = true ] - then - skip "travis timeout, see: https://github.com/kata-containers/osbuilder/issues/46" - fi - - create_and_run euleros "service" "no" +test_centos() +{ + local -r name="Can create and run centos image" + run_test "${name}" "" "centos" "service" "no" } -@test "Can create and run alpine image" { - create_and_run alpine "no" "init" +test_euleros() +{ + local -r name="Can create and run euleros image" + + [ "$TRAVIS" = true ] && skip="travis timeout, see: https://github.com/kata-containers/osbuilder/issues/46" + + run_test "${name}" "$skip" "euleros" "service" "no" } + +test_alpine() +{ + local -r name="Can create and run alpine image" + run_test "${name}" "" "alpine" "no" "init" +} + +main() +{ + setup + + test_fedora + test_clearlinux + test_centos + test_euleros + test_alpine +} + +main "$@" From 43a2ea415538ae465c479d2b3ede493895f4a044 Mon Sep 17 00:00:00 2001 From: "James O. D. Hunt" Date: Mon, 25 Jun 2018 10:54:48 +0100 Subject: [PATCH 102/307] tests: Run EulerOS tests last The EulerOS repository servers can be a little slower to respond than others. This can lead to timeout issues so move the EulerOS tests to the end to give the other tests a chance to run. Signed-off-by: James O. D. Hunt --- tests/image_creation.sh | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/tests/image_creation.sh b/tests/image_creation.sh index a0dbd7490..5a630001e 100755 --- a/tests/image_creation.sh +++ b/tests/image_creation.sh @@ -353,8 +353,11 @@ main() test_fedora test_clearlinux test_centos - test_euleros test_alpine + + # Run last as EulerOS servers can be slow and we don't want to fail the + # previous tests. + test_euleros } main "$@" From 52d015e2838ea630d5024559f0e2cbe8024ef454 Mon Sep 17 00:00:00 2001 From: Julio Montes Date: Tue, 26 Jun 2018 09:59:49 -0500 Subject: [PATCH 103/307] builder: support proxy in distros based on yum or dnf proxy server must be specified in configuration file of the package manager, /etc/yum.conf for yum or /etc/dnf/dnf.conf for dnf fixes #123 Signed-off-by: Julio Montes --- image-builder/Dockerfile | 7 +++++++ rootfs-builder/centos/Dockerfile.in | 2 ++ rootfs-builder/clearlinux/Dockerfile.in | 2 ++ rootfs-builder/euleros/Dockerfile.in | 2 ++ rootfs-builder/fedora/Dockerfile.in | 2 ++ rootfs-builder/rootfs.sh | 3 +++ 6 files changed, 18 insertions(+) diff --git a/image-builder/Dockerfile b/image-builder/Dockerfile index 68a0fda9a..af8674dfd 100644 --- a/image-builder/Dockerfile +++ b/image-builder/Dockerfile @@ -1,3 +1,10 @@ +# +# Copyright (c) 2018 Intel Corporation +# +# SPDX-License-Identifier: Apache-2.0 + From fedora:latest +RUN [ -n "$http_proxy" ] && sed -i '$ a proxy='$http_proxy /etc/dnf/dnf.conf ; true + RUN dnf install -y qemu-img parted gdisk e2fsprogs diff --git a/rootfs-builder/centos/Dockerfile.in b/rootfs-builder/centos/Dockerfile.in index 4a93e322d..6c695d1c6 100644 --- a/rootfs-builder/centos/Dockerfile.in +++ b/rootfs-builder/centos/Dockerfile.in @@ -5,6 +5,8 @@ From centos:@OS_VERSION@ +@SET_PROXY@ + RUN yum -y update && yum install -y git make gcc coreutils # This will install the proper golang to build Kata components diff --git a/rootfs-builder/clearlinux/Dockerfile.in b/rootfs-builder/clearlinux/Dockerfile.in index 4e38d364a..4e2121d86 100644 --- a/rootfs-builder/clearlinux/Dockerfile.in +++ b/rootfs-builder/clearlinux/Dockerfile.in @@ -5,6 +5,8 @@ From fedora:27 +@SET_PROXY@ + RUN dnf -y update && dnf install -y git systemd pkgconfig gcc coreutils # This will install the proper golang to build Kata components diff --git a/rootfs-builder/euleros/Dockerfile.in b/rootfs-builder/euleros/Dockerfile.in index 97cae78db..03a0a77e7 100644 --- a/rootfs-builder/euleros/Dockerfile.in +++ b/rootfs-builder/euleros/Dockerfile.in @@ -5,6 +5,8 @@ FROM euleros:@OS_VERSION@ +@SET_PROXY@ + RUN yum -y update && yum install -y yum git make gcc coreutils # This will install the proper golang to build Kata components diff --git a/rootfs-builder/fedora/Dockerfile.in b/rootfs-builder/fedora/Dockerfile.in index 39fadc1a0..27d7ed9d9 100644 --- a/rootfs-builder/fedora/Dockerfile.in +++ b/rootfs-builder/fedora/Dockerfile.in @@ -5,6 +5,8 @@ From fedora:@OS_VERSION@ +@SET_PROXY@ + RUN dnf -y update && dnf install -y git redhat-release systemd pkgconfig gcc coreutils # This will install the proper golang to build Kata components diff --git a/rootfs-builder/rootfs.sh b/rootfs-builder/rootfs.sh index 01d8c3385..d4530bfac 100755 --- a/rootfs-builder/rootfs.sh +++ b/rootfs-builder/rootfs.sh @@ -100,6 +100,8 @@ generate_dockerfile() ;; esac + [ -n "$http_proxy" ] && readonly set_proxy="RUN sed -i '$ a proxy="$http_proxy"' /etc/dnf/dnf.conf /etc/yum.conf; true" + readonly install_go=" ADD https://storage.googleapis.com/golang/go${GO_VERSION}.linux-${goarch}.tar.gz /tmp RUN tar -C /usr/ -xzf /tmp/go${GO_VERSION}.linux-${goarch}.tar.gz @@ -115,6 +117,7 @@ ENV PATH=\$PATH:\$GOROOT/bin:\$GOPATH/bin -e "s|@GO_VERSION@|${GO_VERSION}|g" \ -e "s|@OS_VERSION@|${OS_VERSION}|g" \ -e "s|@INSTALL_GO@|${install_go//$'\n'/\\n}|g" \ + -e "s|@SET_PROXY@|${set_proxy}|g" \ ${dockerfile_template} > Dockerfile popd } From 7b1bbac600d9594360f943d121a437f18dd5c4d0 Mon Sep 17 00:00:00 2001 From: Stefan Hajnoczi Date: Thu, 28 Jun 2018 13:52:23 +0100 Subject: [PATCH 104/307] image-builder: require root earlier for better error messages The image_builder.sh script must be run as root. The following check is performed before the script checks for root: [ "${AGENT_INIT}" == "yes" ] || [ -x "${ROOTFS}/usr/bin/${AGENT_BIN}" ] || \ die "/usr/bin/${AGENT_BIN} is not installed in ${ROOTFS} use AGENT_BIN env variable to change the expected agent binary name" The -x test is "True if the file is executable by you". It may evaluate to true as root and false as non-root, depending on the file permissions. The permissions for kata-agent given in the Developer Guide are 0550 (https://github.com/kata-containers/documentation/blob/master/Developer-Guide.md#add-a-custom-agent-to-the-image---optional). Therefore image_builder.sh fails with "/usr/bin/${AGENT_BIN} is not installed" when run as non-root. This is confusing since the agent binary is really installed! Move the root check to the beginning of the script. This solves the confusing error and prevents similar problems where the script doesn't take into account that the user may be non-root. Fixes: #127 Signed-off-by: Stefan Hajnoczi --- image-builder/image_builder.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/image-builder/image_builder.sh b/image-builder/image_builder.sh index 27cd12c05..3ba110992 100755 --- a/image-builder/image_builder.sh +++ b/image-builder/image_builder.sh @@ -14,6 +14,8 @@ script_dir="$(dirname $(readlink -f $0))" lib_file="${script_dir}/../scripts/lib.sh" source "$lib_file" +[ "$(id -u)" -eq 0 ] || die "$0: must be run as root" + IMAGE="${IMAGE:-kata-containers.img}" AGENT_BIN=${AGENT_BIN:-kata-agent} AGENT_INIT=${AGENT_INIT:-no} @@ -131,7 +133,6 @@ fi die "/usr/bin/${AGENT_BIN} is not installed in ${ROOTFS} use AGENT_BIN env variable to change the expected agent binary name" OK "Agent installed" -[ "$(id -u)" -eq 0 ] || die "$0: must be run as root" ROOTFS_SIZE=$(du -B 1MB -s "${ROOTFS}" | awk '{print $1}') BLOCK_SIZE=${BLOCK_SIZE:-4096} From a7bafc53c91cafa4939bdcf70a5dfdd7088f8070 Mon Sep 17 00:00:00 2001 From: Stefan Hajnoczi Date: Fri, 29 Jun 2018 15:08:56 +0100 Subject: [PATCH 105/307] initrd-builder: make initrd_builder.sh idempotent If initrd_builder.sh fails partway through it may not be possible to run it again without creating a new rootfs. This happens because initrd_builder.sh checks for the presence of /sbin/init and refuses to run if it is missing. Later on, the script moves /sbin/init to /init, where the kernel expects to find it in an initramfs. After this step initrd_builder.sh will refuse to run again since /sbin/init is now missing. Create a symlink from /init to /sbin/init instead of moving the file. This allows initrd_builder.sh to be run repeatedly on the same rootfs. Fixes: #130 Signed-off-by: Stefan Hajnoczi --- initrd-builder/initrd_builder.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/initrd-builder/initrd_builder.sh b/initrd-builder/initrd_builder.sh index 56e3dacfe..bc5692966 100755 --- a/initrd-builder/initrd_builder.sh +++ b/initrd-builder/initrd_builder.sh @@ -73,7 +73,7 @@ OK "Agent is installed" [ "$(id -u)" -eq 0 ] || die "$0: must be run as root" # initramfs expects /init -mv -f ${init} "${ROOTFS}/init" +ln -sf /sbin/init "${ROOTFS}/init" info "Creating ${IMAGE_DIR}/${IMAGE_NAME} based on rootfs at ${ROOTFS}" ( cd "${ROOTFS}" && find . | cpio -H newc -o | gzip -9 ) > "${IMAGE_DIR}"/"${IMAGE_NAME}" From 22f04db80d7431168f9683ff9ef5d58a27a52e50 Mon Sep 17 00:00:00 2001 From: Nitesh Konkar Date: Fri, 29 Jun 2018 21:15:43 +0530 Subject: [PATCH 106/307] travis: Enable travis ci for ppc64le Fixes: #122 Signed-off-by: Nitesh Konkar --- .travis.yml | 6 +++++- rootfs-builder/centos/config_ppc64le.sh | 18 ++++++++++++++++++ tests/image_creation.sh | 12 +++++++----- 3 files changed, 30 insertions(+), 6 deletions(-) create mode 100644 rootfs-builder/centos/config_ppc64le.sh diff --git a/.travis.yml b/.travis.yml index a8b0b6a8b..66c63bd38 100644 --- a/.travis.yml +++ b/.travis.yml @@ -7,6 +7,10 @@ sudo: required dist: trusty +os: + - linux + - linux-ppc64le + language: bash env: @@ -20,4 +24,4 @@ before_script: - ".ci/setup.sh" script: -- "travis_wait .ci/run.sh" +- "travis_wait 30 .ci/run.sh" diff --git a/rootfs-builder/centos/config_ppc64le.sh b/rootfs-builder/centos/config_ppc64le.sh new file mode 100644 index 000000000..455911f1a --- /dev/null +++ b/rootfs-builder/centos/config_ppc64le.sh @@ -0,0 +1,18 @@ +# +# Copyright (c) 2018 IBM +# +# SPDX-License-Identifier: Apache-2.0 + +# Base Repos +BASE_URL="http://mirror.centos.org/altarch/${OS_VERSION}/os/${ARCH}/" + +# Additional Repos +CENTOS_UPDATES_URL="http://mirror.centos.org/altarch/${OS_VERSION}/updates/${ARCH}/" + +CENTOS_EXTRAS_URL="http://mirror.centos.org/altarch/${OS_VERSION}/extras/${ARCH}/" + +CENTOS_PLUS_URL="http://mirror.centos.org/altarch/${OS_VERSION}/centosplus/${ARCH}/" + +GPG_KEY_ARCH_URL="http://mirror.centos.org/altarch/7/os/ppc64le/RPM-GPG-KEY-CentOS-SIG-AltArch-7-ppc64le" + +GPG_KEY_ARCH_FILE="RPM-GPG-KEY-CentOS-SIG-AltArch-7-ppc64le" diff --git a/tests/image_creation.sh b/tests/image_creation.sh index 5a630001e..e6604ece3 100755 --- a/tests/image_creation.sh +++ b/tests/image_creation.sh @@ -21,6 +21,7 @@ readonly tests_repo="github.com/kata-containers/tests" readonly tests_repo_dir="${script_dir}/../../tests" readonly mgr="${tests_repo_dir}/cmd/kata-manager/kata-manager.sh" readonly RUNTIME=${RUNTIME:-kata-runtime} +readonly MACHINE_TYPE=`uname -m` # "docker build" does not work with a VM-based runtime readonly docker_build_runtime="runc" @@ -349,15 +350,16 @@ test_alpine() main() { setup - test_fedora - test_clearlinux test_centos test_alpine - # Run last as EulerOS servers can be slow and we don't want to fail the - # previous tests. - test_euleros + if [ $MACHINE_TYPE != "ppc64le" ]; then + test_clearlinux + # Run last as EulerOS servers can be slow and we don't want to fail the + # previous tests. + test_euleros + fi } main "$@" From e31149077f2f538ee571768be4a33aea3a412952 Mon Sep 17 00:00:00 2001 From: Jose Carlos Venegas Munoz Date: Mon, 2 Jul 2018 09:37:19 -0500 Subject: [PATCH 107/307] release: Kata Containers 1.1.0 - image-builder: require root earlier for better error messages - builder: support proxy in distros based on yum or dnf - tests: Update kata-manager command - CI: Fix static-checks script invocation - Support building centos-rootfs on Arm64 - rootfs: add '-rm' to delete intermediate container - Update README: Fix a minor space issue - rootfs: correct rootfs script deference var value - CI: use yum for resolving centos dependencies - tests: Test generated images and initrd's (+ cleanups) - rootfs: Default to host architecture - Image require systemd - rootfs: copy kernel modules to correct location - rootfs: Add extra packages to summary file - rootfs.sh: Add "${AGENT_VERSION}"/"-a" functionality - kata/osbuilder: Add support for multiple GOPATH directories - image-builder: fix "paratition" typo - docs: Add a Usage section - refactor and create a summary file inside the image 7b1bbac image-builder: require root earlier for better error messages 52d015e builder: support proxy in distros based on yum or dnf 43a2ea4 tests: Run EulerOS tests last 7b581c2 tests: Convert bats test to shell script 5b9b69a tests: Update kata-manager command 547c477 CI: Fix static-checks script invocation 0451db9 rootfs-builder: Support building centos-rootfs on Arm64 e86380a rootfs: add '-rm' to delete intermediate container 11d1d07 docs: Update README, Fix a minor space issue 7015535 CI: Install epel-repositories for centos 9f84cc8 CI: Install bats from sources 6c8c60d CI: use yum for resolving centos dependencies a81e771 rootfs: correct rootfs script deference var value 4ae6d31 tests: Test generated images and initrd's 340d7b2 tests: Rename function for brevity 3a8da5f tests: Pass parameters to functions c8e7f42 tests: Remove stale rootfs tree 1c251bd tests: Move osbuilder metadata var to top c69eb00 tests: Make all globals readonly aeb5947 tests: Don't pass size option to image builder 60e1e7b tests: cleanup bats tests c1d22f9 rootfs: Default to host architecture aca45c5 image: Require systemd 171eceb image: Use variable for referring to init fd8d9bd rootfs: copy kernel modules to correct location 7732e04 rootfs: Fix incorrect getopts call f7f2672 rootfs: Add "${AGENT_VERSION}"/"-a" functionality 3151f35 rootfs: Add extra packages to summary file c3ac718 rootfs: Add support for multiple GOPATH directories 32aee00 image-builder: fix "paratition" typo 3c19ea4 docs: Add a Usage section 3e0e112 docs: Move TOC to top f90f652 rootfs: Create a summary file inside the image 93b632c lib: Check rootfs parameter b14d117 image-builder: Fix incorrect error message ddb71e8 initrd: Remove mention of USE_DOCKER f17b5c2 scripts/lib: Fix whitespace 5b6ced5 rootfs/clearlinux: Resolve version a2a6562 rootfs: Simplify code b8f1a68 rootfs: Simplify code f09d4c4 rootfs: Check function parameters 2751de0 rootfs: Reformat functions 48b1dda rootfs: Fix comments 019a80f refactor: Move more functions to script library a18753b refactor: Remove duplicate variable f3e89d3 refactor: Simplify enabling debug Signed-off-by: Jose Carlos Venegas Munoz --- VERSION | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/VERSION b/VERSION index 5bae440cc..9084fa2f7 100644 --- a/VERSION +++ b/VERSION @@ -1,2 +1 @@ -# This is the version of osbuilder. -0.0.1 +1.1.0 From abb559d52c2d07c8f7a00780dd0c6fe3dc16db7b Mon Sep 17 00:00:00 2001 From: "James O. D. Hunt" Date: Mon, 2 Jul 2018 13:51:27 +0100 Subject: [PATCH 108/307] CI: Install make on Ubuntu Fix CI build failures on Ubuntu 16.04 due to `make` not being installed before the static check script runs by: - Installing make explicitly on Ubuntu. - Moving the static-check script after the package install setup phase. Fixes #134. Signed-off-by: James O. D. Hunt --- .ci/setup.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.ci/setup.sh b/.ci/setup.sh index b014198b2..208eaf854 100755 --- a/.ci/setup.sh +++ b/.ci/setup.sh @@ -10,8 +10,6 @@ set -e cidir=$(dirname "$0") source "${cidir}/lib.sh" -bash "${cidir}/static-checks.sh" - #Note: If add clearlinux as supported CI use a stateless os-release file source /etc/os-release @@ -22,8 +20,10 @@ elif [ "$ID" == centos ];then sudo -E yum -y install automake yamllint coreutils moreutils elif [ "$ID" == ubuntu ];then sudo apt-get -qq update - sudo apt-get install -y -qq automake qemu-utils python-pip coreutils moreutils + sudo apt-get install -y -qq make automake qemu-utils python-pip coreutils moreutils sudo pip install yamllint else echo "Linux distribution not supported" fi + +bash "${cidir}/static-checks.sh" From 25e9f01fb282e356e03a83e626e4afa6806402de Mon Sep 17 00:00:00 2001 From: Jose Carlos Venegas Munoz Date: Tue, 26 Jun 2018 21:47:43 +0000 Subject: [PATCH 109/307] rootfs: docker: Reduce build time by not reinstalling go Using docker we always add (ADD) the go tarball. But we can avoid do it all the time if we install Go using RUN dockerfile instruction. Use RUN to avoid repeat steps already done in dockerfile. Fixes: #125 Signed-off-by: Jose Carlos Venegas Munoz --- rootfs-builder/rootfs.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rootfs-builder/rootfs.sh b/rootfs-builder/rootfs.sh index d4530bfac..0aa502898 100755 --- a/rootfs-builder/rootfs.sh +++ b/rootfs-builder/rootfs.sh @@ -103,7 +103,7 @@ generate_dockerfile() [ -n "$http_proxy" ] && readonly set_proxy="RUN sed -i '$ a proxy="$http_proxy"' /etc/dnf/dnf.conf /etc/yum.conf; true" readonly install_go=" -ADD https://storage.googleapis.com/golang/go${GO_VERSION}.linux-${goarch}.tar.gz /tmp +RUN cd /tmp ; curl -OL https://storage.googleapis.com/golang/go${GO_VERSION}.linux-${goarch}.tar.gz RUN tar -C /usr/ -xzf /tmp/go${GO_VERSION}.linux-${goarch}.tar.gz ENV GOROOT=/usr/go ENV PATH=\$PATH:\$GOROOT/bin:\$GOPATH/bin From 1e5e915f5abcfc507bf71731bee4967fa1ec1d6a Mon Sep 17 00:00:00 2001 From: Nitesh Konkar Date: Wed, 4 Jul 2018 15:51:07 +0530 Subject: [PATCH 110/307] docs: Add Platform-Compatibility matrix Fixes: #136 Signed-off-by: Nitesh Konkar --- README.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/README.md b/README.md index b6fc10c02..c6a646492 100644 --- a/README.md +++ b/README.md @@ -12,6 +12,7 @@ * [Image with systemd as init](#image-with-systemd-as-init) * [Image with the agent as init](#image-with-the-agent-as-init) * [Initrd creation](#initrd-creation) +* [Platform-Distro Compatibility Matrix](#platform-distro-compatibility-matrix) ## Introduction @@ -107,3 +108,11 @@ $ sudo -E PATH=$PATH make AGENT_INIT=yes initrd-only For further details, see [the initrd builder documentation](initrd-builder/README.md). + +## Platform-Distro Compatibility Matrix + +| | Alpine | CentOS | ClearLinux | EulerOS | Fedora | + |--|--|--|--|--|--| + | **ARM64** | :heavy_check_mark: | :heavy_check_mark: | | :heavy_check_mark: | :heavy_check_mark: | + | **PPC64le** | :heavy_check_mark: | :heavy_check_mark: | | | :heavy_check_mark: | + | **x86_64** | :heavy_check_mark: |:heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | From adb3f57a6b9ad89d32890bf1205804f31bc9012f Mon Sep 17 00:00:00 2001 From: Nitesh Konkar Date: Wed, 4 Jul 2018 20:54:45 +0530 Subject: [PATCH 111/307] rootfs.sh: Add Platform-OS matrix link to help page Fixes: #139 Signed-off-by: Nitesh Konkar --- rootfs-builder/rootfs.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/rootfs-builder/rootfs.sh b/rootfs-builder/rootfs.sh index 01d8c3385..0ab19e634 100755 --- a/rootfs-builder/rootfs.sh +++ b/rootfs-builder/rootfs.sh @@ -49,6 +49,8 @@ Supported Linux distributions: $(get_distros) +Refer the Platform-OS Compatibility Matrix: https://github.com/kata-containers/osbuilder#platform-distro-compatibility-matrix + Options: -a : agent version DEFAULT: ${AGENT_VERSION} ENV: AGENT_VERSION -h : Show this help message From f077e6efdc6212b9e4fbce2102749fa81492ca59 Mon Sep 17 00:00:00 2001 From: "James O. D. Hunt" Date: Wed, 25 Jul 2018 09:45:22 +0100 Subject: [PATCH 112/307] tests: Rename distro test functions Give the distro test function names a better prefix. Signed-off-by: James O. D. Hunt --- tests/image_creation.sh | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/tests/image_creation.sh b/tests/image_creation.sh index e6604ece3..376464dac 100755 --- a/tests/image_creation.sh +++ b/tests/image_creation.sh @@ -313,26 +313,26 @@ run_test() create_and_run "${distro}" "${image_options}" "${initrd_options}" } -test_fedora() +test_distro_fedora() { local -r name="Can create and run fedora image" run_test "${name}" "" "fedora" "service" "no" } -test_clearlinux() +test_distro_clearlinux() { local -r name="Can create and run clearlinux image" run_test "${name}" "" "clearlinux" "service" "no" } -test_centos() +test_distro_centos() { local -r name="Can create and run centos image" run_test "${name}" "" "centos" "service" "no" } -test_euleros() +test_distro_euleros() { local -r name="Can create and run euleros image" @@ -341,7 +341,7 @@ test_euleros() run_test "${name}" "$skip" "euleros" "service" "no" } -test_alpine() +test_distro_alpine() { local -r name="Can create and run alpine image" run_test "${name}" "" "alpine" "no" "init" @@ -350,15 +350,17 @@ test_alpine() main() { setup - test_fedora - test_centos - test_alpine + + test_distro_fedora + test_distro_centos + test_distro_alpine if [ $MACHINE_TYPE != "ppc64le" ]; then - test_clearlinux + test_distro_clearlinux + # Run last as EulerOS servers can be slow and we don't want to fail the # previous tests. - test_euleros + test_distro_euleros fi } From 80e19977216b41faaddfde8eb6cffc60cf5f87fd Mon Sep 17 00:00:00 2001 From: "James O. D. Hunt" Date: Wed, 25 Jul 2018 09:46:49 +0100 Subject: [PATCH 113/307] tests: Create new function to launch tests Move the calls to the individual distro tests into a separate function called from `main()`. Signed-off-by: James O. D. Hunt --- tests/image_creation.sh | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/tests/image_creation.sh b/tests/image_creation.sh index 376464dac..5c1eae421 100755 --- a/tests/image_creation.sh +++ b/tests/image_creation.sh @@ -347,10 +347,8 @@ test_distro_alpine() run_test "${name}" "" "alpine" "no" "init" } -main() +test_all_distros() { - setup - test_distro_fedora test_distro_centos test_distro_alpine @@ -364,4 +362,11 @@ main() fi } +main() +{ + setup + + test_all_distros +} + main "$@" From c679cae92c56b22900cd59681518290ae5abf721 Mon Sep 17 00:00:00 2001 From: "James O. D. Hunt" Date: Wed, 25 Jul 2018 12:21:12 +0100 Subject: [PATCH 114/307] tests: Add ability to restrict which tests run Added options to the test script to allow: - all tests for a specific distro (`--distro $distro`). - all image tests (`--test-images-only`). - all initrd tests (`--test-initrds-only`). Any combination of the above is also permitted. By default, all tests will be run. Fixes #142. Signed-off-by: James O. D. Hunt --- tests/image_creation.sh | 141 +++++++++++++++++++++++++++++++++++++++- 1 file changed, 138 insertions(+), 3 deletions(-) diff --git a/tests/image_creation.sh b/tests/image_creation.sh index 5c1eae421..242b1dbc1 100755 --- a/tests/image_creation.sh +++ b/tests/image_creation.sh @@ -7,6 +7,7 @@ set -e readonly script_dir="$(dirname $(readlink -f $0))" +readonly script_name=${0##*/} readonly rootfs_sh="${script_dir}/../rootfs-builder/rootfs.sh" readonly image_builder_sh="${script_dir}/../image-builder/image_builder.sh" @@ -23,9 +24,42 @@ readonly mgr="${tests_repo_dir}/cmd/kata-manager/kata-manager.sh" readonly RUNTIME=${RUNTIME:-kata-runtime} readonly MACHINE_TYPE=`uname -m` +# all distro tests must have this prefix +readonly test_func_prefix="test_distro_" + # "docker build" does not work with a VM-based runtime readonly docker_build_runtime="runc" +test_images_only="false" +test_initrds_only="false" + +usage() +{ + cat <] + $script_name [options] + +Options: + + -h | --help # Show usage. + --distro # Only run tests for specified distro. + --list # List all distros that can be tested. + --test-images-only # Only run images tests for the list of distros under test. + --test-initrds-only # Only run initrds tests for the list of distros under test. + +Parameters: + + +help : Show usage. + : Only run tests for specified distro. + +Notes: + +- If no options or parameters are specified, all tests will be run. + +EOT +} + exit_handler() { if [ "$?" -eq 0 ] @@ -284,12 +318,22 @@ create_and_run() if [ "$image_options" != "no" ] then - handle_options "$distro" "image" "$image_options" + if [ "${test_initrds_only}" = "true" ] + then + info "only testing initrds: skipping image test for distro $distro" + else + handle_options "$distro" "image" "$image_options" + fi fi if [ "$initrd_options" != "no" ] then - handle_options "$distro" "initrd" "$initrd_options" + if [ "${test_images_only}" = "true" ] + then + info "only testing images: skipping initrd test for distro $distro" + else + handle_options "$distro" "initrd" "$initrd_options" + fi fi } @@ -347,6 +391,47 @@ test_distro_alpine() run_test "${name}" "" "alpine" "no" "init" } +# Displays a list of all distro test functions +get_distro_test_names() +{ + typeset -F | awk '{print $3}' |\ + grep "^${test_func_prefix}" | sort +} + +# Displays a list of distros which can be tested +list_distros() +{ + get_distro_test_names | sed "s/${test_func_prefix}//g" +} + +test_single_distro() +{ + local -r distro="$1" + + [ -z "$distro" ] && die "distro cannot be blank" + + local -r expected_func="${test_func_prefix}${distro}" + + local test_funcs + test_funcs=$(get_distro_test_names) + + local defined_func + defined_func=$(echo "$test_funcs" | grep "^${expected_func}$" || true) + + if [ -z "$defined_func" ] + then + local distros + + # make a comma-separated list + distros=$(list_distros | tr '\n' ',' | sed 's/,$//g') + + die "no test for distro '$distro' (try one of $distros)" + fi + + # run the test + $defined_func +} + test_all_distros() { test_distro_fedora @@ -364,9 +449,59 @@ test_all_distros() main() { + local args=$(getopt \ + -n "$script_name" \ + -a \ + --options="h" \ + --longoptions="help distro: list test-images-only test-initrds-only" \ + -- "$@") + + eval set -- "$args" + [ $? -ne 0 ] && { usage >&2; exit 1; } + + local distro= + + while [ $# -gt 1 ] + do + case "$1" in + --distro) distro="$2";; + + -h|--help) usage; exit 0 ;; + + --list) list_distros; exit 0;; + + --test-images-only) + test_images_only="true" + test_initrds_only="false" + ;; + + --test-initrds-only) + test_initrds_only="true" + test_images_only="false" + ;; + + --) shift; break ;; + esac + + shift + done + + # Consume getopt cruft + [ "$1" = "--" ] && shift + + case "$1" in + help) usage && exit 0;; + *) distro="$1";; + esac + setup - test_all_distros + if [ -n "$distro" ] + then + test_single_distro "$distro" + else + test_all_distros + fi } main "$@" From 0ea8ef76f0429b1143fddad70061586dd0591d7e Mon Sep 17 00:00:00 2001 From: "James O. D. Hunt" Date: Wed, 25 Jul 2018 12:23:57 +0100 Subject: [PATCH 115/307] tests: Rename test script Renamed the test script to provide a more meaningful one. Signed-off-by: James O. D. Hunt --- .ci/run.sh | 2 +- tests/{image_creation.sh => test_images.sh} | 0 2 files changed, 1 insertion(+), 1 deletion(-) rename tests/{image_creation.sh => test_images.sh} (100%) diff --git a/.ci/run.sh b/.ci/run.sh index a5d2ffc62..fb0b70e07 100755 --- a/.ci/run.sh +++ b/.ci/run.sh @@ -12,4 +12,4 @@ export GOPATH="${GOPATH:-/tmp/go}" script_dir="$(dirname $(readlink -f $0))" -sudo -E PATH="$PATH" bash "${script_dir}/../tests/image_creation.sh" +sudo -E PATH="$PATH" bash "${script_dir}/../tests/test_images.sh" diff --git a/tests/image_creation.sh b/tests/test_images.sh similarity index 100% rename from tests/image_creation.sh rename to tests/test_images.sh From 0cd64fb5c9b8e527d9d61b732693eee181a63602 Mon Sep 17 00:00:00 2001 From: "James O. D. Hunt" Date: Wed, 25 Jul 2018 12:26:39 +0100 Subject: [PATCH 116/307] build: Added targets to run tests Updated the `Makefile` to provide the following new targets: ``` make test # Run all tests. make test-image-only # Only run image tests. make test-initrd-only # Only run initrd tests. ``` Signed-off-by: James O. D. Hunt --- Makefile | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/Makefile b/Makefile index 4053ebe97..cbcd7402e 100644 --- a/Makefile +++ b/Makefile @@ -32,3 +32,12 @@ initrd: rootfs initrd-only initrd-only: @echo Creating initrd image based on "$(DISTRO_ROOTFS)" "$(MK_DIR)/initrd-builder/initrd_builder.sh" "$(DISTRO_ROOTFS)" + +test: + "$(MK_DIR)/tests/test_images.sh" "$(DISTRO)" + +test-image-only: + "$(MK_DIR)/tests/test_images.sh" --test-images-only "$(DISTRO)" + +test-initrd-only: + "$(MK_DIR)/tests/test_images.sh" --test-initrds-only "$(DISTRO)" From 9f2da28bb9594bb9b5fde9d9e3e1925163fe3d35 Mon Sep 17 00:00:00 2001 From: "James O. D. Hunt" Date: Wed, 25 Jul 2018 12:28:31 +0100 Subject: [PATCH 117/307] docs: Updated for new test options Created a new README for the tests and updated the top-level README with brief details on how to run tests. Signed-off-by: James O. D. Hunt --- README.md | 9 +++++++++ tests/README.md | 26 ++++++++++++++++++++++++++ 2 files changed, 35 insertions(+) create mode 100644 tests/README.md diff --git a/README.md b/README.md index c6a646492..4b80cf113 100644 --- a/README.md +++ b/README.md @@ -12,6 +12,7 @@ * [Image with systemd as init](#image-with-systemd-as-init) * [Image with the agent as init](#image-with-the-agent-as-init) * [Initrd creation](#initrd-creation) + * [Tests](#tests) * [Platform-Distro Compatibility Matrix](#platform-distro-compatibility-matrix) ## Introduction @@ -109,6 +110,14 @@ $ sudo -E PATH=$PATH make AGENT_INIT=yes initrd-only For further details, see [the initrd builder documentation](initrd-builder/README.md). +### Tests + +``` +$ make test +``` + +For further details, see [the tests documentation](tests/README.md). + ## Platform-Distro Compatibility Matrix | | Alpine | CentOS | ClearLinux | EulerOS | Fedora | diff --git a/tests/README.md b/tests/README.md new file mode 100644 index 000000000..a0e429ea0 --- /dev/null +++ b/tests/README.md @@ -0,0 +1,26 @@ +* [Run the osbuilder tests](#run-the-osbuilder-tests) +* [Further information](#further-information) + +## Run the osbuilder tests + +osbuilder provides a test script that creates all images and initrds for all +supported distributions and then tests them to ensure a Kata Container can +be created with each. + +The test script installs all required Kata components on the host system +before creating the images. + +To run all available osbuilder tests: + +``` +$ ./test_images.sh +``` + +## Further information + +The test script provides various options to modify the way it runs. For full +details: + +``` +$ ./test_images.sh -h +``` From c5e2c0fe88bc85cbab7d80fa1d4cba3769442707 Mon Sep 17 00:00:00 2001 From: "James O. D. Hunt" Date: Wed, 25 Jul 2018 16:11:52 +0100 Subject: [PATCH 118/307] tests: Add more messages Add a few more informational messages to help with debugging. Signed-off-by: James O. D. Hunt --- tests/test_images.sh | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/tests/test_images.sh b/tests/test_images.sh index 242b1dbc1..c85d7ea87 100755 --- a/tests/test_images.sh +++ b/tests/test_images.sh @@ -64,6 +64,8 @@ exit_handler() { if [ "$?" -eq 0 ] then + info "tests passed successfully - cleaning up" + # Rootfs and images are owned by root sudo -E rm -rf "${tmp_rootfs}" sudo -E rm -rf "${images_dir}" @@ -73,8 +75,9 @@ exit_handler() return fi - # The test failed so dump what we can + info "ERROR: test failed" + # The test failed so dump what we can info "AGENT_INIT: '${AGENT_INIT}'" info "images:" @@ -428,12 +431,16 @@ test_single_distro() die "no test for distro '$distro' (try one of $distros)" fi + info "only running tests for distro $distro" + # run the test $defined_func } test_all_distros() { + info "running tests for all distros" + test_distro_fedora test_distro_centos test_distro_alpine @@ -502,6 +509,10 @@ main() else test_all_distros fi + + # We shouldn't really need a message like this but the CI can fail in + # mysterious ways so make it clear! + info "all tests finished successfully" } main "$@" From 1ac9c07e22c67a0d9cbb192332b0f0d3f62e7f2d Mon Sep 17 00:00:00 2001 From: Stefan Hajnoczi Date: Fri, 29 Jun 2018 15:24:17 +0100 Subject: [PATCH 119/307] rootfs-fedora: bump Fedora release to 28 Fedora 28 was released May 1st 2018. I have tested that the rootfs works. Fixes: #132 Signed-off-by: Stefan Hajnoczi --- rootfs-builder/fedora/config.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rootfs-builder/fedora/config.sh b/rootfs-builder/fedora/config.sh index d14c0eb8c..a0ca15a31 100644 --- a/rootfs-builder/fedora/config.sh +++ b/rootfs-builder/fedora/config.sh @@ -5,7 +5,7 @@ OS_NAME="Fedora" -OS_VERSION=${OS_VERSION:-27} +OS_VERSION=${OS_VERSION:-28} MIRROR_LIST="https://mirrors.fedoraproject.org/metalink?repo=fedora-${OS_VERSION}&arch=\$basearch" From bc9f09a3c0440bb48bdc3cf650a8c498bf55d131 Mon Sep 17 00:00:00 2001 From: Jose Carlos Venegas Munoz Date: Tue, 7 Aug 2018 09:43:39 -0500 Subject: [PATCH 120/307] release: Kata Containers 1.2.0 - tests: Add ability to restrict which tests run - rootfs.sh: Add Platform-OS matrix to help page - initrd-builder: make initrd_builder.sh idempotent - travis: Enable travis ci for ppc64le - docs: Add Platform-Compatibility matrix - rootfs: docker: Reduce build time by not reinstalling go - CI: Install make on Ubuntu c5e2c0f tests: Add more messages 9f2da28 docs: Updated for new test options 0cd64fb build: Added targets to run tests 0ea8ef7 tests: Rename test script c679cae tests: Add ability to restrict which tests run 80e1997 tests: Create new function to launch tests f077e6e tests: Rename distro test functions adb3f57 rootfs.sh: Add Platform-OS matrix link to help page 1e5e915 docs: Add Platform-Compatibility matrix 25e9f01 rootfs: docker: Reduce build time by not reinstalling go abb559d CI: Install make on Ubuntu 22f04db travis: Enable travis ci for ppc64le a7bafc5 initrd-builder: make initrd_builder.sh idempotent Signed-off-by: Jose Carlos Venegas Munoz --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index 9084fa2f7..26aaba0e8 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.1.0 +1.2.0 From 5a1d94604645daeb572bd7a495c6c87b02951b5b Mon Sep 17 00:00:00 2001 From: Jose Carlos Venegas Munoz Date: Wed, 8 Aug 2018 15:56:42 -0500 Subject: [PATCH 121/307] rootfs: Fail on non existing agent version. Fail if we can not check out to the requested agent version. Dont checkout to any branch by default. Fixes: #147 Signed-off-by: Jose Carlos Venegas Munoz --- rootfs-builder/rootfs.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rootfs-builder/rootfs.sh b/rootfs-builder/rootfs.sh index 7e69db8b9..6bb9bea5f 100755 --- a/rootfs-builder/rootfs.sh +++ b/rootfs-builder/rootfs.sh @@ -10,7 +10,7 @@ set -e script_name="${0##*/}" script_dir="$(dirname $(readlink -f $0))" -AGENT_VERSION=${AGENT_VERSION:-master} +AGENT_VERSION=${AGENT_VERSION:-} GO_AGENT_PKG=${GO_AGENT_PKG:-github.com/kata-containers/agent} AGENT_BIN=${AGENT_BIN:-kata-agent} AGENT_INIT=${AGENT_INIT:-no} @@ -261,7 +261,7 @@ OK "Pull Agent source code" info "Build agent" pushd "${GOPATH_LOCAL}/src/${GO_AGENT_PKG}" -[ -n "${AGENT_VERSION}" ] && git checkout "${AGENT_VERSION}" && OK "git checkout successful" || true +[ -n "${AGENT_VERSION}" ] && git checkout "${AGENT_VERSION}" && OK "git checkout successful" make clean make INIT=${AGENT_INIT} make install DESTDIR="${ROOTFS_DIR}" INIT=${AGENT_INIT} From 89bca975a39db10052d9317a52d7d5717ad971f5 Mon Sep 17 00:00:00 2001 From: Jose Carlos Venegas Munoz Date: Wed, 22 Aug 2018 00:46:00 -0500 Subject: [PATCH 122/307] rootfs: dockerfile: Fix fedora 28 build. Fedora 28 container already has coreutils-single package. Also, the new fedora 28 container does not provide make by default. Signed-off-by: Jose Carlos Venegas Munoz --- rootfs-builder/fedora/Dockerfile.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rootfs-builder/fedora/Dockerfile.in b/rootfs-builder/fedora/Dockerfile.in index 27d7ed9d9..d99c3076c 100644 --- a/rootfs-builder/fedora/Dockerfile.in +++ b/rootfs-builder/fedora/Dockerfile.in @@ -7,7 +7,7 @@ From fedora:@OS_VERSION@ @SET_PROXY@ -RUN dnf -y update && dnf install -y git redhat-release systemd pkgconfig gcc coreutils +RUN dnf -y update && dnf install -y git redhat-release systemd pkgconfig gcc make # This will install the proper golang to build Kata components @INSTALL_GO@ From 3075de446f2e1761e59d0cc4ce64cf08834b5061 Mon Sep 17 00:00:00 2001 From: Yash Jain Date: Mon, 30 Jul 2018 15:44:19 +0530 Subject: [PATCH 123/307] OSbuilder : Add support for Ubuntu rootfs Fixes #32 #141 Signed-off-by: Yash Jain --- rootfs-builder/rootfs.sh | 32 ++++++++++- rootfs-builder/ubuntu/Dockerfile.in | 17 ++++++ rootfs-builder/ubuntu/config.sh | 24 +++++++++ rootfs-builder/ubuntu/rootfs_lib.sh | 84 +++++++++++++++++++++++++++++ tests/test_images.sh | 9 +++- 5 files changed, 163 insertions(+), 3 deletions(-) create mode 100644 rootfs-builder/ubuntu/Dockerfile.in create mode 100644 rootfs-builder/ubuntu/config.sh create mode 100644 rootfs-builder/ubuntu/rootfs_lib.sh diff --git a/rootfs-builder/rootfs.sh b/rootfs-builder/rootfs.sh index 6bb9bea5f..0659d4a11 100755 --- a/rootfs-builder/rootfs.sh +++ b/rootfs-builder/rootfs.sh @@ -84,6 +84,19 @@ check_function_exist() [ "$(type -t ${function_name})" == "function" ] || die "${function_name} function was not defined" } +distro_needs_admin_caps() +{ + if [ "$1" = "ubuntu" ] + then + echo "true" + elif [ "$1" = "debian" ] + then + echo "true" + else + echo "false" + fi +} + generate_dockerfile() { dir="$1" @@ -222,12 +235,26 @@ if [ -n "${USE_DOCKER}" ] ; then # fake mapping if KERNEL_MODULES_DIR is unset kernel_mod_dir=${KERNEL_MODULES_DIR:-${ROOTFS_DIR}} + docker_run_args="" + docker_run_args+=" --rm" + docker_run_args+=" --runtime runc" + + admin_caps=$(distro_needs_admin_caps "$distro") + if [ "$admin_caps" = "true" ]; then + # Required by debootstrap to mount inside a container + docker_run_args+=" --cap-add SYS_ADMIN" + # Requred to chroot + docker_run_args+=" --cap-add SYS_CHROOT" + # debootstrap needs to create device nodes to properly function + docker_run_args+=" --cap-add MKNOD" + # See https://github.com/moby/moby/issues/16429 + docker_run_args+=" --security-opt apparmor:unconfined" + fi + #Make sure we use a compatible runtime to build rootfs # In case Clear Containers Runtime is installed we dont want to hit issue: #https://github.com/clearcontainers/runtime/issues/828 docker run \ - --rm \ - --runtime runc \ --env https_proxy="${https_proxy}" \ --env http_proxy="${http_proxy}" \ --env AGENT_VERSION="${AGENT_VERSION}" \ @@ -244,6 +271,7 @@ if [ -n "${USE_DOCKER}" ] ; then -v "${script_dir}/../scripts":"/scripts" \ -v "${kernel_mod_dir}":"${kernel_mod_dir}" \ -v "${GOPATH_LOCAL}":"${GOPATH_LOCAL}" \ + $docker_run_args \ ${image_name} \ bash /osbuilder/rootfs.sh "${distro}" diff --git a/rootfs-builder/ubuntu/Dockerfile.in b/rootfs-builder/ubuntu/Dockerfile.in new file mode 100644 index 000000000..b1be9dbbe --- /dev/null +++ b/rootfs-builder/ubuntu/Dockerfile.in @@ -0,0 +1,17 @@ +# +# Copyright (c) 2018 Yash Jain +# +# SPDX-License-Identifier: Apache-2.0 + +#ubuntu: docker image to be used to create a rootfs +#@OS_VERSION@: Docker image version to build this dockerfile +from ubuntu:@OS_VERSION@ + +# This dockerfile needs to provide all the componets need to build a rootfs +# Install any package need to create a rootfs (package manager, extra tools) + +# RUN commands +RUN apt-get update && apt-get install -y curl wget systemd debootstrap git build-essential +# This will install the proper golang to build Kata components +@INSTALL_GO@ + diff --git a/rootfs-builder/ubuntu/config.sh b/rootfs-builder/ubuntu/config.sh new file mode 100644 index 000000000..d8bb95d1b --- /dev/null +++ b/rootfs-builder/ubuntu/config.sh @@ -0,0 +1,24 @@ +# This is a configuration file add extra variables to +# +# Copyright (c) 2018 Yash Jain +# +# SPDX-License-Identifier: Apache-2.0 +# be used by build_rootfs() from rootfs_lib.sh the variables will be +# loaded just before call the function. For more information see the +# rootfs-builder/README.md file. + +OS_VERSION=${OS_VERSION:-18.04} +# this should be ubuntu's codename eg bionic for 18.04 +OS_NAME=${OS_NAME:-"bionic"} + +# packages to be installed by default +PACKAGES="systemd iptables init" + +DEBOOTSTRAP=${PACKAGE_MANAGER:-"debootstrap"} + +case $(arch) in + x86_64) ARCHITECTURE="amd64";; + ppc64le) ARCHITECTURE="ppc64el";; + aarch64) ARCHITECTURE="arm64";; + (*) die "$(arch) not supported " +esac diff --git a/rootfs-builder/ubuntu/rootfs_lib.sh b/rootfs-builder/ubuntu/rootfs_lib.sh new file mode 100644 index 000000000..00a7faf67 --- /dev/null +++ b/rootfs-builder/ubuntu/rootfs_lib.sh @@ -0,0 +1,84 @@ +# - Arguments +# +# Copyright (c) 2018 Yash Jain +# +# SPDX-License-Identifier: Apache-2.0 +# +# +# rootfs_dir=$1 +# +# - Optional environment variables +# +# EXTRA_PKGS: Variable to add extra PKGS provided by the user +# +# BIN_AGENT: Name of the Kata-Agent binary +# +# REPO_URL: URL to distribution repository ( should be configured in +# config.sh file) +# +# Any other configuration variable for a specific distro must be added +# and documented on its own config.sh +# +# - Expected result +# +# rootfs_dir populated with rootfs pkgs +# It must provide a binary in /sbin/init +# +build_rootfs() { + # Mandatory + local ROOTFS_DIR=$1 + + # Name of the Kata-Agent binary + local BIN_AGENT=${BIN_AGENT} + + # In case of support EXTRA packages, use it to allow + # users to add more packages to the base rootfs + local EXTRA_PKGS=${EXTRA_PKGS:-} + + # In case rootfs is created using repositories allow user to modify + # the default URL + local REPO_URL=${REPO_URL:-YOUR_REPO} + + # PATH where files this script is placed + # Use it to refer to files in the same directory + # Example: ${CONFIG_DIR}/foo + local CONFIG_DIR=${CONFIG_DIR} + + + # Populate ROOTFS_DIR + # Must provide /sbin/init and /bin/${BIN_AGENT} + DEBOOTSTRAP="debootstrap" + check_root + mkdir -p "${ROOTFS_DIR}" + if [ -n "${PKG_MANAGER}" ]; then + info "debootstrap path provided by user: ${PKG_MANAGER}" + elif check_program $DEBOOTSTRAP ; then + PKG_MANAGER=$DEBOOTSTRAP + else + die "$DEBOOTSTRAP is not installed" + fi + # trim whitespace + PACKAGES=$(echo $PACKAGES |xargs ) + EXTRA_PKGS=$(echo $EXTRA_PKGS |xargs) + # add comma as debootstrap needs , separated package names. + # Don't change $PACKAGES in config.sh to include ',' + # This is done to maintain consistency + PACKAGES=$(echo $PACKAGES | sed -e 's/ /,/g' ) + EXTRA_PKGS=$(echo $EXTRA_PKGS | sed -e 's/ /,/g' ) + + # extra packages are added to packages and finally passed to debootstrap + if [ "${EXTRA_PKGS}" = "" ]; then + echo "no extra packages" + else + PACKAGES="${PACKAGES},${EXTRA_PKGS}" + fi + + ${PKG_MANAGER} --variant=minbase \ + --arch=${ARCHITECTURE}\ + --include="$PACKAGES" \ + ${OS_NAME} \ + ${ROOTFS_DIR} + + chroot $ROOTFS_DIR ln -s /lib/systemd/systemd /usr/lib/systemd/systemd +} + diff --git a/tests/test_images.sh b/tests/test_images.sh index c85d7ea87..00498517e 100755 --- a/tests/test_images.sh +++ b/tests/test_images.sh @@ -360,6 +360,13 @@ run_test() create_and_run "${distro}" "${image_options}" "${initrd_options}" } +test_distro_ubuntu() +{ + local -r name="Can create and run ubuntu image" + run_test "${name}" "" "ubuntu" "service" "no" +} + + test_distro_fedora() { local -r name="Can create and run fedora image" @@ -444,7 +451,7 @@ test_all_distros() test_distro_fedora test_distro_centos test_distro_alpine - + test_distro_ubuntu if [ $MACHINE_TYPE != "ppc64le" ]; then test_distro_clearlinux From f19da6360d138b6c890e5d0e49f29fe943ec8fc7 Mon Sep 17 00:00:00 2001 From: Nitesh Konkar Date: Mon, 3 Sep 2018 11:52:15 +0530 Subject: [PATCH 124/307] rootfs: Include libseccomp support in rootfs Ensure the image used on the guest does include libseccomp, otherwise when a seccomp profile is passed by the runtime, it will end up with boot failure on the guest. Fixes: #153 Signed-off-by: Nitesh Konkar niteshkonkar@in.ibm.com --- rootfs-builder/alpine/Dockerfile.in | 2 +- rootfs-builder/centos/Dockerfile.in | 2 +- rootfs-builder/clearlinux/Dockerfile.in | 2 +- rootfs-builder/fedora/Dockerfile.in | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/rootfs-builder/alpine/Dockerfile.in b/rootfs-builder/alpine/Dockerfile.in index 19254b210..aa01c9e14 100644 --- a/rootfs-builder/alpine/Dockerfile.in +++ b/rootfs-builder/alpine/Dockerfile.in @@ -6,5 +6,5 @@ From golang:@GO_VERSION@-alpine3.7 # The "coreutils" package on alpine for reasons unknown does not provide arch(1), so simulate it. -RUN apk update && apk add git make bash gcc musl-dev linux-headers apk-tools-static && \ +RUN apk update && apk add git make bash gcc musl-dev linux-headers apk-tools-static libseccomp libseccomp-dev && \ echo -e '#!/bin/sh\nuname -m' > /usr/bin/arch && chmod +x /usr/bin/arch diff --git a/rootfs-builder/centos/Dockerfile.in b/rootfs-builder/centos/Dockerfile.in index 6c695d1c6..5897d0c8f 100644 --- a/rootfs-builder/centos/Dockerfile.in +++ b/rootfs-builder/centos/Dockerfile.in @@ -7,7 +7,7 @@ From centos:@OS_VERSION@ @SET_PROXY@ -RUN yum -y update && yum install -y git make gcc coreutils +RUN yum -y update && yum install -y git make gcc coreutils libseccomp libseccomp-devel # This will install the proper golang to build Kata components @INSTALL_GO@ diff --git a/rootfs-builder/clearlinux/Dockerfile.in b/rootfs-builder/clearlinux/Dockerfile.in index 4e2121d86..3634282ad 100644 --- a/rootfs-builder/clearlinux/Dockerfile.in +++ b/rootfs-builder/clearlinux/Dockerfile.in @@ -7,7 +7,7 @@ From fedora:27 @SET_PROXY@ -RUN dnf -y update && dnf install -y git systemd pkgconfig gcc coreutils +RUN dnf -y update && dnf install -y git systemd pkgconfig gcc coreutils libseccomp libseccomp-devel # This will install the proper golang to build Kata components @INSTALL_GO@ diff --git a/rootfs-builder/fedora/Dockerfile.in b/rootfs-builder/fedora/Dockerfile.in index d99c3076c..08ede4313 100644 --- a/rootfs-builder/fedora/Dockerfile.in +++ b/rootfs-builder/fedora/Dockerfile.in @@ -7,7 +7,7 @@ From fedora:@OS_VERSION@ @SET_PROXY@ -RUN dnf -y update && dnf install -y git redhat-release systemd pkgconfig gcc make +RUN dnf -y update && dnf install -y git redhat-release systemd pkgconfig gcc make libseccomp libseccomp-devel # This will install the proper golang to build Kata components @INSTALL_GO@ From 344a37c03c74c10480be73a2bd0aeca6f513bb6f Mon Sep 17 00:00:00 2001 From: Marco Vedovati Date: Wed, 5 Sep 2018 18:23:17 +0200 Subject: [PATCH 125/307] Makefile: update targets to better track build artifacts Update Makefile so that build artifacts are actually tracked as make targets. This is to enforce a strict prerequisite ordering and better handle parallel builds. Fixes: #157 Signed-off-by: Marco Vedovati --- Makefile | 34 ++++++++++++++++++++++++++-------- README.md | 6 +++--- 2 files changed, 29 insertions(+), 11 deletions(-) diff --git a/Makefile b/Makefile index cbcd7402e..cca78ed21 100644 --- a/Makefile +++ b/Makefile @@ -6,7 +6,10 @@ MK_DIR :=$(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) DISTRO ?= centos -DISTRO_ROOTFS := "$(PWD)/$(DISTRO)_rootfs" +DISTRO_ROOTFS := $(PWD)/$(DISTRO)_rootfs +DISTRO_ROOTFS_MARKER := .$(shell basename $(DISTRO_ROOTFS)).done +IMAGE := kata-containers.img +INITRD_IMAGE := kata-containers-initrd.img IMG_SIZE=500 AGENT_INIT ?= no @@ -16,28 +19,43 @@ COMMIT_NO := $(shell git rev-parse HEAD 2> /dev/null || true) COMMIT := $(if $(shell git status --porcelain --untracked-files=no),${COMMIT_NO}-dirty,${COMMIT_NO}) VERSION_COMMIT := $(if $(COMMIT),$(VERSION)-$(COMMIT),$(VERSION)) -all: rootfs image initrd -rootfs: +.PHONY: all +all: image initrd + +.PHONY: rootfs +rootfs: $(DISTRO_ROOTFS_MARKER) + +$(DISTRO_ROOTFS_MARKER): @echo Creating rootfs based on "$(DISTRO)" - "$(MK_DIR)/rootfs-builder/rootfs.sh" -o $(VERSION_COMMIT) -r "$(DISTRO_ROOTFS)" "$(DISTRO)" + "$(MK_DIR)/rootfs-builder/rootfs.sh" -o $(VERSION_COMMIT) -r $(DISTRO_ROOTFS) $(DISTRO) + touch $@ -image: rootfs image-only +.PHONY: image +image: $(IMAGE) -image-only: +$(IMAGE): rootfs @echo Creating image based on "$(DISTRO_ROOTFS)" "$(MK_DIR)/image-builder/image_builder.sh" -s "$(IMG_SIZE)" "$(DISTRO_ROOTFS)" -initrd: rootfs initrd-only +.PHONY: initrd +initrd: $(INITRD_IMAGE) -initrd-only: +$(INITRD_IMAGE): rootfs @echo Creating initrd image based on "$(DISTRO_ROOTFS)" "$(MK_DIR)/initrd-builder/initrd_builder.sh" "$(DISTRO_ROOTFS)" +.PHONY: test test: "$(MK_DIR)/tests/test_images.sh" "$(DISTRO)" +.PHONY: test-image-only test-image-only: "$(MK_DIR)/tests/test_images.sh" --test-images-only "$(DISTRO)" +.PHONY: test-initrd-only test-initrd-only: "$(MK_DIR)/tests/test_images.sh" --test-initrds-only "$(DISTRO)" + +.PHONY: clean +clean: + rm -rf $(DISTRO_ROOTFS_MARKER) $(DISTRO_ROOTFS) $(IMAGE) $(INITRD_IMAGE) diff --git a/README.md b/README.md index 4b80cf113..75c72b6c0 100644 --- a/README.md +++ b/README.md @@ -90,13 +90,13 @@ further details, see #### Image with systemd as init ``` -$ sudo -E PATH=$PATH make USE_DOCKER=true image-only +$ sudo -E PATH=$PATH make USE_DOCKER=true image ``` #### Image with the agent as init ``` -$ sudo -E PATH=$PATH make USE_DOCKER=true AGENT_INIT=yes image-only +$ sudo -E PATH=$PATH make USE_DOCKER=true AGENT_INIT=yes image ``` ### Initrd creation @@ -104,7 +104,7 @@ $ sudo -E PATH=$PATH make USE_DOCKER=true AGENT_INIT=yes image-only To create an initrd from the already-created rootfs with the agent acting as the init daemon: ``` -$ sudo -E PATH=$PATH make AGENT_INIT=yes initrd-only +$ sudo -E PATH=$PATH make AGENT_INIT=yes initrd ``` For further details, From 9f2461061f0c5554e979075f4ae581b727a73910 Mon Sep 17 00:00:00 2001 From: "James O. D. Hunt" Date: Fri, 7 Sep 2018 17:54:51 +0100 Subject: [PATCH 126/307] tests: Show summary of image sizes At the end of the tests, show a summary of the size of all the rootfs's, images and initrd's. Fixes #162. Signed-off-by: James O. D. Hunt --- .ci/setup.sh | 6 ++-- tests/test_images.sh | 85 ++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 88 insertions(+), 3 deletions(-) diff --git a/.ci/setup.sh b/.ci/setup.sh index 208eaf854..bfa52b6fe 100755 --- a/.ci/setup.sh +++ b/.ci/setup.sh @@ -14,13 +14,13 @@ source "${cidir}/lib.sh" source /etc/os-release if [ "$ID" == fedora ];then - sudo -E dnf -y install automake yamllint coreutils moreutils + sudo -E dnf -y install automake yamllint coreutils moreutils bc elif [ "$ID" == centos ];then sudo -E yum -y install epel-release - sudo -E yum -y install automake yamllint coreutils moreutils + sudo -E yum -y install automake yamllint coreutils moreutils bc elif [ "$ID" == ubuntu ];then sudo apt-get -qq update - sudo apt-get install -y -qq make automake qemu-utils python-pip coreutils moreutils + sudo apt-get install -y -qq make automake qemu-utils python-pip coreutils moreutils bc sudo pip install yamllint else echo "Linux distribution not supported" diff --git a/tests/test_images.sh b/tests/test_images.sh index 00498517e..e66515336 100755 --- a/tests/test_images.sh +++ b/tests/test_images.sh @@ -33,6 +33,12 @@ readonly docker_build_runtime="runc" test_images_only="false" test_initrds_only="false" +# Hashes used to keep track of image sizes. +# - Key: name of distro. +# - Value: colon-separated roots and image sizes ("${rootfs_size}:${image_size}"). +typeset -A built_images +typeset -A built_initrds + usage() { cat <> "$statsfile" +} + +# Show the sizes of all the generated initrds and images +show_stats() +{ + local name + local sizes + + local tmpfile=$(mktemp) + + # images + for name in "${!built_images[@]}" + do + sizes=${built_images[$name]} + add_to_stats_file "$tmpfile" "$name" "$sizes" 'image' + done + + # initrds + for name in "${!built_initrds[@]}" + do + sizes=${built_initrds[$name]} + add_to_stats_file "$tmpfile" "$name" "$sizes" 'initrd' + done + + info "Image and rootfs sizes (in bytes and MB), smallest image first:" + echo + + printf '%12.12s\t%10.10s\t%12.12s\t%10.10s\t%-8.8s\t%-20.20s\n' \ + "image-bytes" \ + "image-MB" \ + "rootfs-bytes" \ + "rootfs-MB" \ + "Type" \ + "Name" + + sort -k1,1n "$tmpfile" + + rm -f "${tmpfile}" +} + exit_handler() { if [ "$?" -eq 0 ] @@ -270,6 +343,8 @@ handle_options() build_rootfs "${distro}" "${rootfs}" + local rootfs_size=$(du -sb "${rootfs}" | awk '{print $1}') + if [ "$type" = "image" ] then # Images need systemd @@ -278,12 +353,20 @@ handle_options() local image_path="${images_dir}/${type}-${distro}-agent-init-${AGENT_INIT}.img" build_image "${image_path}" "${rootfs}" + local image_size=$(stat -c "%s" "${image_path}") + + built_images["${distro}"]="${rootfs_size}:${image_size}" + install_image_create_container "${image_path}" elif [ "$type" = "initrd" ] then local initrd_path="${images_dir}/${type}-${distro}-agent-init-${AGENT_INIT}.img" build_initrd "${initrd_path}" "${rootfs}" + local initrd_size=$(stat -c "%s" "${initrd_path}") + + built_initrds["${distro}"]="${rootfs_size}:${initrd_size}" + install_initrd_create_container "${initrd_path}" else die "invalid type: '$type' for distro $distro option $opt" @@ -459,6 +542,8 @@ test_all_distros() # previous tests. test_distro_euleros fi + + show_stats } main() From 6a307ed322ba219e36c5f40e41dfb7c7c6f57d8a Mon Sep 17 00:00:00 2001 From: Marco Vedovati Date: Mon, 10 Sep 2018 16:12:04 +0200 Subject: [PATCH 127/307] osbuilder: Remove redundant argument to test_image.sh Remove the redundant `--distro` argument; when needed, the distro can be specified using a positional argument. Fixes: #158 Signed-off-by: Marco Vedovati --- tests/test_images.sh | 3 --- 1 file changed, 3 deletions(-) diff --git a/tests/test_images.sh b/tests/test_images.sh index 00498517e..33410401a 100755 --- a/tests/test_images.sh +++ b/tests/test_images.sh @@ -42,7 +42,6 @@ Usage: $script_name [help|] Options: -h | --help # Show usage. - --distro # Only run tests for specified distro. --list # List all distros that can be tested. --test-images-only # Only run images tests for the list of distros under test. --test-initrds-only # Only run initrds tests for the list of distros under test. @@ -478,8 +477,6 @@ main() while [ $# -gt 1 ] do case "$1" in - --distro) distro="$2";; - -h|--help) usage; exit 0 ;; --list) list_distros; exit 0;; From 8a0b1ca1b5f74d617e8f79de69a073235b1112df Mon Sep 17 00:00:00 2001 From: Jose Carlos Venegas Munoz Date: Tue, 11 Sep 2018 15:53:51 -0500 Subject: [PATCH 128/307] release: Kata Containers 1.3.0-rc1 - Makefile: update targets to better track build artifacts - OSbuilder : Add support for Ubuntu rootfs - rootfs: Include libseccomp support in rootfs - rootfs-fedora: bump Fedora release to 28 - rootfs: Fail on non existing agent version. 344a37c Makefile: update targets to better track build artifacts f19da63 rootfs: Include libseccomp support in rootfs 3075de4 OSbuilder : Add support for Ubuntu rootfs 89bca97 rootfs: dockerfile: Fix fedora 28 build. 5a1d946 rootfs: Fail on non existing agent version. 1ac9c07 rootfs-fedora: bump Fedora release to 28 Signed-off-by: Jose Carlos Venegas Munoz --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index 26aaba0e8..3ffe613f7 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.2.0 +1.3.0-rc1 From 2b187c30d0fab4489c859524d33e02daa10bdd5e Mon Sep 17 00:00:00 2001 From: Marco Vedovati Date: Mon, 10 Sep 2018 16:32:30 +0200 Subject: [PATCH 129/307] tests: Reformat usage output in test_image.sh Reformat the usage output displayed with `help` command or `-h` option. Trap exit codes only after options parsing, as that is used to generate a test report. Fixes: #169 Signed-off-by: Marco Vedovati --- tests/test_images.sh | 22 ++++++++-------------- 1 file changed, 8 insertions(+), 14 deletions(-) diff --git a/tests/test_images.sh b/tests/test_images.sh index 00498517e..5464c6215 100755 --- a/tests/test_images.sh +++ b/tests/test_images.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash # # Copyright (c) 2018 Intel Corporation # @@ -36,27 +36,21 @@ test_initrds_only="false" usage() { cat <] - $script_name [options] +Usage: $script_name [options] [command | ] Options: - -h | --help # Show usage. --distro # Only run tests for specified distro. --list # List all distros that can be tested. --test-images-only # Only run images tests for the list of distros under test. --test-initrds-only # Only run initrds tests for the list of distros under test. -Parameters: - - +Commands: help : Show usage. - : Only run tests for specified distro. -Notes: - -- If no options or parameters are specified, all tests will be run. +When is specified, tests are run only for the specified distribution. +Otherwise, tests are be run on all distros. EOT } @@ -99,8 +93,6 @@ exit_handler() sudo -E ps -efwww | egrep "docker|kata" >&2 } -trap exit_handler EXIT ERR - die() { msg="$*" @@ -504,10 +496,12 @@ main() [ "$1" = "--" ] && shift case "$1" in - help) usage && exit 0;; + help) usage; exit 0;; + *) distro="$1";; esac + trap exit_handler EXIT ERR setup if [ -n "$distro" ] From dd687223e3d083d3bc407759e2d2a99845b05ebb Mon Sep 17 00:00:00 2001 From: Marco Vedovati Date: Tue, 11 Sep 2018 13:28:27 +0200 Subject: [PATCH 130/307] osbuilder: Add support for debian rootfs Fixes: #160 Signed-off-by: Marco Vedovati --- rootfs-builder/debian/Dockerfile.in | 13 +++++++++++++ rootfs-builder/debian/config.sh | 12 ++++++++++++ rootfs-builder/debian/rootfs_lib.sh | 7 +++++++ tests/test_images.sh | 7 +++++++ 4 files changed, 39 insertions(+) create mode 100644 rootfs-builder/debian/Dockerfile.in create mode 100644 rootfs-builder/debian/config.sh create mode 100644 rootfs-builder/debian/rootfs_lib.sh diff --git a/rootfs-builder/debian/Dockerfile.in b/rootfs-builder/debian/Dockerfile.in new file mode 100644 index 000000000..f4eb4ca21 --- /dev/null +++ b/rootfs-builder/debian/Dockerfile.in @@ -0,0 +1,13 @@ +# +# Copyright (c) 2018 SUSE +# +# SPDX-License-Identifier: Apache-2.0 + +# NOTE: OS_VERSION is set according to config.sh +from debian:@OS_VERSION@ + +# RUN commands +RUN apt-get update && apt-get install -y curl wget systemd debootstrap git build-essential +# This will install the proper golang to build Kata components +@INSTALL_GO@ + diff --git a/rootfs-builder/debian/config.sh b/rootfs-builder/debian/config.sh new file mode 100644 index 000000000..3fd64bbef --- /dev/null +++ b/rootfs-builder/debian/config.sh @@ -0,0 +1,12 @@ +# +# Copyright (c) 2018 SUSE +# +# SPDX-License-Identifier: Apache-2.0 + +OS_VERSION=${OS_VERSION:-9.5} + +# Set OS_NAME to the desired debian "codename" +OS_NAME=${OS_NAME:-"stretch"} + +# NOTE: Re-using ubuntu rootfs configuration, see 'ubuntu' folder for full content. +source $script_dir/ubuntu/$CONFIG_SH diff --git a/rootfs-builder/debian/rootfs_lib.sh b/rootfs-builder/debian/rootfs_lib.sh new file mode 100644 index 000000000..f6aae2636 --- /dev/null +++ b/rootfs-builder/debian/rootfs_lib.sh @@ -0,0 +1,7 @@ +# +# Copyright (c) 2018 SUSE +# +# SPDX-License-Identifier: Apache-2.0 + +# NOTE: Re-using ubuntu rootfs lib, see 'ubuntu' folder for details. +source ${script_dir}/ubuntu/$LIB_SH diff --git a/tests/test_images.sh b/tests/test_images.sh index 3b6f417c2..194970eda 100755 --- a/tests/test_images.sh +++ b/tests/test_images.sh @@ -440,6 +440,12 @@ test_distro_ubuntu() run_test "${name}" "" "ubuntu" "service" "no" } +test_distro_debian() +{ + local -r name="Can create and run debian image" + run_test "${name}" "" "debian" "service" "no" +} + test_distro_fedora() { @@ -526,6 +532,7 @@ test_all_distros() test_distro_centos test_distro_alpine test_distro_ubuntu + test_distro_debian if [ $MACHINE_TYPE != "ppc64le" ]; then test_distro_clearlinux From d5087c07cab278e970abec211a24f41dd8ca93b3 Mon Sep 17 00:00:00 2001 From: Marco Vedovati Date: Mon, 17 Sep 2018 10:45:53 +0200 Subject: [PATCH 131/307] osbuilder: Increase Travis CI build timeout Increase the build timeout to 50 minutes, this is required to allow more distros to be built. Fixes: #160 Signed-off-by: Marco Vedovati --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 66c63bd38..4aab4f73c 100644 --- a/.travis.yml +++ b/.travis.yml @@ -24,4 +24,4 @@ before_script: - ".ci/setup.sh" script: -- "travis_wait 30 .ci/run.sh" +- "travis_wait 50 .ci/run.sh" From 4a2fdee972f2495e7663c9a08c973489d547ae0d Mon Sep 17 00:00:00 2001 From: Marco Vedovati Date: Thu, 20 Sep 2018 13:06:41 +0200 Subject: [PATCH 132/307] osbuilder: fix loop devices manipulation in image-builder.sh Improve image-builder.sh to avoid the sporadic failures observed during the CI builds of images. Also, some cosmetic changes to indentation. Fixes: #172 Signed-off-by: Marco Vedovati --- image-builder/image_builder.sh | 200 ++++++++++++++++++++------------- 1 file changed, 121 insertions(+), 79 deletions(-) diff --git a/image-builder/image_builder.sh b/image-builder/image_builder.sh index 3ba110992..d85c15733 100755 --- a/image-builder/image_builder.sh +++ b/image-builder/image_builder.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash # # Copyright (c) 2017 Intel Corporation # @@ -26,9 +26,9 @@ usage() cat < This script will create a Kata Containers image file of - an adequate size based on the directory. - The size of the image can be also be specified manually - by '-s' flag. + an adequate size based on the directory. + The size of the image can be also be specified manually + by '-s' flag. Options: -h Show this help @@ -63,15 +63,17 @@ do h) usage ;; o) IMAGE="${OPTARG}" ;; r) ROOT_FREE_SPACE="${OPTARG}" ;; - s) IMG_SIZE=${OPTARG} - if [ ${IMG_SIZE} -le 0 ]; then - die "Image size has to be greater than 0 MB." - fi - if [ ${IMG_SIZE} -gt ${MAX_IMG_SIZE_MB} ]; then - die "Image size should not be greater than ${MAX_IMG_SIZE_MB} MB." - fi - ;; - f) FS_TYPE="${OPTARG}" ;; + s) { + IMG_SIZE=${OPTARG} + if [ ${IMG_SIZE} -le 0 ]; then + die "Image size has to be greater than 0 MB." + fi + if [ ${IMG_SIZE} -gt ${MAX_IMG_SIZE_MB} ]; then + die "Image size should not be greater than ${MAX_IMG_SIZE_MB} MB." + fi + } + ;; + f) FS_TYPE="${OPTARG}" ;; esac done @@ -140,94 +142,131 @@ OLD_IMG_SIZE=0 align_memory() { - remaining=$(($IMG_SIZE % $MEM_BOUNDARY)) - if [ "$remaining" != "0" ];then - warning "image size '$IMG_SIZE' is not aligned to memory boundary '$MEM_BOUNDARY', aligning it" - IMG_SIZE=$(($IMG_SIZE + $MEM_BOUNDARY - $remaining)) - fi + remaining=$(($IMG_SIZE % $MEM_BOUNDARY)) + if [ "$remaining" != "0" ];then + warning "image size '$IMG_SIZE' is not aligned to memory boundary '$MEM_BOUNDARY', aligning it" + IMG_SIZE=$(($IMG_SIZE + $MEM_BOUNDARY - $remaining)) + fi } # Calculate image size based on the rootfs calculate_img_size() { - IMG_SIZE=${IMG_SIZE:-$MEM_BOUNDARY} - align_memory - if [ -n "$ROOT_FREE_SPACE" ] && [ "$IMG_SIZE" -gt "$ROOTFS_SIZE" ]; then - info "Ensure that root partition has at least ${ROOT_FREE_SPACE}MB of free space" - IMG_SIZE=$(($IMG_SIZE + $ROOT_FREE_SPACE)) - fi + IMG_SIZE=${IMG_SIZE:-$MEM_BOUNDARY} + align_memory + if [ -n "$ROOT_FREE_SPACE" ] && [ "$IMG_SIZE" -gt "$ROOTFS_SIZE" ]; then + info "Ensure that root partition has at least ${ROOT_FREE_SPACE}MB of free space" + IMG_SIZE=$(($IMG_SIZE + $ROOT_FREE_SPACE)) + fi } -# Cleanup -cleanup() +unmount() { - sync - umount -l ${MOUNT_DIR} - rmdir ${MOUNT_DIR} - fsck -D -y "${DEVICE}p1" - losetup -d "${DEVICE}" + sync + umount -l ${MOUNT_DIR} + rmdir ${MOUNT_DIR} } +detach() +{ + losetup -d "${DEVICE}" + + # From `man losetup` about -d option: + # Note that since Linux v3.7 kernel uses "lazy device destruction". + # The detach operation does not return EBUSY error anymore if + # device is actively used by system, but it is marked by autoclear + # flag and destroyed later + info "Waiting for ${DEVICE} to detach" + + local i=0 + local max_tries=5 + while [[ "$i" < "$max_tries" ]]; do + sleep 1 + # If either the 'p1' partition has disappeared or partprobe failed, then + # the loop device should be correctly detached + if ! [ -b "${DEVICE}p1" ] || ! partprobe -s ${DEVICE}; then + break + fi + ((i+=1)) + echo -n "." + done + + [[ "$i" == "$max_tries" ]] && die "Cannot detach ${DEVICE}" + info "detached" +} + + create_rootfs_disk() { - ATTEMPT_NUM=$(($ATTEMPT_NUM+1)) - info "Create root disk image. Attempt ${ATTEMPT_NUM} out of ${MAX_ATTEMPTS}." - if [ ${ATTEMPT_NUM} -gt ${MAX_ATTEMPTS} ]; then - die "Unable to create root disk image." - fi + ATTEMPT_NUM=$(($ATTEMPT_NUM+1)) + info "Create root disk image. Attempt ${ATTEMPT_NUM} out of ${MAX_ATTEMPTS}." + if [ ${ATTEMPT_NUM} -gt ${MAX_ATTEMPTS} ]; then + die "Unable to create root disk image." + fi - calculate_img_size - if [ ${OLD_IMG_SIZE} -ne 0 ]; then - info "Image size ${OLD_IMG_SIZE}MB too small, trying again with size ${IMG_SIZE}MB" - fi + calculate_img_size + if [ ${OLD_IMG_SIZE} -ne 0 ]; then + info "Image size ${OLD_IMG_SIZE}MB too small, trying again with size ${IMG_SIZE}MB" + fi - info "Creating raw disk with size ${IMG_SIZE}M" - qemu-img create -q -f raw "${IMAGE}" "${IMG_SIZE}M" - OK "Image file created" + info "Creating raw disk with size ${IMG_SIZE}M" + qemu-img create -q -f raw "${IMAGE}" "${IMG_SIZE}M" + OK "Image file created" - # Kata runtime expect an image with just one partition - # The partition is the rootfs content + # Kata runtime expect an image with just one partition + # The partition is the rootfs content - info "Creating partitions" - parted "${IMAGE}" --script "mklabel gpt" \ - "mkpart ${FS_TYPE} 1M -1M" - OK "Partitions created" + info "Creating partitions" + parted "${IMAGE}" --script "mklabel gpt" \ + "mkpart ${FS_TYPE} 1M -1M" + OK "Partitions created" - # Get the loop device bound to the image file (requires /dev mounted in the - # image build system and root privileges) - DEVICE=$(losetup -P -f --show "${IMAGE}") + # Get the loop device bound to the image file (requires /dev mounted in the + # image build system and root privileges) + DEVICE=$(losetup -P -f --show "${IMAGE}") - #Refresh partition table - partprobe "${DEVICE}" + #Refresh partition table + partprobe -s "${DEVICE}" + # Poll for the block device p1 + local i=0 + local max_tries=5 + while [[ "$i" < "$max_tries" ]]; do + [ -b "${DEVICE}p1" ] && break + ((i+=1)) + echo -n "." + sleep 1 + done + [[ "$i" == "$max_tries" ]] && die "File ${DEVICE}p1 is not a block device" - MOUNT_DIR=$(mktemp -d osbuilder-mount-dir.XXXX) - info "Formating Image using ext4 format" - mkfs.ext4 -q -F -b "${BLOCK_SIZE}" "${DEVICE}p1" - OK "Image formated" + MOUNT_DIR=$(mktemp -d osbuilder-mount-dir.XXXX) + info "Formatting Image using ext4 filesystem" + mkfs.ext4 -q -F -b "${BLOCK_SIZE}" "${DEVICE}p1" + OK "Image formatted" - info "Mounting root partition" - mount "${DEVICE}p1" "${MOUNT_DIR}" - OK "root partition mounted" - RESERVED_BLOCKS_PERCENTAGE=3 - info "Set filesystem reserved blocks percentage to ${RESERVED_BLOCKS_PERCENTAGE}%" - tune2fs -m "${RESERVED_BLOCKS_PERCENTAGE}" "${DEVICE}p1" + info "Mounting root partition" + mount "${DEVICE}p1" "${MOUNT_DIR}" + OK "root partition mounted" + RESERVED_BLOCKS_PERCENTAGE=3 + info "Set filesystem reserved blocks percentage to ${RESERVED_BLOCKS_PERCENTAGE}%" + tune2fs -m "${RESERVED_BLOCKS_PERCENTAGE}" "${DEVICE}p1" - AVAIL_DISK=$(df -B M --output=avail "${DEVICE}p1" | tail -1) - AVAIL_DISK=${AVAIL_DISK/M} - info "Free space root partition ${AVAIL_DISK} MB" + AVAIL_DISK=$(df -B M --output=avail "${DEVICE}p1" | tail -1) + AVAIL_DISK=${AVAIL_DISK/M} + info "Free space root partition ${AVAIL_DISK} MB" - # if the available disk space is less than rootfs size, repeat the process - # of disk creation by adding 5% in the inital assumed value $ROOTFS_SIZE - if [ $ROOTFS_SIZE -gt $AVAIL_DISK ]; then - # Increase the size but remain aligned to 128 - MEM_BOUNDARY=$(($MEM_BOUNDARY+128)) - rm -f ${IMAGE} - OLD_IMG_SIZE=${IMG_SIZE} - unset IMG_SIZE - cleanup - create_rootfs_disk - fi + # if the available disk space is less than rootfs size, repeat the process + # of disk creation by adding 5% in the inital assumed value $ROOTFS_SIZE + if [ $ROOTFS_SIZE -gt $AVAIL_DISK ]; then + # Increase the size but remain aligned to 128 + MEM_BOUNDARY=$(($MEM_BOUNDARY+128)) + OLD_IMG_SIZE=${IMG_SIZE} + unset IMG_SIZE + unmount + detach + rm -f ${IMAGE} + create_rootfs_disk + fi } create_rootfs_disk @@ -237,6 +276,9 @@ info "Copying content from rootfs to root partition" cp -a "${ROOTFS}"/* ${MOUNT_DIR} OK "rootfs copied" -cleanup +unmount +# Optimize +fsck.ext4 -D -y "${DEVICE}p1" +detach info "Image created. Virtual size: ${IMG_SIZE}MB." From 5bbbd2abf9ffc3021a54c55b8349c20a7dbd1f9b Mon Sep 17 00:00:00 2001 From: Peng Tao Date: Wed, 26 Sep 2018 17:16:22 +0800 Subject: [PATCH 133/307] release: Kata Containers 1.3.0 - osbuilder: Add support for debian rootfs - Reformat usage output in test_image.sh - osbuilder: Remove redundant argument to test_image.sh - tests: Show summary of image sizes 4a2fdee osbuilder: fix loop devices manipulation in image-builder.sh d5087c0 osbuilder: Increase Travis CI build timeout dd68722 osbuilder: Add support for debian rootfs 2b187c3 tests: Reformat usage output in test_image.sh 6a307ed osbuilder: Remove redundant argument to test_image.sh 9f24610 tests: Show summary of image sizes Signed-off-by: Peng Tao --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index 3ffe613f7..f0bb29e76 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.3.0-rc1 +1.3.0 From 562be909073301c8c5c09e1c73a53e8e8b1c624b Mon Sep 17 00:00:00 2001 From: Marco Vedovati Date: Thu, 13 Sep 2018 19:25:38 +0200 Subject: [PATCH 134/307] tests: support parallel building of artifacts Rework test_images.sh and Makefile to allow building artifacts in parallel for faster tests execution. Add new targets to Makefile ({rootfs,image,initrd}-). Fixes: #168 Signed-off-by: Marco Vedovati --- Makefile | 82 ++++--- rootfs-builder/rootfs.sh | 6 +- tests/test_config.sh | 17 ++ tests/test_images.sh | 466 +++++++++++++++------------------------ 4 files changed, 258 insertions(+), 313 deletions(-) create mode 100644 tests/test_config.sh diff --git a/Makefile b/Makefile index cca78ed21..d57a7828a 100644 --- a/Makefile +++ b/Makefile @@ -3,59 +3,87 @@ # # SPDX-License-Identifier: Apache-2.0 # -MK_DIR :=$(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +MK_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +TEST_RUNNER := $(MK_DIR)/tests/test_images.sh +ROOTFS_BUILDER := $(MK_DIR)/rootfs-builder/rootfs.sh +INITRD_BUILDER := $(MK_DIR)/initrd-builder/initrd_builder.sh +IMAGE_BUILDER := $(MK_DIR)/image-builder/image_builder.sh -DISTRO ?= centos -DISTRO_ROOTFS := $(PWD)/$(DISTRO)_rootfs -DISTRO_ROOTFS_MARKER := .$(shell basename $(DISTRO_ROOTFS)).done -IMAGE := kata-containers.img -INITRD_IMAGE := kata-containers-initrd.img -IMG_SIZE=500 -AGENT_INIT ?= no +IMG_SIZE = 500 +AGENT_INIT ?= no +DISTRO ?= centos +ROOTFS_BUILD_DEST := $(PWD) +IMAGES_BUILD_DEST := $(PWD) +DISTRO_ROOTFS := $(ROOTFS_BUILD_DEST)/$(DISTRO)_rootfs +DISTRO_ROOTFS_MARKER := $(ROOTFS_BUILD_DEST)/.$(DISTRO)_rootfs.done +DISTRO_IMAGE := $(IMAGES_BUILD_DEST)/kata-containers.img +DISTRO_INITRD := $(IMAGES_BUILD_DEST)/kata-containers-initrd.img -VERSION_FILE := ./VERSION -VERSION := $(shell grep -v ^\# $(VERSION_FILE)) -COMMIT_NO := $(shell git rev-parse HEAD 2> /dev/null || true) -COMMIT := $(if $(shell git status --porcelain --untracked-files=no),${COMMIT_NO}-dirty,${COMMIT_NO}) +VERSION_FILE := ./VERSION +VERSION := $(shell grep -v ^\# $(VERSION_FILE)) +COMMIT_NO := $(shell git rev-parse HEAD 2> /dev/null || true) +COMMIT := $(if $(shell git status --porcelain --untracked-files=no),${COMMIT_NO}-dirty,${COMMIT_NO}) VERSION_COMMIT := $(if $(COMMIT),$(VERSION)-$(COMMIT),$(VERSION)) +################################################################################ + +rootfs-%: $(ROOTFS_BUILD_DEST)/.%_rootfs.done + @ # DONT remove. This is not cancellation rule. + +.PRECIOUS: $(ROOTFS_BUILD_DEST)/.%_rootfs.done +$(ROOTFS_BUILD_DEST)/.%_rootfs.done:: rootfs-builder/% + @echo Creating rootfs for "$*" + $(ROOTFS_BUILDER) -o $(VERSION_COMMIT) -r $(ROOTFS_BUILD_DEST)/$*_rootfs $* + touch $@ + +image-%: $(IMAGES_BUILD_DEST)/kata-containers-image-%.img + @ # DONT remove. This is not cancellation rule. + +.PRECIOUS: $(IMAGES_BUILD_DEST)/kata-containers-image-%.img +$(IMAGES_BUILD_DEST)/kata-containers-image-%.img: rootfs-% + @echo Creating image based on $^ + $(IMAGE_BUILDER) -s $(IMG_SIZE) -o $@ $(ROOTFS_BUILD_DEST)/$*_rootfs + +initrd-%: $(IMAGES_BUILD_DEST)/kata-containers-initrd-%.img + @ # DONT remove. This is not cancellation rule. + +.PRECIOUS: $(IMAGES_BUILD_DEST)/kata-containers-initrd-%.img +$(IMAGES_BUILD_DEST)/kata-containers-initrd-%.img: rootfs-% + @echo Creating initrd image for $* + $(INITRD_BUILDER) -o $@ $(ROOTFS_BUILD_DEST)/$*_rootfs + .PHONY: all all: image initrd .PHONY: rootfs rootfs: $(DISTRO_ROOTFS_MARKER) -$(DISTRO_ROOTFS_MARKER): - @echo Creating rootfs based on "$(DISTRO)" - "$(MK_DIR)/rootfs-builder/rootfs.sh" -o $(VERSION_COMMIT) -r $(DISTRO_ROOTFS) $(DISTRO) - touch $@ - .PHONY: image -image: $(IMAGE) +image: $(DISTRO_IMAGE) -$(IMAGE): rootfs +$(DISTRO_IMAGE): $(DISTRO_ROOTFS_MARKER) @echo Creating image based on "$(DISTRO_ROOTFS)" - "$(MK_DIR)/image-builder/image_builder.sh" -s "$(IMG_SIZE)" "$(DISTRO_ROOTFS)" + $(IMAGE_BUILDER) -s "$(IMG_SIZE)" "$(DISTRO_ROOTFS)" .PHONY: initrd -initrd: $(INITRD_IMAGE) +initrd: $(DISTRO_INITRD) -$(INITRD_IMAGE): rootfs +$(DISTRO_INITRD): $(DISTRO_ROOTFS_MARKER) @echo Creating initrd image based on "$(DISTRO_ROOTFS)" - "$(MK_DIR)/initrd-builder/initrd_builder.sh" "$(DISTRO_ROOTFS)" + $(INITRD_BUILDER) "$(DISTRO_ROOTFS)" .PHONY: test test: - "$(MK_DIR)/tests/test_images.sh" "$(DISTRO)" + $(TEST_RUNNER) "$(DISTRO)" .PHONY: test-image-only test-image-only: - "$(MK_DIR)/tests/test_images.sh" --test-images-only "$(DISTRO)" + $(TEST_RUNNER) --test-images-only "$(DISTRO)" .PHONY: test-initrd-only test-initrd-only: - "$(MK_DIR)/tests/test_images.sh" --test-initrds-only "$(DISTRO)" + $(TEST_RUNNER) --test-initrds-only "$(DISTRO)" .PHONY: clean clean: - rm -rf $(DISTRO_ROOTFS_MARKER) $(DISTRO_ROOTFS) $(IMAGE) $(INITRD_IMAGE) + rm -rf $(DISTRO_ROOTFS_MARKER) $(DISTRO_ROOTFS) $(DISTRO_IMAGE) $(DISTRO_INITRD) diff --git a/rootfs-builder/rootfs.sh b/rootfs-builder/rootfs.sh index 0659d4a11..05e22a963 100755 --- a/rootfs-builder/rootfs.sh +++ b/rootfs-builder/rootfs.sh @@ -52,8 +52,8 @@ $(get_distros) Refer the Platform-OS Compatibility Matrix: https://github.com/kata-containers/osbuilder#platform-distro-compatibility-matrix Options: --a : agent version DEFAULT: ${AGENT_VERSION} ENV: AGENT_VERSION --h : Show this help message +-a : agent version DEFAULT: ${AGENT_VERSION} ENV: AGENT_VERSION +-h : show this help message -o : specify version of osbuilder -r : rootfs directory DEFAULT: ${ROOTFS_DIR} ENV: ROOTFS_DIR @@ -90,7 +90,7 @@ distro_needs_admin_caps() then echo "true" elif [ "$1" = "debian" ] - then + then echo "true" else echo "false" diff --git a/tests/test_config.sh b/tests/test_config.sh new file mode 100644 index 000000000..ffa9b1ac1 --- /dev/null +++ b/tests/test_config.sh @@ -0,0 +1,17 @@ +# +# Copyright (c) 2018 SUSE LLC +# +# SPDX-License-Identifier: Apache-2.0 + +distrosSystemd=(fedora centos ubuntu debian) +distrosAgent=(alpine) + +if [ $MACHINE_TYPE != "ppc64le" ]; then + distrosSystemd+=(clearlinux) +fi + +# "Not testing eurleros on Travis: (timeout, see: https://github.com/kata-containers/osbuilder/issues/46)" +if [ -z "${TRAVIS:-}" ]; then + distrosSystemd+=(euleros) +fi + diff --git a/tests/test_images.sh b/tests/test_images.sh index 194970eda..6d305d1e4 100755 --- a/tests/test_images.sh +++ b/tests/test_images.sh @@ -4,20 +4,17 @@ # # SPDX-License-Identifier: Apache-2.0 -set -e +set -euo pipefail readonly script_dir="$(dirname $(readlink -f $0))" readonly script_name=${0##*/} - -readonly rootfs_sh="${script_dir}/../rootfs-builder/rootfs.sh" -readonly image_builder_sh="${script_dir}/../image-builder/image_builder.sh" -readonly initrd_builder_sh="${script_dir}/../initrd-builder/initrd_builder.sh" readonly tmp_dir=$(mktemp -t -d osbuilder-test.XXXXXXX) readonly tmp_rootfs="${tmp_dir}/rootfs-osbuilder" readonly images_dir="${tmp_dir}/images" readonly osbuilder_file="/var/lib/osbuilder/osbuilder.yaml" readonly docker_image="busybox" -readonly docker_config_file="/etc/systemd/system/docker.service.d/kata-containers.conf" +readonly systemd_docker_config_file="/etc/systemd/system/docker.service.d/kata-containers.conf" +readonly sysconfig_docker_config_file="/etc/sysconfig/docker" readonly tests_repo="github.com/kata-containers/tests" readonly tests_repo_dir="${script_dir}/../../tests" readonly mgr="${tests_repo_dir}/cmd/kata-manager/kata-manager.sh" @@ -30,8 +27,10 @@ readonly test_func_prefix="test_distro_" # "docker build" does not work with a VM-based runtime readonly docker_build_runtime="runc" -test_images_only="false" -test_initrds_only="false" +build_images=1 +build_initrds=1 + +source ${script_dir}/test_config.sh # Hashes used to keep track of image sizes. # - Key: name of distro. @@ -138,14 +137,15 @@ exit_handler() rm -rf "${tmp_dir}" + # Restore the default image in config file + [ -n "${TRAVIS:-}" ] || chronic $mgr configure-image + return fi info "ERROR: test failed" # The test failed so dump what we can - info "AGENT_INIT: '${AGENT_INIT}'" - info "images:" sudo -E ls -l "${images_dir}" >&2 @@ -163,6 +163,9 @@ exit_handler() info "processes:" sudo -E ps -efwww | egrep "docker|kata" >&2 + + # Restore the default image in config file + [ -n "${TRAVIS:-}" ] || chronic $mgr configure-image } die() @@ -185,7 +188,15 @@ set_runtime() [ -z "$name" ] && die "need name" # Travis doesn't support VT-x - [ -n "$TRAVIS" ] && return + [ -n "${TRAVIS:-}" ] && return + + source /etc/os-release + + if [[ "${ID_LIKE:-}" =~ suse ]]; then + docker_config_file="$sysconfig_docker_config_file" + else + docker_config_file="$systemd_docker_config_file" + fi sudo -E sed -i "s/--default-runtime=[^ ][^ ]*/--default-runtime=${name}/g" \ "${docker_config_file}" @@ -201,7 +212,7 @@ setup() export USE_DOCKER=true # Travis doesn't support VT-x - [ -n "$TRAVIS" ] && return + [ -n "${TRAVIS:-}" ] && return [ ! -d "${tests_repo_dir}" ] && git clone "https://${tests_repo}" "${tests_repo_dir}" @@ -212,56 +223,6 @@ setup() set_runtime "${docker_build_runtime}" } -build_rootfs() -{ - local distro="$1" - local rootfs="$2" - - [ -z "$distro" ] && die "need distro" - [ -z "$rootfs" ] && die "need rootfs" - - local full="${rootfs}${osbuilder_file}" - - # clean up from any previous runs - [ -d "${rootfs}" ] && sudo -E rm -rf "${rootfs}" - - sudo -E ${rootfs_sh} -r "${rootfs}" "${distro}" - - yamllint "${full}" - - info "built rootfs for distro '$distro' at '$rootfs'" - info "osbuilder metadata file:" - cat "${full}" >&2 -} - -build_image() -{ - local file="$1" - local rootfs="$2" - - [ -z "$file" ] && die "need file" - [ -z "$rootfs" ] && die "need rootfs" - - sudo -E ${image_builder_sh} -o "${file}" "${rootfs}" - - info "built image file '$file' for rootfs '$rootfs':" - sudo -E ls -l "$file" >&2 -} - -build_initrd() -{ - local file="$1" - local rootfs="$2" - - [ -z "$file" ] && die "need file" - [ -z "$rootfs" ] && die "need rootfs" - - sudo -E ${initrd_builder_sh} -o "${file}" "${rootfs}" - - info "built initrd file '$file' for rootfs '$rootfs':" - sudo -E ls -l "$file" >&2 -} - create_container() { out=$(mktemp) @@ -287,7 +248,7 @@ install_image_create_container() [ ! -e "$file" ] && die "file does not exist: $file" # Travis doesn't support VT-x - [ -n "$TRAVIS" ] && return + [ -n "${TRAVIS:-}" ] && return chronic $mgr reset-config chronic $mgr configure-image "$file" @@ -302,246 +263,192 @@ install_initrd_create_container() [ ! -e "$file" ] && die "file does not exist: $file" # Travis doesn't support VT-x - [ -n "$TRAVIS" ] && return + [ -n "${TRAVIS:-}" ] && return chronic $mgr reset-config chronic $mgr configure-initrd "$file" create_container } -handle_options() +# Displays a list of distros which can be tested +list_distros() { - local distro="$1" - local type="$2" - local options="$3" - - [ -z "$distro" ] && die "need distro" - [ -z "$type" ] && die "need type" - - local opt - local rootfs - - for opt in $options - do - # Set the crucial variable to determine if the agent will be - # PID 1 in the image or initrd. - case "$opt" in - init) export AGENT_INIT="yes";; - *) export AGENT_INIT="no";; - esac - - rootfs="${tmp_rootfs}/${distro}-agent-init-${AGENT_INIT}" - - build_rootfs "${distro}" "${rootfs}" - - local rootfs_size=$(du -sb "${rootfs}" | awk '{print $1}') - - if [ "$type" = "image" ] - then - # Images need systemd - [ "$opt" = "init" ] && continue - - local image_path="${images_dir}/${type}-${distro}-agent-init-${AGENT_INIT}.img" - - build_image "${image_path}" "${rootfs}" - local image_size=$(stat -c "%s" "${image_path}") - - built_images["${distro}"]="${rootfs_size}:${image_size}" - - install_image_create_container "${image_path}" - elif [ "$type" = "initrd" ] - then - local initrd_path="${images_dir}/${type}-${distro}-agent-init-${AGENT_INIT}.img" - - build_initrd "${initrd_path}" "${rootfs}" - local initrd_size=$(stat -c "%s" "${initrd_path}") - - built_initrds["${distro}"]="${rootfs_size}:${initrd_size}" - - install_initrd_create_container "${initrd_path}" - else - die "invalid type: '$type' for distro $distro option $opt" - fi - done + tr " " "\n" <<< "${distrosSystemd[@]} ${distrosAgent[@]}" | sort } -# Create an image and/or initrd for the specified distribution, +# +# Calls the `GNU make` utility with the set of passed arguments. +# Arguments can either be make targets or make variables assignments (in the form of VARIABLE=) +# +call_make() { + targetType=$1 + shift + makeVars=() + makeTargets=() + # Split args between make variable and targets + for t in $@; do + # RE to match a make variable assignment + pattern="^\w+\=" + if [[ "$t" =~ $pattern ]]; then + makeVars+=("$t") + else + makeTargets+=($targetType-$t) + fi + done + + makeJobs= + if [ -z "${CI:-}" ]; then + ((makeJobs=$(nproc) / 2)) + fi + + info "Starting make with \n\ + # of // jobs: ${makeJobs:-[unlimited]} \n\ + targets: ${makeTargets[@]} \n\ + variables: ${makeVars[@]}" + + sudo -E make -j $makeJobs ${makeTargets[@]} ${makeVars[@]} +} + +make_rootfs() { + call_make rootfs $@ +} + +make_image() { + call_make image $@ +} + +make_initrd() { + call_make initrd $@ +} + +get_rootfs_size() { + [ $# -ne 1 ] && die "get_rootfs_size with wrong invalid argument" + + local rootfs_dir=$1 + ! [ -d "$rootfs_dir" ] && die "$rootfs_dir is not a valid rootfs path" + + sudo -E du -sb "${rootfs_dir}" | awk '{print $1}' +} + +# Create an image and/or initrd for the available distributions, # then test each by configuring the runtime and creating a container. # -# The second and third parameters take the form of a space separated list of -# values which represent whether the agent should be the init daemon in the -# image/initrd. "init" means the agent should be configured to be the init -# daemon and "service" means it should run as a systemd service. -# -# The list value should be set to "no" if the image/initrd should not -# be built+tested. +# When passing the name of a distribution, tests are run against that +# distribution only. # # Parameters: # # 1: distro name. -# 2: image options. -# 3: initrd options. -create_and_run() +# +test_distros() { local distro="$1" - local image_options="$2" - local initrd_options="$3" + local separator="~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n" - [ -z "$distro" ] && die "need distro" - [ -z "$image_options" ] && die "need image options" - [ -z "$initrd_options" ] && die "need initrd options" + echo -e "$separator" - local opt - - if [ "$image_options" != "no" ] - then - if [ "${test_initrds_only}" = "true" ] - then - info "only testing initrds: skipping image test for distro $distro" + # If a distro was specified, filter out the distro list to only include that distro + if [ -n "$distro" ]; then + pattern="\<$distro\>" + if [[ "${distrosAgent[@]}" =~ $pattern ]]; then + distrosAgent=($distro) + distrosSystemd=() + elif [[ "${distrosSystemd[@]}" =~ $pattern ]]; then + distrosSystemd=($distro) + distrosAgent=() + build_initrds= else - handle_options "$distro" "image" "$image_options" + die "Not a valid distro: $distro" fi + + info "Running tests for distro: $distro" + + else + info "Running tests for all distros" fi - if [ "$initrd_options" != "no" ] - then - if [ "${test_images_only}" = "true" ] - then - info "only testing images: skipping initrd test for distro $distro" - else - handle_options "$distro" "initrd" "$initrd_options" - fi - fi -} + # distro with systemd as init -> normal rootfs image + # distro with kata-agent as init -> normal rootfs image AND initrd image -run_test() -{ - local -r name="$1" - local -r skip="$2" - local -r distro="$3" - local -r image_options="$4" - local -r initrd_options="$5" + # If user does not need rootfs images, then do not build systemd rootfses + [ -z "$build_images" ] && distrosSystemd=() - [ -z "$name" ] && die "need name" - [ -z "$distro" ] && die "need distro" - [ -z "$image_options" ] && die "need image options" - [ -z "$initrd_options" ] && die "need initrd options" + commonMakeVars=( \ + USE_DOCKER=true \ + ROOTFS_BUILD_DEST="$tmp_rootfs" \ + IMAGES_BUILD_DEST="$images_dir" ) - [ -n "$skip" ] && info "Skipping test $name: $skip" && return + # Build systemd and agent rootfs with 2 separate jobs + bgJobs=() - info "Running test: ${name}" - - create_and_run "${distro}" "${image_options}" "${initrd_options}" -} - -test_distro_ubuntu() -{ - local -r name="Can create and run ubuntu image" - run_test "${name}" "" "ubuntu" "service" "no" -} - -test_distro_debian() -{ - local -r name="Can create and run debian image" - run_test "${name}" "" "debian" "service" "no" -} - - -test_distro_fedora() -{ - local -r name="Can create and run fedora image" - run_test "${name}" "" "fedora" "service" "no" -} - -test_distro_clearlinux() -{ - local -r name="Can create and run clearlinux image" - - run_test "${name}" "" "clearlinux" "service" "no" -} - -test_distro_centos() -{ - local -r name="Can create and run centos image" - run_test "${name}" "" "centos" "service" "no" -} - -test_distro_euleros() -{ - local -r name="Can create and run euleros image" - - [ "$TRAVIS" = true ] && skip="travis timeout, see: https://github.com/kata-containers/osbuilder/issues/46" - - run_test "${name}" "$skip" "euleros" "service" "no" -} - -test_distro_alpine() -{ - local -r name="Can create and run alpine image" - run_test "${name}" "" "alpine" "no" "init" -} - -# Displays a list of all distro test functions -get_distro_test_names() -{ - typeset -F | awk '{print $3}' |\ - grep "^${test_func_prefix}" | sort -} - -# Displays a list of distros which can be tested -list_distros() -{ - get_distro_test_names | sed "s/${test_func_prefix}//g" -} - -test_single_distro() -{ - local -r distro="$1" - - [ -z "$distro" ] && die "distro cannot be blank" - - local -r expected_func="${test_func_prefix}${distro}" - - local test_funcs - test_funcs=$(get_distro_test_names) - - local defined_func - defined_func=$(echo "$test_funcs" | grep "^${expected_func}$" || true) - - if [ -z "$defined_func" ] - then - local distros - - # make a comma-separated list - distros=$(list_distros | tr '\n' ',' | sed 's/,$//g') - - die "no test for distro '$distro' (try one of $distros)" + if [ ${#distrosSystemd[@]} -gt 0 ]; then + info "building rootfses with systemd as init: ${distrosSystemd[@]}" + make_rootfs ${commonMakeVars[@]} "${distrosSystemd[@]}" & + bgJobs+=($!) fi - info "only running tests for distro $distro" - - # run the test - $defined_func -} - -test_all_distros() -{ - info "running tests for all distros" - - test_distro_fedora - test_distro_centos - test_distro_alpine - test_distro_ubuntu - test_distro_debian - if [ $MACHINE_TYPE != "ppc64le" ]; then - test_distro_clearlinux - - # Run last as EulerOS servers can be slow and we don't want to fail the - # previous tests. - test_distro_euleros + if [ ${#distrosAgent[@]} -gt 0 ]; then + info "building all rootfses with kata-agent as init" + make_rootfs ${commonMakeVars[@]} AGENT_INIT=yes "${distrosAgent[@]}" & + bgJobs+=($!) fi + # Check for build failures (`wait` remembers up to CHILD_MAX bg processes exit status) + for j in ${bgJobs[@]}; do + wait $j || die "Background build job failed" + done + + + for d in ${distrosSystemd[@]} ${distrosAgent[@]}; do + local rootfs_path="${tmp_rootfs}/${d}_rootfs" + osbuilder_file_fullpath="${rootfs_path}/${osbuilder_file}" + echo -e "$separator" + yamllint "${osbuilder_file_fullpath}" + + info "osbuilder metadata file for $d:" + cat "${osbuilder_file_fullpath}" >&2 + done + + + # TODO: once support for rootfs images with kata-agent as init is in place, + # uncomment the following line +# for d in ${distrosSystemd[@]} ${distrosAgent[@]}; do + for d in ${distrosSystemd[@]}; do + local rootfs_path="${tmp_rootfs}/${d}_rootfs" + local image_path="${images_dir}/kata-containers-image-$d.img" + local rootfs_size=$(get_rootfs_size "$rootfs_path") + + echo -e "$separator" + info "Making rootfs image for ${d}" + make_image ${commonMakeVars[@]} $d + local image_size=$(stat -c "%s" "${image_path}") + + echo -e "$separator" + built_images["${d}"]="${rootfs_size}:${image_size}" + info "Creating container for ${d}" + install_image_create_container $image_path + done + + for d in ${distrosAgent[@]}; do + local rootfs_path="${tmp_rootfs}/${d}_rootfs" + local initrd_path="${images_dir}/kata-containers-initrd-$d.img" + local rootfs_size=$(get_rootfs_size "$rootfs_path") + + echo -e "$separator" + info "Making initrd image for ${d}" + make_initrd ${commonMakeVars[@]} AGENT_INIT=yes $d + local initrd_size=$(stat -c "%s" "${initrd_path}") + + echo -e "$separator" + built_initrds["${d}"]="${rootfs_size}:${initrd_size}" + info "Creating container for ${d}" + install_initrd_create_container $initrd_path + done + + echo -e "$separator" show_stats + + echo -e "$separator" } main() @@ -566,13 +473,11 @@ main() --list) list_distros; exit 0;; --test-images-only) - test_images_only="true" - test_initrds_only="false" + build_initrds= ;; --test-initrds-only) - test_initrds_only="true" - test_images_only="false" + build_images= ;; --) shift; break ;; @@ -584,21 +489,16 @@ main() # Consume getopt cruft [ "$1" = "--" ] && shift - case "$1" in + case "${1:-}" in help) usage; exit 0;; - *) distro="$1";; + *) distro="${1:-}";; esac trap exit_handler EXIT ERR setup - if [ -n "$distro" ] - then - test_single_distro "$distro" - else - test_all_distros - fi + test_distros "$distro" # We shouldn't really need a message like this but the CI can fail in # mysterious ways so make it clear! From 7c443ed2189fd1e644afebdd953a2e8e1ab6717c Mon Sep 17 00:00:00 2001 From: Marco Vedovati Date: Tue, 2 Oct 2018 12:56:49 +0200 Subject: [PATCH 135/307] travis: remove AGENT_INIT env combinations Remove the AGENT_INIT = yes / no combinations from .travis.yml, as test_images.sh is now running both builds in parallel. Signed-off-by: Marco Vedovati --- .travis.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/.travis.yml b/.travis.yml index 4aab4f73c..5926cd952 100644 --- a/.travis.yml +++ b/.travis.yml @@ -13,10 +13,6 @@ os: language: bash -env: - - AGENT_INIT=no - - AGENT_INIT=yes - services: - docker From 83d883826b325aef5b5b1bbbca578f2311e12654 Mon Sep 17 00:00:00 2001 From: Marco Vedovati Date: Wed, 5 Sep 2018 18:25:37 +0200 Subject: [PATCH 136/307] osbuilder: Add support for openSUSE rootfs image Add support for building a rootfs image based on openSUSE Leap. Fixes: #33 Signed-off-by: Marco Vedovati --- README.md | 10 ++-- rootfs-builder/rootfs.sh | 44 +++++++------- rootfs-builder/suse/Dockerfile.in | 18 ++++++ rootfs-builder/suse/config.sh | 47 +++++++++++++++ rootfs-builder/suse/config.xml | 40 +++++++++++++ rootfs-builder/suse/install-packages.sh | 29 ++++++++++ rootfs-builder/suse/rootfs_lib.sh | 76 +++++++++++++++++++++++++ tests/test_config.sh | 2 +- 8 files changed, 239 insertions(+), 27 deletions(-) create mode 100644 rootfs-builder/suse/Dockerfile.in create mode 100644 rootfs-builder/suse/config.sh create mode 100644 rootfs-builder/suse/config.xml create mode 100644 rootfs-builder/suse/install-packages.sh create mode 100644 rootfs-builder/suse/rootfs_lib.sh diff --git a/README.md b/README.md index 75c72b6c0..eeecc24e1 100644 --- a/README.md +++ b/README.md @@ -120,8 +120,8 @@ For further details, see [the tests documentation](tests/README.md). ## Platform-Distro Compatibility Matrix -| | Alpine | CentOS | ClearLinux | EulerOS | Fedora | - |--|--|--|--|--|--| - | **ARM64** | :heavy_check_mark: | :heavy_check_mark: | | :heavy_check_mark: | :heavy_check_mark: | - | **PPC64le** | :heavy_check_mark: | :heavy_check_mark: | | | :heavy_check_mark: | - | **x86_64** | :heavy_check_mark: |:heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | +| |Alpine |CentOS |ClearLinux |Debian/Ubuntu |EulerOS |Fedora |openSUSE | +|-- |-- |-- |-- |-- |-- |-- |-- | +|**ARM64** |:heavy_check_mark:|:heavy_check_mark:| | |:heavy_check_mark:|:heavy_check_mark:| | +|**PPC64le**|:heavy_check_mark:|:heavy_check_mark:| |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:| +|**x86_64** |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:| diff --git a/rootfs-builder/rootfs.sh b/rootfs-builder/rootfs.sh index 05e22a963..228cfe1c7 100755 --- a/rootfs-builder/rootfs.sh +++ b/rootfs-builder/rootfs.sh @@ -84,17 +84,29 @@ check_function_exist() [ "$(type -t ${function_name})" == "function" ] || die "${function_name} function was not defined" } -distro_needs_admin_caps() +docker_extra_args() { - if [ "$1" = "ubuntu" ] - then - echo "true" - elif [ "$1" = "debian" ] - then - echo "true" - else - echo "false" - fi + local args="" + + case "$1" in + ubuntu | debian) + # Requred to chroot + args+=" --cap-add SYS_CHROOT" + # debootstrap needs to create device nodes to properly function + args+=" --cap-add MKNOD" + ;& + suse) + # Required to mount inside a container + args+=" --cap-add SYS_ADMIN" + # When AppArmor is enabled, mounting inside a container is blocked with docker-default profile. + # See https://github.com/moby/moby/issues/16429 + args+=" --security-opt apparmor:unconfined" + ;; + *) + ;; + esac + + echo "$args" } generate_dockerfile() @@ -239,17 +251,7 @@ if [ -n "${USE_DOCKER}" ] ; then docker_run_args+=" --rm" docker_run_args+=" --runtime runc" - admin_caps=$(distro_needs_admin_caps "$distro") - if [ "$admin_caps" = "true" ]; then - # Required by debootstrap to mount inside a container - docker_run_args+=" --cap-add SYS_ADMIN" - # Requred to chroot - docker_run_args+=" --cap-add SYS_CHROOT" - # debootstrap needs to create device nodes to properly function - docker_run_args+=" --cap-add MKNOD" - # See https://github.com/moby/moby/issues/16429 - docker_run_args+=" --security-opt apparmor:unconfined" - fi + docker_run_args+=" $(docker_extra_args $distro)" #Make sure we use a compatible runtime to build rootfs # In case Clear Containers Runtime is installed we dont want to hit issue: diff --git a/rootfs-builder/suse/Dockerfile.in b/rootfs-builder/suse/Dockerfile.in new file mode 100644 index 000000000..7aaed2a8b --- /dev/null +++ b/rootfs-builder/suse/Dockerfile.in @@ -0,0 +1,18 @@ +# +# Copyright (c) 2018 SUSE LLC +# +# SPDX-License-Identifier: Apache-2.0 + +#suse: docker image to be used to create a rootfs +#@OS_VERSION@: Docker image version to build this dockerfile +from opensuse/leap + +# This dockerfile needs to provide all the componets need to build a rootfs +# Install any package need to create a rootfs (package manager, extra tools) + +COPY install-packages.sh config.sh / +# RUN commands +RUN chmod +x /install-packages.sh; /install-packages.sh + +# This will install the proper golang to build Kata components +@INSTALL_GO@ diff --git a/rootfs-builder/suse/config.sh b/rootfs-builder/suse/config.sh new file mode 100644 index 000000000..594fc4d4e --- /dev/null +++ b/rootfs-builder/suse/config.sh @@ -0,0 +1,47 @@ +# +# Copyright (c) 2018 SUSE LLC +# +# SPDX-License-Identifier: Apache-2.0 + +# May also be "Tumbleweed" +OS_DISTRO="Leap" + +# Leave this empty for distro "Tumbleweed" +OS_VERSION=${OS_VERSION:-15.0} + +OS_IDENTIFIER="$OS_DISTRO${OS_VERSION:+:$OS_VERSION}" + +# Extra packages to install in the rootfs +PACKAGES="systemd iptables libudev1" + +# http or https +REPO_TRANSPORT="https" + +# Can specify an alternative domain +REPO_DOMAIN="download.opensuse.org" + +# NOTE: you probably dont need to edit things below this +# +############################################################################### + +SUSE_URL_BASE="${REPO_TRANSPORT}://${REPO_DOMAIN}" +SUSE_PATH_OSS="/distribution/${OS_DISTRO,,}/$OS_VERSION/repo/oss" +SUSE_PATH_UPDATE="/update/${OS_DISTRO,,}/$OS_VERSION/oss" + +case "$(uname -m)" in + x86_64) + REPO_URL_PORT="" + ;; + ppc|ppc64le) + REPO_URL_PORT="/ports/ppc" + ;; + *) + REPO_URL_PORT="/ports/$arch" + ;; +esac +SUSE_FULLURL_OSS="${SUSE_URL_BASE}${REPO_URL_PORT}${SUSE_PATH_OSS}" +SUSE_FULLURL_UPDATE="${SUSE_URL_BASE}${SUSE_PATH_UPDATE}" + +if [ -z "${REPO_URL:-}" ]; then + REPO_URL="$SUSE_FULLURL_OSS" +fi diff --git a/rootfs-builder/suse/config.xml b/rootfs-builder/suse/config.xml new file mode 100644 index 000000000..a92147529 --- /dev/null +++ b/rootfs-builder/suse/config.xml @@ -0,0 +1,40 @@ + + + + + SUSE + mvedovati@suse.com + openSUSE rootfs for Kata Containers guest vm + + + 1.0.0 + zypper + en_US + us + true + + + + + + + + + + + + + + + + + + + + + + diff --git a/rootfs-builder/suse/install-packages.sh b/rootfs-builder/suse/install-packages.sh new file mode 100644 index 000000000..8bfa9c050 --- /dev/null +++ b/rootfs-builder/suse/install-packages.sh @@ -0,0 +1,29 @@ +#!/usr/bin/env bash +# +# Copyright (c) 2018 SUSE LLC +# +# SPDX-License-Identifier: Apache-2.0 + +set -euo pipefail + +source config.sh + +removeRepos=(repo-non-oss repo-update-non-oss repo-oss repo-update) + +for r in ${removeRepos[@]}; do + zypper --non-interactive removerepo $r +done + +zypper --non-interactive addrepo ${SUSE_FULLURL_OSS} osbuilder-oss +zypper --non-interactive addrepo ${SUSE_FULLURL_UPDATE} osbuilder-update + + +# Workaround for zypper slowdowns observed when running inside +# a container: see https://github.com/openSUSE/zypper/pull/209 +# The fix is upstream but it will take a while before landing +# in Leap +ulimit -n 1024 +zypper --non-interactive refresh +zypper --non-interactive install --no-recommends --force-resolution curl git gcc make python3-kiwi tar +zypper --non-interactive clean --all + diff --git a/rootfs-builder/suse/rootfs_lib.sh b/rootfs-builder/suse/rootfs_lib.sh new file mode 100644 index 000000000..216f90a2f --- /dev/null +++ b/rootfs-builder/suse/rootfs_lib.sh @@ -0,0 +1,76 @@ +# +# Copyright (c) 2018 SUSE LLC +# +# SPDX-License-Identifier: Apache-2.0 + +# - Arguments +# rootfs_dir=$1 +# +# - Optional environment variables +# +# EXTRA_PKGS: Variable to add extra PKGS provided by the user +# +# BIN_AGENT: Name of the Kata-Agent binary +# +# REPO_URL: URL to distribution repository ( should be configured in +# config.sh file) +# +# Any other configuration variable for a specific distro must be added +# and documented on its own config.sh +# +# - Expected result +# +# rootfs_dir populated with rootfs pkgs +# It must provide a binary in /sbin/init +# +# Note: For some distros, the build_rootfs() function provided in scripts/lib.sh +# will suffice. If a new distro is introduced with a special requirement, +# then, a rootfs_builder//rootfs_lib.sh file should be created +# using this template. + +build_rootfs() { + # Mandatory + local ROOTFS_DIR=$1 + + #Name of the Kata-Agent binary + local BIN_AGENT=${BIN_AGENT} + + # In case of support EXTRA packages, use it to allow + # users add more packages to the base rootfs + local EXTRA_PKGS=${EXTRA_PKGS:-} + + #PATH where files this script is placed + #Use it to refer to files in the same directory + #Exmaple: ${CONFIG_DIR}/foo + local CONFIG_DIR=${CONFIG_DIR} + + # Populate ROOTFS_DIR + # Must provide /sbin/init and /bin/${BIN_AGENT} + if [ -e "$ROOTFS_DIR" ] && ! [ -z "$(ls -A $ROOTFS_DIR)" ]; then + echo "ERROR: $ROOTFS_DIR is not empty" + exit 1 + fi + + local addPackages="" + for p in $PACKAGES $EXTRA_PKGS; do + addPackages+=" --add-package=$p" + done + + # set-repo format: + # man kiwi::system::build for details + local setRepo=" --set-repo $REPO_URL,rpm-md,$OS_IDENTIFIER,99,false,false" + + # Workaround for zypper slowdowns observed when running inside + # a container: see https://github.com/openSUSE/zypper/pull/209 + # The fix is upstream but it will take a while before landing + # in Leap + ulimit -n 1024 + kiwi system prepare \ + --description $CONFIG_DIR \ + --allow-existing-root \ + --root $ROOTFS_DIR \ + $addPackages \ + $setRepo + install -d $ROOTFS_DIR/lib/systemd + ln -s /usr/lib/systemd/systemd $ROOTFS_DIR/lib/systemd/systemd +} diff --git a/tests/test_config.sh b/tests/test_config.sh index ffa9b1ac1..1697714da 100644 --- a/tests/test_config.sh +++ b/tests/test_config.sh @@ -3,7 +3,7 @@ # # SPDX-License-Identifier: Apache-2.0 -distrosSystemd=(fedora centos ubuntu debian) +distrosSystemd=(fedora centos ubuntu debian suse) distrosAgent=(alpine) if [ $MACHINE_TYPE != "ppc64le" ]; then From fc4c23fdbbef3b806bf618e7feb85142218cb8da Mon Sep 17 00:00:00 2001 From: "James O. D. Hunt" Date: Fri, 5 Oct 2018 15:50:59 +0100 Subject: [PATCH 137/307] tests: Sort size summary by image size and rootfs size Sort the table of image sizes by rootfs size after having sorted by image size so that the smaller rootfs images appear before larger ones when the image size is the same. Fixes #178. Signed-off-by: James O. D. Hunt --- tests/test_images.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/test_images.sh b/tests/test_images.sh index 6d305d1e4..13e942332 100755 --- a/tests/test_images.sh +++ b/tests/test_images.sh @@ -120,7 +120,7 @@ show_stats() "Type" \ "Name" - sort -k1,1n "$tmpfile" + sort -k1,1n -k3,3n "$tmpfile" rm -f "${tmpfile}" } From 3b3f044463b040a573420389adc25a26a322342b Mon Sep 17 00:00:00 2001 From: Marco Vedovati Date: Mon, 8 Oct 2018 13:03:50 +0200 Subject: [PATCH 138/307] tests: handle docker set runtime for systemd / sysconfig Detect when dockerd config is sourced from a sysconfig file instead of being hardcoded in the systemd unit file, and improve re matching for the two cases. Fixes: #180 Signed-off-by: Marco Vedovati --- tests/test_images.sh | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/tests/test_images.sh b/tests/test_images.sh index 6d305d1e4..35ba5534e 100755 --- a/tests/test_images.sh +++ b/tests/test_images.sh @@ -190,16 +190,15 @@ set_runtime() # Travis doesn't support VT-x [ -n "${TRAVIS:-}" ] && return - source /etc/os-release - - if [[ "${ID_LIKE:-}" =~ suse ]]; then + if [ -f "$sysconfig_docker_config_file" ]; then docker_config_file="$sysconfig_docker_config_file" + sed_script="s|^( *DOCKER_OPTS=.+--default-runtime[= ] *)[^ \"]+(.*\"$)|\1${name}\2|g" else docker_config_file="$systemd_docker_config_file" + sed_script="s/--default-runtime[= ][^ ]*/--default-runtime=${name}/g" fi - sudo -E sed -i "s/--default-runtime=[^ ][^ ]*/--default-runtime=${name}/g" \ - "${docker_config_file}" + sudo -E sed -i -E "$sed_script" "$docker_config_file" sudo -E systemctl daemon-reload sudo -E systemctl restart docker } From be3bea43255f7507302b8b6647bacd852f40b07d Mon Sep 17 00:00:00 2001 From: Marco Vedovati Date: Thu, 18 Oct 2018 09:48:47 +0200 Subject: [PATCH 139/307] rootfs.sh: add options to list and get test config Add new options to rootfs.sh: -l prints the list of all distros, -t retrieves a subset of the distro configuration from config.sh for testing purpose. Signed-off-by: Marco Vedovati --- Makefile | 4 ++++ rootfs-builder/rootfs.sh | 15 ++++++++++++++- 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index d57a7828a..ec23eb654 100644 --- a/Makefile +++ b/Makefile @@ -84,6 +84,10 @@ test-image-only: test-initrd-only: $(TEST_RUNNER) --test-initrds-only "$(DISTRO)" +.PHONY: list-distros +list-distros: + @ $(ROOTFS_BUILDER) -l + .PHONY: clean clean: rm -rf $(DISTRO_ROOTFS_MARKER) $(DISTRO_ROOTFS) $(DISTRO_IMAGE) $(DISTRO_INITRD) diff --git a/rootfs-builder/rootfs.sh b/rootfs-builder/rootfs.sh index 228cfe1c7..f700a7282 100755 --- a/rootfs-builder/rootfs.sh +++ b/rootfs-builder/rootfs.sh @@ -54,8 +54,10 @@ Refer the Platform-OS Compatibility Matrix: https://github.com/kata-containers/o Options: -a : agent version DEFAULT: ${AGENT_VERSION} ENV: AGENT_VERSION -h : show this help message +-l : list the supported Linux distributions -o : specify version of osbuilder -r : rootfs directory DEFAULT: ${ROOTFS_DIR} ENV: ROOTFS_DIR +-t : print the test config for a given ENV VARIABLES: GO_AGENT_PKG: Change the golang package url to get the agent source code @@ -78,6 +80,15 @@ get_distros() { done } +get_test_config() { + local distro="$1" + local config="${script_dir}/${distro}/config.sh" + source ${config} + + echo -e "INIT_PROCESS:\t\t$INIT_PROCESS" + echo -e "ARCH_EXCLUDE_LIST:\t\t${ARCH_EXCLUDE_LIST[@]}" +} + check_function_exist() { function_name="$1" @@ -180,13 +191,15 @@ copy_kernel_modules() OSBUILDER_VERSION="unknown" -while getopts a:ho:r: opt +while getopts a:hlo:r:t: opt do case $opt in a) AGENT_VERSION="${OPTARG}" ;; h) usage ;; + l) get_distros | sort && exit 0;; o) OSBUILDER_VERSION="${OPTARG}" ;; r) ROOTFS_DIR="${OPTARG}" ;; + t) get_test_config "${OPTARG}" && exit 0;; esac done From 962b7ee3d2bebad38f7247dda1677fc97269a9d1 Mon Sep 17 00:00:00 2001 From: Marco Vedovati Date: Thu, 18 Oct 2018 09:51:52 +0200 Subject: [PATCH 140/307] tests: get config from distro-specific config.sh Move the test configuration in the distro-specific config.sh file, for better control of what to include/exclude from testing based on the test environment. test_config.sh is still used to exclude specific distros from being tested, when running tests in bulk. Fixes: #182 Signed-off-by: Marco Vedovati --- rootfs-builder/alpine/config.sh | 6 ++ rootfs-builder/centos/config.sh | 6 ++ rootfs-builder/clearlinux/config.sh | 6 ++ rootfs-builder/debian/config.sh | 6 ++ rootfs-builder/euleros/config.sh | 10 +++ rootfs-builder/fedora/config.sh | 4 ++ rootfs-builder/suse/config.sh | 9 ++- rootfs-builder/template/config_template.sh | 11 ++++ rootfs-builder/ubuntu/config.sh | 6 ++ tests/test_config.sh | 14 ++-- tests/test_images.sh | 75 ++++++++++++++++++++-- 11 files changed, 140 insertions(+), 13 deletions(-) diff --git a/rootfs-builder/alpine/config.sh b/rootfs-builder/alpine/config.sh index bc8cf4345..117669baa 100644 --- a/rootfs-builder/alpine/config.sh +++ b/rootfs-builder/alpine/config.sh @@ -16,3 +16,9 @@ MIRROR=http://dl-5.alpinelinux.org/alpine # Mandatory Packages that must be installed # - iptables: Need by Kata agent PACKAGES="iptables" + +# Init process must be one of {systemd,kata-agent} +INIT_PROCESS=kata-agent +# List of zero or more architectures to exclude from build, +# as reported by `uname -m` +ARCH_EXCLUDE_LIST=() diff --git a/rootfs-builder/centos/config.sh b/rootfs-builder/centos/config.sh index a354ea74d..75f6cc1bd 100644 --- a/rootfs-builder/centos/config.sh +++ b/rootfs-builder/centos/config.sh @@ -28,3 +28,9 @@ PACKAGES="iptables" # systemd: An init system that will start kata-agent if kata-agent # itself is not configured as init process. [ "$AGENT_INIT" == "no" ] && PACKAGES+=" systemd" || true + +# Init process must be one of {systemd,kata-agent} +INIT_PROCESS=systemd +# List of zero or more architectures to exclude from build, +# as reported by `uname -m` +ARCH_EXCLUDE_LIST=() diff --git a/rootfs-builder/clearlinux/config.sh b/rootfs-builder/clearlinux/config.sh index e9c3a9fe5..5deab3783 100644 --- a/rootfs-builder/clearlinux/config.sh +++ b/rootfs-builder/clearlinux/config.sh @@ -21,3 +21,9 @@ PACKAGES="iptables-bin libudev0-shim" # systemd: An init system that will start kata-agent if kata-agent # itself is not configured as init process. [ "$AGENT_INIT" == "no" ] && PACKAGES+=" systemd" || true + +# Init process must be one of {systemd,kata-agent} +INIT_PROCESS=systemd +# List of zero or more architectures to exclude from build, +# as reported by `uname -m` +ARCH_EXCLUDE_LIST=(ppc64le) diff --git a/rootfs-builder/debian/config.sh b/rootfs-builder/debian/config.sh index 3fd64bbef..698a128b2 100644 --- a/rootfs-builder/debian/config.sh +++ b/rootfs-builder/debian/config.sh @@ -10,3 +10,9 @@ OS_NAME=${OS_NAME:-"stretch"} # NOTE: Re-using ubuntu rootfs configuration, see 'ubuntu' folder for full content. source $script_dir/ubuntu/$CONFIG_SH + +# Init process must be one of {systemd,kata-agent} +INIT_PROCESS=systemd +# List of zero or more architectures to exclude from build, +# as reported by `uname -m` +ARCH_EXCLUDE_LIST=() diff --git a/rootfs-builder/euleros/config.sh b/rootfs-builder/euleros/config.sh index 4b7af6acd..2fcf8a735 100644 --- a/rootfs-builder/euleros/config.sh +++ b/rootfs-builder/euleros/config.sh @@ -1,3 +1,7 @@ +# +# Copyright (C) 2018 Huawei Technologies Co., Ltd +# +# SPDX-License-Identifier: Apache-2.0 OS_NAME="EulerOS" OS_VERSION=${OS_VERSION:-2.2} @@ -12,3 +16,9 @@ PACKAGES="iptables" # systemd: An init system that will start kata-agent if kata-agent # itself is not configured as init process. [ "$AGENT_INIT" == "no" ] && PACKAGES+=" systemd" || true + +# Init process must be one of {systemd,kata-agent} +INIT_PROCESS=systemd +# List of zero or more architectures to exclude from build, +# as reported by `uname -m` +ARCH_EXCLUDE_LIST=() diff --git a/rootfs-builder/fedora/config.sh b/rootfs-builder/fedora/config.sh index a0ca15a31..6bb6bd561 100644 --- a/rootfs-builder/fedora/config.sh +++ b/rootfs-builder/fedora/config.sh @@ -15,3 +15,7 @@ PACKAGES="iptables" # systemd: An init system that will start kata-agent if kata-agent # itself is not configured as init process. [ "$AGENT_INIT" == "no" ] && PACKAGES+=" systemd" || true + +# Init process must be one of {systemd,kata-agent} +INIT_PROCESS=systemd +ARCH_EXCLUDE_LIST=() diff --git a/rootfs-builder/suse/config.sh b/rootfs-builder/suse/config.sh index 594fc4d4e..8f4352560 100644 --- a/rootfs-builder/suse/config.sh +++ b/rootfs-builder/suse/config.sh @@ -20,9 +20,16 @@ REPO_TRANSPORT="https" # Can specify an alternative domain REPO_DOMAIN="download.opensuse.org" +# Init process must be one of {systemd,kata-agent} +INIT_PROCESS=systemd +# List of zero or more architectures to exclude from build, +# as reported by `uname -m` +ARCH_EXCLUDE_LIST=() + +############################################################################### +# # NOTE: you probably dont need to edit things below this # -############################################################################### SUSE_URL_BASE="${REPO_TRANSPORT}://${REPO_DOMAIN}" SUSE_PATH_OSS="/distribution/${OS_DISTRO,,}/$OS_VERSION/repo/oss" diff --git a/rootfs-builder/template/config_template.sh b/rootfs-builder/template/config_template.sh index cf3157f4e..b32bc7ada 100644 --- a/rootfs-builder/template/config_template.sh +++ b/rootfs-builder/template/config_template.sh @@ -1,3 +1,8 @@ +# +# Copyright (c) 2018 Intel Corporation +# +# SPDX-License-Identifier: Apache-2.0 + # This is a configuration file add extra variables to # be used by build_rootfs() from rootfs_lib.sh the variables will be # loaded just before call the function. For more information see the @@ -6,3 +11,9 @@ OS_VERSION=${OS_VERSION:-DEFAULT_VERSION} PACKAGES="systemd iptables udevlib.so" + +# Init process must be one of {systemd,kata-agent} +INIT_PROCESS=systemd +# List of zero or more architectures to exclude from build, +# as reported by `uname -m` +ARCH_EXCLUDE_LIST=() diff --git a/rootfs-builder/ubuntu/config.sh b/rootfs-builder/ubuntu/config.sh index d8bb95d1b..ed8ef7c2b 100644 --- a/rootfs-builder/ubuntu/config.sh +++ b/rootfs-builder/ubuntu/config.sh @@ -22,3 +22,9 @@ case $(arch) in aarch64) ARCHITECTURE="arm64";; (*) die "$(arch) not supported " esac + +# Init process must be one of {systemd,kata-agent} +INIT_PROCESS=systemd +# List of zero or more architectures to exclude from build, +# as reported by `uname -m` +ARCH_EXCLUDE_LIST=() diff --git a/tests/test_config.sh b/tests/test_config.sh index 1697714da..d91cdeab8 100644 --- a/tests/test_config.sh +++ b/tests/test_config.sh @@ -3,15 +3,15 @@ # # SPDX-License-Identifier: Apache-2.0 -distrosSystemd=(fedora centos ubuntu debian suse) -distrosAgent=(alpine) -if [ $MACHINE_TYPE != "ppc64le" ]; then - distrosSystemd+=(clearlinux) +if [ -n "${CI:-}" ]; then + # "Not testing eurleros on Jenkins or Travis: + # (unreliable mirros, see: https://github.com/kata-containers/osbuilder/issues/182) + # (timeout, see: https://github.com/kata-containers/osbuilder/issues/46)" + skipWhenTestingAll=(euleros) fi -# "Not testing eurleros on Travis: (timeout, see: https://github.com/kata-containers/osbuilder/issues/46)" -if [ -z "${TRAVIS:-}" ]; then - distrosSystemd+=(euleros) +if [ -n "${TRAVIS:-}" ]; then + skipWhenTestingAll+=() fi diff --git a/tests/test_images.sh b/tests/test_images.sh index 3af12b9fb..a0a342a21 100755 --- a/tests/test_images.sh +++ b/tests/test_images.sh @@ -18,6 +18,8 @@ readonly sysconfig_docker_config_file="/etc/sysconfig/docker" readonly tests_repo="github.com/kata-containers/tests" readonly tests_repo_dir="${script_dir}/../../tests" readonly mgr="${tests_repo_dir}/cmd/kata-manager/kata-manager.sh" +readonly test_config=${script_dir}/test_config.sh +readonly rootfs_builder=${script_dir}/../rootfs-builder/rootfs.sh readonly RUNTIME=${RUNTIME:-kata-runtime} readonly MACHINE_TYPE=`uname -m` @@ -29,9 +31,8 @@ readonly docker_build_runtime="runc" build_images=1 build_initrds=1 - -source ${script_dir}/test_config.sh - +typeset -a distrosSystemd distrosAgent +source ${test_config} # Hashes used to keep track of image sizes. # - Key: name of distro. # - Value: colon-separated roots and image sizes ("${rootfs_size}:${image_size}"). @@ -53,8 +54,12 @@ Commands: help : Show usage. -When is specified, tests are run only for the specified distribution. -Otherwise, tests are be run on all distros. +When is specified, tests are run only for the specified . +Otherwise, tests are run on all distros. + +$(basename ${test_config}) includes a list of distros to exclude from testing, +depending on the detected test environment. However, when a is specified, +distro exclusion based on $(basename ${test_config}) is not enforced. EOT } @@ -181,6 +186,14 @@ info() echo -e "INFO: $s\n" >&2 } +debug() +{ + [ -z "${TEST_DEBUG:-}" ] && return + s="$*" + echo -e "DBG: $s" >&2 +} + + set_runtime() { local name="$1" @@ -222,6 +235,57 @@ setup() set_runtime "${docker_build_runtime}" } +# Fetches the distros test configuration from the distro-specific config.sh file. +# $1 : only fetch configuration for the distro with name $1. When not specified, +# fetch configuration for all distros. +get_distros_config() +{ + local distro="$1" + local distrosList + local -A distroCfg=(\ + [INIT_PROCESS]=\ + [ARCH_EXCLUDE_LIST]=\ + ) + + if [ -n "$distro" ]; then + distrosList=("$distro") + # When specifying a single distro name, skip does not apply + skipWhenTestingAll=() + else + distrosList=($(make list-distros)) + fi + + for d in ${distrosList[@]}; do + debug "Getting config for distro $d" + distroPattern="\<${d}\>" + if [[ "${skipWhenTestingAll[@]}" =~ $distroPattern ]]; then + info "Skipping distro $d as specified by $(basename ${test_config})" + continue + fi + + tmpfile=$(mktemp /tmp/osbuilder-$d-config.XXX) + ${rootfs_builder} -t $d > $tmpfile + # Get value of all keys in distroCfg + for k in ${!distroCfg[@]}; do + distroCfg[$k]="$(awk -v cfgKey=$k 'BEGIN{FS=":\t+"}{if ($1 == cfgKey) print $2}' $tmpfile)" + debug "distroCfg[$k]=${distroCfg[$k]}" + done + rm -f $tmpfile + + machinePattern="\<${MACHINE_TYPE}\>" + if [[ "${distroCfg[ARCH_EXCLUDE_LIST]}" =~ $machinePattern ]]; then + info "Skipping distro $d on architecture $MACHINE_TYPE" + continue + fi + + case "${distroCfg[INIT_PROCESS]}" in + systemd) distrosSystemd+=($d) ;; + kata-agent) distrosAgent+=($d) ;; + *) die "Invalid init process specified for distro $d: \"${distroCfg[INIT_PROCESS]}\"" ;; + esac + done +} + create_container() { out=$(mktemp) @@ -342,6 +406,7 @@ get_rootfs_size() { test_distros() { local distro="$1" + get_distros_config "$distro" local separator="~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n" echo -e "$separator" From 06437bb51efd8d2390a0d7654eb406ddcece3bf9 Mon Sep 17 00:00:00 2001 From: Yonatan Gefen Date: Tue, 23 Oct 2018 13:23:40 -0400 Subject: [PATCH 141/307] docs: Fix link in README Correct rootfs builder link in the image builder README. Fixes #185. Signed-off-by: Yonatan Gefen --- image-builder/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/image-builder/README.md b/image-builder/README.md index b4475fced..acfa24e20 100644 --- a/image-builder/README.md +++ b/image-builder/README.md @@ -17,7 +17,7 @@ $ sudo ./image_builder.sh path/to/rootfs Where `path/to/rootfs` is the directory populated by `rootfs.sh`. > **Note**: If you are building an image from an Alpine rootfs, see -> the important note [here](rootfs-builder/README.md#rootfs-requirements). +> the important note [here](/rootfs-builder/README.md#rootfs-requirements). ## Further information From c8ae9c077c4a37b2a0689044d2c5c66f8b16ccf7 Mon Sep 17 00:00:00 2001 From: Marco Vedovati Date: Tue, 30 Oct 2018 13:58:47 +0100 Subject: [PATCH 142/307] rootfs.sh: improve usage output Improve rootfs.sh usage output to have a consistent layout and documentation of options and environment variables. Signed-off-by: Marco Vedovati --- rootfs-builder/rootfs.sh | 71 ++++++++++++++++++++++++++-------------- 1 file changed, 47 insertions(+), 24 deletions(-) diff --git a/rootfs-builder/rootfs.sh b/rootfs-builder/rootfs.sh index f700a7282..e9c300c8a 100755 --- a/rootfs-builder/rootfs.sh +++ b/rootfs-builder/rootfs.sh @@ -15,6 +15,7 @@ GO_AGENT_PKG=${GO_AGENT_PKG:-github.com/kata-containers/agent} AGENT_BIN=${AGENT_BIN:-kata-agent} AGENT_INIT=${AGENT_INIT:-no} KERNEL_MODULES_DIR=${KERNEL_MODULES_DIR:-""} +OSBUILDER_VERSION="unknown" lib_file="${script_dir}/../scripts/lib.sh" source "$lib_file" @@ -40,35 +41,58 @@ usage() { error="${1:-0}" cat < - : Linux distribution to use as base OS. +Usage: ${script_name} [options] -Supported Linux distributions: +Build a rootfs based on OS, to be included in a Kata Containers +image. -$(get_distros) - -Refer the Platform-OS Compatibility Matrix: https://github.com/kata-containers/osbuilder#platform-distro-compatibility-matrix +Supported values: +$(get_distros | tr "\n" " ") Options: --a : agent version DEFAULT: ${AGENT_VERSION} ENV: AGENT_VERSION --h : show this help message --l : list the supported Linux distributions --o : specify version of osbuilder --r : rootfs directory DEFAULT: ${ROOTFS_DIR} ENV: ROOTFS_DIR --t : print the test config for a given + -a Specify the agent version. Overrides the AGENT_VERSION + environment variable. + -h Show this help message. + -l List the supported Linux distributions and exit immediately. + -o Specify the version of osbuilder to embed in the rootfs + yaml description. + -r Specify the rootfs base directory. Overrides the ROOTFS_DIR + environment variable. + -t Print the test configuration for and exit + immediately. + +Environment Variables: +AGENT_BIN Name of the agent binary (used when running sanity checks on + the rootfs). + Default value: ${AGENT_BIN} + +AGENT_INIT When set to "yes", use ${AGENT_BIN} as init process in place + of systemd. + Default value: no + +AGENT_VERSION Version of the agent to include in the rootfs. + Default value: ${AGENT_VERSION:-} + +GO_AGENT_PKG URL of the Git repository hosting the agent package. + Default value: ${GO_AGENT_PKG} + +KERNEL_MODULES_DIR Path to a directory containing kernel modules to include in + the rootfs. + Default value: + +ROOTFS_DIR Path to the directory that is populated with the rootfs. + Default value: <${script_name} path>/rootfs- + +USE_DOCKER If set, build the rootfs inside a container (requires + Docker). + Default value: + + +Refer to the Platform-OS Compatibility Matrix for more details on the supported +architectures: +https://github.com/kata-containers/osbuilder#platform-distro-compatibility-matrix -ENV VARIABLES: -GO_AGENT_PKG: Change the golang package url to get the agent source code - DEFAULT: ${GO_AGENT_PKG} -AGENT_BIN : Name of the agent binary (needed to check if agent is installed) -USE_DOCKER: If set will build rootfs in a Docker Container (requries docker) - DEFAULT: not set -AGENT_INIT : Use ${AGENT_BIN} as init process. - DEFAULT: no -KERNEL_MODULES_DIR: Optional kernel modules to put into the rootfs. - DEFAULT: "" EOT exit "${error}" } @@ -189,7 +213,6 @@ copy_kernel_modules() OK "Kernel modules copied" } -OSBUILDER_VERSION="unknown" while getopts a:hlo:r:t: opt do From 57d0a8300ba00fea0442a148f0560e1022b9a6a8 Mon Sep 17 00:00:00 2001 From: Marco Vedovati Date: Tue, 30 Oct 2018 19:21:08 +0100 Subject: [PATCH 143/307] rootfs.sh: trap build errors for specific distros Add the ability to trap a build error inside rootfs.sh, without returning an error code. Gating conditions (all of them are needed): - GRACEFUL_EXIT shall be passed as env variable to rootfs.sh - BUILD_CAN_FAIL shall be specified in the distro config.sh Signed-off-by: Marco Vedovati --- rootfs-builder/rootfs.sh | 24 +++++++++++++++++++++- rootfs-builder/template/config_template.sh | 3 +++ 2 files changed, 26 insertions(+), 1 deletion(-) diff --git a/rootfs-builder/rootfs.sh b/rootfs-builder/rootfs.sh index e9c300c8a..978221d0b 100755 --- a/rootfs-builder/rootfs.sh +++ b/rootfs-builder/rootfs.sh @@ -77,6 +77,13 @@ AGENT_VERSION Version of the agent to include in the rootfs. GO_AGENT_PKG URL of the Git repository hosting the agent package. Default value: ${GO_AGENT_PKG} +GRACEFUL_EXIT If set, and if the configuration specifies a + non-empty BUILD_CAN_FAIL variable, do not return with an + error code in case any of the build step fails. + This is used when running CI jobs, to tolerate failures for + specific distributions. + Default value: + KERNEL_MODULES_DIR Path to a directory containing kernel modules to include in the rootfs. Default value: @@ -88,7 +95,6 @@ USE_DOCKER If set, build the rootfs inside a container (requires Docker). Default value: - Refer to the Platform-OS Compatibility Matrix for more details on the supported architectures: https://github.com/kata-containers/osbuilder#platform-distro-compatibility-matrix @@ -213,6 +219,16 @@ copy_kernel_modules() OK "Kernel modules copied" } +error_handler() +{ + [ "$?" -eq 0 ] && return + + if [ -n "$GRACEFUL_EXIT" ] && [ -n "$BUILD_CAN_FAIL" ]; then + info "Detected a build error, but $distro is allowed to fail (BUILD_CAN_FAIL specified), so exiting sucessfully" + touch "$(dirname ${ROOTFS_DIR})/${distro}_fail" + exit 0 + fi +} while getopts a:hlo:r:t: opt do @@ -271,6 +287,11 @@ fi CONFIG_DIR=${distro_config_dir} check_function_exist "build_rootfs" +if [ -z "$INSIDE_CONTAINER" ] ; then + # Capture errors, but only outside of the docker container + trap error_handler ERR +fi + if [ -n "${USE_DOCKER}" ] ; then image_name="${distro}-rootfs-osbuilder" @@ -304,6 +325,7 @@ if [ -n "${USE_DOCKER}" ] ; then --env KERNEL_MODULES_DIR="${KERNEL_MODULES_DIR}" \ --env EXTRA_PKGS="${EXTRA_PKGS}" \ --env OSBUILDER_VERSION="${OSBUILDER_VERSION}" \ + --env INSIDE_CONTAINER=1 \ -v "${script_dir}":"/osbuilder" \ -v "${ROOTFS_DIR}":"/rootfs" \ -v "${script_dir}/../scripts":"/scripts" \ diff --git a/rootfs-builder/template/config_template.sh b/rootfs-builder/template/config_template.sh index b32bc7ada..9e98863c9 100644 --- a/rootfs-builder/template/config_template.sh +++ b/rootfs-builder/template/config_template.sh @@ -17,3 +17,6 @@ INIT_PROCESS=systemd # List of zero or more architectures to exclude from build, # as reported by `uname -m` ARCH_EXCLUDE_LIST=() +# [When uncommented,] Allow the build to fail without generating an error +# For more info see: https://github.com/kata-containers/osbuilder/issues/190 +#BUILD_CAN_FAIL=1 From ee7f2e1175371c00db33e3c63c17d7b8975cbac1 Mon Sep 17 00:00:00 2001 From: Marco Vedovati Date: Tue, 30 Oct 2018 19:26:32 +0100 Subject: [PATCH 144/307] tests: allow build to fail for specific distros When running test_images.sh, allow specific rootfs builds to fail without impacting the overall tests results. The distros allowed to fail are the ones specifying BUILD_CAN_FAIL in their config.sh. Fixes: #190 Signed-off-by: Marco Vedovati --- tests/test_images.sh | 63 ++++++++++++++++++++++++++++++-------------- 1 file changed, 43 insertions(+), 20 deletions(-) diff --git a/tests/test_images.sh b/tests/test_images.sh index a0a342a21..fce4348b2 100755 --- a/tests/test_images.sh +++ b/tests/test_images.sh @@ -22,6 +22,8 @@ readonly test_config=${script_dir}/test_config.sh readonly rootfs_builder=${script_dir}/../rootfs-builder/rootfs.sh readonly RUNTIME=${RUNTIME:-kata-runtime} readonly MACHINE_TYPE=`uname -m` +readonly CI=${CI:-} +readonly ci_results_dir="/var/osbuilder/tests" # all distro tests must have this prefix readonly test_func_prefix="test_distro_" @@ -221,6 +223,11 @@ setup() [ -z "$images_dir" ] && die "need images directory" mkdir -p "${images_dir}" + if [ -n "$CI" ]; then + sudo -E rm -rf ${ci_results_dir} + sudo -E mkdir -p ${ci_results_dir} + fi + export USE_DOCKER=true # Travis doesn't support VT-x @@ -258,7 +265,7 @@ get_distros_config() for d in ${distrosList[@]}; do debug "Getting config for distro $d" distroPattern="\<${d}\>" - if [[ "${skipWhenTestingAll[@]}" =~ $distroPattern ]]; then + if [[ "${skipWhenTestingAll[@]:-}" =~ $distroPattern ]]; then info "Skipping distro $d as specified by $(basename ${test_config})" continue fi @@ -360,7 +367,7 @@ call_make() { done makeJobs= - if [ -z "${CI:-}" ]; then + if [ -z "$CI" ]; then ((makeJobs=$(nproc) / 2)) fi @@ -385,7 +392,7 @@ make_initrd() { } get_rootfs_size() { - [ $# -ne 1 ] && die "get_rootfs_size with wrong invalid argument" + [ $# -ne 1 ] && die "get_rootfs_size: wrong number of arguments" local rootfs_dir=$1 ! [ -d "$rootfs_dir" ] && die "$rootfs_dir is not a valid rootfs path" @@ -393,6 +400,18 @@ get_rootfs_size() { sudo -E du -sb "${rootfs_dir}" | awk '{print $1}' } + +show_rootfs_metadata() { + [ $# -ne 1 ] && die "show_rootfs_metadata: wrong number of arguments" + local rootfs_path=$1 + local osbuilder_file_fullpath="${rootfs_path}/${osbuilder_file}" + echo -e "$separator" + yamllint "${osbuilder_file_fullpath}" + + info "osbuilder metadata file for $d:" + cat "${osbuilder_file_fullpath}" >&2 +} + # Create an image and/or initrd for the available distributions, # then test each by configuring the runtime and creating a container. # @@ -408,6 +427,10 @@ test_distros() local distro="$1" get_distros_config "$distro" local separator="~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n" + local commonMakeVars=( \ + USE_DOCKER=true \ + ROOTFS_BUILD_DEST="$tmp_rootfs" \ + IMAGES_BUILD_DEST="$images_dir" ) echo -e "$separator" @@ -429,6 +452,8 @@ test_distros() else info "Running tests for all distros" + # Graceful exit allowed for selected distros, but only when testing all distros + commonMakeVars+=(GRACEFUL_EXIT=1) fi # distro with systemd as init -> normal rootfs image @@ -437,11 +462,6 @@ test_distros() # If user does not need rootfs images, then do not build systemd rootfses [ -z "$build_images" ] && distrosSystemd=() - commonMakeVars=( \ - USE_DOCKER=true \ - ROOTFS_BUILD_DEST="$tmp_rootfs" \ - IMAGES_BUILD_DEST="$images_dir" ) - # Build systemd and agent rootfs with 2 separate jobs bgJobs=() @@ -462,18 +482,6 @@ test_distros() wait $j || die "Background build job failed" done - - for d in ${distrosSystemd[@]} ${distrosAgent[@]}; do - local rootfs_path="${tmp_rootfs}/${d}_rootfs" - osbuilder_file_fullpath="${rootfs_path}/${osbuilder_file}" - echo -e "$separator" - yamllint "${osbuilder_file_fullpath}" - - info "osbuilder metadata file for $d:" - cat "${osbuilder_file_fullpath}" >&2 - done - - # TODO: once support for rootfs images with kata-agent as init is in place, # uncomment the following line # for d in ${distrosSystemd[@]} ${distrosAgent[@]}; do @@ -482,6 +490,14 @@ test_distros() local image_path="${images_dir}/kata-containers-image-$d.img" local rootfs_size=$(get_rootfs_size "$rootfs_path") + # Skip failed distros + if [ -e "${tmp_rootfs}/${d}_fail" ]; then + info "Building rootfs for ${d} failed, not creating an image" + [ -n "$CI" ] && sudo -E touch "${ci_results_dir}/${d}_fail" + continue + fi + + show_rootfs_metadata "$rootfs_path" echo -e "$separator" info "Making rootfs image for ${d}" make_image ${commonMakeVars[@]} $d @@ -498,6 +514,13 @@ test_distros() local initrd_path="${images_dir}/kata-containers-initrd-$d.img" local rootfs_size=$(get_rootfs_size "$rootfs_path") + # Skip failed distros + if [ -e "${tmp_rootfs}/${d}_fail" ]; then + info "Building rootfs for ${d} failed, not creating an initrd" + [ -n "$CI" ] && touch "${ci_results_dir}/${d}_fail" + continue + fi + echo -e "$separator" info "Making initrd image for ${d}" make_initrd ${commonMakeVars[@]} AGENT_INIT=yes $d From 97f38c77061d0c95b41f59479beea7fcdfa2a9f0 Mon Sep 17 00:00:00 2001 From: Marco Vedovati Date: Tue, 30 Oct 2018 19:38:25 +0100 Subject: [PATCH 145/307] tests: allow euleros rootfs build to fail Update test config for euleros to allow build failures. Signed-off-by: Marco Vedovati --- rootfs-builder/euleros/config.sh | 3 +++ tests/test_config.sh | 13 +++++-------- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/rootfs-builder/euleros/config.sh b/rootfs-builder/euleros/config.sh index 2fcf8a735..d6f849dc2 100644 --- a/rootfs-builder/euleros/config.sh +++ b/rootfs-builder/euleros/config.sh @@ -22,3 +22,6 @@ INIT_PROCESS=systemd # List of zero or more architectures to exclude from build, # as reported by `uname -m` ARCH_EXCLUDE_LIST=() +# Allow the build to fail without generating an error. +# For more info see: https://github.com/kata-containers/osbuilder/issues/190 +BUILD_CAN_FAIL=1 diff --git a/tests/test_config.sh b/tests/test_config.sh index d91cdeab8..4e7627447 100644 --- a/tests/test_config.sh +++ b/tests/test_config.sh @@ -3,15 +3,12 @@ # # SPDX-License-Identifier: Apache-2.0 - -if [ -n "${CI:-}" ]; then - # "Not testing eurleros on Jenkins or Travis: - # (unreliable mirros, see: https://github.com/kata-containers/osbuilder/issues/182) - # (timeout, see: https://github.com/kata-containers/osbuilder/issues/46)" - skipWhenTestingAll=(euleros) -fi +# List of distros not to test, when running all tests with test_images.sh +typeset -a skipWhenTestingAll if [ -n "${TRAVIS:-}" ]; then - skipWhenTestingAll+=() + # (travis may timeout with euleros, see: + # https://github.com/kata-containers/osbuilder/issues/46)" + skipWhenTestingAll+=(euleros) fi From 8599143069649fd59d97212bffe966c59b1146a1 Mon Sep 17 00:00:00 2001 From: Leno Hou Date: Wed, 31 Oct 2018 12:58:32 +0800 Subject: [PATCH 146/307] rootfs.sh: enable curl use http_proxy This patch added -x option to curl: -x uses the http_proxy settings to download golang binary behind the firewall Fixes: #193 Signed-off-by: Leno Hou --- rootfs-builder/rootfs.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/rootfs-builder/rootfs.sh b/rootfs-builder/rootfs.sh index f700a7282..496bb62b5 100755 --- a/rootfs-builder/rootfs.sh +++ b/rootfs-builder/rootfs.sh @@ -140,8 +140,10 @@ generate_dockerfile() [ -n "$http_proxy" ] && readonly set_proxy="RUN sed -i '$ a proxy="$http_proxy"' /etc/dnf/dnf.conf /etc/yum.conf; true" + curlOptions=("-OL") + [ -n "$http_proxy" ] && curlOptions+=("-x $http_proxy") readonly install_go=" -RUN cd /tmp ; curl -OL https://storage.googleapis.com/golang/go${GO_VERSION}.linux-${goarch}.tar.gz +RUN cd /tmp ; curl ${curlOptions[@]} https://storage.googleapis.com/golang/go${GO_VERSION}.linux-${goarch}.tar.gz RUN tar -C /usr/ -xzf /tmp/go${GO_VERSION}.linux-${goarch}.tar.gz ENV GOROOT=/usr/go ENV PATH=\$PATH:\$GOROOT/bin:\$GOPATH/bin From a588140bc617cd000ff00aa5859f50b61c5f38b8 Mon Sep 17 00:00:00 2001 From: Nitesh Konkar Date: Tue, 25 Sep 2018 01:39:43 +0530 Subject: [PATCH 147/307] ci: Improve debugging info on travis CI run Fixes: #174 Signed-off-by: Nitesh Konkar niteshkonkar@in.ibm.com --- .ci/run.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.ci/run.sh b/.ci/run.sh index fb0b70e07..ed87a4edf 100755 --- a/.ci/run.sh +++ b/.ci/run.sh @@ -12,4 +12,4 @@ export GOPATH="${GOPATH:-/tmp/go}" script_dir="$(dirname $(readlink -f $0))" -sudo -E PATH="$PATH" bash "${script_dir}/../tests/test_images.sh" +sudo -E PATH="$PATH" bash -x "${script_dir}/../tests/test_images.sh" From 7f2371858c062c020507e7b5b331da677ce70ecf Mon Sep 17 00:00:00 2001 From: Nitesh Konkar Date: Fri, 9 Nov 2018 00:27:44 +0530 Subject: [PATCH 148/307] rootfs: Conditionally add libseccomp support in rootfs image If the rootfs is built with SECCOMP=yes environment variable then include libseccomp package inside the rootfs image. Else do not include it. Fixes: #155 Signed-off-by: Nitesh Konkar niteshkonkar@in.ibm.com --- rootfs-builder/alpine/config.sh | 2 ++ rootfs-builder/centos/config.sh | 2 ++ rootfs-builder/clearlinux/config.sh | 2 ++ rootfs-builder/euleros/config.sh | 2 ++ rootfs-builder/fedora/config.sh | 2 ++ rootfs-builder/rootfs.sh | 3 ++- rootfs-builder/ubuntu/config.sh | 2 ++ 7 files changed, 14 insertions(+), 1 deletion(-) diff --git a/rootfs-builder/alpine/config.sh b/rootfs-builder/alpine/config.sh index 117669baa..2b8d69a17 100644 --- a/rootfs-builder/alpine/config.sh +++ b/rootfs-builder/alpine/config.sh @@ -22,3 +22,5 @@ INIT_PROCESS=kata-agent # List of zero or more architectures to exclude from build, # as reported by `uname -m` ARCH_EXCLUDE_LIST=() + +[ "$SECCOMP" = "yes" ] && PACKAGES+=" libseccomp" || true diff --git a/rootfs-builder/centos/config.sh b/rootfs-builder/centos/config.sh index 75f6cc1bd..07637a961 100644 --- a/rootfs-builder/centos/config.sh +++ b/rootfs-builder/centos/config.sh @@ -34,3 +34,5 @@ INIT_PROCESS=systemd # List of zero or more architectures to exclude from build, # as reported by `uname -m` ARCH_EXCLUDE_LIST=() + +[ "$SECCOMP" = "yes" ] && PACKAGES+=" libseccomp" || true diff --git a/rootfs-builder/clearlinux/config.sh b/rootfs-builder/clearlinux/config.sh index 5deab3783..9f534c9a3 100644 --- a/rootfs-builder/clearlinux/config.sh +++ b/rootfs-builder/clearlinux/config.sh @@ -27,3 +27,5 @@ INIT_PROCESS=systemd # List of zero or more architectures to exclude from build, # as reported by `uname -m` ARCH_EXCLUDE_LIST=(ppc64le) + +[ "$SECCOMP" = "yes" ] && PACKAGES+=" libseccomp" || true diff --git a/rootfs-builder/euleros/config.sh b/rootfs-builder/euleros/config.sh index d6f849dc2..d6b412317 100644 --- a/rootfs-builder/euleros/config.sh +++ b/rootfs-builder/euleros/config.sh @@ -25,3 +25,5 @@ ARCH_EXCLUDE_LIST=() # Allow the build to fail without generating an error. # For more info see: https://github.com/kata-containers/osbuilder/issues/190 BUILD_CAN_FAIL=1 + +[ "$SECCOMP" = "yes" ] && PACKAGES+=" libseccomp" || true diff --git a/rootfs-builder/fedora/config.sh b/rootfs-builder/fedora/config.sh index 6bb6bd561..10315c48a 100644 --- a/rootfs-builder/fedora/config.sh +++ b/rootfs-builder/fedora/config.sh @@ -19,3 +19,5 @@ PACKAGES="iptables" # Init process must be one of {systemd,kata-agent} INIT_PROCESS=systemd ARCH_EXCLUDE_LIST=() + +[ "$SECCOMP" = "yes" ] && PACKAGES+=" libseccomp" || true diff --git a/rootfs-builder/rootfs.sh b/rootfs-builder/rootfs.sh index 978221d0b..dffc0b4a8 100755 --- a/rootfs-builder/rootfs.sh +++ b/rootfs-builder/rootfs.sh @@ -326,6 +326,7 @@ if [ -n "${USE_DOCKER}" ] ; then --env EXTRA_PKGS="${EXTRA_PKGS}" \ --env OSBUILDER_VERSION="${OSBUILDER_VERSION}" \ --env INSIDE_CONTAINER=1 \ + --env SECCOMP="${SECCOMP}" \ -v "${script_dir}":"/osbuilder" \ -v "${ROOTFS_DIR}":"/rootfs" \ -v "${script_dir}/../scripts":"/scripts" \ @@ -352,7 +353,7 @@ pushd "${GOPATH_LOCAL}/src/${GO_AGENT_PKG}" [ -n "${AGENT_VERSION}" ] && git checkout "${AGENT_VERSION}" && OK "git checkout successful" make clean make INIT=${AGENT_INIT} -make install DESTDIR="${ROOTFS_DIR}" INIT=${AGENT_INIT} +make install DESTDIR="${ROOTFS_DIR}" INIT=${AGENT_INIT} SECCOMP=${SECCOMP} popd AGENT_DIR="${ROOTFS_DIR}/usr/bin" diff --git a/rootfs-builder/ubuntu/config.sh b/rootfs-builder/ubuntu/config.sh index ed8ef7c2b..4c9c081a7 100644 --- a/rootfs-builder/ubuntu/config.sh +++ b/rootfs-builder/ubuntu/config.sh @@ -28,3 +28,5 @@ INIT_PROCESS=systemd # List of zero or more architectures to exclude from build, # as reported by `uname -m` ARCH_EXCLUDE_LIST=() + +[ "$SECCOMP" = "yes" ] && PACKAGES+=" libseccomp2" || true From 6f505389d92ce310df2e345a43ab90b21a4848be Mon Sep 17 00:00:00 2001 From: Alice Frosi Date: Wed, 15 Aug 2018 13:14:00 +0200 Subject: [PATCH 149/307] build: Add s390x architecture Fixes: #197 Co-authored-by: Yash D Jain Signed-off-by: Alice Frosi --- rootfs-builder/rootfs.sh | 3 +++ rootfs-builder/ubuntu/config.sh | 1 + 2 files changed, 4 insertions(+) diff --git a/rootfs-builder/rootfs.sh b/rootfs-builder/rootfs.sh index a281f07d7..f9ac21390 100755 --- a/rootfs-builder/rootfs.sh +++ b/rootfs-builder/rootfs.sh @@ -162,6 +162,9 @@ generate_dockerfile() "aarch64") goarch=arm64 ;; + "s390x") + goarch=s390x + ;; *) goarch=amd64 diff --git a/rootfs-builder/ubuntu/config.sh b/rootfs-builder/ubuntu/config.sh index 4c9c081a7..40263c12e 100644 --- a/rootfs-builder/ubuntu/config.sh +++ b/rootfs-builder/ubuntu/config.sh @@ -20,6 +20,7 @@ case $(arch) in x86_64) ARCHITECTURE="amd64";; ppc64le) ARCHITECTURE="ppc64el";; aarch64) ARCHITECTURE="arm64";; + s390x) ARCHITECTURE="s390x";; (*) die "$(arch) not supported " esac From eb92306c4897f5402bdc6691e97b99e0f2fc8c2a Mon Sep 17 00:00:00 2001 From: Marco Vedovati Date: Tue, 20 Nov 2018 18:57:11 +0100 Subject: [PATCH 150/307] tests: skip docker,kata install with KATA_DEV_MODE Skip installation of docker and kata packages when the environment variable KATA_DEV_MODE is not empty, as a dev system may be using a non standard setup. Fixes: #195 Signed-off-by: Marco Vedovati --- tests/README.md | 8 ++++---- tests/test_images.sh | 12 +++++++++++- 2 files changed, 15 insertions(+), 5 deletions(-) diff --git a/tests/README.md b/tests/README.md index a0e429ea0..bb82e3f94 100644 --- a/tests/README.md +++ b/tests/README.md @@ -7,10 +7,10 @@ osbuilder provides a test script that creates all images and initrds for all supported distributions and then tests them to ensure a Kata Container can be created with each. -The test script installs all required Kata components on the host system -before creating the images. - -To run all available osbuilder tests: +Before the build phase, the test script installs the Docker container manager +and all the Kata components required to run test containers. This step can be +skipped by setting the environment variable `KATA_DEV_MODE` to a non-empty +value. ``` $ ./test_images.sh diff --git a/tests/test_images.sh b/tests/test_images.sh index fce4348b2..b30b4e689 100755 --- a/tests/test_images.sh +++ b/tests/test_images.sh @@ -235,7 +235,17 @@ setup() [ ! -d "${tests_repo_dir}" ] && git clone "https://${tests_repo}" "${tests_repo_dir}" - chronic $mgr install-docker-system + if [ -z "${KATA_DEV_MODE:-}" ]; then + chronic $mgr install-docker-system + else + info "Running with KATA_DEV_MODE set, skipping installation of docker and kata packages" + # Make sure docker & kata are available + command -v docker >/dev/null || die "docker cannot be found on your PATH" + local cfgRuntime= + cfgRuntime="$(docker info --format "{{(index .Runtimes \"${RUNTIME}\").Path}}")" + [ -n "$cfgRuntime" ] || die "${RUNTIME} is not a configured runtime for docker" + [ -x "$cfgRuntime" ] || die "docker ${RUNTIME} is linked to an invalid executable: $cfgRuntime" + fi chronic $mgr enable-debug # Ensure "docker build" works From 9c0773a39964c4ce60e78a840664fc5f79645bdb Mon Sep 17 00:00:00 2001 From: Marco Vedovati Date: Wed, 21 Nov 2018 09:42:47 +0100 Subject: [PATCH 151/307] test: avoid errors in exit_handler Avoid generating errors in the exit_handler, as those could be misinterpreted as red herrings for the actual error being trapped. Signed-off-by: Marco Vedovati --- tests/test_images.sh | 25 ++++++++++++++++++++----- 1 file changed, 20 insertions(+), 5 deletions(-) diff --git a/tests/test_images.sh b/tests/test_images.sh index b30b4e689..ceef790a4 100755 --- a/tests/test_images.sh +++ b/tests/test_images.sh @@ -153,11 +153,26 @@ exit_handler() info "ERROR: test failed" # The test failed so dump what we can - info "images:" - sudo -E ls -l "${images_dir}" >&2 + if [ -d "${tmp_rootfs}" ]; then + info "rootfs:" + sudo -E ls -l "${tmp_rootfs}" >&2 + else + info "no rootfs created" + # If no rootfs are created, no need to dump other info + return + fi - info "rootfs:" - sudo -E ls -l "${tmp_rootfs}" >&2 + if [ -d "${images_dir}" ]; then + info "images:" + sudo -E ls -l "${images_dir}" >&2 + else + info "no images created" + # If no images are created, no need to dump other info + return + fi + + # Travis tests do not install kata + [ -n "${TRAVIS:-}" ] && return info "local runtime config:" cat /etc/kata-containers/configuration.toml >&2 @@ -172,7 +187,7 @@ exit_handler() sudo -E ps -efwww | egrep "docker|kata" >&2 # Restore the default image in config file - [ -n "${TRAVIS:-}" ] || chronic $mgr configure-image + chronic $mgr configure-image } die() From 8ffb0cbe905fcc6300615af626d85020dc107251 Mon Sep 17 00:00:00 2001 From: Hui Zhu Date: Thu, 22 Nov 2018 10:34:47 +0800 Subject: [PATCH 152/307] rootfs.sh: add environment variable AGENT_SOURCE_BIN AGENT_SOURCE_BIN is Path to the directory of agent binary. If set, use the binary as agent but not build agent package. Its default value is not set. Fixes: #203 Signed-off-by: Hui Zhu --- rootfs-builder/rootfs.sh | 42 +++++++++++++++++++++++++++------------- 1 file changed, 29 insertions(+), 13 deletions(-) diff --git a/rootfs-builder/rootfs.sh b/rootfs-builder/rootfs.sh index f9ac21390..04def902b 100755 --- a/rootfs-builder/rootfs.sh +++ b/rootfs-builder/rootfs.sh @@ -74,6 +74,10 @@ AGENT_INIT When set to "yes", use ${AGENT_BIN} as init process in place AGENT_VERSION Version of the agent to include in the rootfs. Default value: ${AGENT_VERSION:-} +AGENT_SOURCE_BIN Path to the directory of agent binary. + If set, use the binary as agent but not build agent package. + Default value: + GO_AGENT_PKG URL of the Git repository hosting the agent package. Default value: ${GO_AGENT_PKG} @@ -313,6 +317,13 @@ if [ -n "${USE_DOCKER}" ] ; then docker_run_args+=" --rm" docker_run_args+=" --runtime runc" + if [ -z "${AGENT_SOURCE_BIN}" ] ; then + docker_run_args+=" --env GO_AGENT_PKG=${GO_AGENT_PKG}" + else + docker_run_args+=" --env AGENT_SOURCE_BIN=${AGENT_SOURCE_BIN}" + docker_run_args+=" -v ${AGENT_SOURCE_BIN}:${AGENT_SOURCE_BIN}" + fi + docker_run_args+=" $(docker_extra_args $distro)" #Make sure we use a compatible runtime to build rootfs @@ -323,7 +334,6 @@ if [ -n "${USE_DOCKER}" ] ; then --env http_proxy="${http_proxy}" \ --env AGENT_VERSION="${AGENT_VERSION}" \ --env ROOTFS_DIR="/rootfs" \ - --env GO_AGENT_PKG="${GO_AGENT_PKG}" \ --env AGENT_BIN="${AGENT_BIN}" \ --env AGENT_INIT="${AGENT_INIT}" \ --env GOPATH="${GOPATH_LOCAL}" \ @@ -349,20 +359,26 @@ build_rootfs ${ROOTFS_DIR} [ -n "${KERNEL_MODULES_DIR}" ] && copy_kernel_modules ${KERNEL_MODULES_DIR} ${ROOTFS_DIR} -info "Pull Agent source code" -go get -d "${GO_AGENT_PKG}" || true -OK "Pull Agent source code" - -info "Build agent" -pushd "${GOPATH_LOCAL}/src/${GO_AGENT_PKG}" -[ -n "${AGENT_VERSION}" ] && git checkout "${AGENT_VERSION}" && OK "git checkout successful" -make clean -make INIT=${AGENT_INIT} -make install DESTDIR="${ROOTFS_DIR}" INIT=${AGENT_INIT} SECCOMP=${SECCOMP} -popd - AGENT_DIR="${ROOTFS_DIR}/usr/bin" AGENT_DEST="${AGENT_DIR}/${AGENT_BIN}" + +if [ -z "${AGENT_SOURCE_BIN}" ] ; then + info "Pull Agent source code" + go get -d "${GO_AGENT_PKG}" || true + OK "Pull Agent source code" + + info "Build agent" + pushd "${GOPATH_LOCAL}/src/${GO_AGENT_PKG}" + [ -n "${AGENT_VERSION}" ] && git checkout "${AGENT_VERSION}" && OK "git checkout successful" + make clean + make INIT=${AGENT_INIT} + make install DESTDIR="${ROOTFS_DIR}" INIT=${AGENT_INIT} SECCOMP=${SECCOMP} + popd +else + cp ${AGENT_SOURCE_BIN} ${AGENT_DEST} + OK "cp ${AGENT_SOURCE_BIN} ${AGENT_DEST}" +fi + [ -x "${AGENT_DEST}" ] || die "${AGENT_DEST} is not installed in ${ROOTFS_DIR}" OK "Agent installed" From b7abc2777685fecf098262308bb5eccf6c134548 Mon Sep 17 00:00:00 2001 From: Peng Tao Date: Thu, 22 Nov 2018 11:34:50 +0800 Subject: [PATCH 153/307] release: Kata Containers 1.4.0 - Add s390x architecture - rootfs: Conditionally add libseccomp support in rootfs image - rootfs.sh: enable curl use http_proxy - tests: allow rootfs build to fail for specific distros - docs: Fix link in README - tests: get config from distro-specific config.sh - Add support for suse rootfs - tests: handle docker set runtime for systemd / sysconfig - tests: Sort size summary by image size and rootfs size - tests: parallel images build support 6f50538 build: Add s390x architecture 7f23718 rootfs: Conditionally add libseccomp support in rootfs image a588140 ci: Improve debugging info on travis CI run 8599143 rootfs.sh: enable curl use http_proxy 97f38c7 tests: allow euleros rootfs build to fail ee7f2e1 tests: allow build to fail for specific distros 57d0a83 rootfs.sh: trap build errors for specific distros c8ae9c0 rootfs.sh: improve usage output 06437bb docs: Fix link in README 962b7ee tests: get config from distro-specific config.sh be3bea4 rootfs.sh: add options to list and get test config 3b3f044 tests: handle docker set runtime for systemd / sysconfig fc4c23f tests: Sort size summary by image size and rootfs size 83d8838 osbuilder: Add support for openSUSE rootfs image 7c443ed travis: remove AGENT_INIT env combinations 562be90 tests: support parallel building of artifacts Signed-off-by: Peng Tao --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index f0bb29e76..88c5fb891 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.3.0 +1.4.0 From 06c8d88eb6827d3fabf034716dc9d243aef5c440 Mon Sep 17 00:00:00 2001 From: Jose Carlos Venegas Munoz Date: Fri, 23 Nov 2018 11:29:39 -0600 Subject: [PATCH 154/307] makefile: Add make install allow install osbuilder scripts. Example: make install DESTDIR=/tmp/t export DISTRO_REPO=1 export GOPATH=~/go export AGENT_SOURCE_BIN=/tmp/usr/bin/kata-agent /tmp/t/usr/libexec/kata-containers/osbuilder/rootfs-builder/rootfs.sh fedora pushd /tmp/t/usr/libexec/kata-containers/osbuilder/rootfs-builder /tmp/t/usr/libexec/kata-containers/osbuilder/image-builder/image_builder.sh $(pwd)/rootfs-Fedora Fixes: #206 Signed-off-by: Jose Carlos Venegas Munoz --- Makefile | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/Makefile b/Makefile index ec23eb654..93a57d13a 100644 --- a/Makefile +++ b/Makefile @@ -88,6 +88,40 @@ test-initrd-only: list-distros: @ $(ROOTFS_BUILDER) -l +DESTDIR := / +KATADIR := /usr/libexec/kata-containers +OSBUILDER_DIR := $(KATADIR)/osbuilder +INSTALL_DIR :=$(DESTDIR)/$(OSBUILDER_DIR) +DIST_CONFIGS:= $(wildcard rootfs-builder/*/config.sh) + +SCRIPTS := +SCRIPTS += rootfs-builder/rootfs.sh +SCRIPTS += image-builder/image_builder.sh +SCRIPTS += initrd-builder/initrd_builder.sh + +FILES := +FILES += rootfs-builder/versions.txt +FILES += scripts/lib.sh + +define INSTALL_FILE + echo "Installing $(abspath $2/$1)"; + install -m 644 -D $1 $2/$1; +endef + +define INSTALL_SCRIPT + echo "Installing $(abspath $2/$1)"; + install -m 755 -D $1 $(abspath $2/$1); +endef + +.PHONY: install-scripts +install-scripts: + @echo "Installing scripts" + @$(foreach f,$(SCRIPTS),$(call INSTALL_SCRIPT,$f,$(INSTALL_DIR))) + @echo "Installing helper files" + @$(foreach f,$(FILES),$(call INSTALL_FILE,$f,$(INSTALL_DIR))) + @echo "Installing installing config files" + @$(foreach f,$(DIST_CONFIGS),$(call INSTALL_FILE,$f,$(INSTALL_DIR))) + .PHONY: clean clean: rm -rf $(DISTRO_ROOTFS_MARKER) $(DISTRO_ROOTFS) $(DISTRO_IMAGE) $(DISTRO_INITRD) From f9945608591374feb9bd6f4feda853f594bbfb91 Mon Sep 17 00:00:00 2001 From: Marco Vedovati Date: Tue, 27 Nov 2018 13:08:27 +0100 Subject: [PATCH 155/307] rootfs: Bump golang version to 1.11.1 Bump the golang version to 1.11.1, that is the "newest-version" currently specified in the runtime version file. Fixes: #208 Signed-off-by: Marco Vedovati --- rootfs-builder/versions.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rootfs-builder/versions.txt b/rootfs-builder/versions.txt index 07aa19021..a686225cc 100644 --- a/rootfs-builder/versions.txt +++ b/rootfs-builder/versions.txt @@ -1 +1 @@ -GO_VERSION=1.9.2 +GO_VERSION=1.11.1 From 1bbf1e41063f0d301f213813847cd150b60bdafd Mon Sep 17 00:00:00 2001 From: Jose Carlos Venegas Munoz Date: Fri, 23 Nov 2018 11:32:42 -0600 Subject: [PATCH 156/307] rootfs: Allow use host repositories. Instead of create a dnf repository allow the config from the host. Signed-off-by: Jose Carlos Venegas Munoz --- rootfs-builder/rootfs.sh | 8 ++++++++ scripts/lib.sh | 13 ++++++++----- 2 files changed, 16 insertions(+), 5 deletions(-) diff --git a/rootfs-builder/rootfs.sh b/rootfs-builder/rootfs.sh index 04def902b..cb2f7dd7d 100755 --- a/rootfs-builder/rootfs.sh +++ b/rootfs-builder/rootfs.sh @@ -78,6 +78,9 @@ AGENT_SOURCE_BIN Path to the directory of agent binary. If set, use the binary as agent but not build agent package. Default value: +DISTRO_REPO Use host repositories to install guest packages. + Default value: + GO_AGENT_PKG URL of the Git repository hosting the agent package. Default value: ${GO_AGENT_PKG} @@ -356,6 +359,11 @@ fi mkdir -p ${ROOTFS_DIR} build_rootfs ${ROOTFS_DIR} +pushd "${ROOTFS_DIR}" >> /dev/null +if [ "$PWD" != "/" ] ; then + rm -rf ./var/cache/dnf/ +fi +popd >> /dev/null [ -n "${KERNEL_MODULES_DIR}" ] && copy_kernel_modules ${KERNEL_MODULES_DIR} ${ROOTFS_DIR} diff --git a/scripts/lib.sh b/scripts/lib.sh index ca7f50001..d725a7751 100644 --- a/scripts/lib.sh +++ b/scripts/lib.sh @@ -47,7 +47,7 @@ check_root() generate_dnf_config() { REPO_NAME=${REPO_NAME:-"base"} - CACHE_DIR=${CACHE_DIR:-"/var/cache/dnf-${OS_NAME}"} + CACHE_DIR=${CACHE_DIR:-"/var/cache/dnf"} cat > "${DNF_CONF}" << EOF [main] cachedir=${CACHE_DIR} @@ -118,7 +118,7 @@ build_rootfs() #local CONFIG_DIR=${CONFIG_DIR} check_root - if [ ! -f "${DNF_CONF}" ]; then + if [ ! -f "${DNF_CONF}" ] && [ -z "${DISTRO_REPO}" ] ; then DNF_CONF="./kata-${OS_NAME}-dnf.conf" generate_dnf_config fi @@ -133,10 +133,13 @@ build_rootfs() die "neither yum nor dnf is installed" fi - DNF="${PKG_MANAGER} --config=$DNF_CONF -y --installroot=${ROOTFS_DIR} --noplugins" + DNF="${PKG_MANAGER} -y --installroot=${ROOTFS_DIR} --noplugins" + if [ -n "${DNF_CONF}" ] ; then + DNF="${DNF} --config=${DNF_CONF}" + else + DNF="${DNF} --releasever=${OS_VERSION}" + fi $DNF install ${EXTRA_PKGS} ${PACKAGES} - - [ -n "${ROOTFS_DIR}" ] && rm -r "${ROOTFS_DIR}${CACHE_DIR}" } # Create a YAML metadata file inside the rootfs. From 434fff890a43ae489b92b4fc1b6a8cc12a4db8cb Mon Sep 17 00:00:00 2001 From: Jose Carlos Venegas Munoz Date: Sun, 25 Nov 2018 23:20:14 -0600 Subject: [PATCH 157/307] rootfs_builder: Dont fail if GOPATH not defined. Define GOPATH if is not set. Signed-off-by: Jose Carlos Venegas Munoz --- rootfs-builder/rootfs.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/rootfs-builder/rootfs.sh b/rootfs-builder/rootfs.sh index cb2f7dd7d..dfedc8569 100755 --- a/rootfs-builder/rootfs.sh +++ b/rootfs-builder/rootfs.sh @@ -16,6 +16,7 @@ AGENT_BIN=${AGENT_BIN:-kata-agent} AGENT_INIT=${AGENT_INIT:-no} KERNEL_MODULES_DIR=${KERNEL_MODULES_DIR:-""} OSBUILDER_VERSION="unknown" +export GOPATH=${GOPATH:-${HOME}/go} lib_file="${script_dir}/../scripts/lib.sh" source "$lib_file" From 804286f90d8553dc8a7c00274f14c640fecb0ad2 Mon Sep 17 00:00:00 2001 From: Marco Vedovati Date: Tue, 11 Dec 2018 18:44:06 +0100 Subject: [PATCH 158/307] suse: fix port URL detection for aarch64 Fix port URL detection for aarch64, and error out if an unknown architecture is detected. Fixes: #215 Signed-off-by: Marco Vedovati --- rootfs-builder/suse/config.sh | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/rootfs-builder/suse/config.sh b/rootfs-builder/suse/config.sh index 8f4352560..295e0b790 100644 --- a/rootfs-builder/suse/config.sh +++ b/rootfs-builder/suse/config.sh @@ -35,15 +35,19 @@ SUSE_URL_BASE="${REPO_TRANSPORT}://${REPO_DOMAIN}" SUSE_PATH_OSS="/distribution/${OS_DISTRO,,}/$OS_VERSION/repo/oss" SUSE_PATH_UPDATE="/update/${OS_DISTRO,,}/$OS_VERSION/oss" -case "$(uname -m)" in +arch="$(uname -m)" +case "$arch" in x86_64) REPO_URL_PORT="" ;; ppc|ppc64le) REPO_URL_PORT="/ports/ppc" ;; + aarch64) + REPO_URL_PORT="/ports/aarch64" + ;; *) - REPO_URL_PORT="/ports/$arch" + die "Unsupported architecture: $arch" ;; esac SUSE_FULLURL_OSS="${SUSE_URL_BASE}${REPO_URL_PORT}${SUSE_PATH_OSS}" From 3366a32077b085d7a1aec887664563d3fa921b40 Mon Sep 17 00:00:00 2001 From: Marco Vedovati Date: Wed, 12 Dec 2018 18:16:32 +0100 Subject: [PATCH 159/307] README: add ARM architecture to openSUSE The openSUSE image can be built for ARM. Signed-off-by: Marco Vedovati --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index eeecc24e1..ba3b8bad1 100644 --- a/README.md +++ b/README.md @@ -122,6 +122,6 @@ For further details, see [the tests documentation](tests/README.md). | |Alpine |CentOS |ClearLinux |Debian/Ubuntu |EulerOS |Fedora |openSUSE | |-- |-- |-- |-- |-- |-- |-- |-- | -|**ARM64** |:heavy_check_mark:|:heavy_check_mark:| | |:heavy_check_mark:|:heavy_check_mark:| | +|**ARM64** |:heavy_check_mark:|:heavy_check_mark:| | |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:| |**PPC64le**|:heavy_check_mark:|:heavy_check_mark:| |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:| |**x86_64** |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:| From de7fe193ab2f4cb3e948331fcd7c1f62d922f62c Mon Sep 17 00:00:00 2001 From: Alice Frosi Date: Thu, 13 Dec 2018 14:38:49 +0100 Subject: [PATCH 160/307] s390x: set CC for fedora Fixes: #217 Signed-off-by: Alice Frosi --- rootfs-builder/rootfs.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/rootfs-builder/rootfs.sh b/rootfs-builder/rootfs.sh index dfedc8569..f1a2f7025 100755 --- a/rootfs-builder/rootfs.sh +++ b/rootfs-builder/rootfs.sh @@ -368,6 +368,10 @@ popd >> /dev/null [ -n "${KERNEL_MODULES_DIR}" ] && copy_kernel_modules ${KERNEL_MODULES_DIR} ${ROOTFS_DIR} +# The CC on s390x for fedora needs to be manually set to gcc when the golang is downloaded from the main page. +# See issue: https://github.com/kata-containers/osbuilder/issues/217 +[ "$distro" == fedora ] && [ "$ARCH" == "s390x" ] && export CC=gcc + AGENT_DIR="${ROOTFS_DIR}/usr/bin" AGENT_DEST="${AGENT_DIR}/${AGENT_BIN}" From be97380a3b626c6a38e4cc2c72a2855cb43ea693 Mon Sep 17 00:00:00 2001 From: Salvador Fuentes Date: Fri, 14 Dec 2018 08:09:52 -0600 Subject: [PATCH 161/307] setup: Add make and gcc as dependencies We require make and gcc to run our CI tools. Fixes: #219. Signed-off-by: Salvador Fuentes --- .ci/setup.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.ci/setup.sh b/.ci/setup.sh index bfa52b6fe..8ddded15b 100755 --- a/.ci/setup.sh +++ b/.ci/setup.sh @@ -14,7 +14,7 @@ source "${cidir}/lib.sh" source /etc/os-release if [ "$ID" == fedora ];then - sudo -E dnf -y install automake yamllint coreutils moreutils bc + sudo -E dnf -y install automake yamllint coreutils moreutils bc make gcc elif [ "$ID" == centos ];then sudo -E yum -y install epel-release sudo -E yum -y install automake yamllint coreutils moreutils bc From c3d77aea6a13074d5c2ae6262c493f41a3cd7c71 Mon Sep 17 00:00:00 2001 From: Alice Frosi Date: Mon, 17 Dec 2018 10:32:42 +0100 Subject: [PATCH 162/307] docs: add s390 to the compatibility matrix Fixes: #198 Signed-off-by: Alice Frosi --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index ba3b8bad1..c65ced161 100644 --- a/README.md +++ b/README.md @@ -124,4 +124,5 @@ For further details, see [the tests documentation](tests/README.md). |-- |-- |-- |-- |-- |-- |-- |-- | |**ARM64** |:heavy_check_mark:|:heavy_check_mark:| | |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:| |**PPC64le**|:heavy_check_mark:|:heavy_check_mark:| |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:| +|**s390x** |:heavy_check_mark:| | |:heavy_check_mark:| |:heavy_check_mark:| | |**x86_64** |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:| From d890478fa27c85b94f6a11e20ceb2a5c27282f22 Mon Sep 17 00:00:00 2001 From: Peng Tao Date: Fri, 21 Dec 2018 17:11:51 +0800 Subject: [PATCH 163/307] release: Kata Containers 1.5.0-rc2 - docs: update compatibility matrix with s390 - setup: Add make and gcc as dependencies - suse: fix port URL detection for aarch64 - s390x: set CC for fedora - Add 'install' target to makefile - rootfs: Bump golang version to 1.11.1 - tests: skip docker,kata install with KATA_DEV_MODE c3d77ae docs: add s390 to the compatibility matrix be97380 setup: Add make and gcc as dependencies de7fe19 s390x: set CC for fedora 3366a32 README: add ARM architecture to openSUSE 804286f suse: fix port URL detection for aarch64 434fff8 rootfs_builder: Dont fail if GOPATH not defined. 1bbf1e4 rootfs: Allow use host repositories. f994560 rootfs: Bump golang version to 1.11.1 06c8d88 makefile: Add make install 9c0773a test: avoid errors in exit_handler eb92306 tests: skip docker,kata install with KATA_DEV_MODE Signed-off-by: Peng Tao --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index 88c5fb891..e37281251 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.4.0 +1.5.0-rc2 From e4d5c1b751f7bdeb09389f49fd80ea21522602a6 Mon Sep 17 00:00:00 2001 From: Penny Zheng Date: Mon, 14 Jan 2019 17:49:56 +0800 Subject: [PATCH 164/307] memory_hotplug: MEM_BOUNDARY_MB should be arch-dependent As runtime/#624(https://github.com/kata-containers/runtime/pull/624#discussion_r212534586) discussed before, the size of memory section is arch-dependent. For arm64, it should be 1G, not 128MB. Fixes: #224 Signed-off-by: Penny Zheng --- image-builder/image_builder.sh | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/image-builder/image_builder.sh b/image-builder/image_builder.sh index d85c15733..15edcb085 100755 --- a/image-builder/image_builder.sh +++ b/image-builder/image_builder.sh @@ -50,8 +50,12 @@ MAX_IMG_SIZE_MB=2048 FS_TYPE=${FS_TYPE:-"ext4"} -# In order to support memory hotplug, image must be aligned to 128M -MEM_BOUNDARY=128 +# In order to support memory hotplug, image must be aligned to memory section(size in MB) according to different architecture. +ARCH=$(arch) +case "$ARCH" in + aarch64) MEM_BOUNDARY_MB=1024 ;; + *) MEM_BOUNDARY_MB=128 ;; +esac # Maximum no of attempts to create a root disk before giving up MAX_ATTEMPTS=5 @@ -139,20 +143,21 @@ OK "Agent installed" ROOTFS_SIZE=$(du -B 1MB -s "${ROOTFS}" | awk '{print $1}') BLOCK_SIZE=${BLOCK_SIZE:-4096} OLD_IMG_SIZE=0 +ORIG_MEM_BOUNDARY_MB=${MEM_BOUNDARY_MB} align_memory() { - remaining=$(($IMG_SIZE % $MEM_BOUNDARY)) + remaining=$(($IMG_SIZE % $MEM_BOUNDARY_MB)) if [ "$remaining" != "0" ];then - warning "image size '$IMG_SIZE' is not aligned to memory boundary '$MEM_BOUNDARY', aligning it" - IMG_SIZE=$(($IMG_SIZE + $MEM_BOUNDARY - $remaining)) + warning "image size '$IMG_SIZE' is not aligned to memory boundary '$MEM_BOUNDARY_MB', aligning it" + IMG_SIZE=$(($IMG_SIZE + $MEM_BOUNDARY_MB - $remaining)) fi } # Calculate image size based on the rootfs calculate_img_size() { - IMG_SIZE=${IMG_SIZE:-$MEM_BOUNDARY} + IMG_SIZE=${IMG_SIZE:-$MEM_BOUNDARY_MB} align_memory if [ -n "$ROOT_FREE_SPACE" ] && [ "$IMG_SIZE" -gt "$ROOTFS_SIZE" ]; then info "Ensure that root partition has at least ${ROOT_FREE_SPACE}MB of free space" @@ -258,8 +263,8 @@ create_rootfs_disk() # if the available disk space is less than rootfs size, repeat the process # of disk creation by adding 5% in the inital assumed value $ROOTFS_SIZE if [ $ROOTFS_SIZE -gt $AVAIL_DISK ]; then - # Increase the size but remain aligned to 128 - MEM_BOUNDARY=$(($MEM_BOUNDARY+128)) + # Increase the size but remain aligned to the original MEM_BOUNDARY_MB, which is stored in $ORIG_MEM_BOUNDARY_MB + MEM_BOUNDARY_MB=$(($MEM_BOUNDARY_MB+$ORIG_MEM_BOUNDARY_MB)) OLD_IMG_SIZE=${IMG_SIZE} unset IMG_SIZE unmount From 8963b8e3c9134702a8eb21132a60785504753eb3 Mon Sep 17 00:00:00 2001 From: Graham Whaley Date: Wed, 6 Feb 2019 16:14:24 +0000 Subject: [PATCH 165/307] pullapprove: remove it We are moving off pullapprove. Remove its config file. Fixes: #228 Signed-off-by: Graham Whaley --- .pullapprove.yml | 43 ------------------------------------------- 1 file changed, 43 deletions(-) delete mode 100644 .pullapprove.yml diff --git a/.pullapprove.yml b/.pullapprove.yml deleted file mode 100644 index 014b3cb6b..000000000 --- a/.pullapprove.yml +++ /dev/null @@ -1,43 +0,0 @@ -version: 2 - -requirements: - signed_off_by: - required: true - -# Disallow approval of PRs still under development -always_pending: - title_regex: '(WIP|RFC)' - labels: - - do-not-merge - - wip - - rfc - explanation: 'Work in progress - do not merge' - -group_defaults: - approve_by_comment: - enabled: true - approve_regex: '^(LGTM|lgtm|Approved|\+1|:\+1:)' - reject_regex: '^(Rejected|-1|:-1:)' - reset_on_push: - enabled: false - reset_on_reopened: - enabled: false - author_approval: - ignored: true - -groups: - approvers: - required: 2 - teams: - - builder - - documentation: - required: 1 - teams: - - documentation - conditions: - files: - include: - - "*.md" - exclude: - - "vendor/*" From f38c67da0c28392907602579e405c5a9b59a59d1 Mon Sep 17 00:00:00 2001 From: "James O. D. Hunt" Date: Tue, 5 Feb 2019 10:55:55 +0000 Subject: [PATCH 166/307] arch: Remove calls to arch command The `arch(1)` command is not available on some systems so use the `uname(1)` command for the equivalent functionality. Fixes #150. Signed-off-by: James O. D. Hunt --- image-builder/image_builder.sh | 2 +- rootfs-builder/alpine/Dockerfile.in | 4 +--- rootfs-builder/rootfs.sh | 4 ++-- rootfs-builder/ubuntu/config.sh | 4 ++-- 4 files changed, 6 insertions(+), 8 deletions(-) diff --git a/image-builder/image_builder.sh b/image-builder/image_builder.sh index 15edcb085..21791e366 100755 --- a/image-builder/image_builder.sh +++ b/image-builder/image_builder.sh @@ -51,7 +51,7 @@ MAX_IMG_SIZE_MB=2048 FS_TYPE=${FS_TYPE:-"ext4"} # In order to support memory hotplug, image must be aligned to memory section(size in MB) according to different architecture. -ARCH=$(arch) +ARCH=$(uname -m) case "$ARCH" in aarch64) MEM_BOUNDARY_MB=1024 ;; *) MEM_BOUNDARY_MB=128 ;; diff --git a/rootfs-builder/alpine/Dockerfile.in b/rootfs-builder/alpine/Dockerfile.in index aa01c9e14..1b150626f 100644 --- a/rootfs-builder/alpine/Dockerfile.in +++ b/rootfs-builder/alpine/Dockerfile.in @@ -5,6 +5,4 @@ From golang:@GO_VERSION@-alpine3.7 -# The "coreutils" package on alpine for reasons unknown does not provide arch(1), so simulate it. -RUN apk update && apk add git make bash gcc musl-dev linux-headers apk-tools-static libseccomp libseccomp-dev && \ - echo -e '#!/bin/sh\nuname -m' > /usr/bin/arch && chmod +x /usr/bin/arch +RUN apk update && apk add git make bash gcc musl-dev linux-headers apk-tools-static libseccomp libseccomp-dev diff --git a/rootfs-builder/rootfs.sh b/rootfs-builder/rootfs.sh index f1a2f7025..653276e1b 100755 --- a/rootfs-builder/rootfs.sh +++ b/rootfs-builder/rootfs.sh @@ -22,7 +22,7 @@ lib_file="${script_dir}/../scripts/lib.sh" source "$lib_file" # Default architecture -ARCH=$(arch) +ARCH=$(uname -m) # Load default versions for golang and other componets source "${script_dir}/versions.txt" @@ -162,7 +162,7 @@ generate_dockerfile() { dir="$1" - case "$(arch)" in + case "$(uname -m)" in "ppc64le") goarch=ppc64le ;; diff --git a/rootfs-builder/ubuntu/config.sh b/rootfs-builder/ubuntu/config.sh index 40263c12e..c23704f5f 100644 --- a/rootfs-builder/ubuntu/config.sh +++ b/rootfs-builder/ubuntu/config.sh @@ -16,12 +16,12 @@ PACKAGES="systemd iptables init" DEBOOTSTRAP=${PACKAGE_MANAGER:-"debootstrap"} -case $(arch) in +case $(uname -m) in x86_64) ARCHITECTURE="amd64";; ppc64le) ARCHITECTURE="ppc64el";; aarch64) ARCHITECTURE="arm64";; s390x) ARCHITECTURE="s390x";; - (*) die "$(arch) not supported " + (*) die "$(uname -m) not supported " esac # Init process must be one of {systemd,kata-agent} From b4de168cf4e3b0857e3ae14991e8852e2785fefd Mon Sep 17 00:00:00 2001 From: Julio Montes Date: Mon, 11 Mar 2019 11:46:17 -0600 Subject: [PATCH 167/307] tests: skip euleros euleros mirrors are down almost all time, don't fail if euleros rootfs or image can't be generated. fixes #238 Signed-off-by: James O. D. Hunt Signed-off-by: Julio Montes --- tests/test_config.sh | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/tests/test_config.sh b/tests/test_config.sh index 4e7627447..357938d22 100644 --- a/tests/test_config.sh +++ b/tests/test_config.sh @@ -6,9 +6,8 @@ # List of distros not to test, when running all tests with test_images.sh typeset -a skipWhenTestingAll -if [ -n "${TRAVIS:-}" ]; then - # (travis may timeout with euleros, see: - # https://github.com/kata-containers/osbuilder/issues/46)" +if [ -n "${CI:-}" ]; then + # CI tests may timeout with euleros, see: + # https://github.com/kata-containers/osbuilder/issues/46" skipWhenTestingAll+=(euleros) fi - From 519bbe8f6639a1290975835ae475602ab3244d3f Mon Sep 17 00:00:00 2001 From: Julio Montes Date: Mon, 11 Mar 2019 15:14:44 -0600 Subject: [PATCH 168/307] tests: remove docker before installing the newer version In some distros docker is already installed and the CI fails because the newer version can't be installed because it conflicts with the old version. Remove old version before installing the newer version of docker. fixes #241 Signed-off-by: Julio Montes --- tests/test_images.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/test_images.sh b/tests/test_images.sh index ceef790a4..3971ca8a7 100755 --- a/tests/test_images.sh +++ b/tests/test_images.sh @@ -251,6 +251,7 @@ setup() [ ! -d "${tests_repo_dir}" ] && git clone "https://${tests_repo}" "${tests_repo_dir}" if [ -z "${KATA_DEV_MODE:-}" ]; then + chronic $mgr remove-docker chronic $mgr install-docker-system else info "Running with KATA_DEV_MODE set, skipping installation of docker and kata packages" From 35588dd3038702df65810dbc74d5aaab0578e4a0 Mon Sep 17 00:00:00 2001 From: Julio Montes Date: Tue, 12 Mar 2019 10:18:50 -0600 Subject: [PATCH 169/307] tests: install kata containers components from master build and install kata containers components from master and run osbuilder tests. fixes #242 Signed-off-by: Julio Montes --- tests/test_images.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/tests/test_images.sh b/tests/test_images.sh index 3971ca8a7..36100fca5 100755 --- a/tests/test_images.sh +++ b/tests/test_images.sh @@ -251,8 +251,9 @@ setup() [ ! -d "${tests_repo_dir}" ] && git clone "https://${tests_repo}" "${tests_repo_dir}" if [ -z "${KATA_DEV_MODE:-}" ]; then - chronic $mgr remove-docker - chronic $mgr install-docker-system + "${tests_repo_dir}/.ci/setup.sh" + mkdir -p /etc/kata-containers/ + sudo cp -a /usr/share/defaults/kata-containers/configuration.toml /etc/kata-containers/configuration.toml else info "Running with KATA_DEV_MODE set, skipping installation of docker and kata packages" # Make sure docker & kata are available From 8065bb615a2e7687e723ae0b1436ff2663ec3f61 Mon Sep 17 00:00:00 2001 From: Julio Montes Date: Fri, 8 Mar 2019 11:42:46 -0600 Subject: [PATCH 170/307] rootfs-builder: delete dnf and rmp data dnf and rmp data are not needed in the final rootfs, removing them we save 2MB of disk Signed-off-by: Julio Montes --- rootfs-builder/rootfs.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rootfs-builder/rootfs.sh b/rootfs-builder/rootfs.sh index 653276e1b..a1b10eb61 100755 --- a/rootfs-builder/rootfs.sh +++ b/rootfs-builder/rootfs.sh @@ -362,7 +362,7 @@ mkdir -p ${ROOTFS_DIR} build_rootfs ${ROOTFS_DIR} pushd "${ROOTFS_DIR}" >> /dev/null if [ "$PWD" != "/" ] ; then - rm -rf ./var/cache/dnf/ + rm -rf ./var/cache/ ./var/lib fi popd >> /dev/null From 71ccc0a6eab62b0f9df52913adfe17b17e2ae76b Mon Sep 17 00:00:00 2001 From: Julio Montes Date: Fri, 8 Mar 2019 10:08:14 -0600 Subject: [PATCH 171/307] mage-builder: remove -s option and IMG_SIZE envar guest kernel needs 64 bytes of DRAM per 4K page of emulated PMEM, hence the image size should be as small as possible to reduce the container's memory footprint. The image size is recalculated automatically if it's too small to contain the rootfs. Signed-off-by: Julio Montes --- Makefile | 5 ++--- image-builder/image_builder.sh | 14 +------------- 2 files changed, 3 insertions(+), 16 deletions(-) diff --git a/Makefile b/Makefile index 93a57d13a..52c451cb9 100644 --- a/Makefile +++ b/Makefile @@ -9,7 +9,6 @@ ROOTFS_BUILDER := $(MK_DIR)/rootfs-builder/rootfs.sh INITRD_BUILDER := $(MK_DIR)/initrd-builder/initrd_builder.sh IMAGE_BUILDER := $(MK_DIR)/image-builder/image_builder.sh -IMG_SIZE = 500 AGENT_INIT ?= no DISTRO ?= centos ROOTFS_BUILD_DEST := $(PWD) @@ -42,7 +41,7 @@ image-%: $(IMAGES_BUILD_DEST)/kata-containers-image-%.img .PRECIOUS: $(IMAGES_BUILD_DEST)/kata-containers-image-%.img $(IMAGES_BUILD_DEST)/kata-containers-image-%.img: rootfs-% @echo Creating image based on $^ - $(IMAGE_BUILDER) -s $(IMG_SIZE) -o $@ $(ROOTFS_BUILD_DEST)/$*_rootfs + $(IMAGE_BUILDER) -o $@ $(ROOTFS_BUILD_DEST)/$*_rootfs initrd-%: $(IMAGES_BUILD_DEST)/kata-containers-initrd-%.img @ # DONT remove. This is not cancellation rule. @@ -63,7 +62,7 @@ image: $(DISTRO_IMAGE) $(DISTRO_IMAGE): $(DISTRO_ROOTFS_MARKER) @echo Creating image based on "$(DISTRO_ROOTFS)" - $(IMAGE_BUILDER) -s "$(IMG_SIZE)" "$(DISTRO_ROOTFS)" + $(IMAGE_BUILDER) "$(DISTRO_ROOTFS)" .PHONY: initrd initrd: $(DISTRO_INITRD) diff --git a/image-builder/image_builder.sh b/image-builder/image_builder.sh index 21791e366..017b91d61 100755 --- a/image-builder/image_builder.sh +++ b/image-builder/image_builder.sh @@ -17,6 +17,7 @@ source "$lib_file" [ "$(id -u)" -eq 0 ] || die "$0: must be run as root" IMAGE="${IMAGE:-kata-containers.img}" +IMG_SIZE=128 AGENT_BIN=${AGENT_BIN:-kata-agent} AGENT_INIT=${AGENT_INIT:-no} @@ -27,13 +28,10 @@ usage() Usage: ${script_name} [options] This script will create a Kata Containers image file of an adequate size based on the directory. - The size of the image can be also be specified manually - by '-s' flag. Options: -h Show this help -o path to generate image file ENV: IMAGE - -s Image size in MB ENV: IMG_SIZE -r Free space of the root partition in MB ENV: ROOT_FREE_SPACE Extra environment variables: @@ -67,16 +65,6 @@ do h) usage ;; o) IMAGE="${OPTARG}" ;; r) ROOT_FREE_SPACE="${OPTARG}" ;; - s) { - IMG_SIZE=${OPTARG} - if [ ${IMG_SIZE} -le 0 ]; then - die "Image size has to be greater than 0 MB." - fi - if [ ${IMG_SIZE} -gt ${MAX_IMG_SIZE_MB} ]; then - die "Image size should not be greater than ${MAX_IMG_SIZE_MB} MB." - fi - } - ;; f) FS_TYPE="${OPTARG}" ;; esac done From dc5bc078253f9762b5ada810ea682818d0bfb1a2 Mon Sep 17 00:00:00 2001 From: Julio Montes Date: Fri, 8 Mar 2019 10:25:53 -0600 Subject: [PATCH 172/307] image-builder: fix mem boundary recalculation $/${} is unnecessary on arithmetic variables. [SC2004] Signed-off-by: Julio Montes --- image-builder/image_builder.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/image-builder/image_builder.sh b/image-builder/image_builder.sh index 017b91d61..42fd08236 100755 --- a/image-builder/image_builder.sh +++ b/image-builder/image_builder.sh @@ -252,7 +252,7 @@ create_rootfs_disk() # of disk creation by adding 5% in the inital assumed value $ROOTFS_SIZE if [ $ROOTFS_SIZE -gt $AVAIL_DISK ]; then # Increase the size but remain aligned to the original MEM_BOUNDARY_MB, which is stored in $ORIG_MEM_BOUNDARY_MB - MEM_BOUNDARY_MB=$(($MEM_BOUNDARY_MB+$ORIG_MEM_BOUNDARY_MB)) + MEM_BOUNDARY_MB=$((MEM_BOUNDARY_MB+ORIG_MEM_BOUNDARY_MB)) OLD_IMG_SIZE=${IMG_SIZE} unset IMG_SIZE unmount From 7620066c8a182a02fe2bd5fe1c01a6cc0859033d Mon Sep 17 00:00:00 2001 From: Julio Montes Date: Fri, 8 Mar 2019 10:28:03 -0600 Subject: [PATCH 173/307] image-builder: sync rootfs data after copying it into the image Rootfs data must be sync'd after copying it into the image to avoid data corruption Signed-off-by: Julio Montes --- image-builder/image_builder.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/image-builder/image_builder.sh b/image-builder/image_builder.sh index 42fd08236..0177830b5 100755 --- a/image-builder/image_builder.sh +++ b/image-builder/image_builder.sh @@ -267,6 +267,7 @@ create_rootfs_disk info "rootfs size ${ROOTFS_SIZE} MB" info "Copying content from rootfs to root partition" cp -a "${ROOTFS}"/* ${MOUNT_DIR} +sync OK "rootfs copied" unmount From cbe5642b9d018c100c87a1186def22d1907ce633 Mon Sep 17 00:00:00 2001 From: Julio Montes Date: Fri, 8 Mar 2019 10:35:06 -0600 Subject: [PATCH 174/307] image-builder: add gcc as dependecy to generate the image gcc is required to build the binary in charge to fill out the device namespace information (matadata) into the kata containers image. Signed-off-by: Julio Montes --- image-builder/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/image-builder/Dockerfile b/image-builder/Dockerfile index af8674dfd..0f10f8c8d 100644 --- a/image-builder/Dockerfile +++ b/image-builder/Dockerfile @@ -7,4 +7,4 @@ From fedora:latest RUN [ -n "$http_proxy" ] && sed -i '$ a proxy='$http_proxy /etc/dnf/dnf.conf ; true -RUN dnf install -y qemu-img parted gdisk e2fsprogs +RUN dnf install -y qemu-img parted gdisk e2fsprogs gcc From 726f798ff795ef4a8300201cab8d83e83c1496a5 Mon Sep 17 00:00:00 2001 From: Julio Montes Date: Fri, 8 Mar 2019 10:40:24 -0600 Subject: [PATCH 175/307] image-builder: fill out device namespace information into kata image The new NVDIMM driver implementation (kernel >= 4.16) needs to know the device namespace information to map pages, this metadata is read from the nvdimm namespace at 4k offset. fixes #235 Signed-off-by: Julio Montes --- .gitignore | 1 + image-builder/image_builder.sh | 34 ++++++- image-builder/nsdax.gpl.c | 171 +++++++++++++++++++++++++++++++++ 3 files changed, 204 insertions(+), 2 deletions(-) create mode 100644 .gitignore create mode 100644 image-builder/nsdax.gpl.c diff --git a/.gitignore b/.gitignore new file mode 100644 index 000000000..f177a5587 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +image-builder/nsdax diff --git a/image-builder/image_builder.sh b/image-builder/image_builder.sh index 0177830b5..d66b4b9cf 100755 --- a/image-builder/image_builder.sh +++ b/image-builder/image_builder.sh @@ -20,6 +20,8 @@ IMAGE="${IMAGE:-kata-containers.img}" IMG_SIZE=128 AGENT_BIN=${AGENT_BIN:-kata-agent} AGENT_INIT=${AGENT_INIT:-no} +IMG_HEADER_SZ=2 +IMG_HEADER_SZ_B=$((IMG_HEADER_SZ*1024*1024)) usage() { @@ -140,6 +142,16 @@ align_memory() warning "image size '$IMG_SIZE' is not aligned to memory boundary '$MEM_BOUNDARY_MB', aligning it" IMG_SIZE=$(($IMG_SIZE + $MEM_BOUNDARY_MB - $remaining)) fi + + # To support: + # * memory hotplug: the image size MUST BE aligned to MEM_BOUNDARY_MB (128 or 1024 MB) + # * DAX: NVDIMM driver reads the device namespace information from nvdimm namespace (4K offset). + # The namespace information is saved in the first 2MB of the image. + # * DAX huge pages [2]: 2MB alignment + # + # [1] - nd_pfn_validate(): https://github.com/torvalds/linux/blob/master/drivers/nvdimm/pfn_devs.c + # [2] - https://nvdimm.wiki.kernel.org/2mib_fs_dax + IMG_SIZE=$((IMG_SIZE-IMG_HEADER_SZ)) } # Calculate image size based on the rootfs @@ -211,8 +223,10 @@ create_rootfs_disk() # The partition is the rootfs content info "Creating partitions" - parted "${IMAGE}" --script "mklabel gpt" \ - "mkpart ${FS_TYPE} 1M -1M" + parted -s -a optimal "${IMAGE}" \ + mklabel gpt -- \ + mkpart primary "${FS_TYPE}" 1M -1M \ + print OK "Partitions created" # Get the loop device bound to the image file (requires /dev mounted in the @@ -275,4 +289,20 @@ unmount fsck.ext4 -D -y "${DEVICE}p1" detach +info "Set device namespace information (metadata)" +# Fill out namespace information +tmp_img="$(mktemp)" +chmod 0644 "${tmp_img}" +# metadate header +dd if=/dev/zero of="${tmp_img}" bs="${IMG_HEADER_SZ}M" count=1 +# append image data (rootfs) +dd if="${IMAGE}" of="${tmp_img}" oflag=append conv=notrunc +# copy final image +mv "${tmp_img}" "${IMAGE}" +# Set metadata header +# Issue: https://github.com/kata-containers/osbuilder/issues/240 +gcc -O2 "${script_dir}/nsdax.gpl.c" -o "${script_dir}/nsdax" +"${script_dir}/nsdax" "${IMAGE}" "${IMG_HEADER_SZ_B}" "${IMG_HEADER_SZ_B}" +sync + info "Image created. Virtual size: ${IMG_SIZE}MB." diff --git a/image-builder/nsdax.gpl.c b/image-builder/nsdax.gpl.c new file mode 100644 index 000000000..333f7804b --- /dev/null +++ b/image-builder/nsdax.gpl.c @@ -0,0 +1,171 @@ +/* + * Copyright(c) 2013-2019 Intel Corporation. All rights reserved. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + */ + +#include +#include +#include +#include +#include +#include +#include + +#define __KERNEL__ +#include +#include + +/* + Next types, definitions and functions were copied from kernel 4.19.24 source + code, specifically from nvdimm driver +*/ + +#define PFN_SIG_LEN 16 +#define PFN_SIG "NVDIMM_PFN_INFO" +#define SZ_4K 0x00001000 + +typedef __u16 u16; +typedef __u8 u8; +typedef __u64 u64; +typedef __u32 u32; + +enum nd_pfn_mode { + PFN_MODE_NONE, + PFN_MODE_RAM, + PFN_MODE_PMEM, +}; + +struct nd_pfn_sb { + u8 signature[PFN_SIG_LEN]; + u8 uuid[16]; + u8 parent_uuid[16]; + __le32 flags; + __le16 version_major; + __le16 version_minor; + __le64 dataoff; /* relative to namespace_base + start_pad */ + __le64 npfns; + __le32 mode; + /* minor-version-1 additions for section alignment */ + __le32 start_pad; + __le32 end_trunc; + /* minor-version-2 record the base alignment of the mapping */ + __le32 align; + u8 padding[4000]; + __le64 checksum; +}; + +struct nd_gen_sb { + char reserved[SZ_4K - 8]; + __le64 checksum; +}; + + +u64 nd_fletcher64(void *addr, size_t len, bool le) +{ + u32 *buf = addr; + u32 lo32 = 0; + u64 hi32 = 0; + int i; + + for (i = 0; i < len / sizeof(u32); i++) { + lo32 += le ? __le32_to_cpu((__le32) buf[i]) : buf[i]; + hi32 += lo32; + } + + return hi32 << 32 | lo32; +} + + +/* + * nd_sb_checksum: compute checksum for a generic info block + * + * Returns a fletcher64 checksum of everything in the given info block + * except the last field (since that's where the checksum lives). + */ +u64 nd_sb_checksum(struct nd_gen_sb *nd_gen_sb) +{ + u64 sum; + __le64 sum_save; + + sum_save = nd_gen_sb->checksum; + nd_gen_sb->checksum = 0; + sum = nd_fletcher64(nd_gen_sb, sizeof(*nd_gen_sb), 1); + nd_gen_sb->checksum = sum_save; + return sum; +} + + +void show_usage(const char* name) { + printf("Usage: %s IMAGE_FILE DATA_OFFSET ALIGNMENT\n", name); + printf("DATA_OFFSET and ALIGNMENT must be in bytes\n"); +} + +int main(int argc, char *argv[]) { + if (argc != 4) { + show_usage(argv[0]); + return -1; + } + + const char* img_path = argv[1]; + + char *ptr = NULL; + const long int data_offset = strtol(argv[2], &ptr, 10); + if (ptr == argv[2]) { + fprintf(stderr, "Couldn't convert string '%s' to int\n", argv[2]); + show_usage(argv[0]); + return -1; + } + + ptr = NULL; + const long int alignment = strtol(argv[3], &ptr, 10); + if (ptr == argv[3]) { + fprintf(stderr, "Couldn't convert string '%s' to int\n", argv[3]); + show_usage(argv[0]); + return -1; + } + + printf("Opening file '%s'\n", img_path); + int fd = open(img_path, O_WRONLY); + if (fd == -1) { + perror("open:"); + return -1; + } + + struct nd_pfn_sb sb = { 0 }; + + snprintf((char*)sb.signature, PFN_SIG_LEN, PFN_SIG); + sb.mode = PFN_MODE_RAM; + sb.align = alignment; + sb.dataoff = data_offset; + sb.version_minor = 2; + + // checksum must be calculated at the end + sb.checksum = nd_sb_checksum((struct nd_gen_sb*) &sb); + + // NVDIMM driver: SZ_4K is the namespace-relative starting offset + int ret = lseek(fd, SZ_4K, SEEK_SET); + if (ret == -1) { + perror("lseek: "); + close(fd); + return -1; + } + + printf("Writing metadata\n"); + ret = write(fd, &sb, sizeof(sb)); + if (ret == -1) { + perror("write: "); + } + + close(fd); + printf("OK!\n"); + + return 0; +} From 02fa22bbdd60ff6c9cbfb6e8197c452810be4ac9 Mon Sep 17 00:00:00 2001 From: Julio Montes Date: Fri, 15 Mar 2019 10:16:39 -0600 Subject: [PATCH 176/307] image-builder: make DAX support optional Not all hypervisor support NVDIMM hence DAX support MUST BE enabled explicitly setting the DAX environment variable to 'yes' fixes #246 Signed-off-by: Julio Montes --- image-builder/image_builder.sh | 79 +++++++++++++++++++++++----------- tests/test_images.sh | 8 ++++ 2 files changed, 61 insertions(+), 26 deletions(-) diff --git a/image-builder/image_builder.sh b/image-builder/image_builder.sh index d66b4b9cf..53a3dd344 100755 --- a/image-builder/image_builder.sh +++ b/image-builder/image_builder.sh @@ -20,8 +20,9 @@ IMAGE="${IMAGE:-kata-containers.img}" IMG_SIZE=128 AGENT_BIN=${AGENT_BIN:-kata-agent} AGENT_INIT=${AGENT_INIT:-no} -IMG_HEADER_SZ=2 -IMG_HEADER_SZ_B=$((IMG_HEADER_SZ*1024*1024)) +DAX=${DAX:-no} +DAX_HEADER_SZ=2 + usage() { @@ -39,8 +40,22 @@ Options: Extra environment variables: AGENT_BIN: use it to change the expected agent binary name AGENT_INIT: use kata agent as init process + DAX: If 'yes' will build the image with DAX support. The first 2 MB of the + resulting image are reserved for the device namespace information + (metadata) that is used by the guest kernel to enable DAX. USE_DOCKER: If set will build image in a Docker Container (requries docker) DEFAULT: not set + + + When DAX is 'yes', the following diagram shows how a 128M image will looks like: + .-----------------------------------. + |-- 2 MB --|-------- 126 MB --------| + | Metadata | Rootfs (/bin,/usr,etc) | + '-----------------------------------' + + The resulting image can be mounted if the offset of 2 MB is specified: + $ sudo losetup -v -fP -o $((2*1024*1024)) kata-containers.img + EOT exit "${error}" } @@ -101,6 +116,7 @@ if [ -n "${USE_DOCKER}" ] ; then --privileged \ --env IMG_SIZE="${IMG_SIZE}" \ --env AGENT_INIT=${AGENT_INIT} \ + --env DAX="${DAX}" \ -v /dev:/dev \ -v "${script_dir}":"/osbuilder" \ -v "${script_dir}/../scripts":"/scripts" \ @@ -143,15 +159,18 @@ align_memory() IMG_SIZE=$(($IMG_SIZE + $MEM_BOUNDARY_MB - $remaining)) fi - # To support: - # * memory hotplug: the image size MUST BE aligned to MEM_BOUNDARY_MB (128 or 1024 MB) - # * DAX: NVDIMM driver reads the device namespace information from nvdimm namespace (4K offset). - # The namespace information is saved in the first 2MB of the image. - # * DAX huge pages [2]: 2MB alignment - # - # [1] - nd_pfn_validate(): https://github.com/torvalds/linux/blob/master/drivers/nvdimm/pfn_devs.c - # [2] - https://nvdimm.wiki.kernel.org/2mib_fs_dax - IMG_SIZE=$((IMG_SIZE-IMG_HEADER_SZ)) + + if [ "${DAX}" == "yes" ] ; then + # To support: + # * memory hotplug: the image size MUST BE aligned to MEM_BOUNDARY_MB (128 or 1024 MB) + # * DAX: NVDIMM driver reads the device namespace information from nvdimm namespace (4K offset). + # The namespace information is saved in the first 2MB of the image. + # * DAX huge pages [2]: 2MB alignment + # + # [1] - nd_pfn_validate(): https://github.com/torvalds/linux/blob/master/drivers/nvdimm/pfn_devs.c + # [2] - https://nvdimm.wiki.kernel.org/2mib_fs_dax + IMG_SIZE=$((IMG_SIZE-DAX_HEADER_SZ)) + fi } # Calculate image size based on the rootfs @@ -276,6 +295,26 @@ create_rootfs_disk() fi } +set_dax_metadata() +{ + dax_header_bytes=$((DAX_HEADER_SZ*1024*1024)) + info "Set device namespace information (metadata)" + # Fill out namespace information + tmp_img="$(mktemp)" + chmod 0644 "${tmp_img}" + # metadate header + dd if=/dev/zero of="${tmp_img}" bs="${DAX_HEADER_SZ}M" count=1 + # append image data (rootfs) + dd if="${IMAGE}" of="${tmp_img}" oflag=append conv=notrunc + # copy final image + mv "${tmp_img}" "${IMAGE}" + # Set metadata header + # Issue: https://github.com/kata-containers/osbuilder/issues/240 + gcc -O2 "${script_dir}/nsdax.gpl.c" -o "${script_dir}/nsdax" + "${script_dir}/nsdax" "${IMAGE}" "${dax_header_bytes}" "${dax_header_bytes}" + sync +} + create_rootfs_disk info "rootfs size ${ROOTFS_SIZE} MB" @@ -289,20 +328,8 @@ unmount fsck.ext4 -D -y "${DEVICE}p1" detach -info "Set device namespace information (metadata)" -# Fill out namespace information -tmp_img="$(mktemp)" -chmod 0644 "${tmp_img}" -# metadate header -dd if=/dev/zero of="${tmp_img}" bs="${IMG_HEADER_SZ}M" count=1 -# append image data (rootfs) -dd if="${IMAGE}" of="${tmp_img}" oflag=append conv=notrunc -# copy final image -mv "${tmp_img}" "${IMAGE}" -# Set metadata header -# Issue: https://github.com/kata-containers/osbuilder/issues/240 -gcc -O2 "${script_dir}/nsdax.gpl.c" -o "${script_dir}/nsdax" -"${script_dir}/nsdax" "${IMAGE}" "${IMG_HEADER_SZ_B}" "${IMG_HEADER_SZ_B}" -sync +if [ "${DAX}" == "yes" ] ; then + set_dax_metadata +fi info "Image created. Virtual size: ${IMG_SIZE}MB." diff --git a/tests/test_images.sh b/tests/test_images.sh index 36100fca5..adb12c774 100755 --- a/tests/test_images.sh +++ b/tests/test_images.sh @@ -23,6 +23,7 @@ readonly rootfs_builder=${script_dir}/../rootfs-builder/rootfs.sh readonly RUNTIME=${RUNTIME:-kata-runtime} readonly MACHINE_TYPE=`uname -m` readonly CI=${CI:-} +readonly KATA_HYPERVISOR="${KATA_HYPERVISOR:-}" readonly ci_results_dir="/var/osbuilder/tests" # all distro tests must have this prefix @@ -459,6 +460,13 @@ test_distros() ROOTFS_BUILD_DEST="$tmp_rootfs" \ IMAGES_BUILD_DEST="$images_dir" ) + + # Only firecracker doesn't support NVDIMM + if [ "${KATA_HYPERVISOR}" != "firecracker" ]; then + commonMakeVars+=(DAX="yes") + fi + + echo -e "$separator" # If a distro was specified, filter out the distro list to only include that distro From 6570944b67b01f3a80759f72c3cd7f145621f8f6 Mon Sep 17 00:00:00 2001 From: Peng Tao Date: Mon, 18 Mar 2019 22:14:31 +0800 Subject: [PATCH 177/307] release: Kata Containers 1.6.0-rc2 - image-builder: fill out device namespace information into kata image - tests: install kata components from master - tests: skip euleros - arch: Remove calls to arch command - pullapprove: remove it - memory_hotplug: MEM_BOUNDARY_MB should be arch-dependent 726f798 image-builder: fill out device namespace information into kata image cbe5642 image-builder: add gcc as dependecy to generate the image 7620066 image-builder: sync rootfs data after copying it into the image dc5bc07 image-builder: fix mem boundary recalculation 71ccc0a mage-builder: remove -s option and IMG_SIZE envar 8065bb6 rootfs-builder: delete dnf and rmp data 35588dd tests: install kata containers components from master 519bbe8 tests: remove docker before installing the newer version b4de168 tests: skip euleros f38c67d arch: Remove calls to arch command 8963b8e pullapprove: remove it e4d5c1b memory_hotplug: MEM_BOUNDARY_MB should be arch-dependent Signed-off-by: Peng Tao --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index e37281251..bcba69d0a 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.5.0-rc2 +1.6.0-rc2 From 523405e62d6c87b66865645be4e8262e1190b8a6 Mon Sep 17 00:00:00 2001 From: Gabriela Cervantes Date: Fri, 15 Mar 2019 04:17:32 -0600 Subject: [PATCH 178/307] test: Modify test_images script to handle FC We need to modify this test in order to handle firecracker. Fixes #248 Depends-on:github.com/kata-containers/osbuilder#247 Signed-off-by: Gabriela Cervantes --- tests/test_images.sh | 63 +++++++++++++++++++++++++------------------- 1 file changed, 36 insertions(+), 27 deletions(-) diff --git a/tests/test_images.sh b/tests/test_images.sh index 36100fca5..8128c74a0 100755 --- a/tests/test_images.sh +++ b/tests/test_images.sh @@ -110,11 +110,13 @@ show_stats() done # initrds - for name in "${!built_initrds[@]}" - do - sizes=${built_initrds[$name]} - add_to_stats_file "$tmpfile" "$name" "$sizes" 'initrd' - done + if [ "$KATA_HYPERVISOR" != "firecracker" ]; then + for name in "${!built_initrds[@]}" + do + sizes=${built_initrds[$name]} + add_to_stats_file "$tmpfile" "$name" "$sizes" 'initrd' + done + fi info "Image and rootfs sizes (in bytes and MB), smallest image first:" echo @@ -220,17 +222,19 @@ set_runtime() # Travis doesn't support VT-x [ -n "${TRAVIS:-}" ] && return - if [ -f "$sysconfig_docker_config_file" ]; then - docker_config_file="$sysconfig_docker_config_file" - sed_script="s|^( *DOCKER_OPTS=.+--default-runtime[= ] *)[^ \"]+(.*\"$)|\1${name}\2|g" - else - docker_config_file="$systemd_docker_config_file" - sed_script="s/--default-runtime[= ][^ ]*/--default-runtime=${name}/g" - fi + if [ "$KATA_HYPERVISOR" != "firecracker" ]; then + if [ -f "$sysconfig_docker_config_file" ]; then + docker_config_file="$sysconfig_docker_config_file" + sed_script="s|^( *DOCKER_OPTS=.+--default-runtime[= ] *)[^ \"]+(.*\"$)|\1${name}\2|g" + else + docker_config_file="$systemd_docker_config_file" + sed_script="s/--default-runtime[= ][^ ]*/--default-runtime=${name}/g" + fi - sudo -E sed -i -E "$sed_script" "$docker_config_file" - sudo -E systemctl daemon-reload - sudo -E systemctl restart docker + sudo -E sed -i -E "$sed_script" "$docker_config_file" + sudo -E systemctl daemon-reload + sudo -E systemctl restart docker + fi } setup() @@ -498,10 +502,12 @@ test_distros() bgJobs+=($!) fi - if [ ${#distrosAgent[@]} -gt 0 ]; then - info "building all rootfses with kata-agent as init" - make_rootfs ${commonMakeVars[@]} AGENT_INIT=yes "${distrosAgent[@]}" & - bgJobs+=($!) + if [ "$KATA_HYPERVISOR" != "firecracker" ]; then + if [ ${#distrosAgent[@]} -gt 0 ]; then + info "building all rootfses with kata-agent as init" + make_rootfs ${commonMakeVars[@]} AGENT_INIT=yes "${distrosAgent[@]}" & + bgJobs+=($!) + fi fi # Check for build failures (`wait` remembers up to CHILD_MAX bg processes exit status) @@ -548,15 +554,18 @@ test_distros() continue fi - echo -e "$separator" - info "Making initrd image for ${d}" - make_initrd ${commonMakeVars[@]} AGENT_INIT=yes $d - local initrd_size=$(stat -c "%s" "${initrd_path}") - echo -e "$separator" - built_initrds["${d}"]="${rootfs_size}:${initrd_size}" - info "Creating container for ${d}" - install_initrd_create_container $initrd_path + if [ "$KATA_HYPERVISOR" != "firecracker" ]; then + echo -e "$separator" + info "Making initrd image for ${d}" + make_initrd ${commonMakeVars[@]} AGENT_INIT=yes $d + local initrd_size=$(stat -c "%s" "${initrd_path}") + + echo -e "$separator" + built_initrds["${d}"]="${rootfs_size}:${initrd_size}" + info "Creating container for ${d}" + install_initrd_create_container $initrd_path + fi done echo -e "$separator" From 510ddd28c855fbc388064447769a3a36dccd4a21 Mon Sep 17 00:00:00 2001 From: Archana Shinde Date: Tue, 19 Mar 2019 14:12:21 -0700 Subject: [PATCH 179/307] rootfs: Add chrony service to rootfs chrony will be used to schronize guest clock with host using kvm_ptp kernel driver. This does add another active component to the rootfs but keeping time scychorized is crucial. Fixes #255 Signed-off-by: Archana Shinde --- rootfs-builder/centos/config.sh | 2 +- rootfs-builder/clearlinux/config.sh | 2 +- rootfs-builder/euleros/config.sh | 2 +- rootfs-builder/fedora/config.sh | 2 +- rootfs-builder/ubuntu/config.sh | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/rootfs-builder/centos/config.sh b/rootfs-builder/centos/config.sh index 07637a961..8f80d1f3e 100644 --- a/rootfs-builder/centos/config.sh +++ b/rootfs-builder/centos/config.sh @@ -22,7 +22,7 @@ GPG_KEY_URL="https://www.centos.org/keys/RPM-GPG-KEY-CentOS-7" GPG_KEY_FILE="RPM-GPG-KEY-CentOS-7" -PACKAGES="iptables" +PACKAGES="iptables chrony" #Optional packages: # systemd: An init system that will start kata-agent if kata-agent diff --git a/rootfs-builder/clearlinux/config.sh b/rootfs-builder/clearlinux/config.sh index 9f534c9a3..206648335 100644 --- a/rootfs-builder/clearlinux/config.sh +++ b/rootfs-builder/clearlinux/config.sh @@ -15,7 +15,7 @@ clr_url="https://download.clearlinux.org" BASE_URL="${clr_url}/releases/${OS_VERSION}/${REPO_NAME}/${ARCH}/os/" -PACKAGES="iptables-bin libudev0-shim" +PACKAGES="iptables-bin libudev0-shim chrony" #Optional packages: # systemd: An init system that will start kata-agent if kata-agent diff --git a/rootfs-builder/euleros/config.sh b/rootfs-builder/euleros/config.sh index d6b412317..3d5762fb3 100644 --- a/rootfs-builder/euleros/config.sh +++ b/rootfs-builder/euleros/config.sh @@ -10,7 +10,7 @@ BASE_URL="http://developer.huawei.com/ict/site-euleros/euleros/repo/yum/${OS_VER GPG_KEY_FILE="RPM-GPG-KEY-EulerOS" -PACKAGES="iptables" +PACKAGES="iptables chrony" #Optional packages: # systemd: An init system that will start kata-agent if kata-agent diff --git a/rootfs-builder/fedora/config.sh b/rootfs-builder/fedora/config.sh index 10315c48a..c11cbd55e 100644 --- a/rootfs-builder/fedora/config.sh +++ b/rootfs-builder/fedora/config.sh @@ -9,7 +9,7 @@ OS_VERSION=${OS_VERSION:-28} MIRROR_LIST="https://mirrors.fedoraproject.org/metalink?repo=fedora-${OS_VERSION}&arch=\$basearch" -PACKAGES="iptables" +PACKAGES="iptables chrony" #Optional packages: # systemd: An init system that will start kata-agent if kata-agent diff --git a/rootfs-builder/ubuntu/config.sh b/rootfs-builder/ubuntu/config.sh index c23704f5f..f2247e4ae 100644 --- a/rootfs-builder/ubuntu/config.sh +++ b/rootfs-builder/ubuntu/config.sh @@ -12,7 +12,7 @@ OS_VERSION=${OS_VERSION:-18.04} OS_NAME=${OS_NAME:-"bionic"} # packages to be installed by default -PACKAGES="systemd iptables init" +PACKAGES="systemd iptables init chrony" DEBOOTSTRAP=${PACKAGE_MANAGER:-"debootstrap"} From 0b3351970984ac1166c8719f362c7f17bef9812d Mon Sep 17 00:00:00 2001 From: Archana Shinde Date: Tue, 19 Mar 2019 14:30:10 -0700 Subject: [PATCH 180/307] rootfs: add PACKAGE var to debian config debian config seems to be missing PACKAGE variable altogether. Add it along with appending chrony to the list. Signed-off-by: Archana Shinde --- rootfs-builder/debian/config.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/rootfs-builder/debian/config.sh b/rootfs-builder/debian/config.sh index 698a128b2..9eb022e66 100644 --- a/rootfs-builder/debian/config.sh +++ b/rootfs-builder/debian/config.sh @@ -8,6 +8,8 @@ OS_VERSION=${OS_VERSION:-9.5} # Set OS_NAME to the desired debian "codename" OS_NAME=${OS_NAME:-"stretch"} +PACKAGES="systemd iptables init chrony" + # NOTE: Re-using ubuntu rootfs configuration, see 'ubuntu' folder for full content. source $script_dir/ubuntu/$CONFIG_SH From 8fe64058aaef5b704f54ab03e87e5496c18c4e55 Mon Sep 17 00:00:00 2001 From: Archana Shinde Date: Tue, 19 Mar 2019 14:34:14 -0700 Subject: [PATCH 181/307] rootfs: Include chrony in the Dockerfile images Add chrony to distro Dockerfile. Signed-off-by: Archana Shinde --- rootfs-builder/centos/Dockerfile.in | 2 +- rootfs-builder/clearlinux/Dockerfile.in | 2 +- rootfs-builder/debian/Dockerfile.in | 2 +- rootfs-builder/euleros/Dockerfile.in | 2 +- rootfs-builder/fedora/Dockerfile.in | 2 +- rootfs-builder/ubuntu/Dockerfile.in | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/rootfs-builder/centos/Dockerfile.in b/rootfs-builder/centos/Dockerfile.in index 5897d0c8f..4e89be128 100644 --- a/rootfs-builder/centos/Dockerfile.in +++ b/rootfs-builder/centos/Dockerfile.in @@ -7,7 +7,7 @@ From centos:@OS_VERSION@ @SET_PROXY@ -RUN yum -y update && yum install -y git make gcc coreutils libseccomp libseccomp-devel +RUN yum -y update && yum install -y git make gcc coreutils libseccomp libseccomp-devel chrony # This will install the proper golang to build Kata components @INSTALL_GO@ diff --git a/rootfs-builder/clearlinux/Dockerfile.in b/rootfs-builder/clearlinux/Dockerfile.in index 3634282ad..ff5164b79 100644 --- a/rootfs-builder/clearlinux/Dockerfile.in +++ b/rootfs-builder/clearlinux/Dockerfile.in @@ -7,7 +7,7 @@ From fedora:27 @SET_PROXY@ -RUN dnf -y update && dnf install -y git systemd pkgconfig gcc coreutils libseccomp libseccomp-devel +RUN dnf -y update && dnf install -y git systemd pkgconfig gcc coreutils libseccomp libseccomp-devel chrony # This will install the proper golang to build Kata components @INSTALL_GO@ diff --git a/rootfs-builder/debian/Dockerfile.in b/rootfs-builder/debian/Dockerfile.in index f4eb4ca21..493df6430 100644 --- a/rootfs-builder/debian/Dockerfile.in +++ b/rootfs-builder/debian/Dockerfile.in @@ -7,7 +7,7 @@ from debian:@OS_VERSION@ # RUN commands -RUN apt-get update && apt-get install -y curl wget systemd debootstrap git build-essential +RUN apt-get update && apt-get install -y curl wget systemd debootstrap git build-essential chrony # This will install the proper golang to build Kata components @INSTALL_GO@ diff --git a/rootfs-builder/euleros/Dockerfile.in b/rootfs-builder/euleros/Dockerfile.in index 03a0a77e7..4ff79ba28 100644 --- a/rootfs-builder/euleros/Dockerfile.in +++ b/rootfs-builder/euleros/Dockerfile.in @@ -7,7 +7,7 @@ FROM euleros:@OS_VERSION@ @SET_PROXY@ -RUN yum -y update && yum install -y yum git make gcc coreutils +RUN yum -y update && yum install -y yum git make gcc coreutils chrony # This will install the proper golang to build Kata components @INSTALL_GO@ diff --git a/rootfs-builder/fedora/Dockerfile.in b/rootfs-builder/fedora/Dockerfile.in index 08ede4313..19e10adde 100644 --- a/rootfs-builder/fedora/Dockerfile.in +++ b/rootfs-builder/fedora/Dockerfile.in @@ -7,7 +7,7 @@ From fedora:@OS_VERSION@ @SET_PROXY@ -RUN dnf -y update && dnf install -y git redhat-release systemd pkgconfig gcc make libseccomp libseccomp-devel +RUN dnf -y update && dnf install -y git redhat-release systemd pkgconfig gcc make libseccomp libseccomp-devel chrony # This will install the proper golang to build Kata components @INSTALL_GO@ diff --git a/rootfs-builder/ubuntu/Dockerfile.in b/rootfs-builder/ubuntu/Dockerfile.in index b1be9dbbe..d4b10490b 100644 --- a/rootfs-builder/ubuntu/Dockerfile.in +++ b/rootfs-builder/ubuntu/Dockerfile.in @@ -11,7 +11,7 @@ from ubuntu:@OS_VERSION@ # Install any package need to create a rootfs (package manager, extra tools) # RUN commands -RUN apt-get update && apt-get install -y curl wget systemd debootstrap git build-essential +RUN apt-get update && apt-get install -y curl wget systemd debootstrap git build-essential chrony # This will install the proper golang to build Kata components @INSTALL_GO@ From ad5d879f8c441745c27c3b72d658558311b84a88 Mon Sep 17 00:00:00 2001 From: Matt Fischer Date: Fri, 15 Mar 2019 22:56:35 -0600 Subject: [PATCH 182/307] rootfs: Print attempt number after max check With the old code it was possible to see odd messages like: "INFO: Create root disk image. Attempt 6 out of 5." Move the attempt number print to after we check against the max Fixes #251 Signed-off-by: Matt Fischer --- image-builder/image_builder.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/image-builder/image_builder.sh b/image-builder/image_builder.sh index d66b4b9cf..ca2eff8b4 100755 --- a/image-builder/image_builder.sh +++ b/image-builder/image_builder.sh @@ -205,10 +205,10 @@ detach() create_rootfs_disk() { ATTEMPT_NUM=$(($ATTEMPT_NUM+1)) - info "Create root disk image. Attempt ${ATTEMPT_NUM} out of ${MAX_ATTEMPTS}." if [ ${ATTEMPT_NUM} -gt ${MAX_ATTEMPTS} ]; then die "Unable to create root disk image." fi + info "Create root disk image. Attempt ${ATTEMPT_NUM} out of ${MAX_ATTEMPTS}." calculate_img_size if [ ${OLD_IMG_SIZE} -ne 0 ]; then From 3df19ff984b2e9c937434dbaaedbbda3b70895aa Mon Sep 17 00:00:00 2001 From: Archana Shinde Date: Tue, 19 Mar 2019 15:41:28 -0700 Subject: [PATCH 183/307] chrony: Add virtual PTP as source for chrony KVM virtual PTP in linux kernel allows guest to sync its clock to the host clock with high precision. kvm-ptp has been enabled in our kernel. Add this as a source for `chrony` so that it can be used to sync the guest system clock. `chrony` needs to be started in the guest for time sync. Signed-off-by: Archana Shinde --- rootfs-builder/rootfs.sh | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/rootfs-builder/rootfs.sh b/rootfs-builder/rootfs.sh index 653276e1b..8568d7b8c 100755 --- a/rootfs-builder/rootfs.sh +++ b/rootfs-builder/rootfs.sh @@ -368,6 +368,14 @@ popd >> /dev/null [ -n "${KERNEL_MODULES_DIR}" ] && copy_kernel_modules ${KERNEL_MODULES_DIR} ${ROOTFS_DIR} +chrony_conf_file="${ROOTFS_DIR}/etc/chrony.conf" +if [ ${distro} == ubuntu ] || [ ${distro} == debian ] ; then + chrony_conf_file="${ROOTFS_DIR}/etc/chrony/chrony.conf" +fi + +info "Configure chrony file ${chrony_conf_file}" +echo "refclock PHC /dev/ptp0 poll 3 dpoll -2 offset 0" >> ${chrony_conf_file} + # The CC on s390x for fedora needs to be manually set to gcc when the golang is downloaded from the main page. # See issue: https://github.com/kata-containers/osbuilder/issues/217 [ "$distro" == fedora ] && [ "$ARCH" == "s390x" ] && export CC=gcc From e16ff37f865306e04e4e2b7df6d5beb78e6361d0 Mon Sep 17 00:00:00 2001 From: Archana Shinde Date: Wed, 20 Mar 2019 15:57:54 -0700 Subject: [PATCH 184/307] chrony: Comment out any NTP sources for chrony Reference: https://chrony.tuxfamily.org/doc/3.4/chrony.conf.html Signed-off-by: Archana Shinde --- rootfs-builder/rootfs.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/rootfs-builder/rootfs.sh b/rootfs-builder/rootfs.sh index 8568d7b8c..161e63dd3 100755 --- a/rootfs-builder/rootfs.sh +++ b/rootfs-builder/rootfs.sh @@ -376,6 +376,10 @@ fi info "Configure chrony file ${chrony_conf_file}" echo "refclock PHC /dev/ptp0 poll 3 dpoll -2 offset 0" >> ${chrony_conf_file} +# Comment out ntp sources for chrony to be extra careful +# Reference: https://chrony.tuxfamily.org/doc/3.4/chrony.conf.html +sed -i 's/^\(server \|pool \|peer \)/# &/g' ${chrony_conf_file} + # The CC on s390x for fedora needs to be manually set to gcc when the golang is downloaded from the main page. # See issue: https://github.com/kata-containers/osbuilder/issues/217 [ "$distro" == fedora ] && [ "$ARCH" == "s390x" ] && export CC=gcc From 75f433835098f5da308ba30051f7d81d7e105c25 Mon Sep 17 00:00:00 2001 From: Jose Carlos Venegas Munoz Date: Thu, 21 Mar 2019 09:46:31 -0600 Subject: [PATCH 185/307] release: 1.6.0 Version bump to kata 1.6.0. Signed-off-by: Jose Carlos Venegas Munoz --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index bcba69d0a..dc1e644a1 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.6.0-rc2 +1.6.0 From 0d2ba4766ed258e3295fb2ff450a38954c7af2d6 Mon Sep 17 00:00:00 2001 From: Li Yuxuan Date: Mon, 25 Mar 2019 16:13:49 +0800 Subject: [PATCH 186/307] builder: Pass the DEBUG flag when using docker When using docker, pass the `DEBUG` flag to trace the commands as well. Fixes: #261 Signed-off-by: Li Yuxuan --- image-builder/image_builder.sh | 1 + rootfs-builder/rootfs.sh | 1 + 2 files changed, 2 insertions(+) diff --git a/image-builder/image_builder.sh b/image-builder/image_builder.sh index 53a3dd344..1a4d5e688 100755 --- a/image-builder/image_builder.sh +++ b/image-builder/image_builder.sh @@ -117,6 +117,7 @@ if [ -n "${USE_DOCKER}" ] ; then --env IMG_SIZE="${IMG_SIZE}" \ --env AGENT_INIT=${AGENT_INIT} \ --env DAX="${DAX}" \ + --env DEBUG="${DEBUG}" \ -v /dev:/dev \ -v "${script_dir}":"/osbuilder" \ -v "${script_dir}/../scripts":"/scripts" \ diff --git a/rootfs-builder/rootfs.sh b/rootfs-builder/rootfs.sh index a1b10eb61..108cce50c 100755 --- a/rootfs-builder/rootfs.sh +++ b/rootfs-builder/rootfs.sh @@ -346,6 +346,7 @@ if [ -n "${USE_DOCKER}" ] ; then --env OSBUILDER_VERSION="${OSBUILDER_VERSION}" \ --env INSIDE_CONTAINER=1 \ --env SECCOMP="${SECCOMP}" \ + --env DEBUG="${DEBUG}" \ -v "${script_dir}":"/osbuilder" \ -v "${ROOTFS_DIR}":"/rootfs" \ -v "${script_dir}/../scripts":"/scripts" \ From ad6e1a9d59fc7de999fa0c13b1b89e8382329691 Mon Sep 17 00:00:00 2001 From: Julio Montes Date: Mon, 25 Mar 2019 08:19:13 -0600 Subject: [PATCH 187/307] scripts: implement error function Implement function to log errors without exit. Signed-off-by: Julio Montes --- scripts/lib.sh | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/scripts/lib.sh b/scripts/lib.sh index d725a7751..b2f680e5f 100644 --- a/scripts/lib.sh +++ b/scripts/lib.sh @@ -6,10 +6,15 @@ set -e -die() +error() { local msg="$*" echo "ERROR: ${msg}" >&2 +} + +die() +{ + error "$*" exit 1 } From 6c7f3077c9c7f3c1ed6d28393dfaa5165da94743 Mon Sep 17 00:00:00 2001 From: Julio Montes Date: Mon, 25 Mar 2019 08:20:49 -0600 Subject: [PATCH 188/307] image-builder: add xfsprogs to Dockerfile xfsprogs is a package required to generate xfs images. Signed-off-by: Julio Montes --- image-builder/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/image-builder/Dockerfile b/image-builder/Dockerfile index 0f10f8c8d..0d1107ee7 100644 --- a/image-builder/Dockerfile +++ b/image-builder/Dockerfile @@ -7,4 +7,4 @@ From fedora:latest RUN [ -n "$http_proxy" ] && sed -i '$ a proxy='$http_proxy /etc/dnf/dnf.conf ; true -RUN dnf install -y qemu-img parted gdisk e2fsprogs gcc +RUN dnf install -y qemu-img parted gdisk e2fsprogs gcc xfsprogs From f355c026c01fd4130086f98ad3e99b21c708e226 Mon Sep 17 00:00:00 2001 From: Julio Montes Date: Mon, 25 Mar 2019 14:12:16 -0600 Subject: [PATCH 189/307] tests: enable DEBUG run tests with debug enabled to detect errors easier Signed-off-by: Julio Montes --- tests/test_images.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/test_images.sh b/tests/test_images.sh index 211bdb06c..451436067 100755 --- a/tests/test_images.sh +++ b/tests/test_images.sh @@ -462,7 +462,8 @@ test_distros() local commonMakeVars=( \ USE_DOCKER=true \ ROOTFS_BUILD_DEST="$tmp_rootfs" \ - IMAGES_BUILD_DEST="$images_dir" ) + IMAGES_BUILD_DEST="$images_dir" \ + DEBUG=1 ) # Only firecracker doesn't support NVDIMM From f32ae148839764810ea70570e378fc803c9c5a7c Mon Sep 17 00:00:00 2001 From: Julio Montes Date: Mon, 25 Mar 2019 14:20:41 -0600 Subject: [PATCH 190/307] tests: remove DAX env variable DAX envar is no more required to generate images with support for DAX Signed-off-by: Julio Montes --- tests/test_images.sh | 7 ------- 1 file changed, 7 deletions(-) diff --git a/tests/test_images.sh b/tests/test_images.sh index 451436067..c16558155 100755 --- a/tests/test_images.sh +++ b/tests/test_images.sh @@ -465,13 +465,6 @@ test_distros() IMAGES_BUILD_DEST="$images_dir" \ DEBUG=1 ) - - # Only firecracker doesn't support NVDIMM - if [ "${KATA_HYPERVISOR}" != "firecracker" ]; then - commonMakeVars+=(DAX="yes") - fi - - echo -e "$separator" # If a distro was specified, filter out the distro list to only include that distro From d8cdd88acecfd5e8863b8e49d91c8e14b98d03d1 Mon Sep 17 00:00:00 2001 From: Julio Montes Date: Mon, 25 Mar 2019 08:23:05 -0600 Subject: [PATCH 191/307] image-builder: re-implement image builder script Re-implement image builder script to generate an image with a double MBR + a DAX metadata. The DAX metadata is read by the NVDIMM driver to know the beginning of the data in the pmem device. This new image format is required to enable DAX in the kernels and hypervisors that support NVDIMM, without breaking the compatibility with the kernels and hypervisors that don't support it. Following diagram shows how the resulting image will look like ``` .-----------.----------.---------------.-----------. | 0 - 512 B | 4 - 8 Kb | 2M - 2M+512B | 3M | |-----------+----------+---------------+-----------+ | MBR #1 | DAX | MBR #2 | Rootfs | '-----------'----------'---------------'-----------+ | | ^ | ^ | '-data-' '--------' | | '--------rootfs-partition---------' ``` MBR: Master boot record. DAX: Metadata required by the NVDIMM driver to enable DAX in the guest [1][2] (struct nd_pfn_sb). Rootfs: partition that contains the root filesystem (/usr, /bin, etc). Kernels and hypervisors that support DAX/NVDIMM read the MBR #2, otherwise MBR #1 is read. [1] - https://github.com/kata-containers/osbuilder/blob/master/image-builder/\ nsdax.gpl.c [2] - https://github.com/torvalds/linux/blob/master/drivers/nvdimm/pfn.h fixes #263 Signed-off-by: Julio Montes --- image-builder/image_builder.sh | 610 +++++++++++++++++++-------------- 1 file changed, 351 insertions(+), 259 deletions(-) diff --git a/image-builder/image_builder.sh b/image-builder/image_builder.sh index 952d61bce..d2d622e64 100755 --- a/image-builder/image_builder.sh +++ b/image-builder/image_builder.sh @@ -1,32 +1,50 @@ #!/usr/bin/env bash # -# Copyright (c) 2017 Intel Corporation +# Copyright (c) 2017-2019 Intel Corporation # # SPDX-License-Identifier: Apache-2.0 set -e -[ -n "$DEBUG" ] && set -x +[ -n "${DEBUG}" ] && set -x -script_name="${0##*/}" -script_dir="$(dirname $(readlink -f $0))" +readonly script_name="${0##*/}" +readonly script_dir=$(dirname "$(readlink -f "$0")") +readonly lib_file="${script_dir}/../scripts/lib.sh" -lib_file="${script_dir}/../scripts/lib.sh" -source "$lib_file" +readonly ext4_format="ext4" +readonly xfs_format="xfs" -[ "$(id -u)" -eq 0 ] || die "$0: must be run as root" +# ext4: percentage of the filesystem which may only be allocated by privileged processes. +readonly reserved_blocks_percentage=3 -IMAGE="${IMAGE:-kata-containers.img}" -IMG_SIZE=128 -AGENT_BIN=${AGENT_BIN:-kata-agent} -AGENT_INIT=${AGENT_INIT:-no} -DAX=${DAX:-no} -DAX_HEADER_SZ=2 +# Where the rootfs starts in MB +readonly rootfs_start=1 +# Where the rootfs ends in MB +readonly rootfs_end=-1 -usage() -{ - error="${1:-0}" +# DAX header size +# * NVDIMM driver reads the device namespace information from nvdimm namespace (4K offset). +# The MBR #1 + DAX metadata are saved in the first 2MB of the image. +readonly dax_header_sz=2 + +# DAX aligment +# * DAX huge pages [2]: 2MB alignment +# [2] - https://nvdimm.wiki.kernel.org/2mib_fs_dax +readonly dax_alignment=2 + +# In order to support memory hotplug, image must be aligned to +# memory section(size in MB) according to different architecture. +case "$(uname -m)" in + aarch64) readonly mem_boundary_mb=1024 ;; + *) readonly mem_boundary_mb=128 ;; +esac + +# shellcheck source=../scripts/lib.sh +source "${lib_file}" + +usage() { cat < This script will create a Kata Containers image file of @@ -38,299 +56,373 @@ Options: -r Free space of the root partition in MB ENV: ROOT_FREE_SPACE Extra environment variables: - AGENT_BIN: use it to change the expected agent binary name - AGENT_INIT: use kata agent as init process - DAX: If 'yes' will build the image with DAX support. The first 2 MB of the - resulting image are reserved for the device namespace information - (metadata) that is used by the guest kernel to enable DAX. + AGENT_BIN: Use it to change the expected agent binary name + AGENT_INIT: Use kata agent as init process + FS_TYPE: Filesystem type to use. Only xfs and ext4 are supported. USE_DOCKER: If set will build image in a Docker Container (requries docker) DEFAULT: not set - When DAX is 'yes', the following diagram shows how a 128M image will looks like: - .-----------------------------------. - |-- 2 MB --|-------- 126 MB --------| - | Metadata | Rootfs (/bin,/usr,etc) | - '-----------------------------------' +Following diagram shows how the resulting image will look like - The resulting image can be mounted if the offset of 2 MB is specified: - $ sudo losetup -v -fP -o $((2*1024*1024)) kata-containers.img + .-----------.----------.---------------.-----------. + | 0 - 512 B | 4 - 8 Kb | 2M - 2M+512B | 3M | + |-----------+----------+---------------+-----------+ + | MBR #1 | DAX | MBR #2 | Rootfs | + '-----------'----------'---------------'-----------+ + | | ^ | ^ + | '-data-' '--------' + | | + '--------rootfs-partition---------' + + +MBR: Master boot record. +DAX: Metadata required by the NVDIMM driver to enable DAX in the guest [1][2] (struct nd_pfn_sb). +Rootfs: partition that contains the root filesystem (/usr, /bin, ect). + +Kernels and hypervisors that support DAX/NVDIMM read the MBR #2, otherwise MBR #1 is read. + +[1] - https://github.com/kata-containers/osbuilder/blob/master/image-builder/nsdax.gpl.c +[2] - https://github.com/torvalds/linux/blob/master/drivers/nvdimm/pfn.h EOT -exit "${error}" } -# Maximum allowed size in MB for root disk -MAX_IMG_SIZE_MB=2048 -FS_TYPE=${FS_TYPE:-"ext4"} +# build the image using docker +build_with_docker() { + local rootfs="$1" + local image="$2" + local fs_type="$3" + local block_size="$4" + local root_free_space="$5" + local agent_bin="$6" + local agent_init="$7" + local docker_image_name="image-builder-osbuilder" -# In order to support memory hotplug, image must be aligned to memory section(size in MB) according to different architecture. -ARCH=$(uname -m) -case "$ARCH" in - aarch64) MEM_BOUNDARY_MB=1024 ;; - *) MEM_BOUNDARY_MB=128 ;; -esac - -# Maximum no of attempts to create a root disk before giving up -MAX_ATTEMPTS=5 - -ATTEMPT_NUM=0 -while getopts "ho:r:s:f:" opt -do - case "$opt" in - h) usage ;; - o) IMAGE="${OPTARG}" ;; - r) ROOT_FREE_SPACE="${OPTARG}" ;; - f) FS_TYPE="${OPTARG}" ;; - esac -done - -shift $(( $OPTIND - 1 )) - -ROOTFS="$1" - - -[ -n "${ROOTFS}" ] || usage -[ -d "${ROOTFS}" ] || die "${ROOTFS} is not a directory" - -ROOTFS=$(readlink -f ${ROOTFS}) -IMAGE_DIR=$(dirname ${IMAGE}) -IMAGE_DIR=$(readlink -f ${IMAGE_DIR}) -IMAGE_NAME=$(basename ${IMAGE}) - -if [ -n "${USE_DOCKER}" ] ; then - image_name="image-builder-osbuilder" + image_dir=$(readlink -f "$(dirname "${image}")") + image_name=$(basename "${image}") docker build \ - --build-arg http_proxy="${http_proxy}" \ - --build-arg https_proxy="${https_proxy}" \ - -t "${image_name}" "${script_dir}" + --build-arg http_proxy="${http_proxy}" \ + --build-arg https_proxy="${https_proxy}" \ + -t "${docker_image_name}" "${script_dir}" #Make sure we use a compatible runtime to build rootfs # In case Clear Containers Runtime is installed we dont want to hit issue: #https://github.com/clearcontainers/runtime/issues/828 docker run \ - --rm \ - --runtime runc \ - --privileged \ - --env IMG_SIZE="${IMG_SIZE}" \ - --env AGENT_INIT=${AGENT_INIT} \ - --env DAX="${DAX}" \ - --env DEBUG="${DEBUG}" \ - -v /dev:/dev \ - -v "${script_dir}":"/osbuilder" \ - -v "${script_dir}/../scripts":"/scripts" \ - -v "${ROOTFS}":"/rootfs" \ - -v "${IMAGE_DIR}":"/image" \ - ${image_name} \ - bash "/osbuilder/${script_name}" -o "/image/${IMAGE_NAME}" /rootfs - - exit $? -fi -# The kata rootfs image expect init and kata-agent to be installed -init_path="/sbin/init" -init="${ROOTFS}${init_path}" -[ -x "${init}" ] || [ -L ${init} ] || die "${init_path} is not installed in ${ROOTFS}" -OK "init is installed" - -if [ "${AGENT_INIT}" == "no" ] -then - systemd_path="/lib/systemd/systemd" - systemd="${ROOTFS}${systemd_path}" - [ -x "${systemd}" ] || [ -L ${systemd} ] || die "${systemd_path} is not installed in ${ROOTFS}" - OK "init is systemd" -fi - -[ "${AGENT_INIT}" == "yes" ] || [ -x "${ROOTFS}/usr/bin/${AGENT_BIN}" ] || \ - die "/usr/bin/${AGENT_BIN} is not installed in ${ROOTFS} - use AGENT_BIN env variable to change the expected agent binary name" -OK "Agent installed" - -ROOTFS_SIZE=$(du -B 1MB -s "${ROOTFS}" | awk '{print $1}') -BLOCK_SIZE=${BLOCK_SIZE:-4096} -OLD_IMG_SIZE=0 -ORIG_MEM_BOUNDARY_MB=${MEM_BOUNDARY_MB} - -align_memory() -{ - remaining=$(($IMG_SIZE % $MEM_BOUNDARY_MB)) - if [ "$remaining" != "0" ];then - warning "image size '$IMG_SIZE' is not aligned to memory boundary '$MEM_BOUNDARY_MB', aligning it" - IMG_SIZE=$(($IMG_SIZE + $MEM_BOUNDARY_MB - $remaining)) - fi - - - if [ "${DAX}" == "yes" ] ; then - # To support: - # * memory hotplug: the image size MUST BE aligned to MEM_BOUNDARY_MB (128 or 1024 MB) - # * DAX: NVDIMM driver reads the device namespace information from nvdimm namespace (4K offset). - # The namespace information is saved in the first 2MB of the image. - # * DAX huge pages [2]: 2MB alignment - # - # [1] - nd_pfn_validate(): https://github.com/torvalds/linux/blob/master/drivers/nvdimm/pfn_devs.c - # [2] - https://nvdimm.wiki.kernel.org/2mib_fs_dax - IMG_SIZE=$((IMG_SIZE-DAX_HEADER_SZ)) - fi + --rm \ + --runtime runc \ + --privileged \ + --env AGENT_BIN="${agent_bin}" \ + --env AGENT_INIT="${agent_init}" \ + --env FS_TYPE="${fs_type}" \ + --env BLOCK_SIZE="${block_size}" \ + --env ROOT_FREE_SPACE="${root_free_space}" \ + --env DEBUG="${DEBUG}" \ + -v /dev:/dev \ + -v "${script_dir}":"/osbuilder" \ + -v "${script_dir}/../scripts":"/scripts" \ + -v "${rootfs}":"/rootfs" \ + -v "${image_dir}":"/image" \ + ${docker_image_name} \ + bash "/osbuilder/${script_name}" -o "/image/${image_name}" /rootfs } -# Calculate image size based on the rootfs -calculate_img_size() -{ - IMG_SIZE=${IMG_SIZE:-$MEM_BOUNDARY_MB} - align_memory - if [ -n "$ROOT_FREE_SPACE" ] && [ "$IMG_SIZE" -gt "$ROOTFS_SIZE" ]; then - info "Ensure that root partition has at least ${ROOT_FREE_SPACE}MB of free space" - IMG_SIZE=$(($IMG_SIZE + $ROOT_FREE_SPACE)) +check_rootfs() { + local rootfs="${1}" + + [ -d "${rootfs}" ] || die "${rootfs} is not a directory" + + # The kata rootfs image expect init and kata-agent to be installed + init_path="/sbin/init" + init="${rootfs}${init_path}" + if [ ! -x "${init}" ] && [ ! -L "${init}" ]; then + error "${init_path} is not installed in ${rootfs}" + return 1 fi + OK "init is installed" + + # check agent or systemd + case "${AGENT_INIT}" in + "no") + systemd_path="/lib/systemd/systemd" + systemd="${rootfs}${systemd_path}" + if [ ! -x "${systemd}" ] && [ ! -L "${systemd}" ]; then + error "${systemd_path} is not installed in ${rootfs}" + return 1 + fi + OK "init is systemd" + ;; + + "yes") + agent_path="/usr/bin/${AGENT_BIN}" + agent="${rootfs}${agent_path}" + if [ ! -x "${agent}" ]; then + error "${agent_path} is not installed in ${rootfs}. Use AGENT_BIN env variable to change the expected agent binary name" + return 1 + fi + OK "Agent installed" + ;; + + *) + error "Invalid value for AGENT_INIT: '${AGENT_INIT}'. Use to 'yes' or 'no'" + return 1 + ;; + esac + + return 0 } -unmount() -{ - sync - umount -l ${MOUNT_DIR} - rmdir ${MOUNT_DIR} -} +calculate_required_disk_size() { + local rootfs="$1" + local fs_type="$2" + local block_size="$3" -detach() -{ - losetup -d "${DEVICE}" + readonly rootfs_size_mb=$(du -B 1MB -s "${rootfs}" | awk '{print $1}') + readonly image="$(mktemp)" + readonly mount_dir="$(mktemp -d)" + readonly max_tries=20 + readonly increment=10 - # From `man losetup` about -d option: - # Note that since Linux v3.7 kernel uses "lazy device destruction". - # The detach operation does not return EBUSY error anymore if - # device is actively used by system, but it is marked by autoclear - # flag and destroyed later - info "Waiting for ${DEVICE} to detach" - - local i=0 - local max_tries=5 - while [[ "$i" < "$max_tries" ]]; do - sleep 1 - # If either the 'p1' partition has disappeared or partprobe failed, then - # the loop device should be correctly detached - if ! [ -b "${DEVICE}p1" ] || ! partprobe -s ${DEVICE}; then - break + for i in $(seq 1 $max_tries); do + local img_size="$((rootfs_size_mb + (i * increment)))" + create_disk "${image}" "${img_size}" "${fs_type}" "${rootfs_start}" > /dev/null 2>&1 + if ! device="$(setup_loop_device "${image}")"; then + continue + fi + + format_loop "${device}" "${block_size}" > /dev/null 2>&1 + mount "${device}p1" "${mount_dir}" + avail="$(df -h --output=avail "${mount_dir}" | tail -n1 | sed 's/[M ]//g')" + umount "${mount_dir}" + losetup -d "${device}" + + if [ "${avail}" -gt "${rootfs_size_mb}" ]; then + rmdir "${mount_dir}" + rm -f "${image}" + echo "${img_size}" + return fi - ((i+=1)) - echo -n "." done - [[ "$i" == "$max_tries" ]] && die "Cannot detach ${DEVICE}" - info "detached" + + rmdir "${mount_dir}" + rm -f "${image}" + error "Could not calculate the required disk size" } +# Calculate image size based on the rootfs and free space +calculate_img_size() { + local rootfs="$1" + local root_free_space_mb="$2" + local fs_type="$3" + local block_size="$4" -create_rootfs_disk() -{ - ATTEMPT_NUM=$(($ATTEMPT_NUM+1)) - if [ ${ATTEMPT_NUM} -gt ${MAX_ATTEMPTS} ]; then - die "Unable to create root disk image." - fi - info "Create root disk image. Attempt ${ATTEMPT_NUM} out of ${MAX_ATTEMPTS}." + # rootfs start + DAX header size + rootfs end + local reserved_size_mb=$((rootfs_start + dax_header_sz + rootfs_end)) - calculate_img_size - if [ ${OLD_IMG_SIZE} -ne 0 ]; then - info "Image size ${OLD_IMG_SIZE}MB too small, trying again with size ${IMG_SIZE}MB" + disk_size="$(calculate_required_disk_size "${rootfs}" "${fs_type}" "${block_size}")" + + img_size="$((disk_size + reserved_size_mb))" + if [ -n "${root_free_space_mb}" ]; then + img_size="$((img_size + root_free_space_mb))" fi - info "Creating raw disk with size ${IMG_SIZE}M" - qemu-img create -q -f raw "${IMAGE}" "${IMG_SIZE}M" + remaining="$((img_size % mem_boundary_mb))" + if [ "${remaining}" != "0" ]; then + img_size=$((img_size + mem_boundary_mb - remaining)) + fi + + echo "${img_size}" +} + +setup_loop_device() { + local image="$1" + + # Get the loop device bound to the image file (requires /dev mounted in the + # image build system and root privileges) + device=$(losetup -P -f --show "${image}") + + #Refresh partition table + partprobe -s "${device}" > /dev/null + # Poll for the block device p1 + for _ in $(seq 1 5); do + if [ -b "${device}p1" ]; then + echo "${device}" + return 0 + fi + sleep 1 + done + + error "File ${device}p1 is not a block device" + return 1 +} + +format_loop() { + local device="$1" + local block_size="$2" + + case "${fs_type}" in + "${ext4_format}") + mkfs.ext4 -q -F -b "${block_size}" "${device}p1" + info "Set filesystem reserved blocks percentage to ${reserved_blocks_percentage}%" + tune2fs -m "${reserved_blocks_percentage}" "${device}p1" + ;; + + "${xfs_format}") + mkfs.xfs -q -f -b size="${block_size}" "${device}p1" + ;; + + *) + error "Unsupported fs type: ${fs_type}" + return 1 + ;; + esac +} + +create_disk() { + local image="$1" + local img_size="$2" + local fs_type="$3" + local part_start="$4" + + info "Creating raw disk with size ${img_size}M" + qemu-img create -q -f raw "${image}" "${img_size}M" OK "Image file created" # Kata runtime expect an image with just one partition # The partition is the rootfs content - info "Creating partitions" - parted -s -a optimal "${IMAGE}" \ - mklabel gpt -- \ - mkpart primary "${FS_TYPE}" 1M -1M \ - print + parted -s -a optimal "${image}" -- \ + mklabel msdos \ + mkpart primary "${fs_type}" "${part_start}"M "${rootfs_end}"M + OK "Partitions created" - - # Get the loop device bound to the image file (requires /dev mounted in the - # image build system and root privileges) - DEVICE=$(losetup -P -f --show "${IMAGE}") - - #Refresh partition table - partprobe -s "${DEVICE}" - # Poll for the block device p1 - local i=0 - local max_tries=5 - while [[ "$i" < "$max_tries" ]]; do - [ -b "${DEVICE}p1" ] && break - ((i+=1)) - echo -n "." - sleep 1 - done - [[ "$i" == "$max_tries" ]] && die "File ${DEVICE}p1 is not a block device" - - MOUNT_DIR=$(mktemp -d osbuilder-mount-dir.XXXX) - info "Formatting Image using ext4 filesystem" - mkfs.ext4 -q -F -b "${BLOCK_SIZE}" "${DEVICE}p1" - OK "Image formatted" - - info "Mounting root partition" - mount "${DEVICE}p1" "${MOUNT_DIR}" - OK "root partition mounted" - RESERVED_BLOCKS_PERCENTAGE=3 - info "Set filesystem reserved blocks percentage to ${RESERVED_BLOCKS_PERCENTAGE}%" - tune2fs -m "${RESERVED_BLOCKS_PERCENTAGE}" "${DEVICE}p1" - - AVAIL_DISK=$(df -B M --output=avail "${DEVICE}p1" | tail -1) - AVAIL_DISK=${AVAIL_DISK/M} - info "Free space root partition ${AVAIL_DISK} MB" - - # if the available disk space is less than rootfs size, repeat the process - # of disk creation by adding 5% in the inital assumed value $ROOTFS_SIZE - if [ $ROOTFS_SIZE -gt $AVAIL_DISK ]; then - # Increase the size but remain aligned to the original MEM_BOUNDARY_MB, which is stored in $ORIG_MEM_BOUNDARY_MB - MEM_BOUNDARY_MB=$((MEM_BOUNDARY_MB+ORIG_MEM_BOUNDARY_MB)) - OLD_IMG_SIZE=${IMG_SIZE} - unset IMG_SIZE - unmount - detach - rm -f ${IMAGE} - create_rootfs_disk - fi } -set_dax_metadata() -{ - dax_header_bytes=$((DAX_HEADER_SZ*1024*1024)) - info "Set device namespace information (metadata)" - # Fill out namespace information - tmp_img="$(mktemp)" - chmod 0644 "${tmp_img}" - # metadate header - dd if=/dev/zero of="${tmp_img}" bs="${DAX_HEADER_SZ}M" count=1 - # append image data (rootfs) - dd if="${IMAGE}" of="${tmp_img}" oflag=append conv=notrunc - # copy final image - mv "${tmp_img}" "${IMAGE}" +create_rootfs_image() { + local rootfs="$1" + local image="$2" + local img_size="$3" + local fs_type="$4" + local block_size="$5" + + create_disk "${image}" "${img_size}" "${fs_type}" "${rootfs_start}" + + if ! device="$(setup_loop_device "${image}")"; then + die "Could not setup loop device" + fi + + format_loop "${device}" "${block_size}" + + info "Mounting root partition" + readonly mount_dir=$(mktemp -d osbuilder-mount-dir.XXXX) + mount "${device}p1" "${mount_dir}" + OK "root partition mounted" + + info "Copying content from rootfs to root partition" + cp -a "${rootfs}"/* "${mount_dir}" + sync + OK "rootfs copied" + + info "Unmounting root partition" + umount "${mount_dir}" + OK "Root partition unmounted" + + if [ "${fs_type}" = "${ext4_format}" ]; then + fsck.ext4 -D -y "${device}p1" + fi + + losetup -d "${device}" + rmdir "${mount_dir}" +} + +set_dax_header() { + local image="$1" + local img_size="$2" + local fs_type="$3" + + # rootfs start + DAX header size + local rootfs_offset=$((rootfs_start + dax_header_sz)) + local header_image="${image}.header" + local dax_image="${image}.dax" + rm -f "${dax_image}" "${header_image}" + + create_disk "${header_image}" "${img_size}" "${fs_type}" "${rootfs_offset}" + + dax_header_bytes=$((dax_header_sz * 1024 * 1024)) + dax_alignment_bytes=$((dax_alignment * 1024 * 1024)) + info "Set DAX metadata" # Set metadata header # Issue: https://github.com/kata-containers/osbuilder/issues/240 gcc -O2 "${script_dir}/nsdax.gpl.c" -o "${script_dir}/nsdax" - "${script_dir}/nsdax" "${IMAGE}" "${dax_header_bytes}" "${dax_header_bytes}" + "${script_dir}/nsdax" "${header_image}" "${dax_header_bytes}" "${dax_alignment_bytes}" sync + + touch "${dax_image}" + # Copy MBR #1 + DAX metadata + dd if="${header_image}" of="${dax_image}" bs="${dax_header_sz}M" count=1 + # Copy MBR #2 + Rootfs + dd if="${image}" of="${dax_image}" oflag=append conv=notrunc + # final image + mv "${dax_image}" "${image}" + sync + + rm -f "${dax_image}" "${header_image}" } -create_rootfs_disk +main() { + [ "$(id -u)" -eq 0 ] || die "$0: must be run as root" -info "rootfs size ${ROOTFS_SIZE} MB" -info "Copying content from rootfs to root partition" -cp -a "${ROOTFS}"/* ${MOUNT_DIR} -sync -OK "rootfs copied" + # variables that can be overwritten by environment variables + local agent_bin="${AGENT_BIN:-kata-agent}" + local agent_init="${AGENT_INIT:-no}" + local fs_type="${FS_TYPE:-${ext4_format}}" + local image="${IMAGE:-kata-containers.img}" + local block_size="${BLOCK_SIZE:-4096}" + local root_free_space="${ROOT_FREE_SPACE:-}" -unmount -# Optimize -fsck.ext4 -D -y "${DEVICE}p1" -detach + while getopts "ho:r:f:" opt + do + case "$opt" in + h) usage; return 0;; + o) image="${OPTARG}" ;; + r) root_free_space="${OPTARG}" ;; + f) fs_type="${OPTARG}" ;; + *) break ;; + esac + done -if [ "${DAX}" == "yes" ] ; then - set_dax_metadata -fi + shift $(( OPTIND - 1 )) + rootfs="$(readlink -f "$1")" + if [ -z "${rootfs}" ]; then + usage + exit 0 + fi -info "Image created. Virtual size: ${IMG_SIZE}MB." + if [ -n "${USE_DOCKER}" ] ; then + build_with_docker "${rootfs}" "${image}" "${fs_type}" "${block_size}" \ + "${root_free_space}" "${agent_bin}" "${agent_init}" + exit $? + fi + + if ! check_rootfs "${rootfs}" ; then + die "Invalid rootfs" + fi + + img_size=$(calculate_img_size "${rootfs}" "${root_free_space}" "${fs_type}" "${block_size}") + + # the first 2M are for the first MBR + NVDIMM metadata and were already + # consider in calculate_img_size + rootfs_img_size=$((img_size - dax_header_sz)) + create_rootfs_image "${rootfs}" "${image}" "${rootfs_img_size}" \ + "${fs_type}" "${block_size}" + + # insert at the beginning of the image the MBR + DAX header + set_dax_header "${image}" "${img_size}" "${fs_type}" +} + +main "$@" From c1d9510cb30960275a92a1b8d21fe1b879424336 Mon Sep 17 00:00:00 2001 From: Stefan Hajnoczi Date: Thu, 28 Mar 2019 13:52:08 +0000 Subject: [PATCH 192/307] rootfs-builder: SELinux relabel container volumes rootfs.sh fails on machines with SELinux in enforcing mode if the volumes aren't labelled. This patch labels volumes so the container is able to access them. In order to do this rootfs directory creation must be moved before the Docker container is started. Previously docker-run(1) would create the rootfs directory in the USE_DOCKER case. Signed-off-by: Stefan Hajnoczi Fixes: #266 --- rootfs-builder/rootfs.sh | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/rootfs-builder/rootfs.sh b/rootfs-builder/rootfs.sh index fe49302d2..cafd6841e 100755 --- a/rootfs-builder/rootfs.sh +++ b/rootfs-builder/rootfs.sh @@ -305,6 +305,8 @@ if [ -z "$INSIDE_CONTAINER" ] ; then trap error_handler ERR fi +mkdir -p ${ROOTFS_DIR} + if [ -n "${USE_DOCKER}" ] ; then image_name="${distro}-rootfs-osbuilder" @@ -330,6 +332,17 @@ if [ -n "${USE_DOCKER}" ] ; then docker_run_args+=" $(docker_extra_args $distro)" + # Relabel volumes so SELinux allows access (see docker-run(1)) + if which selinuxenabled 2&>1 >/dev/null && selinuxenabled ; then + for volume_dir in "${script_dir}" \ + "${ROOTFS_DIR}" \ + "${script_dir}/../scripts" \ + "${kernel_mod_dir}" \ + "${GOPATH_LOCAL}"; do + chcon -Rt svirt_sandbox_file_t "$volume_dir" + done + fi + #Make sure we use a compatible runtime to build rootfs # In case Clear Containers Runtime is installed we dont want to hit issue: #https://github.com/clearcontainers/runtime/issues/828 @@ -359,7 +372,6 @@ if [ -n "${USE_DOCKER}" ] ; then exit $? fi -mkdir -p ${ROOTFS_DIR} build_rootfs ${ROOTFS_DIR} pushd "${ROOTFS_DIR}" >> /dev/null if [ "$PWD" != "/" ] ; then From c72c95496e8dbb28405596f9c927b4a96d35abb6 Mon Sep 17 00:00:00 2001 From: Stefan Hajnoczi Date: Thu, 28 Mar 2019 13:59:15 +0000 Subject: [PATCH 193/307] rootfs-builder: add rootfs.sh DOCKER_RUNTIME env var On some systems the "runc" runtime isn't available or has a different name. Allow the user to override the Docker runtime. Signed-off-by: Stefan Hajnoczi Fixes: #268 --- rootfs-builder/rootfs.sh | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/rootfs-builder/rootfs.sh b/rootfs-builder/rootfs.sh index fe49302d2..fdce3846f 100755 --- a/rootfs-builder/rootfs.sh +++ b/rootfs-builder/rootfs.sh @@ -16,6 +16,7 @@ AGENT_BIN=${AGENT_BIN:-kata-agent} AGENT_INIT=${AGENT_INIT:-no} KERNEL_MODULES_DIR=${KERNEL_MODULES_DIR:-""} OSBUILDER_VERSION="unknown" +DOCKER_RUNTIME=${DOCKER_RUNTIME:-runc} export GOPATH=${GOPATH:-${HOME}/go} lib_file="${script_dir}/../scripts/lib.sh" @@ -103,6 +104,9 @@ USE_DOCKER If set, build the rootfs inside a container (requires Docker). Default value: +DOCKER_RUNTIME Docker runtime to use when USE_DOCKER is set. + Default value: runc + Refer to the Platform-OS Compatibility Matrix for more details on the supported architectures: https://github.com/kata-containers/osbuilder#platform-distro-compatibility-matrix @@ -319,7 +323,7 @@ if [ -n "${USE_DOCKER}" ] ; then docker_run_args="" docker_run_args+=" --rm" - docker_run_args+=" --runtime runc" + docker_run_args+=" --runtime ${DOCKER_RUNTIME}" if [ -z "${AGENT_SOURCE_BIN}" ] ; then docker_run_args+=" --env GO_AGENT_PKG=${GO_AGENT_PKG}" From 8debe95b61b1ca3f2cfce5695c33ba6ff8ecc9fa Mon Sep 17 00:00:00 2001 From: Julio Montes Date: Thu, 28 Mar 2019 15:10:16 -0600 Subject: [PATCH 194/307] image-builder: add fs type Add filesystem type to format the loop device. fixes #270 Signed-off-by: Julio Montes --- image-builder/image_builder.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/image-builder/image_builder.sh b/image-builder/image_builder.sh index d2d622e64..e32c23184 100755 --- a/image-builder/image_builder.sh +++ b/image-builder/image_builder.sh @@ -194,7 +194,7 @@ calculate_required_disk_size() { continue fi - format_loop "${device}" "${block_size}" > /dev/null 2>&1 + format_loop "${device}" "${block_size}" "${fs_type}" > /dev/null 2>&1 mount "${device}p1" "${mount_dir}" avail="$(df -h --output=avail "${mount_dir}" | tail -n1 | sed 's/[M ]//g')" umount "${mount_dir}" @@ -264,6 +264,7 @@ setup_loop_device() { format_loop() { local device="$1" local block_size="$2" + local fs_type="$3" case "${fs_type}" in "${ext4_format}") @@ -316,7 +317,7 @@ create_rootfs_image() { die "Could not setup loop device" fi - format_loop "${device}" "${block_size}" + format_loop "${device}" "${block_size}" "${fs_type}" info "Mounting root partition" readonly mount_dir=$(mktemp -d osbuilder-mount-dir.XXXX) From 77fb8085f41355be2470f7103e174b8cfe500ba7 Mon Sep 17 00:00:00 2001 From: Julio Montes Date: Fri, 29 Mar 2019 07:47:22 -0600 Subject: [PATCH 195/307] image-builder: check format_loop return code check format_loop return code and die if it fails Signed-off-by: Julio Montes --- image-builder/image_builder.sh | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/image-builder/image_builder.sh b/image-builder/image_builder.sh index e32c23184..9393d8b9f 100755 --- a/image-builder/image_builder.sh +++ b/image-builder/image_builder.sh @@ -194,7 +194,9 @@ calculate_required_disk_size() { continue fi - format_loop "${device}" "${block_size}" "${fs_type}" > /dev/null 2>&1 + if ! format_loop "${device}" "${block_size}" "${fs_type}" > /dev/null 2>&1 ; then + die "Could not format loop device: ${device}" + fi mount "${device}p1" "${mount_dir}" avail="$(df -h --output=avail "${mount_dir}" | tail -n1 | sed 's/[M ]//g')" umount "${mount_dir}" @@ -317,7 +319,9 @@ create_rootfs_image() { die "Could not setup loop device" fi - format_loop "${device}" "${block_size}" "${fs_type}" + if ! format_loop "${device}" "${block_size}" "${fs_type}"; then + die "Could not format loop device: ${device}" + fi info "Mounting root partition" readonly mount_dir=$(mktemp -d osbuilder-mount-dir.XXXX) From 88b85231ca6a21820f38887eac89c9a6c014c2f4 Mon Sep 17 00:00:00 2001 From: Julio Montes Date: Mon, 1 Apr 2019 09:18:28 -0600 Subject: [PATCH 196/307] image-builder: share the mkfs configuration file Share with the container the mkfs configuration file to use only the filesystem features supported in the host. fixes #270 Signed-off-by: Julio Montes --- image-builder/image_builder.sh | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/image-builder/image_builder.sh b/image-builder/image_builder.sh index 9393d8b9f..60d6a5769 100755 --- a/image-builder/image_builder.sh +++ b/image-builder/image_builder.sh @@ -99,6 +99,7 @@ build_with_docker() { local agent_bin="$6" local agent_init="$7" local docker_image_name="image-builder-osbuilder" + local shared_files="" image_dir=$(readlink -f "$(dirname "${image}")") image_name=$(basename "${image}") @@ -108,6 +109,11 @@ build_with_docker() { --build-arg https_proxy="${https_proxy}" \ -t "${docker_image_name}" "${script_dir}" + readonly mke2fs_conf="/etc/mke2fs.conf" + if [ -f "${mke2fs_conf}" ]; then + shared_files+="-v ${mke2fs_conf}:${mke2fs_conf}:ro " + fi + #Make sure we use a compatible runtime to build rootfs # In case Clear Containers Runtime is installed we dont want to hit issue: #https://github.com/clearcontainers/runtime/issues/828 @@ -126,6 +132,7 @@ build_with_docker() { -v "${script_dir}/../scripts":"/scripts" \ -v "${rootfs}":"/rootfs" \ -v "${image_dir}":"/image" \ + ${shared_files} \ ${docker_image_name} \ bash "/osbuilder/${script_name}" -o "/image/${image_name}" /rootfs } From c00849b0bcbd8d7bf18e4faf061b273fe28c79af Mon Sep 17 00:00:00 2001 From: Julio Montes Date: Tue, 2 Apr 2019 11:48:19 -0600 Subject: [PATCH 197/307] rootfs-builder: remove /var/log /var/log is not required in the rootfs fixes #254 Signed-off-by: Julio Montes --- rootfs-builder/rootfs.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rootfs-builder/rootfs.sh b/rootfs-builder/rootfs.sh index c8f5f6bdb..b5d2587a1 100755 --- a/rootfs-builder/rootfs.sh +++ b/rootfs-builder/rootfs.sh @@ -379,7 +379,7 @@ fi build_rootfs ${ROOTFS_DIR} pushd "${ROOTFS_DIR}" >> /dev/null if [ "$PWD" != "/" ] ; then - rm -rf ./var/cache/ ./var/lib + rm -rf ./var/cache/ ./var/lib ./var/log fi popd >> /dev/null From 7465fde3086ed10a7d00fbb02c16fc1047743588 Mon Sep 17 00:00:00 2001 From: katacontainers bot Date: Wed, 17 Apr 2019 17:38:46 +0000 Subject: [PATCH 198/307] release: Kata Containers 1.7.0-alpha1 - image-builder: share the mkfs configuration file - rootfs-builder: add rootfs.sh DOCKER_RUNTIME env var - rootfs-builder: SELinux relabel container volumes - image-builder: add fs type - image-builder: re-implement image builder script - builder: Pass the DEBUG flag when using docker - Add chrony to image - Print attempt number after max check 88b8523 image-builder: share the mkfs configuration file 77fb808 image-builder: check format_loop return code 8debe95 image-builder: add fs type c72c954 rootfs-builder: add rootfs.sh DOCKER_RUNTIME env var c1d9510 rootfs-builder: SELinux relabel container volumes d8cdd88 image-builder: re-implement image builder script f32ae14 tests: remove DAX env variable f355c02 tests: enable DEBUG 6c7f307 image-builder: add xfsprogs to Dockerfile ad6e1a9 scripts: implement error function 0d2ba47 builder: Pass the DEBUG flag when using docker e16ff37 chrony: Comment out any NTP sources for chrony 3df19ff chrony: Add virtual PTP as source for chrony ad5d879 rootfs: Print attempt number after max check 8fe6405 rootfs: Include chrony in the Dockerfile images 0b33519 rootfs: add PACKAGE var to debian config 510ddd2 rootfs: Add chrony service to rootfs Signed-off-by: katacontainers bot --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index dc1e644a1..0d191ce77 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.6.0 +1.7.0-alpha1 From 0013352d9bc77963bdfc3867baa6fefad5912b1b Mon Sep 17 00:00:00 2001 From: Marco Vedovati Date: Fri, 26 Apr 2019 15:19:26 +0200 Subject: [PATCH 199/307] make: add nsdax source to install-scripts target nsdax.gpl.c is required by image_builder.sh Fixes: #283 Signed-off-by: Marco Vedovati --- Makefile | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/Makefile b/Makefile index 52c451cb9..a51dd79e8 100644 --- a/Makefile +++ b/Makefile @@ -98,9 +98,10 @@ SCRIPTS += rootfs-builder/rootfs.sh SCRIPTS += image-builder/image_builder.sh SCRIPTS += initrd-builder/initrd_builder.sh -FILES := -FILES += rootfs-builder/versions.txt -FILES += scripts/lib.sh +HELPER_FILES := +HELPER_FILES += rootfs-builder/versions.txt +HELPER_FILES += scripts/lib.sh +HELPER_FILES += image-builder/nsdax.gpl.c define INSTALL_FILE echo "Installing $(abspath $2/$1)"; @@ -117,7 +118,7 @@ install-scripts: @echo "Installing scripts" @$(foreach f,$(SCRIPTS),$(call INSTALL_SCRIPT,$f,$(INSTALL_DIR))) @echo "Installing helper files" - @$(foreach f,$(FILES),$(call INSTALL_FILE,$f,$(INSTALL_DIR))) + @$(foreach f,$(HELPER_FILES),$(call INSTALL_FILE,$f,$(INSTALL_DIR))) @echo "Installing installing config files" @$(foreach f,$(DIST_CONFIGS),$(call INSTALL_FILE,$f,$(INSTALL_DIR))) From 7cfe5b4dd21e7c0072ba3e505b0a0d547d099f3f Mon Sep 17 00:00:00 2001 From: Marco Vedovati Date: Fri, 26 Apr 2019 15:20:31 +0200 Subject: [PATCH 200/307] image-builder: set default value of AGENT_INIT Set as default AGENT_INIT=no when not explicitly set, to make it consistent with the other scripts in osbuilder Signed-off-by: Marco Vedovati --- image-builder/image_builder.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/image-builder/image_builder.sh b/image-builder/image_builder.sh index 60d6a5769..44e15d6b7 100755 --- a/image-builder/image_builder.sh +++ b/image-builder/image_builder.sh @@ -34,6 +34,10 @@ readonly dax_header_sz=2 # [2] - https://nvdimm.wiki.kernel.org/2mib_fs_dax readonly dax_alignment=2 +# Set a default value +AGENT_INIT=${AGENT_INIT:-no} + + # In order to support memory hotplug, image must be aligned to # memory section(size in MB) according to different architecture. case "$(uname -m)" in From c5a17f7f4f520ffcd622ebebeaf21030b8086706 Mon Sep 17 00:00:00 2001 From: "James O. D. Hunt" Date: Thu, 18 Apr 2019 15:58:32 +0100 Subject: [PATCH 201/307] docs: Fix markdown Resolve issues with markdown in this repo. Fixes #278. Signed-off-by: James O. D. Hunt --- rootfs-builder/README.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/rootfs-builder/README.md b/rootfs-builder/README.md index 56604fbc1..226df4ff1 100644 --- a/rootfs-builder/README.md +++ b/rootfs-builder/README.md @@ -1,12 +1,12 @@ * [Supported base OSs](#supported-base-oss) * [Creating a rootfs](#creating-a-rootfs) -* [Creating a rootfs with kernel modules](#creating-a-rootfs-with-kenrel-modules) -* [Build a rootfs using Docker*](#build-a-rootfs-using-docker*) +* [Creating a rootfs with kernel modules](#creating-a-rootfs-with-kernel-modules) +* [Build a rootfs using Docker*](#build-a-rootfs-using-docker) * [Adding support for a new guest OS](#adding-support-for-a-new-guest-os) * [Create template files](#create-template-files) * [Modify template files](#modify-template-files) * [Expected rootfs directory content](#expected-rootfs-directory-content) - * [(optional) Customise the rootfs](#(optional)-customise-the-rootfs) + * [Optional - Customise the rootfs](#optional---customise-the-rootfs) * [Adding extra packages](#adding-extra-packages) * [Arbitary rootfs changes](#arbitary-rootfs-changes) @@ -61,7 +61,7 @@ $ sudo KERNEL_MODULES_DIR=${kernel_mod_dir} ./rootfs.sh Where `kernel_mod_dir` points to the kernel modules directory to be put under the `/lib/modules/` directory of the created rootfs. -## Build a rootfs using Docker* +## Build a rootfs using Docker Depending on the base OS to build the rootfs guest OS, it is required some specific programs that probably are not available or installed in the system @@ -157,7 +157,7 @@ After the new directory structure is created: After the function `build_rootfs` is called, the script expects the rootfs directory to contain `/sbin/init` and `/sbin/kata-agent` binaries. -### (optional) Customise the rootfs +### Optional - Customise the rootfs For particular use cases developers might want to modify the guest OS. From 9a8f1688d5e82b7f9cb75bdb536d24dd6777dd28 Mon Sep 17 00:00:00 2001 From: Marco Vedovati Date: Tue, 7 May 2019 12:23:18 +0200 Subject: [PATCH 202/307] rootfs: use command vs which, avoid "1" file creation Replace "which" with "command", that's a bash built-in and should not generate any stderr messages. This also fixex the spurious creating of "1" file in the repo root because of a typo in stderr redirect. Fixes: #286 Signed-off-by: Marco Vedovati --- rootfs-builder/rootfs.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rootfs-builder/rootfs.sh b/rootfs-builder/rootfs.sh index b5d2587a1..000ba5f98 100755 --- a/rootfs-builder/rootfs.sh +++ b/rootfs-builder/rootfs.sh @@ -337,7 +337,7 @@ if [ -n "${USE_DOCKER}" ] ; then docker_run_args+=" $(docker_extra_args $distro)" # Relabel volumes so SELinux allows access (see docker-run(1)) - if which selinuxenabled 2&>1 >/dev/null && selinuxenabled ; then + if command -v selinuxenabled > /dev/null && selinuxenabled ; then for volume_dir in "${script_dir}" \ "${ROOTFS_DIR}" \ "${script_dir}/../scripts" \ @@ -388,7 +388,7 @@ popd >> /dev/null chrony_conf_file="${ROOTFS_DIR}/etc/chrony.conf" if [ ${distro} == ubuntu ] || [ ${distro} == debian ] ; then chrony_conf_file="${ROOTFS_DIR}/etc/chrony/chrony.conf" -fi +fi info "Configure chrony file ${chrony_conf_file}" echo "refclock PHC /dev/ptp0 poll 3 dpoll -2 offset 0" >> ${chrony_conf_file} From b9d9009cd9a30a7ecdc1f6eec9799e0c4a87eb5f Mon Sep 17 00:00:00 2001 From: katacontainersbot Date: Thu, 9 May 2019 00:23:56 +0000 Subject: [PATCH 203/307] release: Kata Containers 1.7.0-rc1 - docs: Fix markdown - make: add nsdax source to install-scripts target - rootfs-builder: remove /var/log c5a17f7 docs: Fix markdown 7cfe5b4 image-builder: set default value of AGENT_INIT 0013352 make: add nsdax source to install-scripts target c00849b rootfs-builder: remove /var/log Signed-off-by: katacontainersbot --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index 0d191ce77..57dfe270d 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.7.0-alpha1 +1.7.0-rc1 From 02b3b3b97766c46133ea89f8340459ccba12678a Mon Sep 17 00:00:00 2001 From: Julio Montes Date: Thu, 16 May 2019 11:16:29 -0500 Subject: [PATCH 204/307] image-builder: remove unneeded systemd units and files Remove systemd units and files that are not needed in Kata Containers. Removing this files we can improve the boot time. fixes #289 Signed-off-by: Julio Montes --- image-builder/Dockerfile | 2 +- image-builder/image_builder.sh | 38 ++++++++++++++++++++++++++++++++++ 2 files changed, 39 insertions(+), 1 deletion(-) diff --git a/image-builder/Dockerfile b/image-builder/Dockerfile index 0d1107ee7..457070f65 100644 --- a/image-builder/Dockerfile +++ b/image-builder/Dockerfile @@ -7,4 +7,4 @@ From fedora:latest RUN [ -n "$http_proxy" ] && sed -i '$ a proxy='$http_proxy /etc/dnf/dnf.conf ; true -RUN dnf install -y qemu-img parted gdisk e2fsprogs gcc xfsprogs +RUN dnf install -y qemu-img parted gdisk e2fsprogs gcc xfsprogs findutils diff --git a/image-builder/image_builder.sh b/image-builder/image_builder.sh index 44e15d6b7..fcb0eff14 100755 --- a/image-builder/image_builder.sh +++ b/image-builder/image_builder.sh @@ -34,6 +34,31 @@ readonly dax_header_sz=2 # [2] - https://nvdimm.wiki.kernel.org/2mib_fs_dax readonly dax_alignment=2 +# The list of systemd units and files that are not needed in Kata Containers +readonly -a systemd_units=( + "systemd-coredump@" + "systemd-journald" + "systemd-journald-dev-log" + "systemd-journal-flush" + "systemd-random-seed" + "systemd-timesyncd" + "systemd-tmpfiles-setup" + "systemd-udevd" + "systemd-udevd-control" + "systemd-udevd-kernel" + "systemd-udev-trigger" + "systemd-update-utmp" +) + +readonly -a systemd_files=( + "systemd-bless-boot-generator" + "systemd-fstab-generator" + "systemd-getty-generator" + "systemd-gpt-auto-generator" + "systemd-tmpfiles-cleanup.timer" + "tmp.mount" +) + # Set a default value AGENT_INIT=${AGENT_INIT:-no} @@ -344,6 +369,19 @@ create_rootfs_image() { sync OK "rootfs copied" + info "Removing unneeded systemd services and sockets" + for u in "${systemd_units[@]}"; do + find "${mount_dir}" -type f \( \ + -name "${u}.service" -o \ + -name "${u}.socket" \) \ + -exec rm -f {} \; + done + + info "Removing unneeded systemd files" + for u in "${systemd_files[@]}"; do + find "${mount_dir}" -type f -name "${u}" -exec rm -f {} \; + done + info "Unmounting root partition" umount "${mount_dir}" OK "Root partition unmounted" From d8c5706cffe337bb2b0fc97a251ade5af0e82031 Mon Sep 17 00:00:00 2001 From: "James O. D. Hunt" Date: Tue, 21 May 2019 10:51:05 +0100 Subject: [PATCH 205/307] rootfs: Don't hardcode alpine version for golang images Remove the version of alpine used when pulling golang docker images. This ensures the latest version of alpine is used and resolves the maintenance issue when old versions of alpine are dropped. Fixes: #293. Signed-off-by: James O. D. Hunt --- rootfs-builder/alpine/Dockerfile.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rootfs-builder/alpine/Dockerfile.in b/rootfs-builder/alpine/Dockerfile.in index 1b150626f..5208043d1 100644 --- a/rootfs-builder/alpine/Dockerfile.in +++ b/rootfs-builder/alpine/Dockerfile.in @@ -3,6 +3,6 @@ # # SPDX-License-Identifier: Apache-2.0 -From golang:@GO_VERSION@-alpine3.7 +From golang:@GO_VERSION@-alpine RUN apk update && apk add git make bash gcc musl-dev linux-headers apk-tools-static libseccomp libseccomp-dev From 456be6709443221088ce7ad5f7c91cffe4d4774e Mon Sep 17 00:00:00 2001 From: Julio Montes Date: Mon, 22 Apr 2019 14:30:38 -0500 Subject: [PATCH 206/307] rootfs-builder: fix chrony service Chrony service is not started because it requires a private temporal directory, these directories can't be created in read-only filesystems. Create a symlink to /tmp in /var allowing systemd to create private temporal directories. fixes #280 Signed-off-by: Julio Montes --- rootfs-builder/rootfs.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/rootfs-builder/rootfs.sh b/rootfs-builder/rootfs.sh index 000ba5f98..7e8baa693 100755 --- a/rootfs-builder/rootfs.sh +++ b/rootfs-builder/rootfs.sh @@ -381,6 +381,10 @@ pushd "${ROOTFS_DIR}" >> /dev/null if [ "$PWD" != "/" ] ; then rm -rf ./var/cache/ ./var/lib ./var/log fi + +info "Create symlink to /tmp in /var to create private temporal directories with systemd" +rm -rf ./var/tmp +ln -s ../tmp ./var/ popd >> /dev/null [ -n "${KERNEL_MODULES_DIR}" ] && copy_kernel_modules ${KERNEL_MODULES_DIR} ${ROOTFS_DIR} From a438d086b2b5443f3c794e94bbc04bb65061b20e Mon Sep 17 00:00:00 2001 From: Julio Montes Date: Wed, 22 May 2019 12:22:59 -0500 Subject: [PATCH 207/307] image-builder: create /etc/machine-id systemd complains if `/etc/machine-id` does not exist. Create the `machine-id` file to make systemd happy, it'll bind-mount that file to write the machine id. fixes #296 fixes github.com/kata-containers/runtime#1537 Signed-off-by: Julio Montes --- image-builder/image_builder.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/image-builder/image_builder.sh b/image-builder/image_builder.sh index fcb0eff14..753f34abb 100755 --- a/image-builder/image_builder.sh +++ b/image-builder/image_builder.sh @@ -382,6 +382,9 @@ create_rootfs_image() { find "${mount_dir}" -type f -name "${u}" -exec rm -f {} \; done + info "Creating empty machine-id to allow systemd to bind-mount it" + touch "${mount_dir}/etc/machine-id" + info "Unmounting root partition" umount "${mount_dir}" OK "Root partition unmounted" From 14534717c7fa9d9c49ef72e639cfac5df7f355e5 Mon Sep 17 00:00:00 2001 From: "James O. D. Hunt" Date: Fri, 24 May 2019 09:05:44 +0100 Subject: [PATCH 208/307] docs: Fix spelling and formatting Correct spelling mistakes and resolve formatting issues. Fixes: #298. Signed-off-by: James O. D. Hunt --- CODE_OF_CONDUCT.md | 2 +- README.md | 2 +- rootfs-builder/README.md | 7 ++++--- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md index 5a9e27d2f..d73eb8f46 100644 --- a/CODE_OF_CONDUCT.md +++ b/CODE_OF_CONDUCT.md @@ -1,3 +1,3 @@ -## Kata Containers OSBuiler Code of Conduct +## Kata Containers osbuilder Code of Conduct Kata Containers follows the [OpenStack Foundation Code of Conduct](https://www.openstack.org/legal/community-code-of-conduct/). diff --git a/README.md b/README.md index c65ced161..05911657a 100644 --- a/README.md +++ b/README.md @@ -120,7 +120,7 @@ For further details, see [the tests documentation](tests/README.md). ## Platform-Distro Compatibility Matrix -| |Alpine |CentOS |ClearLinux |Debian/Ubuntu |EulerOS |Fedora |openSUSE | +| |Alpine |CentOS |Clear Linux |Debian/Ubuntu |EulerOS |Fedora |openSUSE | |-- |-- |-- |-- |-- |-- |-- |-- | |**ARM64** |:heavy_check_mark:|:heavy_check_mark:| | |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:| |**PPC64le**|:heavy_check_mark:|:heavy_check_mark:| |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:| diff --git a/rootfs-builder/README.md b/rootfs-builder/README.md index 226df4ff1..861a48007 100644 --- a/rootfs-builder/README.md +++ b/rootfs-builder/README.md @@ -1,14 +1,15 @@ * [Supported base OSs](#supported-base-oss) +* [Rootfs requirements](#rootfs-requirements) * [Creating a rootfs](#creating-a-rootfs) * [Creating a rootfs with kernel modules](#creating-a-rootfs-with-kernel-modules) -* [Build a rootfs using Docker*](#build-a-rootfs-using-docker) +* [Build a rootfs using Docker](#build-a-rootfs-using-docker) * [Adding support for a new guest OS](#adding-support-for-a-new-guest-os) * [Create template files](#create-template-files) * [Modify template files](#modify-template-files) * [Expected rootfs directory content](#expected-rootfs-directory-content) * [Optional - Customise the rootfs](#optional---customise-the-rootfs) * [Adding extra packages](#adding-extra-packages) - * [Arbitary rootfs changes](#arbitary-rootfs-changes) + * [Arbitrary rootfs changes](#arbitrary-rootfs-changes) # Building a Guest OS rootfs for Kata Containers @@ -186,7 +187,7 @@ To add additional packages, use one of the following methods: configuration file must use the package names from the distro for which they were created. -#### Arbitary rootfs changes +#### Arbitrary rootfs changes Once the rootfs directory is created, you can add and remove files as needed. Changes affect the files included in the final guest image. From 6f294f43d4169b431d6de00adce93664b5a67741 Mon Sep 17 00:00:00 2001 From: Archana Shinde Date: Thu, 30 May 2019 15:12:05 -0700 Subject: [PATCH 209/307] tmp: Do not remove tmp.mount unit file from the rootfs We should start this unit so that systemd can mount /tmp as tmpfs. Fixes #300 Signed-off-by: Archana Shinde --- image-builder/image_builder.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/image-builder/image_builder.sh b/image-builder/image_builder.sh index 753f34abb..277c4de89 100755 --- a/image-builder/image_builder.sh +++ b/image-builder/image_builder.sh @@ -56,7 +56,6 @@ readonly -a systemd_files=( "systemd-getty-generator" "systemd-gpt-auto-generator" "systemd-tmpfiles-cleanup.timer" - "tmp.mount" ) # Set a default value From adee8b0e354737c7981cb886e6444c324f08a842 Mon Sep 17 00:00:00 2001 From: Archana Shinde Date: Fri, 31 May 2019 14:35:20 -0700 Subject: [PATCH 210/307] clear: Add util-linux-bin package to Clearlinux rootfs This package contains mount command among several other commands. Unlike other distros, this package is not auto-pulled with systemd. Add this package explicitly. Fixes #302 Signed-off-by: Archana Shinde --- rootfs-builder/clearlinux/config.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rootfs-builder/clearlinux/config.sh b/rootfs-builder/clearlinux/config.sh index 206648335..25da8e030 100644 --- a/rootfs-builder/clearlinux/config.sh +++ b/rootfs-builder/clearlinux/config.sh @@ -15,7 +15,7 @@ clr_url="https://download.clearlinux.org" BASE_URL="${clr_url}/releases/${OS_VERSION}/${REPO_NAME}/${ARCH}/os/" -PACKAGES="iptables-bin libudev0-shim chrony" +PACKAGES="util-linux-bin iptables-bin libudev0-shim chrony" #Optional packages: # systemd: An init system that will start kata-agent if kata-agent From 92b42c7f6d28a6912d6a84d95e50c767e540f5a1 Mon Sep 17 00:00:00 2001 From: Marco Vedovati Date: Fri, 17 May 2019 18:50:47 +0200 Subject: [PATCH 211/307] agent: detect required Go version from versions.yaml Detect the Go version required to build the agent from the versions.yaml file in the runtime repository. Fixes: #291 Signed-off-by: Marco Vedovati --- .ci/lib.sh | 1 - .ci/setup.sh | 7 ++++++- rootfs-builder/alpine/Dockerfile.in | 12 +++++++++++- rootfs-builder/centos/Dockerfile.in | 10 +++++++++- rootfs-builder/clearlinux/Dockerfile.in | 11 ++++++++++- rootfs-builder/euleros/Dockerfile.in | 9 ++++++++- rootfs-builder/fedora/Dockerfile.in | 12 +++++++++++- rootfs-builder/rootfs.sh | 18 +++++++++++++++--- rootfs-builder/versions.txt | 1 - 9 files changed, 70 insertions(+), 11 deletions(-) delete mode 100644 rootfs-builder/versions.txt diff --git a/.ci/lib.sh b/.ci/lib.sh index 5f0db4561..f9bfcbc5c 100644 --- a/.ci/lib.sh +++ b/.ci/lib.sh @@ -20,6 +20,5 @@ clone_tests_repo() run_static_checks() { - clone_tests_repo bash "$tests_repo_dir/.ci/static-checks.sh" "github.com/kata-containers/osbuilder" } diff --git a/.ci/setup.sh b/.ci/setup.sh index 8ddded15b..e6ddc587a 100755 --- a/.ci/setup.sh +++ b/.ci/setup.sh @@ -22,8 +22,13 @@ elif [ "$ID" == ubuntu ];then sudo apt-get -qq update sudo apt-get install -y -qq make automake qemu-utils python-pip coreutils moreutils bc sudo pip install yamllint -else +else echo "Linux distribution not supported" fi + +clone_tests_repo bash "${cidir}/static-checks.sh" +# yq needed to correctly parse runtime/versions.yaml +make -C ${tests_repo_dir} install-yq + diff --git a/rootfs-builder/alpine/Dockerfile.in b/rootfs-builder/alpine/Dockerfile.in index 5208043d1..94752399b 100644 --- a/rootfs-builder/alpine/Dockerfile.in +++ b/rootfs-builder/alpine/Dockerfile.in @@ -5,4 +5,14 @@ From golang:@GO_VERSION@-alpine -RUN apk update && apk add git make bash gcc musl-dev linux-headers apk-tools-static libseccomp libseccomp-dev +RUN apk update && apk add \ + git \ + make \ + bash \ + gcc \ + musl-dev \ + linux-headers \ + apk-tools-static \ + libseccomp \ + libseccomp-dev \ + curl diff --git a/rootfs-builder/centos/Dockerfile.in b/rootfs-builder/centos/Dockerfile.in index 4e89be128..26026374f 100644 --- a/rootfs-builder/centos/Dockerfile.in +++ b/rootfs-builder/centos/Dockerfile.in @@ -7,7 +7,15 @@ From centos:@OS_VERSION@ @SET_PROXY@ -RUN yum -y update && yum install -y git make gcc coreutils libseccomp libseccomp-devel chrony +RUN yum -y update && yum install -y \ +git \ +make \ +gcc \ +coreutils \ +libseccomp \ +libseccomp-devel \ +chrony \ +curl # This will install the proper golang to build Kata components @INSTALL_GO@ diff --git a/rootfs-builder/clearlinux/Dockerfile.in b/rootfs-builder/clearlinux/Dockerfile.in index ff5164b79..5dbdca74a 100644 --- a/rootfs-builder/clearlinux/Dockerfile.in +++ b/rootfs-builder/clearlinux/Dockerfile.in @@ -7,7 +7,16 @@ From fedora:27 @SET_PROXY@ -RUN dnf -y update && dnf install -y git systemd pkgconfig gcc coreutils libseccomp libseccomp-devel chrony +RUN dnf -y update && dnf install -y \ +git \ +systemd \ +pkgconfig \ +gcc \ +coreutils \ +libseccomp \ +libseccomp-devel \ +chrony \ +curl # This will install the proper golang to build Kata components @INSTALL_GO@ diff --git a/rootfs-builder/euleros/Dockerfile.in b/rootfs-builder/euleros/Dockerfile.in index 4ff79ba28..285d66293 100644 --- a/rootfs-builder/euleros/Dockerfile.in +++ b/rootfs-builder/euleros/Dockerfile.in @@ -7,7 +7,14 @@ FROM euleros:@OS_VERSION@ @SET_PROXY@ -RUN yum -y update && yum install -y yum git make gcc coreutils chrony +RUN yum -y update && yum install -y \ +yum \ +git \ +make \ +gcc \ +coreutils \ +chrony \ +curl # This will install the proper golang to build Kata components @INSTALL_GO@ diff --git a/rootfs-builder/fedora/Dockerfile.in b/rootfs-builder/fedora/Dockerfile.in index 19e10adde..0cd349246 100644 --- a/rootfs-builder/fedora/Dockerfile.in +++ b/rootfs-builder/fedora/Dockerfile.in @@ -7,7 +7,17 @@ From fedora:@OS_VERSION@ @SET_PROXY@ -RUN dnf -y update && dnf install -y git redhat-release systemd pkgconfig gcc make libseccomp libseccomp-devel chrony +RUN dnf -y update && dnf install -y \ +git \ +redhat-release \ +systemd \ +pkgconfig \ +gcc \ +make \ +libseccomp \ +libseccomp-devel \ +chrony \ +curl # This will install the proper golang to build Kata components @INSTALL_GO@ diff --git a/rootfs-builder/rootfs.sh b/rootfs-builder/rootfs.sh index 7e8baa693..55c41e8b8 100755 --- a/rootfs-builder/rootfs.sh +++ b/rootfs-builder/rootfs.sh @@ -17,6 +17,7 @@ AGENT_INIT=${AGENT_INIT:-no} KERNEL_MODULES_DIR=${KERNEL_MODULES_DIR:-""} OSBUILDER_VERSION="unknown" DOCKER_RUNTIME=${DOCKER_RUNTIME:-runc} +GO_VERSION= export GOPATH=${GOPATH:-${HOME}/go} lib_file="${script_dir}/../scripts/lib.sh" @@ -25,9 +26,6 @@ source "$lib_file" # Default architecture ARCH=$(uname -m) -# Load default versions for golang and other componets -source "${script_dir}/versions.txt" - # distro-specific config file typeset -r CONFIG_SH="config.sh" @@ -247,6 +245,18 @@ error_handler() fi } +detect_go_version() +{ + typeset -r yq=$(command -v yq || command -v ${GOPATH}/bin/yq) + [ -z "$yq" ] && die "'yq' application not found (needed to parsing minimum Go version required)" + + typeset -r runtimeVersion="${AGENT_VERSION:-master}" + typeset -r runtimeVersionsURL="https://raw.githubusercontent.com/kata-containers/runtime/${runtimeVersion}/versions.yaml" + + GO_VERSION=$(curl -sSL "${runtimeVersionsURL}" | $yq r - languages.golang.version) + info "Detected Go version: $GO_VERSION" +} + while getopts a:hlo:r:t: opt do case $opt in @@ -311,6 +321,8 @@ fi mkdir -p ${ROOTFS_DIR} +detect_go_version + if [ -n "${USE_DOCKER}" ] ; then image_name="${distro}-rootfs-osbuilder" diff --git a/rootfs-builder/versions.txt b/rootfs-builder/versions.txt deleted file mode 100644 index a686225cc..000000000 --- a/rootfs-builder/versions.txt +++ /dev/null @@ -1 +0,0 @@ -GO_VERSION=1.11.1 From e770e2ad1bbc41f38aa9397989698ec29a065cc0 Mon Sep 17 00:00:00 2001 From: Marco Vedovati Date: Fri, 17 May 2019 19:42:12 +0200 Subject: [PATCH 212/307] rootfs: enforce minimum Go version when building locally When building locally (without Docker), the Go version installed on the system, needed to build the agent, must satisfy the minimum Go version requirement specified in runtime/versions.yaml. Signed-off-by: Marco Vedovati --- rootfs-builder/rootfs.sh | 56 +++++++++++++++++++++++++++++++++++----- 1 file changed, 50 insertions(+), 6 deletions(-) diff --git a/rootfs-builder/rootfs.sh b/rootfs-builder/rootfs.sh index 55c41e8b8..fa8c68a68 100755 --- a/rootfs-builder/rootfs.sh +++ b/rootfs-builder/rootfs.sh @@ -250,11 +250,46 @@ detect_go_version() typeset -r yq=$(command -v yq || command -v ${GOPATH}/bin/yq) [ -z "$yq" ] && die "'yq' application not found (needed to parsing minimum Go version required)" - typeset -r runtimeVersion="${AGENT_VERSION:-master}" - typeset -r runtimeVersionsURL="https://raw.githubusercontent.com/kata-containers/runtime/${runtimeVersion}/versions.yaml" + local runtimeRevision= - GO_VERSION=$(curl -sSL "${runtimeVersionsURL}" | $yq r - languages.golang.version) - info "Detected Go version: $GO_VERSION" + if [ "${AGENT_VERSION:-master}" == "master" ]; then + # This matches both AGENT_VERSION == "" and AGENT_VERSION == "master" + runtimeRevision="master" + else + # Detect runtime revision by fetching the agent's VERSION file + runtimeRevision="$(curl -fsSL https://raw.githubusercontent.com/kata-containers/agent/${AGENT_VERSION:-master}/VERSION)" + [ -z "$runtimeRevision" ] && die "Could not detect the agent version for the given AGENT_VERSION='${AGENT_VERSION:-master}'" + fi + + typeset -r runtimeVersionsURL="https://raw.githubusercontent.com/kata-containers/runtime/${runtimeRevision}/versions.yaml" + GO_VERSION="$(curl -fsSL "$runtimeVersionsURL" | $yq r - "languages.golang.version")" + + [ "$?" == "0" ] && [ "$GO_VERSION" != "null" ] +} + +# Compares two SEMVER-style versions passed as arguments, up to the MINOR version +# number. +# Returns a zero exit code if the version specified by the first argument is +# older OR equal than / to the version in the second argument, non-zero exit +# code otherwise. +compare_versions() +{ + typeset -i -a v1=($(echo "$1" | awk 'BEGIN {FS = "."} {print $1" "$2}')) + typeset -i -a v2=($(echo "$2" | awk 'BEGIN {FS = "."} {print $1" "$2}')) + + # Sanity check: first version can't be all zero + [ "${v1[0]}" -eq "0" ] && \ + [ "${v1[1]}" -eq "0" ] && \ + die "Failed to parse version number" + + # Major + [ "${v1[0]}" -gt "${v2[0]}" ] && { false; return; } + + # Minor + [ "${v1[0]}" -eq "${v2[0]}" ] && \ + [ "${v1[1]}" -gt "${v2[1]}" ] && { false; return; } + + true } while getopts a:hlo:r:t: opt @@ -321,9 +356,18 @@ fi mkdir -p ${ROOTFS_DIR} -detect_go_version +detect_go_version || + die "Could not detect the required Go version for AGENT_VERSION='${AGENT_VERSION:-master}'." -if [ -n "${USE_DOCKER}" ] ; then +echo "Required Go version: $GO_VERSION" + +if [ -z "${USE_DOCKER}" ] ; then + #Generate an error if the local Go version is too old + foundVersion=$(go version | sed -E "s/^.+([0-9]+\.[0-9]+\.[0-9]+).*$/\1/g") + + compare_versions "$GO_VERSION" $foundVersion || \ + die "Your Go version $foundVersion is older than the minimum expected Go version $GO_VERSION" +else image_name="${distro}-rootfs-osbuilder" generate_dockerfile "${distro_config_dir}" From 8c51e4d916cbf5034ee0792325428f71218313b4 Mon Sep 17 00:00:00 2001 From: katacontainersbot Date: Wed, 5 Jun 2019 19:15:58 +0000 Subject: [PATCH 213/307] release: Kata Containers 1.8.0-alpha0 - clear: Add util-linux-bin package to Clearlinux rootfs - tmp: Do not remove tmp.mount unit file from the rootfs - docs: Fix spelling and formatting - image-builder: create /etc/machine-id - rootfs-builder: fix chrony service - rootfs: Don't hardcode alpine version for golang images - image-builder/boot time: remove unneeded systemd units and files adee8b0 clear: Add util-linux-bin package to Clearlinux rootfs 6f294f4 tmp: Do not remove tmp.mount unit file from the rootfs 1453471 docs: Fix spelling and formatting a438d08 image-builder: create /etc/machine-id 456be67 rootfs-builder: fix chrony service d8c5706 rootfs: Don't hardcode alpine version for golang images 02b3b3b image-builder: remove unneeded systemd units and files Signed-off-by: katacontainersbot --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index 57dfe270d..e8d4d074d 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.7.0-rc1 +1.8.0-alpha0 From 3f45d5e17eede892c394f48fbd0cb022f0d6a57e Mon Sep 17 00:00:00 2001 From: katacontainersbot Date: Mon, 10 Jun 2019 20:56:15 +0000 Subject: [PATCH 214/307] release: Kata Containers 1.8.0-alpha1 Version bump no changes Signed-off-by: katacontainersbot --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index e8d4d074d..bc396b014 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.8.0-alpha0 +1.8.0-alpha1 From 7437ce8442965ce545ee75a36aa409eae037dfb2 Mon Sep 17 00:00:00 2001 From: "James O. D. Hunt" Date: Wed, 12 Jun 2019 17:28:17 +0100 Subject: [PATCH 215/307] docs: Fix typo Correct a spelling mistake. Fixes: #309. Signed-off-by: James O. D. Hunt --- tests/README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/README.md b/tests/README.md index bb82e3f94..068ef8301 100644 --- a/tests/README.md +++ b/tests/README.md @@ -3,9 +3,9 @@ ## Run the osbuilder tests -osbuilder provides a test script that creates all images and initrds for all -supported distributions and then tests them to ensure a Kata Container can -be created with each. +osbuilder provides a test script that creates all rootfs disk images and +initrd images for all supported distributions and then tests them to ensure a +Kata Container can be created with each. Before the build phase, the test script installs the Docker container manager and all the Kata components required to run test containers. This step can be From 840778788c56e3bd7feff480658d778d0013003e Mon Sep 17 00:00:00 2001 From: Peng Tao Date: Mon, 17 Jun 2019 16:31:20 +0800 Subject: [PATCH 216/307] release: Kata Containers 1.8.0-alpha2 - docs: Fix typo 7437ce8 docs: Fix typo Signed-off-by: Peng Tao --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index bc396b014..4825ad3c1 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.8.0-alpha1 +1.8.0-alpha2 From cbb8c01412c9c348731c7dae38a1fafa0802dd49 Mon Sep 17 00:00:00 2001 From: Marco Vedovati Date: Tue, 18 Jun 2019 13:25:27 +0200 Subject: [PATCH 217/307] make: add print-% target printing variable value Add a print-% make target, to be able to retrieve the value of make variables. E.g. "make print-MY_MAKE_VAR MY_MAKE_VAR=1" will print "1" Signed-off-by: Marco Vedovati --- Makefile | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/Makefile b/Makefile index a51dd79e8..25fb2770c 100644 --- a/Makefile +++ b/Makefile @@ -125,3 +125,12 @@ install-scripts: .PHONY: clean clean: rm -rf $(DISTRO_ROOTFS_MARKER) $(DISTRO_ROOTFS) $(DISTRO_IMAGE) $(DISTRO_INITRD) + +# Prints the name of the variable passed as suffix to the print- target, +# E.g., if Makefile contains: +# MY_MAKE_VAR := foobar +# Then: +# $ make printf-MY_MAKE_VAR +# Will print "foobar" +print-%: + @echo $($*) From 68f2090babc4f7411ac084728d9885ed1e3e4f5c Mon Sep 17 00:00:00 2001 From: Marco Vedovati Date: Tue, 18 Jun 2019 13:36:03 +0200 Subject: [PATCH 218/307] make: add ability to silent recipe commands with chronic Add the ability to silent recipe commands with chronic. When OSBUILDER_USE_CHRONIC is set, the target recipe command is run using chronic, and the output is muted unless the command fails. Signed-off-by: Marco Vedovati --- Makefile | 44 ++++++++++++++++++++++++++++++-------------- 1 file changed, 30 insertions(+), 14 deletions(-) diff --git a/Makefile b/Makefile index 25fb2770c..58598cf6e 100644 --- a/Makefile +++ b/Makefile @@ -14,7 +14,8 @@ DISTRO ?= centos ROOTFS_BUILD_DEST := $(PWD) IMAGES_BUILD_DEST := $(PWD) DISTRO_ROOTFS := $(ROOTFS_BUILD_DEST)/$(DISTRO)_rootfs -DISTRO_ROOTFS_MARKER := $(ROOTFS_BUILD_DEST)/.$(DISTRO)_rootfs.done +ROOTFS_MARKER_SUFFIX := _rootfs.done +DISTRO_ROOTFS_MARKER := $(ROOTFS_BUILD_DEST)/.$(DISTRO)$(ROOTFS_MARKER_SUFFIX) DISTRO_IMAGE := $(IMAGES_BUILD_DEST)/kata-containers.img DISTRO_INITRD := $(IMAGES_BUILD_DEST)/kata-containers-initrd.img @@ -24,15 +25,34 @@ COMMIT_NO := $(shell git rev-parse HEAD 2> /dev/null || true) COMMIT := $(if $(shell git status --porcelain --untracked-files=no),${COMMIT_NO}-dirty,${COMMIT_NO}) VERSION_COMMIT := $(if $(COMMIT),$(VERSION)-$(COMMIT),$(VERSION)) +# Set the variable to silent logs using chronic +OSBUILDER_USE_CHRONIC := + +# silent_run allows running make recipes using the chronic wrapper, so logs are +# muted if the recipe command succeeds. +# Arguments: +# - Message +# - Command to run +ifeq (,$(OSBUILDER_USE_CHRONIC)) + define silent_run + @echo $(1) + $(2) + endef +else + define silent_run + @echo $(1) with command: $(2) + @chronic $(2) + endef +endif + ################################################################################ -rootfs-%: $(ROOTFS_BUILD_DEST)/.%_rootfs.done +rootfs-%: $(ROOTFS_BUILD_DEST)/.%$(ROOTFS_MARKER_SUFFIX) @ # DONT remove. This is not cancellation rule. -.PRECIOUS: $(ROOTFS_BUILD_DEST)/.%_rootfs.done -$(ROOTFS_BUILD_DEST)/.%_rootfs.done:: rootfs-builder/% - @echo Creating rootfs for "$*" - $(ROOTFS_BUILDER) -o $(VERSION_COMMIT) -r $(ROOTFS_BUILD_DEST)/$*_rootfs $* +.PRECIOUS: $(ROOTFS_BUILD_DEST)/.%$(ROOTFS_MARKER_SUFFIX) +$(ROOTFS_BUILD_DEST)/.%$(ROOTFS_MARKER_SUFFIX):: rootfs-builder/% + $(call silent_run,Creating rootfs for "$*",$(ROOTFS_BUILDER) -o $(VERSION_COMMIT) -r $(ROOTFS_BUILD_DEST)/$*_rootfs $*) touch $@ image-%: $(IMAGES_BUILD_DEST)/kata-containers-image-%.img @@ -40,16 +60,14 @@ image-%: $(IMAGES_BUILD_DEST)/kata-containers-image-%.img .PRECIOUS: $(IMAGES_BUILD_DEST)/kata-containers-image-%.img $(IMAGES_BUILD_DEST)/kata-containers-image-%.img: rootfs-% - @echo Creating image based on $^ - $(IMAGE_BUILDER) -o $@ $(ROOTFS_BUILD_DEST)/$*_rootfs + $(call silent_run,Creating image based on $^,$(IMAGE_BUILDER) -o $@ $(ROOTFS_BUILD_DEST)/$*_rootfs) initrd-%: $(IMAGES_BUILD_DEST)/kata-containers-initrd-%.img @ # DONT remove. This is not cancellation rule. .PRECIOUS: $(IMAGES_BUILD_DEST)/kata-containers-initrd-%.img $(IMAGES_BUILD_DEST)/kata-containers-initrd-%.img: rootfs-% - @echo Creating initrd image for $* - $(INITRD_BUILDER) -o $@ $(ROOTFS_BUILD_DEST)/$*_rootfs + $(call silent_run,Creating initrd image for $*,$(INITRD_BUILDER) -o $@ $(ROOTFS_BUILD_DEST)/$*_rootfs) .PHONY: all all: image initrd @@ -61,15 +79,13 @@ rootfs: $(DISTRO_ROOTFS_MARKER) image: $(DISTRO_IMAGE) $(DISTRO_IMAGE): $(DISTRO_ROOTFS_MARKER) - @echo Creating image based on "$(DISTRO_ROOTFS)" - $(IMAGE_BUILDER) "$(DISTRO_ROOTFS)" + $(call silent_run,Creating image based on "$(DISTRO_ROOTFS)",$(IMAGE_BUILDER) "$(DISTRO_ROOTFS)") .PHONY: initrd initrd: $(DISTRO_INITRD) $(DISTRO_INITRD): $(DISTRO_ROOTFS_MARKER) - @echo Creating initrd image based on "$(DISTRO_ROOTFS)" - $(INITRD_BUILDER) "$(DISTRO_ROOTFS)" + $(call silent_run,Creating initrd image based on "$(DISTRO_ROOTFS)",$(INITRD_BUILDER) "$(DISTRO_ROOTFS)") .PHONY: test test: From acc9c7fe0d5736ada7ade661cc9ba211f1c7a220 Mon Sep 17 00:00:00 2001 From: Marco Vedovati Date: Tue, 18 Jun 2019 13:41:19 +0200 Subject: [PATCH 219/307] tests: identify the distros with build failures Make more obvious what distros failed to build printing out for each distro the success / failure build state. Signed-off-by: Marco Vedovati --- tests/test_images.sh | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/tests/test_images.sh b/tests/test_images.sh index c16558155..af4067325 100755 --- a/tests/test_images.sh +++ b/tests/test_images.sh @@ -203,7 +203,7 @@ die() info() { s="$*" - echo -e "INFO: $s\n" >&2 + echo -en "INFO: $s\n" >&2 } debug() @@ -514,7 +514,21 @@ test_distros() # Check for build failures (`wait` remembers up to CHILD_MAX bg processes exit status) for j in ${bgJobs[@]}; do - wait $j || die "Background build job failed" + if ! wait $j; then + info "Background rootfs build job failed:" + #find completed an uncompleted jobs checking for the rootfs marker + local marker=$(make print-ROOTFS_MARKER_SUFFIX) + [ -z "$marker" ] && die "Invalid rootfs marker" + typeset -a completed=($(find ${tmp_rootfs} -name ".*${marker}" -exec basename {} \; | sed -E "s/\.(.+)${marker}/\1/")) + for d in "${distrosSystemd[@]} ${distrosAgent[@]}"; do + if [[ "${completed[@]}" =~ $d ]]; then + info "- $c : completed" + else + info "- $c : failed" + fi + done + die "rootfs build failed" + fi done # TODO: once support for rootfs images with kata-agent as init is in place, From 25d75e5b1c5d63241ad8d0ddd0dde3b9bdf896a3 Mon Sep 17 00:00:00 2001 From: Marco Vedovati Date: Tue, 18 Jun 2019 13:43:31 +0200 Subject: [PATCH 220/307] tests: reduce the amount of log displayed Reduce the amount of logs displayed when running test. This is achieved calling commands using chronic, and printing extra information about the Kata / Docker configuration only if a test fails to start a container. Fixes: #145 Signed-off-by: Marco Vedovati --- tests/test_images.sh | 55 ++++++++++++++++++++++++++------------------ 1 file changed, 33 insertions(+), 22 deletions(-) diff --git a/tests/test_images.sh b/tests/test_images.sh index af4067325..c833e9c66 100755 --- a/tests/test_images.sh +++ b/tests/test_images.sh @@ -42,6 +42,10 @@ source ${test_config} typeset -A built_images typeset -A built_initrds +# If set, show the reason why a container using the built images/initrds could +# not be started. Needed only after all images/initrd built successfully +typeset -A showKataRunFailure= + usage() { cat <&2 @@ -190,7 +193,7 @@ exit_handler() sudo -E ps -efwww | egrep "docker|kata" >&2 # Restore the default image in config file - chronic $mgr configure-image + silent_run $mgr configure-image } die() @@ -213,6 +216,15 @@ debug() echo -e "DBG: $s" >&2 } +# Run a command in silent mode using chronic. +# The command output is printed only if the command fails +silent_run() +{ + typeset -a commandLine=("$@") + info "running: ${commandLine[@]}" + chronic "${commandLine[@]}" +} + set_runtime() { @@ -268,7 +280,7 @@ setup() [ -n "$cfgRuntime" ] || die "${RUNTIME} is not a configured runtime for docker" [ -x "$cfgRuntime" ] || die "docker ${RUNTIME} is linked to an invalid executable: $cfgRuntime" fi - chronic $mgr enable-debug + silent_run $mgr enable-debug # Ensure "docker build" works set_runtime "${docker_build_runtime}" @@ -352,9 +364,11 @@ install_image_create_container() # Travis doesn't support VT-x [ -n "${TRAVIS:-}" ] && return - chronic $mgr reset-config - chronic $mgr configure-image "$file" + showKataRunFailure=1 + silent_run $mgr reset-config + silent_run $mgr configure-image "$file" create_container + showKataRunFailure= } install_initrd_create_container() @@ -367,9 +381,11 @@ install_initrd_create_container() # Travis doesn't support VT-x [ -n "${TRAVIS:-}" ] && return - chronic $mgr reset-config - chronic $mgr configure-initrd "$file" + showKataRunFailure=1 + silent_run $mgr reset-config + silent_run $mgr configure-initrd "$file" create_container + showKataRunFailure= } # Displays a list of distros which can be tested @@ -403,6 +419,12 @@ call_make() { ((makeJobs=$(nproc) / 2)) fi + # When calling make, do not use the silent_run wrapper, pass the + # OSBUILDER_USE_CHRONIC instead. + # In this way running make in parallel mode will, in case of failure, just + # show the print out of the single target failing. + makeVars+=(OSBUILDER_USE_CHRONIC=1) + info "Starting make with \n\ # of // jobs: ${makeJobs:-[unlimited]} \n\ targets: ${makeTargets[@]} \n\ @@ -437,7 +459,6 @@ show_rootfs_metadata() { [ $# -ne 1 ] && die "show_rootfs_metadata: wrong number of arguments" local rootfs_path=$1 local osbuilder_file_fullpath="${rootfs_path}/${osbuilder_file}" - echo -e "$separator" yamllint "${osbuilder_file_fullpath}" info "osbuilder metadata file for $d:" @@ -458,15 +479,12 @@ test_distros() { local distro="$1" get_distros_config "$distro" - local separator="~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n" local commonMakeVars=( \ USE_DOCKER=true \ ROOTFS_BUILD_DEST="$tmp_rootfs" \ IMAGES_BUILD_DEST="$images_dir" \ DEBUG=1 ) - echo -e "$separator" - # If a distro was specified, filter out the distro list to only include that distro if [ -n "$distro" ]; then pattern="\<$distro\>" @@ -522,9 +540,9 @@ test_distros() typeset -a completed=($(find ${tmp_rootfs} -name ".*${marker}" -exec basename {} \; | sed -E "s/\.(.+)${marker}/\1/")) for d in "${distrosSystemd[@]} ${distrosAgent[@]}"; do if [[ "${completed[@]}" =~ $d ]]; then - info "- $c : completed" + info "- $d : completed" else - info "- $c : failed" + info "- $d : failed" fi done die "rootfs build failed" @@ -547,12 +565,10 @@ test_distros() fi show_rootfs_metadata "$rootfs_path" - echo -e "$separator" info "Making rootfs image for ${d}" make_image ${commonMakeVars[@]} $d local image_size=$(stat -c "%s" "${image_path}") - echo -e "$separator" built_images["${d}"]="${rootfs_size}:${image_size}" info "Creating container for ${d}" install_image_create_container $image_path @@ -572,22 +588,17 @@ test_distros() if [ "$KATA_HYPERVISOR" != "firecracker" ]; then - echo -e "$separator" info "Making initrd image for ${d}" make_initrd ${commonMakeVars[@]} AGENT_INIT=yes $d local initrd_size=$(stat -c "%s" "${initrd_path}") - echo -e "$separator" built_initrds["${d}"]="${rootfs_size}:${initrd_size}" info "Creating container for ${d}" install_initrd_create_container $initrd_path fi done - echo -e "$separator" show_stats - - echo -e "$separator" } main() From cc5df055bcdf8950f04ece6b4772d980a322e727 Mon Sep 17 00:00:00 2001 From: Marco Vedovati Date: Tue, 18 Jun 2019 15:19:22 +0200 Subject: [PATCH 221/307] travis: do not set -x when running test Do not `set -x` when running tests with Travis: tests are alreadyu doing it, and with chronic logs are shown only if the commands executed fails. Signed-off-by: Marco Vedovati --- .ci/run.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.ci/run.sh b/.ci/run.sh index ed87a4edf..fb0b70e07 100755 --- a/.ci/run.sh +++ b/.ci/run.sh @@ -12,4 +12,4 @@ export GOPATH="${GOPATH:-/tmp/go}" script_dir="$(dirname $(readlink -f $0))" -sudo -E PATH="$PATH" bash -x "${script_dir}/../tests/test_images.sh" +sudo -E PATH="$PATH" bash "${script_dir}/../tests/test_images.sh" From add0d445e82e3c4600fd48360e221b74f357e941 Mon Sep 17 00:00:00 2001 From: "Yang, Wei" Date: Wed, 19 Jun 2019 16:09:47 +0800 Subject: [PATCH 222/307] rootfs: configure chronyc service with makestep The current chrony service does not step the system clock, so add the modification to do this if the adjustment is larger than one second Fixes: #316 Signed-off-by: Yang, Wei --- rootfs-builder/rootfs.sh | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/rootfs-builder/rootfs.sh b/rootfs-builder/rootfs.sh index 7e8baa693..ebe2b710f 100755 --- a/rootfs-builder/rootfs.sh +++ b/rootfs-builder/rootfs.sh @@ -395,7 +395,12 @@ if [ ${distro} == ubuntu ] || [ ${distro} == debian ] ; then fi info "Configure chrony file ${chrony_conf_file}" -echo "refclock PHC /dev/ptp0 poll 3 dpoll -2 offset 0" >> ${chrony_conf_file} +cat >> "${chrony_conf_file}" < Date: Thu, 20 Jun 2019 13:49:18 +0200 Subject: [PATCH 223/307] rootfs: install systemd tmp.mount if needed On some distros (Debian, Ubuntu, openSUSE), tmp.mount is not installed by default in /[etc|usr/lib]/systemd/system, but just in /usr/shared/systemd, so it needs to be manually copied there to have /tmp mounted as tmpfs. Fixes: #317 Signed-off-by: Marco Vedovati --- rootfs-builder/rootfs.sh | 9 +++++++++ rootfs-builder/ubuntu/rootfs_lib.sh | 12 ++++++------ 2 files changed, 15 insertions(+), 6 deletions(-) diff --git a/rootfs-builder/rootfs.sh b/rootfs-builder/rootfs.sh index 7e8baa693..d02a73c37 100755 --- a/rootfs-builder/rootfs.sh +++ b/rootfs-builder/rootfs.sh @@ -385,6 +385,15 @@ fi info "Create symlink to /tmp in /var to create private temporal directories with systemd" rm -rf ./var/tmp ln -s ../tmp ./var/ + +# For some distros tmp.mount may not be installed by default in systemd paths +if ! [ -f "./etc/systemd/system/tmp.mount" ] && \ + ! [ -f "./usr/lib/systemd/system/tmp.mount" ] && + [ "$AGENT_INIT" != "yes" ]; then + info "Install tmp.mount in ./etc/systemd/system" + cp ./usr/share/systemd/tmp.mount ./etc/systemd/system/tmp.mount +fi + popd >> /dev/null [ -n "${KERNEL_MODULES_DIR}" ] && copy_kernel_modules ${KERNEL_MODULES_DIR} ${ROOTFS_DIR} diff --git a/rootfs-builder/ubuntu/rootfs_lib.sh b/rootfs-builder/ubuntu/rootfs_lib.sh index 00a7faf67..a012a5cc4 100644 --- a/rootfs-builder/ubuntu/rootfs_lib.sh +++ b/rootfs-builder/ubuntu/rootfs_lib.sh @@ -13,12 +13,12 @@ # # BIN_AGENT: Name of the Kata-Agent binary # -# REPO_URL: URL to distribution repository ( should be configured in +# REPO_URL: URL to distribution repository ( should be configured in # config.sh file) # -# Any other configuration variable for a specific distro must be added +# Any other configuration variable for a specific distro must be added # and documented on its own config.sh -# +# # - Expected result # # rootfs_dir populated with rootfs pkgs @@ -65,19 +65,19 @@ build_rootfs() { # This is done to maintain consistency PACKAGES=$(echo $PACKAGES | sed -e 's/ /,/g' ) EXTRA_PKGS=$(echo $EXTRA_PKGS | sed -e 's/ /,/g' ) - + # extra packages are added to packages and finally passed to debootstrap if [ "${EXTRA_PKGS}" = "" ]; then echo "no extra packages" else PACKAGES="${PACKAGES},${EXTRA_PKGS}" fi - + ${PKG_MANAGER} --variant=minbase \ --arch=${ARCHITECTURE}\ --include="$PACKAGES" \ ${OS_NAME} \ - ${ROOTFS_DIR} + ${ROOTFS_DIR} chroot $ROOTFS_DIR ln -s /lib/systemd/systemd /usr/lib/systemd/systemd } From d2e80f54b13ac244fcac557b83a7491698b9f3f6 Mon Sep 17 00:00:00 2001 From: Archana Shinde Date: Mon, 25 Mar 2019 13:49:54 -0700 Subject: [PATCH 224/307] chrony: Configure chrony to start only when /dev/ptp0 exists. Hypercall to implement virtual PTP was introduced in kernel 4.10 Have chrony run only if the device created by kvm-ptp exists. Add this as a ConditionExists in the systemd service file. This service if named as chrony.service in deb based distributions rather than chronyd.service, although a systemd alias exists. However it is not possible to come up with a generic `PATH` systemd unit relying on the alias. Fixes #308 Signed-off-by: Archana Shinde --- rootfs-builder/rootfs.sh | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/rootfs-builder/rootfs.sh b/rootfs-builder/rootfs.sh index d02a73c37..bd875e15e 100755 --- a/rootfs-builder/rootfs.sh +++ b/rootfs-builder/rootfs.sh @@ -410,6 +410,15 @@ echo "refclock PHC /dev/ptp0 poll 3 dpoll -2 offset 0" >> ${chrony_conf_file} # Reference: https://chrony.tuxfamily.org/doc/3.4/chrony.conf.html sed -i 's/^\(server \|pool \|peer \)/# &/g' ${chrony_conf_file} +chrony_systemd_service="${ROOTFS_DIR}/usr/lib/systemd/system/chronyd.service" +if [ ${distro} == ubuntu ] || [ ${distro} == debian ] ; then + chrony_systemd_service="${ROOTFS_DIR}/lib/systemd/system/chrony.service" +fi + +if [ -f "$chrony_systemd_service" ]; then + sed -i '/^\[Unit\]/a ConditionPathExists=\/dev\/ptp0' ${chrony_systemd_service} +fi + # The CC on s390x for fedora needs to be manually set to gcc when the golang is downloaded from the main page. # See issue: https://github.com/kata-containers/osbuilder/issues/217 [ "$distro" == fedora ] && [ "$ARCH" == "s390x" ] && export CC=gcc From 7dc15c28f8468a6d3453b20e8f64442cbc5da93a Mon Sep 17 00:00:00 2001 From: Penny Zheng Date: Mon, 24 Jun 2019 15:51:01 +0800 Subject: [PATCH 225/307] rootfs-builder: exclude unsupported archs from clearlinux For clearlinux, for now, it is only designed for amd64. Fixes: #320 Signed-off-by: Penny Zheng --- rootfs-builder/clearlinux/config.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rootfs-builder/clearlinux/config.sh b/rootfs-builder/clearlinux/config.sh index 25da8e030..7b3b95426 100644 --- a/rootfs-builder/clearlinux/config.sh +++ b/rootfs-builder/clearlinux/config.sh @@ -26,6 +26,6 @@ PACKAGES="util-linux-bin iptables-bin libudev0-shim chrony" INIT_PROCESS=systemd # List of zero or more architectures to exclude from build, # as reported by `uname -m` -ARCH_EXCLUDE_LIST=(ppc64le) +ARCH_EXCLUDE_LIST=( aarch64 ppc64le s390x ) [ "$SECCOMP" = "yes" ] && PACKAGES+=" libseccomp" || true From 5a5ffa4493962552fff3c2701095a3a77c4ca04e Mon Sep 17 00:00:00 2001 From: Penny Zheng Date: Mon, 24 Jun 2019 16:01:40 +0800 Subject: [PATCH 226/307] rootfs-builder: exclude unsupported archs from euleros For euleros, it has supported aarch64 starting from v2.3, but here is the sad part, there existed bugs in their 2.3.x image, this bug existed in both x86_64 and aarch64 image. related issue euleros/euleros-docker-images/#13 (https://github.com/euleros/euleros-docker-images/issues/13) has been raised. Fixes: #320 Signed-off-by: Penny Zheng --- rootfs-builder/euleros/config.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rootfs-builder/euleros/config.sh b/rootfs-builder/euleros/config.sh index 3d5762fb3..d522e844b 100644 --- a/rootfs-builder/euleros/config.sh +++ b/rootfs-builder/euleros/config.sh @@ -21,7 +21,7 @@ PACKAGES="iptables chrony" INIT_PROCESS=systemd # List of zero or more architectures to exclude from build, # as reported by `uname -m` -ARCH_EXCLUDE_LIST=() +ARCH_EXCLUDE_LIST=( aarch64 ppc64le s390x ) # Allow the build to fail without generating an error. # For more info see: https://github.com/kata-containers/osbuilder/issues/190 BUILD_CAN_FAIL=1 From b199ae01b42a94d03d5405f239b352717d24a7bc Mon Sep 17 00:00:00 2001 From: katacontainersbot Date: Mon, 1 Jul 2019 19:37:39 +0000 Subject: [PATCH 227/307] release: Kata Containers 1.8.0-rc0 - rootfs: configure chronyc service with makestep - agent: detect required Go version from versions.yaml - rootfs-builder: exclude unsupported archs from euleros and clearlinux - tests: reduce the amount of log displayed - chrony: Configure chrony to start only when /dev/ptp0 exists. - rootfs: install systemd tmp.mount if needed 5a5ffa4 rootfs-builder: exclude unsupported archs from euleros 7dc15c2 rootfs-builder: exclude unsupported archs from clearlinux d2e80f5 chrony: Configure chrony to start only when /dev/ptp0 exists. 6969c7f rootfs: install systemd tmp.mount if needed add0d44 rootfs: configure chronyc service with makestep cc5df05 travis: do not set -x when running test 25d75e5 tests: reduce the amount of log displayed acc9c7f tests: identify the distros with build failures 68f2090 make: add ability to silent recipe commands with chronic cbb8c01 make: add print-% target printing variable value e770e2a rootfs: enforce minimum Go version when building locally 92b42c7 agent: detect required Go version from versions.yaml Signed-off-by: katacontainersbot --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index 4825ad3c1..8fea7f729 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.8.0-alpha2 +1.8.0-rc0 From 27dddf0a25a3b6b223bfc3ce30ba943daca31d45 Mon Sep 17 00:00:00 2001 From: Archana Shinde Date: Tue, 2 Jul 2019 12:02:54 -0700 Subject: [PATCH 228/307] rootfs: Make sure etc exists. We are seeing sporadic failures in the rootfs creation as listed here: https://github.com/kata-containers/tests/issues/1744 While this cannot be reproduced locally, there is no reason for the failure to write to $ROOTFS_DIR/etc/chrony.conf unless the upper directories are missing as this file should be created if it did not exist earier. So just create the etc directory to test out if we see these sporadic failures in the CI. Fixes #328 Signed-off-by: Archana Shinde --- rootfs-builder/rootfs.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/rootfs-builder/rootfs.sh b/rootfs-builder/rootfs.sh index 2006fb242..061e23ac6 100755 --- a/rootfs-builder/rootfs.sh +++ b/rootfs-builder/rootfs.sh @@ -459,6 +459,9 @@ if [ ${distro} == ubuntu ] || [ ${distro} == debian ] ; then chrony_conf_file="${ROOTFS_DIR}/etc/chrony/chrony.conf" fi +info "Create ${ROOTFS_DIR}/etc" +mkdir -p "${ROOTFS_DIR}/etc" + info "Configure chrony file ${chrony_conf_file}" cat >> "${chrony_conf_file}" < Date: Tue, 2 Jul 2019 13:34:10 -0500 Subject: [PATCH 229/307] rootfs: fix golang version detection When the rootfs creation is used for PRs there is not a match with a kata runtime version, in this case lets clone the runtime repository and checkout to the kata branch target. If is already cloned this mean this was set by depens-on script or the user. Fixes: #326 Signed-off-by: Jose Carlos Venegas Munoz --- rootfs-builder/rootfs.sh | 62 ++++++++++++++++++++++++++++++++-------- 1 file changed, 50 insertions(+), 12 deletions(-) diff --git a/rootfs-builder/rootfs.sh b/rootfs-builder/rootfs.sh index 2006fb242..281360604 100755 --- a/rootfs-builder/rootfs.sh +++ b/rootfs-builder/rootfs.sh @@ -4,7 +4,9 @@ # # SPDX-License-Identifier: Apache-2.0 -set -e +set -o errexit +set -o pipefail +set -o errtrace [ -n "$DEBUG" ] && set -x @@ -12,17 +14,31 @@ script_name="${0##*/}" script_dir="$(dirname $(readlink -f $0))" AGENT_VERSION=${AGENT_VERSION:-} GO_AGENT_PKG=${GO_AGENT_PKG:-github.com/kata-containers/agent} +GO_RUNTIME_PKG=${GO_RUNTIME_PKG:-github.com/kata-containers/runtime} AGENT_BIN=${AGENT_BIN:-kata-agent} AGENT_INIT=${AGENT_INIT:-no} KERNEL_MODULES_DIR=${KERNEL_MODULES_DIR:-""} OSBUILDER_VERSION="unknown" DOCKER_RUNTIME=${DOCKER_RUNTIME:-runc} -GO_VERSION= +GO_VERSION="null" +#https://github.com/kata-containers/tests/blob/master/.ci/jenkins_job_build.sh +# Give preference to variable set by CI +KATA_BRANCH=${branch:-} +KATA_BRANCH=${KATA_BRANCH:-master} export GOPATH=${GOPATH:-${HOME}/go} lib_file="${script_dir}/../scripts/lib.sh" source "$lib_file" +handle_error() { + local exit_code="${?}" + local line_number="${1:-}" + echo "Failed at $line_number: ${BASH_COMMAND}" + exit "${exit_code}" + +} +trap 'handle_error $LINENO' ERR + # Default architecture ARCH=$(uname -m) @@ -247,22 +263,44 @@ error_handler() detect_go_version() { + info "Detecting agent go version" typeset -r yq=$(command -v yq || command -v ${GOPATH}/bin/yq) [ -z "$yq" ] && die "'yq' application not found (needed to parsing minimum Go version required)" - local runtimeRevision= + local runtimeRevision="" - if [ "${AGENT_VERSION:-master}" == "master" ]; then - # This matches both AGENT_VERSION == "" and AGENT_VERSION == "master" - runtimeRevision="master" - else - # Detect runtime revision by fetching the agent's VERSION file - runtimeRevision="$(curl -fsSL https://raw.githubusercontent.com/kata-containers/agent/${AGENT_VERSION:-master}/VERSION)" - [ -z "$runtimeRevision" ] && die "Could not detect the agent version for the given AGENT_VERSION='${AGENT_VERSION:-master}'" + # Detect runtime revision by fetching the agent's VERSION file + local runtime_version_url="https://raw.githubusercontent.com/kata-containers/agent/${AGENT_VERSION:-master}/VERSION" + info "Detecting runtime version using ${runtime_version_url}" + + if runtimeRevision="$(curl -fsSL ${runtime_version_url})"; then + [ -n "${runtimeRevision}" ] || die "failed to get agent version" + typeset -r runtimeVersionsURL="https://raw.githubusercontent.com/kata-containers/runtime/${runtimeRevision}/versions.yaml" + info "Getting golang version from ${runtimeVersionsURL}" + # This may fail if we are a kata bump. + if GO_VERSION="$(curl -fsSL "$runtimeVersionsURL" | $yq r - "languages.golang.version")"; then + [ "$GO_VERSION" != "null" ] + return 0 + fi fi - typeset -r runtimeVersionsURL="https://raw.githubusercontent.com/kata-containers/runtime/${runtimeRevision}/versions.yaml" - GO_VERSION="$(curl -fsSL "$runtimeVersionsURL" | $yq r - "languages.golang.version")" + info "Agent version has not match with a runtime version, assumming it is a PR" + local kata_runtime_pkg_dir="${GOPATH}/src/${GO_RUNTIME_PKG}" + if [ ! -d "${kata_runtime_pkg_dir}" ];then + info "There is not runtime repository in filesystem (${kata_runtime_pkg_dir})" + local runtime_versions_url="https://raw.githubusercontent.com/kata-containers/runtime/${KATA_BRANCH}/versions.yaml" + info "Get versions file from ${runtime_versions_url}" + GO_VERSION="$(curl -fsSL "${runtime_versions_url}" | $yq r - "languages.golang.version")" + if [ "$?" == "0" ] && [ "$GO_VERSION" != "null" ]; then + return 0 + fi + + return 1 + fi + + local kata_versions_file="${kata_runtime_pkg_dir}/versions.yaml" + info "Get Go version from ${kata_versions_file}" + GO_VERSION="$(cat "${kata_versions_file}" | $yq r - "languages.golang.version")" [ "$?" == "0" ] && [ "$GO_VERSION" != "null" ] } From 39370c2aea6973acfc98a172b7ee084d0ea58afd Mon Sep 17 00:00:00 2001 From: Marco Vedovati Date: Wed, 12 Jun 2019 18:54:55 +0200 Subject: [PATCH 230/307] rootfs-builder: support provisioning existing rootfs Add the use case of provisioning an existing rootfs directory with the components / configurations needed to generate a Kata compatible images. This supports use cases such as using a rootfs built outside of osbuilder, and providing a overlay for dracut built initrds. Signed-off-by: Marco Vedovati --- rootfs-builder/README.md | 45 ++-- rootfs-builder/rootfs.sh | 432 ++++++++++++++++++++++----------------- 2 files changed, 273 insertions(+), 204 deletions(-) diff --git a/rootfs-builder/README.md b/rootfs-builder/README.md index 861a48007..1218db010 100644 --- a/rootfs-builder/README.md +++ b/rootfs-builder/README.md @@ -1,13 +1,17 @@ -* [Supported base OSs](#supported-base-oss) -* [Rootfs requirements](#rootfs-requirements) -* [Creating a rootfs](#creating-a-rootfs) -* [Creating a rootfs with kernel modules](#creating-a-rootfs-with-kernel-modules) -* [Build a rootfs using Docker](#build-a-rootfs-using-docker) -* [Adding support for a new guest OS](#adding-support-for-a-new-guest-os) - * [Create template files](#create-template-files) - * [Modify template files](#modify-template-files) - * [Expected rootfs directory content](#expected-rootfs-directory-content) - * [Optional - Customise the rootfs](#optional---customise-the-rootfs) +* [Building a Guest OS rootfs for Kata Containers](#building-a-guest-os-rootfs-for-kata-containers) + * [Supported base OSs](#supported-base-oss) + * [Extra features](#extra-features) + * [Supported distributions list](#supported-distributions-list) + * [Generate Kata specific files](#generate-kata-specific-files) + * [Rootfs requirements](#rootfs-requirements) + * [Creating a rootfs](#creating-a-rootfs) + * [Creating a rootfs with kernel modules](#creating-a-rootfs-with-kernel-modules) + * [Build a rootfs using Docker](#build-a-rootfs-using-docker) + * [Adding support for a new guest OS](#adding-support-for-a-new-guest-os) + * [Create template files](#create-template-files) + * [Modify template files](#modify-template-files) + * [Expected rootfs directory content](#expected-rootfs-directory-content) + * [Optional - Customise the rootfs](#optional---customise-the-rootfs) * [Adding extra packages](#adding-extra-packages) * [Arbitrary rootfs changes](#arbitrary-rootfs-changes) @@ -21,10 +25,25 @@ The `rootfs.sh` script builds a rootfs based on a particular Linux\* distribution. The script supports multiple distributions and can be extended to add further ones. -To list the supported distributions, run: - +### Extra features +#### Supported distributions list +Supported distributions can be listed with: ``` -$ ./rootfs.sh -h +$ ./rootfs.sh -l +``` + +#### Generate Kata specific files +`rootfs.sh` can be used to only populate a target directory with the set of Kata +specific files and components integrable into a generic Linux rootfs to generate +a Kata guest OS image. +This feature can be used when creating a rootfs with a distribution not officially +supported by osbuilder. +It is also used when building the rootfs using the 'dracut' build method. + +To obtain this, simply invoke `rootfs.sh` without specifying a target rootfs, e.g.: +``` +mkdir kata-overlay +./rootfs.sh -r `pwd`/kata-overlay ``` ## Rootfs requirements diff --git a/rootfs-builder/rootfs.sh b/rootfs-builder/rootfs.sh index 6f5d68450..7705e0d60 100755 --- a/rootfs-builder/rootfs.sh +++ b/rootfs-builder/rootfs.sh @@ -52,18 +52,31 @@ typeset -r CONFIG_ARCH_SH="config_${ARCH}.sh" # build_rootfs() function. typeset -r LIB_SH="rootfs_lib.sh" +# rootfs distro name specified by the user +typeset distro= + +# Absolute path to the rootfs root folder +typeset ROOTFS_DIR + +# Absolute path in the rootfs to the "init" executable / symlink. +# Typically something like "${ROOTFS_DIR}/init +typeset init= + #$1: Error code if want to exit different to 0 usage() { error="${1:-0}" cat < +Usage: ${script_name} [options] [DISTRO] -Build a rootfs based on OS, to be included in a Kata Containers -image. +Build and setup a rootfs directory based on DISTRO OS, used to create +Kata Containers images or initramfs. -Supported values: +When no DISTRO is provided, an existing base rootfs at ROOTFS_DIR is provisioned +with the Kata specific components and configuration. + +Supported DISTRO values: $(get_distros | tr "\n" " ") Options: @@ -75,7 +88,7 @@ Options: yaml description. -r Specify the rootfs base directory. Overrides the ROOTFS_DIR environment variable. - -t Print the test configuration for and exit + -t DISTRO Print the test configuration for DISTRO and exit immediately. Environment Variables: @@ -100,7 +113,7 @@ DISTRO_REPO Use host repositories to install guest packages. GO_AGENT_PKG URL of the Git repository hosting the agent package. Default value: ${GO_AGENT_PKG} -GRACEFUL_EXIT If set, and if the configuration specifies a +GRACEFUL_EXIT If set, and if the DISTRO configuration specifies a non-empty BUILD_CAN_FAIL variable, do not return with an error code in case any of the build step fails. This is used when running CI jobs, to tolerate failures for @@ -112,7 +125,7 @@ KERNEL_MODULES_DIR Path to a directory containing kernel modules to include in Default value: ROOTFS_DIR Path to the directory that is populated with the rootfs. - Default value: <${script_name} path>/rootfs- + Default value: <${script_name} path>/rootfs- USE_DOCKER If set, build the rootfs inside a container (requires Docker). @@ -137,7 +150,9 @@ get_distros() { } get_test_config() { - local distro="$1" + local -r distro="$1" + [ -z "$distro" ] && die "No distro name specified" + local config="${script_dir}/${distro}/config.sh" source ${config} @@ -330,229 +345,264 @@ compare_versions() true } -while getopts a:hlo:r:t: opt -do - case $opt in - a) AGENT_VERSION="${OPTARG}" ;; - h) usage ;; - l) get_distros | sort && exit 0;; - o) OSBUILDER_VERSION="${OPTARG}" ;; - r) ROOTFS_DIR="${OPTARG}" ;; - t) get_test_config "${OPTARG}" && exit 0;; - esac -done +check_env_variables() +{ + # Fetch the first element from GOPATH as working directory + # as go get only works against the first item in the GOPATH + [ -z "$GOPATH" ] && die "GOPATH not set" + GOPATH_LOCAL="${GOPATH%%:*}" -shift $(($OPTIND - 1)) + [ "$AGENT_INIT" == "yes" -o "$AGENT_INIT" == "no" ] || die "AGENT_INIT($AGENT_INIT) is invalid (must be yes or no)" -# Fetch the first element from GOPATH as working directory -# as go get only works against the first item in the GOPATH -[ -z "$GOPATH" ] && die "GOPATH not set" -GOPATH_LOCAL="${GOPATH%%:*}" + [ -n "${KERNEL_MODULES_DIR}" ] && [ ! -d "${KERNEL_MODULES_DIR}" ] && die "KERNEL_MODULES_DIR defined but is not an existing directory" -[ "$AGENT_INIT" == "yes" -o "$AGENT_INIT" == "no" ] || die "AGENT_INIT($AGENT_INIT) is invalid (must be yes or no)" + [ -n "${OSBUILDER_VERSION}" ] || die "need osbuilder version" +} -[ -n "${KERNEL_MODULES_DIR}" ] && [ ! -d "${KERNEL_MODULES_DIR}" ] && die "KERNEL_MODULES_DIR defined but is not an existing directory" +# Builds a rootfs based on the distro name provided as argument +build_rootfs_distro() +{ + [ -n "${distro}" ] || usage 1 + distro_config_dir="${script_dir}/${distro}" -[ -z "${OSBUILDER_VERSION}" ] && die "need osbuilder version" + # Source config.sh from distro + rootfs_config="${distro_config_dir}/${CONFIG_SH}" + source "${rootfs_config}" -distro="$1" + # Source arch-specific config file + rootfs_arch_config="${distro_config_dir}/${CONFIG_ARCH_SH}" + if [ -f "${rootfs_arch_config}" ]; then + source "${rootfs_arch_config}" + fi -[ -n "${distro}" ] || usage 1 -distro_config_dir="${script_dir}/${distro}" + [ -d "${distro_config_dir}" ] || die "Not found configuration directory ${distro_config_dir}" -# Source config.sh from distro -rootfs_config="${distro_config_dir}/${CONFIG_SH}" -source "${rootfs_config}" + if [ -z "$ROOTFS_DIR" ]; then + ROOTFS_DIR="${script_dir}/rootfs-${OS_NAME}" + fi -# Source arch-specific config file -rootfs_arch_config="${distro_config_dir}/${CONFIG_ARCH_SH}" -if [ -f "${rootfs_arch_config}" ]; then - source "${rootfs_arch_config}" -fi + if [ -e "${distro_config_dir}/${LIB_SH}" ];then + rootfs_lib="${distro_config_dir}/${LIB_SH}" + info "rootfs_lib.sh file found. Loading content" + source "${rootfs_lib}" + fi -[ -d "${distro_config_dir}" ] || die "Not found configuration directory ${distro_config_dir}" + CONFIG_DIR=${distro_config_dir} + check_function_exist "build_rootfs" -if [ -z "$ROOTFS_DIR" ]; then - ROOTFS_DIR="${script_dir}/rootfs-${OS_NAME}" -fi + if [ -z "$INSIDE_CONTAINER" ] ; then + # Capture errors, but only outside of the docker container + trap error_handler ERR + fi -init="${ROOTFS_DIR}/sbin/init" + mkdir -p ${ROOTFS_DIR} -if [ -e "${distro_config_dir}/${LIB_SH}" ];then - rootfs_lib="${distro_config_dir}/${LIB_SH}" - info "rootfs_lib.sh file found. Loading content" - source "${rootfs_lib}" -fi - -CONFIG_DIR=${distro_config_dir} -check_function_exist "build_rootfs" - -if [ -z "$INSIDE_CONTAINER" ] ; then - # Capture errors, but only outside of the docker container - trap error_handler ERR -fi - -mkdir -p ${ROOTFS_DIR} - -detect_go_version || + detect_go_version || die "Could not detect the required Go version for AGENT_VERSION='${AGENT_VERSION:-master}'." -echo "Required Go version: $GO_VERSION" + echo "Required Go version: $GO_VERSION" -if [ -z "${USE_DOCKER}" ] ; then - #Generate an error if the local Go version is too old - foundVersion=$(go version | sed -E "s/^.+([0-9]+\.[0-9]+\.[0-9]+).*$/\1/g") + if [ -z "${USE_DOCKER}" ] ; then + #Generate an error if the local Go version is too old + foundVersion=$(go version | sed -E "s/^.+([0-9]+\.[0-9]+\.[0-9]+).*$/\1/g") - compare_versions "$GO_VERSION" $foundVersion || \ - die "Your Go version $foundVersion is older than the minimum expected Go version $GO_VERSION" -else - image_name="${distro}-rootfs-osbuilder" - - generate_dockerfile "${distro_config_dir}" - docker build \ - --build-arg http_proxy="${http_proxy}" \ - --build-arg https_proxy="${https_proxy}" \ - -t "${image_name}" "${distro_config_dir}" - - # fake mapping if KERNEL_MODULES_DIR is unset - kernel_mod_dir=${KERNEL_MODULES_DIR:-${ROOTFS_DIR}} - - docker_run_args="" - docker_run_args+=" --rm" - docker_run_args+=" --runtime ${DOCKER_RUNTIME}" - - if [ -z "${AGENT_SOURCE_BIN}" ] ; then - docker_run_args+=" --env GO_AGENT_PKG=${GO_AGENT_PKG}" + compare_versions "$GO_VERSION" $foundVersion || \ + die "Your Go version $foundVersion is older than the minimum expected Go version $GO_VERSION" else - docker_run_args+=" --env AGENT_SOURCE_BIN=${AGENT_SOURCE_BIN}" - docker_run_args+=" -v ${AGENT_SOURCE_BIN}:${AGENT_SOURCE_BIN}" + image_name="${distro}-rootfs-osbuilder" + + generate_dockerfile "${distro_config_dir}" + docker build \ + --build-arg http_proxy="${http_proxy}" \ + --build-arg https_proxy="${https_proxy}" \ + -t "${image_name}" "${distro_config_dir}" + + # fake mapping if KERNEL_MODULES_DIR is unset + kernel_mod_dir=${KERNEL_MODULES_DIR:-${ROOTFS_DIR}} + + docker_run_args="" + docker_run_args+=" --rm" + docker_run_args+=" --runtime ${DOCKER_RUNTIME}" + + if [ -z "${AGENT_SOURCE_BIN}" ] ; then + docker_run_args+=" --env GO_AGENT_PKG=${GO_AGENT_PKG}" + else + docker_run_args+=" --env AGENT_SOURCE_BIN=${AGENT_SOURCE_BIN}" + docker_run_args+=" -v ${AGENT_SOURCE_BIN}:${AGENT_SOURCE_BIN}" + fi + + docker_run_args+=" $(docker_extra_args $distro)" + + # Relabel volumes so SELinux allows access (see docker-run(1)) + if command -v selinuxenabled > /dev/null && selinuxenabled ; then + for volume_dir in "${script_dir}" \ + "${ROOTFS_DIR}" \ + "${script_dir}/../scripts" \ + "${kernel_mod_dir}" \ + "${GOPATH_LOCAL}"; do + chcon -Rt svirt_sandbox_file_t "$volume_dir" + done + fi + + #Make sure we use a compatible runtime to build rootfs + # In case Clear Containers Runtime is installed we dont want to hit issue: + #https://github.com/clearcontainers/runtime/issues/828 + docker run \ + --env https_proxy="${https_proxy}" \ + --env http_proxy="${http_proxy}" \ + --env AGENT_VERSION="${AGENT_VERSION}" \ + --env ROOTFS_DIR="/rootfs" \ + --env AGENT_BIN="${AGENT_BIN}" \ + --env AGENT_INIT="${AGENT_INIT}" \ + --env GOPATH="${GOPATH_LOCAL}" \ + --env KERNEL_MODULES_DIR="${KERNEL_MODULES_DIR}" \ + --env EXTRA_PKGS="${EXTRA_PKGS}" \ + --env OSBUILDER_VERSION="${OSBUILDER_VERSION}" \ + --env INSIDE_CONTAINER=1 \ + --env SECCOMP="${SECCOMP}" \ + --env DEBUG="${DEBUG}" \ + -v "${script_dir}":"/osbuilder" \ + -v "${ROOTFS_DIR}":"/rootfs" \ + -v "${script_dir}/../scripts":"/scripts" \ + -v "${kernel_mod_dir}":"${kernel_mod_dir}" \ + -v "${GOPATH_LOCAL}":"${GOPATH_LOCAL}" \ + $docker_run_args \ + ${image_name} \ + bash /osbuilder/rootfs.sh "${distro}" + + exit $? fi - docker_run_args+=" $(docker_extra_args $distro)" + build_rootfs ${ROOTFS_DIR} +} - # Relabel volumes so SELinux allows access (see docker-run(1)) - if command -v selinuxenabled > /dev/null && selinuxenabled ; then - for volume_dir in "${script_dir}" \ - "${ROOTFS_DIR}" \ - "${script_dir}/../scripts" \ - "${kernel_mod_dir}" \ - "${GOPATH_LOCAL}"; do - chcon -Rt svirt_sandbox_file_t "$volume_dir" - done +# Used to create a minimal directory tree where the agent can be instaleld. +# This is used when a distro is not specified. +prepare_overlay() +{ + pushd "${ROOTFS_DIR}" >> /dev/null + mkdir -p ./etc ./lib/systemd ./sbin ./var + ln -sf ./usr/lib/systemd/systemd ./init + ln -sf ../../init ./lib/systemd/systemd + ln -sf ../init ./sbin/init + popd >> /dev/null +} + +# Setup an existing rootfs directory, based on the OPTIONAL distro name +# provided as argument +setup_rootfs() +{ + [ -z "$distro" ] && prepare_overlay + + info "Create symlink to /tmp in /var to create private temporal directories with systemd" + pushd "${ROOTFS_DIR}" >> /dev/null + if [ "$PWD" != "/" ] ; then + rm -rf ./var/cache/ ./var/lib ./var/log ./var/tmp + fi + ln -s ../tmp ./var/ + + # For some distros tmp.mount may not be installed by default in systemd paths + if ! [ -f "./etc/systemd/system/tmp.mount" ] && \ + ! [ -f "./usr/lib/systemd/system/tmp.mount" ] && + [ "$AGENT_INIT" != "yes" ]; then + info "Install tmp.mount in ./etc/systemd/system" + cp ./usr/share/systemd/tmp.mount ./etc/systemd/system/tmp.mount fi - #Make sure we use a compatible runtime to build rootfs - # In case Clear Containers Runtime is installed we dont want to hit issue: - #https://github.com/clearcontainers/runtime/issues/828 - docker run \ - --env https_proxy="${https_proxy}" \ - --env http_proxy="${http_proxy}" \ - --env AGENT_VERSION="${AGENT_VERSION}" \ - --env ROOTFS_DIR="/rootfs" \ - --env AGENT_BIN="${AGENT_BIN}" \ - --env AGENT_INIT="${AGENT_INIT}" \ - --env GOPATH="${GOPATH_LOCAL}" \ - --env KERNEL_MODULES_DIR="${KERNEL_MODULES_DIR}" \ - --env EXTRA_PKGS="${EXTRA_PKGS}" \ - --env OSBUILDER_VERSION="${OSBUILDER_VERSION}" \ - --env INSIDE_CONTAINER=1 \ - --env SECCOMP="${SECCOMP}" \ - --env DEBUG="${DEBUG}" \ - -v "${script_dir}":"/osbuilder" \ - -v "${ROOTFS_DIR}":"/rootfs" \ - -v "${script_dir}/../scripts":"/scripts" \ - -v "${kernel_mod_dir}":"${kernel_mod_dir}" \ - -v "${GOPATH_LOCAL}":"${GOPATH_LOCAL}" \ - $docker_run_args \ - ${image_name} \ - bash /osbuilder/rootfs.sh "${distro}" + popd >> /dev/null - exit $? -fi + [ -n "${KERNEL_MODULES_DIR}" ] && copy_kernel_modules ${KERNEL_MODULES_DIR} ${ROOTFS_DIR} -build_rootfs ${ROOTFS_DIR} -pushd "${ROOTFS_DIR}" >> /dev/null -if [ "$PWD" != "/" ] ; then - rm -rf ./var/cache/ ./var/lib ./var/log -fi + chrony_conf_file="${ROOTFS_DIR}/etc/chrony.conf" + if [ "${distro}" == "ubuntu" ] || [ "${distro}" == "debian" ] ; then + chrony_conf_file="${ROOTFS_DIR}/etc/chrony/chrony.conf" + fi -info "Create symlink to /tmp in /var to create private temporal directories with systemd" -rm -rf ./var/tmp -ln -s ../tmp ./var/ + info "Create ${ROOTFS_DIR}/etc" + mkdir -p "${ROOTFS_DIR}/etc" -# For some distros tmp.mount may not be installed by default in systemd paths -if ! [ -f "./etc/systemd/system/tmp.mount" ] && \ - ! [ -f "./usr/lib/systemd/system/tmp.mount" ] && - [ "$AGENT_INIT" != "yes" ]; then - info "Install tmp.mount in ./etc/systemd/system" - cp ./usr/share/systemd/tmp.mount ./etc/systemd/system/tmp.mount -fi - -popd >> /dev/null - -[ -n "${KERNEL_MODULES_DIR}" ] && copy_kernel_modules ${KERNEL_MODULES_DIR} ${ROOTFS_DIR} - -chrony_conf_file="${ROOTFS_DIR}/etc/chrony.conf" -if [ ${distro} == ubuntu ] || [ ${distro} == debian ] ; then - chrony_conf_file="${ROOTFS_DIR}/etc/chrony/chrony.conf" -fi - -info "Create ${ROOTFS_DIR}/etc" -mkdir -p "${ROOTFS_DIR}/etc" - -info "Configure chrony file ${chrony_conf_file}" -cat >> "${chrony_conf_file}" <> "${chrony_conf_file}" < Date: Wed, 17 Jul 2019 11:06:26 -0500 Subject: [PATCH 231/307] rootfs: upgrade docker images for fedora Use fedora 30 in docker images. Fixes: #331 Signed-off-by: Jose Carlos Venegas Munoz --- rootfs-builder/clearlinux/Dockerfile.in | 14 +++++++------- rootfs-builder/fedora/Dockerfile.in | 14 +++++++------- rootfs-builder/fedora/config.sh | 2 +- 3 files changed, 15 insertions(+), 15 deletions(-) diff --git a/rootfs-builder/clearlinux/Dockerfile.in b/rootfs-builder/clearlinux/Dockerfile.in index 5dbdca74a..5acfe2714 100644 --- a/rootfs-builder/clearlinux/Dockerfile.in +++ b/rootfs-builder/clearlinux/Dockerfile.in @@ -3,20 +3,20 @@ # # SPDX-License-Identifier: Apache-2.0 -From fedora:27 +From fedora:30 @SET_PROXY@ RUN dnf -y update && dnf install -y \ -git \ -systemd \ -pkgconfig \ +chrony \ +curl \ gcc \ -coreutils \ +git \ libseccomp \ libseccomp-devel \ -chrony \ -curl +make \ +pkgconfig \ +systemd # This will install the proper golang to build Kata components @INSTALL_GO@ diff --git a/rootfs-builder/fedora/Dockerfile.in b/rootfs-builder/fedora/Dockerfile.in index 0cd349246..20eca11b4 100644 --- a/rootfs-builder/fedora/Dockerfile.in +++ b/rootfs-builder/fedora/Dockerfile.in @@ -8,16 +8,16 @@ From fedora:@OS_VERSION@ @SET_PROXY@ RUN dnf -y update && dnf install -y \ -git \ -redhat-release \ -systemd \ -pkgconfig \ +chrony \ +curl \ gcc \ -make \ +git \ libseccomp \ libseccomp-devel \ -chrony \ -curl +make \ +pkgconfig \ +redhat-release \ +systemd # This will install the proper golang to build Kata components @INSTALL_GO@ diff --git a/rootfs-builder/fedora/config.sh b/rootfs-builder/fedora/config.sh index c11cbd55e..4aff698d7 100644 --- a/rootfs-builder/fedora/config.sh +++ b/rootfs-builder/fedora/config.sh @@ -5,7 +5,7 @@ OS_NAME="Fedora" -OS_VERSION=${OS_VERSION:-28} +OS_VERSION=${OS_VERSION:-30} MIRROR_LIST="https://mirrors.fedoraproject.org/metalink?repo=fedora-${OS_VERSION}&arch=\$basearch" From bdbc806770238b8f7efdd96b161b7e368de8462d Mon Sep 17 00:00:00 2001 From: Eric Ernst Date: Thu, 18 Jul 2019 12:49:36 -0700 Subject: [PATCH 232/307] release: Kata Containers 1.9.0-alpha0 - rootfs: upgrade docker images for fedora - rootfs: Make sure etc exists. edb770e rootfs: upgrade docker images for fedora 27dddf0 rootfs: Make sure etc exists. Signed-off-by: Eric Ernst --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index 8fea7f729..f93a59a99 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.8.0-rc0 +1.9.0-alpha0 From 8ebaac02d1534a47af2a4038e98bd401ac09c05c Mon Sep 17 00:00:00 2001 From: Marco Vedovati Date: Wed, 17 Jul 2019 19:15:50 +0200 Subject: [PATCH 233/307] rootfs: move code from rootfs.sh to lib.sh Move some of the functions in rootfs.sh (generate_dockerfile, detect_go_version) in scripts/lib.sh, to make those functions reusable outside of rootfs.sh. Signed-off-by: Marco Vedovati --- rootfs-builder/rootfs.sh | 94 ------------------------------------ scripts/lib.sh | 100 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 100 insertions(+), 94 deletions(-) diff --git a/rootfs-builder/rootfs.sh b/rootfs-builder/rootfs.sh index 7705e0d60..5f1aced6c 100755 --- a/rootfs-builder/rootfs.sh +++ b/rootfs-builder/rootfs.sh @@ -14,17 +14,12 @@ script_name="${0##*/}" script_dir="$(dirname $(readlink -f $0))" AGENT_VERSION=${AGENT_VERSION:-} GO_AGENT_PKG=${GO_AGENT_PKG:-github.com/kata-containers/agent} -GO_RUNTIME_PKG=${GO_RUNTIME_PKG:-github.com/kata-containers/runtime} AGENT_BIN=${AGENT_BIN:-kata-agent} AGENT_INIT=${AGENT_INIT:-no} KERNEL_MODULES_DIR=${KERNEL_MODULES_DIR:-""} OSBUILDER_VERSION="unknown" DOCKER_RUNTIME=${DOCKER_RUNTIME:-runc} GO_VERSION="null" -#https://github.com/kata-containers/tests/blob/master/.ci/jenkins_job_build.sh -# Give preference to variable set by CI -KATA_BRANCH=${branch:-} -KATA_BRANCH=${KATA_BRANCH:-master} export GOPATH=${GOPATH:-${HOME}/go} lib_file="${script_dir}/../scripts/lib.sh" @@ -191,51 +186,6 @@ docker_extra_args() echo "$args" } -generate_dockerfile() -{ - dir="$1" - - case "$(uname -m)" in - "ppc64le") - goarch=ppc64le - ;; - - "aarch64") - goarch=arm64 - ;; - "s390x") - goarch=s390x - ;; - - *) - goarch=amd64 - ;; - esac - - [ -n "$http_proxy" ] && readonly set_proxy="RUN sed -i '$ a proxy="$http_proxy"' /etc/dnf/dnf.conf /etc/yum.conf; true" - - curlOptions=("-OL") - [ -n "$http_proxy" ] && curlOptions+=("-x $http_proxy") - readonly install_go=" -RUN cd /tmp ; curl ${curlOptions[@]} https://storage.googleapis.com/golang/go${GO_VERSION}.linux-${goarch}.tar.gz -RUN tar -C /usr/ -xzf /tmp/go${GO_VERSION}.linux-${goarch}.tar.gz -ENV GOROOT=/usr/go -ENV PATH=\$PATH:\$GOROOT/bin:\$GOPATH/bin -" - - readonly dockerfile_template="Dockerfile.in" - [ -d "${dir}" ] || die "${dir}: not a directory" - pushd ${dir} - [ -f "${dockerfile_template}" ] || die "${dockerfile_template}: file not found" - sed \ - -e "s|@GO_VERSION@|${GO_VERSION}|g" \ - -e "s|@OS_VERSION@|${OS_VERSION}|g" \ - -e "s|@INSTALL_GO@|${install_go//$'\n'/\\n}|g" \ - -e "s|@SET_PROXY@|${set_proxy}|g" \ - ${dockerfile_template} > Dockerfile - popd -} - setup_agent_init() { agent_bin="$1" @@ -276,50 +226,6 @@ error_handler() fi } -detect_go_version() -{ - info "Detecting agent go version" - typeset -r yq=$(command -v yq || command -v ${GOPATH}/bin/yq) - [ -z "$yq" ] && die "'yq' application not found (needed to parsing minimum Go version required)" - - local runtimeRevision="" - - # Detect runtime revision by fetching the agent's VERSION file - local runtime_version_url="https://raw.githubusercontent.com/kata-containers/agent/${AGENT_VERSION:-master}/VERSION" - info "Detecting runtime version using ${runtime_version_url}" - - if runtimeRevision="$(curl -fsSL ${runtime_version_url})"; then - [ -n "${runtimeRevision}" ] || die "failed to get agent version" - typeset -r runtimeVersionsURL="https://raw.githubusercontent.com/kata-containers/runtime/${runtimeRevision}/versions.yaml" - info "Getting golang version from ${runtimeVersionsURL}" - # This may fail if we are a kata bump. - if GO_VERSION="$(curl -fsSL "$runtimeVersionsURL" | $yq r - "languages.golang.version")"; then - [ "$GO_VERSION" != "null" ] - return 0 - fi - fi - - info "Agent version has not match with a runtime version, assumming it is a PR" - local kata_runtime_pkg_dir="${GOPATH}/src/${GO_RUNTIME_PKG}" - if [ ! -d "${kata_runtime_pkg_dir}" ];then - info "There is not runtime repository in filesystem (${kata_runtime_pkg_dir})" - local runtime_versions_url="https://raw.githubusercontent.com/kata-containers/runtime/${KATA_BRANCH}/versions.yaml" - info "Get versions file from ${runtime_versions_url}" - GO_VERSION="$(curl -fsSL "${runtime_versions_url}" | $yq r - "languages.golang.version")" - if [ "$?" == "0" ] && [ "$GO_VERSION" != "null" ]; then - return 0 - fi - - return 1 - fi - - local kata_versions_file="${kata_runtime_pkg_dir}/versions.yaml" - info "Get Go version from ${kata_versions_file}" - GO_VERSION="$(cat "${kata_versions_file}" | $yq r - "languages.golang.version")" - - [ "$?" == "0" ] && [ "$GO_VERSION" != "null" ] -} - # Compares two SEMVER-style versions passed as arguments, up to the MINOR version # number. # Returns a zero exit code if the version specified by the first argument is diff --git a/scripts/lib.sh b/scripts/lib.sh index b2f680e5f..c4aa14235 100644 --- a/scripts/lib.sh +++ b/scripts/lib.sh @@ -6,6 +6,13 @@ set -e +GO_AGENT_PKG=${GO_AGENT_PKG:-github.com/kata-containers/agent} +GO_RUNTIME_PKG=${GO_RUNTIME_PKG:-github.com/kata-containers/runtime} +#https://github.com/kata-containers/tests/blob/master/.ci/jenkins_job_build.sh +# Give preference to variable set by CI +KATA_BRANCH=${branch:-} +KATA_BRANCH=${KATA_BRANCH:-master} + error() { local msg="$*" @@ -213,3 +220,96 @@ EOT local rootfs_file="${file_dir}/$(basename "${file}")" info "Created summary file '${rootfs_file}' inside rootfs" } + +# generate_dockerfile takes as only argument a path. It expects a Dockerfile.in +# Dockerfile template to be present in that path, and will generate a usable +# Dockerfile replacing the '@PLACEHOLDER@' in that Dockerfile +generate_dockerfile() +{ + dir="$1" + [ -d "${dir}" ] || die "${dir}: not a directory" + + case "$(uname -m)" in + "ppc64le") + goarch=ppc64le + ;; + + "aarch64") + goarch=arm64 + ;; + "s390x") + goarch=s390x + ;; + + *) + goarch=amd64 + ;; + esac + + [ -n "${http_proxy:-}" ] && readonly set_proxy="RUN sed -i '$ a proxy="${http_proxy:-}"' /etc/dnf/dnf.conf /etc/yum.conf; true" + + curlOptions=("-OL") + [ -n "${http_proxy:-}" ] && curlOptions+=("-x ${http_proxy:-}") + readonly install_go=" +RUN cd /tmp ; curl ${curlOptions[@]} https://storage.googleapis.com/golang/go${GO_VERSION}.linux-${goarch}.tar.gz +RUN tar -C /usr/ -xzf /tmp/go${GO_VERSION}.linux-${goarch}.tar.gz +ENV GOROOT=/usr/go +ENV PATH=\$PATH:\$GOROOT/bin:\$GOPATH/bin +" + + readonly dockerfile_template="Dockerfile.in" + pushd ${dir} + [ -f "${dockerfile_template}" ] || die "${dockerfile_template}: file not found" + sed \ + -e "s|@GO_VERSION@|${GO_VERSION}|g" \ + -e "s|@OS_VERSION@|${OS_VERSION:-}|g" \ + -e "s|@INSTALL_GO@|${install_go//$'\n'/\\n}|g" \ + -e "s|@SET_PROXY@|${set_proxy:-}|g" \ + ${dockerfile_template} > Dockerfile + popd +} + +detect_go_version() +{ + info "Detecting agent go version" + typeset -r yq=$(command -v yq || command -v ${GOPATH}/bin/yq) + [ -z "$yq" ] && die "'yq' application not found (needed to parsing minimum Go version required)" + + local runtimeRevision="" + + # Detect runtime revision by fetching the agent's VERSION file + local runtime_version_url="https://raw.githubusercontent.com/kata-containers/agent/${AGENT_VERSION:-master}/VERSION" + info "Detecting runtime version using ${runtime_version_url}" + + if runtimeRevision="$(curl -fsSL ${runtime_version_url})"; then + [ -n "${runtimeRevision}" ] || die "failed to get agent version" + typeset -r runtimeVersionsURL="https://raw.githubusercontent.com/kata-containers/runtime/${runtimeRevision}/versions.yaml" + info "Getting golang version from ${runtimeVersionsURL}" + # This may fail if we are a kata bump. + if GO_VERSION="$(curl -fsSL "$runtimeVersionsURL" | $yq r - "languages.golang.version")"; then + [ "$GO_VERSION" != "null" ] + return 0 + fi + fi + + info "Agent version has not match with a runtime version, assumming it is a PR" + local kata_runtime_pkg_dir="${GOPATH}/src/${GO_RUNTIME_PKG}" + if [ ! -d "${kata_runtime_pkg_dir}" ];then + info "There is not runtime repository in filesystem (${kata_runtime_pkg_dir})" + local runtime_versions_url="https://raw.githubusercontent.com/kata-containers/runtime/${KATA_BRANCH}/versions.yaml" + info "Get versions file from ${runtime_versions_url}" + GO_VERSION="$(curl -fsSL "${runtime_versions_url}" | $yq r - "languages.golang.version")" + if [ "$?" == "0" ] && [ "$GO_VERSION" != "null" ]; then + return 0 + fi + + return 1 + fi + + local kata_versions_file="${kata_runtime_pkg_dir}/versions.yaml" + info "Get Go version from ${kata_versions_file}" + GO_VERSION="$(cat "${kata_versions_file}" | $yq r - "languages.golang.version")" + + [ "$?" == "0" ] && [ "$GO_VERSION" != "null" ] +} + From 9bfc083ef5c46ca34978a769bc5d5b6045eb1ca5 Mon Sep 17 00:00:00 2001 From: Penny Zheng Date: Tue, 23 Jul 2019 17:13:09 +0800 Subject: [PATCH 234/307] fedora-rootfs: using fedora 28 on aarch64 For some reason, busybox image crashed on fedora 30 rootfs on aarch64. For now, we will switch back to use fedora 28. Fixes: #334 Signed-off-by: Penny Zheng --- rootfs-builder/fedora/config_aarch64.sh | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 rootfs-builder/fedora/config_aarch64.sh diff --git a/rootfs-builder/fedora/config_aarch64.sh b/rootfs-builder/fedora/config_aarch64.sh new file mode 100644 index 000000000..691aba317 --- /dev/null +++ b/rootfs-builder/fedora/config_aarch64.sh @@ -0,0 +1,10 @@ +# +# Copyright (c) 2019 ARM Limited +# +# SPDX-License-Identifier: Apache-2.0 + +# image busybox will fail on fedora 30 rootfs image +# see https://github.com/kata-containers/osbuilder/issues/334 for detailed info +OS_VERSION="28" + +MIRROR_LIST="https://mirrors.fedoraproject.org/metalink?repo=fedora-${OS_VERSION}&arch=\$basearch" From 2f55017fea89d1944ec304b2040149ee9940d959 Mon Sep 17 00:00:00 2001 From: Marco Vedovati Date: Wed, 12 Jun 2019 18:58:38 +0200 Subject: [PATCH 235/307] osbuilder: add dracut build method Add the option to build image and initrd using dracut. Fixes: #311 Suggested-by: Stefan Hajnoczi Signed-off-by: Marco Vedovati --- Makefile | 90 +++++++++++++++++++---- README.md | 106 ++++++++++++++++++++++++--- dracut/dracut.conf.d/00-base.conf | 17 +++++ dracut/dracut.conf.d/10-drivers.conf | 9 +++ rootfs-builder/README.md | 24 +++--- rootfs-builder/rootfs.sh | 37 +++++++++- 6 files changed, 239 insertions(+), 44 deletions(-) create mode 100644 dracut/dracut.conf.d/00-base.conf create mode 100644 dracut/dracut.conf.d/10-drivers.conf diff --git a/Makefile b/Makefile index 58598cf6e..aa515dee1 100644 --- a/Makefile +++ b/Makefile @@ -9,15 +9,17 @@ ROOTFS_BUILDER := $(MK_DIR)/rootfs-builder/rootfs.sh INITRD_BUILDER := $(MK_DIR)/initrd-builder/initrd_builder.sh IMAGE_BUILDER := $(MK_DIR)/image-builder/image_builder.sh +DISTRO := centos +BUILD_METHOD := distro +BUILD_METHOD_LIST := distro dracut AGENT_INIT ?= no -DISTRO ?= centos -ROOTFS_BUILD_DEST := $(PWD) -IMAGES_BUILD_DEST := $(PWD) -DISTRO_ROOTFS := $(ROOTFS_BUILD_DEST)/$(DISTRO)_rootfs +ROOTFS_BUILD_DEST := $(shell pwd) +IMAGES_BUILD_DEST := $(shell pwd) ROOTFS_MARKER_SUFFIX := _rootfs.done -DISTRO_ROOTFS_MARKER := $(ROOTFS_BUILD_DEST)/.$(DISTRO)$(ROOTFS_MARKER_SUFFIX) -DISTRO_IMAGE := $(IMAGES_BUILD_DEST)/kata-containers.img -DISTRO_INITRD := $(IMAGES_BUILD_DEST)/kata-containers-initrd.img +TARGET_ROOTFS := $(ROOTFS_BUILD_DEST)/$(DISTRO)_rootfs +TARGET_ROOTFS_MARKER := $(ROOTFS_BUILD_DEST)/.$(DISTRO)$(ROOTFS_MARKER_SUFFIX) +TARGET_IMAGE := $(IMAGES_BUILD_DEST)/kata-containers.img +TARGET_INITRD := $(IMAGES_BUILD_DEST)/kata-containers-initrd.img VERSION_FILE := ./VERSION VERSION := $(shell grep -v ^\# $(VERSION_FILE)) @@ -25,6 +27,34 @@ COMMIT_NO := $(shell git rev-parse HEAD 2> /dev/null || true) COMMIT := $(if $(shell git status --porcelain --untracked-files=no),${COMMIT_NO}-dirty,${COMMIT_NO}) VERSION_COMMIT := $(if $(COMMIT),$(VERSION)-$(COMMIT),$(VERSION)) +ifeq ($(filter $(BUILD_METHOD),$(BUILD_METHOD_LIST)),) + $(error Invalid BUILD_METHOD value '$(BUILD_METHOD)'. Supported values: $(BUILD_METHOD_LIST)) +endif + +ifeq (dracut,$(BUILD_METHOD)) + DISTRO := + TARGET_ROOTFS := dracut_rootfs + TARGET_ROOTFS_MARKER := $(ROOTFS_BUILD_DEST)/.dracut$(ROOTFS_MARKER_SUFFIX) + # dracut specific variables + DRACUT_KVERSION := + DRACUT_OVERLAY_DIR := $(MK_DIR)/dracut_overlay + DRACUT_DIR := $(MK_DIR)/dracut + DRACUT_CONF_DIR := $(DRACUT_DIR)/dracut.conf.d + DRACUT_OPTIONS := --no-compress --conf /dev/null --confdir $(DRACUT_CONF_DIR) + + ifneq (,$(DRACUT_KVERSION)) + # If a kernel version is not specified, do not make systemd load modules + # at startup + DRACUT_KMODULES := $(shell grep "^drivers=" $(DRACUT_CONF_DIR)/10-drivers.conf | sed -E "s,^drivers=\"(.*)\"$$,\1,") + else + DRACUT_OPTIONS += --no-kernel + endif + + ifeq (,$(DRACUT_OVERLAY_DIR)) + $(error DRACUT_OVERLAY_DIR cannot be empty) + endif +endif + # Set the variable to silent logs using chronic OSBUILDER_USE_CHRONIC := @@ -53,7 +83,17 @@ rootfs-%: $(ROOTFS_BUILD_DEST)/.%$(ROOTFS_MARKER_SUFFIX) .PRECIOUS: $(ROOTFS_BUILD_DEST)/.%$(ROOTFS_MARKER_SUFFIX) $(ROOTFS_BUILD_DEST)/.%$(ROOTFS_MARKER_SUFFIX):: rootfs-builder/% $(call silent_run,Creating rootfs for "$*",$(ROOTFS_BUILDER) -o $(VERSION_COMMIT) -r $(ROOTFS_BUILD_DEST)/$*_rootfs $*) - touch $@ + @touch $@ + +# To generate a dracut rootfs, we first generate a dracut initrd and then +# extract it in a local folder. +# Notes: +# - assuming a not compressed initrd. +.PRECIOUS: $(ROOTFS_BUILD_DEST)/.dracut$(ROOTFS_MARKER_SUFFIX) +$(ROOTFS_BUILD_DEST)/.dracut$(ROOTFS_MARKER_SUFFIX): $(TARGET_INITRD) + mkdir -p $(TARGET_ROOTFS) + cat $< | cpio --extract --preserve-modification-time --make-directories --directory=$(TARGET_ROOTFS) + @touch $@ image-%: $(IMAGES_BUILD_DEST)/kata-containers-image-%.img @ # DONT remove. This is not cancellation rule. @@ -73,19 +113,37 @@ $(IMAGES_BUILD_DEST)/kata-containers-initrd-%.img: rootfs-% all: image initrd .PHONY: rootfs -rootfs: $(DISTRO_ROOTFS_MARKER) +rootfs: $(TARGET_ROOTFS_MARKER) .PHONY: image -image: $(DISTRO_IMAGE) +image: $(TARGET_IMAGE) + +$(TARGET_IMAGE): $(TARGET_ROOTFS_MARKER) + $(call silent_run,Creating image based on "$(TARGET_ROOTFS)",$(IMAGE_BUILDER) -o $@ "$(TARGET_ROOTFS)") -$(DISTRO_IMAGE): $(DISTRO_ROOTFS_MARKER) - $(call silent_run,Creating image based on "$(DISTRO_ROOTFS)",$(IMAGE_BUILDER) "$(DISTRO_ROOTFS)") .PHONY: initrd -initrd: $(DISTRO_INITRD) +initrd: $(TARGET_INITRD) -$(DISTRO_INITRD): $(DISTRO_ROOTFS_MARKER) - $(call silent_run,Creating initrd image based on "$(DISTRO_ROOTFS)",$(INITRD_BUILDER) "$(DISTRO_ROOTFS)") +ifeq (distro,$(BUILD_METHOD)) +$(TARGET_INITRD): $(TARGET_ROOTFS_MARKER) + $(call silent_run,Creating initrd image based on "$(TARGET_ROOTFS)",$(INITRD_BUILDER) "$(TARGET_ROOTFS)") +else +$(TARGET_INITRD): $(DRACUT_OVERLAY_DIR) + @echo Creating initrd image based on the host OS using dracut + dracut $(DRACUT_OPTIONS) --include $< / $@ $(DRACUT_KVERSION) +endif + +# Notes on overlay dir: +# - If user specified any kernel module in the dracut conf file, +# we need to make sure these are pre-loaded at startup using +# systemd modules-load.d +$(DRACUT_OVERLAY_DIR): + mkdir -p $@ + # Modules preload + $(ROOTFS_BUILDER) -o $(VERSION_COMMIT) -r $@ + mkdir -p $@/etc/modules-load.d + echo $(DRACUT_KMODULES) | tr " " "\n" > $@/etc/modules-load.d/kata-modules.conf .PHONY: test test: @@ -140,7 +198,7 @@ install-scripts: .PHONY: clean clean: - rm -rf $(DISTRO_ROOTFS_MARKER) $(DISTRO_ROOTFS) $(DISTRO_IMAGE) $(DISTRO_INITRD) + rm -rf $(TARGET_ROOTFS_MARKER) $(TARGET_ROOTFS) $(TARGET_IMAGE) $(TARGET_INITRD) $(DRACUT_OVERLAY_DIR) # Prints the name of the variable passed as suffix to the print- target, # E.g., if Makefile contains: diff --git a/README.md b/README.md index 05911657a..b39bfb4fa 100644 --- a/README.md +++ b/README.md @@ -2,18 +2,25 @@ # osbuilder -* [Introduction](#introduction) -* [Terms](#terms) -* [Usage](#usage) - * [Rootfs creation](#rootfs-creation) +* [osbuilder](#osbuilder) + * [Introduction](#introduction) + * [Terms](#terms) + * [Building](#building) + * [Rootfs creation](#rootfs-creation) * [Rootfs with systemd as init](#rootfs-with-systemd-as-init) * [Rootfs with the agent as init](#rootfs-with-the-agent-as-init) - * [Image creation](#image-creation) + * [dracut based rootfs](#dracut-based-rootfs) + * [Image creation](#image-creation) * [Image with systemd as init](#image-with-systemd-as-init) * [Image with the agent as init](#image-with-the-agent-as-init) - * [Initrd creation](#initrd-creation) - * [Tests](#tests) -* [Platform-Distro Compatibility Matrix](#platform-distro-compatibility-matrix) + * [dracut based image](#dracut-based-image) + * [Initrd creation](#initrd-creation) + * [Rootfs based initrd](#rootfs-based-initrd) + * [dracut based initrd](#dracut-based-initrd) + * [dracut options](#dracut-options) + * [Add kernel modules](#add-kernel-modules) + * [Testing](#testing) + * [Platform-Distro Compatibility Matrix](#platform-distro-compatibility-matrix) ## Introduction @@ -53,16 +60,39 @@ This section describes the terms used for all documentation in this repository. A particular version of a Linux distribution used to create a rootfs from. -## Usage +- dracut + + A guest OS build method where the building host is used as the Base OS. + For more information refer to the [dracut homepage](https://dracut.wiki.kernel.org/index.php/Main_Page). + +## Building The top-level `Makefile` contains an example of how to use the available components. -By default, components will run on the host system. However, some components +Two build methods are available, `distro` and `dracut`. +By default, the `distro` build method is used, and this creates a rootfs using +distro specific commands (e.g.: `debootstrap` for Debian or `yum` for CentOS). +The `dracut` build method uses the distro-agnostic tool `dracut` to obtain the same goal. + +By default components are run on the host system. However, some components offer the ability to run from within Docker (for ease of setup) by setting the `USE_DOCKER=true` variable. For more detailed information, consult the documentation for a particular component. +When invoking the appropriate make target as showed below, a single command is used +to generate an initrd or an image. This is what happens in details: +1. A rootfs is generated based on the specified target distribution. +2. The rootfs is provisioned with Kata-specific components and configuration files. +3. The rootfs is used as a base to generate an initrd or an image. + +When using the dracut build method however, the build sequence is different: +1. An overlay directory is populated with Kata-specific components. +2. dracut is instructed to merge the overlay directory with the required host-side +filesystem components to generate an initrd. +3. When generating an image, the initrd is extracted to obtain the base rootfs for +the image. + ### Rootfs creation This section shows how to build a basic rootfs using the default distribution. @@ -81,6 +111,15 @@ $ sudo -E PATH=$PATH make USE_DOCKER=true rootfs $ sudo -E PATH=$PATH make USE_DOCKER=true AGENT_INIT=yes rootfs ``` +#### dracut based rootfs + +> **Note**: the dracut build method does not need a rootfs as a base for an image or initrd. +However, a rootfs can be generated by extracting the generated initrd. + +``` +$ sudo -E PATH=$PATH make BUILD_METHOD=dracut rootfs +``` + ### Image creation This section shows how to create an image from the already-created rootfs. For @@ -99,18 +138,55 @@ $ sudo -E PATH=$PATH make USE_DOCKER=true image $ sudo -E PATH=$PATH make USE_DOCKER=true AGENT_INIT=yes image ``` +#### dracut based image + +> Note: the dracut build method generates an image by first building an initrd, +and then using the rootfs extracted from it. + +``` +$ sudo -E PATH=$PATH make BUILD_METHOD=dracut image +``` + ### Initrd creation -To create an initrd from the already-created rootfs with the agent acting as the init daemon: +#### Rootfs based initrd + +Create an initrd from the already-created rootfs and with the agent acting as the init daemon +using: ``` $ sudo -E PATH=$PATH make AGENT_INIT=yes initrd ``` +#### dracut based initrd + +Create an initrd using the dracut build method with: + +``` +$ sudo -E PATH=$PATH make BUILD_METHOD=dracut AGENT_INIT=yes initrd +``` + For further details, see [the initrd builder documentation](initrd-builder/README.md). -### Tests +### dracut options + +#### Add kernel modules + +If the initrd or image needs to contain kernel modules, this can be done by: + +1. Specify the name of the modules (as reported by `modinfo MODULE-NAME`) in +`dracut/dracut.conf.d/10-drivers.conf`. For example this file can contain: +``` +drivers="9p 9pnet 9pnet_virtio" +``` +2. Set the `DRACUT_KVERSION` make variable to the release name of the kernel that +is paired with the built image or initrd, using the `uname -r` format. For example: +``` +$ make BUILD_METHOD=dracut DRACUT_KVERSION=5.2.1-23-kata AGENT_INIT=yes initrd +``` + +## Testing ``` $ make test @@ -120,6 +196,12 @@ For further details, see [the tests documentation](tests/README.md). ## Platform-Distro Compatibility Matrix +The following table illustrates what target architecture is supported for each +of the the osbuilder distributions. + +> Note: this table is not relevant for the dracut build method, since it supports +any Linux distribution and architecture where dracut is available. + | |Alpine |CentOS |Clear Linux |Debian/Ubuntu |EulerOS |Fedora |openSUSE | |-- |-- |-- |-- |-- |-- |-- |-- | |**ARM64** |:heavy_check_mark:|:heavy_check_mark:| | |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:| diff --git a/dracut/dracut.conf.d/00-base.conf b/dracut/dracut.conf.d/00-base.conf new file mode 100644 index 000000000..1dd41c4a1 --- /dev/null +++ b/dracut/dracut.conf.d/00-base.conf @@ -0,0 +1,17 @@ +# +# Copyright (c) 2019 SUSE LLC +# +# SPDX-License-Identifier: Apache-2.0 + +# Main dracut config for Kata Containers + +# do NOT combine early microcode with ramdisk +early_microcode="no" +# do NOT install only what's needed to boot the local host +hostonly="no" +# do NOT store the kernel command line arguments in the initramfs +hostonly_cmdline="no" +# create reproducible images +reproducible="yes" +# dracut modules to include (NOTE: these are NOT kernel modules) +dracutmodules="kernel-modules udev-rules syslog systemd" diff --git a/dracut/dracut.conf.d/10-drivers.conf b/dracut/dracut.conf.d/10-drivers.conf new file mode 100644 index 000000000..121e85838 --- /dev/null +++ b/dracut/dracut.conf.d/10-drivers.conf @@ -0,0 +1,9 @@ +# +# Copyright (c) 2019 SUSE LLC +# +# SPDX-License-Identifier: Apache-2.0 + +# Specify a space-separated set of kernel modules to copy from the host to +# the initramfs image. For example: +# drivers="9p 9pnet 9pnet_virtio" +drivers="" diff --git a/rootfs-builder/README.md b/rootfs-builder/README.md index 1218db010..9ceb1b7a2 100644 --- a/rootfs-builder/README.md +++ b/rootfs-builder/README.md @@ -11,7 +11,7 @@ * [Create template files](#create-template-files) * [Modify template files](#modify-template-files) * [Expected rootfs directory content](#expected-rootfs-directory-content) - * [Optional - Customise the rootfs](#optional---customise-the-rootfs) + * [Optional - Customize the rootfs](#optional---customize-the-rootfs) * [Adding extra packages](#adding-extra-packages) * [Arbitrary rootfs changes](#arbitrary-rootfs-changes) @@ -26,24 +26,24 @@ distribution. The script supports multiple distributions and can be extended to add further ones. ### Extra features + #### Supported distributions list -Supported distributions can be listed with: + +List the supported distributions by running the following: ``` $ ./rootfs.sh -l ``` #### Generate Kata specific files -`rootfs.sh` can be used to only populate a target directory with the set of Kata -specific files and components integrable into a generic Linux rootfs to generate -a Kata guest OS image. -This feature can be used when creating a rootfs with a distribution not officially -supported by osbuilder. -It is also used when building the rootfs using the 'dracut' build method. +The `rootfs.sh` script can be used to populate a directory with only Kata specific files and +components, without creating a full usable rootfs. +This feature is used to create a rootfs based on a distribution not officially +supported by osbuilder, and when building an image using the dracut build method. -To obtain this, simply invoke `rootfs.sh` without specifying a target rootfs, e.g.: +To achieve this, simply invoke `rootfs.sh` without specifying a target rootfs, e.g.: ``` -mkdir kata-overlay -./rootfs.sh -r `pwd`/kata-overlay +$ mkdir kata-overlay +$ ./rootfs.sh -r "$PWD/kata-overlay" ``` ## Rootfs requirements @@ -177,7 +177,7 @@ After the new directory structure is created: After the function `build_rootfs` is called, the script expects the rootfs directory to contain `/sbin/init` and `/sbin/kata-agent` binaries. -### Optional - Customise the rootfs +### Optional - Customize the rootfs For particular use cases developers might want to modify the guest OS. diff --git a/rootfs-builder/rootfs.sh b/rootfs-builder/rootfs.sh index 5f1aced6c..cc410035f 100755 --- a/rootfs-builder/rootfs.sh +++ b/rootfs-builder/rootfs.sh @@ -386,12 +386,15 @@ build_rootfs_distro() # This is used when a distro is not specified. prepare_overlay() { - pushd "${ROOTFS_DIR}" >> /dev/null + pushd "${ROOTFS_DIR}" > /dev/null mkdir -p ./etc ./lib/systemd ./sbin ./var ln -sf ./usr/lib/systemd/systemd ./init ln -sf ../../init ./lib/systemd/systemd ln -sf ../init ./sbin/init - popd >> /dev/null + # Kata sytemd unit file + mkdir -p ./etc/systemd/system/basic.target.wants/ + ln -sf /usr/lib/systemd/system/kata-containers.target ./etc/systemd/system/basic.target.wants/kata-containers.target + popd > /dev/null } # Setup an existing rootfs directory, based on the OPTIONAL distro name @@ -405,14 +408,40 @@ setup_rootfs() if [ "$PWD" != "/" ] ; then rm -rf ./var/cache/ ./var/lib ./var/log ./var/tmp fi + ln -s ../tmp ./var/ # For some distros tmp.mount may not be installed by default in systemd paths if ! [ -f "./etc/systemd/system/tmp.mount" ] && \ ! [ -f "./usr/lib/systemd/system/tmp.mount" ] && [ "$AGENT_INIT" != "yes" ]; then + local unitFile="./etc/systemd/system/tmp.mount" info "Install tmp.mount in ./etc/systemd/system" - cp ./usr/share/systemd/tmp.mount ./etc/systemd/system/tmp.mount + mkdir -p `dirname "$unitFile"` + cp ./usr/share/systemd/tmp.mount "$unitFile" || cat > "$unitFile" << EOT +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Temporary Directory (/tmp) +Documentation=man:hier(7) +Documentation=https://www.freedesktop.org/wiki/Software/systemd/APIFileSystems +ConditionPathIsSymbolicLink=!/tmp +DefaultDependencies=no +Conflicts=umount.target +Before=local-fs.target umount.target +After=swap.target + +[Mount] +What=tmpfs +Where=/tmp +Type=tmpfs +Options=mode=1777,strictatime,nosuid,nodev +EOT fi popd >> /dev/null @@ -486,7 +515,7 @@ parse_arguments() l) get_distros | sort && exit 0;; o) OSBUILDER_VERSION="${OPTARG}" ;; r) ROOTFS_DIR="${OPTARG}" ;; - t) get_test_config "${OPTARG}" && exit -1;; + t) get_test_config "${OPTARG}" && exit 0;; *) die "Found an invalid option";; esac done From 6d5aef531a4985fdb1a861d065702ec39de8e500 Mon Sep 17 00:00:00 2001 From: ClarkLee Date: Fri, 28 Jun 2019 16:59:32 +0800 Subject: [PATCH 236/307] osbuilder: Get mount directory size with Mb format While calculating directory size in imagebuild script, we shoul use `df -BM` instead of `df -h` to keep Mb format. Fixes #336 image-builder: get mount directory size with Mb format Signed-off-by: ClarkLee --- image-builder/image_builder.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/image-builder/image_builder.sh b/image-builder/image_builder.sh index 277c4de89..2a9bb8656 100755 --- a/image-builder/image_builder.sh +++ b/image-builder/image_builder.sh @@ -233,7 +233,7 @@ calculate_required_disk_size() { die "Could not format loop device: ${device}" fi mount "${device}p1" "${mount_dir}" - avail="$(df -h --output=avail "${mount_dir}" | tail -n1 | sed 's/[M ]//g')" + avail="$(df -BM --output=avail "${mount_dir}" | tail -n1 | sed 's/[M ]//g')" umount "${mount_dir}" losetup -d "${device}" From 1e5746a4f243ca462acf9b2a6211c117adbc04ed Mon Sep 17 00:00:00 2001 From: Marco Vedovati Date: Wed, 17 Jul 2019 12:58:22 +0200 Subject: [PATCH 237/307] tests: add dracut initrd and image tests Build dracut initrd and images inside a reference container. Signed-off-by: Marco Vedovati --- .gitignore | 1 + dracut/Dockerfile.in | 14 ++++++++++ tests/test_images.sh | 66 ++++++++++++++++++++++++++++++++++++++++---- 3 files changed, 75 insertions(+), 6 deletions(-) create mode 100644 dracut/Dockerfile.in diff --git a/.gitignore b/.gitignore index f177a5587..623a742bd 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ image-builder/nsdax +dracut/Dockerfile diff --git a/dracut/Dockerfile.in b/dracut/Dockerfile.in new file mode 100644 index 000000000..227142ed7 --- /dev/null +++ b/dracut/Dockerfile.in @@ -0,0 +1,14 @@ +# +# Copyright (c) 2019 SUSE LLC +# +# SPDX-License-Identifier: Apache-2.0 + +from opensuse/tumbleweed + +RUN zypper --non-interactive refresh; \ + zypper --non-interactive install --no-recommends --force-resolution cpio curl dracut gcc git-core make tar; \ + zypper --non-interactive clean --all; + + +# This will install the proper golang to build Kata components +@INSTALL_GO@ diff --git a/tests/test_images.sh b/tests/test_images.sh index c833e9c66..a8313b7e9 100755 --- a/tests/test_images.sh +++ b/tests/test_images.sh @@ -25,6 +25,7 @@ readonly MACHINE_TYPE=`uname -m` readonly CI=${CI:-} readonly KATA_HYPERVISOR="${KATA_HYPERVISOR:-}" readonly ci_results_dir="/var/osbuilder/tests" +readonly dracut_dir=${script_dir}/../dracut # all distro tests must have this prefix readonly test_func_prefix="test_distro_" @@ -35,7 +36,6 @@ readonly docker_build_runtime="runc" build_images=1 build_initrds=1 typeset -a distrosSystemd distrosAgent -source ${test_config} # Hashes used to keep track of image sizes. # - Key: name of distro. # - Value: colon-separated roots and image sizes ("${rootfs_size}:${image_size}"). @@ -46,6 +46,9 @@ typeset -A built_initrds # not be started. Needed only after all images/initrd built successfully typeset -A showKataRunFailure= +source ${test_config} +source "${script_dir}/../scripts/lib.sh" + usage() { cat <&2 @@ -414,6 +421,9 @@ call_make() { fi done + # Set a default make target + [ "${#makeTargets[@]}" = "0" ] && makeTargets+=($targetType) + makeJobs= if [ -z "$CI" ]; then ((makeJobs=$(nproc) / 2)) @@ -524,9 +534,9 @@ test_distros() if [ "$KATA_HYPERVISOR" != "firecracker" ]; then if [ ${#distrosAgent[@]} -gt 0 ]; then - info "building all rootfses with kata-agent as init" - make_rootfs ${commonMakeVars[@]} AGENT_INIT=yes "${distrosAgent[@]}" & - bgJobs+=($!) + info "building all rootfses with kata-agent as init" + make_rootfs ${commonMakeVars[@]} AGENT_INIT=yes "${distrosAgent[@]}" & + bgJobs+=($!) fi fi @@ -601,6 +611,47 @@ test_distros() show_stats } +test_dracut() +{ + local initrd_path="${images_dir}/kata-containers-initrd-dracut.img" + local image_path="${images_dir}/kata-containers-image-dracut.img" + local rootfs_path="${tmp_rootfs}/dracut_rootfs" + + detect_go_version || + die "Could not detect the required Go version for AGENT_VERSION='${AGENT_VERSION:-master}'." + generate_dockerfile ${dracut_dir} + info "Creating container for dracut" + silent_run docker build -t dracut-test-osbuilder ${dracut_dir} + + typeset -a dockerRunArgs=(\ + --rm \ + --runtime=runc \ + -v "${images_dir}:${images_dir}" \ + -v "${script_dir}/..":"${tmp_dir}" \ + -v "${tmp_rootfs}:${tmp_rootfs}" \ + -v /etc/localtime:/etc/localtime:ro \ + dracut-test-osbuilder \ + ) + typeset -a makeVars=(BUILD_METHOD=dracut TARGET_INITRD="${initrd_path}" TARGET_IMAGE=${image_path} TARGET_ROOTFS=${rootfs_path}) + + info "Making image for dracut inside a container" + silent_run docker run ${dockerRunArgs[@]} make -C ${tmp_dir} ${makeVars[@]} rootfs + make_image USE_DOCKER=1 ${makeVars[@]} + local image_size=$(stat -c "%s" "${image_path}") + local rootfs_size=$(get_rootfs_size "$rootfs_path") + built_images["dracut"]="${rootfs_size}:${image_size}" + info "Creating container for dracut" + install_image_create_container $image_path + + if [ "$KATA_HYPERVISOR" != "firecracker" ]; then + info "Making initrd for dracut inside a container" + silent_run docker run ${dockerRunArgs[@]} make -C ${tmp_dir} ${makeVars[@]} AGENT_INIT=yes clean initrd + local initrd_size=$(stat -c "%s" "${initrd_path}") + built_initrds["dracut"]="${rootfs_size}:${initrd_size}" + install_initrd_create_container $initrd_path + fi +} + main() { local args=$(getopt \ @@ -648,7 +699,10 @@ main() trap exit_handler EXIT ERR setup - test_distros "$distro" + # Run only if distro is not dracut + [ "${distro:-}" != "dracut" ] && test_distros "$distro" + # Run if distro is empty or it is dracut + [ -z "$distro" ] || [ "$distro" = "dracut" ] && test_dracut # We shouldn't really need a message like this but the CI can fail in # mysterious ways so make it clear! From a5a33436a69f054b3b0c0e8cb5099c74f3d6963b Mon Sep 17 00:00:00 2001 From: Marco Vedovati Date: Wed, 17 Jul 2019 19:43:29 +0200 Subject: [PATCH 238/307] ci: use .ci/setup.sh from tests repo Use .ci/setup.sh from tests repo, to make sure spell check packages are correctly installed for the OS under test. Signed-off-by: Marco Vedovati --- .ci/setup.sh | 23 +++++------------------ tests/test_images.sh | 1 - 2 files changed, 5 insertions(+), 19 deletions(-) diff --git a/.ci/setup.sh b/.ci/setup.sh index e6ddc587a..355fa72a2 100755 --- a/.ci/setup.sh +++ b/.ci/setup.sh @@ -4,30 +4,17 @@ # # SPDX-License-Identifier: Apache-2.0 # - set -e cidir=$(dirname "$0") source "${cidir}/lib.sh" -#Note: If add clearlinux as supported CI use a stateless os-release file -source /etc/os-release - -if [ "$ID" == fedora ];then - sudo -E dnf -y install automake yamllint coreutils moreutils bc make gcc -elif [ "$ID" == centos ];then - sudo -E yum -y install epel-release - sudo -E yum -y install automake yamllint coreutils moreutils bc -elif [ "$ID" == ubuntu ];then - sudo apt-get -qq update - sudo apt-get install -y -qq make automake qemu-utils python-pip coreutils moreutils bc - sudo pip install yamllint -else - echo "Linux distribution not supported" -fi - - clone_tests_repo + +pushd "${tests_repo_dir}" +.ci/setup.sh +popd + bash "${cidir}/static-checks.sh" # yq needed to correctly parse runtime/versions.yaml make -C ${tests_repo_dir} install-yq diff --git a/tests/test_images.sh b/tests/test_images.sh index a8313b7e9..72b40c306 100755 --- a/tests/test_images.sh +++ b/tests/test_images.sh @@ -275,7 +275,6 @@ setup() [ ! -d "${tests_repo_dir}" ] && git clone "https://${tests_repo}" "${tests_repo_dir}" if [ -z "${KATA_DEV_MODE:-}" ]; then - "${tests_repo_dir}/.ci/setup.sh" mkdir -p /etc/kata-containers/ sudo cp -a /usr/share/defaults/kata-containers/configuration.toml /etc/kata-containers/configuration.toml else From 317bfba4b1a348845e2f0e9d2a0c46c58e2e03a1 Mon Sep 17 00:00:00 2001 From: Marco Vedovati Date: Thu, 18 Jul 2019 12:27:25 +0200 Subject: [PATCH 239/307] travis: use Ubuntu bionic distro version Ubuntu bionic is a more recent LTS than trusty. Signed-off-by: Marco Vedovati --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 5926cd952..bf5a2d8b3 100644 --- a/.travis.yml +++ b/.travis.yml @@ -5,7 +5,7 @@ # sudo: required -dist: trusty +dist: bionic os: - linux From 934422fc15a0c357bc600b68e0a64ebed2189c20 Mon Sep 17 00:00:00 2001 From: Marco Vedovati Date: Fri, 19 Jul 2019 17:15:23 +0200 Subject: [PATCH 240/307] tests: fix background job failure detection Distros with systemd / agent as init are not correctly enumerated. Signed-off-by: Marco Vedovati --- tests/test_images.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/test_images.sh b/tests/test_images.sh index 72b40c306..afd301040 100755 --- a/tests/test_images.sh +++ b/tests/test_images.sh @@ -547,7 +547,7 @@ test_distros() local marker=$(make print-ROOTFS_MARKER_SUFFIX) [ -z "$marker" ] && die "Invalid rootfs marker" typeset -a completed=($(find ${tmp_rootfs} -name ".*${marker}" -exec basename {} \; | sed -E "s/\.(.+)${marker}/\1/")) - for d in "${distrosSystemd[@]} ${distrosAgent[@]}"; do + for d in "${distrosSystemd[@]}" "${distrosAgent[@]}"; do if [[ "${completed[@]}" =~ $d ]]; then info "- $d : completed" else From b1b8ce427aa5c5fed8da0120eaee7f145010995a Mon Sep 17 00:00:00 2001 From: Julio Montes Date: Mon, 29 Jul 2019 20:53:00 +0000 Subject: [PATCH 241/307] image-builder: check /sbin/init when AGENT_INIT=yes kata-agent is moved to /sbin/init when AGENT_INIT is yes. Check /sbin/init exists and it's not systemd fixes #322 Signed-off-by: Julio Montes --- image-builder/image_builder.sh | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/image-builder/image_builder.sh b/image-builder/image_builder.sh index 277c4de89..6e9e24ce9 100755 --- a/image-builder/image_builder.sh +++ b/image-builder/image_builder.sh @@ -180,11 +180,12 @@ check_rootfs() { OK "init is installed" + systemd_path="/lib/systemd/systemd" + systemd="${rootfs}${systemd_path}" + # check agent or systemd case "${AGENT_INIT}" in "no") - systemd_path="/lib/systemd/systemd" - systemd="${rootfs}${systemd_path}" if [ ! -x "${systemd}" ] && [ ! -L "${systemd}" ]; then error "${systemd_path} is not installed in ${rootfs}" return 1 @@ -193,12 +194,18 @@ check_rootfs() { ;; "yes") - agent_path="/usr/bin/${AGENT_BIN}" + agent_path="/sbin/init" agent="${rootfs}${agent_path}" if [ ! -x "${agent}" ]; then error "${agent_path} is not installed in ${rootfs}. Use AGENT_BIN env variable to change the expected agent binary name" return 1 fi + # checksum must be different to system + if [ -f "${systemd}" ] && cmp -s "${systemd}" "${agent}"; then + error "The agent is not the init process. ${agent_path} is systemd" + return 1 + fi + OK "Agent installed" ;; From 9afe9310b108d75de86a536932c7dfd76b6c6040 Mon Sep 17 00:00:00 2001 From: Penny Zheng Date: Thu, 1 Aug 2019 14:09:14 +0800 Subject: [PATCH 242/307] chrony-service: re-patch PR#265 commit 39370c2(https://github.com/kata-containers/osbuilder/commit/ 39370c2aea6973acfc98a172b7ee084d0ea58afd) has accidentally deleted the content in PR#265(https://github.com/kata-containers/osbuilder/pull/265). Here, I just re-patch PR#265 on the latest master code. Fixes: #338 Signed-off-by: Archana Shinde Signed-off-by: Penny Zheng --- rootfs-builder/rootfs.sh | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/rootfs-builder/rootfs.sh b/rootfs-builder/rootfs.sh index cc410035f..6acdb4b5d 100755 --- a/rootfs-builder/rootfs.sh +++ b/rootfs-builder/rootfs.sh @@ -468,6 +468,15 @@ EOT # Reference: https://chrony.tuxfamily.org/doc/3.4/chrony.conf.html sed -i 's/^\(server \|pool \|peer \)/# &/g' ${chrony_conf_file} + chrony_systemd_service="${ROOTFS_DIR}/usr/lib/systemd/system/chronyd.service" + if [ ${distro} == ubuntu ] || [ ${distro} == debian ] ; then + chrony_systemd_service="${ROOTFS_DIR}/lib/systemd/system/chrony.service" + fi + + if [ -f "$chrony_systemd_service" ]; then + sed -i '/^\[Unit\]/a ConditionPathExists=\/dev\/ptp0' ${chrony_systemd_service} + fi + # The CC on s390x for fedora needs to be manually set to gcc when the golang is downloaded from the main page. # See issue: https://github.com/kata-containers/osbuilder/issues/217 [ "$distro" == "fedora" ] && [ "$ARCH" == "s390x" ] && export CC=gcc From dacd2d34b98aa151fc28e2ad57b476a3686416f1 Mon Sep 17 00:00:00 2001 From: "Bernhard M. Wiedemann" Date: Thu, 8 Aug 2019 12:28:22 +0200 Subject: [PATCH 243/307] scripts/lib: Allow to override build date Allow to override build date with SOURCE_DATE_EPOCH in order to make builds reproducible. See https://reproducible-builds.org/ for why this is good and https://reproducible-builds.org/specs/source-date-epoch/ for the definition of this variable. Also use UTC to be independent of timezone. This date call only works with GNU date. Without this patch, kata-containers-initrd.img contained varying var/lib/osbuilder/osbuilder.yaml with version: "1.9.0-alpha0" -rootfs-creation-time: "2019-08-06T18:40:27.402493939+0000Z" +rootfs-creation-time: "2034-09-08T07:57:34.386990704+0000Z" Fixes #340 Signed-off-by: Bernhard M. Wiedemann --- scripts/lib.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/lib.sh b/scripts/lib.sh index c4aa14235..0691563d9 100644 --- a/scripts/lib.sh +++ b/scripts/lib.sh @@ -170,7 +170,7 @@ create_summary_file() local -r filename="osbuilder.yaml" local file="${dir}/${filename}" - local -r now=$(date '+%Y-%m-%dT%T.%N%zZ') + local -r now=$(date -u -d@${SOURCE_DATE_EPOCH:-$(date +%s.%N)} '+%Y-%m-%dT%T.%N%zZ') # sanitise package lists PACKAGES=$(echo "$PACKAGES"|tr ' ' '\n'|sort -u|tr '\n' ' ') From 87af599dd04e2173f13516cab9e46cfbbc069bff Mon Sep 17 00:00:00 2001 From: Julio Montes Date: Thu, 8 Aug 2019 20:12:03 +0000 Subject: [PATCH 244/307] rootfs-builder/clearlinux: reduce image size when AGENT_INIT=yes Don't install chrony, iptables-bin and util-linux-bin when AGENT_INIT=yes, these packages are only needed when the init process is systemd. Signed-off-by: Julio Montes --- rootfs-builder/clearlinux/config.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rootfs-builder/clearlinux/config.sh b/rootfs-builder/clearlinux/config.sh index 7b3b95426..7c8484efe 100644 --- a/rootfs-builder/clearlinux/config.sh +++ b/rootfs-builder/clearlinux/config.sh @@ -15,12 +15,12 @@ clr_url="https://download.clearlinux.org" BASE_URL="${clr_url}/releases/${OS_VERSION}/${REPO_NAME}/${ARCH}/os/" -PACKAGES="util-linux-bin iptables-bin libudev0-shim chrony" +PACKAGES="libudev0-shim" #Optional packages: # systemd: An init system that will start kata-agent if kata-agent # itself is not configured as init process. -[ "$AGENT_INIT" == "no" ] && PACKAGES+=" systemd" || true +[ "$AGENT_INIT" == "no" ] && PACKAGES+=" systemd chrony iptables-bin util-linux-bin" || true # Init process must be one of {systemd,kata-agent} INIT_PROCESS=systemd From 495a92d2c3bfb9a3edba1208b2a5198adcb0aa3c Mon Sep 17 00:00:00 2001 From: Julio Montes Date: Thu, 8 Aug 2019 20:28:59 +0000 Subject: [PATCH 245/307] rootfs-builder: add kmod package Support for loading kernel modules got merged. kmod package is needed for loading kernel modules in the guest. fixes #341 Signed-off-by: Julio Montes --- rootfs-builder/clearlinux/config.sh | 2 +- rootfs-builder/debian/config.sh | 2 +- rootfs-builder/ubuntu/config.sh | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/rootfs-builder/clearlinux/config.sh b/rootfs-builder/clearlinux/config.sh index 7c8484efe..c26cc049a 100644 --- a/rootfs-builder/clearlinux/config.sh +++ b/rootfs-builder/clearlinux/config.sh @@ -15,7 +15,7 @@ clr_url="https://download.clearlinux.org" BASE_URL="${clr_url}/releases/${OS_VERSION}/${REPO_NAME}/${ARCH}/os/" -PACKAGES="libudev0-shim" +PACKAGES="libudev0-shim kmod-bin" #Optional packages: # systemd: An init system that will start kata-agent if kata-agent diff --git a/rootfs-builder/debian/config.sh b/rootfs-builder/debian/config.sh index 9eb022e66..38e2ee5b9 100644 --- a/rootfs-builder/debian/config.sh +++ b/rootfs-builder/debian/config.sh @@ -8,7 +8,7 @@ OS_VERSION=${OS_VERSION:-9.5} # Set OS_NAME to the desired debian "codename" OS_NAME=${OS_NAME:-"stretch"} -PACKAGES="systemd iptables init chrony" +PACKAGES="systemd iptables init chrony kmod" # NOTE: Re-using ubuntu rootfs configuration, see 'ubuntu' folder for full content. source $script_dir/ubuntu/$CONFIG_SH diff --git a/rootfs-builder/ubuntu/config.sh b/rootfs-builder/ubuntu/config.sh index f2247e4ae..20138d145 100644 --- a/rootfs-builder/ubuntu/config.sh +++ b/rootfs-builder/ubuntu/config.sh @@ -12,7 +12,7 @@ OS_VERSION=${OS_VERSION:-18.04} OS_NAME=${OS_NAME:-"bionic"} # packages to be installed by default -PACKAGES="systemd iptables init chrony" +PACKAGES="systemd iptables init chrony kmod" DEBOOTSTRAP=${PACKAGE_MANAGER:-"debootstrap"} From ce20d725932cdc80683229550a1bb2de5a23073c Mon Sep 17 00:00:00 2001 From: Marco Vedovati Date: Fri, 9 Aug 2019 15:32:13 +0200 Subject: [PATCH 246/307] dracut: improve host distro support Detecting the host distro allows the rootfs setup to be correctly carried out. Fixes: #343 Signed-off-by: Marco Vedovati --- rootfs-builder/rootfs.sh | 45 +++++++++++++++++++++++++++++----------- 1 file changed, 33 insertions(+), 12 deletions(-) diff --git a/rootfs-builder/rootfs.sh b/rootfs-builder/rootfs.sh index 6acdb4b5d..0b68764f0 100755 --- a/rootfs-builder/rootfs.sh +++ b/rootfs-builder/rootfs.sh @@ -401,8 +401,6 @@ prepare_overlay() # provided as argument setup_rootfs() { - [ -z "$distro" ] && prepare_overlay - info "Create symlink to /tmp in /var to create private temporal directories with systemd" pushd "${ROOTFS_DIR}" >> /dev/null if [ "$PWD" != "/" ] ; then @@ -448,14 +446,21 @@ EOT [ -n "${KERNEL_MODULES_DIR}" ] && copy_kernel_modules ${KERNEL_MODULES_DIR} ${ROOTFS_DIR} - chrony_conf_file="${ROOTFS_DIR}/etc/chrony.conf" - if [ "${distro}" == "ubuntu" ] || [ "${distro}" == "debian" ] ; then - chrony_conf_file="${ROOTFS_DIR}/etc/chrony/chrony.conf" - fi - info "Create ${ROOTFS_DIR}/etc" mkdir -p "${ROOTFS_DIR}/etc" + case "${distro}" in + "ubuntu" | "debian") + echo "I am ubuntu or debian" + chrony_conf_file="${ROOTFS_DIR}/etc/chrony/chrony.conf" + chrony_systemd_service="${ROOTFS_DIR}/lib/systemd/system/chrony.service" + ;; + *) + chrony_conf_file="${ROOTFS_DIR}/etc/chrony.conf" + chrony_systemd_service="${ROOTFS_DIR}/usr/lib/systemd/system/chronyd.service" + ;; + esac + info "Configure chrony file ${chrony_conf_file}" cat >> "${chrony_conf_file}" < Date: Mon, 12 Aug 2019 19:15:32 +0530 Subject: [PATCH 247/307] image_builder: create /etc/resolv.conf Since the image rootfs is readonly, we create an empty /etc/resolv.conf which the agent would later bind-remount as read-write. Fixes: #345 Signed-off-by: Nitesh Konkar --- image-builder/image_builder.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/image-builder/image_builder.sh b/image-builder/image_builder.sh index 7d7178dc6..d7878c0cf 100755 --- a/image-builder/image_builder.sh +++ b/image-builder/image_builder.sh @@ -391,6 +391,9 @@ create_rootfs_image() { info "Creating empty machine-id to allow systemd to bind-mount it" touch "${mount_dir}/etc/machine-id" + info "Creating empty resolv.conf to allow kata-agent to bind-mount it" + touch "${mount_dir}/etc/resolv.conf" + info "Unmounting root partition" umount "${mount_dir}" OK "Root partition unmounted" From f9cfa172ab6d6006f51aa73676dd4f84e4efa373 Mon Sep 17 00:00:00 2001 From: katacontainersbot Date: Tue, 3 Sep 2019 17:34:10 +0000 Subject: [PATCH 248/307] release: Kata Containers 1.9.0-alpha1 - image_builder: create /etc/resolv.conf - Add kmod package - dracut: improve host distro support - Allow to override build date with SOURCE_DATE_EPOCH - image-builder: check /sbin/init when AGENT_INIT=yes - chrony-service: re-patch PR#265 - image-builder: get mount directory size with Mb format - osbuilder: add dracut build method - fedora-rootfs: using fedora 28 on aarch64 862b077 image_builder: create /etc/resolv.conf ce20d72 dracut: improve host distro support 495a92d rootfs-builder: add kmod package 87af599 rootfs-builder/clearlinux: reduce image size when AGENT_INIT=yes dacd2d3 scripts/lib: Allow to override build date 9afe931 chrony-service: re-patch PR#265 b1b8ce4 image-builder: check /sbin/init when AGENT_INIT=yes 934422f tests: fix background job failure detection 317bfba travis: use Ubuntu bionic distro version a5a3343 ci: use .ci/setup.sh from tests repo 1e5746a tests: add dracut initrd and image tests 6d5aef5 osbuilder: Get mount directory size with Mb format 2f55017 osbuilder: add dracut build method 9bfc083 fedora-rootfs: using fedora 28 on aarch64 8ebaac0 rootfs: move code from rootfs.sh to lib.sh 39370c2 rootfs-builder: support provisioning existing rootfs Signed-off-by: katacontainersbot --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index f93a59a99..04b7792ad 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.9.0-alpha0 +1.9.0-alpha1 From 2b785044a2c8af5171458a179e86fa959cc0a371 Mon Sep 17 00:00:00 2001 From: Salvador Fuentes Date: Thu, 5 Sep 2019 12:49:16 -0500 Subject: [PATCH 249/307] ci: travis: allow failures on ppc64le travis ppc64le has been very unstable when running apt-get commands and are not allowing us to run the job successfully. Signed-off-by: Salvador Fuentes --- .travis.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.travis.yml b/.travis.yml index bf5a2d8b3..c306ff60b 100644 --- a/.travis.yml +++ b/.travis.yml @@ -11,6 +11,10 @@ os: - linux - linux-ppc64le +matrix: + allow_failures: + - os: linux-ppc64le + language: bash services: From 2950b3702893693e6ff5f231eaca1bf3c377c355 Mon Sep 17 00:00:00 2001 From: Cole Robinson Date: Sun, 8 Sep 2019 16:09:48 -0400 Subject: [PATCH 250/307] dracut: increase base.conf priority from 00 to 05 The Makefile invokes dracut with a custom confdir. However dracut will still pull site configuration from /usr/lib/dracut/dracut.conf.d/, which on Fedora contains a 01-dist.conf that sets among other things early_microcode="yes". Because 01-dist.conf is processed after 00-base.conf, kata's early_microcode="no" is overridden, which isn't intended. Rename 00-base.conf to 05-base.conf to sidestep this Fixes: #354 Signed-off-by: Cole Robinson --- dracut/dracut.conf.d/{00-base.conf => 05-base.conf} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename dracut/dracut.conf.d/{00-base.conf => 05-base.conf} (100%) diff --git a/dracut/dracut.conf.d/00-base.conf b/dracut/dracut.conf.d/05-base.conf similarity index 100% rename from dracut/dracut.conf.d/00-base.conf rename to dracut/dracut.conf.d/05-base.conf From 6daec98aafaa63a9442dda8332bc939871edb950 Mon Sep 17 00:00:00 2001 From: Cole Robinson Date: Mon, 9 Sep 2019 12:47:54 -0400 Subject: [PATCH 251/307] make: Move comment about dracut --no-kernel The current placement is confusing IMO, let's move it close to the code it's describing Signed-off-by: Cole Robinson --- Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index aa515dee1..34fb0fd17 100644 --- a/Makefile +++ b/Makefile @@ -43,10 +43,10 @@ ifeq (dracut,$(BUILD_METHOD)) DRACUT_OPTIONS := --no-compress --conf /dev/null --confdir $(DRACUT_CONF_DIR) ifneq (,$(DRACUT_KVERSION)) - # If a kernel version is not specified, do not make systemd load modules - # at startup DRACUT_KMODULES := $(shell grep "^drivers=" $(DRACUT_CONF_DIR)/10-drivers.conf | sed -E "s,^drivers=\"(.*)\"$$,\1,") else + # If a kernel version is not specified, do not make systemd load modules + # at startup DRACUT_OPTIONS += --no-kernel endif From dec801374803d6d2b486c19c70ce14b796959fa5 Mon Sep 17 00:00:00 2001 From: Cole Robinson Date: Mon, 9 Sep 2019 12:49:56 -0400 Subject: [PATCH 252/307] make: use bash to fetch dracut conf 'drivers' list dracut will process conf files with bash, and in fact it's common to use idioms like += in conf files for string concatenation. The current grep usage in the Makefile won't catch all possible valid 'drivers' variable cases. Instead, use bash to parse and echo the 'drivers' content Fixes: #356 Signed-off-by: Cole Robinson --- Makefile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 34fb0fd17..d9bdda032 100644 --- a/Makefile +++ b/Makefile @@ -43,7 +43,8 @@ ifeq (dracut,$(BUILD_METHOD)) DRACUT_OPTIONS := --no-compress --conf /dev/null --confdir $(DRACUT_CONF_DIR) ifneq (,$(DRACUT_KVERSION)) - DRACUT_KMODULES := $(shell grep "^drivers=" $(DRACUT_CONF_DIR)/10-drivers.conf | sed -E "s,^drivers=\"(.*)\"$$,\1,") + # Explicitly use bash, which is what dracut uses to process conf files + DRACUT_KMODULES := $(shell bash -c 'source $(DRACUT_CONF_DIR)/10-drivers.conf; echo "$$drivers"') else # If a kernel version is not specified, do not make systemd load modules # at startup From 4287ba639bbec8f447295bb567636d939bcb4cfc Mon Sep 17 00:00:00 2001 From: Eric Ernst Date: Mon, 16 Sep 2019 11:31:43 -0700 Subject: [PATCH 253/307] release: Kata Containers 1.9.0-alpha2 - dracut: increase base.conf priority from 00 to 05 - make: use bash to fetch dracut conf 'drivers' list dec8013 make: use bash to fetch dracut conf 'drivers' list 6daec98 make: Move comment about dracut --no-kernel 2950b37 dracut: increase base.conf priority from 00 to 05 Signed-off-by: Eric Ernst --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index 04b7792ad..6b2781d03 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.9.0-alpha1 +1.9.0-alpha2 From 1eec032c63966337a66ffc3f30961d1017d94a07 Mon Sep 17 00:00:00 2001 From: Jianyong Wu Date: Wed, 28 Aug 2019 22:14:18 -0400 Subject: [PATCH 254/307] rootfs: update fedora to 29 for arm64. there is issue in fedora:28 when start systemd service. update fedora to 29 will bypass this issue. Fixes: #349 Signed-off-by: Jianyong Wu --- rootfs-builder/fedora/config_aarch64.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rootfs-builder/fedora/config_aarch64.sh b/rootfs-builder/fedora/config_aarch64.sh index 691aba317..42126f34c 100644 --- a/rootfs-builder/fedora/config_aarch64.sh +++ b/rootfs-builder/fedora/config_aarch64.sh @@ -5,6 +5,6 @@ # image busybox will fail on fedora 30 rootfs image # see https://github.com/kata-containers/osbuilder/issues/334 for detailed info -OS_VERSION="28" +OS_VERSION="29" MIRROR_LIST="https://mirrors.fedoraproject.org/metalink?repo=fedora-${OS_VERSION}&arch=\$basearch" From 05428a64240714040537074371ec08364255ea51 Mon Sep 17 00:00:00 2001 From: Nitesh Konkar Date: Tue, 24 Sep 2019 23:31:45 +0530 Subject: [PATCH 255/307] rootfs: Install yq if not found instead of error When building rootfs, yq is needed to parse the version from versions.yaml file. If yq is not found, it fails. In this PR, we install yq if not found. Fixes: #363 Signed-off-by: Nitesh Konkar --- scripts/install-yq.sh | 72 +++++++++++++++++++++++++++++++++++++++++++ scripts/lib.sh | 5 ++- 2 files changed, 76 insertions(+), 1 deletion(-) create mode 100644 scripts/install-yq.sh diff --git a/scripts/install-yq.sh b/scripts/install-yq.sh new file mode 100644 index 000000000..f2bd8e604 --- /dev/null +++ b/scripts/install-yq.sh @@ -0,0 +1,72 @@ +#!/usr/bin/env bash +# +# Copyright (c) 2019 IBM +# +# SPDX-License-Identifier: Apache-2.0 +# + +# If we fail for any reason a message will be displayed +die() { + msg="$*" + echo "ERROR: $msg" >&2 + exit 1 +} + +# Install the yq yaml query package from the mikefarah github repo +# Install via binary download, as we may not have golang installed at this point +function install_yq() { + GOPATH=${GOPATH:-${HOME}/go} + local yq_path="${GOPATH}/bin/yq" + local yq_pkg="github.com/mikefarah/yq" + [ -x "${GOPATH}/bin/yq" ] && return + + read -r -a sysInfo <<< "$(uname -sm)" + + case "${sysInfo[0]}" in + "Linux" | "Darwin") + goos="${sysInfo[0],}" + ;; + "*") + die "OS ${sysInfo[0]} not supported" + ;; + esac + + case "${sysInfo[1]}" in + "aarch64") + goarch=arm64 + ;; + "ppc64le") + goarch=ppc64le + ;; + "x86_64") + goarch=amd64 + ;; + "s390x") + goarch=s390x + ;; + "*") + die "Arch ${sysInfo[1]} not supported" + ;; + esac + + mkdir -p "${GOPATH}/bin" + + # Check curl + if ! command -v "curl" >/dev/null; then + die "Please install curl" + fi + + local yq_version=2.3.0 + + local yq_url="https://${yq_pkg}/releases/download/${yq_version}/yq_${goos}_${goarch}" + curl -o "${yq_path}" -LSsf ${yq_url} + [ $? -ne 0 ] && die "Download ${yq_url} failed" + chmod +x ${yq_path} + + if ! command -v "${yq_path}" >/dev/null; then + die "Cannot not get ${yq_path} executable" + fi +} + +install_yq + diff --git a/scripts/lib.sh b/scripts/lib.sh index 0691563d9..14be92cb3 100644 --- a/scripts/lib.sh +++ b/scripts/lib.sh @@ -12,6 +12,7 @@ GO_RUNTIME_PKG=${GO_RUNTIME_PKG:-github.com/kata-containers/runtime} # Give preference to variable set by CI KATA_BRANCH=${branch:-} KATA_BRANCH=${KATA_BRANCH:-master} +yq_file="${script_dir}/../scripts/install-yq.sh" error() { @@ -273,7 +274,9 @@ detect_go_version() { info "Detecting agent go version" typeset -r yq=$(command -v yq || command -v ${GOPATH}/bin/yq) - [ -z "$yq" ] && die "'yq' application not found (needed to parsing minimum Go version required)" + if [ -z "$yq" ]; then + source "$yq_file" + fi local runtimeRevision="" From 5982e487749e4264ca0c550eaf02d4a5b90e44f1 Mon Sep 17 00:00:00 2001 From: Nitesh Konkar Date: Mon, 23 Sep 2019 18:46:02 +0530 Subject: [PATCH 256/307] lib.sh: Fix curl error when using curl+yq When you curl versions.yaml file and pipe into yq, sometimes the piped program closes the read pipe before the previous program is finished leading to "curl: (23) Failed writing body (1337 != 1371)". As a workaround we pipe the stream through double "tac", an intermediary program that always reads the whole page before feeding it to the next program. Fixes: #363 Signed-off-by: Nitesh Konkar --- scripts/lib.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/lib.sh b/scripts/lib.sh index 14be92cb3..218eef551 100644 --- a/scripts/lib.sh +++ b/scripts/lib.sh @@ -289,7 +289,7 @@ detect_go_version() typeset -r runtimeVersionsURL="https://raw.githubusercontent.com/kata-containers/runtime/${runtimeRevision}/versions.yaml" info "Getting golang version from ${runtimeVersionsURL}" # This may fail if we are a kata bump. - if GO_VERSION="$(curl -fsSL "$runtimeVersionsURL" | $yq r - "languages.golang.version")"; then + if GO_VERSION="$(curl -fsSL "$runtimeVersionsURL" | tac | tac | $yq r - "languages.golang.version")"; then [ "$GO_VERSION" != "null" ] return 0 fi @@ -301,7 +301,7 @@ detect_go_version() info "There is not runtime repository in filesystem (${kata_runtime_pkg_dir})" local runtime_versions_url="https://raw.githubusercontent.com/kata-containers/runtime/${KATA_BRANCH}/versions.yaml" info "Get versions file from ${runtime_versions_url}" - GO_VERSION="$(curl -fsSL "${runtime_versions_url}" | $yq r - "languages.golang.version")" + GO_VERSION="$(curl -fsSL "${runtime_versions_url}" | tac | tac | $yq r - "languages.golang.version")" if [ "$?" == "0" ] && [ "$GO_VERSION" != "null" ]; then return 0 fi From 9e10b341d60c4f1a56e184ae3a48f7add3857eda Mon Sep 17 00:00:00 2001 From: Nitesh Konkar Date: Thu, 26 Sep 2019 20:16:02 +0530 Subject: [PATCH 257/307] rootfs_builder: Create /etc/resolv.conf in rootfs Create an empty /etc/resolv.conf in rootfs if it does not already exists else preserve it if not a symlink. This would allow the agent to bind mount it for DNS in kata VM. Fixes: #365 Signed-off-by: Nitesh Konkar --- image-builder/image_builder.sh | 3 --- rootfs-builder/rootfs.sh | 9 +++++++++ 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/image-builder/image_builder.sh b/image-builder/image_builder.sh index d7878c0cf..7d7178dc6 100755 --- a/image-builder/image_builder.sh +++ b/image-builder/image_builder.sh @@ -391,9 +391,6 @@ create_rootfs_image() { info "Creating empty machine-id to allow systemd to bind-mount it" touch "${mount_dir}/etc/machine-id" - info "Creating empty resolv.conf to allow kata-agent to bind-mount it" - touch "${mount_dir}/etc/resolv.conf" - info "Unmounting root partition" umount "${mount_dir}" OK "Root partition unmounted" diff --git a/rootfs-builder/rootfs.sh b/rootfs-builder/rootfs.sh index 0b68764f0..ab6a95701 100755 --- a/rootfs-builder/rootfs.sh +++ b/rootfs-builder/rootfs.sh @@ -510,6 +510,15 @@ EOT [ -x "${init}" ] || [ -L "${init}" ] || die "/sbin/init is not installed in ${ROOTFS_DIR}" OK "init is installed" + # Create an empty /etc/resolv.conf, to allow agent to bind mount container resolv.conf to Kata VM + dns_file="${ROOTFS_DIR}/etc/resolv.conf" + if [ -L "$dns_file" ]; then + # if /etc/resolv.conf is a link, it cannot be used for bind mount + rm -f "$dns_file" + fi + info "Create /etc/resolv.conf file in rootfs if not exist" + touch "$dns_file" + info "Creating summary file" create_summary_file "${ROOTFS_DIR}" } From d2d029ce4738c58bc6186d9859fee10c6d6e956a Mon Sep 17 00:00:00 2001 From: nitkon Date: Sat, 28 Sep 2019 23:12:20 +0530 Subject: [PATCH 258/307] README: Update how to use DEBUG variable Update osbuilder README to use DEBUG environment variable for executing scripts in debug mode. Fixes: #368 Signed-off-by: Nitesh Konkar --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index b39bfb4fa..390e55820 100644 --- a/README.md +++ b/README.md @@ -68,6 +68,7 @@ This section describes the terms used for all documentation in this repository. ## Building The top-level `Makefile` contains an example of how to use the available components. +Set `DEBUG=true` to execute build scripts in debug mode. Two build methods are available, `distro` and `dracut`. By default, the `distro` build method is used, and this creates a rootfs using From d1751a35e1bd1613e66df87221faed195225718e Mon Sep 17 00:00:00 2001 From: Nitesh Konkar Date: Wed, 2 Oct 2019 21:58:02 +0530 Subject: [PATCH 259/307] osbuilder: Add USE_PODMAN as an alternate for USE_DOCKER In case a user wants to use podman instead of docker to build initrd/rootfs images, facilitate it by setting the variable `USE_PODMAN=true`. Fixes: #370 Signed-off-by: Nitesh Konkar --- image-builder/Dockerfile | 2 +- image-builder/image_builder.sh | 28 ++++++++++++++++--------- rootfs-builder/alpine/Dockerfile.in | 2 +- rootfs-builder/centos/Dockerfile.in | 2 +- rootfs-builder/clearlinux/Dockerfile.in | 2 +- rootfs-builder/debian/Dockerfile.in | 2 +- rootfs-builder/euleros/Dockerfile.in | 2 +- rootfs-builder/fedora/Dockerfile.in | 2 +- rootfs-builder/rootfs.sh | 18 ++++++++++++---- rootfs-builder/suse/Dockerfile.in | 2 +- rootfs-builder/ubuntu/Dockerfile.in | 2 +- 11 files changed, 41 insertions(+), 23 deletions(-) diff --git a/image-builder/Dockerfile b/image-builder/Dockerfile index 457070f65..c32792258 100644 --- a/image-builder/Dockerfile +++ b/image-builder/Dockerfile @@ -3,7 +3,7 @@ # # SPDX-License-Identifier: Apache-2.0 -From fedora:latest +From docker.io/fedora:latest RUN [ -n "$http_proxy" ] && sed -i '$ a proxy='$http_proxy /etc/dnf/dnf.conf ; true diff --git a/image-builder/image_builder.sh b/image-builder/image_builder.sh index 7d7178dc6..73f20f88a 100755 --- a/image-builder/image_builder.sh +++ b/image-builder/image_builder.sh @@ -88,6 +88,8 @@ Extra environment variables: AGENT_INIT: Use kata agent as init process FS_TYPE: Filesystem type to use. Only xfs and ext4 are supported. USE_DOCKER: If set will build image in a Docker Container (requries docker) + DEFAULT: not set + USE_PODMAN: If set and USE_DOCKER not set, will build image in a Podman Container (requries podman) DEFAULT: not set @@ -117,8 +119,8 @@ EOT } -# build the image using docker -build_with_docker() { +# build the image using container engine +build_with_container() { local rootfs="$1" local image="$2" local fs_type="$3" @@ -126,16 +128,16 @@ build_with_docker() { local root_free_space="$5" local agent_bin="$6" local agent_init="$7" - local docker_image_name="image-builder-osbuilder" + local container_image_name="image-builder-osbuilder" local shared_files="" image_dir=$(readlink -f "$(dirname "${image}")") image_name=$(basename "${image}") - docker build \ + "${container_engine}" build \ --build-arg http_proxy="${http_proxy}" \ --build-arg https_proxy="${https_proxy}" \ - -t "${docker_image_name}" "${script_dir}" + -t "${container_image_name}" "${script_dir}" readonly mke2fs_conf="/etc/mke2fs.conf" if [ -f "${mke2fs_conf}" ]; then @@ -145,7 +147,7 @@ build_with_docker() { #Make sure we use a compatible runtime to build rootfs # In case Clear Containers Runtime is installed we dont want to hit issue: #https://github.com/clearcontainers/runtime/issues/828 - docker run \ + "${container_engine}" run \ --rm \ --runtime runc \ --privileged \ @@ -161,7 +163,7 @@ build_with_docker() { -v "${rootfs}":"/rootfs" \ -v "${image_dir}":"/image" \ ${shared_files} \ - ${docker_image_name} \ + ${container_image_name} \ bash "/osbuilder/${script_name}" -o "/image/${image_name}" /rootfs } @@ -466,9 +468,15 @@ main() { exit 0 fi - if [ -n "${USE_DOCKER}" ] ; then - build_with_docker "${rootfs}" "${image}" "${fs_type}" "${block_size}" \ - "${root_free_space}" "${agent_bin}" "${agent_init}" + if [ -n "${USE_DOCKER}" ]; then + container_engine="docker" + elif [ -n "${USE_PODMAN}" ]; then + container_engine="podman" + fi + + if [ -n "$container_engine" ]; then + build_with_container "${rootfs}" "${image}" "${fs_type}" "${block_size}" \ + "${root_free_space}" "${agent_bin}" "${agent_init}" "${container_engine}" exit $? fi diff --git a/rootfs-builder/alpine/Dockerfile.in b/rootfs-builder/alpine/Dockerfile.in index 94752399b..24fb8610c 100644 --- a/rootfs-builder/alpine/Dockerfile.in +++ b/rootfs-builder/alpine/Dockerfile.in @@ -3,7 +3,7 @@ # # SPDX-License-Identifier: Apache-2.0 -From golang:@GO_VERSION@-alpine +From docker.io/golang:@GO_VERSION@-alpine RUN apk update && apk add \ git \ diff --git a/rootfs-builder/centos/Dockerfile.in b/rootfs-builder/centos/Dockerfile.in index 26026374f..3b027afb0 100644 --- a/rootfs-builder/centos/Dockerfile.in +++ b/rootfs-builder/centos/Dockerfile.in @@ -3,7 +3,7 @@ # # SPDX-License-Identifier: Apache-2.0 -From centos:@OS_VERSION@ +From docker.io/centos:@OS_VERSION@ @SET_PROXY@ diff --git a/rootfs-builder/clearlinux/Dockerfile.in b/rootfs-builder/clearlinux/Dockerfile.in index 5acfe2714..5ed047bba 100644 --- a/rootfs-builder/clearlinux/Dockerfile.in +++ b/rootfs-builder/clearlinux/Dockerfile.in @@ -3,7 +3,7 @@ # # SPDX-License-Identifier: Apache-2.0 -From fedora:30 +From docker.io/fedora:30 @SET_PROXY@ diff --git a/rootfs-builder/debian/Dockerfile.in b/rootfs-builder/debian/Dockerfile.in index 493df6430..b524d5005 100644 --- a/rootfs-builder/debian/Dockerfile.in +++ b/rootfs-builder/debian/Dockerfile.in @@ -4,7 +4,7 @@ # SPDX-License-Identifier: Apache-2.0 # NOTE: OS_VERSION is set according to config.sh -from debian:@OS_VERSION@ +from docker.io/debian:@OS_VERSION@ # RUN commands RUN apt-get update && apt-get install -y curl wget systemd debootstrap git build-essential chrony diff --git a/rootfs-builder/euleros/Dockerfile.in b/rootfs-builder/euleros/Dockerfile.in index 285d66293..3868b2b26 100644 --- a/rootfs-builder/euleros/Dockerfile.in +++ b/rootfs-builder/euleros/Dockerfile.in @@ -3,7 +3,7 @@ # # SPDX-License-Identifier: Apache-2.0 -FROM euleros:@OS_VERSION@ +FROM docker.io/euleros:@OS_VERSION@ @SET_PROXY@ diff --git a/rootfs-builder/fedora/Dockerfile.in b/rootfs-builder/fedora/Dockerfile.in index 20eca11b4..3aa3d6e44 100644 --- a/rootfs-builder/fedora/Dockerfile.in +++ b/rootfs-builder/fedora/Dockerfile.in @@ -3,7 +3,7 @@ # # SPDX-License-Identifier: Apache-2.0 -From fedora:@OS_VERSION@ +From docker.io/fedora:@OS_VERSION@ @SET_PROXY@ diff --git a/rootfs-builder/rootfs.sh b/rootfs-builder/rootfs.sh index ab6a95701..f2d283e6d 100755 --- a/rootfs-builder/rootfs.sh +++ b/rootfs-builder/rootfs.sh @@ -126,6 +126,10 @@ USE_DOCKER If set, build the rootfs inside a container (requires Docker). Default value: +USE_PODMAN If set and USE_DOCKER not set, then build the rootfs inside + a podman container (requires podman). + Default value: + DOCKER_RUNTIME Docker runtime to use when USE_DOCKER is set. Default value: runc @@ -177,7 +181,7 @@ docker_extra_args() args+=" --cap-add SYS_ADMIN" # When AppArmor is enabled, mounting inside a container is blocked with docker-default profile. # See https://github.com/moby/moby/issues/16429 - args+=" --security-opt apparmor:unconfined" + args+=" --security-opt apparmor=unconfined" ;; *) ;; @@ -308,17 +312,23 @@ build_rootfs_distro() echo "Required Go version: $GO_VERSION" - if [ -z "${USE_DOCKER}" ] ; then + if [ -z "${USE_DOCKER}" ] && [ -z "${USE_PODMAN}" ]; then #Generate an error if the local Go version is too old foundVersion=$(go version | sed -E "s/^.+([0-9]+\.[0-9]+\.[0-9]+).*$/\1/g") compare_versions "$GO_VERSION" $foundVersion || \ die "Your Go version $foundVersion is older than the minimum expected Go version $GO_VERSION" else + if [ -n "${USE_DOCKER}" ]; then + container_engine="docker" + elif [ -n "${USE_PODMAN}" ]; then + container_engine="podman" + fi + image_name="${distro}-rootfs-osbuilder" generate_dockerfile "${distro_config_dir}" - docker build \ + "$container_engine" build \ --build-arg http_proxy="${http_proxy}" \ --build-arg https_proxy="${https_proxy}" \ -t "${image_name}" "${distro_config_dir}" @@ -353,7 +363,7 @@ build_rootfs_distro() #Make sure we use a compatible runtime to build rootfs # In case Clear Containers Runtime is installed we dont want to hit issue: #https://github.com/clearcontainers/runtime/issues/828 - docker run \ + "$container_engine" run \ --env https_proxy="${https_proxy}" \ --env http_proxy="${http_proxy}" \ --env AGENT_VERSION="${AGENT_VERSION}" \ diff --git a/rootfs-builder/suse/Dockerfile.in b/rootfs-builder/suse/Dockerfile.in index 7aaed2a8b..72d4c7b44 100644 --- a/rootfs-builder/suse/Dockerfile.in +++ b/rootfs-builder/suse/Dockerfile.in @@ -5,7 +5,7 @@ #suse: docker image to be used to create a rootfs #@OS_VERSION@: Docker image version to build this dockerfile -from opensuse/leap +from docker.io/opensuse/leap # This dockerfile needs to provide all the componets need to build a rootfs # Install any package need to create a rootfs (package manager, extra tools) diff --git a/rootfs-builder/ubuntu/Dockerfile.in b/rootfs-builder/ubuntu/Dockerfile.in index d4b10490b..2b3f3f436 100644 --- a/rootfs-builder/ubuntu/Dockerfile.in +++ b/rootfs-builder/ubuntu/Dockerfile.in @@ -5,7 +5,7 @@ #ubuntu: docker image to be used to create a rootfs #@OS_VERSION@: Docker image version to build this dockerfile -from ubuntu:@OS_VERSION@ +from docker.io/ubuntu:@OS_VERSION@ # This dockerfile needs to provide all the componets need to build a rootfs # Install any package need to create a rootfs (package manager, extra tools) From 15996014db529791cd116c169fc2da591936f8c7 Mon Sep 17 00:00:00 2001 From: Nitesh Konkar Date: Tue, 1 Oct 2019 19:21:57 +0530 Subject: [PATCH 260/307] osbuilder: Update README about `USE_PODMAN` variable `USE_PODMAN` variable needs to be set for the osbuilder scripts to use podman as a containerization engine to build initrd/rootfs images. If both are set, `USE_DOCKER` would take precedence over `USE_PODMAN` Fixes: #370 Signed-off-by: Nitesh Konkar --- README.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index b39bfb4fa..ad56daf5e 100644 --- a/README.md +++ b/README.md @@ -75,8 +75,9 @@ distro specific commands (e.g.: `debootstrap` for Debian or `yum` for CentOS). The `dracut` build method uses the distro-agnostic tool `dracut` to obtain the same goal. By default components are run on the host system. However, some components -offer the ability to run from within Docker (for ease of setup) by setting the -`USE_DOCKER=true` variable. +offer the ability to run from within a container (for ease of setup) by setting the +`USE_DOCKER=true` or `USE_PODMAN=true` variable. If both are set, `USE_DOCKER=true` +takes precedence over `USE_PODMAN=true`. For more detailed information, consult the documentation for a particular component. From 6fa3063e68763d2a20dc646e3756ce77f75768ea Mon Sep 17 00:00:00 2001 From: katacontainersbot Date: Tue, 8 Oct 2019 21:38:20 +0000 Subject: [PATCH 261/307] release: Kata Containers 1.9.0-rc0 - osbuilder: Add USE_PODMAN as an alternate for USE_DOCKER - README: Update how to use DEBUG variable - Fix yq - initrd_builder: Create empty resolv.conf in rootfs - rootfs: update fedora to 29 for arm64. 1599601 osbuilder: Update README about `USE_PODMAN` variable d1751a3 osbuilder: Add USE_PODMAN as an alternate for USE_DOCKER d2d029c README: Update how to use DEBUG variable 9e10b34 rootfs_builder: Create /etc/resolv.conf in rootfs 5982e48 lib.sh: Fix curl error when using curl+yq 05428a6 rootfs: Install yq if not found instead of error 1eec032 rootfs: update fedora to 29 for arm64. Signed-off-by: katacontainersbot --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index 6b2781d03..87d7d2099 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.9.0-alpha2 +1.9.0-rc0 From f2e4edc068001fe049969494b667efaa2fa2db53 Mon Sep 17 00:00:00 2001 From: Eric Ernst Date: Thu, 31 Oct 2019 12:58:23 -0700 Subject: [PATCH 262/307] release: Kata Containers 1.10.0-alpha0 Version bump no changes Signed-off-by: Eric Ernst --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index 87d7d2099..50326e29e 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.9.0-rc0 +1.10.0-alpha0 From 50c9378659d29045540ce2b71d678b6f8cc27220 Mon Sep 17 00:00:00 2001 From: Julio Montes Date: Fri, 8 Nov 2019 14:27:50 +0000 Subject: [PATCH 263/307] rootfs-builder/alpine: use latest stable use latest stable to fix CVEs fixes #379 Signed-off-by: Julio Montes --- rootfs-builder/alpine/config.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rootfs-builder/alpine/config.sh b/rootfs-builder/alpine/config.sh index 2b8d69a17..65baeee0a 100644 --- a/rootfs-builder/alpine/config.sh +++ b/rootfs-builder/alpine/config.sh @@ -5,7 +5,7 @@ OS_NAME="Alpine" -OS_VERSION=${OS_VERSION:-v3.7} +OS_VERSION=${OS_VERSION:-latest-stable} BASE_PACKAGES="alpine-base" From 75392a744fa368c0fedd57382fcbc63e3ac1dcfd Mon Sep 17 00:00:00 2001 From: Archana Shinde Date: Wed, 20 Nov 2019 00:12:51 +0000 Subject: [PATCH 264/307] release: Kata Containers 1.10.0-alpha1 - rootfs-builder/alpine: use latest stable 50c9378 rootfs-builder/alpine: use latest stable Signed-off-by: Archana Shinde --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index 50326e29e..61f71d0ff 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.10.0-alpha0 +1.10.0-alpha1 From 38d0be38240dd2a5a8ba721e21d29cc19ec20f0e Mon Sep 17 00:00:00 2001 From: Shile Zhang Date: Wed, 4 Dec 2019 09:27:07 +0800 Subject: [PATCH 265/307] make: use `cd` instead of '--directory' option of `cpio` Due to the option '--directory' just added from 'cpio' v2.12, so the osbuilder will failed with old version 'cpio' before v2.12, such as in Centos 7 with v2.11. Fix it by replacing this option with '(cd ...; cat ...)'. Fixes: #384 Signed-off-by: Shile Zhang --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index d9bdda032..15e57b9b7 100644 --- a/Makefile +++ b/Makefile @@ -93,7 +93,7 @@ $(ROOTFS_BUILD_DEST)/.%$(ROOTFS_MARKER_SUFFIX):: rootfs-builder/% .PRECIOUS: $(ROOTFS_BUILD_DEST)/.dracut$(ROOTFS_MARKER_SUFFIX) $(ROOTFS_BUILD_DEST)/.dracut$(ROOTFS_MARKER_SUFFIX): $(TARGET_INITRD) mkdir -p $(TARGET_ROOTFS) - cat $< | cpio --extract --preserve-modification-time --make-directories --directory=$(TARGET_ROOTFS) + (cd $(TARGET_ROOTFS); cat $< | cpio --extract --preserve-modification-time --make-directories) @touch $@ image-%: $(IMAGES_BUILD_DEST)/kata-containers-image-%.img From 640fee2e2a3bcf30e7fb35f8242b702205567486 Mon Sep 17 00:00:00 2001 From: katacontainersbot Date: Mon, 9 Dec 2019 17:18:03 +0000 Subject: [PATCH 266/307] release: Kata Containers 1.10.0-rc0 - make: use `cd` instead of '--directory' option of `cpio` 38d0be3 make: use `cd` instead of '--directory' option of `cpio` Signed-off-by: katacontainersbot --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index 61f71d0ff..00117886d 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.10.0-alpha1 +1.10.0-rc0 From 98ac62dec97ed2b27b1d6368a8ca7a16a8835525 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Fri, 17 Jan 2020 11:36:38 +0100 Subject: [PATCH 267/307] image_builder: Remove nsdax binary after its usage MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Leaving nsdax behind may create some isses for the distro packages of kata-osbuilder, as every package would have to take care of purging the file on each distro. Knowing that, we better remove the file as part of the script, mainly because the file is already regenerated everytime in any case. Fixes: #394 Signed-off-by: Fabiano FidĂȘncio --- image-builder/image_builder.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/image-builder/image_builder.sh b/image-builder/image_builder.sh index 73f20f88a..eaa8367ad 100755 --- a/image-builder/image_builder.sh +++ b/image-builder/image_builder.sh @@ -425,6 +425,7 @@ set_dax_header() { # Issue: https://github.com/kata-containers/osbuilder/issues/240 gcc -O2 "${script_dir}/nsdax.gpl.c" -o "${script_dir}/nsdax" "${script_dir}/nsdax" "${header_image}" "${dax_header_bytes}" "${dax_alignment_bytes}" + rm -f "${script_dir}/nsdax" sync touch "${dax_image}" From c407421a268785b5d0ade7cdd31895a5c4e61708 Mon Sep 17 00:00:00 2001 From: Julio Montes Date: Mon, 20 Jan 2020 20:38:53 +0000 Subject: [PATCH 268/307] image-builder: make docker runtime configurable Add DOCKER_RUNTIME variable to change container runtime depending on the CI/environment. fixes #397 Signed-off-by: Julio Montes --- image-builder/image_builder.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/image-builder/image_builder.sh b/image-builder/image_builder.sh index eaa8367ad..06cc71172 100755 --- a/image-builder/image_builder.sh +++ b/image-builder/image_builder.sh @@ -8,6 +8,8 @@ set -e [ -n "${DEBUG}" ] && set -x +DOCKER_RUNTIME=${DOCKER_RUNTIME:-runc} + readonly script_name="${0##*/}" readonly script_dir=$(dirname "$(readlink -f "$0")") readonly lib_file="${script_dir}/../scripts/lib.sh" @@ -149,7 +151,7 @@ build_with_container() { #https://github.com/clearcontainers/runtime/issues/828 "${container_engine}" run \ --rm \ - --runtime runc \ + --runtime "${DOCKER_RUNTIME}" \ --privileged \ --env AGENT_BIN="${agent_bin}" \ --env AGENT_INIT="${agent_init}" \ From 1a7b735c3c624aaa698b25b2696c7db19010a54d Mon Sep 17 00:00:00 2001 From: Yang Bo Date: Fri, 20 Sep 2019 11:11:22 +0800 Subject: [PATCH 269/307] rootfs-builder: build rust agent using osbuilder Build rust agent and go agent using the same rootfs bulder image. When building rust agent, just add RUST_AGENT=yes before command line. The documentation will be updated later Depends-on: github.com/kata-containers/tests#2287 Fixes: #360 Signed-off-by: Yang Bo --- .ci/run.sh | 3 + .travis.yml | 2 +- dracut/Dockerfile.in | 26 ++- rootfs-builder/alpine/Dockerfile.in | 37 +++- rootfs-builder/centos/Dockerfile.in | 36 +++- rootfs-builder/clearlinux/Dockerfile.in | 39 +++- rootfs-builder/debian/Dockerfile.in | 30 ++- rootfs-builder/euleros/Dockerfile.in | 40 +++- rootfs-builder/fedora/Dockerfile.in | 40 +++- rootfs-builder/rootfs.sh | 114 ++++++++++- rootfs-builder/suse/Dockerfile.in | 2 + rootfs-builder/suse/install-packages.sh | 23 ++- rootfs-builder/ubuntu/Dockerfile.in | 29 ++- scripts/lib.sh | 247 ++++++++++++++++++++++-- tests/test_config.sh | 57 +++++- tests/test_images.sh | 29 ++- 16 files changed, 680 insertions(+), 74 deletions(-) diff --git a/.ci/run.sh b/.ci/run.sh index fb0b70e07..7439a9d75 100755 --- a/.ci/run.sh +++ b/.ci/run.sh @@ -13,3 +13,6 @@ export GOPATH="${GOPATH:-/tmp/go}" script_dir="$(dirname $(readlink -f $0))" sudo -E PATH="$PATH" bash "${script_dir}/../tests/test_images.sh" + +# run again to build rust agent +sudo -E RUST_AGENT="yes" PATH="$PATH" bash "${script_dir}/../tests/test_images.sh" diff --git a/.travis.yml b/.travis.yml index c306ff60b..d3cff5931 100644 --- a/.travis.yml +++ b/.travis.yml @@ -24,4 +24,4 @@ before_script: - ".ci/setup.sh" script: -- "travis_wait 50 .ci/run.sh" + - "travis_wait 50 .ci/run.sh" diff --git a/dracut/Dockerfile.in b/dracut/Dockerfile.in index 227142ed7..9d3a7c75e 100644 --- a/dracut/Dockerfile.in +++ b/dracut/Dockerfile.in @@ -6,9 +6,33 @@ from opensuse/tumbleweed RUN zypper --non-interactive refresh; \ - zypper --non-interactive install --no-recommends --force-resolution cpio curl dracut gcc git-core make tar; \ + zypper --non-interactive install --no-recommends --force-resolution \ + autoconf \ + automake \ + binutils \ + cmake \ + coreutils \ + cpio \ + curl \ + dracut \ + gcc \ + gcc-c++ \ + git-core \ + glibc-devel \ + glibc-devel-static \ + glibc-utils \ + libstdc++-devel \ + linux-glibc-devel \ + m4 \ + make \ + sed \ + tar \ + vim \ + which; \ zypper --non-interactive clean --all; # This will install the proper golang to build Kata components +@INSTALL_MUSL@ @INSTALL_GO@ +@INSTALL_RUST@ diff --git a/rootfs-builder/alpine/Dockerfile.in b/rootfs-builder/alpine/Dockerfile.in index 24fb8610c..dba67a9fe 100644 --- a/rootfs-builder/alpine/Dockerfile.in +++ b/rootfs-builder/alpine/Dockerfile.in @@ -6,13 +6,36 @@ From docker.io/golang:@GO_VERSION@-alpine RUN apk update && apk add \ - git \ - make \ - bash \ - gcc \ - musl-dev \ - linux-headers \ apk-tools-static \ + autoconf \ + automake \ + bash \ + binutils \ + cmake \ + coreutils \ + curl \ + g++ \ + gcc \ + git \ + libc-dev \ libseccomp \ libseccomp-dev \ - curl + linux-headers \ + m4 \ + make \ + musl \ + musl-dev \ + tar \ + vim +# alpine doesn't support x86_64-unknown-linux-gnu +# It only support x86_64-unknown-linux-musl. Even worse, +# it doesn't support proc-macro, which is needed for serde_derive +# +# See issue: https://github.com/kata-containers/osbuilder/issues/386 +# -- FIXME +# +# Thus, we cannot build rust agent on alpine +# The way to use alpine is to generate rootfs or build +# go agent to get rootfs and then cp rust agent to rootfs. +# pity.. +# RUN ln -svf /usr/bin/gcc /bin/musl-gcc; ln -svf /usr/bin/g++ /bin/musl-g++ diff --git a/rootfs-builder/centos/Dockerfile.in b/rootfs-builder/centos/Dockerfile.in index 3b027afb0..c7714ad18 100644 --- a/rootfs-builder/centos/Dockerfile.in +++ b/rootfs-builder/centos/Dockerfile.in @@ -8,14 +8,34 @@ From docker.io/centos:@OS_VERSION@ @SET_PROXY@ RUN yum -y update && yum install -y \ -git \ -make \ -gcc \ -coreutils \ -libseccomp \ -libseccomp-devel \ -chrony \ -curl + autoconf \ + automake \ + binutils \ + chrony \ + coreutils \ + curl \ + gcc \ + gcc-c++ \ + git \ + glibc-common \ + glibc-devel \ + glibc-headers \ + glibc-static \ + glibc-utils \ + libseccomp \ + libseccomp-devel \ + libstdc++-devel \ + libstdc++-static \ + m4 \ + make \ + sed \ + tar \ + vim \ + which +# install cmake because centos7's cmake is too old +@INSTALL_CMAKE@ +@INSTALL_MUSL@ # This will install the proper golang to build Kata components @INSTALL_GO@ +@INSTALL_RUST@ diff --git a/rootfs-builder/clearlinux/Dockerfile.in b/rootfs-builder/clearlinux/Dockerfile.in index 5ed047bba..949812541 100644 --- a/rootfs-builder/clearlinux/Dockerfile.in +++ b/rootfs-builder/clearlinux/Dockerfile.in @@ -8,15 +8,36 @@ From docker.io/fedora:30 @SET_PROXY@ RUN dnf -y update && dnf install -y \ -chrony \ -curl \ -gcc \ -git \ -libseccomp \ -libseccomp-devel \ -make \ -pkgconfig \ -systemd + autoconf \ + automake \ + binutils \ + chrony \ + cmake \ + coreutils \ + curl \ + curl \ + gcc \ + gcc-c++ \ + git \ + glibc-common \ + glibc-devel \ + glibc-headers \ + glibc-static \ + glibc-utils \ + libseccomp \ + libseccomp-devel \ + libstdc++-devel \ + libstdc++-static \ + m4 \ + make \ + pkgconfig \ + sed \ + systemd \ + tar \ + vim \ + which # This will install the proper golang to build Kata components +@INSTALL_MUSL@ @INSTALL_GO@ +@INSTALL_RUST@ diff --git a/rootfs-builder/debian/Dockerfile.in b/rootfs-builder/debian/Dockerfile.in index b524d5005..ed57ec1a4 100644 --- a/rootfs-builder/debian/Dockerfile.in +++ b/rootfs-builder/debian/Dockerfile.in @@ -7,7 +7,33 @@ from docker.io/debian:@OS_VERSION@ # RUN commands -RUN apt-get update && apt-get install -y curl wget systemd debootstrap git build-essential chrony +RUN apt-get update && apt-get install -y \ + autoconf \ + automake \ + binutils \ + build-essential \ + chrony \ + cmake \ + coreutils \ + curl \ + debianutils \ + debootstrap \ + g++ \ + gcc \ + git \ + libc-dev \ + libstdc++-6-dev \ + m4 \ + make \ + musl \ + musl-dev \ + musl-tools \ + sed \ + systemd \ + tar \ + vim \ + wget + # This will install the proper golang to build Kata components @INSTALL_GO@ - +@INSTALL_RUST@ diff --git a/rootfs-builder/euleros/Dockerfile.in b/rootfs-builder/euleros/Dockerfile.in index 3868b2b26..b57dece7d 100644 --- a/rootfs-builder/euleros/Dockerfile.in +++ b/rootfs-builder/euleros/Dockerfile.in @@ -8,13 +8,39 @@ FROM docker.io/euleros:@OS_VERSION@ @SET_PROXY@ RUN yum -y update && yum install -y \ -yum \ -git \ -make \ -gcc \ -coreutils \ -chrony \ -curl + autoconf \ + automake \ + binutils \ + chrony \ + coreutils \ + curl \ + gcc \ + gcc-c++ \ + git \ + glibc-common \ + glibc-devel \ + glibc-headers \ + glibc-static \ + glibc-utils \ + libstdc++-devel \ + libstdc++-static \ + m4 \ + make \ + sed \ + tar \ + vim \ + which \ + yum # This will install the proper golang to build Kata components @INSTALL_GO@ + +# several problems prevent us from building rust agent on euleros +# 1. There is no libstdc++.a. copy one from somewhere get through +# compilation +# 2. The kernel (3.10.x) is too old, kernel-headers pacakge +# has no vm_socket.h because kernel has no vsock support or +# vsock header files + +# We will disable rust agent build in rootfs.sh for euleros +# and alpine(musl cannot support proc-macro) diff --git a/rootfs-builder/fedora/Dockerfile.in b/rootfs-builder/fedora/Dockerfile.in index 3aa3d6e44..b67203341 100644 --- a/rootfs-builder/fedora/Dockerfile.in +++ b/rootfs-builder/fedora/Dockerfile.in @@ -8,16 +8,36 @@ From docker.io/fedora:@OS_VERSION@ @SET_PROXY@ RUN dnf -y update && dnf install -y \ -chrony \ -curl \ -gcc \ -git \ -libseccomp \ -libseccomp-devel \ -make \ -pkgconfig \ -redhat-release \ -systemd + autoconf \ + automake \ + binutils \ + chrony \ + cmake \ + coreutils \ + curl \ + gcc \ + gcc-c++ \ + git \ + glibc-common \ + glibc-devel \ + glibc-headers \ + glibc-static \ + glibc-utils \ + libseccomp \ + libseccomp-devel \ + libstdc++-devel \ + libstdc++-static \ + m4 \ + make \ + pkgconfig \ + redhat-release \ + sed \ + systemd \ + tar \ + vim \ + which # This will install the proper golang to build Kata components +@INSTALL_MUSL@ @INSTALL_GO@ +@INSTALL_RUST@ diff --git a/rootfs-builder/rootfs.sh b/rootfs-builder/rootfs.sh index f2d283e6d..5a5655ec1 100755 --- a/rootfs-builder/rootfs.sh +++ b/rootfs-builder/rootfs.sh @@ -14,6 +14,12 @@ script_name="${0##*/}" script_dir="$(dirname $(readlink -f $0))" AGENT_VERSION=${AGENT_VERSION:-} GO_AGENT_PKG=${GO_AGENT_PKG:-github.com/kata-containers/agent} +RUST_AGENT_PKG=${RUST_AGENT_PKG:-github.com/kata-containers/kata-containers} +RUST_AGENT=${RUST_AGENT:-no} +RUST_VERSION="null" +RUST_SRC_PATH=${RUST_SRC_PATH:-${HOME}/rust} +CMAKE_VERSION=${CMAKE_VERSION:-"null"} +MUSL_VERSION=${MUSL_VERSION:-"null"} AGENT_BIN=${AGENT_BIN:-kata-agent} AGENT_INIT=${AGENT_INIT:-no} KERNEL_MODULES_DIR=${KERNEL_MODULES_DIR:-""} @@ -95,6 +101,15 @@ AGENT_INIT When set to "yes", use ${AGENT_BIN} as init process in place of systemd. Default value: no +RUST_AGENT When set to "yes", build kata-agent from kata-rust-agent instead of go agent + Default value: "no" + +RUST_AGENT_PKG URL of the Git repository hosting the agent package. + Default value: ${RUST_AGENT_PKG} + +RUST_SRC_PATH Path of the source code + Default value: ${RUST_SRC_PATH} + AGENT_VERSION Version of the agent to include in the rootfs. Default value: ${AGENT_VERSION:-} @@ -264,6 +279,11 @@ check_env_variables() [ "$AGENT_INIT" == "yes" -o "$AGENT_INIT" == "no" ] || die "AGENT_INIT($AGENT_INIT) is invalid (must be yes or no)" + if [ -z "${AGENT_SOURCE_BIN}" ]; then + [ "$RUST_AGENT" == "yes" -o "$RUST_AGENT" == "no" ] || die "RUST_AGENT($RUST_AGENT) is invalid (must be yes or no)" + mkdir -p ${RUST_SRC_PATH} || : + fi + [ -n "${KERNEL_MODULES_DIR}" ] && [ ! -d "${KERNEL_MODULES_DIR}" ] && die "KERNEL_MODULES_DIR defined but is not an existing directory" [ -n "${OSBUILDER_VERSION}" ] || die "need osbuilder version" @@ -312,12 +332,39 @@ build_rootfs_distro() echo "Required Go version: $GO_VERSION" + # need to detect rustc's version too? + detect_rust_version || + die "Could not detect the required rust version for AGENT_VERSION='${AGENT_VERSION:-master}'." + + echo "Required rust version: $RUST_VERSION" + + detect_cmake_version || + die "Could not detect the required cmake version for AGENT_VERSION='${AGENT_VERSION:-master}'." + + echo "Required cmake version: $CMAKE_VERSION" + + detect_musl_version || + die "Could not detect the required musl version for AGENT_VERSION='${AGENT_VERSION:-master}'." + + echo "Required musl version: $MUSL_VERSION" + if [ -z "${USE_DOCKER}" ] && [ -z "${USE_PODMAN}" ]; then #Generate an error if the local Go version is too old foundVersion=$(go version | sed -E "s/^.+([0-9]+\.[0-9]+\.[0-9]+).*$/\1/g") - compare_versions "$GO_VERSION" $foundVersion || \ - die "Your Go version $foundVersion is older than the minimum expected Go version $GO_VERSION" + compare_versions "${GO_VERSION}" "${foundVersion}" || \ + die "Your Go version ${foundVersion} is older than the minimum expected Go version ${GO_VERSION}" + + if [ "${RUST_AGENT}" == "yes" ]; then + source "${HOME}/.cargo/env" + foundVersion=$(rustc --version | sed -E "s/^.+([0-9]+\.[0-9]+\.[0-9]+).*$/\1/g") + + compare_versions "${RUST_VERSION}" "${foundVersion}" || \ + die "Your rust version ${foundVersion} is older than the minimum expected rust version ${RUST_VERSION}" + + foundVersion=$(cmake --version | grep "[0-9]\+.[0-9]\+.[0-9]\+" | sed -E "s/^.+([0-9]+\.[0-9]+\.[0-9]+).*$/\1/g") + + fi else if [ -n "${USE_DOCKER}" ]; then container_engine="docker" @@ -327,6 +374,7 @@ build_rootfs_distro() image_name="${distro}-rootfs-osbuilder" + # setup to install go or rust here generate_dockerfile "${distro_config_dir}" "$container_engine" build \ --build-arg http_proxy="${http_proxy}" \ @@ -341,7 +389,12 @@ build_rootfs_distro() docker_run_args+=" --runtime ${DOCKER_RUNTIME}" if [ -z "${AGENT_SOURCE_BIN}" ] ; then - docker_run_args+=" --env GO_AGENT_PKG=${GO_AGENT_PKG}" + if [ "$RUST_AGENT" == "no" ]; then + docker_run_args+=" --env GO_AGENT_PKG=${GO_AGENT_PKG}" + else + docker_run_args+=" --env RUST_AGENT_PKG=${RUST_AGENT_PKG} -v ${RUST_SRC_PATH}:${RUST_SRC_PATH} --env RUST_SRC_PATH=${RUST_SRC_PATH}" + fi + docker_run_args+=" --env RUST_AGENT=${RUST_AGENT} -v ${GOPATH_LOCAL}:${GOPATH_LOCAL} --env GOPATH=${GOPATH_LOCAL}" else docker_run_args+=" --env AGENT_SOURCE_BIN=${AGENT_SOURCE_BIN}" docker_run_args+=" -v ${AGENT_SOURCE_BIN}:${AGENT_SOURCE_BIN}" @@ -351,11 +404,16 @@ build_rootfs_distro() # Relabel volumes so SELinux allows access (see docker-run(1)) if command -v selinuxenabled > /dev/null && selinuxenabled ; then + SRC_VOL=("${GOPATH_LOCAL}") + if [ "${RUST_AGENT}" == "yes" ]; then + SRC_VOL+=("${RUST_SRC_PATH}") + fi + for volume_dir in "${script_dir}" \ "${ROOTFS_DIR}" \ "${script_dir}/../scripts" \ "${kernel_mod_dir}" \ - "${GOPATH_LOCAL}"; do + "${SRC_VOL[@]}"; do chcon -Rt svirt_sandbox_file_t "$volume_dir" done fi @@ -370,18 +428,17 @@ build_rootfs_distro() --env ROOTFS_DIR="/rootfs" \ --env AGENT_BIN="${AGENT_BIN}" \ --env AGENT_INIT="${AGENT_INIT}" \ - --env GOPATH="${GOPATH_LOCAL}" \ --env KERNEL_MODULES_DIR="${KERNEL_MODULES_DIR}" \ --env EXTRA_PKGS="${EXTRA_PKGS}" \ --env OSBUILDER_VERSION="${OSBUILDER_VERSION}" \ --env INSIDE_CONTAINER=1 \ --env SECCOMP="${SECCOMP}" \ --env DEBUG="${DEBUG}" \ + --env HOME="/root" \ -v "${script_dir}":"/osbuilder" \ -v "${ROOTFS_DIR}":"/rootfs" \ -v "${script_dir}/../scripts":"/scripts" \ -v "${kernel_mod_dir}":"${kernel_mod_dir}" \ - -v "${GOPATH_LOCAL}":"${GOPATH_LOCAL}" \ $docker_run_args \ ${image_name} \ bash /osbuilder/rootfs.sh "${distro}" @@ -501,11 +558,31 @@ EOT info "Build agent" pushd "${GOPATH_LOCAL}/src/${GO_AGENT_PKG}" - [ -n "${AGENT_VERSION}" ] && git checkout "${AGENT_VERSION}" && OK "git checkout successful" + [ -n "${AGENT_VERSION}" ] && git checkout "${AGENT_VERSION}" && OK "git checkout successful" || info "checkout failed!" make clean make INIT=${AGENT_INIT} make install DESTDIR="${ROOTFS_DIR}" INIT=${AGENT_INIT} SECCOMP=${SECCOMP} popd + if [ "$RUST_AGENT" == "yes" ]; then + # build rust agent + info "Build rust agent" + # The PATH /.cargo/bin is apparently wrong + # looks like $HOME is resolved to empty when + # container is started + source "${HOME}/.cargo/env" + local -r agent_dir="$(basename ${RUST_AGENT_PKG})/src/agent" + pushd "${RUST_SRC_PATH}" + if [ ! -d ${RUST_SRC_PATH}/${agent_dir} ]; then + git clone https://${RUST_AGENT_PKG}.git + fi + cd ${agent_dir} + # checkout correct version + [ -n "${AGENT_VERSION}" ] && git checkout "${AGENT_VERSION}" && OK "git checkout successful" + make clean + make + make install DESTDIR="${ROOTFS_DIR}" + popd + fi else cp ${AGENT_SOURCE_BIN} ${AGENT_DEST} OK "cp ${AGENT_SOURCE_BIN} ${AGENT_DEST}" @@ -550,6 +627,29 @@ parse_arguments() shift $(($OPTIND - 1)) distro="$1" + arch=$(uname -m) + + if [ "${distro}" == "alpine" -o "${distro}" == "euleros" ]; then + if [ "${RUST_AGENT}" == "yes" ]; then + die "rust agent cannot be built on ${distro}. +alpine: only has stable/nightly-x86_64-unknown-linux-musl toolchain. It does not support proc-macro compilation. +See issue: https://github.com/kata-containers/osbuilder/issues/386 +euleros: 1. Missing libstdc++.a + 2. kernel is 3.10.x, there is no vsock support +You can build rust agent on your host and then copy it into +image's rootfs(eg. rootfs-builder/rootfs/usr/bin), and then +use image_builder.sh to build image with the rootfs. Please +refer to documentation for how to use customer agent. +See issue: https://github.com/kata-containers/osbuilder/issues/387" + fi + fi + + if [ "${RUST_AGENT}" == "yes" ] && [ "${arch}" == "s390x" -o "${arch}" == "ppc64le" ]; then + die "Cannot build rust agent on ppc64le. +musl cannot be built on ppc64le because of long double +reprentation is broken. And rust has no musl target on ppc64le. +See issue: https://github.com/kata-containers/osbuilder/issues/388" + fi } detect_host_distro() diff --git a/rootfs-builder/suse/Dockerfile.in b/rootfs-builder/suse/Dockerfile.in index 72d4c7b44..3daa8dfb4 100644 --- a/rootfs-builder/suse/Dockerfile.in +++ b/rootfs-builder/suse/Dockerfile.in @@ -15,4 +15,6 @@ COPY install-packages.sh config.sh / RUN chmod +x /install-packages.sh; /install-packages.sh # This will install the proper golang to build Kata components +@INSTALL_MUSL@ @INSTALL_GO@ +@INSTALL_RUST@ diff --git a/rootfs-builder/suse/install-packages.sh b/rootfs-builder/suse/install-packages.sh index 8bfa9c050..f26339b88 100644 --- a/rootfs-builder/suse/install-packages.sh +++ b/rootfs-builder/suse/install-packages.sh @@ -24,6 +24,27 @@ zypper --non-interactive addrepo ${SUSE_FULLURL_UPDATE} osbuilder-update # in Leap ulimit -n 1024 zypper --non-interactive refresh -zypper --non-interactive install --no-recommends --force-resolution curl git gcc make python3-kiwi tar +zypper --non-interactive install --no-recommends --force-resolution \ + autoconf \ + automake \ + binutils \ + cmake \ + coreutils \ + curl \ + gcc \ + gcc-c++ \ + git \ + glibc-devel \ + glibc-devel-static \ + glibc-utils \ + libstdc++-devel \ + linux-glibc-devel \ + m4 \ + make \ + python3-kiwi \ + sed \ + tar \ + vim \ + which zypper --non-interactive clean --all diff --git a/rootfs-builder/ubuntu/Dockerfile.in b/rootfs-builder/ubuntu/Dockerfile.in index 2b3f3f436..f54b04db0 100644 --- a/rootfs-builder/ubuntu/Dockerfile.in +++ b/rootfs-builder/ubuntu/Dockerfile.in @@ -11,7 +11,32 @@ from docker.io/ubuntu:@OS_VERSION@ # Install any package need to create a rootfs (package manager, extra tools) # RUN commands -RUN apt-get update && apt-get install -y curl wget systemd debootstrap git build-essential chrony +RUN apt-get update && apt-get install -y \ + autoconf \ + automake \ + binutils \ + build-essential \ + chrony \ + cmake \ + coreutils \ + curl \ + debianutils \ + debootstrap \ + g++ \ + gcc \ + git \ + libc6-dev \ + libstdc++-8-dev \ + m4 \ + make \ + musl \ + musl-dev \ + musl-tools \ + sed \ + systemd \ + tar \ + vim \ + wget # This will install the proper golang to build Kata components @INSTALL_GO@ - +@INSTALL_RUST@ diff --git a/scripts/lib.sh b/scripts/lib.sh index 218eef551..1ddaa5fce 100644 --- a/scripts/lib.sh +++ b/scripts/lib.sh @@ -8,6 +8,9 @@ set -e GO_AGENT_PKG=${GO_AGENT_PKG:-github.com/kata-containers/agent} GO_RUNTIME_PKG=${GO_RUNTIME_PKG:-github.com/kata-containers/runtime} +RUST_AGENT_PKG=${RUST_AGENT_PKG:-github.com/kata-containers/kata-rust-agent} +CMAKE_VERSION=${CMAKE_VERSION:-"null"} +MUSL_VERSION=${MUSL_VERSION:-"null"} #https://github.com/kata-containers/tests/blob/master/.ci/jenkins_job_build.sh # Give preference to variable set by CI KATA_BRANCH=${branch:-} @@ -192,7 +195,21 @@ create_summary_file() local agent="${AGENT_DEST}" [ "$AGENT_INIT" = yes ] && agent="${init}" - local -r agent_version=$("$agent" --version|awk '{print $NF}') + local agent_version + if [ "${RUST_AGENT}" == "no" ]; then + agent_version=$("$agent" --version|awk '{print $NF}') + else + local -r agentdir="${RUST_SRC_PATH}/$(basename ${RUST_AGENT_PKG} .git)/src/agent" + agent_version=$(cat ${agentdir}/VERSION) + fi + + local REAL_AGENT_PKG + + if [ "$RUST_AGENT" == "no" ]; then + REAL_AGENT_PKG=${GO_AGENT_PKG} + else + REAL_AGENT_PKG=${RUST_AGENT_PKG} + fi cat >"$file"<<-EOT --- @@ -212,7 +229,7 @@ ${packages} extra: ${extra} agent: - url: "https://${GO_AGENT_PKG}" + url: "https://${REAL_AGENT_PKG}" name: "${AGENT_BIN}" version: "${agent_version}" agent-is-init-daemon: "${AGENT_INIT}" @@ -230,9 +247,14 @@ generate_dockerfile() dir="$1" [ -d "${dir}" ] || die "${dir}: not a directory" + local architecture=$(uname -m) + local rustarch=${architecture} + local muslarch=${architecture} case "$(uname -m)" in "ppc64le") goarch=ppc64le + rustarch=powerpc64le + muslarch=powerpc64 ;; "aarch64") @@ -251,6 +273,8 @@ generate_dockerfile() curlOptions=("-OL") [ -n "${http_proxy:-}" ] && curlOptions+=("-x ${http_proxy:-}") + + readonly dockerfile_template="Dockerfile.in" readonly install_go=" RUN cd /tmp ; curl ${curlOptions[@]} https://storage.googleapis.com/golang/go${GO_VERSION}.linux-${goarch}.tar.gz RUN tar -C /usr/ -xzf /tmp/go${GO_VERSION}.linux-${goarch}.tar.gz @@ -258,15 +282,77 @@ ENV GOROOT=/usr/go ENV PATH=\$PATH:\$GOROOT/bin:\$GOPATH/bin " - readonly dockerfile_template="Dockerfile.in" + # Rust agent + # rust installer should set path apropiately, just in case + local cmake_file="cmake-${CMAKE_VERSION}.tar.gz" + local cmake_dir="cmake-${CMAKE_VERSION}" + readonly install_cmake=" +RUN pushd /root; \ + curl -sLO https://github.com/Kitware/CMake/releases/download/v${CMAKE_VERSION}/${cmake_file}; \ + tar -zxf ${cmake_file}; \ + cd ${cmake_dir}; \ + ./bootstrap > /dev/null 2>\&1; \ + make > /dev/null 2>\&1; \ + make install > /dev/null 2>\&1; \ + popd +" + local musl_tar="musl-${MUSL_VERSION}.tar.gz" + local musl_dir="musl-${MUSL_VERSION}" + readonly install_musl=" +RUN pushd /root; \ + curl -sLO https://www.musl-libc.org/releases/${musl_tar}; tar -zxf ${musl_tar}; \ + cd ${musl_dir}; \ + sed -i \"s/^ARCH = .*/ARCH = ${muslarch}/g\" dist/config.mak; \ + ./configure > /dev/null 2>\&1; \ + make > /dev/null 2>\&1; \ + make install > /dev/null 2>\&1; \ + echo \"/usr/local/musl/lib\" > /etc/ld-musl-${muslarch}.path; \ + popd +ENV PATH=\$PATH:/usr/local/musl/bin +" + readonly install_rust=" +RUN curl --proto '=https' --tlsv1.2 https://sh.rustup.rs -sSLf --output /tmp/rust-init; \ + chmod a+x /tmp/rust-init; \ + export http_proxy=${http_proxy:-}; \ + export https_proxy=${http_proxy:-}; \ + /tmp/rust-init -y +RUN . /root/.cargo/env; \ + export http_proxy=${http_proxy:-}; \ + export https_proxy=${http_proxy:-}; \ + cargo install cargo-when; \ + rustup toolchain install ${RUST_VERSION}; \ + rustup default ${RUST_VERSION}; \ + rustup target install ${rustarch}-unknown-linux-musl +RUN ln -sf /usr/bin/g++ /bin/musl-g++ +" + # rust agent still need go to build + # because grpc-sys need go to build pushd ${dir} [ -f "${dockerfile_template}" ] || die "${dockerfile_template}: file not found" - sed \ - -e "s|@GO_VERSION@|${GO_VERSION}|g" \ - -e "s|@OS_VERSION@|${OS_VERSION:-}|g" \ - -e "s|@INSTALL_GO@|${install_go//$'\n'/\\n}|g" \ - -e "s|@SET_PROXY@|${set_proxy:-}|g" \ - ${dockerfile_template} > Dockerfile + # powerpc have no musl target, don't setup rust enviroment + # since we cannot static link agent. Besides, there is + # also long double representation problem when building musl-libc + if [ "${architecture}" == "ppc64le" ]; then + sed \ + -e "s|@GO_VERSION@|${GO_VERSION}|g" \ + -e "s|@OS_VERSION@|${OS_VERSION:-}|g" \ + -e "s|@INSTALL_CMAKE@||g" \ + -e "s|@INSTALL_MUSL@||g" \ + -e "s|@INSTALL_GO@|${install_go//$'\n'/\\n}|g" \ + -e "s|@INSTALL_RUST@||g" \ + -e "s|@SET_PROXY@|${set_proxy:-}|g" \ + ${dockerfile_template} > Dockerfile + else + sed \ + -e "s|@GO_VERSION@|${GO_VERSION}|g" \ + -e "s|@OS_VERSION@|${OS_VERSION:-}|g" \ + -e "s|@INSTALL_CMAKE@|${install_cmake//$'\n'/\\n}|g" \ + -e "s|@INSTALL_MUSL@|${install_musl//$'\n'/\\n}|g" \ + -e "s|@INSTALL_GO@|${install_go//$'\n'/\\n}|g" \ + -e "s|@INSTALL_RUST@|${install_rust//$'\n'/\\n}|g" \ + -e "s|@SET_PROXY@|${set_proxy:-}|g" \ + ${dockerfile_template} > Dockerfile + fi popd } @@ -289,7 +375,7 @@ detect_go_version() typeset -r runtimeVersionsURL="https://raw.githubusercontent.com/kata-containers/runtime/${runtimeRevision}/versions.yaml" info "Getting golang version from ${runtimeVersionsURL}" # This may fail if we are a kata bump. - if GO_VERSION="$(curl -fsSL "$runtimeVersionsURL" | tac | tac | $yq r - "languages.golang.version")"; then + if GO_VERSION="$(curl -fsSL "$runtimeVersionsURL" | $yq r - "languages.golang.version")"; then [ "$GO_VERSION" != "null" ] return 0 fi @@ -301,7 +387,7 @@ detect_go_version() info "There is not runtime repository in filesystem (${kata_runtime_pkg_dir})" local runtime_versions_url="https://raw.githubusercontent.com/kata-containers/runtime/${KATA_BRANCH}/versions.yaml" info "Get versions file from ${runtime_versions_url}" - GO_VERSION="$(curl -fsSL "${runtime_versions_url}" | tac | tac | $yq r - "languages.golang.version")" + GO_VERSION="$(curl -fsSL "${runtime_versions_url}" | $yq r - "languages.golang.version")" if [ "$?" == "0" ] && [ "$GO_VERSION" != "null" ]; then return 0 fi @@ -316,3 +402,142 @@ detect_go_version() [ "$?" == "0" ] && [ "$GO_VERSION" != "null" ] } +detect_rust_version() +{ + info "Detecting agent rust version" + typeset -r yq=$(command -v yq || command -v ${GOPATH}/bin/yq) + if [ -z "$yq" ]; then + source "$yq_file" + fi + + local runtimeRevision="" + + # Detect runtime revision by fetching the agent's VERSION file + local runtime_version_url="https://raw.githubusercontent.com/kata-containers/agent/${AGENT_VERSION:-master}/VERSION" + info "Detecting runtime version using ${runtime_version_url}" + + if runtimeRevision="$(curl -fsSL ${runtime_version_url})"; then + [ -n "${runtimeRevision}" ] || die "failed to get agent version" + typeset -r runtimeVersionsURL="https://raw.githubusercontent.com/kata-containers/runtime/${runtimeRevision}/versions.yaml" + info "Getting rust version from ${runtimeVersionsURL}" + # This may fail if we are a kata bump. + if RUST_VERSION="$(curl -fsSL "$runtimeVersionsURL" | $yq r - "languages.rust.version")"; then + [ "$RUST_VERSION" != "null" ] + return 0 + fi + fi + + info "Agent version has not match with a runtime version, assumming it is a PR" + local kata_runtime_pkg_dir="${GOPATH}/src/${GO_RUNTIME_PKG}" + if [ ! -d "${kata_runtime_pkg_dir}" ];then + info "There is not runtime repository in filesystem (${kata_runtime_pkg_dir})" + local runtime_versions_url="https://raw.githubusercontent.com/kata-containers/runtime/${KATA_BRANCH}/versions.yaml" + info "Get versions file from ${runtime_versions_url}" + RUST_VERSION="$(curl -fsSL "${runtime_versions_url}" | $yq r - "languages.rust.version")" + if [ "$?" == "0" ] && [ "$RUST_VERSION" != "null" ]; then + return 0 + fi + + return 1 + fi + + local kata_versions_file="${kata_runtime_pkg_dir}/versions.yaml" + info "Get rust version from ${kata_versions_file}" + RUST_VERSION="$(cat "${kata_versions_file}" | $yq r - "languages.rust.version")" + + [ "$?" == "0" ] && [ "$RUST_VERSION" != "null" ] +} + +detect_cmake_version() +{ + info "Detecting cmake version" + + typeset -r yq=$(command -v yq || command -v ${GOPATH}/bin/yq) + if [ -z "$yq" ]; then + source "$yq_file" + fi + + local runtimeRevision="" + + # Detect runtime revision by fetching the agent's VERSION file + local runtime_version_url="https://raw.githubusercontent.com/kata-containers/agent/${AGENT_VERSION:-master}/VERSION" + info "Detecting runtime version using ${runtime_version_url}" + + if runtimeRevision="$(curl -fsSL ${runtime_version_url})"; then + [ -n "${runtimeRevision}" ] || die "failed to get agent version" + typeset -r runtimeVersionsURL="https://raw.githubusercontent.com/kata-containers/runtime/${runtimeRevision}/versions.yaml" + info "Getting cmake version from ${runtimeVersionsURL}" + # This may fail if we are a kata bump. + if CMAKE_VERSION="$(curl -fsSL "$runtimeVersionsURL" | $yq r - "externals.cmake.version")"; then + [ "$CMAKE_VERSION" != "null" ] + return 0 + fi + fi + + info "Agent version has not match with a runtime version, assumming it is a PR" + local kata_runtime_pkg_dir="${GOPATH}/src/${GO_RUNTIME_PKG}" + if [ ! -d "${kata_runtime_pkg_dir}" ];then + info "There is not runtime repository in filesystem (${kata_runtime_pkg_dir})" + local runtime_versions_url="https://raw.githubusercontent.com/kata-containers/runtime/${KATA_BRANCH}/versions.yaml" + info "Get versions file from ${runtime_versions_url}" + CMAKE_VERSION="$(curl -fsSL "${runtime_versions_url}" | $yq r - "externals.cmake.version")" + if [ "$?" == "0" ] && [ "$CMAKE_VERSION" != "null" ]; then + return 0 + fi + + return 1 + fi + + local kata_versions_file="${kata_runtime_pkg_dir}/versions.yaml" + info "Get cmake version from ${kata_versions_file}" + CMAKE_VERSION="$(cat "${kata_versions_file}" | $yq r - "externals.cmake.version")" + + [ "$?" == "0" ] && [ "$CMAKE_VERSION" != "null" ] +} + +detect_musl_version() +{ + info "Detecting musl version" + + typeset -r yq=$(command -v yq || command -v ${GOPATH}/bin/yq) + if [ -z "$yq" ]; then + source "$yq_file" + fi + + local runtimeRevision="" + + # Detect runtime revision by fetching the agent's VERSION file + local runtime_version_url="https://raw.githubusercontent.com/kata-containers/agent/${AGENT_VERSION:-master}/VERSION" + info "Detecting runtime version using ${runtime_version_url}" + + if runtimeRevision="$(curl -fsSL ${runtime_version_url})"; then + [ -n "${runtimeRevision}" ] || die "failed to get agent version" + typeset -r runtimeVersionsURL="https://raw.githubusercontent.com/kata-containers/runtime/${runtimeRevision}/versions.yaml" + info "Getting musl version from ${runtimeVersionsURL}" + # This may fail if we are a kata bump. + if MUSL_VERSION="$(curl -fsSL "$runtimeVersionsURL" | $yq r - "externals.musl.version")"; then + [ "$MUSL_VERSION" != "null" ] + return 0 + fi + fi + + info "Agent version has not match with a runtime version, assumming it is a PR" + local kata_runtime_pkg_dir="${GOPATH}/src/${GO_RUNTIME_PKG}" + if [ ! -d "${kata_runtime_pkg_dir}" ];then + info "There is not runtime repository in filesystem (${kata_runtime_pkg_dir})" + local runtime_versions_url="https://raw.githubusercontent.com/kata-containers/runtime/${KATA_BRANCH}/versions.yaml" + info "Get versions file from ${runtime_versions_url}" + MUSL_VERSION="$(curl -fsSL "${runtime_versions_url}" | $yq r - "externals.musl.version")" + if [ "$?" == "0" ] && [ "$MUSL_VERSION" != "null" ]; then + return 0 + fi + + return 1 + fi + + local kata_versions_file="${kata_runtime_pkg_dir}/versions.yaml" + info "Get musl version from ${kata_versions_file}" + MUSL_VERSION="$(cat "${kata_versions_file}" | $yq r - "externals.musl.version")" + + [ "$?" == "0" ] && [ "$MUSL_VERSION" != "null" ] +} diff --git a/tests/test_config.sh b/tests/test_config.sh index 357938d22..3a5279bbd 100644 --- a/tests/test_config.sh +++ b/tests/test_config.sh @@ -5,9 +5,64 @@ # List of distros not to test, when running all tests with test_images.sh typeset -a skipWhenTestingAll +typeset -a distros +arch="$(uname -m)" +sdir="${BASH_SOURCE[0]%/*}" +for distro in $(${sdir}/../rootfs-builder/rootfs.sh -l); do + distros+=("${distro}") +done +test_distros=() +test_distros+=("clearlinux") +test_distros+=("ubuntu") + +skipForRustDistros=() +skipForRustDistros+=("alpine") +skipForRustDistros+=("euleros") + +skipForRustArch=() +skipForRustArch+=("ppc64le") +skipForRustArch+=("s390x") + +distro_in_set() { + local d=$1 + shift + local dt + for dt in "$@"; do + if [ "${dt}" == "${d}" ]; then + return 0 + fi + done + return 1 +} if [ -n "${CI:-}" ]; then # CI tests may timeout with euleros, see: # https://github.com/kata-containers/osbuilder/issues/46" - skipWhenTestingAll+=(euleros) + # Since too many distros timeout for now, we only test clearlinux and ubuntu. We can enable other distros when we fix timeout problem. + for distro in "${distros[@]}"; do + if distro_in_set "${distro}" "${test_distros[@]}"; then + continue + fi + skipWhenTestingAll+=("${distro}") + done + + if [ "${RUST_AGENT:-}" == "yes" ]; then + # add skipForRustDistros to skipWhenTestingAll if it is not + for td in "${skipForRustDistros[@]}"; do + if distro_in_set "${td}" "${skipWhenTestingAll[@]}"; then + continue + fi + # not found in skipWhenTestingAll, add to it + skipWhenTestingAll+=("${td}") + done + + if distro_in_set "${arch}" "${skipForRustArch[@]}"; then + for distro in "${test_distros[@]}"; do + if distro_in_set "${distro}" "${skipWhenTestingAll[@]}"; then + continue + fi + skipWhenTestingAll+=("${distro}") + done + fi + fi fi diff --git a/tests/test_images.sh b/tests/test_images.sh index afd301040..73c0ba57d 100755 --- a/tests/test_images.sh +++ b/tests/test_images.sh @@ -36,6 +36,8 @@ readonly docker_build_runtime="runc" build_images=1 build_initrds=1 typeset -a distrosSystemd distrosAgent +distrosSystemd=() +distrosAgent=() # Hashes used to keep track of image sizes. # - Key: name of distro. # - Value: colon-separated roots and image sizes ("${rootfs_size}:${image_size}"). @@ -312,7 +314,7 @@ get_distros_config() distrosList=($(make list-distros)) fi - for d in ${distrosList[@]}; do + for d in ${distrosList[@]:-}; do debug "Getting config for distro $d" distroPattern="\<${d}\>" if [[ "${skipWhenTestingAll[@]:-}" =~ $distroPattern ]]; then @@ -372,6 +374,9 @@ install_image_create_container() showKataRunFailure=1 silent_run $mgr reset-config + if [ "${RUST_AGENT:-}" = "yes" ]; then + silent_run $mgr enable-vsock + fi silent_run $mgr configure-image "$file" create_container showKataRunFailure= @@ -389,6 +394,9 @@ install_initrd_create_container() showKataRunFailure=1 silent_run $mgr reset-config + if [ "${RUST_AGENT:-}" = "yes" ]; then + silent_run $mgr enable-vsock + fi silent_run $mgr configure-initrd "$file" create_container showKataRunFailure= @@ -397,7 +405,7 @@ install_initrd_create_container() # Displays a list of distros which can be tested list_distros() { - tr " " "\n" <<< "${distrosSystemd[@]} ${distrosAgent[@]}" | sort + tr " " "\n" <<< "${distrosSystemd[@]:-} ${distrosAgent[@]:-}" | sort } # @@ -497,10 +505,10 @@ test_distros() # If a distro was specified, filter out the distro list to only include that distro if [ -n "$distro" ]; then pattern="\<$distro\>" - if [[ "${distrosAgent[@]}" =~ $pattern ]]; then + if [[ "${distrosAgent[@]:-}" =~ $pattern ]]; then distrosAgent=($distro) distrosSystemd=() - elif [[ "${distrosSystemd[@]}" =~ $pattern ]]; then + elif [[ "${distrosSystemd[@]:-}" =~ $pattern ]]; then distrosSystemd=($distro) distrosAgent=() build_initrds= @@ -547,7 +555,7 @@ test_distros() local marker=$(make print-ROOTFS_MARKER_SUFFIX) [ -z "$marker" ] && die "Invalid rootfs marker" typeset -a completed=($(find ${tmp_rootfs} -name ".*${marker}" -exec basename {} \; | sed -E "s/\.(.+)${marker}/\1/")) - for d in "${distrosSystemd[@]}" "${distrosAgent[@]}"; do + for d in "${distrosSystemd[@]:-}" "${distrosAgent[@]:-}"; do if [[ "${completed[@]}" =~ $d ]]; then info "- $d : completed" else @@ -561,7 +569,7 @@ test_distros() # TODO: once support for rootfs images with kata-agent as init is in place, # uncomment the following line # for d in ${distrosSystemd[@]} ${distrosAgent[@]}; do - for d in ${distrosSystemd[@]}; do + for d in ${distrosSystemd[@]:-}; do local rootfs_path="${tmp_rootfs}/${d}_rootfs" local image_path="${images_dir}/kata-containers-image-$d.img" local rootfs_size=$(get_rootfs_size "$rootfs_path") @@ -583,7 +591,7 @@ test_distros() install_image_create_container $image_path done - for d in ${distrosAgent[@]}; do + for d in ${distrosAgent[@]:-}; do local rootfs_path="${tmp_rootfs}/${d}_rootfs" local initrd_path="${images_dir}/kata-containers-initrd-$d.img" local rootfs_size=$(get_rootfs_size "$rootfs_path") @@ -618,6 +626,13 @@ test_dracut() detect_go_version || die "Could not detect the required Go version for AGENT_VERSION='${AGENT_VERSION:-master}'." + detect_rust_version || + die "Could not detect the required rust version for AGENT_VERSION='${AGENT_VERSION:-master}'." + detect_cmake_version || + die "Could not detect the required cmake version for AGENT_VERSION='${AGENT_VERSION:-master}'." + detect_musl_version || + die "Could not detect the required musl version for AGENT_VERSION='${AGENT_VERSION:-master}'." + generate_dockerfile ${dracut_dir} info "Creating container for dracut" silent_run docker build -t dracut-test-osbuilder ${dracut_dir} From 005c62a8716cd0bcdd1795454bada8da1d49d228 Mon Sep 17 00:00:00 2001 From: Jia He Date: Mon, 20 Jan 2020 16:31:32 +0800 Subject: [PATCH 270/307] image_builder: Reduce the boundary mb for reducing image size on arm64 Qemu merely limits the memory-backend-file size to be aligned to page_size instead of section size(arm64 1GB). Please see file_ram_alloc() in qemu exec.c. If we use 1024MB, the generated image size will be 3-4 times bigger than the original one. After relaxing it, the image size will be changed from 1G to 300M+ on arm64 with Fedora 29 rootfs's default configuration. I do see there are some different limitation for ram_block on other arches (e.g. s390x). So gracefully keep other arches unchanged here. Fixes #404 Signed-off-by: Jia He --- image-builder/image_builder.sh | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/image-builder/image_builder.sh b/image-builder/image_builder.sh index 06cc71172..9bb690775 100755 --- a/image-builder/image_builder.sh +++ b/image-builder/image_builder.sh @@ -63,11 +63,9 @@ readonly -a systemd_files=( # Set a default value AGENT_INIT=${AGENT_INIT:-no} - -# In order to support memory hotplug, image must be aligned to -# memory section(size in MB) according to different architecture. +# Align image to (size in MB) according to different architecture. case "$(uname -m)" in - aarch64) readonly mem_boundary_mb=1024 ;; + aarch64) readonly mem_boundary_mb=16 ;; *) readonly mem_boundary_mb=128 ;; esac From c54e5caf374b216019f5921435b7592acdf677e5 Mon Sep 17 00:00:00 2001 From: Archana Shinde Date: Tue, 18 Feb 2020 19:37:05 +0000 Subject: [PATCH 271/307] release: Kata Containers 1.11.0-alpha0 - Rootfs builder: build rust agent using osbuilder - image-builder: make docker runtime configurable - image_builder: Remove nsdax binary after its usage 1a7b735 rootfs-builder: build rust agent using osbuilder c407421 image-builder: make docker runtime configurable 98ac62d image_builder: Remove nsdax binary after its usage Signed-off-by: Archana Shinde --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index 00117886d..26b980b24 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.10.0-rc0 +1.11.0-alpha0 From 44f29318dd2c427135a46b48279cbac028d5ce29 Mon Sep 17 00:00:00 2001 From: Cole Robinson Date: Sun, 1 Mar 2020 12:34:56 -0500 Subject: [PATCH 272/307] tests: Remove unused test_func_prefix This has been unused since 562be909 Signed-off-by: Cole Robinson --- tests/test_images.sh | 3 --- 1 file changed, 3 deletions(-) diff --git a/tests/test_images.sh b/tests/test_images.sh index 73c0ba57d..d2bd1dce5 100755 --- a/tests/test_images.sh +++ b/tests/test_images.sh @@ -27,9 +27,6 @@ readonly KATA_HYPERVISOR="${KATA_HYPERVISOR:-}" readonly ci_results_dir="/var/osbuilder/tests" readonly dracut_dir=${script_dir}/../dracut -# all distro tests must have this prefix -readonly test_func_prefix="test_distro_" - # "docker build" does not work with a VM-based runtime readonly docker_build_runtime="runc" From c574ec0528f90ea7e389ceb84cfadc3f4f199ab2 Mon Sep 17 00:00:00 2001 From: Cole Robinson Date: Mon, 2 Mar 2020 14:29:33 -0500 Subject: [PATCH 273/307] tests: Remove dead unset images_dir check This value is set globally, so this condition will never trigger. `mkdir -p` would error anyways if it was unspecified Signed-off-by: Cole Robinson --- tests/test_images.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/tests/test_images.sh b/tests/test_images.sh index d2bd1dce5..04f52d52b 100755 --- a/tests/test_images.sh +++ b/tests/test_images.sh @@ -258,7 +258,6 @@ set_runtime() setup() { - [ -z "$images_dir" ] && die "need images directory" mkdir -p "${images_dir}" if [ -n "$CI" ]; then From cd46d09e0c3bdcaaeb17018525b91399fdee21e4 Mon Sep 17 00:00:00 2001 From: Cole Robinson Date: Sun, 1 Mar 2020 16:56:48 -0500 Subject: [PATCH 274/307] tests: Remove hardcoded 'runc' reference Replace it with docker_build_runtime which serves a similar purpose Signed-off-by: Cole Robinson --- tests/test_images.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/test_images.sh b/tests/test_images.sh index 04f52d52b..444019cde 100755 --- a/tests/test_images.sh +++ b/tests/test_images.sh @@ -635,7 +635,7 @@ test_dracut() typeset -a dockerRunArgs=(\ --rm \ - --runtime=runc \ + --runtime="${docker_build_runtime}" \ -v "${images_dir}:${images_dir}" \ -v "${script_dir}/..":"${tmp_dir}" \ -v "${tmp_rootfs}:${tmp_rootfs}" \ From e8624d89d9c123580200833f4f75a0150c786430 Mon Sep 17 00:00:00 2001 From: Cole Robinson Date: Sun, 1 Mar 2020 17:06:07 -0500 Subject: [PATCH 275/307] tests: Rename docker_build_runtime -> DOCKER_RUNTIME DOCKER_RUNTIME is the naming used in the actual osbuilder scripts for this value. Change the test code to match Signed-off-by: Cole Robinson --- tests/test_images.sh | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/tests/test_images.sh b/tests/test_images.sh index 444019cde..6eafd7106 100755 --- a/tests/test_images.sh +++ b/tests/test_images.sh @@ -20,6 +20,7 @@ readonly tests_repo_dir="${script_dir}/../../tests" readonly mgr="${tests_repo_dir}/cmd/kata-manager/kata-manager.sh" readonly test_config=${script_dir}/test_config.sh readonly rootfs_builder=${script_dir}/../rootfs-builder/rootfs.sh +readonly DOCKER_RUNTIME=${DOCKER_RUNTIME:-runc} readonly RUNTIME=${RUNTIME:-kata-runtime} readonly MACHINE_TYPE=`uname -m` readonly CI=${CI:-} @@ -27,9 +28,6 @@ readonly KATA_HYPERVISOR="${KATA_HYPERVISOR:-}" readonly ci_results_dir="/var/osbuilder/tests" readonly dracut_dir=${script_dir}/../dracut -# "docker build" does not work with a VM-based runtime -readonly docker_build_runtime="runc" - build_images=1 build_initrds=1 typeset -a distrosSystemd distrosAgent @@ -286,8 +284,10 @@ setup() fi silent_run $mgr enable-debug - # Ensure "docker build" works - set_runtime "${docker_build_runtime}" + # "docker build" does not work with a VM-based runtime, and + # also does not accept a --runtime option, so our only + # option is to overwrite the system docker default runtime + set_runtime "${DOCKER_RUNTIME}" } # Fetches the distros test configuration from the distro-specific config.sh file. @@ -635,7 +635,7 @@ test_dracut() typeset -a dockerRunArgs=(\ --rm \ - --runtime="${docker_build_runtime}" \ + --runtime="${DOCKER_RUNTIME}" \ -v "${images_dir}:${images_dir}" \ -v "${script_dir}/..":"${tmp_dir}" \ -v "${tmp_rootfs}:${tmp_rootfs}" \ From 0e6a12ce3cf6a15170b4bfaacd969df713f23658 Mon Sep 17 00:00:00 2001 From: Cole Robinson Date: Sun, 1 Mar 2020 17:12:36 -0500 Subject: [PATCH 276/307] tests: Pass DOCKER_RUNTIME to osbuilder scripts The rootfs and image builder scripts are wired up to handle the DOCKER_RUNTIME, so pass our value down to those scripts Signed-off-by: Cole Robinson --- tests/test_images.sh | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/tests/test_images.sh b/tests/test_images.sh index 6eafd7106..ac2431341 100755 --- a/tests/test_images.sh +++ b/tests/test_images.sh @@ -494,6 +494,7 @@ test_distros() get_distros_config "$distro" local commonMakeVars=( \ USE_DOCKER=true \ + DOCKER_RUNTIME="${DOCKER_RUNTIME}" \ ROOTFS_BUILD_DEST="$tmp_rootfs" \ IMAGES_BUILD_DEST="$images_dir" \ DEBUG=1 ) @@ -642,11 +643,19 @@ test_dracut() -v /etc/localtime:/etc/localtime:ro \ dracut-test-osbuilder \ ) - typeset -a makeVars=(BUILD_METHOD=dracut TARGET_INITRD="${initrd_path}" TARGET_IMAGE=${image_path} TARGET_ROOTFS=${rootfs_path}) + + typeset -a makeVars=(\ + BUILD_METHOD=dracut \ + TARGET_INITRD="${initrd_path}" \ + TARGET_IMAGE=${image_path} \ + TARGET_ROOTFS=${rootfs_path} \ + USE_DOCKER=1 \ + DOCKER_RUNTIME="${DOCKER_RUNTIME}" \ + ) info "Making image for dracut inside a container" silent_run docker run ${dockerRunArgs[@]} make -C ${tmp_dir} ${makeVars[@]} rootfs - make_image USE_DOCKER=1 ${makeVars[@]} + make_image ${makeVars[@]} local image_size=$(stat -c "%s" "${image_path}") local rootfs_size=$(get_rootfs_size "$rootfs_path") built_images["dracut"]="${rootfs_size}:${image_size}" From 555ddf331af197d5e4ae97d6944ebe7903eb0ab8 Mon Sep 17 00:00:00 2001 From: Cole Robinson Date: Sun, 1 Mar 2020 17:15:13 -0500 Subject: [PATCH 277/307] tests: Remove unused USE_DOCKER export We now explicitly pass this to every make target we invoke, so this is redundant Signed-off-by: Cole Robinson --- tests/test_images.sh | 2 -- 1 file changed, 2 deletions(-) diff --git a/tests/test_images.sh b/tests/test_images.sh index ac2431341..c8d9fe5f9 100755 --- a/tests/test_images.sh +++ b/tests/test_images.sh @@ -263,8 +263,6 @@ setup() sudo -E mkdir -p ${ci_results_dir} fi - export USE_DOCKER=true - # Travis doesn't support VT-x [ -n "${TRAVIS:-}" ] && return From 1ae392285ef511e27a06ca966fbbd52a2f811b5f Mon Sep 17 00:00:00 2001 From: Cole Robinson Date: Mon, 2 Mar 2020 13:36:38 -0500 Subject: [PATCH 278/307] tests: Have DEBUG=1 set bash xtrace This is similarly used in image_builder.sh and can be handy to determine what is happening. Unfold the 'set' short options while we are at it Signed-off-by: Cole Robinson --- tests/test_images.sh | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/tests/test_images.sh b/tests/test_images.sh index c8d9fe5f9..56e9f7622 100755 --- a/tests/test_images.sh +++ b/tests/test_images.sh @@ -4,7 +4,10 @@ # # SPDX-License-Identifier: Apache-2.0 -set -euo pipefail +set -o errexit +set -o nounset +set -o pipefail +[ -n "${DEBUG:-}" ] && set -o xtrace readonly script_dir="$(dirname $(readlink -f $0))" readonly script_name=${0##*/} From 7dd99c022baeff97fc17bde39506f05ea275fe2a Mon Sep 17 00:00:00 2001 From: Cole Robinson Date: Mon, 2 Mar 2020 13:47:12 -0500 Subject: [PATCH 279/307] tests: Add project_dir helper variable Rather than use ${script_dir}/.. in multiple places Signed-off-by: Cole Robinson --- tests/test_images.sh | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/tests/test_images.sh b/tests/test_images.sh index 56e9f7622..dda485db5 100755 --- a/tests/test_images.sh +++ b/tests/test_images.sh @@ -11,6 +11,7 @@ set -o pipefail readonly script_dir="$(dirname $(readlink -f $0))" readonly script_name=${0##*/} +readonly project_dir="$(dirname ${script_dir})" readonly tmp_dir=$(mktemp -t -d osbuilder-test.XXXXXXX) readonly tmp_rootfs="${tmp_dir}/rootfs-osbuilder" readonly images_dir="${tmp_dir}/images" @@ -19,17 +20,17 @@ readonly docker_image="busybox" readonly systemd_docker_config_file="/etc/systemd/system/docker.service.d/kata-containers.conf" readonly sysconfig_docker_config_file="/etc/sysconfig/docker" readonly tests_repo="github.com/kata-containers/tests" -readonly tests_repo_dir="${script_dir}/../../tests" +readonly tests_repo_dir="${project_dir}/../tests" readonly mgr="${tests_repo_dir}/cmd/kata-manager/kata-manager.sh" readonly test_config=${script_dir}/test_config.sh -readonly rootfs_builder=${script_dir}/../rootfs-builder/rootfs.sh +readonly rootfs_builder=${project_dir}/rootfs-builder/rootfs.sh readonly DOCKER_RUNTIME=${DOCKER_RUNTIME:-runc} readonly RUNTIME=${RUNTIME:-kata-runtime} readonly MACHINE_TYPE=`uname -m` readonly CI=${CI:-} readonly KATA_HYPERVISOR="${KATA_HYPERVISOR:-}" readonly ci_results_dir="/var/osbuilder/tests" -readonly dracut_dir=${script_dir}/../dracut +readonly dracut_dir=${project_dir}/dracut build_images=1 build_initrds=1 @@ -47,7 +48,7 @@ typeset -A built_initrds typeset -A showKataRunFailure= source ${test_config} -source "${script_dir}/../scripts/lib.sh" +source "${project_dir}/scripts/lib.sh" usage() { @@ -639,7 +640,7 @@ test_dracut() --rm \ --runtime="${DOCKER_RUNTIME}" \ -v "${images_dir}:${images_dir}" \ - -v "${script_dir}/..":"${tmp_dir}" \ + -v "${project_dir}":"${tmp_dir}" \ -v "${tmp_rootfs}:${tmp_rootfs}" \ -v /etc/localtime:/etc/localtime:ro \ dracut-test-osbuilder \ From 7a8e816ded341418e2465300811946c0b713199c Mon Sep 17 00:00:00 2001 From: Cole Robinson Date: Mon, 2 Mar 2020 13:59:08 -0500 Subject: [PATCH 280/307] tests: Specify DRACUT_OVERLAY_DIR Otherwise it defaults to using the $project_dir/dracut_overlay, which leaves junk hanging around when running the tests locally Signed-off-by: Cole Robinson --- tests/test_images.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/test_images.sh b/tests/test_images.sh index dda485db5..4450f4e7d 100755 --- a/tests/test_images.sh +++ b/tests/test_images.sh @@ -622,6 +622,7 @@ test_dracut() local initrd_path="${images_dir}/kata-containers-initrd-dracut.img" local image_path="${images_dir}/kata-containers-image-dracut.img" local rootfs_path="${tmp_rootfs}/dracut_rootfs" + local overlay_path="${tmp_rootfs}/dracut_overlay" detect_go_version || die "Could not detect the required Go version for AGENT_VERSION='${AGENT_VERSION:-master}'." @@ -651,6 +652,7 @@ test_dracut() TARGET_INITRD="${initrd_path}" \ TARGET_IMAGE=${image_path} \ TARGET_ROOTFS=${rootfs_path} \ + DRACUT_OVERLAY_DIR="${overlay_path}" \ USE_DOCKER=1 \ DOCKER_RUNTIME="${DOCKER_RUNTIME}" \ ) From f3ab6d26666e48b2dfa969d964b8b91ac0fac5b5 Mon Sep 17 00:00:00 2001 From: Cole Robinson Date: Mon, 2 Mar 2020 14:05:12 -0500 Subject: [PATCH 281/307] tests: Don't run commands with `chronic` if DEBUG is set Don't suppress output with `chronic` when the user sets DEBUG Signed-off-by: Cole Robinson --- tests/test_images.sh | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/tests/test_images.sh b/tests/test_images.sh index 4450f4e7d..0ad6ee029 100755 --- a/tests/test_images.sh +++ b/tests/test_images.sh @@ -230,7 +230,11 @@ silent_run() { typeset -a commandLine=("$@") info "running: ${commandLine[@]}" - chronic "${commandLine[@]}" + if [ -z "${DEBUG:-}" ]; then + chronic "${commandLine[@]}" + else + "${commandLine[@]}" + fi } From cef25917a4225e89c5fccf19b94d0379860c5ad6 Mon Sep 17 00:00:00 2001 From: Cole Robinson Date: Mon, 2 Mar 2020 14:14:23 -0500 Subject: [PATCH 282/307] tests: Rework dracut docker bind mounts The current setup leaves images/ and rootfs-osbuilder/ dirs stranded in the $project_dir when run locally. This simplifies things by only passing through the project_dir and the tmp_dir that all our output is relative to Signed-off-by: Cole Robinson --- tests/test_images.sh | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/tests/test_images.sh b/tests/test_images.sh index 0ad6ee029..c718df123 100755 --- a/tests/test_images.sh +++ b/tests/test_images.sh @@ -644,9 +644,8 @@ test_dracut() typeset -a dockerRunArgs=(\ --rm \ --runtime="${DOCKER_RUNTIME}" \ - -v "${images_dir}:${images_dir}" \ - -v "${project_dir}":"${tmp_dir}" \ - -v "${tmp_rootfs}:${tmp_rootfs}" \ + -v "${project_dir}":"${project_dir}" \ + -v "${tmp_dir}":"${tmp_dir}" \ -v /etc/localtime:/etc/localtime:ro \ dracut-test-osbuilder \ ) @@ -662,7 +661,7 @@ test_dracut() ) info "Making image for dracut inside a container" - silent_run docker run ${dockerRunArgs[@]} make -C ${tmp_dir} ${makeVars[@]} rootfs + silent_run docker run ${dockerRunArgs[@]} make -C ${project_dir} ${makeVars[@]} rootfs make_image ${makeVars[@]} local image_size=$(stat -c "%s" "${image_path}") local rootfs_size=$(get_rootfs_size "$rootfs_path") @@ -672,7 +671,7 @@ test_dracut() if [ "$KATA_HYPERVISOR" != "firecracker" ]; then info "Making initrd for dracut inside a container" - silent_run docker run ${dockerRunArgs[@]} make -C ${tmp_dir} ${makeVars[@]} AGENT_INIT=yes clean initrd + silent_run docker run ${dockerRunArgs[@]} make -C ${project_dir} ${makeVars[@]} AGENT_INIT=yes clean initrd local initrd_size=$(stat -c "%s" "${initrd_path}") built_initrds["dracut"]="${rootfs_size}:${initrd_size}" install_initrd_create_container $initrd_path From e787bb0da5ffc120e2d9888189950b0c612c257e Mon Sep 17 00:00:00 2001 From: Cole Robinson Date: Sun, 1 Mar 2020 17:23:03 -0500 Subject: [PATCH 283/307] tests: Define KATA_DEV_MODE Define KATA_DEV_MODE at the top of the file, so code doesn't need to conditionally compare against it Signed-off-by: Cole Robinson --- tests/test_images.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/test_images.sh b/tests/test_images.sh index c718df123..1857e1792 100755 --- a/tests/test_images.sh +++ b/tests/test_images.sh @@ -29,6 +29,7 @@ readonly RUNTIME=${RUNTIME:-kata-runtime} readonly MACHINE_TYPE=`uname -m` readonly CI=${CI:-} readonly KATA_HYPERVISOR="${KATA_HYPERVISOR:-}" +readonly KATA_DEV_MODE="${KATA_DEV_MODE:-}" readonly ci_results_dir="/var/osbuilder/tests" readonly dracut_dir=${project_dir}/dracut @@ -276,7 +277,7 @@ setup() [ ! -d "${tests_repo_dir}" ] && git clone "https://${tests_repo}" "${tests_repo_dir}" - if [ -z "${KATA_DEV_MODE:-}" ]; then + if [ -z "${KATA_DEV_MODE}" ]; then mkdir -p /etc/kata-containers/ sudo cp -a /usr/share/defaults/kata-containers/configuration.toml /etc/kata-containers/configuration.toml else From 17a8fb13a16eabb0de261e60297f5cc7e637f388 Mon Sep 17 00:00:00 2001 From: Cole Robinson Date: Sun, 1 Mar 2020 17:25:16 -0500 Subject: [PATCH 284/307] tests: Skip all kata-manager usage if KATA_DEV_MODE is set kata-manager.sh makes host config changes. KATA_DEV_MODE is meant to avoid such changes. Add a helper run_mgr function which stubs out kata-manager.sh usage if KATA_DEV_MODE is set. Signed-off-by: Cole Robinson --- tests/test_images.sh | 29 +++++++++++++++++++---------- 1 file changed, 19 insertions(+), 10 deletions(-) diff --git a/tests/test_images.sh b/tests/test_images.sh index 1857e1792..aea7bd5ba 100755 --- a/tests/test_images.sh +++ b/tests/test_images.sh @@ -144,6 +144,15 @@ show_stats() rm -f "${tmpfile}" } + +# Run a kata-manager.sh command +run_mgr() +{ + [ -n "${KATA_DEV_MODE:-}" ] && return + silent_run $mgr $* +} + + exit_handler() { if [ "$?" -eq 0 ] @@ -157,7 +166,7 @@ exit_handler() rm -rf "${tmp_dir}" # Restore the default image in config file - [ -n "${TRAVIS:-}" ] || silent_run $mgr configure-image + [ -n "${TRAVIS:-}" ] || run_mgr configure-image return fi @@ -185,7 +194,7 @@ exit_handler() if [ -z "${showKataRunFailure}" ]; then # Restore the default image in config file - silent_run $mgr configure-image + run_mgr configure-image return fi @@ -202,7 +211,7 @@ exit_handler() sudo -E ps -efwww | egrep "docker|kata" >&2 # Restore the default image in config file - silent_run $mgr configure-image + run_mgr configure-image } die() @@ -289,7 +298,7 @@ setup() [ -n "$cfgRuntime" ] || die "${RUNTIME} is not a configured runtime for docker" [ -x "$cfgRuntime" ] || die "docker ${RUNTIME} is linked to an invalid executable: $cfgRuntime" fi - silent_run $mgr enable-debug + run_mgr enable-debug # "docker build" does not work with a VM-based runtime, and # also does not accept a --runtime option, so our only @@ -376,11 +385,11 @@ install_image_create_container() [ -n "${TRAVIS:-}" ] && return showKataRunFailure=1 - silent_run $mgr reset-config + run_mgr reset-config if [ "${RUST_AGENT:-}" = "yes" ]; then - silent_run $mgr enable-vsock + run_mgr enable-vsock fi - silent_run $mgr configure-image "$file" + run_mgr configure-image "$file" create_container showKataRunFailure= } @@ -396,11 +405,11 @@ install_initrd_create_container() [ -n "${TRAVIS:-}" ] && return showKataRunFailure=1 - silent_run $mgr reset-config + run_mgr reset-config if [ "${RUST_AGENT:-}" = "yes" ]; then - silent_run $mgr enable-vsock + run_mgr enable-vsock fi - silent_run $mgr configure-initrd "$file" + run_mgr configure-initrd "$file" create_container showKataRunFailure= } From 6f17b9cb48860479666d98d42c01c3068668996f Mon Sep 17 00:00:00 2001 From: Cole Robinson Date: Sun, 1 Mar 2020 18:42:01 -0500 Subject: [PATCH 285/307] tests: Skip set_runtime if KATA_DEV_MODE is set set_runtime attempts to overwrite the host docker configuration to default to DOCKER_RUNTIME instead of kata-runtime, which does not work for 'docker build'. Since this is a host altering step, skip it if KATA_DEV_MODE is set. Signed-off-by: Cole Robinson --- tests/test_images.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/test_images.sh b/tests/test_images.sh index aea7bd5ba..b8b7d4597 100755 --- a/tests/test_images.sh +++ b/tests/test_images.sh @@ -254,6 +254,8 @@ set_runtime() [ -z "$name" ] && die "need name" + [ -n "${KATA_DEV_MODE}" ] && return + # Travis doesn't support VT-x [ -n "${TRAVIS:-}" ] && return From 762ec28a6b70e086b280712dd91112f6562a4c63 Mon Sep 17 00:00:00 2001 From: Cole Robinson Date: Sun, 1 Mar 2020 17:28:17 -0500 Subject: [PATCH 286/307] tests: Drop kata-runtime env validation if KATA_DEV_MODE is set If KATA_DEV_MODE is set, test_images.sh attempts to validate that docker has kata-runtime as a configured --runtime value. This gives a nicer and earlier error, but it also complicates using /usr/bin/docker as provided by podman, which has a different 'info' topology. Let's drop the check and let the tests fail naturally if the host isn't configured properly Signed-off-by: Cole Robinson --- tests/test_images.sh | 6 ------ 1 file changed, 6 deletions(-) diff --git a/tests/test_images.sh b/tests/test_images.sh index b8b7d4597..4b185a691 100755 --- a/tests/test_images.sh +++ b/tests/test_images.sh @@ -293,12 +293,6 @@ setup() sudo cp -a /usr/share/defaults/kata-containers/configuration.toml /etc/kata-containers/configuration.toml else info "Running with KATA_DEV_MODE set, skipping installation of docker and kata packages" - # Make sure docker & kata are available - command -v docker >/dev/null || die "docker cannot be found on your PATH" - local cfgRuntime= - cfgRuntime="$(docker info --format "{{(index .Runtimes \"${RUNTIME}\").Path}}")" - [ -n "$cfgRuntime" ] || die "${RUNTIME} is not a configured runtime for docker" - [ -x "$cfgRuntime" ] || die "docker ${RUNTIME} is linked to an invalid executable: $cfgRuntime" fi run_mgr enable-debug From 0f4eac434bac96df9d53ee8a4655165b550d1dd7 Mon Sep 17 00:00:00 2001 From: Cole Robinson Date: Mon, 2 Mar 2020 13:57:33 -0500 Subject: [PATCH 287/307] tests: Skip initrd/image launch if KATA_DEV_MODE The script points kata-runtime at the generated initrd/image by editing the host config file, which we aren't doing when KATA_DEV_MODE=1 is set, so this won't work. Fixes: #415 Signed-off-by: Cole Robinson --- tests/test_images.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/test_images.sh b/tests/test_images.sh index 4b185a691..8ccd24ba2 100755 --- a/tests/test_images.sh +++ b/tests/test_images.sh @@ -355,6 +355,10 @@ get_distros_config() create_container() { + # If KATA_DEV_MODE is set, we don't have any way to point kata-runtime + # at the image/initrd to boot, so there's nothing to do + [ -n "${KATA_DEV_MODE}" ] && return + out=$(mktemp) local file="/proc/version" From 134175bb9bc9d3ba44ab9616d7d897e41f5157bf Mon Sep 17 00:00:00 2001 From: Cole Robinson Date: Mon, 2 Mar 2020 14:35:08 -0500 Subject: [PATCH 288/307] tests: Document the changed KATA_DEV_MODE behavior Document the KATA_DEV_MODE changes explained in the previous commits Signed-off-by: Cole Robinson --- tests/README.md | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/tests/README.md b/tests/README.md index 068ef8301..7fb2e3b8a 100644 --- a/tests/README.md +++ b/tests/README.md @@ -8,9 +8,15 @@ initrd images for all supported distributions and then tests them to ensure a Kata Container can be created with each. Before the build phase, the test script installs the Docker container manager -and all the Kata components required to run test containers. This step can be -skipped by setting the environment variable `KATA_DEV_MODE` to a non-empty -value. +and all the Kata components required to run test containers. Individual tests +will also alter host `kata-runtime` and `docker` service configuration as needed. + +All host config editing can be skipped by setting the environment variable +`KATA_DEV_MODE` to a non-empty value. In this mode, image/initrd targets +will be built but not runtime tested; If your host is configured to have +`kata-runtime` set as the default docker runtime, you will need to switch +to a runtime like `runc`/`crun` so the `docker build` test commands work +correctly. ``` $ ./test_images.sh From 4004bd8fbe4cef00be62d35697e9ef28edda4df7 Mon Sep 17 00:00:00 2001 From: Cole Robinson Date: Thu, 5 Mar 2020 12:21:16 -0500 Subject: [PATCH 289/307] image-builder: Add NSDAX_BIN for passing in compiled nsdax tool In Fedora we are running the osbuilder scripts on the client machine, to generate an initrd for the running host kernel. In this setup, there's currently a runtime dependency on gcc for compiling the nsdax tool, which is suboptimal. Add NSDAX_BIN environment variable; if specified, image-builder.sh will use that path as the nsdax tool. This let's ship a compiled nsdax tool to users and drop the runtime gcc dependency Fixes: #417 Signed-off-by: Cole Robinson --- image-builder/image_builder.sh | 25 +++++++++++++++++++------ 1 file changed, 19 insertions(+), 6 deletions(-) diff --git a/image-builder/image_builder.sh b/image-builder/image_builder.sh index 06cc71172..e18822d84 100755 --- a/image-builder/image_builder.sh +++ b/image-builder/image_builder.sh @@ -88,6 +88,7 @@ Options: Extra environment variables: AGENT_BIN: Use it to change the expected agent binary name AGENT_INIT: Use kata agent as init process + NSDAX_BIN: Use to specify path to pre-compiled 'nsdax' tool. FS_TYPE: Filesystem type to use. Only xfs and ext4 are supported. USE_DOCKER: If set will build image in a Docker Container (requries docker) DEFAULT: not set @@ -130,6 +131,8 @@ build_with_container() { local root_free_space="$5" local agent_bin="$6" local agent_init="$7" + local container_engine="$8" + local nsdax_bin="$9" local container_image_name="image-builder-osbuilder" local shared_files="" @@ -158,6 +161,7 @@ build_with_container() { --env FS_TYPE="${fs_type}" \ --env BLOCK_SIZE="${block_size}" \ --env ROOT_FREE_SPACE="${root_free_space}" \ + --env NSDAX_BIN="${nsdax_bin}" \ --env DEBUG="${DEBUG}" \ -v /dev:/dev \ -v "${script_dir}":"/osbuilder" \ @@ -411,6 +415,7 @@ set_dax_header() { local image="$1" local img_size="$2" local fs_type="$3" + local nsdax_bin="$4" # rootfs start + DAX header size local rootfs_offset=$((rootfs_start + dax_header_sz)) @@ -425,9 +430,12 @@ set_dax_header() { info "Set DAX metadata" # Set metadata header # Issue: https://github.com/kata-containers/osbuilder/issues/240 - gcc -O2 "${script_dir}/nsdax.gpl.c" -o "${script_dir}/nsdax" - "${script_dir}/nsdax" "${header_image}" "${dax_header_bytes}" "${dax_alignment_bytes}" - rm -f "${script_dir}/nsdax" + if [ -z "${nsdax_bin}" ] ; then + nsdax_bin="${script_dir}/nsdax" + gcc -O2 "${script_dir}/nsdax.gpl.c" -o "${nsdax_bin}" + trap "rm ${nsdax_bin}" EXIT + fi + "${nsdax_bin}" "${header_image}" "${dax_header_bytes}" "${dax_alignment_bytes}" sync touch "${dax_image}" @@ -452,6 +460,7 @@ main() { local image="${IMAGE:-kata-containers.img}" local block_size="${BLOCK_SIZE:-4096}" local root_free_space="${ROOT_FREE_SPACE:-}" + local nsdax_bin="${NSDAX_BIN:-}" while getopts "ho:r:f:" opt do @@ -471,6 +480,7 @@ main() { exit 0 fi + local container_engine if [ -n "${USE_DOCKER}" ]; then container_engine="docker" elif [ -n "${USE_PODMAN}" ]; then @@ -478,8 +488,11 @@ main() { fi if [ -n "$container_engine" ]; then - build_with_container "${rootfs}" "${image}" "${fs_type}" "${block_size}" \ - "${root_free_space}" "${agent_bin}" "${agent_init}" "${container_engine}" + build_with_container "${rootfs}" \ + "${image}" "${fs_type}" "${block_size}" \ + "${root_free_space}" "${agent_bin}" \ + "${agent_init}" "${container_engine}" \ + "${nsdax_bin}" exit $? fi @@ -496,7 +509,7 @@ main() { "${fs_type}" "${block_size}" # insert at the beginning of the image the MBR + DAX header - set_dax_header "${image}" "${img_size}" "${fs_type}" + set_dax_header "${image}" "${img_size}" "${fs_type}" "${nsdax_bin}" } main "$@" From 6cae294e83ff160e6957d72c23653a661912b4bc Mon Sep 17 00:00:00 2001 From: Cole Robinson Date: Thu, 5 Mar 2020 16:04:59 -0500 Subject: [PATCH 290/307] initrd-builder: Don't error if run as non-root Nothing inherently requires root here. If the ROOTFS_DIR is only root accessible then the operation may fail, but better IMO to let that fail naturally Fixes: #422 Signed-off-by: Cole Robinson --- initrd-builder/initrd_builder.sh | 2 -- 1 file changed, 2 deletions(-) diff --git a/initrd-builder/initrd_builder.sh b/initrd-builder/initrd_builder.sh index bc5692966..531350289 100755 --- a/initrd-builder/initrd_builder.sh +++ b/initrd-builder/initrd_builder.sh @@ -70,8 +70,6 @@ OK "init is installed" use AGENT_BIN env variable to change the expected agent binary name" OK "Agent is installed" -[ "$(id -u)" -eq 0 ] || die "$0: must be run as root" - # initramfs expects /init ln -sf /sbin/init "${ROOTFS}/init" From 87a5d5c8d71a3c5d1d550aa58dae8543c867cc96 Mon Sep 17 00:00:00 2001 From: Cole Robinson Date: Wed, 4 Mar 2020 17:56:03 -0500 Subject: [PATCH 291/307] rootfs: Don't overwrite /sbin/init if it already exists The prepare_overlay() code path is called when rootfs.sh is invoked with no passed in distro string. This is used for the dracut case from the Makefile for example. In that particular case, the starting root directory is empty. It's also valid to pass a prepopulated directory to rootfs.sh, which is essentially a request for the script to just make the necessary kata changes. Currently though prepare_overlay() makes some changes that could wipe out pre-arranged /sbin/init setup. Check first to see if /sbin/init exists in the rootfs dir, and if so, skip the symlink changes Fixes: #419 Signed-off-by: Cole Robinson --- rootfs-builder/rootfs.sh | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/rootfs-builder/rootfs.sh b/rootfs-builder/rootfs.sh index 5a5655ec1..587647aaa 100755 --- a/rootfs-builder/rootfs.sh +++ b/rootfs-builder/rootfs.sh @@ -455,10 +455,18 @@ prepare_overlay() { pushd "${ROOTFS_DIR}" > /dev/null mkdir -p ./etc ./lib/systemd ./sbin ./var - ln -sf ./usr/lib/systemd/systemd ./init - ln -sf ../../init ./lib/systemd/systemd - ln -sf ../init ./sbin/init - # Kata sytemd unit file + + # This symlink hacking is mostly to make later rootfs + # validation work correctly for the dracut case. + # We skip this if /sbin/init exists in the rootfs, meaning + # we were passed a pre-populated rootfs directory + if [ ! -e ./sbin/init ]; then + ln -sf ./usr/lib/systemd/systemd ./init + ln -sf ../../init ./lib/systemd/systemd + ln -sf ../init ./sbin/init + fi + + # Kata systemd unit file mkdir -p ./etc/systemd/system/basic.target.wants/ ln -sf /usr/lib/systemd/system/kata-containers.target ./etc/systemd/system/basic.target.wants/kata-containers.target popd > /dev/null From 9cba8c4c27451c3185e419e8e77ef960d7e87b63 Mon Sep 17 00:00:00 2001 From: Penny Zheng Date: Thu, 20 Feb 2020 09:54:09 +0800 Subject: [PATCH 292/307] musl: install musl on aarch64 The original musl-installing method is only for x86_64 and i386(see musl config.mak template file). musl.cc provides small and reliable pre-built musl toolchains for many architectures. Static so they run on supported platforms without dependencies. Fixes: #411 Signed-off-by: Penny Zheng --- scripts/lib.sh | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/scripts/lib.sh b/scripts/lib.sh index 1ddaa5fce..c7a09aeb8 100644 --- a/scripts/lib.sh +++ b/scripts/lib.sh @@ -296,9 +296,23 @@ RUN pushd /root; \ make install > /dev/null 2>\&1; \ popd " - local musl_tar="musl-${MUSL_VERSION}.tar.gz" - local musl_dir="musl-${MUSL_VERSION}" - readonly install_musl=" + # install musl for compiling rust-agent + install_musl= + if [ "${muslarch}" == "aarch64" ]; then + local musl_tar="${muslarch}-linux-musl-native.tgz" + local musl_dir="${muslarch}-linux-musl-native" + install_musl=" +RUN cd /tmp; \ + curl -sLO https://musl.cc/${musl_tar}; tar -zxf ${musl_tar}; \ + mkdir -p /usr/local/musl/; \ + cp -r ${musl_dir}/* /usr/local/musl/ +ENV PATH=\$PATH:/usr/local/musl/bin +RUN ln -sf /usr/local/musl/bin/g++ /usr/bin/g++ +" + else + local musl_tar="musl-${MUSL_VERSION}.tar.gz" + local musl_dir="musl-${MUSL_VERSION}" + install_musl=" RUN pushd /root; \ curl -sLO https://www.musl-libc.org/releases/${musl_tar}; tar -zxf ${musl_tar}; \ cd ${musl_dir}; \ @@ -310,6 +324,8 @@ RUN pushd /root; \ popd ENV PATH=\$PATH:/usr/local/musl/bin " + fi + readonly install_rust=" RUN curl --proto '=https' --tlsv1.2 https://sh.rustup.rs -sSLf --output /tmp/rust-init; \ chmod a+x /tmp/rust-init; \ From 41aaa36e6f32b97b537d3ccdf65e06c4df454c5c Mon Sep 17 00:00:00 2001 From: Penny Zheng Date: Thu, 20 Feb 2020 10:57:15 +0800 Subject: [PATCH 293/307] ubuntu/debian: create aarch64-specific Dockerfile.in The musl package in ubuntu/debian could not provide everything we need on aarch64. e.g. we need `aarch64-linux-musl-gcc` as linker, and it's not provided in package. Fixes: #411 Signed-off-by: Penny Zheng --- rootfs-builder/debian/Dockerfile-aarch64.in | 35 ++++++++++++++++++ rootfs-builder/ubuntu/Dockerfile-aarch64.in | 39 +++++++++++++++++++++ scripts/lib.sh | 11 ++++-- 3 files changed, 83 insertions(+), 2 deletions(-) create mode 100644 rootfs-builder/debian/Dockerfile-aarch64.in create mode 100644 rootfs-builder/ubuntu/Dockerfile-aarch64.in diff --git a/rootfs-builder/debian/Dockerfile-aarch64.in b/rootfs-builder/debian/Dockerfile-aarch64.in new file mode 100644 index 000000000..e119d3599 --- /dev/null +++ b/rootfs-builder/debian/Dockerfile-aarch64.in @@ -0,0 +1,35 @@ +# +# Copyright (c) 2020 ARM Limited +# +# SPDX-License-Identifier: Apache-2.0 + +# NOTE: OS_VERSION is set according to config.sh +from docker.io/debian:@OS_VERSION@ + +# RUN commands +RUN apt-get update && apt-get install -y \ + autoconf \ + automake \ + binutils \ + build-essential \ + chrony \ + cmake \ + coreutils \ + curl \ + debianutils \ + debootstrap \ + g++ \ + gcc \ + git \ + libc-dev \ + libstdc++-6-dev \ + m4 \ + make \ + sed \ + systemd \ + tar \ + vim +# This will install the proper golang to build Kata components +@INSTALL_GO@ +@INSTALL_MUSL@ +@INSTALL_RUST@ diff --git a/rootfs-builder/ubuntu/Dockerfile-aarch64.in b/rootfs-builder/ubuntu/Dockerfile-aarch64.in new file mode 100644 index 000000000..13bb09743 --- /dev/null +++ b/rootfs-builder/ubuntu/Dockerfile-aarch64.in @@ -0,0 +1,39 @@ +# +# Copyright (c) 2020 ARM Limited +# +# SPDX-License-Identifier: Apache-2.0 + +#ubuntu: docker image to be used to create a rootfs +#@OS_VERSION@: Docker image version to build this dockerfile +from docker.io/ubuntu:@OS_VERSION@ + +# This dockerfile needs to provide all the componets need to build a rootfs +# Install any package need to create a rootfs (package manager, extra tools) + +# RUN commands +RUN apt-get update && apt-get install -y \ + autoconf \ + automake \ + binutils \ + build-essential \ + chrony \ + cmake \ + coreutils \ + curl \ + debianutils \ + debootstrap \ + g++ \ + gcc \ + git \ + libc6-dev \ + libstdc++-8-dev \ + m4 \ + make \ + sed \ + systemd \ + tar \ + vim +# This will install the proper golang to build Kata components +@INSTALL_GO@ +@INSTALL_MUSL@ +@INSTALL_RUST@ diff --git a/scripts/lib.sh b/scripts/lib.sh index c7a09aeb8..9f8aa54dc 100644 --- a/scripts/lib.sh +++ b/scripts/lib.sh @@ -274,7 +274,6 @@ generate_dockerfile() curlOptions=("-OL") [ -n "${http_proxy:-}" ] && curlOptions+=("-x ${http_proxy:-}") - readonly dockerfile_template="Dockerfile.in" readonly install_go=" RUN cd /tmp ; curl ${curlOptions[@]} https://storage.googleapis.com/golang/go${GO_VERSION}.linux-${goarch}.tar.gz RUN tar -C /usr/ -xzf /tmp/go${GO_VERSION}.linux-${goarch}.tar.gz @@ -344,7 +343,15 @@ RUN ln -sf /usr/bin/g++ /bin/musl-g++ # rust agent still need go to build # because grpc-sys need go to build pushd ${dir} - [ -f "${dockerfile_template}" ] || die "${dockerfile_template}: file not found" + dockerfile_template="Dockerfile.in" + dockerfile_arch_template="Dockerfile-${architecture}.in" + # if arch-specific docker file exists, swap the univesal one with it. + if [ -f "${dockerfile_arch_template}" ]; then + dockerfile_template="${dockerfile_arch_template}" + else + [ -f "${dockerfile_template}" ] || die "${dockerfile_template}: file not found" + fi + # powerpc have no musl target, don't setup rust enviroment # since we cannot static link agent. Besides, there is # also long double representation problem when building musl-libc From a390a360dbdcef4f4516cf2e837259dd9f29aa06 Mon Sep 17 00:00:00 2001 From: Penny Zheng Date: Tue, 10 Mar 2020 13:57:47 +0800 Subject: [PATCH 294/307] rootfs: remove RUST_SRC_PATH If user wants to use customized rust-agent, they could use AGENT_SOURCE_BIN to pass the static binary. The rust-agent is always statically linked with musl. Fixes: #411 Signed-off-by: Penny Zheng --- rootfs-builder/rootfs.sh | 19 ++++--------------- scripts/lib.sh | 2 +- 2 files changed, 5 insertions(+), 16 deletions(-) diff --git a/rootfs-builder/rootfs.sh b/rootfs-builder/rootfs.sh index 5a5655ec1..f0dd260aa 100755 --- a/rootfs-builder/rootfs.sh +++ b/rootfs-builder/rootfs.sh @@ -17,7 +17,6 @@ GO_AGENT_PKG=${GO_AGENT_PKG:-github.com/kata-containers/agent} RUST_AGENT_PKG=${RUST_AGENT_PKG:-github.com/kata-containers/kata-containers} RUST_AGENT=${RUST_AGENT:-no} RUST_VERSION="null" -RUST_SRC_PATH=${RUST_SRC_PATH:-${HOME}/rust} CMAKE_VERSION=${CMAKE_VERSION:-"null"} MUSL_VERSION=${MUSL_VERSION:-"null"} AGENT_BIN=${AGENT_BIN:-kata-agent} @@ -107,9 +106,6 @@ RUST_AGENT When set to "yes", build kata-agent from kata-rust-agent ins RUST_AGENT_PKG URL of the Git repository hosting the agent package. Default value: ${RUST_AGENT_PKG} -RUST_SRC_PATH Path of the source code - Default value: ${RUST_SRC_PATH} - AGENT_VERSION Version of the agent to include in the rootfs. Default value: ${AGENT_VERSION:-} @@ -281,7 +277,6 @@ check_env_variables() if [ -z "${AGENT_SOURCE_BIN}" ]; then [ "$RUST_AGENT" == "yes" -o "$RUST_AGENT" == "no" ] || die "RUST_AGENT($RUST_AGENT) is invalid (must be yes or no)" - mkdir -p ${RUST_SRC_PATH} || : fi [ -n "${KERNEL_MODULES_DIR}" ] && [ ! -d "${KERNEL_MODULES_DIR}" ] && die "KERNEL_MODULES_DIR defined but is not an existing directory" @@ -392,7 +387,7 @@ build_rootfs_distro() if [ "$RUST_AGENT" == "no" ]; then docker_run_args+=" --env GO_AGENT_PKG=${GO_AGENT_PKG}" else - docker_run_args+=" --env RUST_AGENT_PKG=${RUST_AGENT_PKG} -v ${RUST_SRC_PATH}:${RUST_SRC_PATH} --env RUST_SRC_PATH=${RUST_SRC_PATH}" + docker_run_args+=" --env RUST_AGENT_PKG=${RUST_AGENT_PKG}" fi docker_run_args+=" --env RUST_AGENT=${RUST_AGENT} -v ${GOPATH_LOCAL}:${GOPATH_LOCAL} --env GOPATH=${GOPATH_LOCAL}" else @@ -405,9 +400,6 @@ build_rootfs_distro() # Relabel volumes so SELinux allows access (see docker-run(1)) if command -v selinuxenabled > /dev/null && selinuxenabled ; then SRC_VOL=("${GOPATH_LOCAL}") - if [ "${RUST_AGENT}" == "yes" ]; then - SRC_VOL+=("${RUST_SRC_PATH}") - fi for volume_dir in "${script_dir}" \ "${ROOTFS_DIR}" \ @@ -570,12 +562,9 @@ EOT # looks like $HOME is resolved to empty when # container is started source "${HOME}/.cargo/env" - local -r agent_dir="$(basename ${RUST_AGENT_PKG})/src/agent" - pushd "${RUST_SRC_PATH}" - if [ ! -d ${RUST_SRC_PATH}/${agent_dir} ]; then - git clone https://${RUST_AGENT_PKG}.git - fi - cd ${agent_dir} + git clone https://${RUST_AGENT_PKG}.git + local -r agent_dir="${GOPATH_LOCAL}/src/${RUST_AGENT_PKG}/src/agent" + pushd "${agent_dir}" # checkout correct version [ -n "${AGENT_VERSION}" ] && git checkout "${AGENT_VERSION}" && OK "git checkout successful" make clean diff --git a/scripts/lib.sh b/scripts/lib.sh index 9f8aa54dc..d585da407 100644 --- a/scripts/lib.sh +++ b/scripts/lib.sh @@ -199,7 +199,7 @@ create_summary_file() if [ "${RUST_AGENT}" == "no" ]; then agent_version=$("$agent" --version|awk '{print $NF}') else - local -r agentdir="${RUST_SRC_PATH}/$(basename ${RUST_AGENT_PKG} .git)/src/agent" + local -r agentdir="${GOPATH}/src/${RUST_AGENT_PKG}/src/agent" agent_version=$(cat ${agentdir}/VERSION) fi From 67343a178c111ba986dfb4ea5220284f178907dc Mon Sep 17 00:00:00 2001 From: Penny Zheng Date: Tue, 10 Mar 2020 14:06:33 +0800 Subject: [PATCH 295/307] rust-agent: Separate the build up of rust-agent and go-agent Separate the build up of rust-agent and go-agent, hence you only select one as kata-agent. I've added the generation of rust-agent systemd service files into rust-agent Makefile. Therefore, we could use same `make` commands to build go-agent and rust-agent. Fixes: #411 Signed-off-by: Penny Zheng --- rootfs-builder/rootfs.sh | 35 ++++++++++++++++------------------- 1 file changed, 16 insertions(+), 19 deletions(-) diff --git a/rootfs-builder/rootfs.sh b/rootfs-builder/rootfs.sh index f0dd260aa..692321e56 100755 --- a/rootfs-builder/rootfs.sh +++ b/rootfs-builder/rootfs.sh @@ -544,34 +544,31 @@ EOT AGENT_DEST="${AGENT_DIR}/${AGENT_BIN}" if [ -z "${AGENT_SOURCE_BIN}" ] ; then + if [ "$RUST_AGENT" != "yes" ]; then + agent_pkg="${GO_AGENT_PKG}" + agent_dir="${GOPATH_LOCAL}/src/${GO_AGENT_PKG}" + else + # The PATH /.cargo/bin is apparently wrong + # looks like $HOME is resolved to empty when + # container is started + source "${HOME}/.cargo/env" + agent_pkg="${RUST_AGENT_PKG}" + agent_dir="${GOPATH_LOCAL}/src/${RUST_AGENT_PKG}/src/agent" + # For now, rust-agent doesn't support seccomp yet. + SECCOMP="no" + fi + info "Pull Agent source code" - go get -d "${GO_AGENT_PKG}" || true + go get -d "${agent_pkg}" || true OK "Pull Agent source code" info "Build agent" - pushd "${GOPATH_LOCAL}/src/${GO_AGENT_PKG}" + pushd "${agent_dir}" [ -n "${AGENT_VERSION}" ] && git checkout "${AGENT_VERSION}" && OK "git checkout successful" || info "checkout failed!" make clean make INIT=${AGENT_INIT} make install DESTDIR="${ROOTFS_DIR}" INIT=${AGENT_INIT} SECCOMP=${SECCOMP} popd - if [ "$RUST_AGENT" == "yes" ]; then - # build rust agent - info "Build rust agent" - # The PATH /.cargo/bin is apparently wrong - # looks like $HOME is resolved to empty when - # container is started - source "${HOME}/.cargo/env" - git clone https://${RUST_AGENT_PKG}.git - local -r agent_dir="${GOPATH_LOCAL}/src/${RUST_AGENT_PKG}/src/agent" - pushd "${agent_dir}" - # checkout correct version - [ -n "${AGENT_VERSION}" ] && git checkout "${AGENT_VERSION}" && OK "git checkout successful" - make clean - make - make install DESTDIR="${ROOTFS_DIR}" - popd - fi else cp ${AGENT_SOURCE_BIN} ${AGENT_DEST} OK "cp ${AGENT_SOURCE_BIN} ${AGENT_DEST}" From 1c063afc5fb231005785f1eeec43a03b39727d35 Mon Sep 17 00:00:00 2001 From: Julio Montes Date: Thu, 12 Mar 2020 15:12:32 +0000 Subject: [PATCH 296/307] scripts: set a default path to the yq binary Use the path where `install-yq.sh` installs `yq` as the default path to the `yq` binary in `lib.sh`. Install `yq` in the default path if it doesn't exist. fixes #429 Signed-off-by: Julio Montes --- scripts/lib.sh | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/scripts/lib.sh b/scripts/lib.sh index d585da407..9f361358b 100644 --- a/scripts/lib.sh +++ b/scripts/lib.sh @@ -382,8 +382,8 @@ RUN ln -sf /usr/bin/g++ /bin/musl-g++ detect_go_version() { info "Detecting agent go version" - typeset -r yq=$(command -v yq || command -v ${GOPATH}/bin/yq) - if [ -z "$yq" ]; then + typeset yq=$(command -v yq || command -v ${GOPATH}/bin/yq || echo "${GOPATH}/bin/yq") + if [ ! -f "$yq" ]; then source "$yq_file" fi @@ -428,8 +428,8 @@ detect_go_version() detect_rust_version() { info "Detecting agent rust version" - typeset -r yq=$(command -v yq || command -v ${GOPATH}/bin/yq) - if [ -z "$yq" ]; then + typeset -r yq=$(command -v yq || command -v ${GOPATH}/bin/yq || echo "${GOPATH}/bin/yq") + if [ ! -f "$yq" ]; then source "$yq_file" fi @@ -475,8 +475,8 @@ detect_cmake_version() { info "Detecting cmake version" - typeset -r yq=$(command -v yq || command -v ${GOPATH}/bin/yq) - if [ -z "$yq" ]; then + typeset -r yq=$(command -v yq || command -v ${GOPATH}/bin/yq || echo "${GOPATH}/bin/yq") + if [ ! -f "$yq" ]; then source "$yq_file" fi @@ -522,8 +522,8 @@ detect_musl_version() { info "Detecting musl version" - typeset -r yq=$(command -v yq || command -v ${GOPATH}/bin/yq) - if [ -z "$yq" ]; then + typeset -r yq=$(command -v yq || command -v ${GOPATH}/bin/yq || echo "${GOPATH}/bin/yq") + if [ ! -f "$yq" ]; then source "$yq_file" fi From 65717ba6d0a6badc8c82e8e6e4b2015543a91b58 Mon Sep 17 00:00:00 2001 From: Peng Tao Date: Mon, 16 Mar 2020 12:39:05 +0000 Subject: [PATCH 297/307] release: Kata Containers 1.11.0-alpha1 - scripts: set a default path to the yq binary - AArch64: Build rust image on aarch64 - image-builder: Add NSDAX_BIN for passing in compiled nsdax tool - rootfs: Don't overwrite /sbin/init if it already exists - tests: Improve running test_images.sh locally 1c063af scripts: set a default path to the yq binary 67343a1 rust-agent: Separate the build up of rust-agent and go-agent a390a36 rootfs: remove RUST_SRC_PATH 41aaa36 ubuntu/debian: create aarch64-specific Dockerfile.in 9cba8c4 musl: install musl on aarch64 87a5d5c rootfs: Don't overwrite /sbin/init if it already exists 4004bd8 image-builder: Add NSDAX_BIN for passing in compiled nsdax tool 134175b tests: Document the changed KATA_DEV_MODE behavior 0f4eac4 tests: Skip initrd/image launch if KATA_DEV_MODE 762ec28 tests: Drop kata-runtime env validation if KATA_DEV_MODE is set 6f17b9c tests: Skip set_runtime if KATA_DEV_MODE is set 17a8fb1 tests: Skip all kata-manager usage if KATA_DEV_MODE is set e787bb0 tests: Define KATA_DEV_MODE cef2591 tests: Rework dracut docker bind mounts f3ab6d2 tests: Don't run commands with `chronic` if DEBUG is set 7a8e816 tests: Specify DRACUT_OVERLAY_DIR 7dd99c0 tests: Add project_dir helper variable 1ae3922 tests: Have DEBUG=1 set bash xtrace 555ddf3 tests: Remove unused USE_DOCKER export 0e6a12c tests: Pass DOCKER_RUNTIME to osbuilder scripts e8624d8 tests: Rename docker_build_runtime -> DOCKER_RUNTIME cd46d09 tests: Remove hardcoded 'runc' reference c574ec0 tests: Remove dead unset images_dir check 44f2931 tests: Remove unused test_func_prefix Signed-off-by: Peng Tao --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index 26b980b24..b4c7bf293 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.11.0-alpha0 +1.11.0-alpha1 From 7c92854e5dd1d192614750e2a80d27443879fad9 Mon Sep 17 00:00:00 2001 From: Pratik Raj Date: Fri, 6 Mar 2020 15:42:40 +0530 Subject: [PATCH 298/307] debian: Don't install recommended software By default, Ubuntu or Debian based "apt" or "apt-get" system installs recommended but not suggested packages . By passing "--no-install-recommends" option, the user lets apt-get know not to consider recommended packages as a dependency to install. This results in smaller downloads and installation of packages . Refer to blog at [Ubuntu Blog](https://ubuntu.com/blog/we-reduced-our-docker-images-by-60-with-no-install-recommends) . Fixes: #427 Signed-off-by: Pratik Raj --- rootfs-builder/debian/Dockerfile.in | 2 +- rootfs-builder/ubuntu/Dockerfile.in | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/rootfs-builder/debian/Dockerfile.in b/rootfs-builder/debian/Dockerfile.in index ed57ec1a4..3120428c9 100644 --- a/rootfs-builder/debian/Dockerfile.in +++ b/rootfs-builder/debian/Dockerfile.in @@ -7,7 +7,7 @@ from docker.io/debian:@OS_VERSION@ # RUN commands -RUN apt-get update && apt-get install -y \ +RUN apt-get update && apt-get --no-install-recommends install -y \ autoconf \ automake \ binutils \ diff --git a/rootfs-builder/ubuntu/Dockerfile.in b/rootfs-builder/ubuntu/Dockerfile.in index f54b04db0..2fdc88d85 100644 --- a/rootfs-builder/ubuntu/Dockerfile.in +++ b/rootfs-builder/ubuntu/Dockerfile.in @@ -11,7 +11,7 @@ from docker.io/ubuntu:@OS_VERSION@ # Install any package need to create a rootfs (package manager, extra tools) # RUN commands -RUN apt-get update && apt-get install -y \ +RUN apt-get update && apt-get --no-install-recommends install -y \ autoconf \ automake \ binutils \ From 8d7817805a6740bef06e63729042d65c325ab634 Mon Sep 17 00:00:00 2001 From: Pratik Raj Date: Fri, 6 Mar 2020 16:15:40 +0530 Subject: [PATCH 299/307] debian: Install missing ca-certificates package Because CI build is 1. Slow and in log it is showing because "apt-utils" not installed 2. to avoid CI build to exits with error without having certificate Fixes: #427 Signed-off-by: Pratik Raj --- rootfs-builder/debian/Dockerfile.in | 2 ++ rootfs-builder/ubuntu/Dockerfile.in | 2 ++ 2 files changed, 4 insertions(+) diff --git a/rootfs-builder/debian/Dockerfile.in b/rootfs-builder/debian/Dockerfile.in index 3120428c9..88629aefa 100644 --- a/rootfs-builder/debian/Dockerfile.in +++ b/rootfs-builder/debian/Dockerfile.in @@ -8,10 +8,12 @@ from docker.io/debian:@OS_VERSION@ # RUN commands RUN apt-get update && apt-get --no-install-recommends install -y \ + apt-utils \ autoconf \ automake \ binutils \ build-essential \ + ca-certificates \ chrony \ cmake \ coreutils \ diff --git a/rootfs-builder/ubuntu/Dockerfile.in b/rootfs-builder/ubuntu/Dockerfile.in index 2fdc88d85..a5da267a4 100644 --- a/rootfs-builder/ubuntu/Dockerfile.in +++ b/rootfs-builder/ubuntu/Dockerfile.in @@ -12,10 +12,12 @@ from docker.io/ubuntu:@OS_VERSION@ # RUN commands RUN apt-get update && apt-get --no-install-recommends install -y \ + apt-utils \ autoconf \ automake \ binutils \ build-essential \ + ca-certificates \ chrony \ cmake \ coreutils \ From 9665563145172cecb854c079a2149d991f94a7af Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Mon, 23 Mar 2020 17:08:28 +0100 Subject: [PATCH 300/307] image_builder: Force mount_dir to be created in $TMPDIR MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Immutable systems, as such Red Hat Core OS and Fedora Core OS, will not allow mount_dir to be created in a location that's not read-write. Let's ensure we use $TMPDIR (with /tmp as fallback) as base for mount_dir, as it's a safe writable choice for any distro supported by kata. Fixes: #437 Signed-off-by: Fabiano FidĂȘncio --- image-builder/image_builder.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/image-builder/image_builder.sh b/image-builder/image_builder.sh index e18822d84..ceb303e06 100755 --- a/image-builder/image_builder.sh +++ b/image-builder/image_builder.sh @@ -374,7 +374,7 @@ create_rootfs_image() { fi info "Mounting root partition" - readonly mount_dir=$(mktemp -d osbuilder-mount-dir.XXXX) + readonly mount_dir=$(mktemp -p ${TMPDIR:-/tmp} -d osbuilder-mount-dir.XXXX) mount "${device}p1" "${mount_dir}" OK "root partition mounted" From 2ac3090c20b110392166d652070958c8b4a0cbb1 Mon Sep 17 00:00:00 2001 From: Alice Frosi Date: Thu, 26 Mar 2020 15:36:08 +0000 Subject: [PATCH 301/307] s390x: Skip rust for s390x Need to verify that rust deps are available on s390x Fixes #438 Signed-off-by: Alice Frosi --- scripts/lib.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/lib.sh b/scripts/lib.sh index 9f361358b..a599712cc 100644 --- a/scripts/lib.sh +++ b/scripts/lib.sh @@ -355,7 +355,7 @@ RUN ln -sf /usr/bin/g++ /bin/musl-g++ # powerpc have no musl target, don't setup rust enviroment # since we cannot static link agent. Besides, there is # also long double representation problem when building musl-libc - if [ "${architecture}" == "ppc64le" ]; then + if [ "${architecture}" == "ppc64le" ] || [ "${architecture}" == "s390x" ]; then sed \ -e "s|@GO_VERSION@|${GO_VERSION}|g" \ -e "s|@OS_VERSION@|${OS_VERSION:-}|g" \ From c29dbae5b2497ea7f17b832fe9860ef365a041ae Mon Sep 17 00:00:00 2001 From: Penny Zheng Date: Wed, 15 Apr 2020 11:09:29 +0800 Subject: [PATCH 302/307] tests: deleting when tests failed We only dumped test results for debugging, when tests failed. we should also delete them for avoiding leaving stale test results under /tmp. Fixes: #442 Signed-off-by: Penny Zheng --- tests/test_images.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/test_images.sh b/tests/test_images.sh index 8ccd24ba2..a3a7757bb 100755 --- a/tests/test_images.sh +++ b/tests/test_images.sh @@ -177,6 +177,7 @@ exit_handler() if [ -d "${tmp_rootfs}" ]; then info "rootfs:" sudo -E ls -l "${tmp_rootfs}" >&2 + sudo -E rm -rf "${tmp_rootfs}" else info "no rootfs created" # If no rootfs are created, no need to dump other info @@ -186,6 +187,7 @@ exit_handler() if [ -d "${images_dir}" ]; then info "images:" sudo -E ls -l "${images_dir}" >&2 + sudo -E rm -rf "${images_dir}" else info "no images created" # If no images are created, no need to dump other info From b7d1e30c9f5493092c3c425a4ae4988df3136290 Mon Sep 17 00:00:00 2001 From: Salvador Fuentes Date: Fri, 17 Apr 2020 17:51:16 +0000 Subject: [PATCH 303/307] release: Kata Containers 1.11.0-rc0 - tests: deleting stale test results when tests failed - image_builder: Reduce the boundary mb for reducing image size on arm64 - initrd-builder: Don't error if run as non-root - s390x: Skip rust for s390x - image_builder: Force mount_dir to be created in /tmp c29dbae tests: deleting when tests failed 2ac3090 s390x: Skip rust for s390x 9665563 image_builder: Force mount_dir to be created in $TMPDIR 6cae294 initrd-builder: Don't error if run as non-root 005c62a image_builder: Reduce the boundary mb for reducing image size on arm64 Signed-off-by: Salvador Fuentes --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index b4c7bf293..46d0bdd02 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.11.0-alpha1 +1.11.0-rc0 From 715d3425195d55c2ec1f2073b23449e3f46a4aa0 Mon Sep 17 00:00:00 2001 From: Salvador Fuentes Date: Wed, 29 Apr 2020 16:45:00 -0500 Subject: [PATCH 304/307] osbuilder: move code into tools directory move all osbuilder files into `tools` directory to be able to merge this into kata-containers repo. Signed-off-by: Salvador Fuentes --- .ci/lib.sh | 24 ----------------- .ci/run.sh | 18 ------------- .ci/setup.sh | 21 --------------- .ci/static-checks.sh | 12 --------- .travis.yml | 27 ------------------- .gitignore => tools/osbuilder/.gitignore | 0 .../osbuilder/CODE_OF_CONDUCT.md | 0 .../osbuilder/CONTRIBUTING.md | 0 LICENSE => tools/osbuilder/LICENSE | 0 Makefile => tools/osbuilder/Makefile | 0 README.md => tools/osbuilder/README.md | 0 VERSION => tools/osbuilder/VERSION | 0 .../osbuilder/dracut}/Dockerfile.in | 0 .../dracut}/dracut.conf.d/05-base.conf | 0 .../dracut}/dracut.conf.d/10-drivers.conf | 0 .../osbuilder/image-builder}/Dockerfile | 0 .../osbuilder/image-builder}/README.md | 0 .../osbuilder/image-builder}/image_builder.sh | 0 .../osbuilder/image-builder}/nsdax.gpl.c | 0 .../osbuilder/initrd-builder}/README.md | 0 .../initrd-builder}/initrd_builder.sh | 0 .../osbuilder/rootfs-builder}/.gitignore | 0 .../osbuilder/rootfs-builder}/README.md | 0 .../rootfs-builder}/alpine/Dockerfile.in | 0 .../rootfs-builder}/alpine/config.sh | 0 .../rootfs-builder}/alpine/rootfs_lib.sh | 0 .../rootfs-builder}/centos/Dockerfile.in | 0 .../rootfs-builder}/centos/config.sh | 0 .../rootfs-builder}/centos/config_aarch64.sh | 0 .../rootfs-builder}/centos/config_ppc64le.sh | 0 .../rootfs-builder}/clearlinux/Dockerfile.in | 0 .../rootfs-builder}/clearlinux/config.sh | 0 .../debian/Dockerfile-aarch64.in | 0 .../rootfs-builder}/debian/Dockerfile.in | 0 .../rootfs-builder}/debian/config.sh | 0 .../rootfs-builder}/debian/rootfs_lib.sh | 0 .../rootfs-builder}/euleros/Dockerfile.in | 0 .../euleros/RPM-GPG-KEY-EulerOS | 0 .../rootfs-builder}/euleros/config.sh | 0 .../rootfs-builder}/fedora/Dockerfile.in | 0 .../rootfs-builder}/fedora/config.sh | 0 .../rootfs-builder}/fedora/config_aarch64.sh | 0 .../osbuilder/rootfs-builder}/rootfs.sh | 0 .../rootfs-builder}/suse/Dockerfile.in | 0 .../osbuilder/rootfs-builder}/suse/config.sh | 0 .../osbuilder/rootfs-builder}/suse/config.xml | 0 .../rootfs-builder}/suse/install-packages.sh | 0 .../rootfs-builder}/suse/rootfs_lib.sh | 0 .../template/Dockerfile.template | 0 .../rootfs-builder}/template/Makefile | 0 .../template/config_template.sh | 0 .../template/rootfs_lib_template.sh | 0 .../ubuntu/Dockerfile-aarch64.in | 0 .../rootfs-builder}/ubuntu/Dockerfile.in | 0 .../rootfs-builder}/ubuntu/config.sh | 0 .../rootfs-builder}/ubuntu/rootfs_lib.sh | 0 .../osbuilder/scripts}/install-yq.sh | 0 {scripts => tools/osbuilder/scripts}/lib.sh | 0 {tests => tools/osbuilder/tests}/README.md | 0 .../osbuilder/tests}/test_config.sh | 0 .../osbuilder/tests}/test_images.sh | 0 61 files changed, 102 deletions(-) delete mode 100644 .ci/lib.sh delete mode 100755 .ci/run.sh delete mode 100755 .ci/setup.sh delete mode 100755 .ci/static-checks.sh delete mode 100644 .travis.yml rename .gitignore => tools/osbuilder/.gitignore (100%) rename CODE_OF_CONDUCT.md => tools/osbuilder/CODE_OF_CONDUCT.md (100%) rename CONTRIBUTING.md => tools/osbuilder/CONTRIBUTING.md (100%) rename LICENSE => tools/osbuilder/LICENSE (100%) rename Makefile => tools/osbuilder/Makefile (100%) rename README.md => tools/osbuilder/README.md (100%) rename VERSION => tools/osbuilder/VERSION (100%) rename {dracut => tools/osbuilder/dracut}/Dockerfile.in (100%) rename {dracut => tools/osbuilder/dracut}/dracut.conf.d/05-base.conf (100%) rename {dracut => tools/osbuilder/dracut}/dracut.conf.d/10-drivers.conf (100%) rename {image-builder => tools/osbuilder/image-builder}/Dockerfile (100%) rename {image-builder => tools/osbuilder/image-builder}/README.md (100%) rename {image-builder => tools/osbuilder/image-builder}/image_builder.sh (100%) rename {image-builder => tools/osbuilder/image-builder}/nsdax.gpl.c (100%) rename {initrd-builder => tools/osbuilder/initrd-builder}/README.md (100%) rename {initrd-builder => tools/osbuilder/initrd-builder}/initrd_builder.sh (100%) rename {rootfs-builder => tools/osbuilder/rootfs-builder}/.gitignore (100%) rename {rootfs-builder => tools/osbuilder/rootfs-builder}/README.md (100%) rename {rootfs-builder => tools/osbuilder/rootfs-builder}/alpine/Dockerfile.in (100%) rename {rootfs-builder => tools/osbuilder/rootfs-builder}/alpine/config.sh (100%) rename {rootfs-builder => tools/osbuilder/rootfs-builder}/alpine/rootfs_lib.sh (100%) rename {rootfs-builder => tools/osbuilder/rootfs-builder}/centos/Dockerfile.in (100%) rename {rootfs-builder => tools/osbuilder/rootfs-builder}/centos/config.sh (100%) rename {rootfs-builder => tools/osbuilder/rootfs-builder}/centos/config_aarch64.sh (100%) rename {rootfs-builder => tools/osbuilder/rootfs-builder}/centos/config_ppc64le.sh (100%) rename {rootfs-builder => tools/osbuilder/rootfs-builder}/clearlinux/Dockerfile.in (100%) rename {rootfs-builder => tools/osbuilder/rootfs-builder}/clearlinux/config.sh (100%) rename {rootfs-builder => tools/osbuilder/rootfs-builder}/debian/Dockerfile-aarch64.in (100%) rename {rootfs-builder => tools/osbuilder/rootfs-builder}/debian/Dockerfile.in (100%) rename {rootfs-builder => tools/osbuilder/rootfs-builder}/debian/config.sh (100%) rename {rootfs-builder => tools/osbuilder/rootfs-builder}/debian/rootfs_lib.sh (100%) rename {rootfs-builder => tools/osbuilder/rootfs-builder}/euleros/Dockerfile.in (100%) rename {rootfs-builder => tools/osbuilder/rootfs-builder}/euleros/RPM-GPG-KEY-EulerOS (100%) rename {rootfs-builder => tools/osbuilder/rootfs-builder}/euleros/config.sh (100%) rename {rootfs-builder => tools/osbuilder/rootfs-builder}/fedora/Dockerfile.in (100%) rename {rootfs-builder => tools/osbuilder/rootfs-builder}/fedora/config.sh (100%) rename {rootfs-builder => tools/osbuilder/rootfs-builder}/fedora/config_aarch64.sh (100%) rename {rootfs-builder => tools/osbuilder/rootfs-builder}/rootfs.sh (100%) rename {rootfs-builder => tools/osbuilder/rootfs-builder}/suse/Dockerfile.in (100%) rename {rootfs-builder => tools/osbuilder/rootfs-builder}/suse/config.sh (100%) rename {rootfs-builder => tools/osbuilder/rootfs-builder}/suse/config.xml (100%) rename {rootfs-builder => tools/osbuilder/rootfs-builder}/suse/install-packages.sh (100%) rename {rootfs-builder => tools/osbuilder/rootfs-builder}/suse/rootfs_lib.sh (100%) rename {rootfs-builder => tools/osbuilder/rootfs-builder}/template/Dockerfile.template (100%) rename {rootfs-builder => tools/osbuilder/rootfs-builder}/template/Makefile (100%) rename {rootfs-builder => tools/osbuilder/rootfs-builder}/template/config_template.sh (100%) rename {rootfs-builder => tools/osbuilder/rootfs-builder}/template/rootfs_lib_template.sh (100%) rename {rootfs-builder => tools/osbuilder/rootfs-builder}/ubuntu/Dockerfile-aarch64.in (100%) rename {rootfs-builder => tools/osbuilder/rootfs-builder}/ubuntu/Dockerfile.in (100%) rename {rootfs-builder => tools/osbuilder/rootfs-builder}/ubuntu/config.sh (100%) rename {rootfs-builder => tools/osbuilder/rootfs-builder}/ubuntu/rootfs_lib.sh (100%) rename {scripts => tools/osbuilder/scripts}/install-yq.sh (100%) rename {scripts => tools/osbuilder/scripts}/lib.sh (100%) rename {tests => tools/osbuilder/tests}/README.md (100%) rename {tests => tools/osbuilder/tests}/test_config.sh (100%) rename {tests => tools/osbuilder/tests}/test_images.sh (100%) diff --git a/.ci/lib.sh b/.ci/lib.sh deleted file mode 100644 index f9bfcbc5c..000000000 --- a/.ci/lib.sh +++ /dev/null @@ -1,24 +0,0 @@ -# -# Copyright (c) 2018 Intel Corporation -# -# SPDX-License-Identifier: Apache-2.0 - -export tests_repo="${tests_repo:-github.com/kata-containers/tests}" -export tests_repo_dir="$GOPATH/src/$tests_repo" - -clone_tests_repo() -{ - # KATA_CI_NO_NETWORK is (has to be) ignored if there is - # no existing clone. - if [ -d "$tests_repo_dir" -a -n "$KATA_CI_NO_NETWORK" ] - then - return - fi - - go get -d -u "$tests_repo" || true -} - -run_static_checks() -{ - bash "$tests_repo_dir/.ci/static-checks.sh" "github.com/kata-containers/osbuilder" -} diff --git a/.ci/run.sh b/.ci/run.sh deleted file mode 100755 index 7439a9d75..000000000 --- a/.ci/run.sh +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/bash -# -# Copyright (c) 2018 Intel Corporation -# -# SPDX-License-Identifier: Apache-2.0 -# - - -set -e - -export GOPATH="${GOPATH:-/tmp/go}" - -script_dir="$(dirname $(readlink -f $0))" - -sudo -E PATH="$PATH" bash "${script_dir}/../tests/test_images.sh" - -# run again to build rust agent -sudo -E RUST_AGENT="yes" PATH="$PATH" bash "${script_dir}/../tests/test_images.sh" diff --git a/.ci/setup.sh b/.ci/setup.sh deleted file mode 100755 index 355fa72a2..000000000 --- a/.ci/setup.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/bash -# -# Copyright (c) 2018 Intel Corporation -# -# SPDX-License-Identifier: Apache-2.0 -# -set -e - -cidir=$(dirname "$0") -source "${cidir}/lib.sh" - -clone_tests_repo - -pushd "${tests_repo_dir}" -.ci/setup.sh -popd - -bash "${cidir}/static-checks.sh" -# yq needed to correctly parse runtime/versions.yaml -make -C ${tests_repo_dir} install-yq - diff --git a/.ci/static-checks.sh b/.ci/static-checks.sh deleted file mode 100755 index cfadeaf8a..000000000 --- a/.ci/static-checks.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/bash -# -# Copyright (c) 2018 Intel Corporation -# -# SPDX-License-Identifier: Apache-2.0 - -set -e - -cidir=$(dirname "$0") -source "${cidir}/lib.sh" - -run_static_checks diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index d3cff5931..000000000 --- a/.travis.yml +++ /dev/null @@ -1,27 +0,0 @@ -# -# Copyright (c) 2018 Intel Corporation -# -# SPDX-License-Identifier: Apache-2.0 -# - -sudo: required -dist: bionic - -os: - - linux - - linux-ppc64le - -matrix: - allow_failures: - - os: linux-ppc64le - -language: bash - -services: - - docker - -before_script: - - ".ci/setup.sh" - -script: - - "travis_wait 50 .ci/run.sh" diff --git a/.gitignore b/tools/osbuilder/.gitignore similarity index 100% rename from .gitignore rename to tools/osbuilder/.gitignore diff --git a/CODE_OF_CONDUCT.md b/tools/osbuilder/CODE_OF_CONDUCT.md similarity index 100% rename from CODE_OF_CONDUCT.md rename to tools/osbuilder/CODE_OF_CONDUCT.md diff --git a/CONTRIBUTING.md b/tools/osbuilder/CONTRIBUTING.md similarity index 100% rename from CONTRIBUTING.md rename to tools/osbuilder/CONTRIBUTING.md diff --git a/LICENSE b/tools/osbuilder/LICENSE similarity index 100% rename from LICENSE rename to tools/osbuilder/LICENSE diff --git a/Makefile b/tools/osbuilder/Makefile similarity index 100% rename from Makefile rename to tools/osbuilder/Makefile diff --git a/README.md b/tools/osbuilder/README.md similarity index 100% rename from README.md rename to tools/osbuilder/README.md diff --git a/VERSION b/tools/osbuilder/VERSION similarity index 100% rename from VERSION rename to tools/osbuilder/VERSION diff --git a/dracut/Dockerfile.in b/tools/osbuilder/dracut/Dockerfile.in similarity index 100% rename from dracut/Dockerfile.in rename to tools/osbuilder/dracut/Dockerfile.in diff --git a/dracut/dracut.conf.d/05-base.conf b/tools/osbuilder/dracut/dracut.conf.d/05-base.conf similarity index 100% rename from dracut/dracut.conf.d/05-base.conf rename to tools/osbuilder/dracut/dracut.conf.d/05-base.conf diff --git a/dracut/dracut.conf.d/10-drivers.conf b/tools/osbuilder/dracut/dracut.conf.d/10-drivers.conf similarity index 100% rename from dracut/dracut.conf.d/10-drivers.conf rename to tools/osbuilder/dracut/dracut.conf.d/10-drivers.conf diff --git a/image-builder/Dockerfile b/tools/osbuilder/image-builder/Dockerfile similarity index 100% rename from image-builder/Dockerfile rename to tools/osbuilder/image-builder/Dockerfile diff --git a/image-builder/README.md b/tools/osbuilder/image-builder/README.md similarity index 100% rename from image-builder/README.md rename to tools/osbuilder/image-builder/README.md diff --git a/image-builder/image_builder.sh b/tools/osbuilder/image-builder/image_builder.sh similarity index 100% rename from image-builder/image_builder.sh rename to tools/osbuilder/image-builder/image_builder.sh diff --git a/image-builder/nsdax.gpl.c b/tools/osbuilder/image-builder/nsdax.gpl.c similarity index 100% rename from image-builder/nsdax.gpl.c rename to tools/osbuilder/image-builder/nsdax.gpl.c diff --git a/initrd-builder/README.md b/tools/osbuilder/initrd-builder/README.md similarity index 100% rename from initrd-builder/README.md rename to tools/osbuilder/initrd-builder/README.md diff --git a/initrd-builder/initrd_builder.sh b/tools/osbuilder/initrd-builder/initrd_builder.sh similarity index 100% rename from initrd-builder/initrd_builder.sh rename to tools/osbuilder/initrd-builder/initrd_builder.sh diff --git a/rootfs-builder/.gitignore b/tools/osbuilder/rootfs-builder/.gitignore similarity index 100% rename from rootfs-builder/.gitignore rename to tools/osbuilder/rootfs-builder/.gitignore diff --git a/rootfs-builder/README.md b/tools/osbuilder/rootfs-builder/README.md similarity index 100% rename from rootfs-builder/README.md rename to tools/osbuilder/rootfs-builder/README.md diff --git a/rootfs-builder/alpine/Dockerfile.in b/tools/osbuilder/rootfs-builder/alpine/Dockerfile.in similarity index 100% rename from rootfs-builder/alpine/Dockerfile.in rename to tools/osbuilder/rootfs-builder/alpine/Dockerfile.in diff --git a/rootfs-builder/alpine/config.sh b/tools/osbuilder/rootfs-builder/alpine/config.sh similarity index 100% rename from rootfs-builder/alpine/config.sh rename to tools/osbuilder/rootfs-builder/alpine/config.sh diff --git a/rootfs-builder/alpine/rootfs_lib.sh b/tools/osbuilder/rootfs-builder/alpine/rootfs_lib.sh similarity index 100% rename from rootfs-builder/alpine/rootfs_lib.sh rename to tools/osbuilder/rootfs-builder/alpine/rootfs_lib.sh diff --git a/rootfs-builder/centos/Dockerfile.in b/tools/osbuilder/rootfs-builder/centos/Dockerfile.in similarity index 100% rename from rootfs-builder/centos/Dockerfile.in rename to tools/osbuilder/rootfs-builder/centos/Dockerfile.in diff --git a/rootfs-builder/centos/config.sh b/tools/osbuilder/rootfs-builder/centos/config.sh similarity index 100% rename from rootfs-builder/centos/config.sh rename to tools/osbuilder/rootfs-builder/centos/config.sh diff --git a/rootfs-builder/centos/config_aarch64.sh b/tools/osbuilder/rootfs-builder/centos/config_aarch64.sh similarity index 100% rename from rootfs-builder/centos/config_aarch64.sh rename to tools/osbuilder/rootfs-builder/centos/config_aarch64.sh diff --git a/rootfs-builder/centos/config_ppc64le.sh b/tools/osbuilder/rootfs-builder/centos/config_ppc64le.sh similarity index 100% rename from rootfs-builder/centos/config_ppc64le.sh rename to tools/osbuilder/rootfs-builder/centos/config_ppc64le.sh diff --git a/rootfs-builder/clearlinux/Dockerfile.in b/tools/osbuilder/rootfs-builder/clearlinux/Dockerfile.in similarity index 100% rename from rootfs-builder/clearlinux/Dockerfile.in rename to tools/osbuilder/rootfs-builder/clearlinux/Dockerfile.in diff --git a/rootfs-builder/clearlinux/config.sh b/tools/osbuilder/rootfs-builder/clearlinux/config.sh similarity index 100% rename from rootfs-builder/clearlinux/config.sh rename to tools/osbuilder/rootfs-builder/clearlinux/config.sh diff --git a/rootfs-builder/debian/Dockerfile-aarch64.in b/tools/osbuilder/rootfs-builder/debian/Dockerfile-aarch64.in similarity index 100% rename from rootfs-builder/debian/Dockerfile-aarch64.in rename to tools/osbuilder/rootfs-builder/debian/Dockerfile-aarch64.in diff --git a/rootfs-builder/debian/Dockerfile.in b/tools/osbuilder/rootfs-builder/debian/Dockerfile.in similarity index 100% rename from rootfs-builder/debian/Dockerfile.in rename to tools/osbuilder/rootfs-builder/debian/Dockerfile.in diff --git a/rootfs-builder/debian/config.sh b/tools/osbuilder/rootfs-builder/debian/config.sh similarity index 100% rename from rootfs-builder/debian/config.sh rename to tools/osbuilder/rootfs-builder/debian/config.sh diff --git a/rootfs-builder/debian/rootfs_lib.sh b/tools/osbuilder/rootfs-builder/debian/rootfs_lib.sh similarity index 100% rename from rootfs-builder/debian/rootfs_lib.sh rename to tools/osbuilder/rootfs-builder/debian/rootfs_lib.sh diff --git a/rootfs-builder/euleros/Dockerfile.in b/tools/osbuilder/rootfs-builder/euleros/Dockerfile.in similarity index 100% rename from rootfs-builder/euleros/Dockerfile.in rename to tools/osbuilder/rootfs-builder/euleros/Dockerfile.in diff --git a/rootfs-builder/euleros/RPM-GPG-KEY-EulerOS b/tools/osbuilder/rootfs-builder/euleros/RPM-GPG-KEY-EulerOS similarity index 100% rename from rootfs-builder/euleros/RPM-GPG-KEY-EulerOS rename to tools/osbuilder/rootfs-builder/euleros/RPM-GPG-KEY-EulerOS diff --git a/rootfs-builder/euleros/config.sh b/tools/osbuilder/rootfs-builder/euleros/config.sh similarity index 100% rename from rootfs-builder/euleros/config.sh rename to tools/osbuilder/rootfs-builder/euleros/config.sh diff --git a/rootfs-builder/fedora/Dockerfile.in b/tools/osbuilder/rootfs-builder/fedora/Dockerfile.in similarity index 100% rename from rootfs-builder/fedora/Dockerfile.in rename to tools/osbuilder/rootfs-builder/fedora/Dockerfile.in diff --git a/rootfs-builder/fedora/config.sh b/tools/osbuilder/rootfs-builder/fedora/config.sh similarity index 100% rename from rootfs-builder/fedora/config.sh rename to tools/osbuilder/rootfs-builder/fedora/config.sh diff --git a/rootfs-builder/fedora/config_aarch64.sh b/tools/osbuilder/rootfs-builder/fedora/config_aarch64.sh similarity index 100% rename from rootfs-builder/fedora/config_aarch64.sh rename to tools/osbuilder/rootfs-builder/fedora/config_aarch64.sh diff --git a/rootfs-builder/rootfs.sh b/tools/osbuilder/rootfs-builder/rootfs.sh similarity index 100% rename from rootfs-builder/rootfs.sh rename to tools/osbuilder/rootfs-builder/rootfs.sh diff --git a/rootfs-builder/suse/Dockerfile.in b/tools/osbuilder/rootfs-builder/suse/Dockerfile.in similarity index 100% rename from rootfs-builder/suse/Dockerfile.in rename to tools/osbuilder/rootfs-builder/suse/Dockerfile.in diff --git a/rootfs-builder/suse/config.sh b/tools/osbuilder/rootfs-builder/suse/config.sh similarity index 100% rename from rootfs-builder/suse/config.sh rename to tools/osbuilder/rootfs-builder/suse/config.sh diff --git a/rootfs-builder/suse/config.xml b/tools/osbuilder/rootfs-builder/suse/config.xml similarity index 100% rename from rootfs-builder/suse/config.xml rename to tools/osbuilder/rootfs-builder/suse/config.xml diff --git a/rootfs-builder/suse/install-packages.sh b/tools/osbuilder/rootfs-builder/suse/install-packages.sh similarity index 100% rename from rootfs-builder/suse/install-packages.sh rename to tools/osbuilder/rootfs-builder/suse/install-packages.sh diff --git a/rootfs-builder/suse/rootfs_lib.sh b/tools/osbuilder/rootfs-builder/suse/rootfs_lib.sh similarity index 100% rename from rootfs-builder/suse/rootfs_lib.sh rename to tools/osbuilder/rootfs-builder/suse/rootfs_lib.sh diff --git a/rootfs-builder/template/Dockerfile.template b/tools/osbuilder/rootfs-builder/template/Dockerfile.template similarity index 100% rename from rootfs-builder/template/Dockerfile.template rename to tools/osbuilder/rootfs-builder/template/Dockerfile.template diff --git a/rootfs-builder/template/Makefile b/tools/osbuilder/rootfs-builder/template/Makefile similarity index 100% rename from rootfs-builder/template/Makefile rename to tools/osbuilder/rootfs-builder/template/Makefile diff --git a/rootfs-builder/template/config_template.sh b/tools/osbuilder/rootfs-builder/template/config_template.sh similarity index 100% rename from rootfs-builder/template/config_template.sh rename to tools/osbuilder/rootfs-builder/template/config_template.sh diff --git a/rootfs-builder/template/rootfs_lib_template.sh b/tools/osbuilder/rootfs-builder/template/rootfs_lib_template.sh similarity index 100% rename from rootfs-builder/template/rootfs_lib_template.sh rename to tools/osbuilder/rootfs-builder/template/rootfs_lib_template.sh diff --git a/rootfs-builder/ubuntu/Dockerfile-aarch64.in b/tools/osbuilder/rootfs-builder/ubuntu/Dockerfile-aarch64.in similarity index 100% rename from rootfs-builder/ubuntu/Dockerfile-aarch64.in rename to tools/osbuilder/rootfs-builder/ubuntu/Dockerfile-aarch64.in diff --git a/rootfs-builder/ubuntu/Dockerfile.in b/tools/osbuilder/rootfs-builder/ubuntu/Dockerfile.in similarity index 100% rename from rootfs-builder/ubuntu/Dockerfile.in rename to tools/osbuilder/rootfs-builder/ubuntu/Dockerfile.in diff --git a/rootfs-builder/ubuntu/config.sh b/tools/osbuilder/rootfs-builder/ubuntu/config.sh similarity index 100% rename from rootfs-builder/ubuntu/config.sh rename to tools/osbuilder/rootfs-builder/ubuntu/config.sh diff --git a/rootfs-builder/ubuntu/rootfs_lib.sh b/tools/osbuilder/rootfs-builder/ubuntu/rootfs_lib.sh similarity index 100% rename from rootfs-builder/ubuntu/rootfs_lib.sh rename to tools/osbuilder/rootfs-builder/ubuntu/rootfs_lib.sh diff --git a/scripts/install-yq.sh b/tools/osbuilder/scripts/install-yq.sh similarity index 100% rename from scripts/install-yq.sh rename to tools/osbuilder/scripts/install-yq.sh diff --git a/scripts/lib.sh b/tools/osbuilder/scripts/lib.sh similarity index 100% rename from scripts/lib.sh rename to tools/osbuilder/scripts/lib.sh diff --git a/tests/README.md b/tools/osbuilder/tests/README.md similarity index 100% rename from tests/README.md rename to tools/osbuilder/tests/README.md diff --git a/tests/test_config.sh b/tools/osbuilder/tests/test_config.sh similarity index 100% rename from tests/test_config.sh rename to tools/osbuilder/tests/test_config.sh diff --git a/tests/test_images.sh b/tools/osbuilder/tests/test_images.sh similarity index 100% rename from tests/test_images.sh rename to tools/osbuilder/tests/test_images.sh From 11c3d81f68efb19ed47059b0654d1f7a07a25c22 Mon Sep 17 00:00:00 2001 From: Salvador Fuentes Date: Wed, 29 Apr 2020 17:51:44 -0500 Subject: [PATCH 305/307] docs: fix markdown check issues - Removes `CODE_OF_CONDUCT.md` and `CONTRIBUTING.md` from osbuilder directory. - Fixes a reference from `image-builder/README.md` to `rootfs-builder/README.md` - Updates the main `README.md` making a reference to the local `tools/osbuilder/README.md` Signed-off-by: Salvador Fuentes --- README.md | 2 +- tools/osbuilder/CODE_OF_CONDUCT.md | 3 --- tools/osbuilder/CONTRIBUTING.md | 5 ----- tools/osbuilder/image-builder/README.md | 2 +- 4 files changed, 2 insertions(+), 10 deletions(-) delete mode 100644 tools/osbuilder/CODE_OF_CONDUCT.md delete mode 100644 tools/osbuilder/CONTRIBUTING.md diff --git a/README.md b/README.md index cc82336c8..fc382365b 100644 --- a/README.md +++ b/README.md @@ -128,7 +128,7 @@ as the component it tests). #### OS builder -The [osbuilder](https://github.com/kata-containers/osbuilder) tool can create +The [osbuilder](tools/osbuilder/README.md) tool can create a rootfs and a "mini O/S" image. This image is used by the hypervisor to setup the environment before switching to the workload. diff --git a/tools/osbuilder/CODE_OF_CONDUCT.md b/tools/osbuilder/CODE_OF_CONDUCT.md deleted file mode 100644 index d73eb8f46..000000000 --- a/tools/osbuilder/CODE_OF_CONDUCT.md +++ /dev/null @@ -1,3 +0,0 @@ -## Kata Containers osbuilder Code of Conduct - -Kata Containers follows the [OpenStack Foundation Code of Conduct](https://www.openstack.org/legal/community-code-of-conduct/). diff --git a/tools/osbuilder/CONTRIBUTING.md b/tools/osbuilder/CONTRIBUTING.md deleted file mode 100644 index 8a3af744a..000000000 --- a/tools/osbuilder/CONTRIBUTING.md +++ /dev/null @@ -1,5 +0,0 @@ -# Contributing - -## This repo is part of [Kata Containers](https://katacontainers.io) - -For details on how to contribute to the Kata Containers project, please see the main [contributing document](https://github.com/kata-containers/community/blob/master/CONTRIBUTING.md). \ No newline at end of file diff --git a/tools/osbuilder/image-builder/README.md b/tools/osbuilder/image-builder/README.md index acfa24e20..87ebe125a 100644 --- a/tools/osbuilder/image-builder/README.md +++ b/tools/osbuilder/image-builder/README.md @@ -17,7 +17,7 @@ $ sudo ./image_builder.sh path/to/rootfs Where `path/to/rootfs` is the directory populated by `rootfs.sh`. > **Note**: If you are building an image from an Alpine rootfs, see -> the important note [here](/rootfs-builder/README.md#rootfs-requirements). +> the important note [here](/tools/osbuilder/rootfs-builder/README.md#rootfs-requirements). ## Further information From 586d26480c88c9d66f009718a36afd469955d057 Mon Sep 17 00:00:00 2001 From: Salvador Fuentes Date: Thu, 30 Apr 2020 08:20:46 -0500 Subject: [PATCH 306/307] rootfs-builder: Add license header to rootfs_lib_template.sh Add license header to `tools/osbuilder/rootfs-builder/template/rootfs_lib_template.sh` Signed-off-by: Salvador Fuentes --- .../osbuilder/rootfs-builder/template/rootfs_lib_template.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tools/osbuilder/rootfs-builder/template/rootfs_lib_template.sh b/tools/osbuilder/rootfs-builder/template/rootfs_lib_template.sh index 49ad06407..238b6f702 100644 --- a/tools/osbuilder/rootfs-builder/template/rootfs_lib_template.sh +++ b/tools/osbuilder/rootfs-builder/template/rootfs_lib_template.sh @@ -1,3 +1,8 @@ +# +# Copyright (c) 2018-2020 Intel Corporation +# +# SPDX-License-Identifier: Apache-2.0 +# # - Arguments # rootfs_dir=$1 # From 629cc0ae8da344beffcf0006d2df05863fbbcdd9 Mon Sep 17 00:00:00 2001 From: Salvador Fuentes Date: Thu, 30 Apr 2020 08:27:25 -0500 Subject: [PATCH 307/307] rootfs-builder: remove EulerOS EulerOS does not work with rust agent. further info: https://github.com/kata-containers/osbuilder/issues/387 Signed-off-by: Salvador Fuentes --- tools/osbuilder/README.md | 12 ++--- .../rootfs-builder/euleros/Dockerfile.in | 46 ---------------- .../euleros/RPM-GPG-KEY-EulerOS | 52 ------------------- .../rootfs-builder/euleros/config.sh | 29 ----------- tools/osbuilder/rootfs-builder/rootfs.sh | 11 +--- tools/osbuilder/tests/test_config.sh | 3 -- 6 files changed, 8 insertions(+), 145 deletions(-) delete mode 100644 tools/osbuilder/rootfs-builder/euleros/Dockerfile.in delete mode 100644 tools/osbuilder/rootfs-builder/euleros/RPM-GPG-KEY-EulerOS delete mode 100644 tools/osbuilder/rootfs-builder/euleros/config.sh diff --git a/tools/osbuilder/README.md b/tools/osbuilder/README.md index 349accc93..783a535a4 100644 --- a/tools/osbuilder/README.md +++ b/tools/osbuilder/README.md @@ -204,9 +204,9 @@ of the the osbuilder distributions. > Note: this table is not relevant for the dracut build method, since it supports any Linux distribution and architecture where dracut is available. -| |Alpine |CentOS |Clear Linux |Debian/Ubuntu |EulerOS |Fedora |openSUSE | -|-- |-- |-- |-- |-- |-- |-- |-- | -|**ARM64** |:heavy_check_mark:|:heavy_check_mark:| | |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:| -|**PPC64le**|:heavy_check_mark:|:heavy_check_mark:| |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:| -|**s390x** |:heavy_check_mark:| | |:heavy_check_mark:| |:heavy_check_mark:| | -|**x86_64** |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:| +| |Alpine |CentOS |Clear Linux |Debian/Ubuntu |Fedora |openSUSE | +|-- |-- |-- |-- |-- |-- |-- | +|**ARM64** |:heavy_check_mark:|:heavy_check_mark:| | |:heavy_check_mark:|:heavy_check_mark:| +|**PPC64le**|:heavy_check_mark:|:heavy_check_mark:| |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:| +|**s390x** |:heavy_check_mark:| | |:heavy_check_mark:|:heavy_check_mark:| | +|**x86_64** |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:| diff --git a/tools/osbuilder/rootfs-builder/euleros/Dockerfile.in b/tools/osbuilder/rootfs-builder/euleros/Dockerfile.in deleted file mode 100644 index b57dece7d..000000000 --- a/tools/osbuilder/rootfs-builder/euleros/Dockerfile.in +++ /dev/null @@ -1,46 +0,0 @@ -# -# Copyright (C) 2018 Huawei Technologies Co., Ltd -# -# SPDX-License-Identifier: Apache-2.0 - -FROM docker.io/euleros:@OS_VERSION@ - -@SET_PROXY@ - -RUN yum -y update && yum install -y \ - autoconf \ - automake \ - binutils \ - chrony \ - coreutils \ - curl \ - gcc \ - gcc-c++ \ - git \ - glibc-common \ - glibc-devel \ - glibc-headers \ - glibc-static \ - glibc-utils \ - libstdc++-devel \ - libstdc++-static \ - m4 \ - make \ - sed \ - tar \ - vim \ - which \ - yum - -# This will install the proper golang to build Kata components -@INSTALL_GO@ - -# several problems prevent us from building rust agent on euleros -# 1. There is no libstdc++.a. copy one from somewhere get through -# compilation -# 2. The kernel (3.10.x) is too old, kernel-headers pacakge -# has no vm_socket.h because kernel has no vsock support or -# vsock header files - -# We will disable rust agent build in rootfs.sh for euleros -# and alpine(musl cannot support proc-macro) diff --git a/tools/osbuilder/rootfs-builder/euleros/RPM-GPG-KEY-EulerOS b/tools/osbuilder/rootfs-builder/euleros/RPM-GPG-KEY-EulerOS deleted file mode 100644 index 39495478d..000000000 --- a/tools/osbuilder/rootfs-builder/euleros/RPM-GPG-KEY-EulerOS +++ /dev/null @@ -1,52 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- -Version: GnuPG v2 - -mQINBFhFFc8BEADu77vsD7rA1zCTreI9Ex9dIbWWR0Ntu4e7OL+VSIxXserWron2 -kTHagPIrDGtFqWTQgbt4tpjJ8vOAMzCADYq2eNRbEbUL/TOGfYk5Lgfo0P7F5Slr -dXNow2HrZhxehTwRSvseQg9Yrx2LVXDgr8wAMLldnkCSa0iyAE90ehDLOUaf2Lal -c99p+4tw8GhWP7C41pX4ywLrJ1FXodFTpg+I7p9EW5zt5mZhwX7NkhdoISnNAA6L -R5NA+6G8rCC1fdTGfqYPfNGrO9DBSZNfunWZsN+kYo4ac3GbZkdnh3LA2YCW4yiA -u5AoPv1UIkFMLh0KoJDxOORMkxI++3qFAIzShtMRAQencsM85bzdXNmk3VE+nY9V -J0BHCLMELtr/o6b+e5ak3qcG1sMFBEMn367/k6suIpTF5sEszQScWeqbhdeFmXt6 -mur2z6zDwwa5Y4n0x9Lsz50PxgkDrHXxeoLO5ByE8iTJqxhYSl0hb/bhSmBaYXnW -JiqtoLbYW/isgZ8OW414P2ZUwgByA9O4Tso37oEU69ycrxFVI63M5xUGkchI+HBo -VB9XZ7QzjU8SGoelj5YtjV7og974dcXC4NwUTnhJW3pd3MfiA3C96voCN/ozjzpg -uJGg0vzuTUcHAIMhujWPWCb0YN6fr5z+7Et8yqPv4qt3fgaxdVO5qQds1wARAQAB -tC5FdWxlck9TIChFdWxlck9TIDIuMCBTUDIpIDxFdWxlck9TQGh1YXdlaS5jb20+ -iQI/BBMBAgApBQJYRRXPAhsDBQkJZgGABwsJCAcDAgEGFQgCCQoLBBYCAwECHgEC -F4AACgkQYAMXvDgdesNPCxAAh7huw08/oFHpCSN9dYd/YlFfCs/+wb2KUqZZ2yIK -SSpmRmQiQdJRUiJly69WZL4H2NYCw3MQiV8Q433err3iQXMjumfl5hq2KplMgsAQ -sraOreJPeN1687rzEV9eDjuKV7btd2VaSyiMIaAFaWjoxl6E77x8ifNbXcnTHk+5 -39BCRn3WsSXbQKWolFEvwNr/SYzGIIdtmrlZSog/vAKPqzTsJDj/Qsf/0Uec1iCX -6pnZwMrQTlc+nnnAp9bMVla39uWGwyhhicTsokElm/4wD+OaLF2xz3gWk3l3fHjh -V8PtzhQxpHlyqR7pOvG5eun9VsBeWwH6TcHU1B+cPi4SmQcflvJCV/XCTTcK6Z1i -/35cmZdwCoDnM+Aadfywfoaliy5rnsvvMSljI+hw8gX3NACIDd2RBPmER3wknZw6 -bIpm0vtlaG1fcCio0kFo9CplLYbYHtx9Y7Icln3O3keODlR+rc8HI5X0YPkLa9Fs -mqP0fN2PGcEPm7CjoEdFdfOJn+1TvR7T1cnBiso5hLcMPtX8b6vzvIrFy5OKq90N -LYjgdn8LMmE6Gi/LA6yEBB958vGS5kAQI3HvCmw9vBeGdVZ+QXjmeVN6Vp9bEnBS -3oZbUXzo3CpeGxvj7+8s8j6MMvDLPLIdxXWi1ZTJkZFa+ElvZMG34SI/kSHHdSSO -gRG5Ag0EWEUVzwEQANBn+RzOAOl8OVPBtmDRIC/G7yssy7Q3ZGWUDIxs2NNk2oBH -9RsCm+vYeQkScloed+Cv6dkQvCPiFk+VtlLeSl0ugmvjNjZknuMhbgiC1ObR2SmV -uNpT3qMaNQQBJg0tJGU/1hLHDqjj2TGvj+WJDfzRoVie1dHq6bnogOErEXvKGmNZ -/cDuvmeURmFqx/+cwim2QFc95hcylBXRhnTnGblgxjzYXnXbIMvtCNz3Nnd1yT3P -9Z+h7Mwk746UEK2R1EgpVzZa9YF/mg2NRwBFuuJ4yP0MxmzP1AMgqQSp7XrMP6KG -6RbmDymrTHFTkP/lI3qZ1bgNB64bq/Eq1J3qgukEDN8JZKMiG+/vAg3lkPQwn3Uy -8IfBCqVrF0/dg+kJesgEMs6T+CsINWQ/SEPYHT/6LGytr+4MgDVqI1wxII8gBZzk -FHohleNRWvKKGLphECO7NwgrDFwWlIsT46d1Hga0uHNDSg1mczU2swYHD7/j1HQE -McByTVuzUjT/eAxmbN+DZ4cGBccqMP8RkZfBpalhB5lyjnIN2tMJ3y3yZrpmJkU1 -LaetdFqwycMmV7Mmi2dEdqumnmKhSZqyJ1ShuSm9pEBxahwJGdhtC6Id7iwzZ3uJ -53nhO7hvGC0gt3w0frX0TcvT7aFa4ZsgaJxUJy0MKDPZmv/3hYKpH/QkLiu7ABEB -AAGJAiUEGAECAA8FAlhFFc8CGwwFCQlmAYAACgkQYAMXvDgdesO+fw//bQImNhW0 -ZwG5FG7oP+KPgmma2+N/JnzemqEUzjRTIiEN4LCj8qvJ/aKYZJkfUcKvP4kpVW66 -+tlJ11Ie9Bnkqm3GdT1nkWDghzTK7/x6ktRwyuowmEYh01fW3bybB0RcQOJzGnMK -umnNzd4VUdMGwdbg/sQnKc6lMU9+hz/tCOU9Ok6Ps384gRXjmRQ+J9EFHq14kXtP -Xy584MD1+OBsPwlMViAAjV9L3pxtS1JoFplNPYogbBOKHdImS3dNOMLwV3dHAf1d -l0MqgMEabLBQusx2q7CUw4xBi5EJJtnos9bJvGSCplDyjlshDiY7wxcFLLb90VWs -TnJVbDswCjsdVi5x8eyPplygGxgt9Qg2XNYN5EgN9MLbmbC7Mi7oRf1E7QMLuuQ+ -+lkTb1rAe4YewwwAZHao4zGJelNXmSPN8u8s/zUrnFKG78qjLDZW9kGvkFpElOPj -KkgsSaTn8kbxWoyR9wKW56onTos6eMfhItLCFy5/oAD3sIp5aCsATuJZPSAtDKxw -1jzQRx4KOOYYrsS1qMd7gG151/QM15E56gdi+6gaeLcz8YQ2zcvxg5eabUDKp+bP -I47NsT6rLAhV5mTB0NneC//Yng7JJ0q0jkiJu49BQ1if6Pz8txDxBs4U3mvCw2rA -qSxRE/XMoebNx2CFQwFp7izDHwuG6uRRUQQ= -=3beT ------END PGP PUBLIC KEY BLOCK----- diff --git a/tools/osbuilder/rootfs-builder/euleros/config.sh b/tools/osbuilder/rootfs-builder/euleros/config.sh deleted file mode 100644 index d522e844b..000000000 --- a/tools/osbuilder/rootfs-builder/euleros/config.sh +++ /dev/null @@ -1,29 +0,0 @@ -# -# Copyright (C) 2018 Huawei Technologies Co., Ltd -# -# SPDX-License-Identifier: Apache-2.0 -OS_NAME="EulerOS" - -OS_VERSION=${OS_VERSION:-2.2} - -BASE_URL="http://developer.huawei.com/ict/site-euleros/euleros/repo/yum/${OS_VERSION}/os/${ARCH}/" - -GPG_KEY_FILE="RPM-GPG-KEY-EulerOS" - -PACKAGES="iptables chrony" - -#Optional packages: -# systemd: An init system that will start kata-agent if kata-agent -# itself is not configured as init process. -[ "$AGENT_INIT" == "no" ] && PACKAGES+=" systemd" || true - -# Init process must be one of {systemd,kata-agent} -INIT_PROCESS=systemd -# List of zero or more architectures to exclude from build, -# as reported by `uname -m` -ARCH_EXCLUDE_LIST=( aarch64 ppc64le s390x ) -# Allow the build to fail without generating an error. -# For more info see: https://github.com/kata-containers/osbuilder/issues/190 -BUILD_CAN_FAIL=1 - -[ "$SECCOMP" = "yes" ] && PACKAGES+=" libseccomp" || true diff --git a/tools/osbuilder/rootfs-builder/rootfs.sh b/tools/osbuilder/rootfs-builder/rootfs.sh index 3fdb5bd2d..52edcf88a 100755 --- a/tools/osbuilder/rootfs-builder/rootfs.sh +++ b/tools/osbuilder/rootfs-builder/rootfs.sh @@ -623,18 +623,11 @@ parse_arguments() distro="$1" arch=$(uname -m) - if [ "${distro}" == "alpine" -o "${distro}" == "euleros" ]; then + if [ "${distro}" == "alpine" ]; then if [ "${RUST_AGENT}" == "yes" ]; then die "rust agent cannot be built on ${distro}. alpine: only has stable/nightly-x86_64-unknown-linux-musl toolchain. It does not support proc-macro compilation. -See issue: https://github.com/kata-containers/osbuilder/issues/386 -euleros: 1. Missing libstdc++.a - 2. kernel is 3.10.x, there is no vsock support -You can build rust agent on your host and then copy it into -image's rootfs(eg. rootfs-builder/rootfs/usr/bin), and then -use image_builder.sh to build image with the rootfs. Please -refer to documentation for how to use customer agent. -See issue: https://github.com/kata-containers/osbuilder/issues/387" +See issue: https://github.com/kata-containers/osbuilder/issues/386" fi fi diff --git a/tools/osbuilder/tests/test_config.sh b/tools/osbuilder/tests/test_config.sh index 3a5279bbd..74020c4e2 100644 --- a/tools/osbuilder/tests/test_config.sh +++ b/tools/osbuilder/tests/test_config.sh @@ -17,7 +17,6 @@ test_distros+=("ubuntu") skipForRustDistros=() skipForRustDistros+=("alpine") -skipForRustDistros+=("euleros") skipForRustArch=() skipForRustArch+=("ppc64le") @@ -36,8 +35,6 @@ distro_in_set() { } if [ -n "${CI:-}" ]; then - # CI tests may timeout with euleros, see: - # https://github.com/kata-containers/osbuilder/issues/46" # Since too many distros timeout for now, we only test clearlinux and ubuntu. We can enable other distros when we fix timeout problem. for distro in "${distros[@]}"; do if distro_in_set "${distro}" "${test_distros[@]}"; then