github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-04-28 11:44:38 +00:00
Code Issues Projects Releases Wiki Activity

ci: kata-deploy no sudo

Browse Source 
Build/push/manage aritfacts without sudo

Signed-off-by: Zvonko Kaiser <zkaiser@nvidia.com>
This commit is contained in:
Zvonko Kaiser 2024-05-28 16:03:30 +00:00
parent 7cc0ebe75e
commit d8889684f0
2 changed files with 22 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh
View File

@ -196,7 +196,7 @@ install_cached_tarball_component() {
# "tarball1_name:tarball1_path tarball2_name:tarball2_path ... tarballN_name:tarballN_path" # "tarball1_name:tarball1_path tarball2_name:tarball2_path ... tarballN_name:tarballN_path"
local extra_tarballs="${6:-}" local extra_tarballs="${6:-}"
sudo oras pull ${ARTEFACT_REGISTRY}/${ARTEFACT_REPOSITORY}/cached-artefacts/${build_target}:latest-${TARGET_BRANCH}-$(uname -m) || return 1 oras pull ${ARTEFACT_REGISTRY}/${ARTEFACT_REPOSITORY}/cached-artefacts/${build_target}:latest-${TARGET_BRANCH}-$(uname -m) || return 1
cached_version="$(cat ${component}-version)" cached_version="$(cat ${component}-version)"
cached_image_version="$(cat ${component}-builder-image-version)" cached_image_version="$(cat ${component}-builder-image-version)"
@ -632,8 +632,8 @@ install_firecracker() {
"${firecracker_builder}" "${firecracker_builder}"
info "Install static firecracker" info "Install static firecracker"
mkdir -p "${destdir}/opt/kata/bin/" mkdir -p "${destdir}/opt/kata/bin/"
sudo install -D --owner root --group root --mode "$default_binary_permissions" release-${firecracker_version}-${ARCH}/firecracker-${firecracker_version}-${ARCH} "${destdir}/opt/kata/bin/firecracker" install -D --mode "$default_binary_permissions" release-${firecracker_version}-${ARCH}/firecracker-${firecracker_version}-${ARCH} "${destdir}/opt/kata/bin/firecracker"
sudo install -D --owner root --group root --mode "$default_binary_permissions" release-${firecracker_version}-${ARCH}/jailer-${firecracker_version}-${ARCH} "${destdir}/opt/kata/bin/jailer" install -D --mode "$default_binary_permissions" release-${firecracker_version}-${ARCH}/jailer-${firecracker_version}-${ARCH} "${destdir}/opt/kata/bin/jailer"
} }
install_clh_helper() { install_clh_helper() {
@ -656,7 +656,7 @@ install_clh_helper() {
libc="${libc}" features="${features}" "${clh_builder}" libc="${libc}" features="${features}" "${clh_builder}"
info "Install static cloud-hypervisor" info "Install static cloud-hypervisor"
mkdir -p "${destdir}/opt/kata/bin/" mkdir -p "${destdir}/opt/kata/bin/"
sudo install -D --owner root --group root --mode "$default_binary_permissions" cloud-hypervisor/cloud-hypervisor "${destdir}/opt/kata/bin/cloud-hypervisor${suffix}" install -D --mode "$default_binary_permissions" cloud-hypervisor/cloud-hypervisor "${destdir}/opt/kata/bin/cloud-hypervisor${suffix}"
} }
# Install static cloud-hypervisor asset # Install static cloud-hypervisor asset
@ -700,7 +700,7 @@ install_stratovirt() {
"${stratovirt_builder}" "${stratovirt_builder}"
info "Install static stratovirt" info "Install static stratovirt"
mkdir -p "${destdir}/opt/kata/bin/" mkdir -p "${destdir}/opt/kata/bin/"
sudo install -D --owner root --group root --mode "$default_binary_permissions" static-stratovirt/stratovirt "${destdir}/opt/kata/bin/stratovirt" install -D --mode "$default_binary_permissions" static-stratovirt/stratovirt "${destdir}/opt/kata/bin/stratovirt"
} }
# Install static virtiofsd asset # Install static virtiofsd asset
@ -720,7 +720,7 @@ install_virtiofsd() {
"${virtiofsd_builder}" "${virtiofsd_builder}"
info "Install static virtiofsd" info "Install static virtiofsd"
mkdir -p "${destdir}/opt/kata/libexec/" mkdir -p "${destdir}/opt/kata/libexec/"
sudo install -D --owner root --group root --mode "$default_binary_permissions" virtiofsd/virtiofsd "${destdir}/opt/kata/libexec/virtiofsd" install -D --mode "$default_binary_permissions" virtiofsd/virtiofsd "${destdir}/opt/kata/libexec/virtiofsd"
} }
# Install static nydus asset # Install static nydus asset
@ -744,7 +744,7 @@ install_nydus() {
mkdir -p "${destdir}/opt/kata/libexec/" mkdir -p "${destdir}/opt/kata/libexec/"
ls -tl . || true ls -tl . || true
ls -tl nydus-static || true ls -tl nydus-static || true
sudo install -D --owner root --group root --mode "$default_binary_permissions" nydus-static/nydusd "${destdir}/opt/kata/libexec/nydusd" install -D --mode "$default_binary_permissions" nydus-static/nydusd "${destdir}/opt/kata/libexec/nydusd"
} }
#Install all components that are not assets #Install all components that are not assets
@ -886,9 +886,7 @@ install_script_helper() {
mkdir -p "$bin_dir" mkdir -p "$bin_dir"
sudo install -D \ install -D \
--owner root \
--group root \
--mode "${default_binary_permissions}" \ --mode "${default_binary_permissions}" \
"${script_path}" \ "${script_path}" \
"${bin_dir}/${script_file}" "${bin_dir}/${script_file}"
@ -898,7 +896,7 @@ install_script_helper() {
pushd "$bin_dir" &>/dev/null pushd "$bin_dir" &>/dev/null
# Create a sym-link with the extension removed # Create a sym-link with the extension removed
sudo ln -sf "$script_file" "$script_file_name" ln -sf "$script_file" "$script_file_name"
popd &>/dev/null popd &>/dev/null
} }
@ -929,8 +927,8 @@ install_tools_helper() {
if [[ "${tool}" == "genpolicy" ]]; then if [[ "${tool}" == "genpolicy" ]]; then
defaults_path="${destdir}/opt/kata/share/defaults/kata-containers" defaults_path="${destdir}/opt/kata/share/defaults/kata-containers"
mkdir -p "${defaults_path}" mkdir -p "${defaults_path}"
sudo install -D --owner root --group root --mode 0644 ${repo_root_dir}/src/tools/${tool}/rules.rego "${defaults_path}/rules.rego" install -D --mode 0644 ${repo_root_dir}/src/tools/${tool}/rules.rego "${defaults_path}/rules.rego"
sudo install -D --owner root --group root --mode 0644 ${repo_root_dir}/src/tools/${tool}/genpolicy-settings.json "${defaults_path}/genpolicy-settings.json" install -D --mode 0644 ${repo_root_dir}/src/tools/${tool}/genpolicy-settings.json "${defaults_path}/genpolicy-settings.json"
binary_permissions="0755" binary_permissions="0755"
else else
binary_permissions="$default_binary_permissions" binary_permissions="$default_binary_permissions"
@ -938,7 +936,7 @@ install_tools_helper() {
info "Install static ${tool_binary}" info "Install static ${tool_binary}"
mkdir -p "${destdir}/opt/kata/bin/" mkdir -p "${destdir}/opt/kata/bin/"
sudo install -D --owner root --group root --mode ${binary_permissions} ${binary} "${destdir}/opt/kata/bin/${tool_binary}" install -D --mode ${binary_permissions} ${binary} "${destdir}/opt/kata/bin/${tool_binary}"
} }
install_agent_ctl() { install_agent_ctl() {
@ -1089,7 +1087,7 @@ handle_build() {
if [ ! -f "${final_tarball_path}" ]; then if [ ! -f "${final_tarball_path}" ]; then
cd "${destdir}" cd "${destdir}"
sudo tar cvfJ "${final_tarball_path}" "." tar cvfJ "${final_tarball_path}" "."
fi fi
tar tvf "${final_tarball_path}" tar tvf "${final_tarball_path}"
@ -1101,7 +1099,7 @@ handle_build() {
kernel_headers_dir=$(get_kernel_headers_dir "${build_target}") kernel_headers_dir=$(get_kernel_headers_dir "${build_target}")
pushd "${kernel_headers_dir}" pushd "${kernel_headers_dir}"
find . -type f -name "*.${KERNEL_HEADERS_PKG_TYPE}" -exec sudo tar cvfJ "${kernel_headers_final_tarball_path}" {} + find . -type f -name "*.${KERNEL_HEADERS_PKG_TYPE}" -exec tar cvfJ "${kernel_headers_final_tarball_path}" {} +
popd popd
fi fi
tar tvf "${kernel_headers_final_tarball_path}" tar tvf "${kernel_headers_final_tarball_path}"
@ -1113,8 +1111,8 @@ handle_build() {
local modules_dir=$(get_kernel_modules_dir ${kernel_version} ${kernel_kata_config_version} ${build_target}) local modules_dir=$(get_kernel_modules_dir ${kernel_version} ${kernel_kata_config_version} ${build_target})
pushd "${modules_dir}" pushd "${modules_dir}"
sudo rm -f build rm -f build
sudo tar cvfJ "${modules_final_tarball_path}" "." tar cvfJ "${modules_final_tarball_path}" "."
popd popd
fi fi
tar tvf "${modules_final_tarball_path}" tar tvf "${modules_final_tarball_path}"
@ -1135,7 +1133,7 @@ handle_build() {
die "ARTEFACT_REGISTRY, ARTEFACT_REPOSITORY, ARTEFACT_REGISTRY_USERNAME, ARTEFACT_REGISTRY_PASSWORD and TARGET_BRANCH must be passed to the script when pushing the artefacts to the registry!" die "ARTEFACT_REGISTRY, ARTEFACT_REPOSITORY, ARTEFACT_REGISTRY_USERNAME, ARTEFACT_REGISTRY_PASSWORD and TARGET_BRANCH must be passed to the script when pushing the artefacts to the registry!"
fi fi
echo "${ARTEFACT_REGISTRY_PASSWORD}" | sudo oras login "${ARTEFACT_REGISTRY}" -u "${ARTEFACT_REGISTRY_USERNAME}" --password-stdin echo "${ARTEFACT_REGISTRY_PASSWORD}" | oras login "${ARTEFACT_REGISTRY}" -u "${ARTEFACT_REGISTRY_USERNAME}" --password-stdin
tags=(latest-"${TARGET_BRANCH}") tags=(latest-"${TARGET_BRANCH}")
if [ -n "${artefact_tag:-}" ]; then if [ -n "${artefact_tag:-}" ]; then
@ -1155,7 +1153,7 @@ handle_build() {
tag=("$(echo ${tag} | tr -dc '[:print:]' | tr -c '[a-zA-Z0-9\_\.\-]' _ | head -c ${tag_length_limit})-$(uname -m)") tag=("$(echo ${tag} | tr -dc '[:print:]' | tr -c '[a-zA-Z0-9\_\.\-]' _ | head -c ${tag_length_limit})-$(uname -m)")
case ${build_target} in case ${build_target} in
kernel-nvidia-gpu) kernel-nvidia-gpu)
sudo oras push \ oras push \
${ARTEFACT_REGISTRY}/kata-containers/cached-artefacts/${build_target}:${tag} \ ${ARTEFACT_REGISTRY}/kata-containers/cached-artefacts/${build_target}:${tag} \
${final_tarball_name} \ ${final_tarball_name} \
"kata-static-${build_target}-headers.tar.xz" \ "kata-static-${build_target}-headers.tar.xz" \
@ -1164,7 +1162,7 @@ handle_build() {
${build_target}-sha256sum ${build_target}-sha256sum
;; ;;
kernel-nvidia-gpu-confidential) kernel-nvidia-gpu-confidential)
sudo oras push \ oras push \
${ARTEFACT_REGISTRY}/${ARTEFACT_REPOSITORY}/cached-artefacts/${build_target}:${tag} \ ${ARTEFACT_REGISTRY}/${ARTEFACT_REPOSITORY}/cached-artefacts/${build_target}:${tag} \
${final_tarball_name} \ ${final_tarball_name} \
"kata-static-${build_target}-modules.tar.xz" \ "kata-static-${build_target}-modules.tar.xz" \
@ -1174,7 +1172,7 @@ handle_build() {
${build_target}-sha256sum ${build_target}-sha256sum
;; ;;
kernel*-confidential) kernel*-confidential)
sudo oras push \ oras push \
${ARTEFACT_REGISTRY}/${ARTEFACT_REPOSITORY}/cached-artefacts/${build_target}:${tag} \ ${ARTEFACT_REGISTRY}/${ARTEFACT_REPOSITORY}/cached-artefacts/${build_target}:${tag} \
${final_tarball_name} \ ${final_tarball_name} \
"kata-static-${build_target}-modules.tar.xz" \ "kata-static-${build_target}-modules.tar.xz" \
@ -1183,7 +1181,7 @@ handle_build() {
${build_target}-sha256sum ${build_target}-sha256sum
;; ;;
*) *)
sudo oras push \ oras push \
${ARTEFACT_REGISTRY}/${ARTEFACT_REPOSITORY}/cached-artefacts/${build_target}:${tag} \ ${ARTEFACT_REGISTRY}/${ARTEFACT_REPOSITORY}/cached-artefacts/${build_target}:${tag} \
${final_tarball_name} \ ${final_tarball_name} \
${build_target}-version \ ${build_target}-version \
@ -1192,7 +1190,7 @@ handle_build() {
;; ;;
esac esac
done done
sudo oras logout "${ARTEFACT_REGISTRY}" oras logout "${ARTEFACT_REGISTRY}"
fi fi
popd popd

2
tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh
View File

@ -25,8 +25,6 @@ arch=$(uname -m)
[ "$arch" = "x86_64" ] && arch="amd64" [ "$arch" = "x86_64" ] && arch="amd64"
IMAGE_TAG="${REGISTRY}:kata-containers-$(git rev-parse HEAD)-${arch}" IMAGE_TAG="${REGISTRY}:kata-containers-$(git rev-parse HEAD)-${arch}"
sudo chown -R $USER $HOME/.docker
echo "Building the image" echo "Building the image"
docker build --tag ${IMAGE_TAG} . docker build --tag ${IMAGE_TAG} .