diff --git a/docs/code-pr-advice.md b/docs/code-pr-advice.md index 78413ccf23..ac0ea76afb 100644 --- a/docs/code-pr-advice.md +++ b/docs/code-pr-advice.md @@ -165,7 +165,7 @@ Ensure any new trace spans added to the code are completed. Where possible, code changes should be accompanied by unit tests. Consider using the standard -[table-based approach](https://github.com/kata-containers/tests/blob/main/Unit-Test-Advice.md) +[table-based approach](Unit-Test-Advice.md) as it encourages you to make functions small and simple, and also allows you to think about what types of value to test. diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 14d0401a72..bd75f92056 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -118,18 +118,19 @@ parts: export AGENT_INIT=yes export USE_DOCKER=1 export DEBUG=1 - case "$(uname -m)" in - aarch64) - sudo -E PATH=$PATH make initrd DISTRO=alpine - ;; - ppc64le|s390x) - # Cannot use alpine on ppc64le/s390x because it would require a musl agent - sudo -E PATH=$PATH make initrd DISTRO=ubuntu - ;; + arch="$(uname -m)" + initrd_distro=$(${yq} r -X ${kata_dir}/versions.yaml assets.initrd.architecture.${arch}.name) + image_distro=$(${yq} r -X ${kata_dir}/versions.yaml assets.image.architecture.${arch}.name) + case "$arch" in x86_64) # In some build systems it's impossible to build a rootfs image, try with the initrd image - sudo -E PATH=$PATH make image DISTRO=clearlinux || sudo -E PATH=$PATH make initrd DISTRO=alpine + sudo -E PATH=$PATH make image DISTRO=${image_distro} || sudo -E PATH=$PATH make initrd DISTRO=${initrd_distro} ;; + + aarch64|ppc64le|s390x) + sudo -E PATH=$PATH make initrd DISTRO=${initrd_distro} + ;; + *) echo "unsupported architecture: $(uname -m)"; exit 1;; esac diff --git a/src/runtime/virtcontainers/factory/factory.go b/src/runtime/virtcontainers/factory/factory.go index 4c7e1e8603..7461a5158e 100644 --- a/src/runtime/virtcontainers/factory/factory.go +++ b/src/runtime/virtcontainers/factory/factory.go @@ -113,20 +113,23 @@ func resetHypervisorConfig(config *vc.VMConfig) { config.HypervisorConfig.BootFromTemplate = false config.HypervisorConfig.MemoryPath = "" config.HypervisorConfig.DevicesStatePath = "" + config.HypervisorConfig.SharedPath = "" + config.HypervisorConfig.VMStorePath = "" + config.HypervisorConfig.RunStorePath = "" } // It's important that baseConfig and newConfig are passed by value! -func checkVMConfig(config1, config2 vc.VMConfig) error { - if config1.HypervisorType != config2.HypervisorType { - return fmt.Errorf("hypervisor type does not match: %s vs. %s", config1.HypervisorType, config2.HypervisorType) +func checkVMConfig(baseConfig, newConfig vc.VMConfig) error { + if baseConfig.HypervisorType != newConfig.HypervisorType { + return fmt.Errorf("hypervisor type does not match: %s vs. %s", baseConfig.HypervisorType, newConfig.HypervisorType) } // check hypervisor config details - resetHypervisorConfig(&config1) - resetHypervisorConfig(&config2) + resetHypervisorConfig(&baseConfig) + resetHypervisorConfig(&newConfig) - if !utils.DeepCompare(config1, config2) { - return fmt.Errorf("hypervisor config does not match, base: %+v. new: %+v", config1, config2) + if !utils.DeepCompare(baseConfig, newConfig) { + return fmt.Errorf("hypervisor config does not match, base: %+v. new: %+v", baseConfig, newConfig) } return nil diff --git a/src/runtime/virtcontainers/factory/template/template.go b/src/runtime/virtcontainers/factory/template/template.go index 22f848cd74..0b3e96dae8 100644 --- a/src/runtime/virtcontainers/factory/template/template.go +++ b/src/runtime/virtcontainers/factory/template/template.go @@ -163,6 +163,10 @@ func (t *template) createFromTemplateVM(ctx context.Context, c vc.VMConfig) (*vc config.HypervisorConfig.BootFromTemplate = true config.HypervisorConfig.MemoryPath = t.statePath + "/memory" config.HypervisorConfig.DevicesStatePath = t.statePath + "/state" + config.HypervisorConfig.SharedPath = c.HypervisorConfig.SharedPath + config.HypervisorConfig.VMStorePath = c.HypervisorConfig.VMStorePath + config.HypervisorConfig.RunStorePath = c.HypervisorConfig.RunStorePath + return vc.NewVM(ctx, config) } diff --git a/src/runtime/virtcontainers/kata_agent.go b/src/runtime/virtcontainers/kata_agent.go index eac03ee7d5..9bf91e404c 100644 --- a/src/runtime/virtcontainers/kata_agent.go +++ b/src/runtime/virtcontainers/kata_agent.go @@ -910,7 +910,7 @@ func setupStorages(ctx context.Context, sandbox *Sandbox) []*grpc.Storage { } func (k *kataAgent) stopSandbox(ctx context.Context, sandbox *Sandbox) error { - span, ctx := katatrace.Trace(ctx, k.Logger(), "StopVM", kataAgentTracingTags) + span, ctx := katatrace.Trace(ctx, k.Logger(), "stopSandbox", kataAgentTracingTags) defer span.End() req := &grpc.DestroySandboxRequest{} diff --git a/src/runtime/virtcontainers/qemu.go b/src/runtime/virtcontainers/qemu.go index 9b78fb24ee..b5d6d4904f 100644 --- a/src/runtime/virtcontainers/qemu.go +++ b/src/runtime/virtcontainers/qemu.go @@ -984,8 +984,10 @@ func (q *qemu) StopVM(ctx context.Context, waitOnly bool) error { } } - if err := q.stopVirtiofsd(ctx); err != nil { - return err + if q.config.SharedFS == config.VirtioFS { + if err := q.stopVirtiofsd(ctx); err != nil { + return err + } } return nil diff --git a/tools/osbuilder/image-builder/image_builder.sh b/tools/osbuilder/image-builder/image_builder.sh index a1cf97eae4..bb0f11429b 100755 --- a/tools/osbuilder/image-builder/image_builder.sh +++ b/tools/osbuilder/image-builder/image_builder.sh @@ -79,14 +79,15 @@ Usage: ${script_name} [options] Options: -h Show this help - -o path to generate image file ENV: IMAGE - -r Free space of the root partition in MB ENV: ROOT_FREE_SPACE + -o Path to generate image file. ENV: IMAGE + -r Free space of the root partition in MB. ENV: ROOT_FREE_SPACE + -f Filesystem type to use, only xfs and ext4 are supported. ENV: FS_TYPE Extra environment variables: AGENT_BIN: Use it to change the expected agent binary name AGENT_INIT: Use kata agent as init process + BLOCK_SIZE: Use to specify the size of blocks in bytes. DEFAULT: 4096 IMAGE_REGISTRY: Hostname for the image registry used to pull down the rootfs build image. - FS_TYPE: Filesystem type to use. Only xfs and ext4 are supported. NSDAX_BIN: Use to specify path to pre-compiled 'nsdax' tool. USE_DOCKER: If set will build image in a Docker Container (requries docker) DEFAULT: not set @@ -137,13 +138,16 @@ build_with_container() { image_dir=$(readlink -f "$(dirname "${image}")") image_name=$(basename "${image}") - REGISTRY_ARG="" + engine_build_args="" if [ -n "${IMAGE_REGISTRY}" ]; then - REGISTRY_ARG="--build-arg IMAGE_REGISTRY=${IMAGE_REGISTRY}" + engine_build_args+=" --build-arg IMAGE_REGISTRY=${IMAGE_REGISTRY}" + fi + if [ -n "${USE_PODMAN}" ]; then + engine_build_args+=" --runtime ${DOCKER_RUNTIME}" fi "${container_engine}" build \ - ${REGISTRY_ARG} \ + ${engine_build_args} \ --build-arg http_proxy="${http_proxy}" \ --build-arg https_proxy="${https_proxy}" \ -t "${container_image_name}" "${script_dir}" diff --git a/tools/osbuilder/rootfs-builder/alpine/Dockerfile.in b/tools/osbuilder/rootfs-builder/alpine/Dockerfile.in index b5d6546918..119f92c1d6 100644 --- a/tools/osbuilder/rootfs-builder/alpine/Dockerfile.in +++ b/tools/osbuilder/rootfs-builder/alpine/Dockerfile.in @@ -4,7 +4,7 @@ # SPDX-License-Identifier: Apache-2.0 ARG IMAGE_REGISTRY=docker.io -FROM ${IMAGE_REGISTRY}/alpine:3.13.5 +FROM ${IMAGE_REGISTRY}/alpine:3.15 RUN apk update && apk add \ apk-tools-static \ diff --git a/tools/osbuilder/rootfs-builder/alpine/config.sh b/tools/osbuilder/rootfs-builder/alpine/config.sh index d07f70b03a..105ecd8fbc 100644 --- a/tools/osbuilder/rootfs-builder/alpine/config.sh +++ b/tools/osbuilder/rootfs-builder/alpine/config.sh @@ -5,13 +5,13 @@ OS_NAME="Alpine" -OS_VERSION=${OS_VERSION:-latest-stable} +OS_VERSION=${OS_VERSION:-3.15} BASE_PACKAGES="alpine-base" # Alpine mirror to use # See a list of mirrors at http://nl.alpinelinux.org/alpine/MIRRORS.txt -MIRROR=http://dl-5.alpinelinux.org/alpine +MIRROR=https://dl-5.alpinelinux.org/alpine PACKAGES="" diff --git a/tools/osbuilder/rootfs-builder/alpine/rootfs_lib.sh b/tools/osbuilder/rootfs-builder/alpine/rootfs_lib.sh index d41cbd5766..f2456e7c94 100644 --- a/tools/osbuilder/rootfs-builder/alpine/rootfs_lib.sh +++ b/tools/osbuilder/rootfs-builder/alpine/rootfs_lib.sh @@ -9,6 +9,8 @@ # # - Optional environment variables # +# EXTRA_PKGS: Variable to add extra PKGS provided by the user +# # BIN_AGENT: Name of the Kata-Agent binary # # Any other configuration variable for a specific distro must be added @@ -22,13 +24,20 @@ build_rootfs() { # Mandatory local ROOTFS_DIR=$1 + # Add extra packages to the rootfs when specified + local EXTRA_PKGS=${EXTRA_PKGS:-} + # Populate ROOTFS_DIR check_root mkdir -p "${ROOTFS_DIR}" - rm -rf ${ROOTFS_DIR}/var/tmp - cp -a -r -f /bin /etc /lib /sbin /usr /var ${ROOTFS_DIR} - mkdir -p ${ROOTFS_DIR}{/root,/proc,/dev,/home,/media,/mnt,/opt,/run,/srv,/sys,/tmp} + /sbin/apk.static \ + -X ${MIRROR}/v${OS_VERSION}/main \ + -U \ + --allow-untrusted \ + --root ${ROOTFS_DIR} \ + --initdb add ${BASE_PACKAGES} ${EXTRA_PKGS} ${PACKAGES} - echo "${MIRROR}/${OS_VERSION}/main" > ${ROOTFS_DIR}/etc/apk/repositories + mkdir -p ${ROOTFS_DIR}{/root,/etc/apk,/proc} + echo "${MIRROR}/v${OS_VERSION}/main" > ${ROOTFS_DIR}/etc/apk/repositories } diff --git a/tools/osbuilder/rootfs-builder/rootfs.sh b/tools/osbuilder/rootfs-builder/rootfs.sh index 0bb6bf1aae..4d661cd8ea 100755 --- a/tools/osbuilder/rootfs-builder/rootfs.sh +++ b/tools/osbuilder/rootfs-builder/rootfs.sh @@ -373,23 +373,24 @@ build_rootfs_distro() info "build directly" build_rootfs ${ROOTFS_DIR} else + engine_build_args="" if [ -n "${USE_DOCKER}" ]; then container_engine="docker" elif [ -n "${USE_PODMAN}" ]; then container_engine="podman" + engine_build_args+=" --runtime ${DOCKER_RUNTIME}" fi image_name="${distro}-rootfs-osbuilder" - REGISTRY_ARG="" if [ -n "${IMAGE_REGISTRY}" ]; then - REGISTRY_ARG="--build-arg IMAGE_REGISTRY=${IMAGE_REGISTRY}" + engine_build_args+=" --build-arg IMAGE_REGISTRY=${IMAGE_REGISTRY}" fi # setup to install rust here generate_dockerfile "${distro_config_dir}" "$container_engine" build \ - ${REGISTRY_ARG} \ + ${engine_build_args} \ --build-arg http_proxy="${http_proxy}" \ --build-arg https_proxy="${https_proxy}" \ -t "${image_name}" "${distro_config_dir}" @@ -397,21 +398,21 @@ build_rootfs_distro() # fake mapping if KERNEL_MODULES_DIR is unset kernel_mod_dir=${KERNEL_MODULES_DIR:-${ROOTFS_DIR}} - docker_run_args="" - docker_run_args+=" --rm" + engine_run_args="" + engine_run_args+=" --rm" # apt sync scans all possible fds in order to close them, incredibly slow on VMs - docker_run_args+=" --ulimit nofile=262144:262144" - docker_run_args+=" --runtime ${DOCKER_RUNTIME}" + engine_run_args+=" --ulimit nofile=262144:262144" + engine_run_args+=" --runtime ${DOCKER_RUNTIME}" if [ -z "${AGENT_SOURCE_BIN}" ] ; then - docker_run_args+=" -v ${GOPATH_LOCAL}:${GOPATH_LOCAL} --env GOPATH=${GOPATH_LOCAL}" + engine_run_args+=" -v ${GOPATH_LOCAL}:${GOPATH_LOCAL} --env GOPATH=${GOPATH_LOCAL}" else - docker_run_args+=" --env AGENT_SOURCE_BIN=${AGENT_SOURCE_BIN}" - docker_run_args+=" -v ${AGENT_SOURCE_BIN}:${AGENT_SOURCE_BIN}" - docker_run_args+=" -v ${GOPATH_LOCAL}:${GOPATH_LOCAL} --env GOPATH=${GOPATH_LOCAL}" + engine_run_args+=" --env AGENT_SOURCE_BIN=${AGENT_SOURCE_BIN}" + engine_run_args+=" -v ${AGENT_SOURCE_BIN}:${AGENT_SOURCE_BIN}" + engine_run_args+=" -v ${GOPATH_LOCAL}:${GOPATH_LOCAL} --env GOPATH=${GOPATH_LOCAL}" fi - docker_run_args+=" $(docker_extra_args $distro)" + engine_run_args+=" $(docker_extra_args $distro)" # Relabel volumes so SELinux allows access (see docker-run(1)) if command -v selinuxenabled > /dev/null && selinuxenabled ; then @@ -456,7 +457,7 @@ build_rootfs_distro() -v "${ROOTFS_DIR}":"/rootfs" \ -v "${script_dir}/../scripts":"/scripts" \ -v "${kernel_mod_dir}":"${kernel_mod_dir}" \ - $docker_run_args \ + $engine_run_args \ ${image_name} \ bash /kata-containers/tools/osbuilder/rootfs-builder/rootfs.sh "${distro}" diff --git a/versions.yaml b/versions.yaml index f26cfc0962..1c221ce3d1 100644 --- a/versions.yaml +++ b/versions.yaml @@ -141,11 +141,11 @@ assets: name: &default-initrd-name "ubuntu" version: &default-initrd-version "20.04" ppc64le: - name: *default-initrd-name - version: *default-initrd-version + name: &glibc-initrd-name "ubuntu" + version: &glibc-initrd-version "20.04" s390x: - name: *default-initrd-name - version: *default-initrd-version + name: *glibc-initrd-name + version: *glibc-initrd-version x86_64: name: *default-initrd-name version: *default-initrd-version