From 7e5941c578b1d70894640924e62924eb8944d7fc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Thu, 13 Oct 2022 21:53:15 +0200 Subject: [PATCH 1/3] virtiofsd: Build inside a container MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When moving to building the CI artefacts using the kata-deploy scripts, we've noticed that the build would fail on any machine where the tarball wasn't officially provided. This happens as rust is missing from the 1st layer container. However, it's a very common practice to leave the 1st layer container with the minimum possible dependencies and install whatever is needed for building a specific component in a 2nd layer container, which virtiofsd never had. In this commit we introduce the second layer containers (yes, comtainers), one for building virtiofsd using musl, and one for building virtiofsd using glibc. The reason for taking this approach was to actually simplify the scripts and avoid building the dependencies (libseccomp, libcap-ng) using musl libc. Fixes: #5425 Signed-off-by: Fabiano FidĂȘncio --- .../local-build/kata-deploy-binaries.sh | 2 +- .../virtiofsd/build-static-virtiofsd.sh | 19 +++--- .../packaging/static-build/virtiofsd/build.sh | 61 +++++++++++++++++++ .../static-build/virtiofsd/gnu/Dockerfile | 19 ++++++ .../static-build/virtiofsd/musl/Dockerfile | 16 +++++ 5 files changed, 109 insertions(+), 8 deletions(-) create mode 100755 tools/packaging/static-build/virtiofsd/build.sh create mode 100644 tools/packaging/static-build/virtiofsd/gnu/Dockerfile create mode 100644 tools/packaging/static-build/virtiofsd/musl/Dockerfile diff --git a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh index 78fb8326b4..e1e7250788 100755 --- a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh +++ b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh @@ -26,7 +26,7 @@ readonly firecracker_builder="${static_build_dir}/firecracker/build-static-firec readonly kernel_builder="${static_build_dir}/kernel/build.sh" readonly qemu_builder="${static_build_dir}/qemu/build-static-qemu.sh" readonly shimv2_builder="${static_build_dir}/shim-v2/build.sh" -readonly virtiofsd_builder="${static_build_dir}/virtiofsd/build-static-virtiofsd.sh" +readonly virtiofsd_builder="${static_build_dir}/virtiofsd/build.sh" readonly rootfs_builder="${repo_root_dir}/tools/packaging/guest-image/build_image.sh" diff --git a/tools/packaging/static-build/virtiofsd/build-static-virtiofsd.sh b/tools/packaging/static-build/virtiofsd/build-static-virtiofsd.sh index 30eb14a952..90d6d6fa57 100755 --- a/tools/packaging/static-build/virtiofsd/build-static-virtiofsd.sh +++ b/tools/packaging/static-build/virtiofsd/build-static-virtiofsd.sh @@ -16,10 +16,13 @@ script_dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" source "${script_dir}/../../scripts/lib.sh" +virtiofsd_repo="${virtiofsd_repo:-}" virtiofsd_version="${virtiofsd_version:-}" +virtiofsd_zip="${virtiofsd_zip:-}" -[ -n "$virtiofsd_version" ] || virtiofsd_version=$(get_from_kata_deps "externals.virtiofsd.version") +[ -n "$virtiofsd_repo" ] || die "failed to get virtiofsd repo" [ -n "$virtiofsd_version" ] || die "failed to get virtiofsd version" +[ -n "${virtiofsd_zip}" ] || die "failed to get virtiofsd binary URL" [ -d "virtiofsd" ] && rm -r virtiofsd @@ -28,8 +31,6 @@ pull_virtiofsd_released_binary() { info "Only x86_64 binaries are distributed as part of the virtiofsd releases" && return 1 fi info "Download virtiofsd version: ${virtiofsd_version}" - virtiofsd_zip=$(get_from_kata_deps "externals.virtiofsd.meta.binary") - [ -n "${virtiofsd_zip}" ] || die "failed to get virtiofsd binary URL" mkdir -p virtiofsd @@ -44,31 +45,35 @@ pull_virtiofsd_released_binary() { } init_env() { + source "$HOME/.cargo/env" + case ${ARCH} in "aarch64") LIBC="musl" + ARCH_LIBC="" ;; "ppc64le") LIBC="gnu" ARCH="powerpc64le" + ARCH_LIBC=${ARCH}-linux-${LIBC} ;; "s390x") LIBC="gnu" + ARCH_LIBC=${ARCH}-linux-${LIBC} ;; "x86_64") LIBC="musl" + ARCH_LIBC="" + ;; esac - ARCH_LIBC=${ARCH}-linux-${LIBC} } build_virtiofsd_from_source() { echo "build viriofsd from source" init_env - virtiofsd_url=$(get_from_kata_deps "externals.virtiofsd.url") - - git clone --depth 1 --branch ${virtiofsd_version} ${virtiofsd_url} virtiofsd + git clone --depth 1 --branch ${virtiofsd_version} ${virtiofsd_repo} virtiofsd pushd virtiofsd export RUSTFLAGS='-C target-feature=+crt-static -C link-self-contained=yes' diff --git a/tools/packaging/static-build/virtiofsd/build.sh b/tools/packaging/static-build/virtiofsd/build.sh new file mode 100755 index 0000000000..64441d2aef --- /dev/null +++ b/tools/packaging/static-build/virtiofsd/build.sh @@ -0,0 +1,61 @@ +#!/usr/bin/env bash +# +# Copyright (c) 2022 Intel +# +# SPDX-License-Identifier: Apache-2.0 + +set -o errexit +set -o nounset +set -o pipefail + +script_dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +readonly repo_root_dir="$(cd "${script_dir}/../../../.." && pwd)" +readonly virtiofsd_builder="${script_dir}/build-static-virtiofsd.sh" + +source "${script_dir}/../../scripts/lib.sh" + +DESTDIR=${DESTDIR:-${PWD}} +PREFIX=${PREFIX:-/opt/kata} +container_image="kata-virtiofsd-builder" +kata_version="${kata_version:-}" +virtiofsd_repo="${virtiofsd_repo:-}" +virtiofsd_version="${virtiofsd_version:-}" +virtiofsd_zip="${virtiofsd_zip:-}" +package_output_dir="${package_output_dir:-}" + +[ -n "${virtiofsd_repo}" ] || virtiofsd_repo=$(get_from_kata_deps "externals.virtiofsd.url") +[ -n "${virtiofsd_version}" ] || virtiofsd_version=$(get_from_kata_deps "externals.virtiofsd.version") +[ -n "${virtiofsd_zip}" ] || virtiofsd_zip=$(get_from_kata_deps "externals.virtiofsd.meta.binary") + +[ -n "${virtiofsd_repo}" ] || die "Failed to get virtiofsd repo" +[ -n "${virtiofsd_version}" ] || die "Failed to get virtiofsd version or commit" +[ -n "${virtiofsd_zip}" ] || die "Failed to get virtiofsd binary URL" + +ARCH=$(uname -m) +case ${ARCH} in + "aarch64") + libc="musl" + ;; + "ppc64le") + libc="gnu" + ;; + "s390x") + libc="gnu" + ;; + "x86_64") + libc="musl" + ;; +esac + +sudo docker build \ + -t "${container_image}" "${script_dir}/${libc}" + +sudo docker run --rm -i -v "${repo_root_dir}:${repo_root_dir}" \ + -w "${PWD}" \ + --env DESTDIR="${DESTDIR}" \ + --env PREFIX="${PREFIX}" \ + --env virtiofsd_repo="${virtiofsd_repo}" \ + --env virtiofsd_version="${virtiofsd_version}" \ + --env virtiofsd_zip="${virtiofsd_zip}" \ + "${container_image}" \ + bash -c "${virtiofsd_builder}" diff --git a/tools/packaging/static-build/virtiofsd/gnu/Dockerfile b/tools/packaging/static-build/virtiofsd/gnu/Dockerfile new file mode 100644 index 0000000000..c214dfc415 --- /dev/null +++ b/tools/packaging/static-build/virtiofsd/gnu/Dockerfile @@ -0,0 +1,19 @@ +# Copyright (c) 2022 Intel +# +# SPDX-License-Identifier: Apache-2.0 + +FROM ubuntu:20.04 +ENV DEBIAN_FRONTEND=noninteractive +SHELL ["/bin/bash", "-o", "pipefail", "-c"] + +RUN apt-get update && \ + apt-get install -y --no-install-recommends \ + build-essential \ + ca-certificates \ + curl \ + git \ + libcap-ng-dev \ + libseccomp-dev \ + unzip && \ + apt-get clean && rm -rf /var/lib/lists/ && \ + curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y diff --git a/tools/packaging/static-build/virtiofsd/musl/Dockerfile b/tools/packaging/static-build/virtiofsd/musl/Dockerfile new file mode 100644 index 0000000000..9b9bb93b90 --- /dev/null +++ b/tools/packaging/static-build/virtiofsd/musl/Dockerfile @@ -0,0 +1,16 @@ +# Copyright (c) 2022 Intel +# +# SPDX-License-Identifier: Apache-2.0 + +FROM alpine:3.16.2 + +SHELL ["/bin/ash", "-o", "pipefail", "-c"] +RUN apk --no-cache add \ + bash \ + curl \ + gcc \ + git \ + libcap-ng-static \ + libseccomp-static \ + musl-dev && \ + curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y From cb4ef4734fba7aaf48b4cb067b5a11ed932d809b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Fri, 14 Oct 2022 10:56:26 +0200 Subject: [PATCH 2/3] snap: Create a task for installing docker MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Let's have the docker installation / configuration as part of its own task, which can be set as a dependency of other tasks whcih may or may not depend on docker. Signed-off-by: Fabiano FidĂȘncio --- snap/snapcraft.yaml | 51 ++++++++++++++++++++++++++------------------- 1 file changed, 30 insertions(+), 21 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index b6ac1338db..e27783aefd 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -82,8 +82,36 @@ parts: fi rustup component add rustfmt + docker: + after: [metadata] + plugin: nil + prime: + - -* + build-packages: + - curl + override-build: | + source "${SNAPCRAFT_PROJECT_DIR}/snap/local/snap-common.sh" + + sudo apt-get -y update + sudo apt-get -y install ca-certificates curl gnupg lsb-release + curl -fsSL https://download.docker.com/linux/ubuntu/gpg |\ + sudo gpg --batch --yes --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg + distro_codename=$(lsb_release -cs) + echo "deb [arch=${dpkg_arch} signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu ${distro_codename} stable" |\ + sudo tee /etc/apt/sources.list.d/docker.list > /dev/null + sudo apt-get -y update + sudo apt-get -y install docker-ce docker-ce-cli containerd.io + + echo "Unmasking docker service" + sudo -E systemctl unmask docker.service || true + sudo -E systemctl unmask docker.socket || true + echo "Adding $USER into docker group" + sudo -E gpasswd -a $USER docker + echo "Starting docker" + sudo -E systemctl start docker || true + image: - after: [godeps, qemu, kernel] + after: [godeps, docker, qemu, kernel] plugin: nil build-packages: - docker.io @@ -107,14 +135,6 @@ parts: # Copy yq binary. It's used in the container cp -a "${yq}" "${GOPATH}/bin/" - echo "Unmasking docker service" - sudo -E systemctl unmask docker.service || true - sudo -E systemctl unmask docker.socket || true - echo "Adding $USER into docker group" - sudo -E gpasswd -a $USER docker - echo "Starting docker" - sudo -E systemctl start docker || true - cd "${kata_dir}/tools/osbuilder" # build image @@ -333,22 +353,11 @@ parts: cloud-hypervisor: plugin: nil - after: [godeps] + after: [godeps, docker] override-build: | source "${SNAPCRAFT_PROJECT_DIR}/snap/local/snap-common.sh" if [ "${arch}" == "aarch64" ] || [ "${arch}" == "x86_64" ]; then - sudo apt-get -y update - sudo apt-get -y install ca-certificates curl gnupg lsb-release - curl -fsSL https://download.docker.com/linux/ubuntu/gpg |\ - sudo gpg --batch --yes --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg - distro_codename=$(lsb_release -cs) - echo "deb [arch=${dpkg_arch} signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu ${distro_codename} stable" |\ - sudo tee /etc/apt/sources.list.d/docker.list > /dev/null - sudo apt-get -y update - sudo apt-get -y install docker-ce docker-ce-cli containerd.io - sudo systemctl start docker.socket - cd "${SNAPCRAFT_PROJECT_DIR}" sudo -E NO_TTY=true make cloud-hypervisor-tarball From 0bc5baafb9481822449f34fce08b3b2ca5fd9319 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Fri, 14 Oct 2022 10:58:31 +0200 Subject: [PATCH 3/3] snap: Build virtiofsd using the kata-deploy scripts MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Let's build virtiofsd using the kata-deploy build scripts, which simplifies and unifies the way we build our components. Signed-off-by: Fabiano FidĂȘncio --- snap/snapcraft.yaml | 24 ++++++------------------ 1 file changed, 6 insertions(+), 18 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index e27783aefd..a2fdcc0ba2 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -321,35 +321,23 @@ parts: virtiofsd: plugin: nil - after: [godeps, rustdeps] + after: [godeps, rustdeps, docker] override-build: | source "${SNAPCRAFT_PROJECT_DIR}/snap/local/snap-common.sh" - # Currently, powerpc makes use of the QEMU's C implementation. - # The other platforms make use of the new rust virtiofsd. - # - # See "tools/packaging/scripts/configure-hypervisor.sh". - if [ "${arch}" == "ppc64le" ] - then - echo "INFO: Building QEMU's C version of virtiofsd" - # Handled by the 'qemu' part, so nothing more to do here. - exit 0 - else - echo "INFO: Building rust version of virtiofsd" - fi + echo "INFO: Building rust version of virtiofsd" - cd "${kata_dir}" + cd "${SNAPCRAFT_PROJECT_DIR}" + # Clean-up build dir in case it already exists + sudo -E NO_TTY=true make virtiofsd-tarball - export PATH=${PATH}:${HOME}/.cargo/bin - # Download the rust implementation of virtiofsd - tools/packaging/static-build/virtiofsd/build-static-virtiofsd.sh sudo install \ --owner='root' \ --group='root' \ --mode=0755 \ -D \ --target-directory="${SNAPCRAFT_PART_INSTALL}/usr/libexec/" \ - virtiofsd/virtiofsd + build/virtiofsd/builddir/virtiofsd/virtiofsd cloud-hypervisor: plugin: nil