systemd complains if `/etc/machine-id` does not exist. Create the `machine-id`
file to make systemd happy, it'll bind-mount that file to write the machine id.
fixes#296
fixes github.com/kata-containers/runtime#1537
Signed-off-by: Julio Montes <julio.montes@intel.com>
Chrony service is not started because it requires a private temporal directory,
these directories can't be created in read-only filesystems. Create a symlink
to /tmp in /var allowing systemd to create private temporal directories.
fixes#280
Signed-off-by: Julio Montes <julio.montes@intel.com>
Remove the version of alpine used when pulling golang docker images.
This ensures the latest version of alpine is used and resolves the
maintenance issue when old versions of alpine are dropped.
Fixes: #293.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Remove systemd units and files that are not needed in Kata Containers.
Removing this files we can improve the boot time.
fixes#289
Signed-off-by: Julio Montes <julio.montes@intel.com>
Replace "which" with "command", that's a bash built-in and should
not generate any stderr messages. This also fixex the spurious creating
of "1" file in the repo root because of a typo in stderr redirect.
Fixes: #286
Signed-off-by: Marco Vedovati <mvedovati@suse.com>
Set as default AGENT_INIT=no when not explicitly set, to make it
consistent with the other scripts in osbuilder
Signed-off-by: Marco Vedovati <mvedovati@suse.com>
- image-builder: share the mkfs configuration file
- rootfs-builder: add rootfs.sh DOCKER_RUNTIME env var
- rootfs-builder: SELinux relabel container volumes
- image-builder: add fs type
- image-builder: re-implement image builder script
- builder: Pass the DEBUG flag when using docker
- Add chrony to image
- Print attempt number after max check
88b8523 image-builder: share the mkfs configuration file
77fb808 image-builder: check format_loop return code
8debe95 image-builder: add fs type
c72c954 rootfs-builder: add rootfs.sh DOCKER_RUNTIME env var
c1d9510 rootfs-builder: SELinux relabel container volumes
d8cdd88 image-builder: re-implement image builder script
f32ae14 tests: remove DAX env variable
f355c02 tests: enable DEBUG
6c7f307 image-builder: add xfsprogs to Dockerfile
ad6e1a9 scripts: implement error function
0d2ba47 builder: Pass the DEBUG flag when using docker
e16ff37 chrony: Comment out any NTP sources for chrony
3df19ff chrony: Add virtual PTP as source for chrony
ad5d879 rootfs: Print attempt number after max check
8fe6405 rootfs: Include chrony in the Dockerfile images
0b33519 rootfs: add PACKAGE var to debian config
510ddd2 rootfs: Add chrony service to rootfs
Signed-off-by: katacontainers bot <katacontainersbot@katacontainers.io>
Share with the container the mkfs configuration file to use only the
filesystem features supported in the host.
fixes#270
Signed-off-by: Julio Montes <julio.montes@intel.com>
On some systems the "runc" runtime isn't available or has a different
name. Allow the user to override the Docker runtime.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Fixes: #268
rootfs.sh fails on machines with SELinux in enforcing mode if the
volumes aren't labelled.
This patch labels volumes so the container is able to access them.
In order to do this rootfs directory creation must be moved before the
Docker container is started. Previously docker-run(1) would create the
rootfs directory in the USE_DOCKER case.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Fixes: #266
Re-implement image builder script to generate an image with a double MBR +
a DAX metadata. The DAX metadata is read by the NVDIMM driver to know the
beginning of the data in the pmem device.
This new image format is required to enable DAX in the kernels and hypervisors
that support NVDIMM, without breaking the compatibility with the kernels and
hypervisors that don't support it.
Following diagram shows how the resulting image will look like
```
.-----------.----------.---------------.-----------.
| 0 - 512 B | 4 - 8 Kb | 2M - 2M+512B | 3M |
|-----------+----------+---------------+-----------+
| MBR #1 | DAX | MBR #2 | Rootfs |
'-----------'----------'---------------'-----------+
| | ^ | ^
| '-data-' '--------'
| |
'--------rootfs-partition---------'
```
MBR: Master boot record.
DAX: Metadata required by the NVDIMM driver to enable DAX in the guest [1][2]
(struct nd_pfn_sb).
Rootfs: partition that contains the root filesystem (/usr, /bin, etc).
Kernels and hypervisors that support DAX/NVDIMM read the MBR #2,
otherwise MBR #1 is read.
[1] - https://github.com/kata-containers/osbuilder/blob/master/image-builder/\
nsdax.gpl.c
[2] - https://github.com/torvalds/linux/blob/master/drivers/nvdimm/pfn.hfixes#263
Signed-off-by: Julio Montes <julio.montes@intel.com>
KVM virtual PTP in linux kernel allows guest to sync its
clock to the host clock with high precision. kvm-ptp has been
enabled in our kernel. Add this as a source for `chrony` so that
it can be used to sync the guest system clock.
`chrony` needs to be started in the guest for time sync.
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
With the old code it was possible to see odd messages like:
"INFO: Create root disk image. Attempt 6 out of 5."
Move the attempt number print to after we check against the max
Fixes#251
Signed-off-by: Matt Fischer <matt@mattfischer.com>
