Immutable systems, as such Red Hat Core OS and Fedora Core OS, will not
allow mount_dir to be created in a location that's not read-write.
Let's ensure we use $TMPDIR (with /tmp as fallback) as base for mount_dir,
as it's a safe writable choice for any distro supported by kata.
Fixes: #437
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Because CI build is
1. Slow and in log it is showing because "apt-utils" not installed
2. to avoid CI build to exits with error without having certificate
Fixes: #427
Signed-off-by: Pratik Raj <rajpratik71@gmail.com>
By default, Ubuntu or Debian based "apt" or "apt-get" system installs recommended but not suggested packages .
By passing "--no-install-recommends" option, the user lets apt-get know not to consider recommended packages as a dependency to install.
This results in smaller downloads and installation of packages .
Refer to blog at [Ubuntu Blog](https://ubuntu.com/blog/we-reduced-our-docker-images-by-60-with-no-install-recommends) .
Fixes: #427
Signed-off-by: Pratik Raj <rajpratik71@gmail.com>
- scripts: set a default path to the yq binary
- AArch64: Build rust image on aarch64
- image-builder: Add NSDAX_BIN for passing in compiled nsdax tool
- rootfs: Don't overwrite /sbin/init if it already exists
- tests: Improve running test_images.sh locally
1c063af scripts: set a default path to the yq binary
67343a1 rust-agent: Separate the build up of rust-agent and go-agent
a390a36 rootfs: remove RUST_SRC_PATH
41aaa36 ubuntu/debian: create aarch64-specific Dockerfile.in
9cba8c4 musl: install musl on aarch64
87a5d5c rootfs: Don't overwrite /sbin/init if it already exists
4004bd8 image-builder: Add NSDAX_BIN for passing in compiled nsdax tool
134175b tests: Document the changed KATA_DEV_MODE behavior
0f4eac4 tests: Skip initrd/image launch if KATA_DEV_MODE
762ec28 tests: Drop kata-runtime env validation if KATA_DEV_MODE is set
6f17b9c tests: Skip set_runtime if KATA_DEV_MODE is set
17a8fb1 tests: Skip all kata-manager usage if KATA_DEV_MODE is set
e787bb0 tests: Define KATA_DEV_MODE
cef2591 tests: Rework dracut docker bind mounts
f3ab6d2 tests: Don't run commands with `chronic` if DEBUG is set
7a8e816 tests: Specify DRACUT_OVERLAY_DIR
7dd99c0 tests: Add project_dir helper variable
1ae3922 tests: Have DEBUG=1 set bash xtrace
555ddf3 tests: Remove unused USE_DOCKER export
0e6a12c tests: Pass DOCKER_RUNTIME to osbuilder scripts
e8624d8 tests: Rename docker_build_runtime -> DOCKER_RUNTIME
cd46d09 tests: Remove hardcoded 'runc' reference
c574ec0 tests: Remove dead unset images_dir check
44f2931 tests: Remove unused test_func_prefix
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
Use the path where `install-yq.sh` installs `yq` as the default path to the
`yq` binary in `lib.sh`.
Install `yq` in the default path if it doesn't exist.
fixes#429
Signed-off-by: Julio Montes <julio.montes@intel.com>
Separate the build up of rust-agent and go-agent, hence you only
select one as kata-agent.
I've added the generation of rust-agent systemd service files into
rust-agent Makefile.
Therefore, we could use same `make` commands to build go-agent and
rust-agent.
Fixes: #411
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
If user wants to use customized rust-agent, they could use
AGENT_SOURCE_BIN to pass the static binary.
The rust-agent is always statically linked with musl.
Fixes: #411
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
The musl package in ubuntu/debian could not provide everything we need
on aarch64.
e.g. we need `aarch64-linux-musl-gcc` as linker, and it's not provided
in package.
Fixes: #411
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
The original musl-installing method is only for x86_64 and i386(see
musl config.mak template file).
musl.cc provides small and reliable pre-built musl toolchains
for many architectures.
Static so they run on supported platforms without dependencies.
Fixes: #411
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
The prepare_overlay() code path is called when rootfs.sh is invoked
with no passed in distro string. This is used for the dracut case
from the Makefile for example. In that particular case, the starting
root directory is empty.
It's also valid to pass a prepopulated directory to rootfs.sh, which
is essentially a request for the script to just make the necessary
kata changes. Currently though prepare_overlay() makes some changes
that could wipe out pre-arranged /sbin/init setup.
Check first to see if /sbin/init exists in the rootfs dir, and if so,
skip the symlink changes
Fixes: #419
Signed-off-by: Cole Robinson <crobinso@redhat.com>
In Fedora we are running the osbuilder scripts on the client machine,
to generate an initrd for the running host kernel. In this setup,
there's currently a runtime dependency on gcc for compiling the nsdax
tool, which is suboptimal.
Add NSDAX_BIN environment variable; if specified, image-builder.sh
will use that path as the nsdax tool. This let's ship a compiled
nsdax tool to users and drop the runtime gcc dependency
Fixes: #417
Signed-off-by: Cole Robinson <crobinso@redhat.com>
The script points kata-runtime at the generated initrd/image by
editing the host config file, which we aren't doing when
KATA_DEV_MODE=1 is set, so this won't work.
Fixes: #415
Signed-off-by: Cole Robinson <crobinso@redhat.com>
If KATA_DEV_MODE is set, test_images.sh attempts to validate that
docker has kata-runtime as a configured --runtime value. This gives
a nicer and earlier error, but it also complicates using
/usr/bin/docker as provided by podman, which has a different 'info'
topology.
Let's drop the check and let the tests fail naturally if the host
isn't configured properly
Signed-off-by: Cole Robinson <crobinso@redhat.com>
set_runtime attempts to overwrite the host docker configuration to
default to DOCKER_RUNTIME instead of kata-runtime, which does not
work for 'docker build'.
Since this is a host altering step, skip it if KATA_DEV_MODE is set.
Signed-off-by: Cole Robinson <crobinso@redhat.com>
kata-manager.sh makes host config changes. KATA_DEV_MODE is meant to
avoid such changes.
Add a helper run_mgr function which stubs out kata-manager.sh usage
if KATA_DEV_MODE is set.
Signed-off-by: Cole Robinson <crobinso@redhat.com>
Define KATA_DEV_MODE at the top of the file, so code doesn't need
to conditionally compare against it
Signed-off-by: Cole Robinson <crobinso@redhat.com>
The current setup leaves images/ and rootfs-osbuilder/ dirs stranded
in the $project_dir when run locally. This simplifies things by only
passing through the project_dir and the tmp_dir that all our output
is relative to
Signed-off-by: Cole Robinson <crobinso@redhat.com>
Otherwise it defaults to using the $project_dir/dracut_overlay, which
leaves junk hanging around when running the tests locally
Signed-off-by: Cole Robinson <crobinso@redhat.com>
This is similarly used in image_builder.sh and can be handy to
determine what is happening. Unfold the 'set' short options while
we are at it
Signed-off-by: Cole Robinson <crobinso@redhat.com>
The rootfs and image builder scripts are wired up to handle the
DOCKER_RUNTIME, so pass our value down to those scripts
Signed-off-by: Cole Robinson <crobinso@redhat.com>
DOCKER_RUNTIME is the naming used in the actual osbuilder scripts
for this value. Change the test code to match
Signed-off-by: Cole Robinson <crobinso@redhat.com>
This value is set globally, so this condition will never trigger.
`mkdir -p` would error anyways if it was unspecified
Signed-off-by: Cole Robinson <crobinso@redhat.com>
Build rust agent and go agent using the same rootfs bulder image.
When building rust agent, just add RUST_AGENT=yes before command line.
The documentation will be updated later
Depends-on: github.com/kata-containers/tests#2287
Fixes: #360
Signed-off-by: Yang Bo <bo@hyper.sh>
Add DOCKER_RUNTIME variable to change container runtime depending on the
CI/environment.
fixes#397
Signed-off-by: Julio Montes <julio.montes@intel.com>
Leaving nsdax behind may create some isses for the distro packages
of kata-osbuilder, as every package would have to take care of purging
the file on each distro.
Knowing that, we better remove the file as part of the script, mainly
because the file is already regenerated everytime in any case.
Fixes: #394
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
- make: use `cd` instead of '--directory' option of `cpio`
38d0be3 make: use `cd` instead of '--directory' option of `cpio`
Signed-off-by: katacontainersbot <katacontainersbot@gmail.com>
Due to the option '--directory' just added from 'cpio' v2.12, so the
osbuilder will failed with old version 'cpio' before v2.12, such as in
Centos 7 with v2.11.
Fix it by replacing this option with '(cd ...; cat ...)'.
Fixes: #384
Signed-off-by: Shile Zhang <shile.zhang@linux.alibaba.com>
