On some distros (Debian, Ubuntu, openSUSE), tmp.mount is not
installed by default in /[etc|usr/lib]/systemd/system, but
just in /usr/shared/systemd, so it needs to be manually copied
there to have /tmp mounted as tmpfs.
Fixes: #317
Signed-off-by: Marco Vedovati <mvedovati@suse.com>
- clear: Add util-linux-bin package to Clearlinux rootfs
- tmp: Do not remove tmp.mount unit file from the rootfs
- docs: Fix spelling and formatting
- image-builder: create /etc/machine-id
- rootfs-builder: fix chrony service
- rootfs: Don't hardcode alpine version for golang images
- image-builder/boot time: remove unneeded systemd units and files
adee8b0 clear: Add util-linux-bin package to Clearlinux rootfs
6f294f4 tmp: Do not remove tmp.mount unit file from the rootfs
1453471 docs: Fix spelling and formatting
a438d08 image-builder: create /etc/machine-id
456be67 rootfs-builder: fix chrony service
d8c5706 rootfs: Don't hardcode alpine version for golang images
02b3b3b image-builder: remove unneeded systemd units and files
Signed-off-by: katacontainersbot <katacontainersbot@gmail.com>
This package contains mount command among several other commands.
Unlike other distros, this package is not auto-pulled with systemd.
Add this package explicitly.
Fixes#302
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
systemd complains if `/etc/machine-id` does not exist. Create the `machine-id`
file to make systemd happy, it'll bind-mount that file to write the machine id.
fixes#296
fixes github.com/kata-containers/runtime#1537
Signed-off-by: Julio Montes <julio.montes@intel.com>
Chrony service is not started because it requires a private temporal directory,
these directories can't be created in read-only filesystems. Create a symlink
to /tmp in /var allowing systemd to create private temporal directories.
fixes#280
Signed-off-by: Julio Montes <julio.montes@intel.com>
Remove the version of alpine used when pulling golang docker images.
This ensures the latest version of alpine is used and resolves the
maintenance issue when old versions of alpine are dropped.
Fixes: #293.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Remove systemd units and files that are not needed in Kata Containers.
Removing this files we can improve the boot time.
fixes#289
Signed-off-by: Julio Montes <julio.montes@intel.com>
Replace "which" with "command", that's a bash built-in and should
not generate any stderr messages. This also fixex the spurious creating
of "1" file in the repo root because of a typo in stderr redirect.
Fixes: #286
Signed-off-by: Marco Vedovati <mvedovati@suse.com>
Set as default AGENT_INIT=no when not explicitly set, to make it
consistent with the other scripts in osbuilder
Signed-off-by: Marco Vedovati <mvedovati@suse.com>
- image-builder: share the mkfs configuration file
- rootfs-builder: add rootfs.sh DOCKER_RUNTIME env var
- rootfs-builder: SELinux relabel container volumes
- image-builder: add fs type
- image-builder: re-implement image builder script
- builder: Pass the DEBUG flag when using docker
- Add chrony to image
- Print attempt number after max check
88b8523 image-builder: share the mkfs configuration file
77fb808 image-builder: check format_loop return code
8debe95 image-builder: add fs type
c72c954 rootfs-builder: add rootfs.sh DOCKER_RUNTIME env var
c1d9510 rootfs-builder: SELinux relabel container volumes
d8cdd88 image-builder: re-implement image builder script
f32ae14 tests: remove DAX env variable
f355c02 tests: enable DEBUG
6c7f307 image-builder: add xfsprogs to Dockerfile
ad6e1a9 scripts: implement error function
0d2ba47 builder: Pass the DEBUG flag when using docker
e16ff37 chrony: Comment out any NTP sources for chrony
3df19ff chrony: Add virtual PTP as source for chrony
ad5d879 rootfs: Print attempt number after max check
8fe6405 rootfs: Include chrony in the Dockerfile images
0b33519 rootfs: add PACKAGE var to debian config
510ddd2 rootfs: Add chrony service to rootfs
Signed-off-by: katacontainers bot <katacontainersbot@katacontainers.io>
Share with the container the mkfs configuration file to use only the
filesystem features supported in the host.
fixes#270
Signed-off-by: Julio Montes <julio.montes@intel.com>
On some systems the "runc" runtime isn't available or has a different
name. Allow the user to override the Docker runtime.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Fixes: #268
rootfs.sh fails on machines with SELinux in enforcing mode if the
volumes aren't labelled.
This patch labels volumes so the container is able to access them.
In order to do this rootfs directory creation must be moved before the
Docker container is started. Previously docker-run(1) would create the
rootfs directory in the USE_DOCKER case.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Fixes: #266
Re-implement image builder script to generate an image with a double MBR +
a DAX metadata. The DAX metadata is read by the NVDIMM driver to know the
beginning of the data in the pmem device.
This new image format is required to enable DAX in the kernels and hypervisors
that support NVDIMM, without breaking the compatibility with the kernels and
hypervisors that don't support it.
Following diagram shows how the resulting image will look like
```
.-----------.----------.---------------.-----------.
| 0 - 512 B | 4 - 8 Kb | 2M - 2M+512B | 3M |
|-----------+----------+---------------+-----------+
| MBR #1 | DAX | MBR #2 | Rootfs |
'-----------'----------'---------------'-----------+
| | ^ | ^
| '-data-' '--------'
| |
'--------rootfs-partition---------'
```
MBR: Master boot record.
DAX: Metadata required by the NVDIMM driver to enable DAX in the guest [1][2]
(struct nd_pfn_sb).
Rootfs: partition that contains the root filesystem (/usr, /bin, etc).
Kernels and hypervisors that support DAX/NVDIMM read the MBR #2,
otherwise MBR #1 is read.
[1] - https://github.com/kata-containers/osbuilder/blob/master/image-builder/\
nsdax.gpl.c
[2] - https://github.com/torvalds/linux/blob/master/drivers/nvdimm/pfn.hfixes#263
Signed-off-by: Julio Montes <julio.montes@intel.com>
