github/kata-containers
1
0
Fork 2
mirror of https://github.com/kata-containers/kata-containers.git synced 2026-03-18 10:44:10 +00:00
Code Issues Projects Releases Wiki Activity
Files
3b71b5728606cc0fde4a969fde220df4608a75b6
kata-containers/Developer-Guide.md
James O. D. Hunt 3b71b57286 docs: Improve command to enable agent debug 
Change the command to enable agent debug slightly so that even if the
config file specifies kernel parameters, the command will successfully
enable the agent debug.

Fixes #38.

Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
2018-03-27 17:55:47 +01:00

6.4 KiB
Raw Blame History

Warning

This document is written specifically for developers.

Assumptions

  • You are working on a non-critical test or development system.

  • You already have the following installed:

    • Docker.
    • golang version 1.8.3 or newer.
    • make.
    • gcc (required for building the shim and runtime).

  • You have installed the Clear Containers linux-container and qemu-lite packages containing the guest kernel images and hypervisor. These packages automatically installed when you install Clear Containers, but can be installed separately:

    https://github.com/clearcontainers/runtime/wiki/Installation

Build and install the Kata Containers runtime

$ go get -d -u github.com/kata-containers/runtime
$ cd $GOPATH/src/github.com/kata-containers/runtime
$ make && sudo -E PATH=$PATH make install

The build will create the following:

  • runtime binary: /usr/local/bin/kata-runtime
  • configuration file: /usr/share/defaults/kata-containers/configuration.toml

Check hardware requirements

You can check if your system is capable of creating a Kata Container by running the following:

$ sudo kata-runtime kata-check

If your system is not able to run Kata Containers, the previous command will error and explain why.

Enable full debug

Enable full debug as follows:

$ sudo sed -i -e 's/^# *\(enable_debug\).*=.*$/\1 = true/g' /usr/share/defaults/kata-containers/configuration.toml
$ sudo sed -i -e 's/^kernel_params = "\(.*\)"/kernel_params = "\1 agent.log=debug"/g' /usr/share/defaults/kata-containers/configuration.toml

Build and install Kata proxy

$ go get -d -u github.com/kata-containers/proxy
$ cd $GOPATH/src/github.com/kata-containers/proxy && make && sudo make install

Build and install Kata shim

$ go get -d -u github.com/kata-containers/shim
$ cd $GOPATH/src/github.com/kata-containers/shim && make && sudo make install

Create an image

Build a custom Kata agent - OPTIONAL

Note:

  • You only do this step if you test with the latest version of the agent.
$ go get -d -u github.com/kata-containers/agent
$ cd $GOPATH/src/github.com/kata-containers/agent && make

Get the osbuilder

$ go get -d -u github.com/kata-containers/osbuilder

Create a rootfs image

$ cd $GOPATH/src/github.com/kata-containers/osbuilder/rootfs-builder
$ script -fec 'sudo -E GOPATH=$GOPATH USE_DOCKER=true ./rootfs.sh clearlinux'

Note:

  • You must ensure that the default Docker runtime is runc to make use of the USE_DOCKER variable. If that is not the case, remove the variable from the previous command. See Checking Docker default runtime.

Add a custom agent to the image - OPTIONAL

Note:

  • You only do this step if you test with the latest version of the agent.
$ sudo install -o root -g root -m 0550 -t rootfs/bin ../../agent/kata-agent
$ sudo install -o root -g root -m 0440 ../../agent/kata-agent.service rootfs/usr/lib/systemd/system/
$ sudo install -o root -g root -m 0440 ../../agent/kata-containers.target rootfs/usr/lib/systemd/system/

Build the image

$ cd $GOPATH/src/github.com/kata-containers/osbuilder/image-builder
$ script -fec 'sudo -E USE_DOCKER=true ./image_builder.sh ../rootfs-builder/rootfs'

Notes:

  • You must ensure that the default Docker runtime is runc to make use of the USE_DOCKER variable. If that is not the case, remove the variable from the previous command. See Checking Docker default runtime.
  • If you do not wish to build under Docker, remove the USE_DOCKER variable in the previous command and ensure the qemu-img command is available on your system.

Install the image

$ commit=$(git log --format=%h -1 HEAD)
$ date=$(date +%Y-%m-%d-%T.%N%z)
$ image="kata-containers-${date}-${commit}"
$ sudo install -o root -g root -m 0640 -D kata-containers.img "/usr/share/kata-containers/${image}"
$ (cd /usr/share/kata-containers && sudo ln -sf "$image" kata-containers.img)

Install guest kernel images

$ sudo ln -s /usr/share/clear-containers/vmlinux.container /usr/share/kata-containers/
$ sudo ln -s /usr/share/clear-containers/vmlinuz.container /usr/share/kata-containers/

Note:

  • The files in the previous commands are from the Clear Containers linux-container package. See Assumptions.

Update Docker configuration

$ dir=/etc/systemd/system/docker.service.d
$ file="$dir/kata-containers.conf"
$ sudo mkdir -p "$dir"
$ sudo test -e "$file" || echo -e "[Service]\nType=simple\nExecStart=\nExecStart=/usr/bin/dockerd -D --default-runtime runc" | sudo tee "$file"
$ sudo sed -i 's!^\(ExecStart=[^$].*$\)!\1 --add-runtime kata-runtime=/usr/local/bin/kata-runtime!g' "$file"
$ sudo systemctl daemon-reload
$ sudo systemctl restart docker

Create a Kata Container

$ sudo docker run -ti --runtime kata-runtime busybox sh

Troubleshoot

To perform analysis on Kata logs, use the kata-log-parser tool.

Appendices

Checking Docker default runtime

$ sudo docker info 2>/dev/null | grep -i "default runtime" | cut -d: -f2- | grep -q runc  && echo "SUCCESS" || echo "ERROR: Incorrect default Docker runtime"
Reference in New Issue View Git Blame Copy Permalink