Since the image rootfs is readonly, we
create an empty /etc/resolv.conf which
the agent would later bind-remount as
read-write.
Fixes: #345
Signed-off-by: Nitesh Konkar <niteshkonkar@in.ibm.com>
kata-agent is moved to /sbin/init when AGENT_INIT is yes. Check
/sbin/init exists and it's not systemd
fixes#322
Signed-off-by: Julio Montes <julio.montes@intel.com>
While calculating directory size in imagebuild script, we shoul use
`df -BM` instead of `df -h` to keep Mb format.
Fixes#336
image-builder: get mount directory size with Mb format
Signed-off-by: ClarkLee <clarklee1992@hotmail.com>
systemd complains if `/etc/machine-id` does not exist. Create the `machine-id`
file to make systemd happy, it'll bind-mount that file to write the machine id.
fixes#296
fixes github.com/kata-containers/runtime#1537
Signed-off-by: Julio Montes <julio.montes@intel.com>
Remove systemd units and files that are not needed in Kata Containers.
Removing this files we can improve the boot time.
fixes#289
Signed-off-by: Julio Montes <julio.montes@intel.com>
Set as default AGENT_INIT=no when not explicitly set, to make it
consistent with the other scripts in osbuilder
Signed-off-by: Marco Vedovati <mvedovati@suse.com>
Share with the container the mkfs configuration file to use only the
filesystem features supported in the host.
fixes#270
Signed-off-by: Julio Montes <julio.montes@intel.com>
Re-implement image builder script to generate an image with a double MBR +
a DAX metadata. The DAX metadata is read by the NVDIMM driver to know the
beginning of the data in the pmem device.
This new image format is required to enable DAX in the kernels and hypervisors
that support NVDIMM, without breaking the compatibility with the kernels and
hypervisors that don't support it.
Following diagram shows how the resulting image will look like
```
.-----------.----------.---------------.-----------.
| 0 - 512 B | 4 - 8 Kb | 2M - 2M+512B | 3M |
|-----------+----------+---------------+-----------+
| MBR #1 | DAX | MBR #2 | Rootfs |
'-----------'----------'---------------'-----------+
| | ^ | ^
| '-data-' '--------'
| |
'--------rootfs-partition---------'
```
MBR: Master boot record.
DAX: Metadata required by the NVDIMM driver to enable DAX in the guest [1][2]
(struct nd_pfn_sb).
Rootfs: partition that contains the root filesystem (/usr, /bin, etc).
Kernels and hypervisors that support DAX/NVDIMM read the MBR #2,
otherwise MBR #1 is read.
[1] - https://github.com/kata-containers/osbuilder/blob/master/image-builder/\
nsdax.gpl.c
[2] - https://github.com/torvalds/linux/blob/master/drivers/nvdimm/pfn.hfixes#263
Signed-off-by: Julio Montes <julio.montes@intel.com>
With the old code it was possible to see odd messages like:
"INFO: Create root disk image. Attempt 6 out of 5."
Move the attempt number print to after we check against the max
Fixes#251
Signed-off-by: Matt Fischer <matt@mattfischer.com>
Not all hypervisor support NVDIMM hence DAX support MUST BE enabled explicitly
setting the DAX environment variable to 'yes'
fixes#246
Signed-off-by: Julio Montes <julio.montes@intel.com>
The new NVDIMM driver implementation (kernel >= 4.16) needs to know the device
namespace information to map pages, this metadata is read from the nvdimm
namespace at 4k offset.
fixes#235
Signed-off-by: Julio Montes <julio.montes@intel.com>
gcc is required to build the binary in charge to fill out the device
namespace information (matadata) into the kata containers image.
Signed-off-by: Julio Montes <julio.montes@intel.com>
guest kernel needs 64 bytes of DRAM per 4K page of emulated PMEM, hence the
image size should be as small as possible to reduce the container's memory
footprint. The image size is recalculated automatically if it's too small
to contain the rootfs.
Signed-off-by: Julio Montes <julio.montes@intel.com>
The `arch(1)` command is not available on some systems so use the
`uname(1)` command for the equivalent functionality.
Fixes#150.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Improve image-builder.sh to avoid the sporadic failures observed during
the CI builds of images. Also, some cosmetic changes to indentation.
Fixes: #172
Signed-off-by: Marco Vedovati <mvedovati@suse.com>
The image_builder.sh script must be run as root. The following check is
performed before the script checks for root:
[ "${AGENT_INIT}" == "yes" ] || [ -x "${ROOTFS}/usr/bin/${AGENT_BIN}" ] || \
die "/usr/bin/${AGENT_BIN} is not installed in ${ROOTFS}
use AGENT_BIN env variable to change the expected agent binary name"
The -x test is "True if the file is executable by you". It may evaluate
to true as root and false as non-root, depending on the file
permissions.
The permissions for kata-agent given in the Developer Guide are 0550
(https://github.com/kata-containers/documentation/blob/master/Developer-Guide.md#add-a-custom-agent-to-the-image---optional).
Therefore image_builder.sh fails with "/usr/bin/${AGENT_BIN} is not
installed" when run as non-root. This is confusing since the agent
binary is really installed!
Move the root check to the beginning of the script. This solves the
confusing error and prevents similar problems where the script doesn't
take into account that the user may be non-root.
Fixes: #127
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
proxy server must be specified in configuration file
of the package manager, /etc/yum.conf for yum or
/etc/dnf/dnf.conf for dnf
fixes#123
Signed-off-by: Julio Montes <julio.montes@intel.com>
If we set env USE_DOCKER true, we will use container as development
environment. After docker run command, this temporary container
would be no use. we could add -rm flag to automatically delete
intermediate container.
Fixes: #115
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
Building an image requires systemd to be installed in the rootfs as the
init daemon, so assert that systemd is available.
Updated tests so that alpine is only tested as an initrd (it cannot be
an image as it doesn't use systemd).
Added warning note about alpine to the docs.
Fixes#98.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Create a YAML metadata file inside the rootfs image
containing information about the environment:
```
/var/lib/osbuilder/osbuilder.yaml
```
Example contents:
```
---
osbuilder:
url: "https://github.com/kata-containers/osbuilder"
version: "unknown"
rootfs-creation-time: "2018-04-19T16:19:30.254610305+0000Z"
description: "osbuilder rootfs"
file-format-version: "0.0.1"
architecture: "x86_64"
base-distro:
name: "Centos"
version: "7"
packages:
- "iptables"
- "systemd"
agent:
url: "https://github.com/kata-containers/agent"
name: "kata-agent"
version: "0.0.1-2ec0b9593845b9a5e0eab5a85b20d74c35a2ca52-dirty"
agent-is-init-daemon: "no"
```
This change adds a new `-o` option to `rootfs.sh` for
specifying the version of osbuilder to the rootfs builder.
Fixes#35.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
There is no way to specify the remaining free space of the root partition.
It can vary depending on the upper bound size of the image aligned to 128MB
and the size of the root filesystem.
The following patch allow the user to specify that at least a certain amount
of space (defined in MB) will be kept in the root partition.
Fixes: #45
Signed-off-by: Erick Cardona <erick.cardona.ruiz@intel.com>
When user manually specifies root disk image
size the value should be greater than 0.
Fixes : #57
Signed-off-by: Harshal Patil <harshal.patil@in.ibm.com>
kata agent is installed in `${ROOTFS}/usr/bin/` rather than `${ROOTFS}/bin/`.
It just happended to work because `bin` is a symlink to `usr/bin`, which
might not be true in some distros. So do not rely on it.
Signed-off-by: Peng Tao <bergwolf@gmail.com>
Changed image-builder/image_builder.sh to
automatically calculate the size of the root disk
Fixes#25.
Signed-off-by: Harshal Patil <harshal.patil@in.ibm.com>
In case host not has requried programs allow build image
in a container when USE_DOCKER is set.
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
Rework the docs to make them simpler and more consistent. Also added of
contents and corrected a few mistakes.
Fixes#26.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
