Support for loading kernel modules got merged. kmod package is needed for
loading kernel modules in the guest.
fixes#341
Signed-off-by: Julio Montes <julio.montes@intel.com>
Don't install chrony, iptables-bin and util-linux-bin when AGENT_INIT=yes,
these packages are only needed when the init process is systemd.
Signed-off-by: Julio Montes <julio.montes@intel.com>
Add the option to build image and initrd using dracut.
Fixes: #311
Suggested-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Marco Vedovati <mvedovati@suse.com>
For some reason, busybox image crashed on fedora 30 rootfs on aarch64.
For now, we will switch back to use fedora 28.
Fixes: #334
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
Move some of the functions in rootfs.sh (generate_dockerfile,
detect_go_version) in scripts/lib.sh, to make those functions reusable
outside of rootfs.sh.
Signed-off-by: Marco Vedovati <mvedovati@suse.com>
Add the use case of provisioning an existing rootfs directory with the
components / configurations needed to generate a Kata compatible images.
This supports use cases such as using a rootfs built outside of
osbuilder, and providing a overlay for dracut built initrds.
Signed-off-by: Marco Vedovati <mvedovati@suse.com>
When the rootfs creation is used for PRs there is
not a match with a kata runtime version, in this
case lets clone the runtime repository and checkout
to the kata branch target. If is already cloned
this mean this was set by depens-on script or the user.
Fixes: #326
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
We are seeing sporadic failures in the rootfs creation as listed here:
https://github.com/kata-containers/tests/issues/1744
While this cannot be reproduced locally, there is no reason
for the failure to write to $ROOTFS_DIR/etc/chrony.conf unless the upper
directories are missing as this file should be created if it did not
exist earier.
So just create the etc directory to test out if we see these sporadic
failures in the CI.
Fixes#328
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
For euleros, it has supported aarch64 starting from v2.3,
but here is the sad part, there existed bugs in their 2.3.x image,
this bug existed in both x86_64 and aarch64 image.
related issue euleros/euleros-docker-images/#13
(https://github.com/euleros/euleros-docker-images/issues/13) has been raised.
Fixes: #320
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
Hypercall to implement virtual PTP was introduced in kernel 4.10
Have chrony run only if the device created by kvm-ptp exists.
Add this as a ConditionExists in the systemd service file.
This service if named as chrony.service in deb based distributions
rather than chronyd.service, although a systemd alias exists.
However it is not possible to come up with a generic `PATH` systemd
unit relying on the alias.
Fixes#308
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
On some distros (Debian, Ubuntu, openSUSE), tmp.mount is not
installed by default in /[etc|usr/lib]/systemd/system, but
just in /usr/shared/systemd, so it needs to be manually copied
there to have /tmp mounted as tmpfs.
Fixes: #317
Signed-off-by: Marco Vedovati <mvedovati@suse.com>
The current chrony service does not step the system clock,
so add the modification to do this if the adjustment is
larger than one second
Fixes: #316
Signed-off-by: Yang, Wei <wei.yang1@linux.alibaba.com>
When building locally (without Docker), the Go version installed on the
system, needed to build the agent, must satisfy the minimum Go version
requirement specified in runtime/versions.yaml.
Signed-off-by: Marco Vedovati <mvedovati@suse.com>
Detect the Go version required to build the agent from the versions.yaml
file in the runtime repository.
Fixes: #291
Signed-off-by: Marco Vedovati <mvedovati@suse.com>
This package contains mount command among several other commands.
Unlike other distros, this package is not auto-pulled with systemd.
Add this package explicitly.
Fixes#302
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Chrony service is not started because it requires a private temporal directory,
these directories can't be created in read-only filesystems. Create a symlink
to /tmp in /var allowing systemd to create private temporal directories.
fixes#280
Signed-off-by: Julio Montes <julio.montes@intel.com>
Remove the version of alpine used when pulling golang docker images.
This ensures the latest version of alpine is used and resolves the
maintenance issue when old versions of alpine are dropped.
Fixes: #293.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Replace "which" with "command", that's a bash built-in and should
not generate any stderr messages. This also fixex the spurious creating
of "1" file in the repo root because of a typo in stderr redirect.
Fixes: #286
Signed-off-by: Marco Vedovati <mvedovati@suse.com>
On some systems the "runc" runtime isn't available or has a different
name. Allow the user to override the Docker runtime.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Fixes: #268
rootfs.sh fails on machines with SELinux in enforcing mode if the
volumes aren't labelled.
This patch labels volumes so the container is able to access them.
In order to do this rootfs directory creation must be moved before the
Docker container is started. Previously docker-run(1) would create the
rootfs directory in the USE_DOCKER case.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Fixes: #266
KVM virtual PTP in linux kernel allows guest to sync its
clock to the host clock with high precision. kvm-ptp has been
enabled in our kernel. Add this as a source for `chrony` so that
it can be used to sync the guest system clock.
`chrony` needs to be started in the guest for time sync.
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
debian config seems to be missing PACKAGE variable altogether.
Add it along with appending chrony to the list.
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
chrony will be used to schronize guest clock with host
using kvm_ptp kernel driver.
This does add another active component to the rootfs
but keeping time scychorized is crucial.
Fixes#255
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
The `arch(1)` command is not available on some systems so use the
`uname(1)` command for the equivalent functionality.
Fixes#150.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Fix port URL detection for aarch64, and error out if an unknown
architecture is detected.
Fixes: #215
Signed-off-by: Marco Vedovati <mvedovati@suse.com>
Bump the golang version to 1.11.1, that is the "newest-version"
currently specified in the runtime version file.
Fixes: #208
Signed-off-by: Marco Vedovati <mvedovati@suse.com>
