Commit Graph

363 Commits

Author SHA1 Message Date
Dan Middleton
b980c62f43 packaging/kernel: Update kernel build doc
Clarify dependencies, correct typos, and fill in some gaps.

Fixes: #2422

Signed-off-by: Dan Middleton <dan.middleton@intel.com>
2021-08-12 12:14:58 -05:00
Dan Middleton
c23ffef4eb packaging/kernel: Remove old Jenkins pipeline
This Jenkins pipeline is no longer used and it references now archived
repos.

Fixes: #2422

Signed-off-by: Dan Middleton <dan.middleton@intel.com>
2021-08-12 12:14:58 -05:00
Jakob Naucke
6a6dee7cc8 osbuilder: Document no Alpine support on s390x
Alpine used to work as guest under 1.x, but because there is no musl
target for Rust on s390x, Alpine will not work for 2.x. Document this.

Fixes: #2436
Signed-off-by: Jakob Naucke <jakob.naucke@ibm.com>
2021-08-12 11:14:25 +02:00
Jakob Naucke
7effbdebcb osbuilder: Upgrade Ubuntu guest to 20.04
- no need to create `/usr/lib/systemd/systemd` link any more
- install `chrony` as extra package and install extra packages in chroot
  rather than `debootstrap`, because `chrony` provides `time-daemon`,
  which under 20.04 is provided by `systemd-timesyncd`, which is
  required by `systemd`, and `debootstrap`'s conflict resolvement can't
  handle this, but `apt`'s can.

Fixes: #2147
Depends-on: github.com/kata-containers/tests#3636
Signed-off-by: Jakob Naucke <jakob.naucke@ibm.com>
2021-08-10 16:31:21 +02:00
GabyCT
1ab55e5afd Merge pull request #2397 from dgibson/no-go-agent
osbuilder: Drop Go agent support
2021-08-10 09:13:00 -05:00
GabyCT
e287708435 Merge pull request #2246 from damon-kwok/main
kernel: PTP_KVM support for arm/arm64 in Kata
2021-08-10 09:11:48 -05:00
Jakob Naucke
f152284f1b Merge pull request #2411 from jongwu/clh
clh: correct cloud-hypervisor installation on non-x86
2021-08-10 10:39:57 +02:00
Damon Kwok
4fe23b190f kernel: PTP_KVM support for arm/arm64 in Kata
This work patched the 4.19, 5.4 and 5.10 kernels, and now ptp_kvm can work
correctly when the host and guest use different kernel versions..

Fixes: #2123

Signed-off-by: Damon Kwok <damon-kwok@outlook.com>
2021-08-10 11:04:28 +08:00
Jianyong Wu
f981fc6456 clh: correct cloud-hypervisor installation
Currently, there is cloud hypervisor binary released only for x86, thus
we must build from source code when install cloud hypervisor on arm64.

Fixes: #2410
Signed-off-by: Jianyong Wu <jianyong.wu@arm.com>
2021-08-09 15:56:28 +08:00
Fabiano Fidêncio
f87cee9d11 kata-deploy: Rely directly on a centos:7 image
Instead of relying on a centos/docker image, present only on dockerhub,
let's rely on the centos:7 image from the centos registry, and apply
the same modifications applied when generating the centos/systemd image.

The main reason for doing this is avoiding to update an image from 3
years ago, making the delta of the packages updated smaller.

If you're curious why we keep using CentOS 7 though, the reason is
because CentOS 8, and UBI images have a different systemd configuration
that works quite well when mounting the image using podman, but systemd
can't connect dbus when running on environments like AKS or even
minikube.  So, in order to be as compatible as possible, let's keep
using the CentOS 7 image for now, at least till we find a suitable
substitute for that.

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
2021-08-06 13:22:45 +02:00
Fabiano Fidêncio
15e0a3c8f0 kata-deploy: Remove unneeded yum cached files
Let's just remove the cached failes as those are not needed for anything
we do when using this image.

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
2021-08-06 11:01:58 +02:00
Fabiano Fidêncio
d01aebebae kata-deploy: Ensure the system is up-to-date
In order to avoid providing an image with security issues, let's ensure
we run `yum update` as part of our image build process.  This is needed
as even with the latest CentOS images there may be fix provided by some
CVE that's already part of the updates but not yet part of the image.

In our case, it's even more needed as the `centos/systemd` image has not
been updated for 3 years or so and those are the vulnerabilities found
in the current images:
https://quay.io/repository/kata-containers/kata-deploy?tab=tags

Fixes: #2303

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
2021-08-06 11:01:58 +02:00
Fabiano Fidêncio
f47cad3d95 tools: Update the image repository to quay.io
This can help our users to **not** hit the pull limitation imposed by
dockerhub.

Fixes: #2306

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
2021-08-05 22:53:20 +02:00
David Gibson
c867d1e069 osbuilder: Drop Go agent support
With Kata 1.x EOL, the Go agent is no more.  So, remove support for it from
the osbuilder scripts.  This removes the RUST_AGENT variable, treating it
as always true.

fixes #2396

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2021-08-05 16:10:10 +10:00
Julio Montes
03325f0612 Merge pull request #2382 from dgibson/prep-qemu-6.1
Update Kata to allow it to use Qemu 6.1
2021-08-04 09:16:06 -05:00
Jakob Naucke
b8133a188c osbuilder/dracut: Add missing libraries
When the guest is built using dracut and the agent uses glibc (esp.
ppc64le/s390x), libraries might be missing. In my case, it was
`libutil.so`, but more can be added easily. Add a script to configure
`install_items` for dracut w.r.t. `ldd` of the agent.

Fixes: #2384
Signed-off-by: Jakob Naucke <jakob.naucke@ibm.com>
2021-08-04 13:50:42 +02:00
Jakob Naucke
d473967120 Merge pull request #2379 from Jakob-Naucke/env-os-version
osbuilder: pass env OS_VERSION
2021-08-04 10:40:17 +02:00
David Gibson
831c2feead packaging: Remove reference to sheepdog driver
The QEMU sheepdog driver was deprecated in 5.2.0 and removed entirely in
6.1.  Explicitly disabling, therefore is unnecessary from 5.2.0 and will
give an error from 6.1.

fixes #2337

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2021-08-04 15:04:36 +10:00
David Gibson
2e28b71473 packaging: Drop support for qemu < 5.0
We only test qemu 5.2 in the CI (5.1 for ARM), and I believe we already
have some subtle dependencies that will stop things working on older qemu
versions.

We just updated govmm to a version that explicitly only works with qemu 5.0
and later, so we can drop stale checks for older qemu versions.  More
specifically that means we can drop patches for older qemu versions, and
remove checks for older qemu versions from configure-hypervisor.sh.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2021-08-04 15:04:36 +10:00
Carlos Venegas
b24ee4b11e Merge pull request #2369 from converge/issue_2354
tools: shorten directory path
2021-08-03 15:32:56 -05:00
Jakob Naucke
a72b08117f osbuilder: pass env OS_VERSION
With lines like
0a2e2c6038/tools/osbuilder/rootfs-builder/fedora/config.sh (L8)
we imply that one can set another OS_VERSION and it will get picked up.
This is not the case when building inside Docker/Podman because the
variable is not passed to the container, which can lead to confusion.
Forward this env.

Fixes: #2378
Signed-off-by: Jakob Naucke <jakob.naucke@ibm.com>
2021-08-03 18:28:17 +02:00
Samuel Ortiz
0a2e2c6038 Merge pull request #2358 from YchauWang/wyc-deploy-test
docs: update kata deploy README doc to add cloud-hypervisor test command
2021-08-03 10:55:13 +02:00
Joao Vanzuita
d007bb8550 kata-deploy: shorten directory path
long file paths are difficult to read, this change adds a new readonly variable to shorten the full file path of the static build folder files.

Fixes: #2354
Signed-off-by: Joao Vanzuita <joaovanzuita@me.com>
2021-08-02 22:37:39 +02:00
James O. D. Hunt
4f0726bc49 docs: Remove table of contents
Removed all TOCs now that GitHub auto-generates them.

Also updated the documentation requirements doc removing the requirement
to add a TOC.

Fixes: #2022.

Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
2021-07-30 10:58:22 +01:00
James O. D. Hunt
f186c5e284 docs: Fix invalid URLs
Correct broken / stale URLs as detected by the CI URL checker.

Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
2021-07-30 10:58:22 +01:00
James O. D. Hunt
7c610a6ff1 docs: Fix shell code
Correct the shell code in the packaging tools README to keep the CI
happy.

Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
2021-07-30 10:58:22 +01:00
wangyongchao.bj
80afba15ee docs: update kata deploy README doc to add cloud-hypervisor test command
Kata deploy README document only contains Firecracker and Qemu. This PR adds
 cloud-hypervisor test command to the README.md file.

Fixes: #2357

Signed-off-by: wangyongchao.bj <wangyongchao.bj@inspur.com>
2021-07-30 10:01:13 +08:00
wangyongchao.bj
5a0d3c4fac docs: update the kata release url in the kata deploy document
fixed the url error, updated the path to kata 2.x release
(https://github.com/kata-containers/kata-containers/releases) from kata 1.x release
(https://github.com/kata-containers/runtime/releases) in the kata-deploy README.md file.

Fixes: #2355.

Signed-off-by: wangyongchao.bj <wangyongchao.bj@inspur.com>
2021-07-30 09:50:30 +08:00
Fabiano Fidêncio
2d142bc92d Merge pull request #2155 from jcvenegas/kata-deploy-2021-06-29
kata-deploy: Allow build  kata-deploy  tarball from HEAD
2021-07-29 22:50:03 +02:00
Carlos Venegas
81e6bf6f2c kata-deploy: Split shimv2 build in a separate container.
Instead of install golang in the base container, split the shimv2 build.

Signed-off-by: Carlos Venegas <jos.c.venegas.munoz@intel.com>
2021-07-28 19:45:35 +00:00
Carlos Venegas
d46ae3248e kernel: build: Add container build
Add script to build kernel in a container.

Signed-off-by: Carlos Venegas <jos.c.venegas.munoz@intel.com>
2021-07-28 19:45:35 +00:00
Carlos Venegas
85987c6d79 kata-deploy: Add Makefile
Add makefile to document possible options to run.

e.g
Default: Create a kata tarball, it will build assets concurrently.
```
$ make

```

Create a tarball build for cloud-hypervisor.
```
$ make cloud-hypervisor
```

Signed-off-by: Carlos Venegas <jos.c.venegas.munoz@intel.com>
2021-07-28 19:45:35 +00:00
Carlos Venegas
b9d2eea39b kata-deploy: Add script to merge kata tarballs.
After each asset is build it is needed to merge them all into one single
tarball.

Signed-off-by: Carlos Venegas <jos.c.venegas.munoz@intel.com>
2021-07-28 19:45:35 +00:00
Carlos Venegas
4895747f35 Rootfs: Add curl to alpine rootfs builder.
If alpine image is created inside a container,
it does not get any golang version data. It will try
to get it by installing yq. To install yq curl is used.

Signed-off-by: Carlos Venegas <jos.c.venegas.munoz@intel.com>
2021-07-28 19:45:35 +00:00
Carlos Venegas
2f9859ab2f build: Reuse firecracker directory on builds.
kata-deploy buider now reuses the build directory, this
makes faster rebuilds. Update firecracker builder to
not fail if is called twice.

Signed-off-by: Carlos Venegas <jos.c.venegas.munoz@intel.com>
2021-07-28 19:45:35 +00:00
Carlos Venegas
3533a5b61d Packaging: stop using GOPATH for yq.
Use the yq installed in the env.  Needed
to build kata from docker. The container builder
has not an initial Go env.

Signed-off-by: Carlos Venegas <jos.c.venegas.munoz@intel.com>
2021-07-28 19:45:35 +00:00
Carlos Venegas
0c5ded4bd7 kata-deploy: build kata only with docker in host
Add script to build kata using docker.

Allow build kata-deploy binaries using docker.
kata-deploy-binaries-in-docker.sh is a wrapper of
kata-deploy-binaries.sh it will call kata-deploy-binaries.sh in a
container with all the dependencies installed.

Signed-off-by: Carlos Venegas <jos.c.venegas.munoz@intel.com>
2021-07-28 19:45:35 +00:00
GabyCT
24cbb97f68 Merge pull request #2298 from fgiudici/yq_latest_fix
osbuilder/scripts: add support to yq version 4 and above
2021-07-23 12:19:46 -05:00
Fabiano Fidêncio
d75c01bd67 Merge pull request #2186 from YchauWang/yc-osbuilder-arm
osbuilder: update centos arm rootfs image config 'GPG_KEY_ARCH_URL'
2021-07-23 11:17:08 +02:00
Carlos Venegas
8befb1f39f kata-deploy: Refactor builder options.
Update kata-deploy-binaries.sh cli options.

Add options to allow ask build a tarball for a specific asset.
It will help developers build a specific component and update
a kata-deploy installation. Also build each asset independetly
can help to create cache tarballs per asset in the future.

e.g. Build a tarball with shimv2.

```
./kata-deploy-binaries.sh --build=shim-v2
```

Additionally, the script path is moved to a new directory
as not only will work for releases.

Signed-off-by: Carlos Venegas <jos.c.venegas.munoz@intel.com>
2021-07-22 20:58:54 +00:00
Carlos Venegas
7125f5d8cf image-builder: Allow build image and initrd independently.
This will help to do concurrent builds and speedup CI.

Signed-off-by: Carlos Venegas <jos.c.venegas.munoz@intel.com>
2021-07-22 20:49:38 +00:00
Francesco Giudici
0f8c0dbc52 osbuilder/scripts: add support to yq version 4 and above
yq changed syntax in an incompatible way starting from version 4 and
above. Deal with that.

Fixes: #2297

Signed-off-by: Francesco Giudici <fgiudici@redhat.com>
2021-07-22 16:01:57 +02:00
Julio Montes
b4c45df885 runtime: tools/packaging/cmd/kata-pkgsync: fix govet fieldalignment
Fix structures alignment

Signed-off-by: Julio Montes <julio.montes@intel.com>
2021-07-20 12:09:54 -05:00
Bin Liu
6b00806bb8 Merge pull request #2243 from egernst/bump-tokio
agent/agent-ctl: update tokio to 1.8.1
2021-07-20 13:56:32 +08:00
wangyongchao.bj
3882619471 osbuilder: update centos arm rootfs image config 'GPG_KEY_ARCH_URL'
fix GPG_KEY_ARCH_URL config of centos's config_aarch64,
update to "http://mirror.centos.org/altarch/7/os/aarch64/RPM-GPG-KEY-CentOS-7".

Fixes: #2181

Signed-off-by: wangyongchao.bj <wangyongchao.bj@inspur.com>
2021-07-20 13:49:17 +08:00
Bin Liu
1da8fa1655 Merge pull request #2171 from liubin/feature/delete-golang-for-rootfs-builder
osbuilder: Skip installing golang for building rootfs
2021-07-19 17:06:57 +08:00
bin
b12b21f337 osbuilder: Skip installing golang for building rootfs
Building rootfs does not depend on golang, delete intalling
golang may save build time.

And there is only rust agent now, the code for golang agent should
be deleted too.

Fixes: #2170

Signed-off-by: bin <bin@hyper.sh>
2021-07-15 23:59:15 +08:00
bin
27b299b2a7 agent-ctl: Use a common Makefile style like other components
Update Makfile like other components, and remove the -v option of
cargo build commond.

Fixes: #2244

Signed-off-by: bin <bin@hyper.sh>
2021-07-15 12:59:58 +08:00
Eric Ernst
0508469994 agent-ctl: bump to latest tokio
Update tokio to get latest fixes, including RUSTSEC-2021-0072

Signed-off-by: Eric Ernst <eric_ernst@apple.com>
2021-07-14 17:18:43 -07:00
Fabiano Fidêncio
fdf9731992 kata-deploy: Use the correct image for kata-deploy
While doing the release we've faced the following issue:
```
  Dockerfile for action: '/home/runner/work/kata-containers/kata-containers/./packaging/kata-deploy/action/Dockerfile'.
  /usr/bin/docker build -t 8a33c1:c0625fe487ce5e4c8217747bef28861f -f "/home/runner/work/kata-containers/kata-containers/./packaging/kata-deploy/action/Dockerfile" "/home/runner/work/kata-containers/kata-containers/packaging/kata-deploy/action"
  Sending build context to Docker daemon  15.87kB
  Step 1/12 : FROM microsoft/azure-cli:latest
  pull access denied for microsoft/azure-cli, repository does not exist or may require 'docker login': denied: requested access to the resource is denied
```

Carlos pointed out that the image has gone awry and that we could use
mcr.microsoft.com/azure-cli instead.

Fixes: #2240

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
2021-07-15 00:03:11 +02:00