Alpine used to work as guest under 1.x, but because there is no musl
target for Rust on s390x, Alpine will not work for 2.x. Document this.
Fixes: #2436
Signed-off-by: Jakob Naucke <jakob.naucke@ibm.com>
- no need to create `/usr/lib/systemd/systemd` link any more
- install `chrony` as extra package and install extra packages in chroot
rather than `debootstrap`, because `chrony` provides `time-daemon`,
which under 20.04 is provided by `systemd-timesyncd`, which is
required by `systemd`, and `debootstrap`'s conflict resolvement can't
handle this, but `apt`'s can.
Fixes: #2147
Depends-on: github.com/kata-containers/tests#3636
Signed-off-by: Jakob Naucke <jakob.naucke@ibm.com>
This work patched the 4.19, 5.4 and 5.10 kernels, and now ptp_kvm can work
correctly when the host and guest use different kernel versions..
Fixes: #2123
Signed-off-by: Damon Kwok <damon-kwok@outlook.com>
Currently, there is cloud hypervisor binary released only for x86, thus
we must build from source code when install cloud hypervisor on arm64.
Fixes: #2410
Signed-off-by: Jianyong Wu <jianyong.wu@arm.com>
Instead of relying on a centos/docker image, present only on dockerhub,
let's rely on the centos:7 image from the centos registry, and apply
the same modifications applied when generating the centos/systemd image.
The main reason for doing this is avoiding to update an image from 3
years ago, making the delta of the packages updated smaller.
If you're curious why we keep using CentOS 7 though, the reason is
because CentOS 8, and UBI images have a different systemd configuration
that works quite well when mounting the image using podman, but systemd
can't connect dbus when running on environments like AKS or even
minikube. So, in order to be as compatible as possible, let's keep
using the CentOS 7 image for now, at least till we find a suitable
substitute for that.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Let's just remove the cached failes as those are not needed for anything
we do when using this image.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
In order to avoid providing an image with security issues, let's ensure
we run `yum update` as part of our image build process. This is needed
as even with the latest CentOS images there may be fix provided by some
CVE that's already part of the updates but not yet part of the image.
In our case, it's even more needed as the `centos/systemd` image has not
been updated for 3 years or so and those are the vulnerabilities found
in the current images:
https://quay.io/repository/kata-containers/kata-deploy?tab=tagsFixes: #2303
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
With Kata 1.x EOL, the Go agent is no more. So, remove support for it from
the osbuilder scripts. This removes the RUST_AGENT variable, treating it
as always true.
fixes#2396
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
When the guest is built using dracut and the agent uses glibc (esp.
ppc64le/s390x), libraries might be missing. In my case, it was
`libutil.so`, but more can be added easily. Add a script to configure
`install_items` for dracut w.r.t. `ldd` of the agent.
Fixes: #2384
Signed-off-by: Jakob Naucke <jakob.naucke@ibm.com>
The QEMU sheepdog driver was deprecated in 5.2.0 and removed entirely in
6.1. Explicitly disabling, therefore is unnecessary from 5.2.0 and will
give an error from 6.1.
fixes#2337
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
We only test qemu 5.2 in the CI (5.1 for ARM), and I believe we already
have some subtle dependencies that will stop things working on older qemu
versions.
We just updated govmm to a version that explicitly only works with qemu 5.0
and later, so we can drop stale checks for older qemu versions. More
specifically that means we can drop patches for older qemu versions, and
remove checks for older qemu versions from configure-hypervisor.sh.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
With lines like
0a2e2c6038/tools/osbuilder/rootfs-builder/fedora/config.sh (L8)
we imply that one can set another OS_VERSION and it will get picked up.
This is not the case when building inside Docker/Podman because the
variable is not passed to the container, which can lead to confusion.
Forward this env.
Fixes: #2378
Signed-off-by: Jakob Naucke <jakob.naucke@ibm.com>
long file paths are difficult to read, this change adds a new readonly variable to shorten the full file path of the static build folder files.
Fixes: #2354
Signed-off-by: Joao Vanzuita <joaovanzuita@me.com>
Removed all TOCs now that GitHub auto-generates them.
Also updated the documentation requirements doc removing the requirement
to add a TOC.
Fixes: #2022.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Kata deploy README document only contains Firecracker and Qemu. This PR adds
cloud-hypervisor test command to the README.md file.
Fixes: #2357
Signed-off-by: wangyongchao.bj <wangyongchao.bj@inspur.com>
Add makefile to document possible options to run.
e.g
Default: Create a kata tarball, it will build assets concurrently.
```
$ make
```
Create a tarball build for cloud-hypervisor.
```
$ make cloud-hypervisor
```
Signed-off-by: Carlos Venegas <jos.c.venegas.munoz@intel.com>
If alpine image is created inside a container,
it does not get any golang version data. It will try
to get it by installing yq. To install yq curl is used.
Signed-off-by: Carlos Venegas <jos.c.venegas.munoz@intel.com>
kata-deploy buider now reuses the build directory, this
makes faster rebuilds. Update firecracker builder to
not fail if is called twice.
Signed-off-by: Carlos Venegas <jos.c.venegas.munoz@intel.com>
Use the yq installed in the env. Needed
to build kata from docker. The container builder
has not an initial Go env.
Signed-off-by: Carlos Venegas <jos.c.venegas.munoz@intel.com>
Add script to build kata using docker.
Allow build kata-deploy binaries using docker.
kata-deploy-binaries-in-docker.sh is a wrapper of
kata-deploy-binaries.sh it will call kata-deploy-binaries.sh in a
container with all the dependencies installed.
Signed-off-by: Carlos Venegas <jos.c.venegas.munoz@intel.com>
Update kata-deploy-binaries.sh cli options.
Add options to allow ask build a tarball for a specific asset.
It will help developers build a specific component and update
a kata-deploy installation. Also build each asset independetly
can help to create cache tarballs per asset in the future.
e.g. Build a tarball with shimv2.
```
./kata-deploy-binaries.sh --build=shim-v2
```
Additionally, the script path is moved to a new directory
as not only will work for releases.
Signed-off-by: Carlos Venegas <jos.c.venegas.munoz@intel.com>
yq changed syntax in an incompatible way starting from version 4 and
above. Deal with that.
Fixes: #2297
Signed-off-by: Francesco Giudici <fgiudici@redhat.com>
Building rootfs does not depend on golang, delete intalling
golang may save build time.
And there is only rust agent now, the code for golang agent should
be deleted too.
Fixes: #2170
Signed-off-by: bin <bin@hyper.sh>
While doing the release we've faced the following issue:
```
Dockerfile for action: '/home/runner/work/kata-containers/kata-containers/./packaging/kata-deploy/action/Dockerfile'.
/usr/bin/docker build -t 8a33c1:c0625fe487ce5e4c8217747bef28861f -f "/home/runner/work/kata-containers/kata-containers/./packaging/kata-deploy/action/Dockerfile" "/home/runner/work/kata-containers/kata-containers/packaging/kata-deploy/action"
Sending build context to Docker daemon 15.87kB
Step 1/12 : FROM microsoft/azure-cli:latest
pull access denied for microsoft/azure-cli, repository does not exist or may require 'docker login': denied: requested access to the resource is denied
```
Carlos pointed out that the image has gone awry and that we could use
mcr.microsoft.com/azure-cli instead.
Fixes: #2240
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
