diff --git a/0999-osbuilder-Adjust-agent_version-for-our-builds.patch b/0999-osbuilder-Adjust-agent_version-for-our-builds.patch new file mode 100644 index 0000000000000000000000000000000000000000..baca5aade4e891cfb865306443721f301506abe9 --- /dev/null +++ b/0999-osbuilder-Adjust-agent_version-for-our-builds.patch @@ -0,0 +1,33 @@ +From f1b45ad2295eb260d0c53f6d90ede35b4b2ad510 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= +Date: Wed, 1 Sep 2021 17:39:17 -0300 +Subject: [PATCH] Adjust agent_version for our builds +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +As we move things around when installing osbuilder, we need to adapt +where we get the agent_version from. + +Signed-off-by: Fabiano FidĂȘncio +--- + tools/osbuilder/scripts/lib.sh | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/tools/osbuilder/scripts/lib.sh b/tools/osbuilder/scripts/lib.sh +index 33a01f0..4225741 100644 +--- a/tools/osbuilder/scripts/lib.sh ++++ b/tools/osbuilder/scripts/lib.sh +@@ -164,8 +164,7 @@ create_summary_file() + local agent="${AGENT_DEST}" + [ "$AGENT_INIT" = yes ] && agent="${init}" + +- local -r agentdir="${script_dir}/../../../" +- local -r agent_version=$(cat ${agentdir}/VERSION) ++ agent_version=$(cat "${script_dir}/../../VERSION") + + cat >"$file"<<-EOF + --- +-- +2.37.2 + diff --git a/1000-Remove-shebang-in-non-executable-completion-script.patch b/1000-Remove-shebang-in-non-executable-completion-script.patch new file mode 100644 index 0000000000000000000000000000000000000000..612248488e752696ab8a68e28b62c49b06ceb9f8 --- /dev/null +++ b/1000-Remove-shebang-in-non-executable-completion-script.patch @@ -0,0 +1,25 @@ +From 1c65024709d7c28bf78b42c59a135df17513d78d Mon Sep 17 00:00:00 2001 +From: Christophe de Dinechin +Date: Thu, 12 Sep 2019 12:57:39 +0200 +Subject: [PATCH] Remove shebang in non-executable completion script + +Raised during package review [1] by rpmlint + +[1] https://bugzilla.redhat.com/show_bug.cgi?id=1590425#c8 + +Signed-off-by: Christophe de Dinechin +--- + src/runtime/data/completions/bash/kata-runtime | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/src/runtime/data/completions/bash/kata-runtime b/src/runtime/data/completions/bash/kata-runtime +index c293483..58ab978 100644 +--- a/src/runtime/data/completions/bash/kata-runtime ++++ b/src/runtime/data/completions/bash/kata-runtime +@@ -1,4 +1,3 @@ +-#!/usr/bin/env bash + # + # Copyright (c) 2018 Intel Corporation + # +-- +2.21.0 diff --git a/1001-upcall-omit-upcall-patch-first.patch b/1001-upcall-omit-upcall-patch-first.patch deleted file mode 100644 index 976a35ba7063bfeb11051c8f40e244115192a496..0000000000000000000000000000000000000000 --- a/1001-upcall-omit-upcall-patch-first.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 29b4e3f34bda8c42cd9937b0d5de0ead457259ce Mon Sep 17 00:00:00 2001 -From: Chao Wu -Date: Tue, 18 Oct 2022 18:06:51 +0800 -Subject: [PATCH 1/2] upcall: omit upcall patch first - -3.0.0 has not supported upcall in Dragonball yet. So we delete dbs-upcall from the Cargo.toml. - -Signed-off-by: Chao Wu ---- - src/dragonball/Cargo.toml | 1 - - src/runtime-rs/Cargo.toml | 1 - - 2 files changed, 2 deletions(-) - -diff --git a/src/dragonball/Cargo.toml b/src/dragonball/Cargo.toml -index df8286bfe..772aa539e 100644 ---- a/src/dragonball/Cargo.toml -+++ b/src/dragonball/Cargo.toml -@@ -58,7 +58,6 @@ virtio-fs = ["dbs-virtio-devices/virtio-fs", "virtio-queue", "atomic-guest-memor - dbs-device = { git = "https://github.com/openanolis/dragonball-sandbox.git", rev = "7a8e832b53d66994d6a16f0513d69f540583dcd0" } - dbs-interrupt = { git = "https://github.com/openanolis/dragonball-sandbox.git", rev = "7a8e832b53d66994d6a16f0513d69f540583dcd0" } - dbs-legacy-devices = { git = "https://github.com/openanolis/dragonball-sandbox.git", rev = "7a8e832b53d66994d6a16f0513d69f540583dcd0" } --dbs-upcall = { git = "https://github.com/openanolis/dragonball-sandbox.git", rev = "7a8e832b53d66994d6a16f0513d69f540583dcd0" } - dbs-utils = { git = "https://github.com/openanolis/dragonball-sandbox.git", rev = "7a8e832b53d66994d6a16f0513d69f540583dcd0" } - dbs-virtio-devices = { git = "https://github.com/openanolis/dragonball-sandbox.git", rev = "7a8e832b53d66994d6a16f0513d69f540583dcd0" } - dbs-boot = { git = "https://github.com/openanolis/dragonball-sandbox.git", rev = "7a8e832b53d66994d6a16f0513d69f540583dcd0" } -diff --git a/src/runtime-rs/Cargo.toml b/src/runtime-rs/Cargo.toml -index 470b29a64..c0dc0dfc3 100644 ---- a/src/runtime-rs/Cargo.toml -+++ b/src/runtime-rs/Cargo.toml -@@ -11,4 +11,3 @@ dbs-legacy-devices = { git = "https://github.com/openanolis/dragonball-sandbox.g - dbs-virtio-devices = { git = "https://github.com/openanolis/dragonball-sandbox.git", rev = "7a8e832b53d66994d6a16f0513d69f540583dcd0" } - dbs-boot = { git = "https://github.com/openanolis/dragonball-sandbox.git", rev = "7a8e832b53d66994d6a16f0513d69f540583dcd0" } - dbs-arch = { git = "https://github.com/openanolis/dragonball-sandbox.git", rev = "7a8e832b53d66994d6a16f0513d69f540583dcd0" } --dbs-upcall = { git = "https://github.com/openanolis/dragonball-sandbox.git", rev = "7a8e832b53d66994d6a16f0513d69f540583dcd0" } --- -2.31.1 - diff --git a/1002-toml-add-LifseaOS-introduction-in-Kata-config-toml.patch b/1002-toml-add-LifseaOS-introduction-in-Kata-config-toml.patch deleted file mode 100644 index 8f8e57b9ff5befba4815c32f25819403e0ea8065..0000000000000000000000000000000000000000 --- a/1002-toml-add-LifseaOS-introduction-in-Kata-config-toml.patch +++ /dev/null @@ -1,46 +0,0 @@ -From f80bf1718fdb9b514defcfd8b5fb22993c1153d8 Mon Sep 17 00:00:00 2001 -From: Chao Wu -Date: Tue, 18 Oct 2022 18:12:34 +0800 -Subject: [PATCH 2/2] toml: add LifseaOS introduction in Kata config toml - -Signed-off-by: Chao Wu ---- - src/runtime-rs/config/configuration-dragonball.toml.in | 5 +++++ - src/runtime/config/configuration-qemu.toml.in | 5 +++++ - 2 files changed, 10 insertions(+) - -diff --git a/src/runtime-rs/config/configuration-dragonball.toml.in b/src/runtime-rs/config/configuration-dragonball.toml.in -index cb8d7aeee..8cb07dc1b 100644 ---- a/src/runtime-rs/config/configuration-dragonball.toml.in -+++ b/src/runtime-rs/config/configuration-dragonball.toml.in -@@ -15,6 +15,11 @@ - path = "@DBPATH@" - ctlpath = "@DBCTLPATH@" - kernel = "@KERNELPATH_DB@" -+# We use LifseaOS as default rootfs and LifseaOS is introduced by OpenAnolis with lots of optimizations on container workload. -+# We recommand you to try Lifsea0S but if you want to switch to other rootfs, please remember to delete -+# init=/ostree/boot.1/Lifsea0S/latest/0/usr/lib/ostree/ostree-prepare-root ostree=/ostree/boot.1/Lifsea0S/latest/0 varetc-ro -+# from the kernel_params configuration part down below. -+# Also, you could tell us why you switch in OpenAnolis Community and we'll promise to follow up with the issues. - image = "@IMAGEPATH@" - - # List of valid annotation names for the hypervisor -diff --git a/src/runtime/config/configuration-qemu.toml.in b/src/runtime/config/configuration-qemu.toml.in -index d0a711dcf..bfd178361 100644 ---- a/src/runtime/config/configuration-qemu.toml.in -+++ b/src/runtime/config/configuration-qemu.toml.in -@@ -15,6 +15,11 @@ - path = "@QEMUPATH@" - kernel = "@KERNELPATH@" -+# We use LifseaOS as default rootfs and LifseaOS is introduced by OpenAnolis with lots of optimizations on container workload. -+# We recommand you to try Lifsea0S but if you want to switch to other rootfs, please remember to delete -+# init=/ostree/boot.1/Lifsea0S/latest/0/usr/lib/ostree/ostree-prepare-root ostree=/ostree/boot.1/Lifsea0S/latest/0 varetc-ro -+# from the kernel_params configuration part down below. -+# Also, you could tell us why you switch in OpenAnolis Community and we'll promise to follow up with the issues. - image = "@IMAGEPATH@" - machine_type = "@MACHINETYPE@" - - # Enable confidential guest support. --- -2.31.1 - diff --git a/15-dracut.conf b/15-dracut.conf new file mode 100644 index 0000000000000000000000000000000000000000..c4ced5d55eafd1d2be4be7b3696ec697d8c87074 --- /dev/null +++ b/15-dracut.conf @@ -0,0 +1,27 @@ +# Custom Fedora dracut config for kata initrd/rootfs generation + + +# Fedora: kernel drivers we want in the initrd. +drivers+=" " +# virtio vsock +drivers+=" vmw_vsock_virtio_transport " +# virtio net +drivers+=" virtio_net " +# virtio fs +drivers+=" virtiofs " +# virtio block +drivers+=" virtio_blk " +# virtio scsi +drivers+=" virtio_scsi " +# virtio serial. Could be dropped eventually, vsock covers us +drivers+=" virtio_console " +# virtio 9p. Could be dropped eventually, virtio-fs covers us +drivers+=" 9p 9pnet_virtio " +# vfio +drivers+=" vfio-pci vfio vfio_iommu_type1 irqbypass vfio_virqfd " + + +# Fedora: extra dracut modules +dracutmodules+=" " +# These aid debugging +dracutmodules+=" bash busybox rescue " diff --git a/50-kata b/50-kata new file mode 100644 index 0000000000000000000000000000000000000000..d9223d2a48e8d5a337a46e942b61df1604ed285d --- /dev/null +++ b/50-kata @@ -0,0 +1,5 @@ +[crio.runtime.runtimes.kata] + runtime_path = "/usr/bin/containerd-shim-kata-v2" + runtime_type = "vm" + runtime_root = "/run/vc" + privileged_without_host_devices = true diff --git a/download b/download new file mode 100644 index 0000000000000000000000000000000000000000..4f118b74484e79d3e40a561b460f65a632cd66da --- /dev/null +++ b/download @@ -0,0 +1 @@ +742a1e5874d34aefe290b949f37debcc kata-containers-3.2.0-vendor.tar.gz diff --git a/kata-containers-3.0.0-vendor.tar.gz b/kata-containers-3.0.0-vendor.tar.gz deleted file mode 100644 index 95b1a6808275192483a38284b5d7139b9ee1a990..0000000000000000000000000000000000000000 Binary files a/kata-containers-3.0.0-vendor.tar.gz and /dev/null differ diff --git a/kata-containers-3.0.0.tar.gz b/kata-containers-3.0.0.tar.gz deleted file mode 100644 index e8fbd4ce6d547934c47463571b4cff4b67bcdf79..0000000000000000000000000000000000000000 Binary files a/kata-containers-3.0.0.tar.gz and /dev/null differ diff --git a/vmlinux.container b/kata-containers-3.2.0.tar.gz old mode 100755 new mode 100644 similarity index 37% rename from vmlinux.container rename to kata-containers-3.2.0.tar.gz index 5888b9c08d86a4ab022f461b266d32ce1daf430c..5512a57e81d4affff896407b6f4c99de57ada014 Binary files a/vmlinux.container and b/kata-containers-3.2.0.tar.gz differ diff --git a/kata-containers.img b/kata-containers.img deleted file mode 100644 index f12916853c67d489249529c9e57498d8dc7ae354..0000000000000000000000000000000000000000 Binary files a/kata-containers.img and /dev/null differ diff --git a/kata-containers.spec b/kata-containers.spec index e11af58389b532a6531f5807a11916131269083f..d036d57bdcd72bfa71ec1282f5807d232557a91b 100644 --- a/kata-containers.spec +++ b/kata-containers.spec @@ -1,7 +1,7 @@ -%define anolis_release 2 +%define anolis_release 1 +# go-rpm-macros are not available on RHEL. %global have_go_rpm_macros 0 - %global with_debug 0 # Shamelessly copied from CRI-O spec file. @@ -30,7 +30,7 @@ %endif # htps://github.com/kata-containers/kata-containers -Version: 3.0.0 +Version: 3.2.0 %global tag %{version}%{?rcstr} %global domain github.com @@ -57,15 +57,19 @@ workload isolation and security advantages of VMs. https://katacontainers.io/.} Name: %{repo} Release: %{anolis_release}%{?rcrel}%{?dist} Summary: Kata Containers version 3.x repository -License: ASL 2.0 +License: Apache-2.0 Url: https://%{download} Source0: https://%{download}/archive/%{version}%{?rcstr}/%{repo}-%{version}%{?rcstr}.tar.gz Source1: https://%{download}/releases/download/%{version}/%{repo}-%{version}%{?rcstr}-vendor.tar.gz -Source2: kata-containers.img -Source3: vmlinux.container +Source2: kata-osbuilder.sh +Source3: kata-osbuilder-generate.service +Source4: 15-dracut.conf +Source5: 50-kata + +# Keep this patch downstream as it'd be hard to justify such change upstream +Patch0999: 0999-osbuilder-Adjust-agent_version-for-our-builds.patch +Patch1000: 1000-Remove-shebang-in-non-executable-completion-script.patch -Patch1001: 1001-upcall-omit-upcall-patch-first.patch -Patch1002: 1002-toml-add-LifseaOS-introduction-in-Kata-config-toml.patch %if 0%{?have_go_rpm_macros} BuildRequires: go-rpm-macros @@ -86,6 +90,7 @@ BuildRequires: protobuf-compiler # %%check requirements BuildRequires: dracut BuildRequires: kernel +BuildRequires: busybox %if 0%{?bundled_rust_deps} BuildRequires: cargo @@ -127,9 +132,13 @@ BuildRequires: crate(rustjail/default) >= 0.0.0 BuildRequires: crate(ttrpc/default) >= 0.0.0 %endif +Requires: busybox Requires: dracut Requires: kernel -Requires: qemu-kvm-core >= 4.2.0 +Requires: qemu-kvm-core >= 4.2.0-4 +# For /usr/libexec/virtiofsd +Requires: (virtiofsd or qemu-virtiofsd) +Suggests: virtiofsd Conflicts: kata-agent Conflicts: kata-ksm-throttler @@ -139,7 +148,7 @@ Conflicts: kata-runtime Conflicts: kata-shim # Currently we only support x86_64, we will add aarch64 support in the future. -ExclusiveArch: x86_64 +ExcludeArch: x86_64 %description %{common_description} @@ -151,11 +160,13 @@ ExclusiveArch: x86_64 # The machine type uses a modern default # The kernel parameters workaround an issue with cgroupsv2 after kernel 5.3 # To-do: add BUILDFLAGS=gobuildflags when the macro becomes available -%global qemu qemu-kvm -%global qemupath %{_libexecdir}/%{qemu} +%global qemu qemu-system-%{_arch} +%global qemupath %{_bindir}/%{qemu} # The machine type to be used is architecture specific: # aarch64: virt +# ppc64le: pseries +# s390x: s390-ccw-virtio # x86_64: q35 %ifarch aarch64 %global machinetype "virt" @@ -164,29 +175,16 @@ ExclusiveArch: x86_64 %global machinetype "q35" %endif +%global kata_build_dir %{repo}-%{version}%{?rcstr} %global katadatadir %{_datadir}/kata-containers -%global katadefaults %{_datadir}/defaults/kata-containers +%global katadefaults %{katadatadir}/defaults %global katacache %{_localstatedir}/cache %global katalibexecdir %{_libexecdir}/kata-containers %global katalocalstatecachedir %{katacache}/kata-containers %global kataagentdir %{katalibexecdir}/agent %global kataosbuilderdir %{katalibexecdir}/osbuilder - -%global runtime_rs_make_vars KERNELTYPE="compressed" \\\ - DEFSHAREDFS="virtio-fs" \\\ - DEFVIRTIOFSDAEMON=%{_libexecdir}/"virtiofsd" \\\ - DEFVIRTIOFSCACHESIZE=0 \\\ - DEFSANDBOXCGROUPONLY=true \\\ - SKIP_GO_VERSION_CHECK=y \\\ - MACHINETYPE=%{machinetype} \\\ - SCRIPTS_DIR=%{_bindir} \\\ - DESTDIR=%{buildroot} \\\ - DEFAULTSDIR=%{katadefaults} \\\ - CONFDIR=%{katadefaults} \\\ - FEATURE_SELINUX="yes" \\\ - DEFENABLEANNOTATIONS=['\\\".*\\\"'] \\\ - LIBC=gnu +%global rust_make_vars LIBC=gnu %global runtime_make_vars QEMUPATH=%{qemupath} \\\ KERNELTYPE="compressed" \\\ @@ -198,18 +196,21 @@ ExclusiveArch: x86_64 MACHINETYPE=%{machinetype} \\\ SCRIPTS_DIR=%{_bindir} \\\ DESTDIR=%{buildroot} \\\ - PREFIX=/usr/runtime-go \\\ - IMAGEPATH=%{katadatadir}/kata-containers.img \\\ - KERNELPATH=%{katadatadir}/vmlinux.container \\\ + PREFIX=/usr \\\ DEFAULTSDIR=%{katadefaults} \\\ CONFDIR=%{katadefaults} \\\ FEATURE_SELINUX="yes" \\\ - DEFENABLEANNOTATIONS=['\\\".*\\\"'] + DEFENABLEANNOTATIONS=['\\\".*\\\"'] + +%global agent_make_vars %{rust_make_vars} \\\ + DESTDIR=%{buildroot}%{kataagentdir} +%global log_parser_vars %{rust_make_vars} \\\ + BINDIR=%{buildroot}%{_bindir} %prep -%autosetup -p1 -n %{repo}-%{version}%{?rcstr} +%autosetup -S git -p1 -n %{kata_build_dir} -cd %{_builddir}/%{repo}-%{version}%{?rcstr} +cd %{_builddir}/%{kata_build_dir} tar -xf %{SOURCE1} # Not using gobuild here in order to stick to how upstream builds @@ -219,15 +220,25 @@ export PATH=$PATH:"$(pwd)/go/bin" export GOPATH="$(pwd)/go" mkdir -p go/src/%{domain}/%{org} -ln -s $(pwd)/../%{repo}-%{version}%{?rcstr} go/src/%{importname} +ln -s $(pwd)/../%{kata_build_dir} go/src/%{importname} cd go/src/%{importname} pushd src/runtime %make_build %{runtime_make_vars} popd -pushd src/runtime-rs -%make_build %{runtime_rs_make_vars} +pushd src/agent +%make_build %{agent_make_vars} +touch kata-agent +popd + +pushd src/tools/log-parser +%make_build %{log_parser_vars} +popd + +pushd tools/osbuilder +# Manually build nsdax tool +gcc %{build_cflags} image-builder/nsdax.gpl.c -o nsdax popd # Not using gopkginstall here in order to stick to how upstream builds @@ -243,41 +254,127 @@ pushd src/runtime %make_install %{runtime_make_vars} popd -pushd src/runtime-rs -%make_install %{runtime_rs_make_vars} +pushd src/agent +%make_install %{agent_make_vars} +popd + +pushd src/tools/log-parser +%make_install %{log_parser_vars} popd -# Add kernel_params for LifseaOS -sed -i '/kernel_params/s/\"$/ init=\/ostree\/boot.1\/LifseaOS\/latest\/0\/usr\/lib\/ostree\/ostree-prepare-root ostree=\/ostree\/boot.1\/LifseaOS\/latest\/0 varetc-ro\"/g' %{buildroot}%{katadefaults}/configuration-dragonball.toml -sed -i '/kernel_params/s/\"$/ init=\/ostree\/boot.1\/LifseaOS\/latest\/0\/usr\/lib\/ostree\/ostree-prepare-root ostree=\/ostree\/boot.1\/LifseaOS\/latest\/0 varetc-ro\"/g' %{buildroot}%{katadefaults}/configuration-qemu.toml +pushd tools/osbuilder +rm .gitignore +rm rootfs-builder/.gitignore +mkdir -p %{buildroot}%{katalocalstatecachedir} + +install -m 0644 -D -t %{buildroot}%{_unitdir} %{SOURCE3} +install -m 0755 -D -t %{buildroot}%{kataosbuilderdir} nsdax +install -m 0644 -D -t %{buildroot}%{kataosbuilderdir} %{SOURCE2} + +cp -aR rootfs-builder %{buildroot}%{kataosbuilderdir} +cp -aR image-builder %{buildroot}%{kataosbuilderdir} +cp -aR initrd-builder %{buildroot}%{kataosbuilderdir} +cp -aR scripts %{buildroot}%{kataosbuilderdir} +cp -aR dracut %{buildroot}%{kataosbuilderdir} + +rm -f %{buildroot}%{kataosbuilderdir}/image-builder/nsdax.gpl.c +install -m 0644 -D -t %{buildroot}%{kataosbuilderdir}/dracut/dracut.conf.d/ %{SOURCE4} +chmod +x %{buildroot}%{kataosbuilderdir}/scripts/lib.sh +chmod +x %{buildroot}%{kataosbuilderdir}/kata-osbuilder.sh +popd + +# Install the CRI-O config drop-in file +install -m 0644 -D -t %{buildroot}%{_sysconfdir}/crio/crio.conf.d %{SOURCE5} + +# Disable the image= option, so we use initrd= by default +# The kernels kata-osbuilder creates are in /var/cache now, see rhbz#1792216 +sed -i -e 's|^kernel = "%{_datadir}|kernel = "%{katacache}|' \ + -e 's|^image = "%{_datadir}/kata-containers/kata-containers.img"|initrd = "%{katacache}/kata-containers/kata-containers-initrd.img"|' \ + %{buildroot}%{katadefaults}/configuration.toml + +# Enable vsock as transport instead of virtio-serial +sed -i -e 's/^#use_vsock =/use_vsock =/' %{buildroot}%{katadefaults}/configuration.toml + +# We could be run in a mock chroot, where uname will report +# different kernel than what we have installed in the chroot. +# So we need to determine a valid kernel version to test against. +for kernelpath in /lib/modules/*/vmlinu*; do + KVERSION="$(echo $kernelpath | cut -d "/" -f 4)" + break +done +TEST_MODE=1 %{buildroot}%{kataosbuilderdir}/kata-osbuilder.sh \ + -o %{buildroot}%{kataosbuilderdir} \ + -k "$KVERSION" \ + -a %{buildroot} + + +%preun +%systemd_preun kata-osbuilder-generate.service + +%postun +%systemd_postun kata-osbuilder-generate.service + +%post +%systemd_post kata-osbuilder-generate.service +# Skip running this on Fedora CoreOS / Red Hat CoreOS +if test -w %{katalocalstatecachedir}; then + TMPOUT="$(mktemp -t kata-rpm-post-XXXXXX.log)" + echo "Creating kata appliance initrd..." + %{kataosbuilderdir}/kata-osbuilder.sh > ${TMPOUT} 2>&1 + if test "$?" != "0" ; then + echo "Building failed. Here is the log details:" + cat ${TMPOUT} + exit 1 + fi +fi -install -m 0755 -D -t %{buildroot}%{katadatadir} %{SOURCE2} -install -m 0755 -D -t %{buildroot}%{katadatadir} %{SOURCE3} %files # runtime -/usr/local/bin/containerd-shim-kata-v2 -/usr/runtime-go/bin/containerd-shim-kata-v2 +%{_bindir}/kata-runtime +%{_bindir}/kata-monitor +%{_bindir}/containerd-shim-kata-v2 +%{_bindir}/kata-collect-data.sh %dir %{katalibexecdir} %{katalibexecdir}/VERSION %dir %{katadatadir} %dir %{katadefaults} %{katadefaults}/configuration.toml -%{katadefaults}/configuration-dragonball.toml +%{_datadir}/bash-completion/completions/kata-runtime %license LICENSE %doc README.md CONTRIBUTING.md -%{katadatadir}/kata-containers.img -%{katadatadir}/vmlinux.container -/usr/runtime-go/bin/kata-monitor -/usr/runtime-go/bin/kata-runtime -/usr/runtime-go/share/bash-completion/completions/kata-runtime -%{katadefaults}/configuration-acrn.toml -%{katadefaults}/configuration-clh.toml -%{katadefaults}/configuration-fc.toml -%{katadefaults}/configuration-qemu.toml -%{_bindir}/kata-collect-data.sh + +#agent +%dir %{kataagentdir} +%{kataagentdir}/* + +#log-parser +%{_bindir}/kata-log-parser + +#osbuilder +%dir %{kataosbuilderdir} +%dir %{katalocalstatecachedir} + +%{kataosbuilderdir}/* +%{_unitdir}/kata-osbuilder-generate.service + +# CRI-O drop-in file +%{_sysconfdir}/crio/crio.conf.d/50-kata + +# Remove some scripts we don't use +%exclude %{katadefaults}/configuration-*.toml +%exclude %{kataosbuilderdir}/rootfs-builder/alpine +%exclude %{kataosbuilderdir}/rootfs-builder/centos +%exclude %{kataosbuilderdir}/rootfs-builder/clearlinux +%exclude %{kataosbuilderdir}/rootfs-builder/debian +%exclude %{kataosbuilderdir}/rootfs-builder/template +%exclude %{kataosbuilderdir}/rootfs-builder/ubuntu + %changelog +* Tue Nov 21 2023 mgb01105731 - 3.2.0-1 +- update to version 3.2.0 + * Wed Oct 12 2022 Chao Wu - 3.0.0-2 - support the release version of Kata Containers 3.0.0 containing both rust runtime and go runtime. diff --git a/kata-osbuilder-generate.service b/kata-osbuilder-generate.service new file mode 100644 index 0000000000000000000000000000000000000000..906a8097c041b7c6c186d1d4d924d58a4b9e2010 --- /dev/null +++ b/kata-osbuilder-generate.service @@ -0,0 +1,10 @@ +[Unit] +Description=Generate Kata appliance image for host kernel + +[Service] +Type=oneshot +ExecStart=/usr/libexec/kata-containers/osbuilder/kata-osbuilder.sh -c +ExecReload=/usr/libexec/kata-containers/osbuilder/kata-osbuilder.sh + +[Install] +WantedBy=kubelet.service diff --git a/kata-osbuilder.sh b/kata-osbuilder.sh new file mode 100755 index 0000000000000000000000000000000000000000..15c784299f0e268b48e5387d4d6d6caf6e542bc8 --- /dev/null +++ b/kata-osbuilder.sh @@ -0,0 +1,281 @@ +#!/bin/bash + +set -o errexit +set -o nounset +set -o pipefail + +[ -n "${DEBUG:-}" ] && set -o xtrace + +readonly IMAGE_TOPDIR="/var/cache/kata-containers" +readonly KERNEL_SYMLINK="${IMAGE_TOPDIR}/vmlinuz.container" +readonly SCRIPTNAME="$0" + +readonly DRACUT_ROOTFS=`mktemp --directory -t kata-dracut-rootfs-XXXXXX` +readonly DRACUT_IMAGES=`mktemp --directory -t kata-dracut-images-XXXXXX` +trap exit_handler EXIT + +readonly GENERATED_IMAGE="${DRACUT_IMAGES}/kata-containers.img" +readonly GENERATED_INITRD="${DRACUT_IMAGES}/kata-containers-initrd.img" + +readonly DISTRO=`grep '^ID=' /etc/os-release | awk '{print $2}' FS='='` + + +KVERSION=`uname -r` +KERNEL_PATH="" +COMMAND="" +OSBUILDER_DIR="/usr/libexec/kata-containers/osbuilder" +GENERATE_IMAGE="" +AGENT_DIR_PREFIX="" + +# rpm %check sets this to run the script without overwriting host +# content, and not requiring root +TEST_MODE="${TEST_MODE:-}" + + +die() +{ + error "$*" + exit 1 +} + + +error() +{ + echo "ERROR: ${SCRIPTNAME}: $*" >&2 +} + + +info() +{ + echo "${SCRIPTNAME}: $*" +} + + +exit_handler() +{ + rm -rf "${DRACUT_ROOTFS}" "${DRACUT_IMAGES}" +} + + +usage() +{ + cat <> $loadfile + done +} + + +generate_rootfs() +{ + # To generate the rootfs, we build an initrd with dracut, extract + # the initrd content, and then discard the initrd. We then rebuild + # the initrd using the osbuilder native scripts. + # + # This is a bit wasteful, but it's the easiest way to work around + # obuilder script inflexibility for now, which expect that some rootfs.sh + # code is called on a fully populated distro root. + + local agent_dir="${AGENT_DIR_PREFIX}/usr/libexec/kata-containers/agent" + + if [ -n "${TEST_MODE}" ] ; then + nsdax_bin="${OSBUILDER_DIR}/nsdax" + fi + + local agent_source_bin="${agent_dir}/usr/bin/kata-agent" + local osbuilder_version="${DISTRO}-osbuilder-version-unknown" + local dracut_conf_dir="./dracut/dracut.conf.d" + local tmp_initrd=`mktemp --tmpdir=${DRACUT_IMAGES}` + unlink "$tmp_initrd" + + # Build the initrd + echo -e "+ Building dracut initrd" + dracut \ + --confdir "${dracut_conf_dir}" \ + --no-compress \ + ${tmp_initrd} ${KVERSION} + + # Extract the generated rootfs + echo "+ Extracting dracut initrd rootfs" + cat ${tmp_initrd} | \ + cpio --extract --preserve-modification-time --make-directories --directory=${DRACUT_ROOTFS} + + # Using the busybox dracut module sets /sbin/init -> busybox + # We don't want that. Reset it to systemd + ln -sf ../lib/systemd/systemd ${DRACUT_ROOTFS}/usr/sbin/init + + echo "+ Copying agent directory tree into place" + cp -ar ${agent_dir}/* ${DRACUT_ROOTFS} + + # Make kata specific adjustments to our rootfs + echo "Calling osbuilder rootfs.sh on extracted rootfs" + AGENT_SOURCE_BIN="${agent_source_bin}" RUST_AGENT="yes" \ + ./rootfs-builder/rootfs.sh \ + -o ${osbuilder_version} \ + -r ${DRACUT_ROOTFS} + + # Generate modules-load.d file + generate_modules_load_conf +} + + +move_images() +{ + # Move images into place + local image_osbuilder_dir="${IMAGE_TOPDIR}/osbuilder-images" + local image_dir="${image_osbuilder_dir}/$KVERSION" + local initrd_dest_path="${image_dir}/${DISTRO}-kata-${KVERSION}.initrd" + local image_dest_path="${image_dir}/${DISTRO}-kata-${KVERSION}.img" + local image_dest_link="${IMAGE_TOPDIR}/kata-containers.img" + + # This blows away the entire osbuilder-images/ dir, deleting any + # previously cached content + rm -rf "${image_osbuilder_dir}" + mkdir -p "${image_dir}" + + ln -sf ${KERNEL_PATH} ${KERNEL_SYMLINK} + + mv -Z ${GENERATED_INITRD} ${initrd_dest_path} + ln -sf ${initrd_dest_path} ${IMAGE_TOPDIR}/kata-containers-initrd.img + + if [ -n "${GENERATE_IMAGE}" ]; then + mv -Z ${GENERATED_IMAGE} ${image_dest_path} + ln -sf ${image_dest_path} ${image_dest_link} + else + rm -f ${image_dest_link} + fi +} + + +main() +{ + parse_args $* + + if [ -z "${TEST_MODE}" ]; then + [ "$(id -u)" -eq 0 ] || die "$0: must be run as root" + fi + + find_host_kernel_path + + cd "${OSBUILDER_DIR}" + + # Generate the rootfs using dracut + generate_rootfs + + if [ -n "${TEST_MODE}" ]; then + echo "+ Exiting TEST_MODE successfully" + return + fi + + # Build the initrd + echo "+ Calling osbuilder initrd_builder.sh" + ./initrd-builder/initrd_builder.sh -o ${GENERATED_INITRD} ${DRACUT_ROOTFS} + + if [ -n "${GENERATE_IMAGE}" ]; then + # Build the FS image + local nsdax_bin="/usr/libexec/kata-containers/osbuilder/nsdax" + echo "+ Calling osbuilder image_builder.sh" + NSDAX_BIN="${nsdax_bin}" \ + ./image-builder/image_builder.sh \ + -o ${GENERATED_IMAGE} ${DRACUT_ROOTFS} + fi + + move_images +} + + +main $*