diff --git a/.ci/install_agent.sh b/.ci/install_agent.sh new file mode 100755 index 0000000000..a08f54d454 --- /dev/null +++ b/.ci/install_agent.sh @@ -0,0 +1,12 @@ +#!/bin/bash -e +# +# Copyright (c) 2017-2018 Intel Corporation +# +# SPDX-License-Identifier: Apache-2.0 +# + +cidir=$(dirname "$0") + +source "${cidir}/lib.sh" + +clone_build_and_install "github.com/kata-containers/agent" diff --git a/.ci/install_kata_image.sh b/.ci/install_kata_image.sh new file mode 100755 index 0000000000..6e34b2b047 --- /dev/null +++ b/.ci/install_kata_image.sh @@ -0,0 +1,38 @@ +#!/bin/bash -e +# +# Copyright (c) 2017-2018 Intel Corporation +# +# SPDX-License-Identifier: Apache-2.0 +# + +cidir=$(dirname "$0") + +OSBUILDER_DISTRO=${OSBUILDER_DISTRO:-clearlinux} +image_name="kata-containers.img" + +# Build Kata agent +bash -f ${cidir}/install_agent.sh + +osbuilder_repo="github.com/kata-containers/osbuilder" + +# Clone os-builder repository +go get -d ${osbuilder_repo} || true + +pushd "${GOPATH}/src/${osbuilder_repo}/rootfs-builder" +sudo -E GOPATH=$GOPATH USE_DOCKER=true ./rootfs.sh ${OSBUILDER_DISTRO} +popd + +# Build the image +pushd "${GOPATH}/src/${osbuilder_repo}/image-builder" +sudo -E USE_DOCKER=true ./image_builder.sh ../rootfs-builder/rootfs + +# Install the image +agent_commit=$("$GOPATH/src/github.com/kata-containers/agent/kata-agent" --version | awk '{print $NF}') +commit=$(git log --format=%h -1 HEAD) +date=$(date +%Y-%m-%d-%T.%N%z) +image="kata-containers-${date}-osbuilder-${commit}-agent-${agent_commit}" + +sudo install -o root -g root -m 0640 -D ${image_name} "/usr/share/kata-containers/${image}" +(cd /usr/share/kata-containers && sudo rm -f ${image_name} && sudo ln -s "$image" ${image_name}) + +popd diff --git a/.ci/install_kata_kernel.sh b/.ci/install_kata_kernel.sh new file mode 100755 index 0000000000..de49097174 --- /dev/null +++ b/.ci/install_kata_kernel.sh @@ -0,0 +1,79 @@ +#!/bin/bash -e +# +# Copyright (c) 2017-2018 Intel Corporation +# +# SPDX-License-Identifier: Apache-2.0 +# + +# Currently we will use this repository until this issue is solved +# See https://github.com/kata-containers/packaging/issues/1 + +repo_owner="clearcontainers" +repo_name="linux" + +linux_releases_url="https://github.com/${repo_owner}/${repo_name}/releases" +#fake repository dir to query kernel version from remote +fake_repo_dir=$(mktemp -t -d kata-kernel.XXXX) + +function cleanup { + rm -rf "${fake_repo_dir}" +} +trap cleanup EXIT +function usage() { + cat << EOT +Usage: $0 +Install the containers clear kernel image from "${repo_owner}"/"${repo_name}". + +version: Use 'latest' to pull latest kernel or a version from "${cc_linux_releases_url}" +EOT + + exit 1 +} + +#Get latest version by checking remote tags +#We dont ask to github api directly because force a user to provide a GITHUB token +function get_latest_version { + pushd "${fake_repo_dir}" >> /dev/null + git init -q + git remote add origin https://github.com/clearcontainers/linux.git + + cc_release=$(git ls-remote --tags 2>/dev/null \ + | grep -oP '\-\d+\.container' \ + | grep -oP '\d+' \ + | sort -n | \ + tail -1 ) + + tag=$(git ls-remote --tags 2>/dev/null \ + | grep -oP "v\d+\.\d+\.\d+\-${cc_release}.container" \ + | tail -1) + + popd >> /dev/null + echo "${tag}" +} + +function download_kernel() { + local version="$1" + [ -n "${version}" ] || die "version not provided" + [ "${version}" == "latest" ] && version=$(get_latest_version) + echo "version to install ${version}" + local binaries_dir="${version}-binaries" + local binaries_tarball="${binaries_dir}.tar.gz" + local shasum_file="SHA512SUMS" + curl -OL "${linux_releases_url}/download/${version}/${binaries_tarball}" + curl -OL "${linux_releases_url}/download/${version}/${shasum_file}" + sha512sum -c "${shasum_file}" + tar xf "${binaries_tarball}" + pushd "${binaries_dir}" + sudo make install + popd +} + +cc_kernel_version="$1" + +[ -z "${cc_kernel_version}" ] && usage +download_kernel "${cc_kernel_version}" + +# Make symbolic link to kata-containers +# FIXME: see https://github.com/kata-containers/packaging/issues/1 +sudo ln -s /usr/share/clear-containers/vmlinux.container /usr/share/kata-containers/ +sudo ln -s /usr/share/clear-containers/vmlinuz.container /usr/share/kata-containers/ diff --git a/.ci/install_proxy.sh b/.ci/install_proxy.sh new file mode 100755 index 0000000000..ae80fcc67d --- /dev/null +++ b/.ci/install_proxy.sh @@ -0,0 +1,12 @@ +#!/bin/bash -e +# +# Copyright (c) 2017-2018 Intel Corporation +# +# SPDX-License-Identifier: Apache-2.0 +# + +cidir=$(dirname "$0") + +source "${cidir}/lib.sh" + +clone_build_and_install "github.com/kata-containers/proxy" diff --git a/.ci/install_qemu_lite.sh b/.ci/install_qemu_lite.sh new file mode 100755 index 0000000000..89a6e39fa8 --- /dev/null +++ b/.ci/install_qemu_lite.sh @@ -0,0 +1,36 @@ +#!/bin/bash -e +# +# Copyright (c) 2017-2018 Intel Corporation +# +# SPDX-License-Identifier: Apache-2.0 +# + +arch=$(arch) + +if [ "$#" -ne 3 ]; then + echo "Usage: $0 " + echo " Install the QEMU_LITE_VERSION from clear CLEAR_RELEASE." + exit 1 +fi + +clear_release="$1" +qemu_lite_version="$2" +distro="$3" +qemu_lite_bin="qemu-lite-bin-${qemu_lite_version}.${arch}.rpm" +qemu_lite_data="qemu-lite-data-${qemu_lite_version}.${arch}.rpm" + +echo -e "Install qemu-lite ${qemu_lite_version}" + +# download packages +curl -LO "https://download.clearlinux.org/releases/${clear_release}/clear/${arch}/os/Packages/${qemu_lite_bin}" +curl -LO "https://download.clearlinux.org/releases/${clear_release}/clear/${arch}/os/Packages/${qemu_lite_data}" + +# install packages +if [ "$distro" == "ubuntu" ]; then + sudo alien -i "./${qemu_lite_bin}" + sudo alien -i "./${qemu_lite_data}" +fi + +# cleanup +rm -f "./${qemu_lite_bin}" +rm -f "./${qemu_lite_data}" diff --git a/.ci/install_runtime.sh b/.ci/install_runtime.sh new file mode 100755 index 0000000000..e1f2a980c4 --- /dev/null +++ b/.ci/install_runtime.sh @@ -0,0 +1,72 @@ +#!/bin/bash -e +# +# Copyright (c) 2017-2018 Intel Corporation +# +# SPDX-License-Identifier: Apache-2.0 +# + +cidir=$(dirname "$0") + +source "${cidir}/lib.sh" + +# Modify the runtimes build-time defaults + +# enable verbose build +export V=1 + +# tell the runtime build to use sane defaults +export CC_SYSTEM_BUILD="yes" + +# The runtimes config file should live here +export SYSCONFDIR=/etc + +# Artifacts (kernel + image) live below here +export SHAREDIR=/usr/share + +runtime_config_path="${SYSCONFDIR}/kata-containers/configuration.toml" + +PKGDEFAULTSDIR="${SHAREDIR}/defaults/kata-containers" +NEW_RUNTIME_CONFIG="${PKGDEFAULTSDIR}/configuration.toml" +# Note: This will also install the config file. +clone_build_and_install "github.com/kata-containers/runtime" + +# Check system supports running Kata Containers +kata-runtime kata-check + +if [ -e "${NEW_RUNTIME_CONFIG}" ]; then + # Remove the legacy config file + sudo rm -f "${runtime_config_path}" + + # Use the new path + runtime_config_path="${NEW_RUNTIME_CONFIG}" +fi + +echo "Enabling global logging for runtime in file ${runtime_config_path}" +sudo sed -i -e 's/^#\(\[runtime\]\|global_log_path =\)/\1/g' "${runtime_config_path}" + +echo "Enabling all debug options in file ${runtime_config_path}" +sudo sed -i -e 's/^#\(enable_debug\).*=.*$/\1 = true/g' "${runtime_config_path}" + +echo "Add runtime as a new/default Docker runtime. Docker version \"$(docker --version)\" could change according to updates." +docker_options="-D --add-runtime kata-runtime=/usr/local/bin/kata-runtime --default-runtime=kata-runtime" + +config_path="/etc/systemd/system/docker.service.d/" +sudo mkdir -p ${config_path} + +# Check if the system has set http[s] proxy +if [ ! -z "$http_proxy" ] && [ ! -z "$https_proxy" ] ;then + docker_http_proxy="HTTP_PROXY=$http_proxy" + docker_https_proxy="HTTPS_PROXY=$https_proxy" +fi + +cat << EOF | sudo tee ${config_path}/clear-containers.conf +[Service] +Environment="$docker_http_proxy" +Environment="$docker_https_proxy" +ExecStart= +ExecStart=/usr/bin/dockerd ${docker_options} +EOF + +echo "Restart docker service" +sudo systemctl daemon-reload +sudo systemctl restart docker diff --git a/.ci/install_shim.sh b/.ci/install_shim.sh new file mode 100755 index 0000000000..808adfe6bb --- /dev/null +++ b/.ci/install_shim.sh @@ -0,0 +1,12 @@ +#!/bin/bash -e +# +# Copyright (c) 2017-2018 Intel Corporation +# +# SPDX-License-Identifier: Apache-2.0 +# + +cidir=$(dirname "$0") + +source "${cidir}/lib.sh" + +clone_build_and_install "github.com/kata-containers/shim" diff --git a/.ci/lib.sh b/.ci/lib.sh new file mode 100755 index 0000000000..3dfebdc64a --- /dev/null +++ b/.ci/lib.sh @@ -0,0 +1,58 @@ +#!/bin/bash -e +# +# Copyright (c) 2017-2018 Intel Corporation +# +# SPDX-License-Identifier: Apache-2.0 +# + +_runtime_repo="github.com/kata-containers/runtime" +_versions_file="$GOPATH/src/github.com/clearcontainers/runtime/versions.txt" +KATA_RUNTIME=${KATA_RUNTIME:-cc} + +function clone_and_build() { + github_project="$1" + make_target="$2" + project_dir="${GOPATH}/src/${github_project}" + + echo "Retrieve repository ${github_project}" + go get -d ${github_project} || true + + # fixme: once tool to parse and get branches from github is + # completed, add it here to fetch branches under testing + + pushd ${project_dir} + + echo "Build ${github_project}" + if [ ! -f Makefile ]; then + echo "Run autogen.sh to generate Makefile" + bash -f autogen.sh + fi + + if [ $1 == "github.com/kata-containers/runtime" ]; then + make KATA_RUNTIME=${KATA_RUNTIME} + else + make + fi + + popd +} + +function clone_build_and_install() { + clone_and_build $1 $2 + pushd "${GOPATH}/src/${1}" + echo "Install repository ${1}" + if [ $1 == "github.com/kata-containers/runtime" ]; then + sudo -E PATH=$PATH make KATA_RUNTIME=${KATA_RUNTIME} install + else + sudo -E PATH=$PATH make install + fi + + popd +} + +function get_cc_versions(){ + cc_runtime_repo="github.com/clearcontainers/runtime" + go get -d -u -v "$cc_runtime_repo" || true + [ ! -f "$_versions_file" ] && { echo >&2 "ERROR: cannot find $_versions_file"; exit 1; } + source "$_versions_file" +} diff --git a/.ci/setup.sh b/.ci/setup.sh new file mode 100755 index 0000000000..b6d470c29f --- /dev/null +++ b/.ci/setup.sh @@ -0,0 +1,30 @@ +#!/bin/bash -e +# +# Copyright (c) 2017-2018 Intel Corporation +# +# SPDX-License-Identifier: Apache-2.0 +# + +cidir=$(dirname "$0") +source /etc/os-release + +echo "Set up environment" +if [ "$ID" == ubuntu ];then + bash -f "${cidir}/setup_env_ubuntu.sh" +else + echo >&2 "ERROR: Unrecognised distribution." + exit 1 +fi + +echo "Install shim" +bash -f ${cidir}/install_shim.sh + +echo "Install proxy" +bash -f ${cidir}/install_proxy.sh + +echo "Install runtime" +bash -f ${cidir}/install_runtime.sh + +echo "Drop caches" +sync +sudo -E PATH=$PATH bash -c "echo 3 > /proc/sys/vm/drop_caches" diff --git a/.ci/setup_env_ubuntu.sh b/.ci/setup_env_ubuntu.sh new file mode 100755 index 0000000000..84107d2816 --- /dev/null +++ b/.ci/setup_env_ubuntu.sh @@ -0,0 +1,69 @@ +#!/bin/bash -e +# +# Copyright (c) 2017-2018 Intel Corporation +# +# SPDX-License-Identifier: Apache-2.0 +# + +cidir=$(dirname "$0") +source "/etc/os-release" +source "${cidir}/lib.sh" +get_cc_versions + +arch=$(arch) + +if [ "$arch" = x86_64 ]; then + if grep -q "N" /sys/module/kvm_intel/parameters/nested; then + echo "enable Nested Virtualization" + sudo modprobe -r kvm_intel + sudo modprobe kvm_intel nested=1 + fi +else + die "Unsupported architecture: $arch" +fi + +echo "Update apt repositories" +sudo -E apt update + +echo "Install chronic" +sudo -E apt install -y moreutils + +echo "Install kata containers dependencies" +chronic sudo -E apt install -y libtool automake autotools-dev autoconf bc alien libpixman-1-dev coreutils + +echo "Install qemu-lite binary" +"${cidir}/install_qemu_lite.sh" "${qemu_lite_clear_release}" "${qemu_lite_sha}" "$ID" + +echo "Install kata-containers image" +"${cidir}/install_kata_image.sh" + +echo "Install CRI-O dependencies for all Ubuntu versions" +chronic sudo -E apt install -y libglib2.0-dev libseccomp-dev libapparmor-dev libgpgme11-dev + +echo "Install bison binary" +chronic sudo -E apt install -y bison + +echo "Install libudev-dev" +chronic sudo -E apt-get install -y libudev-dev + +echo "Install Build Tools" +sudo -E apt install -y build-essential python pkg-config zlib1g-dev + +echo "Install Kata Containers Kernel" +"${cidir}/install_kata_kernel.sh" "latest" + +echo -e "Install CRI-O dependencies available for Ubuntu $VERSION_ID" +sudo -E apt install -y libdevmapper-dev btrfs-tools util-linux + +if [ "$VERSION_ID" == "16.04" ]; then + echo "Install os-tree" + sudo -E add-apt-repository ppa:alexlarsson/flatpak -y + sudo -E apt update +fi + +sudo -E apt install -y libostree-dev + +if ! command -v docker > /dev/null; then + # This will be fixed by https://github.com/clearcontainers/tests/issues/881 + "${cidir}/../cmd/container-manager/manage_ctr_mgr.sh" docker install +fi