ci: Add installation scripts #71
Conversation
.ci/install_kata_image.sh
Outdated
| go get -d ${osbuilder_repo} || true | ||
|
|
||
| pushd "${GOPATH}/src/${osbuilder_repo}/rootfs-builder" | ||
| script -fec 'sudo -E GOPATH=$GOPATH USE_DOCKER=true ./rootfs.sh clearlinux' |
There was a problem hiding this comment.
-
Can you remove the
script -feccalls they don't really add much when called from the CI. -
Could you make a variable for
clearlinuxas I think these scripts should be callable by developers.
Something like:OSBUILDER_DISTRO=${OSBUILDER_DISTRO:-clearlinux}
.ci/install_kata_image.sh
Outdated
| # Install the image | ||
| commit=$(git log --format=%h -1 HEAD) | ||
| date=$(date +%Y-%m-%d-%T.%N%z) | ||
| image="kata-containers-${date}-${commit}" |
There was a problem hiding this comment.
My naming might be overkill here :-), but if we are going to use this, assuming users might want to run this script, how about making it:
agent_commit=$("$GOPATH/src/github.com/kata-containers/agent/kata-agent" --version | awk '{print $NF}')
image="kata-containers-${date}-osbuilder-${commit}-agent-${agent_commit}"
Admittedly, that's going to give a pretty long filename, but it captures some useful information (particularly since the agent is crucial and that agent version will include "dirty" if the code has been locally-modified).
Note that we could simplify this a lot if we implemented:
.ci/install_kata_image.sh
Outdated
| date=$(date +%Y-%m-%d-%T.%N%z) | ||
| image="kata-containers-${date}-${commit}" | ||
|
|
||
| sudo install -o root -g root -m 0640 -D kata-containers.img "/usr/share/kata-containers/${image}" |
There was a problem hiding this comment.
Could you create a variable for kata-containers.img as it's used multiple times?
.ci/install_kata_kernel.sh
Outdated
| repo_name="linux" | ||
| cc_linux_releases_url="https://github.com/${repo_owner}/${repo_name}/releases" | ||
| #fake repository dir to query kernel version from remote | ||
| fake_repo_dir=$(mktemp -t -d cc-kernel.XXXX) |
There was a problem hiding this comment.
I appreciate we're using the CC kernel for now, but I'd still drop the cc- here (or change it to kata-).
.ci/install_kata_kernel.sh
Outdated
| # SPDX-License-Identifier: Apache-2.0 | ||
| # | ||
|
|
||
| repo_owner="clearcontainers" |
There was a problem hiding this comment.
This needs a comment explaining that we're using CC kernels for now as we haven't started creating kata kernels yet.
I've raised an issue on the new Kata packaging repo for this btw (kata-containers/packaging#1), so could you add a "see $url" for that issue?
|
|
||
| if [ "$VERSION_ID" == "16.04" ]; then | ||
| echo "Install os-tree" | ||
| sudo -E add-apt-repository ppa:alexlarsson/flatpak -y |
There was a problem hiding this comment.
I just checked and this is available for all arches ;)
.ci/setup_env_ubuntu.sh
Outdated
| sudo -E apt install -y libostree-dev | ||
|
|
||
| if ! command -v docker > /dev/null; then | ||
| "${cidir}/../cmd/container-manager/manage_ctr_mgr.sh" docker install |
There was a problem hiding this comment.
This tool needs to be imported into kata, but note that a fix for the following is going to be required:
There was a problem hiding this comment.
@jodh-intel , I removed the comment about this issue
There was a problem hiding this comment.
I think this is the last issue then as this won't work currently afaics?
.ci/install_kata_kernel.sh
Outdated
| local binaries_dir="${version}-binaries" | ||
| local binaries_tarball="${binaries_dir}.tar.gz" | ||
| local shasum_file="SHA512SUMS" | ||
| curl -OL "${cc_linux_releases_url}/download/${version}/${binaries_tarball}" |
There was a problem hiding this comment.
This is architecture-specific and will break if arch != x86_64.
@jcvenegas - could you raise a bug and update your tooling so that the binaries file includes x86_64 in the name please?
.ci/install_qemu_lite.sh
Outdated
| qemu_lite_version="$2" | ||
| distro="$3" | ||
| qemu_lite_bin="qemu-lite-bin-${qemu_lite_version}.x86_64.rpm" | ||
| qemu_lite_data="qemu-lite-data-${qemu_lite_version}.x86_64.rpm" |
.ci/install_qemu_lite.sh
Outdated
| echo -e "Install qemu-lite ${qemu_lite_version}" | ||
|
|
||
| # download packages | ||
| curl -LO "https://download.clearlinux.org/releases/${clear_release}/clear/x86_64/os/Packages/${qemu_lite_bin}" |
There was a problem hiding this comment.
Two more places to use $arch.
GabyCT
force-pushed
the
topic/ci
branch
2 times, most recently
from
224105b to
8e1120a
Compare
|
@jodh-intel changes applied |
GabyCT
force-pushed
the
topic/ci
branch
4 times, most recently
from
854d028 to
b8ed8ce
Compare
| } | ||
|
|
||
| function download_kernel() { | ||
| local version="$1" |
There was a problem hiding this comment.
I think we need a local arch="$2 here.
There was a problem hiding this comment.
Alternatively, make this function check arch (or maybe go env GOARCH) and download the correct architecture version.
See:
- image + kernel assets should be uploaded to github with architecture-specific names clearcontainers/packaging#264
- Download assets based on architecture clearcontainers/tests#889
/cc @jcvenegas.
There was a problem hiding this comment.
This issue is still outstanding.
.ci/install_runtime.sh
Outdated
| export V=1 | ||
|
|
||
| # tell the runtime build to use sane defaults | ||
| export CC_SYSTEM_BUILD="yes" |
There was a problem hiding this comment.
This should now be,
export SYSTEM_BUILD_TYPE=kata
.ci/install_runtime.sh
Outdated
| fi | ||
|
|
||
| echo "Enabling global logging for runtime in file ${runtime_config_path}" | ||
| sudo sed -i -e 's/^#\(\[runtime\]\|global_log_path =\)/\1/g' "${runtime_config_path}" |
There was a problem hiding this comment.
This isn't needed any more as all components now log to the system journal.
.ci/install_runtime.sh
Outdated
| sudo sed -i -e 's/^#\(enable_debug\).*=.*$/\1 = true/g' "${runtime_config_path}" | ||
|
|
||
| echo "Add runtime as a new/default Docker runtime. Docker version \"$(docker --version)\" could change according to updates." | ||
| docker_options="-D --add-runtime kata-runtime=/usr/local/bin/kata-runtime --default-runtime=kata-runtime" |
There was a problem hiding this comment.
As discussed here: #71 (comment)
We can remove the --default-runtime flag
.ci/setup_env_ubuntu.sh
Outdated
| @@ -0,0 +1,69 @@ | |||
| #!/bin/bash -e | |||
There was a problem hiding this comment.
What about https://github.com/clearcontainers/tests/blob/master/.ci/setup_env_fedora.sh ? Is the plan to add that after this PR lands maybe?
There was a problem hiding this comment.
@jodh-intel yes that is the idea :)
.ci/lib.sh
Outdated
| clone_and_build $1 $2 | ||
| pushd "${GOPATH}/src/${1}" | ||
| echo "Install repository ${1}" | ||
| if [ $1 == "github.com/kata-containers/runtime" ]; then |
There was a problem hiding this comment.
Again, I think this can become one line as this will work for all repos:
sudo -E PATH=$PATH KATA_RUNTIME=${KATA_RUNTIME} make install
.ci/lib.sh
Outdated
| popd | ||
| } | ||
|
|
||
| function get_cc_versions(){ |
There was a problem hiding this comment.
This needs a comment explaining why we are querying the Clear Containers runtime repo.
| sudo modprobe kvm_intel nested=1 | ||
| fi | ||
| else | ||
| die "Unsupported architecture: $arch" |
There was a problem hiding this comment.
Not defined? In fact, could you maybe add this function to lib.sh as it's so useful? :)
There was a problem hiding this comment.
@jodh-intel, I already did it
.ci/setup.sh
Outdated
| if [ "$ID" == ubuntu ];then | ||
| bash -f "${cidir}/setup_env_ubuntu.sh" | ||
| else | ||
| echo >&2 "ERROR: Unrecognised distribution." |
There was a problem hiding this comment.
This could be a die call if you add die to lib.sh and source it before this line.
.ci/setup_env_ubuntu.sh
Outdated
| sudo -E apt install -y libostree-dev | ||
|
|
||
| if ! command -v docker > /dev/null; then | ||
| # This will be fixed by https://github.com/clearcontainers/tests/issues/881 |
There was a problem hiding this comment.
I don't think you need this comment actually. Or if you leave it, could you explain what will be fixed by that issue?
What would be useful to note is that this sets the default Docker runtime to kata-runtime.
/cc @grahamwhaley.
There was a problem hiding this comment.
So I'll ask the question - should or do we need to have kata-runtime as the default runtime?
Most/many of our tests use the RUNTIME env varialble to determine which runtime to pass to --runtime=xxx on the docker command line - and, if they don't, they should, to make it easier for us to have multiple runtimes installed for checking etc., without having to have them as the default runtime.
I suspect if we change this right now maybe a couple of tests fail - but that's probably the only way we'll find such tests. I propose we do not make our runtime the default runtime, and ensure our test frameworks can cope with being told which runtime they should invoke during testing.
FYI, afaik all the metrics tests pick up RUNTIME from the env. (but I do suspect there might be one or two we don't run often or under automation that still need updating).
There was a problem hiding this comment.
Agreed. And in fact if we rely on RUNTIME, we could always run the entire suite of tests multiples times without having to reconfigure Docker/k8s:
for runtime in runc kata-runtime-cc kata-runtime-runv
do
# run tests...
done
Any further thoughts on this @chavafg ?
|
@jcvenegas, @grahamwhaley - could you take a look at this please? |
|
@jodh-intel changes applied |
There was a problem hiding this comment.
Thanks for updating @GabyCT. There are still a few outstanding issues to look at.
.ci/install_kata_kernel.sh
Outdated
| function cleanup { | ||
| rm -rf "${fake_repo_dir}" | ||
| } | ||
| trap cleanup EXIT |
.ci/install_kata_kernel.sh
Outdated
| function usage() { | ||
| cat << EOT | ||
| Usage: $0 <version> | ||
| Install the containers clear kernel image <version> from "${repo_owner}"/"${repo_name}". |
There was a problem hiding this comment.
Nit: You could remove some double-quotes here:
... from "${repo_owner}/${repo_name}".
.ci/install_kata_kernel.sh
Outdated
| function get_latest_version { | ||
| pushd "${fake_repo_dir}" >> /dev/null | ||
| git init -q | ||
| git remote add origin https://github.com/clearcontainers/linux.git |
There was a problem hiding this comment.
This needs to use $repo_owner and $repo_name.
| } | ||
|
|
||
| function download_kernel() { | ||
| local version="$1" |
There was a problem hiding this comment.
This issue is still outstanding.
.ci/install_runtime.sh
Outdated
| docker_https_proxy="HTTPS_PROXY=$https_proxy" | ||
| fi | ||
|
|
||
| cat << EOF | sudo tee ${config_path}/clear-containers.conf |
There was a problem hiding this comment.
s/clear-containers/kata-containers/.
But shouldn't we be using https://github.com/clearcontainers/tests/blob/master/cmd/container-manager/manage_ctr_mgr.sh here instead (in other words import that cmd on this PR too)?
.ci/setup_env_ubuntu.sh
Outdated
| @@ -0,0 +1,69 @@ | |||
| #!/bin/bash -e | |||
| sudo modprobe kvm_intel nested=1 | ||
| fi | ||
| else | ||
| die "Unsupported architecture: $arch" |
GabyCT
force-pushed
the
topic/ci
branch
2 times, most recently
from
b3bd210 to
f6a7270
Compare
|
@jodh-intel changes applied |
|
@jodh-intel I remove the last lines as they did not work (as you mentioned) thanks :) |
|
Hi @GabyCT - I think you just need to add the code for |
|
@jodh-intel the code for |
|
Hi @GabyCT - I think you just need to copy the files in https://github.com/clearcontainers/tests/tree/master/cmd/container-manager into this PR (under the same location [`cmd/container-manager/]). You could do that on a separate commit but as the CI scripts are using the tool, it could be on the single commit you already have I think. @chavafg - does that sound ok with you? |
|
@GabyCT @jodh-intel yes, sounds good, also we would need to open an issue here for the arm support, and close in cc test repo? |
|
@chavafg and @jodh-intel changes applied |
|
Hmm, pullapprove isn't seeing my ack. Let's try again... lgtm |
This will install runtime, shim, agent, proxy, qemu, and all dependencies to run kata-containers. Fixes kata-containers#70 Signed-off-by: Gabriela Cervantes <[email protected]>
.ci/setup_env_ubuntu.sh
Outdated
| @@ -0,0 +1,64 @@ | |||
| #!/bin/bash -e | |||
There was a problem hiding this comment.
While testing this PR found that the -e didn't had any effect when we call the script using:
bash -f ${cidir}/setup_env_ubuntu.sh" , when errors appeared, the setup continued without failing.
So I would recommend that we explicitly add set -e to every script.
There was a problem hiding this comment.
One thing I've considered doing to the metrics scripts is invoking all (sub)scripts with bash -$- ...., which then passes on the parent script settings to the child. That way if you set, say, -x on the top level script for debug, it will trickle through to all sub-scripts. Maybe that will work well for your -e situation ?
| "${cidir}/install_qemu_lite.sh" "${qemu_lite_clear_release}" "${qemu_lite_sha}" "$ID" | ||
|
|
||
| echo "Install kata-containers image" | ||
| "${cidir}/install_kata_image.sh" |
There was a problem hiding this comment.
When we run this script, we already need docker, and if it is not installed, this will fail. We should install docker using the manage_ctr_mgr.sh script before calling install_kata_image.sh.
| @@ -0,0 +1,321 @@ | |||
| #!/bin/bash -e | |||
There was a problem hiding this comment.
Add execution permissions to this script
GabyCT
force-pushed
the
topic/ci
branch
2 times, most recently
from
efc859c to
00b4b25
Compare
|
@chavafg changes applied |
This will install runtime, shim, agent, proxy, qemu, and all dependencies
to run kata-containers.
Fixes #70
Signed-off-by: Gabriela Cervantes [email protected]