Skip to content
This repository has been archived by the owner on May 12, 2021. It is now read-only.

Feature Request: Support static builds #342

Closed
t3hmrman opened this issue May 27, 2018 · 7 comments
Closed

Feature Request: Support static builds #342

t3hmrman opened this issue May 27, 2018 · 7 comments
Labels
enhancement Improvement to an existing feature stale Issue or PR was not updated in a timely fashion

Comments

@t3hmrman
Copy link

Running on Container Linux, I recently built kata-runtime in an Alpine linux container so I could use it as a static binary, all it required was changing the go build command to the following:

go build --ldflags '-linkmode external -extldflags "-static"' -i -o $@

Could building statically be supported natively in the Makefile? Maybe a variable like GO_BUILD_OPTS could be introduce additional options, and then another variable or different target entirely for doing static builds?

After moving the generated binary to the Container Linux machine, it seems to be working OK:

core@localhost ~ $ ./kata-runtime kata-check
INFO[0000] CPU property found                            description="Intel Architecture CPU" name=GenuineIntel pid=2437 source=runtime type=attribute                                                                                                                           
INFO[0000] CPU property found                            description=SSE4.1 name=sse4_1 pid=2437 source=runtime type=flag
INFO[0000] CPU property found                            description="Virtualization support" name=vmx pid=2437 source=runtime type=flag
INFO[0000] CPU property found                            description="64Bit CPU" name=lm pid=2437 source=runtime type=flag
INFO[0000] kernel property found                         description="Kernel-based Virtual Machine" name=kvm pid=2437 source=runtime type=module                                                                                                                                 
INFO[0000] kernel property found                         description="Intel KVM" name=kvm_intel pid=2437 source=runtime type=module
WARN[0000] kernel module parameter has unexpected value  description="Intel KVM" expected=Y name=kvm_intel parameter=nested pid=2437 source=runtime type=module value=N                                                                                                          
INFO[0000] Kernel property value correct                 description="Intel KVM" expected=Y name=kvm_intel parameter=unrestricted_guest pid=2437 source=runtime type=module value=Y                                                                                              
INFO[0000] kernel property found                         description="Host kernel accelerator for virtio" name=vhost pid=2437 source=runtime type=module                                                                                                                         
INFO[0000] kernel property found                         description="Host kernel accelerator for virtio network" name=vhost_net pid=2437 source=runtime type=module                                                                                                             
INFO[0000] System is capable of running Kata Containers  name=kata-runtime pid=2437 source=runtime

I haven't gotten to make a OCI bundle or run it behind containerd/frakti yet but will update when I do.
@egernst
Copy link
Member

egernst commented Jun 19, 2018

/cc @jcvenegas @jodh-intel

@caoruidong
Copy link
Member

go build --ldflags '-linkmode external -extldflags "-static"' -i -o $@

This command doesn't work for me.

 # github.com/kata-containers/runtime/cli
/tmp/go-link-199539456/000001.o: In function `_cgo_b0c710f30cfd_C2func_getaddrinfo':
/tmp/go-build/net/_obj/cgo-gcc-prolog:46: warning: Using 'getaddrinfo' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
/usr/lib/gcc/x86_64-redhat-linux/4.8.5/../../../../lib64/libpthread.a(libpthread.o): In function `sem_open':
(.text+0x6a23): warning: the use of `mktemp' is dangerous, better use `mkstemp'

@t3hmrman
Copy link
Author

t3hmrman commented Aug 30, 2018
edited
Loading

@caoruidong Are you attempting the build in a distribution that supports musl libc? When I did this I'm pretty sure I was working in an alpine container.

From the warning text it looks like you're linking to glibc. Also, the warning text you posted is warnings, where was the actual error? is that the whole output?

@caoruidong
Copy link
Member

@t3hmrman Oh, my fault. It is a warning and binary is still compiled out.

@t3hmrman
Copy link
Author

t3hmrman commented Aug 30, 2018
edited
Loading

No problem! Just to note I did get this working behind containerd's untrusted runtime system, but it didn't ultimately end up working, plan on making a blog post about it, but that should be separate from the meat of this ticket (making it easier/supported to do the static build at all), otherwise I'd just delete this ticket.

@devimc devimc mentioned this issue Apr 1, 2019
Closed
@jcvenegas
Copy link
Member

+1 to add this to our Makefile

@t3hmrman
Copy link
Author

t3hmrman commented Apr 2, 2019
edited
Loading

Oh I do want to note that since I went through this the normal install (via a set of kubernetes resources) works for me now, so I didn't have to statically compile the runtime myself and put it on the machine. I also switched to Container Linux and don't use Container Linux anymore.

I did write that blog post though, along with a repo for the static builds.

zklei pushed a commit to zklei/runtime that referenced this issue Jun 13, 2019
@chavafg
travis: Add variable needed to run static checks
157f1c1 
Now that we support multiple branches, we changed how
static-checks.sh compares branches. We now need a
variable called $target_branch to make the correct
comparison when testing a PR.

Fixes: kata-containers#342.

Signed-off-by: Salvador Fuentes <salvador.fuentes@intel.com>
@chavafg chavafg added stale Issue or PR was not updated in a timely fashion enhancement Improvement to an existing feature labels Jul 17, 2019
lifupan added a commit to lifupan/kata-runtime that referenced this issue Aug 5, 2020
@lifupan
agent: sandbox shared pid namespace support
c6e4d09 
Add support shareProcessNamespace.
BTW, this commit only support shared pid namespace by
sharing the infrastructure pause container's pid namespace
with other containers, instead of creating a new pid
namespace different from pause container.

Fixes: kata-containers#342

Signed-off-by: fupan.lfp <fupan.lfp@antfin.com>
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
enhancement Improvement to an existing feature stale Issue or PR was not updated in a timely fashion
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@t3hmrman @caoruidong @chavafg @egernst @jodh-intel @jcvenegas