Add support for suse rootfs

Fixes: kata-containers#33

Signed-off-by: Marco Vedovati <mvedovati@suse.com>

rootfs-builder/rootfs.sh

@@ -52,7 +52,7 @@ $(get_distros)
 Refer the Platform-OS Compatibility Matrix: https://github.com/kata-containers/osbuilder#platform-distro-compatibility-matrix
 
 Options:
--a  : agent version DEFAULT: ${AGENT_VERSION} ENV: AGENT_VERSION 
+-a  : agent version DEFAULT: ${AGENT_VERSION} ENV: AGENT_VERSION
 -h  : Show this help message
 -o  : specify version of osbuilder
 -r  : rootfs directory DEFAULT: ${ROOTFS_DIR} ENV: ROOTFS_DIR
@@ -84,17 +84,29 @@ check_function_exist()
 	[ "$(type -t ${function_name})" == "function" ] || die "${function_name} function was not defined"
 }
 
-distro_needs_admin_caps()
+docker_extra_args()
 {
-		if [ "$1" = "ubuntu" ]
-		then
-			echo "true"
-		elif [ "$1" = "debian" ]
-		then 
-			echo "true"
-		else
-			echo "false"
-		fi
+	local args=""
+
+	case "$1" in
+	 ubuntu | debian)
+		# Requred to chroot
+		args+=" --cap-add SYS_CHROOT"
+		# debootstrap needs to create device nodes to properly function
+		args+=" --cap-add MKNOD"
+		;&
+	suse)
+		# Required to mount inside a container
+		args+=" --cap-add SYS_ADMIN"
+		# When AppArmor is enabled, mounting inside a container is blocked with docker-default profile.
+		# See https://github.com/moby/moby/issues/16429
+		args+=" --security-opt apparmor:unconfined"
+		;;
+	*)
+		;;
+	esac
+
+	echo "$args"
 }
 
 generate_dockerfile()
@@ -239,17 +251,7 @@ if [ -n "${USE_DOCKER}" ] ; then
 	docker_run_args+=" --rm"
 	docker_run_args+=" --runtime runc"
 
-	admin_caps=$(distro_needs_admin_caps "$distro")
-	if [ "$admin_caps" = "true" ]; then
-		# Required by debootstrap to mount inside a container
-		docker_run_args+=" --cap-add SYS_ADMIN"
-		# Requred to chroot
-		docker_run_args+=" --cap-add SYS_CHROOT"
-		# debootstrap needs to create device nodes to properly function
-		docker_run_args+=" --cap-add MKNOD"
-		# See https://github.com/moby/moby/issues/16429
-		docker_run_args+=" --security-opt apparmor:unconfined"
-	fi
+	docker_run_args+=" $(docker_extra_args $distro)"
 
 	#Make sure we use a compatible runtime to build rootfs
 	# In case Clear Containers Runtime is installed we dont want to hit issue:

rootfs-builder/suse/Dockerfile.in

@@ -0,0 +1,20 @@
+#
+# Copyright (c) 2018 Intel Corporation
+#
+# SPDX-License-Identifier: Apache-2.0
+
+#suse: docker image to be used to create a rootfs
+#@OS_VERSION@: Docker image version to build this dockerfile
+from opensuse/leap
+
+# This dockerfile needs to provide all the componets need to build a rootfs
+# Install any package need to create a rootfs (package manager, extra tools)
+
+# RUN commands
+RUN zypper --non-interactive in curl git gcc make python3-kiwi tar 
+
+
+# This will install the proper golang to build Kata components
+@INSTALL_GO@
+
+

rootfs-builder/suse/config.sh

@@ -0,0 +1,8 @@
+# This is a configuration file add extra variables to
+# be used by build_rootfs() from rootfs_lib.sh the variables will be
+# loaded just before call the function. For more information see the
+# rootfs-builder/README.md file.
+
+OS_VERSION=${OS_VERSION:-DEFAULT_VERSION}
+
+PACKAGES="systemd iptables udevlib.so"

rootfs-builder/suse/config.xml

@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="utf-8"?>
+<image schemaversion="6.8" name="openSUSE-Leap-Kata" displayname="openSUSE Leap Kata">
+    <description type="system">
+        <author>openSUSE Project</author>
+        <contact>opensuse-factory@opensuse.org</contact>
+        <specification>openSUSE Leap Kata</specification>
+    </description>
+    <preferences>
+        <version>1.0.0</version>
+        <packagemanager>zypper</packagemanager>
+        <locale>en_US</locale>
+        <keytable>us</keytable>
+        <rpm-excludedocs>true</rpm-excludedocs>
+        <type image="vmx" filesystem="ext4" bootloader="grub2" />
+    </preferences>
+    <repository type="rpm-md" alias="Leap_15_0">
+        <source path="obs://openSUSE:Leap:15.0/standard"/>
+    </repository>
+    <packages type="image">
+        <package name="systemd"/>
+        <package name="iptables"/>
+    </packages>
+    <packages type="bootstrap">
+        <package name="filesystem"/>
+        <package name="ca-certificates"/>
+        <package name="openSUSE-release"/>
+    </packages>
+</image>

rootfs-builder/suse/rootfs_lib.sh

@@ -0,0 +1,56 @@
+# - Arguments
+# rootfs_dir=$1
+#
+# - Optional environment variables
+#
+# EXTRA_PKGS: Variable to add extra PKGS provided by the user
+#
+# BIN_AGENT: Name of the Kata-Agent binary
+#
+# REPO_URL: URL to distribution repository ( should be configured in
+#           config.sh file)
+#
+# Any other configuration variable for a specific distro must be added
+# and documented on its own config.sh
+#
+# - Expected result
+#
+# rootfs_dir populated with rootfs pkgs
+# It must provide a binary in /sbin/init
+#
+# Note: For some distros, the build_rootfs() function provided in scripts/lib.sh
+#       will suffice. If a new distro is introduced with a special requirement,
+#       then, a rootfs_builder/<distro>/rootfs_lib.sh file should be created
+#       using this template.
+
+build_rootfs() {
+	# Mandatory
+	local ROOTFS_DIR=$1
+
+	#Name of the Kata-Agent binary
+	local BIN_AGENT=${BIN_AGENT}
+
+	# In case of support EXTRA packages, use it to allow
+	# users add more packages to the base rootfs
+	local EXTRA_PKGS=${EXTRA_PKGS:-}
+
+	#In case rootfs is created usign repositories allow user to modify
+	# the default URL
+	local REPO_URL=${REPO_URL:-YOUR_REPO}
+
+	#PATH where files this script is placed
+	#Use it to refer to files in the same directory
+	#Exmaple: ${CONFIG_DIR}/foo
+	local CONFIG_DIR=${CONFIG_DIR}
+
+	# Populate ROOTFS_DIR
+	# Must provide /sbin/init and /bin/${BIN_AGENT}
+	if [ -e "$ROOTFS_DIR" ] && ! [ -z "$(ls -A $ROOTFS_DIR)" ]; then
+		echo "ERROR: $ROOTFS_DIR is not empty"
+		exit 1
+	fi
+
+	kiwi --type vmx system prepare --description $CONFIG_DIR --allow-existing-root --root $ROOTFS_DIR
+	install -d $ROOTFS_DIR/lib/systemd
+	ln -s $ROOTFS_DIR/bin/systemd $ROOTFS_DIR/lib/systemd/systemd
+}

tests/test_images.sh

@@ -366,7 +366,6 @@ test_distro_ubuntu()
        run_test "${name}" "" "ubuntu" "service" "no"
 }
 
-
 test_distro_fedora()
 {
 	local -r name="Can create and run fedora image"
@@ -401,6 +400,12 @@ test_distro_alpine()
 	run_test "${name}" "" "alpine" "no" "init"
 }
 
+test_distro_ubuntu()
+{
+       local -r name="Can create and run suse image"
+       run_test "${name}" "" "suse" "service" "no"
+}
+
 # Displays a list of all distro test functions
 get_distro_test_names()
 {