diff --git a/README.md b/README.md
index 75c72b6c..eeecc24e 100644
--- a/README.md
+++ b/README.md
@@ -120,8 +120,8 @@ For further details, see [the tests documentation](tests/README.md).
## Platform-Distro Compatibility Matrix
-| | Alpine | CentOS | ClearLinux | EulerOS | Fedora |
- |--|--|--|--|--|--|
- | **ARM64** | :heavy_check_mark: | :heavy_check_mark: | | :heavy_check_mark: | :heavy_check_mark: |
- | **PPC64le** | :heavy_check_mark: | :heavy_check_mark: | | | :heavy_check_mark: |
- | **x86_64** | :heavy_check_mark: |:heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
+| |Alpine |CentOS |ClearLinux |Debian/Ubuntu |EulerOS |Fedora |openSUSE |
+|-- |-- |-- |-- |-- |-- |-- |-- |
+|**ARM64** |:heavy_check_mark:|:heavy_check_mark:| | |:heavy_check_mark:|:heavy_check_mark:| |
+|**PPC64le**|:heavy_check_mark:|:heavy_check_mark:| |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|
+|**x86_64** |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|
diff --git a/rootfs-builder/rootfs.sh b/rootfs-builder/rootfs.sh
index 05e22a96..228cfe1c 100755
--- a/rootfs-builder/rootfs.sh
+++ b/rootfs-builder/rootfs.sh
@@ -84,17 +84,29 @@ check_function_exist()
[ "$(type -t ${function_name})" == "function" ] || die "${function_name} function was not defined"
}
-distro_needs_admin_caps()
+docker_extra_args()
{
- if [ "$1" = "ubuntu" ]
- then
- echo "true"
- elif [ "$1" = "debian" ]
- then
- echo "true"
- else
- echo "false"
- fi
+ local args=""
+
+ case "$1" in
+ ubuntu | debian)
+ # Requred to chroot
+ args+=" --cap-add SYS_CHROOT"
+ # debootstrap needs to create device nodes to properly function
+ args+=" --cap-add MKNOD"
+ ;&
+ suse)
+ # Required to mount inside a container
+ args+=" --cap-add SYS_ADMIN"
+ # When AppArmor is enabled, mounting inside a container is blocked with docker-default profile.
+ # See https://github.com/moby/moby/issues/16429
+ args+=" --security-opt apparmor:unconfined"
+ ;;
+ *)
+ ;;
+ esac
+
+ echo "$args"
}
generate_dockerfile()
@@ -239,17 +251,7 @@ if [ -n "${USE_DOCKER}" ] ; then
docker_run_args+=" --rm"
docker_run_args+=" --runtime runc"
- admin_caps=$(distro_needs_admin_caps "$distro")
- if [ "$admin_caps" = "true" ]; then
- # Required by debootstrap to mount inside a container
- docker_run_args+=" --cap-add SYS_ADMIN"
- # Requred to chroot
- docker_run_args+=" --cap-add SYS_CHROOT"
- # debootstrap needs to create device nodes to properly function
- docker_run_args+=" --cap-add MKNOD"
- # See https://github.com/moby/moby/issues/16429
- docker_run_args+=" --security-opt apparmor:unconfined"
- fi
+ docker_run_args+=" $(docker_extra_args $distro)"
#Make sure we use a compatible runtime to build rootfs
# In case Clear Containers Runtime is installed we dont want to hit issue:
diff --git a/rootfs-builder/suse/Dockerfile.in b/rootfs-builder/suse/Dockerfile.in
new file mode 100644
index 00000000..7aaed2a8
--- /dev/null
+++ b/rootfs-builder/suse/Dockerfile.in
@@ -0,0 +1,18 @@
+#
+# Copyright (c) 2018 SUSE LLC
+#
+# SPDX-License-Identifier: Apache-2.0
+
+#suse: docker image to be used to create a rootfs
+#@OS_VERSION@: Docker image version to build this dockerfile
+from opensuse/leap
+
+# This dockerfile needs to provide all the componets need to build a rootfs
+# Install any package need to create a rootfs (package manager, extra tools)
+
+COPY install-packages.sh config.sh /
+# RUN commands
+RUN chmod +x /install-packages.sh; /install-packages.sh
+
+# This will install the proper golang to build Kata components
+@INSTALL_GO@
diff --git a/rootfs-builder/suse/config.sh b/rootfs-builder/suse/config.sh
new file mode 100644
index 00000000..594fc4d4
--- /dev/null
+++ b/rootfs-builder/suse/config.sh
@@ -0,0 +1,47 @@
+#
+# Copyright (c) 2018 SUSE LLC
+#
+# SPDX-License-Identifier: Apache-2.0
+
+# May also be "Tumbleweed"
+OS_DISTRO="Leap"
+
+# Leave this empty for distro "Tumbleweed"
+OS_VERSION=${OS_VERSION:-15.0}
+
+OS_IDENTIFIER="$OS_DISTRO${OS_VERSION:+:$OS_VERSION}"
+
+# Extra packages to install in the rootfs
+PACKAGES="systemd iptables libudev1"
+
+# http or https
+REPO_TRANSPORT="https"
+
+# Can specify an alternative domain
+REPO_DOMAIN="download.opensuse.org"
+
+# NOTE: you probably dont need to edit things below this
+#
+###############################################################################
+
+SUSE_URL_BASE="${REPO_TRANSPORT}://${REPO_DOMAIN}"
+SUSE_PATH_OSS="/distribution/${OS_DISTRO,,}/$OS_VERSION/repo/oss"
+SUSE_PATH_UPDATE="/update/${OS_DISTRO,,}/$OS_VERSION/oss"
+
+case "$(uname -m)" in
+ x86_64)
+ REPO_URL_PORT=""
+ ;;
+ ppc|ppc64le)
+ REPO_URL_PORT="/ports/ppc"
+ ;;
+ *)
+ REPO_URL_PORT="/ports/$arch"
+ ;;
+esac
+SUSE_FULLURL_OSS="${SUSE_URL_BASE}${REPO_URL_PORT}${SUSE_PATH_OSS}"
+SUSE_FULLURL_UPDATE="${SUSE_URL_BASE}${SUSE_PATH_UPDATE}"
+
+if [ -z "${REPO_URL:-}" ]; then
+ REPO_URL="$SUSE_FULLURL_OSS"
+fi
diff --git a/rootfs-builder/suse/config.xml b/rootfs-builder/suse/config.xml
new file mode 100644
index 00000000..a9214752
--- /dev/null
+++ b/rootfs-builder/suse/config.xml
@@ -0,0 +1,40 @@
+
+
+
+
+ SUSE
+ mvedovati@suse.com
+ openSUSE rootfs for Kata Containers guest vm
+
+
+ 1.0.0
+ zypper
+ en_US
+ us
+ true
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/rootfs-builder/suse/install-packages.sh b/rootfs-builder/suse/install-packages.sh
new file mode 100644
index 00000000..8bfa9c05
--- /dev/null
+++ b/rootfs-builder/suse/install-packages.sh
@@ -0,0 +1,29 @@
+#!/usr/bin/env bash
+#
+# Copyright (c) 2018 SUSE LLC
+#
+# SPDX-License-Identifier: Apache-2.0
+
+set -euo pipefail
+
+source config.sh
+
+removeRepos=(repo-non-oss repo-update-non-oss repo-oss repo-update)
+
+for r in ${removeRepos[@]}; do
+ zypper --non-interactive removerepo $r
+done
+
+zypper --non-interactive addrepo ${SUSE_FULLURL_OSS} osbuilder-oss
+zypper --non-interactive addrepo ${SUSE_FULLURL_UPDATE} osbuilder-update
+
+
+# Workaround for zypper slowdowns observed when running inside
+# a container: see https://github.com/openSUSE/zypper/pull/209
+# The fix is upstream but it will take a while before landing
+# in Leap
+ulimit -n 1024
+zypper --non-interactive refresh
+zypper --non-interactive install --no-recommends --force-resolution curl git gcc make python3-kiwi tar
+zypper --non-interactive clean --all
+
diff --git a/rootfs-builder/suse/rootfs_lib.sh b/rootfs-builder/suse/rootfs_lib.sh
new file mode 100644
index 00000000..216f90a2
--- /dev/null
+++ b/rootfs-builder/suse/rootfs_lib.sh
@@ -0,0 +1,76 @@
+#
+# Copyright (c) 2018 SUSE LLC
+#
+# SPDX-License-Identifier: Apache-2.0
+
+# - Arguments
+# rootfs_dir=$1
+#
+# - Optional environment variables
+#
+# EXTRA_PKGS: Variable to add extra PKGS provided by the user
+#
+# BIN_AGENT: Name of the Kata-Agent binary
+#
+# REPO_URL: URL to distribution repository ( should be configured in
+# config.sh file)
+#
+# Any other configuration variable for a specific distro must be added
+# and documented on its own config.sh
+#
+# - Expected result
+#
+# rootfs_dir populated with rootfs pkgs
+# It must provide a binary in /sbin/init
+#
+# Note: For some distros, the build_rootfs() function provided in scripts/lib.sh
+# will suffice. If a new distro is introduced with a special requirement,
+# then, a rootfs_builder//rootfs_lib.sh file should be created
+# using this template.
+
+build_rootfs() {
+ # Mandatory
+ local ROOTFS_DIR=$1
+
+ #Name of the Kata-Agent binary
+ local BIN_AGENT=${BIN_AGENT}
+
+ # In case of support EXTRA packages, use it to allow
+ # users add more packages to the base rootfs
+ local EXTRA_PKGS=${EXTRA_PKGS:-}
+
+ #PATH where files this script is placed
+ #Use it to refer to files in the same directory
+ #Exmaple: ${CONFIG_DIR}/foo
+ local CONFIG_DIR=${CONFIG_DIR}
+
+ # Populate ROOTFS_DIR
+ # Must provide /sbin/init and /bin/${BIN_AGENT}
+ if [ -e "$ROOTFS_DIR" ] && ! [ -z "$(ls -A $ROOTFS_DIR)" ]; then
+ echo "ERROR: $ROOTFS_DIR is not empty"
+ exit 1
+ fi
+
+ local addPackages=""
+ for p in $PACKAGES $EXTRA_PKGS; do
+ addPackages+=" --add-package=$p"
+ done
+
+ # set-repo format:
+ # man kiwi::system::build for details
+ local setRepo=" --set-repo $REPO_URL,rpm-md,$OS_IDENTIFIER,99,false,false"
+
+ # Workaround for zypper slowdowns observed when running inside
+ # a container: see https://github.com/openSUSE/zypper/pull/209
+ # The fix is upstream but it will take a while before landing
+ # in Leap
+ ulimit -n 1024
+ kiwi system prepare \
+ --description $CONFIG_DIR \
+ --allow-existing-root \
+ --root $ROOTFS_DIR \
+ $addPackages \
+ $setRepo
+ install -d $ROOTFS_DIR/lib/systemd
+ ln -s /usr/lib/systemd/systemd $ROOTFS_DIR/lib/systemd/systemd
+}
diff --git a/tests/test_config.sh b/tests/test_config.sh
index ffa9b1ac..1697714d 100644
--- a/tests/test_config.sh
+++ b/tests/test_config.sh
@@ -3,7 +3,7 @@
#
# SPDX-License-Identifier: Apache-2.0
-distrosSystemd=(fedora centos ubuntu debian)
+distrosSystemd=(fedora centos ubuntu debian suse)
distrosAgent=(alpine)
if [ $MACHINE_TYPE != "ppc64le" ]; then