From f7bd7f4ffba30e2abed741791599feb512d06c18 Mon Sep 17 00:00:00 2001 From: Marco Vedovati Date: Wed, 5 Sep 2018 18:25:37 +0200 Subject: [PATCH] osbuilder: Add support for suse rootfs Fixes: #33 Signed-off-by: Marco Vedovati --- README.md | 10 +-- rootfs-builder/rootfs.sh | 46 +++++++------ rootfs-builder/suse/Dockerfile.in | 18 +++++ rootfs-builder/suse/config.sh | 18 +++++ rootfs-builder/suse/config.xml | 35 ++++++++++ rootfs-builder/suse/install-packages.sh | 23 +++++++ rootfs-builder/suse/rootfs_lib.sh | 91 +++++++++++++++++++++++++ tests/test_images.sh | 8 ++- 8 files changed, 221 insertions(+), 28 deletions(-) create mode 100644 rootfs-builder/suse/Dockerfile.in create mode 100644 rootfs-builder/suse/config.sh create mode 100644 rootfs-builder/suse/config.xml create mode 100644 rootfs-builder/suse/install-packages.sh create mode 100644 rootfs-builder/suse/rootfs_lib.sh diff --git a/README.md b/README.md index 75c72b6c..9fd97f74 100644 --- a/README.md +++ b/README.md @@ -120,8 +120,8 @@ For further details, see [the tests documentation](tests/README.md). ## Platform-Distro Compatibility Matrix -| | Alpine | CentOS | ClearLinux | EulerOS | Fedora | - |--|--|--|--|--|--| - | **ARM64** | :heavy_check_mark: | :heavy_check_mark: | | :heavy_check_mark: | :heavy_check_mark: | - | **PPC64le** | :heavy_check_mark: | :heavy_check_mark: | | | :heavy_check_mark: | - | **x86_64** | :heavy_check_mark: |:heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | +| | Alpine | CentOS | ClearLinux | EulerOS | Fedora | openSUSE | Ubuntu | + |--|--|--|--|--|--|--|--| + | **ARM64** | :heavy_check_mark: | :heavy_check_mark: | | :heavy_check_mark: | :heavy_check_mark: | | | + | **PPC64le** | :heavy_check_mark: | :heavy_check_mark: | | | :heavy_check_mark: | | | + | **x86_64** | :heavy_check_mark: |:heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | diff --git a/rootfs-builder/rootfs.sh b/rootfs-builder/rootfs.sh index 0659d4a1..9a9fbde4 100755 --- a/rootfs-builder/rootfs.sh +++ b/rootfs-builder/rootfs.sh @@ -52,7 +52,7 @@ $(get_distros) Refer the Platform-OS Compatibility Matrix: https://github.com/kata-containers/osbuilder#platform-distro-compatibility-matrix Options: --a : agent version DEFAULT: ${AGENT_VERSION} ENV: AGENT_VERSION +-a : agent version DEFAULT: ${AGENT_VERSION} ENV: AGENT_VERSION -h : Show this help message -o : specify version of osbuilder -r : rootfs directory DEFAULT: ${ROOTFS_DIR} ENV: ROOTFS_DIR @@ -84,17 +84,29 @@ check_function_exist() [ "$(type -t ${function_name})" == "function" ] || die "${function_name} function was not defined" } -distro_needs_admin_caps() +docker_extra_args() { - if [ "$1" = "ubuntu" ] - then - echo "true" - elif [ "$1" = "debian" ] - then - echo "true" - else - echo "false" - fi + local args="" + + case "$1" in + ubuntu | debian) + # Requred to chroot + args+=" --cap-add SYS_CHROOT" + # debootstrap needs to create device nodes to properly function + args+=" --cap-add MKNOD" + ;& + suse) + # Required to mount inside a container + args+=" --cap-add SYS_ADMIN" + # When AppArmor is enabled, mounting inside a container is blocked with docker-default profile. + # See https://github.com/moby/moby/issues/16429 + args+=" --security-opt apparmor:unconfined" + ;; + *) + ;; + esac + + echo "$args" } generate_dockerfile() @@ -239,17 +251,7 @@ if [ -n "${USE_DOCKER}" ] ; then docker_run_args+=" --rm" docker_run_args+=" --runtime runc" - admin_caps=$(distro_needs_admin_caps "$distro") - if [ "$admin_caps" = "true" ]; then - # Required by debootstrap to mount inside a container - docker_run_args+=" --cap-add SYS_ADMIN" - # Requred to chroot - docker_run_args+=" --cap-add SYS_CHROOT" - # debootstrap needs to create device nodes to properly function - docker_run_args+=" --cap-add MKNOD" - # See https://github.com/moby/moby/issues/16429 - docker_run_args+=" --security-opt apparmor:unconfined" - fi + docker_run_args+=" $(docker_extra_args $distro)" #Make sure we use a compatible runtime to build rootfs # In case Clear Containers Runtime is installed we dont want to hit issue: diff --git a/rootfs-builder/suse/Dockerfile.in b/rootfs-builder/suse/Dockerfile.in new file mode 100644 index 00000000..edb85bb6 --- /dev/null +++ b/rootfs-builder/suse/Dockerfile.in @@ -0,0 +1,18 @@ +# +# Copyright (c) 2018 SUSE +# +# SPDX-License-Identifier: Apache-2.0 + +#suse: docker image to be used to create a rootfs +#@OS_VERSION@: Docker image version to build this dockerfile +from opensuse/leap + +# This dockerfile needs to provide all the componets need to build a rootfs +# Install any package need to create a rootfs (package manager, extra tools) + +COPY install-packages.sh / +# RUN commands +RUN chmod +x /install-packages.sh; /install-packages.sh + +# This will install the proper golang to build Kata components +@INSTALL_GO@ diff --git a/rootfs-builder/suse/config.sh b/rootfs-builder/suse/config.sh new file mode 100644 index 00000000..c75c4a43 --- /dev/null +++ b/rootfs-builder/suse/config.sh @@ -0,0 +1,18 @@ +# +# Copyright (c) 2018 SUSE +# +# SPDX-License-Identifier: Apache-2.0 + +# May also be "Tumbleweed" +OS_DISTRO="Leap" + +# Leave this empty for distro "Tumbleweed" +OS_VERSION=${OS_VERSION:-15.0} + +OS_IDENTIFIER="$OS_DISTRO${OS_VERSION:+:$OS_VERSION}" + +PACKAGES="systemd iptables libudev1" + +REPO_URL_OBS="obs://openSUSE:$OS_IDENTIFIER/standard" +REPO_URL_BASE="http://download.opensuse.org" +REPO_URL_PATH="/distribution/${OS_DISTRO,,}/$OS_VERSION/repo/oss" diff --git a/rootfs-builder/suse/config.xml b/rootfs-builder/suse/config.xml new file mode 100644 index 00000000..230f6426 --- /dev/null +++ b/rootfs-builder/suse/config.xml @@ -0,0 +1,35 @@ + + + + + SUSE + mvedovati@suse.com + openSUSE rootfs for Kata Containers guest vm + + + 1.0.0 + zypper + en_US + us + true + + + + + + + + + + + + + + + + + diff --git a/rootfs-builder/suse/install-packages.sh b/rootfs-builder/suse/install-packages.sh new file mode 100644 index 00000000..8c4b1182 --- /dev/null +++ b/rootfs-builder/suse/install-packages.sh @@ -0,0 +1,23 @@ +#!/usr/bin/env bash + +set -euo pipefail + +#Use an alternative mirror for downloading packages: +#mirror="mirror.its.dal.ca" + +uneededRepos=(repo-non-oss repo-update-non-oss) + +if [ -n "${mirror:-}" ]; then + uneededRepos+=(repo-oss repo-update) + zypper --non-interactive addrepo http://${mirror}/opensuse/distribution/leap/15.0/repo/oss mirror-oss + zypper --non-interactive addrepo http://${mirror}/opensuse/update/leap/15.0/oss/ mirror-update +fi + +for r in ${uneededRepos[@]}; do + zypper --non-interactive removerepo $r +done + +zypper --non-interactive refresh +zypper --non-interactive install --no-recommends --force-resolution curl git gcc make python3-kiwi tar +zypper --non-interactive clean --all + diff --git a/rootfs-builder/suse/rootfs_lib.sh b/rootfs-builder/suse/rootfs_lib.sh new file mode 100644 index 00000000..64768a10 --- /dev/null +++ b/rootfs-builder/suse/rootfs_lib.sh @@ -0,0 +1,91 @@ +# +# Copyright (c) 2018 SUSE +# +# SPDX-License-Identifier: Apache-2.0 + +# - Arguments +# rootfs_dir=$1 +# +# - Optional environment variables +# +# EXTRA_PKGS: Variable to add extra PKGS provided by the user +# +# BIN_AGENT: Name of the Kata-Agent binary +# +# REPO_URL: URL to distribution repository ( should be configured in +# config.sh file) +# +# Any other configuration variable for a specific distro must be added +# and documented on its own config.sh +# +# - Expected result +# +# rootfs_dir populated with rootfs pkgs +# It must provide a binary in /sbin/init +# +# Note: For some distros, the build_rootfs() function provided in scripts/lib.sh +# will suffice. If a new distro is introduced with a special requirement, +# then, a rootfs_builder//rootfs_lib.sh file should be created +# using this template. + +build_rootfs() { + # Mandatory + local ROOTFS_DIR=$1 + + #Name of the Kata-Agent binary + local BIN_AGENT=${BIN_AGENT} + + # In case of support EXTRA packages, use it to allow + # users add more packages to the base rootfs + local EXTRA_PKGS=${EXTRA_PKGS:-} + + #In case rootfs is created usign repositories allow user to modify + # the default URL + local REPO_URL=${REPO_URL:-} + + #PATH where files this script is placed + #Use it to refer to files in the same directory + #Exmaple: ${CONFIG_DIR}/foo + local CONFIG_DIR=${CONFIG_DIR} + + # Populate ROOTFS_DIR + # Must provide /sbin/init and /bin/${BIN_AGENT} + if [ -e "$ROOTFS_DIR" ] && ! [ -z "$(ls -A $ROOTFS_DIR)" ]; then + echo "ERROR: $ROOTFS_DIR is not empty" + exit 1 + fi + + local addPackages="" + for p in $PACKAGES $EXTRA_PKGS; do + addPackages+=" --add-package=$p" + done + + if [ -z "$REPO_URL" ]; then + local arch="$(uname -m)" + case $arch in + x86_64) + REPO_URL_PORT="" + ;; + ppc|ppc64le) + REPO_URL_PORT="/ports/ppc" + ;; + *) + REPO_URL_PORT="/ports/$arch" + ;; + esac + REPO_URL="${REPO_URL_BASE}${REPO_URL_PORT}${REPO_URL_PATH}" + fi + + # set-repo format: + # man kiwi::system::build for details + local setRepo=" --set-repo $REPO_URL,rpm-md,$OS_IDENTIFIER,99,false,false" + + kiwi system prepare \ + --description $CONFIG_DIR \ + --allow-existing-root \ + --root $ROOTFS_DIR \ + $addPackages \ + $setRepo + install -d $ROOTFS_DIR/lib/systemd + ln -s /usr/lib/systemd/systemd $ROOTFS_DIR/lib/systemd/systemd +} diff --git a/tests/test_images.sh b/tests/test_images.sh index 00498517..7ff2203d 100755 --- a/tests/test_images.sh +++ b/tests/test_images.sh @@ -366,7 +366,6 @@ test_distro_ubuntu() run_test "${name}" "" "ubuntu" "service" "no" } - test_distro_fedora() { local -r name="Can create and run fedora image" @@ -401,6 +400,12 @@ test_distro_alpine() run_test "${name}" "" "alpine" "no" "init" } +test_distro_suse() +{ + local -r name="Can create and run suse image" + run_test "${name}" "" "suse" "service" "no" +} + # Displays a list of all distro test functions get_distro_test_names() { @@ -452,6 +457,7 @@ test_all_distros() test_distro_centos test_distro_alpine test_distro_ubuntu + test_distro_suse if [ $MACHINE_TYPE != "ppc64le" ]; then test_distro_clearlinux