diff --git a/docs/upgrade_coco.md b/docs/upgrade_coco.md index d4d1519..d2f8d7a 100644 --- a/docs/upgrade_coco.md +++ b/docs/upgrade_coco.md @@ -21,42 +21,31 @@ to the version they point to. ### Upgrade CoCo Version Tag -First, bump the `COCO_RELEASE_VERSION` in `tasks/util/env.py`. Then work-out +First, bump the `COCO_VERSION` in `tasks/util/versions.py`. Then work-out what Kata version is being used, and `cd` into your `kata-containers` source tree. ### Update Kata and Guest Components -The source tree should point to `sc2-main`. We need to rebase it on the latest -Kata: +First, rebase `guest-components` to the latest `main` (guest-components is +not tagged anymore, afaict). -```bash -git fetch upstream - -# You may try to first rebase and re-build on a test branch -git checkout -b sc2-main-test -git rebase -git push origin sc2-main-test -``` +Then rebase `sc2-main` and `sc2-baseline` to the new Kata tag (pinned by the +CoCo release). You should also update the `KATA_VERSION` variable in the +versions file. -If you have any changes on top of guest components, you should rebase them -on top of `0.10.0`, re-build, and push the tag. Note that you Kata fork should -point to a guest components version with the `sc2-main` branch. - -Now, if you have used a test branch, update the branch name in the kata -dockerfile in `./docker/kata.dockerfile`, and try to re-build Kata: +Once you have pushed the branches to the remote, you will have to re-build +the Kata image: ```bash -inv kata.build -inv kata.replace-agent +inv kata.build --nocache --push ``` ### Dry Run -The only thing remaining is to test a fresh install: +The easies way to test the deployment is to start a new cluster from scratch, +and run some demo functions: ```bash -inv kubeadm.create operator.install operator.install-cc-runtime knative.install +inv sc2.destroy sc2.deploy --clean ``` - -and run some demo functions. diff --git a/tasks/sc2.py b/tasks/sc2.py index 7c620d3..3fbe3b3 100644 --- a/tasks/sc2.py +++ b/tasks/sc2.py @@ -116,6 +116,10 @@ def install_sc2_runtime(debug=False): # FIXME: we need to update the default_memory to be able to run the # Knative chaining test. This will change when memory hot-plugging # is supported + # FIXME 2: we need to set the default max vcpus, as the kata-runtime, + # and containerd-shim seem to give it different default values. Not + # an issue as hot-plugging vCPUs is not supported so we can never + # exceed the default (1). updated_toml_str = """ [factory] vm_cache_number = {vm_cache_number} @@ -124,6 +128,7 @@ def install_sc2_runtime(debug=False): hot_plug_vfio = "root-port" pcie_root_port = 2 default_memory = 6144 + default_maxvcpus = 1 """.format( vm_cache_number=VM_CACHE_SIZE ) diff --git a/tasks/util/kata.py b/tasks/util/kata.py index 73f7447..1b34200 100644 --- a/tasks/util/kata.py +++ b/tasks/util/kata.py @@ -194,6 +194,7 @@ def replace_agent( script_files = [ "initrd-builder/initrd_builder.sh", "rootfs-builder/rootfs.sh", + "rootfs-builder/nvidia/", "rootfs-builder/ubuntu/config.sh", "rootfs-builder/ubuntu/Dockerfile.in", "rootfs-builder/ubuntu/rootfs_lib.sh", diff --git a/tasks/util/registry.py b/tasks/util/registry.py index f107eaa..798dae7 100644 --- a/tasks/util/registry.py +++ b/tasks/util/registry.py @@ -160,7 +160,7 @@ def start(debug=False, clean=False): """.format( containerd_base_certs_dir=containerd_base_certs_dir ) - update_toml(CONTAINERD_CONFIG_FILE, updated_toml_str) + update_toml(CONTAINERD_CONFIG_FILE, updated_toml_str, requires_root=True) # Add the correspnding configuration to containerd containerd_certs_dir = join(containerd_base_certs_dir, LOCAL_REGISTRY_URL) diff --git a/tasks/util/toml.py b/tasks/util/toml.py index 6e0fde4..23eda11 100644 --- a/tasks/util/toml.py +++ b/tasks/util/toml.py @@ -1,5 +1,5 @@ from re import findall -from os import remove +from os import getuid, getgid, remove, stat from os.path import basename, join from subprocess import run from toml import ( @@ -55,7 +55,20 @@ def update_toml(toml_path, updates_toml, requires_root=True): express arbitrarily complex TOML files) - requires_root: whether the TOML file is root-owned (usually the case) """ - conf_file = toml_load(toml_path) + if requires_root: + new_toml_file_path = join("/tmp", basename(toml_path) + "-read") + run(f"sudo cp {toml_path} {new_toml_file_path}", shell=True, check=True) + run( + "sudo chown {}:{} {}".format(getuid(), getgid(), new_toml_file_path), + shell=True, + check=True, + ) + + conf_file = toml_load(new_toml_file_path) + run(f"sudo rm {new_toml_file_path}", shell=True, check=True) + else: + conf_file = toml_load(toml_path) + merge_dicts_recursively(conf_file, toml_load_from_string(updates_toml)) if requires_root: @@ -101,6 +114,26 @@ def read_value_from_toml(toml_file_path, toml_path, tolerate_missing=False): """ Return the value in a TOML specified by a "." delimited TOML path """ + # Check if the pointed-to file is sudo-owned + try: + stat_info = stat(toml_file_path) + except FileNotFoundError: + if tolerate_missing: + return "" + print(f"ERROR: cannot find TOML at path: {toml_file_path}") + raise RuntimeError("Error reading value from toml") + + if stat_info.st_uid == 0: + new_toml_file_path = join("/tmp", basename(toml_file_path)) + run(f"sudo cp {toml_file_path} {new_toml_file_path}", shell=True, check=True) + run( + "sudo chown {}:{} {}".format(getuid(), getgid(), new_toml_file_path), + shell=True, + check=True, + ) + + toml_file_path = new_toml_file_path + toml_file = toml_load(toml_file_path) for toml_level in split_dot_preserve_quotes(toml_path): if toml_level not in toml_file: diff --git a/tasks/util/versions.py b/tasks/util/versions.py index 65506f0..4558a09 100644 --- a/tasks/util/versions.py +++ b/tasks/util/versions.py @@ -1,6 +1,6 @@ # CoCo versions (note that the CoCo release pins the Kata Version) -COCO_VERSION = "0.10.0" -KATA_VERSION = "3.9.0" +COCO_VERSION = "0.12.0" +KATA_VERSION = "3.13.0" # Base software versions GO_VERSION = "1.23.0" diff --git a/tools/check-fork-hashes/src/main.rs b/tools/check-fork-hashes/src/main.rs index cba6f14..15a15e4 100644 --- a/tools/check-fork-hashes/src/main.rs +++ b/tools/check-fork-hashes/src/main.rs @@ -102,14 +102,6 @@ fn main() { dict.insert("branches", "sc2-main,sc2-baseline"); dict }, - { - let mut dict = HashMap::new(); - dict.insert("repo_name", "guest-components"); - dict.insert("version_str", "COCO_VERSION"); - dict.insert("ctr_src_paths", "/usr/src/guest-components"); - dict.insert("branches", "sc2-main"); - dict - }, { let mut dict = HashMap::new(); dict.insert("repo_name", "containerd");