osbuilder: add dracut build method#312
Conversation
5d1d619 to
5ca1b8b
Compare
jodh-intel
left a comment
There was a problem hiding this comment.
Thanks for raising @marcov. I've got a query on the change.
But also:
-
Please can you update the appropriate
READMEfiles to mention dracut. -
How are we going to test this?
Can you find a way to add dracut support to
tests/test_images.sh?
I will do that. Given that tests are run inside containers, it makes sense to do the same. The number of builds needed will double though (one dracut build for each distro). |
🤞 this is ok as we're testing in parallel 🙏 |
7480834 to
1547733
Compare
|
I have finalized what missing to make this PR (hopefully) merge-ready. Can you please have a review or leave any feeedback? |
2a238f8 to
3077f65
Compare
Add the use case of provisioning an existing rootfs directory with the components / configurations needed to generate a Kata compatible images. This supports use cases such as using a rootfs built outside of osbuilder, and providing a overlay for dracut built initrds. Signed-off-by: Marco Vedovati <mvedovati@suse.com>
0452f0a to
c67855a
Compare
|
@jodh-intel But "dracut" is in the words list here: |
|
@marcov - if you look at that error carefully, it's because the word has been quoted using apostrophes - that is now "wrong" - we should only quote using double quotes to avoid confusing the spell checker (I've updated all docs across all repos for this btw ;) See: The fix: just use the word without quotes since, as you say, it is already in the dictionary. I'm not sure why it's complaining about "customise" since that works fine for me on an Ubuntu 16.04 system, as Travis is using...?!? |
a7eed70 to
bcd3280
Compare
| [ -n "${http_proxy:-}" ] && curlOptions+=("-x ${http_proxy:-}") | ||
| readonly install_go=" | ||
| RUN cd /tmp ; curl ${curlOptions[@]} https://storage.googleapis.com/golang/go${GO_VERSION}.linux-${goarch}.tar.gz | ||
| RUN tar -C /usr/ -xzf /tmp/go${GO_VERSION}.linux-${goarch}.tar.gz |
There was a problem hiding this comment.
This commit just moved 2 functions from rootfs.sh to lib.sh. If /usr/local is preferred, it's worth creating a new issue.
|
/test |
|
Hi @marcov Sorry for the red cross. 😢 It looked to me that something went wrong in static check. And it confused me a bit, the checking target, |
|
@Pennyzct any chance we are missing a clenup in the server? |
@grahamwhaley who should nuke the |
|
This kata-containers/tests#1855 corrects the issue that |
It is a tickbox option on the jenkins job - it can clean up (delete) the workspace either before or after a run. We tend to tick 'before new run', as that then leaves the workspace around in case we need to get more info or grub around on the previously failed run. Sooo @marcov - with that fix on the fc installation, do we think the CI is fixed, and should we hand-re-trigger the ARM one then? |
|
The detection of the storage driver in docker is now fixed for the fc job. It's failing to start the test container, but that's another issue: |
|
About the ARM failure instead, @grahamwhaley and me identified two problems:
@Pennyzct, in the end everything seems to be fine with the ARM machine setup. Thank you for checking! |
|
@marcov - agreed - it wouldn't be reasonable to "fail" a PR due to doc files typos that are not part of this project ;) |
|
@marcov did you try by removing one of the I think that may be causing the issues as the second time you are running the setup, there are already artifacts in place. |
|
/test |
|
ARM |
|
Hi~ @marcov Let me log into this ARM CI node, and clean the env for you. ;). Let's see if the error is also reproduceable~~ |
|
Hi~ @marcov I have done the clean-up and rebuild the ARM CI. let's wait and see. ;) |
jodh-intel
left a comment
There was a problem hiding this comment.
Thanks @marcov - a few doc nits but once resolved I'm happy to approve.
README.md
Outdated
| The top-level `Makefile` contains an example of how to use the available components. | ||
|
|
||
| By default, components will run on the host system. However, some components | ||
| Two build methods are available, "distro" and "dracut". |
There was a problem hiding this comment.
Could you put these terms in backticks? distro and dracut as they are arguments.
README.md
Outdated
| to generate an initrd or an image. This is what happens in details: | ||
| 1. A rootfs is generated based on the specified target distribution. | ||
| 2. The rootfs is provisioned with Kata-specific components and configuration files. | ||
| 2. The rootfs is used as a base to generate an initrd or an image. |
There was a problem hiding this comment.
Although it appears to render correctly this "double 2" is confusing. Please either number sequentially, or use the magic 1. for all lines to have GitHub auto-number the bullets for you.
README.md
Outdated
|
|
||
| #### dracut based rootfs | ||
|
|
||
| > Note: the dracut build method does not need a rootfs as a base for an image or initrd. |
There was a problem hiding this comment.
Please make the note bold as specified in https://github.com/kata-containers/documentation/blob/master/Documentation-Requirements.md#notes and capitalise the first word:
Note: The dracut ...
Same comment for notes below.
rootfs-builder/README.md
Outdated
| To list the supported distributions, run: | ||
| ### Extra features | ||
| #### Supported distributions list | ||
| Supported distributions can be listed with: |
There was a problem hiding this comment.
This should be more direct to keep @klynnrif happy I think:
List supported distributions by running the following:
rootfs-builder/README.md
Outdated
| ``` | ||
|
|
||
| #### Generate Kata specific files | ||
| `rootfs.sh` can be used to populate a directory with only Kata specific files and |
rootfs-builder/README.md
Outdated
| ``` | ||
| $ ./rootfs.sh -h | ||
| $ mkdir kata-overlay | ||
| $ ./rootfs.sh -r `pwd`/kata-overlay |
There was a problem hiding this comment.
Nit: I'd try to avoid backticks in commands as they can be hard to see. Maybe use the variable instead:
$ ./rootfs.sh -r "$PWD/kata-overlay"| rootfs directory to contain `/sbin/init` and `/sbin/kata-agent` binaries. | ||
|
|
||
| ### Optional - Customise the rootfs | ||
| ### Optional - Customize the rootfs |
There was a problem hiding this comment.
No comment. Let the Holy Spelling Wars not begin... 😄
There was a problem hiding this comment.
The spell checker is making the laws now 😆
Add the option to build image and initrd using dracut. Fixes: kata-containers#311 Suggested-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Marco Vedovati <mvedovati@suse.com>
|
Thanks @jodh-intel, I agree on all your comments and I have addressed them! Hopefully with this PR ARM builds should not fail anymore (BTW thanks @Pennyzct for trying with a clean build). /test |
Build dracut initrd and images inside a reference container. Signed-off-by: Marco Vedovati <mvedovati@suse.com>
Use .ci/setup.sh from tests repo, to make sure spell check packages are correctly installed for the OS under test. Signed-off-by: Marco Vedovati <mvedovati@suse.com>
Ubuntu bionic is a more recent LTS than trusty. Signed-off-by: Marco Vedovati <mvedovati@suse.com>
Distros with systemd / agent as init are not correctly enumerated. Signed-off-by: Marco Vedovati <mvedovati@suse.com>
|
Forgot to disable the dracut initrd test for firecracker CI job, otherwise it should finally be all set /test |
|
all green! awesome! I taking a look in a few minutes. |
Add the option to build image and initrd using dracut.
Fixes: #311
Suggested-by: Stefan Hajnoczi stefanha@redhat.com
Signed-off-by: Marco Vedovati mvedovati@suse.com
Here's some explanations (this may be later moved in a README).
Changes required
To support the dracut use case, I had to do two set of changes.
The first is to refactor the rootfs-builder script so that the rootfs build step and provisioning step are done independently.
This is to reuse the part of rootfs-builder that adds to a generic rootfs Kata specific components, like the kata-agent installation.
In case of dracut, the provisioning step is done BEFORE the initrd/image is built, and the result is passed to dracut as an overlay to include in the rootfs.
The other change is about the main Makefile. Now when no
DISTRO=is specified by the user, the default build target is a dracut initrd / image.When building an initrd, a Kata-specific overlay is first created using the rootfs-builder.
The dracut initrd is left uncompressed to have faster startup performances, that's however not required.
A dracut image is derived from an extracted dracut initrd. The difference compared to the initrd is that kernel modules needs to be loaded at startup using /etc/modules-load.d systemd method, so that directory needs to include a file with the kernel modules names in dracut.conf.d/10-drivers.conf (these is not required in case of an initrd as kernel modules are loaded automatically).
The extracted rootfs is threated as a normal rootfs directory handled with image-builder.
Example usage
The dracut build method is set up to be paired with a generic / kvm kernel provided by a distribution. These types of kernels require kernel modules like 9p or virtio_xxx to be loaded at startup to be used with Kata.
To obtain this, users will need to:
make initrd|image DRACUT_KVERSION=VERSION-FLAVORIf a monolithic kernel is used, as the default Kata kernel, these flow is optional and no drivers /
DRACUT_KVERSIONneeds to be specified.What's missing