diff --git a/images/bounder/static_binaries/hello_bounder.c b/images/bounder/static_binaries/hello_bounder.c new file mode 100644 index 0000000000..3c2a46c2bd --- /dev/null +++ b/images/bounder/static_binaries/hello_bounder.c @@ -0,0 +1,6 @@ +#include + +int main() { + printf("Hello, my name is Bounder. I'm here to fulfill my destiny... to mount PVCs and vanish into the void.\n"); + return 0; +} \ No newline at end of file diff --git a/images/bounder/werf.inc.yaml b/images/bounder/werf.inc.yaml index 2c19e6e26a..bc8bf0bbc0 100644 --- a/images/bounder/werf.inc.yaml +++ b/images/bounder/werf.inc.yaml @@ -2,19 +2,31 @@ image: {{ $.ImageName }} fromImage: distroless import: - - image: {{ $.ImageName }}-binaries - add: /relocate - to: / + - image: {{ $.ImageName }}-cbuilder + add: /bins + to: /usr/local/bin after: setup imageSpec: config: - cmd: ["echo", "Hi, my name is Bounder. I’m here to fulfill my destiny… to mount PVCs and vanish into the void."] + cmd: ["hello_bounder"] --- -{{- $binaries := "/usr/bin/echo" }} - -image: {{ $.ImageName }}-binaries +image: {{ $.ImageName }}-cbuilder final: false -fromImage: base-alt-p11-binaries +from: {{ .Images.BASE_DEBIAN_BOOKWORM_SLIM }} +git: + - add: /images/{{ $.ImageName }}/static_binaries + to: / + stageDependencies: + install: + - '*.c' shell: - setup: - - ./relocate_binaries.sh -i "{{ $binaries }}" -o /relocate + beforeInstall: + - | + apt-get update && apt-get install --yes gcc musl-dev musl-tools + apt-get clean + install: + - | + echo "Building simple app that prints hello cdi" + mkdir -p /bins + musl-gcc -static -Os -o /bins/hello_bounder hello_bounder.c + strip /bins/hello_bounder diff --git a/images/cdi-artifact/werf.inc.yaml b/images/cdi-artifact/werf.inc.yaml index 54dc518522..51725e5fc6 100644 --- a/images/cdi-artifact/werf.inc.yaml +++ b/images/cdi-artifact/werf.inc.yaml @@ -82,7 +82,6 @@ shell: - go build -ldflags="-s -w" -o /cdi-binaries/csv-generator ./tools/csv-generator - strip /cdi-binaries/* - - cp cmd/cdi-cloner/cloner_startup.sh /cdi-binaries - chmod +x /cdi-binaries/* - chown -R 64535:64535 /cdi-binaries/* - ls -la /cdi-binaries diff --git a/images/cdi-cloner/werf.inc.yaml b/images/cdi-cloner/werf.inc.yaml index ef32a1d8a4..3b4e519dff 100644 --- a/images/cdi-cloner/werf.inc.yaml +++ b/images/cdi-cloner/werf.inc.yaml @@ -6,16 +6,35 @@ import: add: /relocate to: / before: setup +imageSpec: + config: + entrypoint: ["/usr/bin/cloner-startup"] + user: 64535 +--- +{{- $name := print $.ImageName "-dependencies" -}} +{{- define "$name" -}} +binaries: +- /usr/bin/cloner-startup +- /usr/bin/hello +- /usr/bin/cdi-cloner +{{- end -}} + +{{ $virtCDIClonerDependencies := include "$name" . | fromYaml }} + +image: {{ $.ImageName }}-bins +final: false +fromImage: base-alt-p11-binaries +import: - image: {{ $.ImageName }}-gobuild add: /cdi-binaries to: /usr/bin includePaths: - cloner-startup - before: setup + before: install - image: cdi-artifact-cbuilder add: /bins to: /usr/bin - before: setup + before: install includePaths: - hello - image: cdi-artifact @@ -23,27 +42,10 @@ import: to: /usr/bin includePaths: - cdi-cloner - before: setup + before: install # Source https://github.com/kubevirt/containerized-data-importer/blob/v1.60.3/cmd/cdi-cloner/BUILD.bazel -imageSpec: - config: - entrypoint: ["/usr/bin/cloner-startup"] - user: 64535 ---- -{{- $name := print $.ImageName "-dependencies" -}} -{{- define "$name" -}} -binaries: -- /usr/bin/mount -- /usr/bin/umount -{{- end -}} - -{{ $virtCDIClonerDependencies := include "$name" . | fromYaml }} - -image: {{ $.ImageName }}-bins -final: false -fromImage: base-alt-p11-binaries shell: - beforeInstall: + install: - | /relocate_binaries.sh -i "{{ $virtCDIClonerDependencies.binaries | join " " }}" -o /relocate --- diff --git a/images/cdi-importer/werf.inc.yaml b/images/cdi-importer/werf.inc.yaml index 741deeacc6..1139d465ad 100644 --- a/images/cdi-importer/werf.inc.yaml +++ b/images/cdi-importer/werf.inc.yaml @@ -6,7 +6,7 @@ import: add: /relocate to: / before: setup -# Source https://github.com/kubevirt/containerized-data-importer/blob/v1.58.0/cmd/cdi-importer/BUILD.bazel +# Source https://github.com/kubevirt/containerized-data-importer/blob/v1.60.3/cmd/cdi-importer/BUILD.bazel imageSpec: config: entrypoint: ["/usr/bin/cdi-importer", "-alsologtostderr"] @@ -14,28 +14,25 @@ imageSpec: --- {{- define "cdi-importer-deps" -}} +libraries: +- libsqlite3 packages: - qemu-img - - sqlite3 - libnbd - nbd-client - nbd-server binaries: - - /usr/bin/sh - - /usr/bin/rm - - /usr/bin/grep # Qemu-img - /usr/bin/qemu-img - - /usr/bin/qemu-io - /usr/bin/qemu-nbd # All nbd binaries - /usr/bin/nbd* # Mount - /usr/bin/mount /usr/bin/umount + # Sqlite libs + - /usr/lib64/libsqlite3.so.0 # Block device binaries - /usr/sbin/blockdev - # Sqlite3 - - /usr/bin/sqldiff /usr/bin/sqlite3 /usr/bin/sqlite3_analyzer # CDI binaries - /usr/bin/cdi-containerimage-server /usr/bin/cdi-image-size-detection /usr/bin/cdi-importer /usr/bin/cdi-source-update-poller {{- end -}} @@ -59,7 +56,8 @@ shell: install: - | apt-get update && apt-get install --yes \ - {{ $cdiImporterDependencies.packages | join " " }} + {{ $cdiImporterDependencies.packages | join " " }} \ + {{ $cdiImporterDependencies.libraries | join " " }} - apt-get clean - rm --recursive --force /var/lib/apt/lists/ftp.altlinux.org* /var/cache/apt/*.bin setup: diff --git a/images/dvcr-artifact/werf.inc.yaml b/images/dvcr-artifact/werf.inc.yaml index 00181d2c5b..a375d82641 100644 --- a/images/dvcr-artifact/werf.inc.yaml +++ b/images/dvcr-artifact/werf.inc.yaml @@ -31,7 +31,24 @@ shell: - chown -R 64535:64535 /out --- -{{- $binaries := "/usr/bin/sh /usr/bin/rm /usr/bin/grep /usr/local/bin/dvcr-importer /usr/bin/qemu-img /usr/bin/qemu-io /usr/bin/qemu-nbd /usr/bin/nbd* /usr/bin/file /usr/share/file/magic /usr/share/file/magic.mgc /etc/magic /usr/bin/mount /usr/bin/umount /usr/local/bin/dvcr-uploader /usr/local/bin/dvcr-cleaner" }} +{{- $name := print $.ImageName "-dependencies" -}} +{{- define "$name" -}} +binaries: +- /usr/local/bin/dvcr-importer +- /usr/bin/qemu-img +- /usr/bin/qemu-nbd +- /usr/bin/nbd* +- /usr/bin/file +- /usr/share/file/magic +- /usr/share/file/magic.mgc +- /etc/magic +- /usr/bin/mount +- /usr/bin/umount +- /usr/local/bin/dvcr-uploader +- /usr/local/bin/dvcr-cleaner +{{- end -}} + +{{ $dvcrDependencies := include "$name" . | fromYaml }} image: {{ $.ImageName }}-bins final: false @@ -50,4 +67,4 @@ shell: - rm --recursive --force /var/lib/apt/lists/ftp.altlinux.org* /var/cache/apt/*.bin setup: - | - /relocate_binaries.sh -i "{{ $binaries }}" -o /relocate + /relocate_binaries.sh -i "{{ $dvcrDependencies.binaries | join " " }}" -o /relocate diff --git a/images/dvcr/werf.inc.yaml b/images/dvcr/werf.inc.yaml index cf2ee97de6..e4e19dd64a 100644 --- a/images/dvcr/werf.inc.yaml +++ b/images/dvcr/werf.inc.yaml @@ -5,17 +5,14 @@ import: - image: {{ $.ImageName }}-builder add: /container-registry-binary to: /usr/bin - after: install + before: setup includePaths: - registry # Registry configuration is stored in configmap: templates/dvcr/configmap.yaml - image: {{ $.ImageName }}-artifact-bins - add: /relocate - to: / - after: install - excludePaths: - - '**/dvcr-uploader' - - '**/dvcr-importer' + add: /relocate/usr/local/bin/dvcr-cleaner + to: /usr/local/bin/dvcr-cleaner + before: setup imageSpec: config: user: 64535 diff --git a/images/libvirt/install-libvirt.sh b/images/libvirt/install-libvirt.sh index c49f26a1df..757168d3eb 100755 --- a/images/libvirt/install-libvirt.sh +++ b/images/libvirt/install-libvirt.sh @@ -185,7 +185,7 @@ $SRC_BUILD/src/libvirt_functions.stp to /usr/share/systemtap/tapset $SRC_BUILD/tools/virt-host-validate to /usr/bin # $SRC_BUILD/tools/virt-login-shell to /usr/bin # $SRC_BUILD/tools/virt-login-shell-helper to /usr/libexec -$SRC_BUILD/tools/virsh to /usr/bin +# $SRC_BUILD/tools/virsh to /usr/bin # $SRC_BUILD/tools/virt-admin to /usr/bin $SRC_BUILD/tools/virt-pki-validate to /usr/bin $SRC_BUILD/tools/virt-pki-query-dn to /usr/bin diff --git a/images/virt-artifact/Taskfile.yaml b/images/virt-artifact/Taskfile.yaml index c9b0184ab5..bddf13c066 100644 --- a/images/virt-artifact/Taskfile.yaml +++ b/images/virt-artifact/Taskfile.yaml @@ -34,6 +34,7 @@ tasks: read -p "Delete these directories? [y/N] " answer if [[ "${answer}" != "${answer#[Yy]}" ]] ; then + echo "remove $PATH_KUBEVIRT" rm -rf $PATH_KUBEVIRT fi diff --git a/images/virt-artifact/patches/041-rename-node-labeller-virt-launcher-init.patch b/images/virt-artifact/patches/041-rename-node-labeller-virt-launcher-init.patch index 41b49f079d..0ccbbefaaf 100644 --- a/images/virt-artifact/patches/041-rename-node-labeller-virt-launcher-init.patch +++ b/images/virt-artifact/patches/041-rename-node-labeller-virt-launcher-init.patch @@ -1,5 +1,5 @@ diff --git a/pkg/virt-operator/resource/generate/components/daemonsets.go b/pkg/virt-operator/resource/generate/components/daemonsets.go -index 8fa14e93b5..001fd05bcd 100644 +index 8fa14e93b5..93c55c1619 100644 --- a/pkg/virt-operator/resource/generate/components/daemonsets.go +++ b/pkg/virt-operator/resource/generate/components/daemonsets.go @@ -52,7 +52,6 @@ func RenderPrHelperContainer(image string, pullPolicy corev1.PullPolicy) corev1. @@ -10,16 +10,23 @@ index 8fa14e93b5..001fd05bcd 100644 deploymentName := VirtHandlerName imageName := fmt.Sprintf("%s%s", imagePrefix, deploymentName) env := operatorutil.NewEnvVarMap(extraEnv) -@@ -123,7 +122,7 @@ func NewHandlerDaemonSet(namespace, repository, imagePrefix, version, launcherVe +@@ -117,14 +116,10 @@ func NewHandlerDaemonSet(namespace, repository, imagePrefix, version, launcherVe + pod.InitContainers = []corev1.Container{ + { + Command: []string{ +- "/bin/sh", +- "-c", ++ "node-labeller", + }, Image: launcherImage, Name: "virt-launcher", - Args: []string{ +- Args: []string{ - "node-labeller.sh", -+ "node-labeller", - }, +- }, SecurityContext: &corev1.SecurityContext{ Privileged: pointer.Bool(true), -@@ -350,5 +349,4 @@ func NewHandlerDaemonSet(namespace, repository, imagePrefix, version, launcherVe + }, +@@ -350,5 +345,4 @@ func NewHandlerDaemonSet(namespace, repository, imagePrefix, version, launcherVe pod.Containers = append(pod.Containers, RenderPrHelperContainer(prHelperImage, pullPolicy)) } return daemonset, nil diff --git a/images/virt-artifact/patches/043-disable-workload-updater.patch b/images/virt-artifact/patches/044-disable-workload-updater.patch similarity index 100% rename from images/virt-artifact/patches/043-disable-workload-updater.patch rename to images/virt-artifact/patches/044-disable-workload-updater.patch diff --git a/images/virt-artifact/patches/045-virt-launcher-image-holder-command-sleep.patch b/images/virt-artifact/patches/045-virt-launcher-image-holder-command-sleep.patch new file mode 100644 index 0000000000..8f9f5c3609 --- /dev/null +++ b/images/virt-artifact/patches/045-virt-launcher-image-holder-command-sleep.patch @@ -0,0 +1,15 @@ +diff --git a/pkg/virt-operator/resource/generate/components/daemonsets.go b/pkg/virt-operator/resource/generate/components/daemonsets.go +index 93c55c1619..ebc1e790bf 100644 +--- a/pkg/virt-operator/resource/generate/components/daemonsets.go ++++ b/pkg/virt-operator/resource/generate/components/daemonsets.go +@@ -145,8 +145,8 @@ func NewHandlerDaemonSet(namespace, repository, imagePrefix, version, launcherVe + Name: "virt-launcher-image-holder", + Image: launcherImage, + ImagePullPolicy: corev1.PullIfNotPresent, +- Command: []string{"/bin/sh", "-c"}, +- Args: []string{"sleep infinity"}, ++ Command: []string{"sleep"}, ++ Args: []string{"infinity"}, + Resources: corev1.ResourceRequirements{ + Limits: map[corev1.ResourceName]resource.Quantity{ + corev1.ResourceCPU: resource.MustParse("100m"), diff --git a/images/virt-artifact/patches/046-hotplug-attachment-trigger-pod-remove-bash.patch b/images/virt-artifact/patches/046-hotplug-attachment-trigger-pod-remove-bash.patch new file mode 100644 index 0000000000..0837dcd0ba --- /dev/null +++ b/images/virt-artifact/patches/046-hotplug-attachment-trigger-pod-remove-bash.patch @@ -0,0 +1,60 @@ +diff --git a/pkg/virt-controller/services/template.go b/pkg/virt-controller/services/template.go +index 1221448946..7e2519d129 100644 +--- a/pkg/virt-controller/services/template.go ++++ b/pkg/virt-controller/services/template.go +@@ -382,9 +382,7 @@ func (t *templateService) renderLaunchManifest(vmi *v1.VirtualMachineInstance, i + if tempPod { + logger := log.DefaultLogger() + logger.Infof("RUNNING doppleganger pod for %s", vmi.Name) +- command = []string{"/bin/bash", +- "-c", +- "echo", "bound PVCs"} ++ command = []string{"temp_pod"} + } else { + command = []string{"/usr/bin/virt-launcher-monitor", + "--qemu-timeout", generateQemuTimeoutWithJitter(t.launcherQemuTimeout), +@@ -921,7 +919,7 @@ func (t *templateService) RenderHotplugAttachmentPodTemplate(volumes []*v1.Volum + zero := int64(0) + runUser := int64(util.NonRootUID) + sharedMount := k8sv1.MountPropagationHostToContainer +- command := []string{"/bin/sh", "-c", "/usr/bin/container-disk --copy-path /path/hp"} ++ command := []string{"/usr/bin/container-disk", "--copy-path", "/path/hp"} + + tmpTolerations := make([]k8sv1.Toleration, len(ownerPod.Spec.Tolerations)) + copy(tmpTolerations, ownerPod.Spec.Tolerations) +@@ -1076,11 +1074,9 @@ func (t *templateService) RenderHotplugAttachmentTriggerPodTemplate(volume *v1.V + sharedMount := k8sv1.MountPropagationHostToContainer + var command []string + if tempPod { +- command = []string{"/bin/bash", +- "-c", +- "exit", "0"} ++ command = []string{"temp_pod"} + } else { +- command = []string{"/bin/sh", "-c", "/usr/bin/container-disk --copy-path /path/hp"} ++ command = []string{"/usr/bin/container-disk", "--copy-path", "/path/hp"} + } + + annotationsList := make(map[string]string) +diff --git a/pkg/virt-controller/watch/vmi_test.go b/pkg/virt-controller/watch/vmi_test.go +index b4b76bd73e..9fb2c56118 100644 +--- a/pkg/virt-controller/watch/vmi_test.go ++++ b/pkg/virt-controller/watch/vmi_test.go +@@ -400,7 +400,7 @@ var _ = Describe("VirtualMachineInstance watcher", func() { + + return "" + }, +- Equal("/bin/bash -c echo bound PVCs"), ++ Equal("temp_pod"), + ) + + controller.Execute() +@@ -676,7 +676,7 @@ var _ = Describe("VirtualMachineInstance watcher", func() { + + return "" + }, +- Equal("/bin/bash -c echo bound PVCs")) ++ Equal("temp_pod")) + expectMatchingPodCreation(vmi, IsPodWithoutVmPayload) + expectVMIWithMatcherConditions(vmi.Namespace, vmi.Name, ContainElement(MatchFields(IgnoreExtras, + Fields{"Type": Equal(virtv1.VirtualMachineInstanceProvisioning)})), diff --git a/images/virt-artifact/patches/047-node-labeller-replace-sysctl-command-with-readfile.patch b/images/virt-artifact/patches/047-node-labeller-replace-sysctl-command-with-readfile.patch new file mode 100644 index 0000000000..a3b8fd978f --- /dev/null +++ b/images/virt-artifact/patches/047-node-labeller-replace-sysctl-command-with-readfile.patch @@ -0,0 +1,28 @@ +diff --git a/pkg/virt-handler/node-labeller/node_labeller.go b/pkg/virt-handler/node-labeller/node_labeller.go +index e5ddaf3784..8de36d72c9 100644 +--- a/pkg/virt-handler/node-labeller/node_labeller.go ++++ b/pkg/virt-handler/node-labeller/node_labeller.go +@@ -23,7 +23,7 @@ import ( + "context" + "encoding/json" + "fmt" +- "os/exec" ++ "os" + "runtime" + "strings" + "time" +@@ -327,11 +327,12 @@ const kernelSchedRealtimeRuntimeInMicrosecods = "kernel.sched_rt_runtime_us" + // workloads at peak performance. + + func isNodeRealtimeCapable() (bool, error) { +- ret, err := exec.Command("sysctl", kernelSchedRealtimeRuntimeInMicrosecods).CombinedOutput() ++ ret, err := os.ReadFile("/proc/sys/kernel/sched_rt_runtime_us") + if err != nil { + return false, err + } +- st := strings.Trim(string(ret), "\n") ++ sched_rt_runtime_us := strings.Trim(string(ret), "\n") ++ st := fmt.Sprintf("%s = %s", kernelSchedRealtimeRuntimeInMicrosecods, sched_rt_runtime_us) + return fmt.Sprintf("%s = -1", kernelSchedRealtimeRuntimeInMicrosecods) == st, nil + } + diff --git a/images/virt-artifact/patches/README.md b/images/virt-artifact/patches/README.md index 5855f199a2..ed93096fcc 100644 --- a/images/virt-artifact/patches/README.md +++ b/images/virt-artifact/patches/README.md @@ -294,11 +294,25 @@ This path adds annotations to the VMI with the versions of libvirt and qemu used - Updates the migration mechanism: since virt-handler directly connects to the `virtqemud` socket during migration, the libvirt patch does not authorize it. To address this issue, an additional `migration-proxy` has been introduced in `virt-launcher`. This proxy receives traffic from `virt-handler` and forwards it to `virtqemud`. - A new gRPC call, MigrationProxy, has been added to start this migration proxy. - - ##### Dependency This patch depends on the [002-auth-pid-restriction.patch](../../libvirt/patches/002-auth-pid-restriction.patch) in libvirt, which introduces the `LIBVIRT_UNIX_SOCKET_AUTH_PID` environment variable to restrict socket access based on PID. -#### `043-disable-workload-updater.patch` +#### `044-disable-workload-updater.patch` This patch disables controller workload-updater in kubevirt. We have our implementation in virtualization-controller. + +#### `045-virt-launcher-image-holder-command-sleep.patch` + +This patch modifies virt-launcher-image-holder command from `sh -c "sleep infinity"` to `sleep infinity`. + +#### `046-hotplug-attachment-trigger-pod-remove-bash.patch` + +This patch modifies init container by removing sh and bash util and replcae commands. +- Init container tempPod change command from `"/bin/bash", "-c", "echo", "bound PVCs"` and `"/bin/bash","-c","exit", "0"` to static binary `temp_pod`. +- HotplugAttachmentPod change command from `"/bin/sh", "-c", "/usr/bin/container-disk --copy-path /path/hp"` to `"/usr/bin/container-disk", "--copy-path", "/path/hp"` + +Also fixed vmi_test.go, replace `Equal("/bin/bash -c echo bound PVCs")` to `Equal("temp_pod")`, + +#### `047-node-labeller-replace-sysctl-command-with-readfile.patch` + +This patch modifies function `isNodeRealtimeCapable` in `node_labeller.go`, replacing linux util `sysctl` to `os.ReadFile("/proc/sys/kernel/sched_rt_runtime_us")` \ No newline at end of file diff --git a/images/virt-artifact/werf.inc.yaml b/images/virt-artifact/werf.inc.yaml index 10e9c3ae83..b541c06774 100644 --- a/images/virt-artifact/werf.inc.yaml +++ b/images/virt-artifact/werf.inc.yaml @@ -3,6 +3,29 @@ {{- $version := "1.3.1" }} {{- $goVersion := "1.22.7" }} +{{- $name := print $.ImageName "-dependencies" -}} +{{- define "$name" -}} +packages: +- git +- curl +- pkg-config +- libvirt-libs +- libtool +- libvirt-devel +- libncurses-devel +- libvirt-client +- libvirt-daemon +- libvirt +- gcc +- gcc-c++ +- glibc-devel-static +- glibc +- golang +{{- end -}} + +{{ $virtArtifactDependencies := include "$name" . | fromYaml }} + + image: {{ $.ImageName }} final: false fromImage: base-alt-p11 @@ -24,17 +47,12 @@ shell: - apt-get update - | apt-get install -y \ - git curl pkg-config \ - libvirt-libs libtool libvirt-devel libncurses-devel \ - libvirt-client libvirt-daemon libvirt \ - gcc gcc-c++ glibc-devel-static \ - glibc \ - golang + {{ $virtArtifactDependencies.packages | join " " }} - apt-get clean - rm --recursive --force /var/lib/apt/lists/ftp.altlinux.org* /var/cache/apt/*.bin install: - - git clone --depth 1 --branch v{{ $version }} https://github.com/kubevirt/kubevirt.git /kubevirt + - git clone --depth 1 --branch v{{ $version }} {{ $.SOURCE_REPO }}/kubevirt/kubevirt.git /kubevirt - cd /kubevirt - | for p in /patches/*.patch ; do diff --git a/images/virt-handler/werf.inc.yaml b/images/virt-handler/werf.inc.yaml index 7c119bc7ad..e2fdd4760b 100644 --- a/images/virt-handler/werf.inc.yaml +++ b/images/virt-handler/werf.inc.yaml @@ -39,7 +39,32 @@ imageSpec: entrypoint: ["/usr/bin/virt-handler"] --- -{{- $binaries := "/usr/bin/bash /usr/bin/rm /usr/bin/grep /usr/bin/qemu-img /usr/bin/qemu-io /usr/bin/qemu-nbd /usr/bin/mount /usr/bin/umount /usr/bin/chacl /usr/bin/getfacl /usr/bin/setfacl /usr/bin/ps /usr/sbin/slabtop /usr/sbin/sysctl /usr/bin/free /usr/bin/pgrep /usr/bin/pidwait /usr/bin/pkill /usr/bin/pmap /usr/bin/pwdx /usr/bin/skill /usr/bin/snice /usr/bin/tload /usr/bin/top /usr/bin/uptime /usr/bin/vmstat /usr/bin/w /usr/bin/watch /usr/sbin/nft /usr/bin/xorriso /usr/bin/xorrecord /usr/bin/osirrox /usr/bin/xorriso-dd-target /usr/bin/xorrisofs" }} +{{- $name := print $.ImageName "-dependencies" -}} +{{- define "$name" -}} +packages: +- acl +- nftables +- qemu-img +- xorriso +binaries: +# deps for 031-hotplug-container-disk.patch +- /usr/bin/cp +- /usr/bin/qemu-img +- /usr/bin/qemu-nbd +- /usr/bin/mount +- /usr/bin/umount +- /usr/bin/getfacl +- /usr/bin/setfacl +- /usr/sbin/nft +- /usr/bin/xorriso +- /usr/bin/xorrecord +- /usr/bin/osirrox +- /usr/bin/xorriso-dd-target +- /usr/bin/xorrisofs +{{- end -}} + +{{ $virtHandlerDependencies := include "$name" . | fromYaml }} + image: {{ $.ImageName }}-bins final: false @@ -48,16 +73,12 @@ shell: install: - | apt-get update && apt-get install --yes \ - acl \ - procps \ - nftables \ - qemu-img \ - xorriso + {{ $virtHandlerDependencies.packages | join " " }} - apt-get clean - rm --recursive --force /var/lib/apt/lists/ftp.altlinux.org* /var/cache/apt/*.bin setup: - | - /relocate_binaries.sh -i "{{ $binaries }}" -o /relocate + /relocate_binaries.sh -i "{{ $virtHandlerDependencies.binaries | join " " }}" -o /relocate mkdir -p /relocate/etc /relocate/root echo "root:x:0:0:root:/root:/bin/bash" >> /relocate/etc/passwd diff --git a/images/virt-launcher/static_binaries/temp_pod.c b/images/virt-launcher/static_binaries/temp_pod.c new file mode 100644 index 0000000000..d34c881742 --- /dev/null +++ b/images/virt-launcher/static_binaries/temp_pod.c @@ -0,0 +1,6 @@ +#include + +int main() { + printf("I'am a temp pod\n"); + return 0; +} \ No newline at end of file diff --git a/images/virt-launcher/werf.inc.yaml b/images/virt-launcher/werf.inc.yaml index db85d6e304..43fa4f8d88 100644 --- a/images/virt-launcher/werf.inc.yaml +++ b/images/virt-launcher/werf.inc.yaml @@ -105,12 +105,15 @@ libs: - libjson-c-devel - systemtap-sdt-devel - libacl-devel + - libtpms-devel libtpms - glib2-devel - libgio-devel - libxml2-devel + - libgcc1 - libtirpc-devel - libclocale - libLLVMSPIRVLib-devel + - libswtpm-devel packages: - acl - attr @@ -131,64 +134,30 @@ packages: - policycoreutils - psmisc - swtpm swtpm-tools - - su - msulogin - xorriso binaries: # GNU utilities - - /usr/bin/sh - - /usr/bin/bash - - /usr/bin/uname - - /usr/bin/nohup - - /usr/bin/sleep - /usr/bin/cp - - /usr/bin/rm - - /usr/bin/mv - - /usr/bin/cut - - /usr/bin/grep - - /usr/bin/sync - - /usr/bin/mknod + - /usr/bin/sleep # Gnu utils (requared for swtpm) - /usr/bin/certtool - /usr/bin/gnutls-cli - /usr/bin/ocsptool - /usr/bin/p11tool - /usr/bin/psktool - # Utilities for mount - - /usr/bin/mount - - /usr/bin/umount - - /usr/bin/findmnt - # Blk utilites - - /usr/sbin/blkid - - /usr/sbin/blockdev # Openssl - /usr/bin/openssl - # Acl utils - - /usr/bin/chacl /usr/bin/getfacl /usr/bin/setfacl /usr/bin/chmod /usr/bin/chown - # Fs utils - - /usr/sbin/fstrim /usr/sbin/fuser /usr/sbin/findfs # Xorriso (Creates an image of an ISO9660 filesystem) - /usr/bin/xorriso-dd-target /usr/bin/xorrisofs - # Ethtool - - /usr/sbin/ethlist /usr/sbin/ethtool /usr/sbin/iptables /usr/sbin/ip /usr/sbin/bridge /usr/sbin/nft - # Procps utils - - /usr/sbin/sysctl - # Passt (User-mode networking daemons for virtual machines and namespaces) - - /usr/bin/passt /usr/bin/passt.avx2 /usr/bin/pasta /usr/bin/pasta.avx2 /usr/bin/qrap # Swtpm - /usr/bin/swtpm /usr/bin/swtpm_bios /usr/bin/swtpm_cert /usr/bin/swtpm_ioctl /usr/bin/swtpm_localca /usr/bin/swtpm_setup # Dmidecode - - /usr/sbin/biosdecode /usr/sbin/dmidecode /usr/sbin/ownership /usr/sbin/vpddecode + - /usr/sbin/biosdecode /usr/sbin/dmidecode # Numactl - /usr/bin/memhog /usr/bin/migratepages /usr/bin/migspeed /usr/bin/numactl /usr/bin/numademo /usr/bin/numastat # Hwclock - - /usr/bin/clock_unsynced /etc/adjtime /usr/sbin/clock /usr/sbin/hwclock - # Libffi8 - - "/usr/lib64/libffi.so*" - # Attr - - /usr/bin/attr /usr/bin/getfattr /usr/bin/setfattr - # SELinux policy core utilities - - /usr/sbin/semanage /usr/bin/sestatus /usr/sbin/restorecon_xattr /usr/sbin/setfiles /usr/sbin/unsetfiles /usr/sbin/load_policy /usr/sbin/setsebool + - /usr/sbin/hwclock {{- end -}} {{ $virtLauncherDependencies := include "virt-launcher-dependencies" . | fromYaml }} @@ -271,13 +240,20 @@ import: includePaths: - node-labeller - vlctl +- image: {{ $.ImageName }}-cbuilder + add: /bins + to: /relocate/usr/bin + before: setup + includePaths: + - temp_pod shell: - install: + beforeInstall: - | apt-get update && apt-get install -y {{ $virtLauncherDependencies.libs | join " " }} {{ $virtLauncherDependencies.packages | join " " }} apt-get clean - + install: + - | echo "Create folder hierarchy in VBINS" mkdir -p /VBINS/{etc,root} mkdir -p /VBINS/var/{log/libvirt/qemu,log/swtpm/libvirt/qemu,lib/libvirt/qemu,run/libvirt/qemu} @@ -288,15 +264,25 @@ shell: echo "=====Copy qemu binaries to temp folder======" cp -a /qemu-bins/. /VBINS/ - LIST="$(find /VBINS/usr/bin/ -type f)" - LIST+=" $(find /VBINS/usr/sbin/ -type f)" - LIST+=" /usr/lib64/libbsd.so.0 /usr/lib64/libnbd.so.0 /usr/lib64/libfuse3.so.3" - LIST+=" /usr/lib64/libjson-c.so.5 /usr/lib64/libssh.so.4" - - ./relocate_binaries.sh -i "$LIST" -o /VBINS + echo "find and copy additional libs" + FILES=$(find /VBINS/usr/bin/ -type f) + FILES+=" $(find /VBINS/usr/sbin/ -type f)" + + LIBS="/usr/lib64/libbsd.so* /usr/lib64/libnbd.so* /usr/lib64/libfuse3.so*" + LIBS+=" /usr/lib64/libjson-c.so* /usr/lib64/libssh.so* /usr/lib64/libssh2.so*" + LIBS+=" /usr/lib64/libtpms.so* /usr/lib64/swtpm/libswtpm_libtpms.so*" + LIBS+=" /usr/lib64/libxml2.so* /usr/lib64/libgcc_s*" + + echo "Relocate additional libs for files in /VBINS" + ./relocate_binaries.sh -i "$FILES" -o /VBINS + + echo "Relocate additional libs to /VBINS" + ./relocate_binaries.sh -i "$LIBS" -o /VBINS cp -a /VBINS/. /relocate + echo "Show libs after relocation in /relocate/usr/lib64" + ls -la /relocate/usr/lib64 # Cleanup rm -rf /{VBINS,qemu-bins,libvirt-bins} @@ -310,7 +296,8 @@ shell: cp -a /etc/xattr.conf /relocate/etc # glibc-gconv-modules - cp -a /usr/lib64/gconv /relocate/usr/lib64 + # This package contains helper modules necessary to convert data between various charsets + cp -a /usr/lib64/gconv /relocate/usr/lib64/gconv echo "root:x:0:0:root:/root:/bin/bash" >> /relocate/etc/passwd echo "root:x:0:" >> /relocate/etc/group @@ -370,6 +357,9 @@ shell: ln -s ../local/lib64/$TARGET usr/lib64/$SYMLINK done <<< "$SYMLINC_LIST" + echo "List files in /relocate/usr/local/lib64" + ls -la usr/local/lib64 + - | cd /relocate @@ -426,3 +416,24 @@ shell: echo '== go build -ldflags="-s -w" -o /binaries/vlctl ./cmd/vlctl/main.go ==' go build -ldflags="-s -w" -o /binaries/vlctl ./cmd/vlctl/main.go echo "Done" +--- +image: {{ $.ImageName }}-cbuilder +final: false +from: {{ .Images.BASE_DEBIAN_BOOKWORM_SLIM }} +git: + - add: /images/{{ $.ImageName }}/static_binaries + to: / + stageDependencies: + install: + - '*.c' +shell: + beforeInstall: + - | + apt-get update && apt-get install --yes gcc musl-dev musl-tools + apt-get clean + install: + - | + echo "Building simple app that prints I'am temp pod" + mkdir -p /bins + musl-gcc -static -Os -o /bins/temp_pod temp_pod.c + strip /bins/temp_pod \ No newline at end of file diff --git a/images/virt-operator/werf.inc.yaml b/images/virt-operator/werf.inc.yaml index cb06351a33..9d1a1c15eb 100644 --- a/images/virt-operator/werf.inc.yaml +++ b/images/virt-operator/werf.inc.yaml @@ -6,7 +6,6 @@ import: add: /kubevirt-binaries/ to: /usr/bin includePaths: - - 'virtctl' - csv-generator - virt-operator before: setup