* [meta-virtualization][PATCH 1/2] cni: 1.7.0 to 1.7.1 (and plugins 0.8.2 to 0.8.5)
@ 2020-03-06 21:53 Mark Asselstine
2020-03-06 21:53 ` [meta-virtualization][PATCH 2/2] cni: prevent go from downloading stuff in the background Mark Asselstine
2020-03-06 21:54 ` [meta-virtualization][PATCH] cri-o: uprev from 1.15 to 1.17 Mark Asselstine
0 siblings, 2 replies; 4+ messages in thread
From: Mark Asselstine @ 2020-03-06 21:53 UTC (permalink / raw)
To: meta-virtualization, bruce.ashfield
Both uprev's are listed as 'minor' in the upstream release
notes. Neither introduces an uprev in spec. This fixes issues we
observed while testing the forthcoming cri-o uprev.
NOTE: this commit should only be used with the follow-on commit [cni:
prevent go from downloading stuff in the background] otherwise you
will end up with files not owned by you which will prevent the recipe
being properly cleaned.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
---
recipes-networking/cni/cni_git.bb | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/recipes-networking/cni/cni_git.bb b/recipes-networking/cni/cni_git.bb
index b8adf88..a81e6cc 100644
--- a/recipes-networking/cni/cni_git.bb
+++ b/recipes-networking/cni/cni_git.bb
@@ -9,8 +9,9 @@ Because of this focus, CNI has a wide range of support and the specification \
is simple to implement. \
"
-SRCREV_cni = "dc71cd2ba60c452c56a0a259f2a23d2afe42b688"
-SRCREV_plugins = "0eddc554c0747200b7b112ce5322dcfa525298cf"
+SRCREV_cni = "4cfb7b568922a3c79a23e438dc52fe537fc9687e"
+# Version 0.8.5
+SRCREV_plugins = "1f33fb729ae2b8900785f896df2dc1f6fe5e8239"
SRC_URI = "\
git://github.com/containernetworking/cni.git;nobranch=1;name=cni \
git://github.com/containernetworking/plugins.git;nobranch=1;destsuffix=plugins;name=plugins \
@@ -23,7 +24,7 @@ LIC_FILES_CHKSUM = "file://src/import/LICENSE;md5=fa818a259cbed7ce8bc2a22d35a464
GO_IMPORT = "import"
-PV = "0.7.0+git${SRCREV_cni}"
+PV = "0.7.1+git${SRCREV_cni}"
inherit go
inherit goarch
--
2.7.4
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [meta-virtualization][PATCH 2/2] cni: prevent go from downloading stuff in the background
2020-03-06 21:53 [meta-virtualization][PATCH 1/2] cni: 1.7.0 to 1.7.1 (and plugins 0.8.2 to 0.8.5) Mark Asselstine
@ 2020-03-06 21:53 ` Mark Asselstine
2020-03-06 21:54 ` [meta-virtualization][PATCH] cri-o: uprev from 1.15 to 1.17 Mark Asselstine
1 sibling, 0 replies; 4+ messages in thread
From: Mark Asselstine @ 2020-03-06 21:53 UTC (permalink / raw)
To: meta-virtualization, bruce.ashfield
While testing the cni uprev by building in a container with
network=none the following error was found:
go: github.com/Microsoft/go-winio@v0.4.11: Get
https://proxy.golang.org/github.com/%21microsoft/go-winio/@v/v0.4.11.mod:
dial tcp: lookup proxy.golang.org on 128.224.144.130:53:
dial udp 128.224.144.130:53: connect: network is unreachable
After some digging through the go documentation it was found that the
'-mod=vendor' is required for 'go build' to use shipped vendor modules
when building modules. This can be confirmed by look at the
'build_linux.sh' script which is found in the plugins repo.
By using '-mod=vendor' and also ensuring things are properly placed in
the GOPATH (ie $B) we can avoid having to create many of the links we
had been previously.
We also put all the build artifacts into $B to avoid mixing source and
build.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
---
recipes-networking/cni/cni_git.bb | 32 +++++++++-----------------------
1 file changed, 9 insertions(+), 23 deletions(-)
diff --git a/recipes-networking/cni/cni_git.bb b/recipes-networking/cni/cni_git.bb
index a81e6cc..3ad939b 100644
--- a/recipes-networking/cni/cni_git.bb
+++ b/recipes-networking/cni/cni_git.bb
@@ -14,7 +14,7 @@ SRCREV_cni = "4cfb7b568922a3c79a23e438dc52fe537fc9687e"
SRCREV_plugins = "1f33fb729ae2b8900785f896df2dc1f6fe5e8239"
SRC_URI = "\
git://github.com/containernetworking/cni.git;nobranch=1;name=cni \
- git://github.com/containernetworking/plugins.git;nobranch=1;destsuffix=plugins;name=plugins \
+ git://github.com/containernetworking/plugins.git;nobranch=1;destsuffix=${S}/src/github.com/containernetworking/plugins;name=plugins \
"
RPROVIDES_${PN} += "kubernetes-cni"
@@ -30,36 +30,22 @@ inherit go
inherit goarch
do_compile() {
- # link fixups for compilation
- rm -f ${S}/src/import/vendor/src
- mkdir -p ${S}/src/import/vendor/
- ln -sf ./ ${S}/src/import/vendor/src
- rm -rf ${S}/src/import/plugins
- rm -rf ${S}/src/import/vendor/github.com/containernetworking/plugins
+ mkdir -p ${S}/src/github.com/containernetworking
+ ln -sfr ${S}/src/import ${S}/src/github.com/containernetworking/cni
- mkdir -p ${S}/src/import/vendor/github.com/containernetworking/cni
-
- ln -sf ../../../../libcni ${S}/src/import/vendor/github.com/containernetworking/cni/libcni
- ln -sf ../../../../pkg ${S}/src/import/vendor/github.com/containernetworking/cni/pkg
- ln -sf ../../../../cnitool ${S}/src/import/vendor/github.com/containernetworking/cni/cnitool
- ln -sf ${WORKDIR}/plugins ${S}/src/import/vendor/github.com/containernetworking/plugins
-
- export GOPATH="${S}/src/import/.gopath:${S}/src/import/vendor:${STAGING_DIR_TARGET}/${prefix}/local/go"
- export CGO_ENABLED="1"
-
- cd ${S}/src/import/vendor/github.com/containernetworking/cni/libcni
+ cd ${B}/src/github.com/containernetworking/cni/libcni
${GO} build
- cd ${S}/src/import/vendor/github.com/containernetworking/cni/cnitool
+ cd ${B}/src/github.com/containernetworking/cni/cnitool
${GO} build
- cd ${S}/src/import/vendor/github.com/containernetworking/plugins/
+ cd ${B}/src/github.com/containernetworking/plugins
PLUGINS="$(ls -d plugins/meta/*; ls -d plugins/ipam/*; ls -d plugins/main/* | grep -v windows)"
- mkdir -p ${WORKDIR}/plugins/bin/
+ mkdir -p ${B}/plugins/bin/
for p in $PLUGINS; do
plugin="$(basename "$p")"
echo "building: $p"
- ${GO} build -o ${WORKDIR}/plugins/bin/$plugin github.com/containernetworking/plugins/$p
+ ${GO} build -mod=vendor -o ${B}/plugins/bin/$plugin github.com/containernetworking/plugins/$p
done
}
@@ -70,7 +56,7 @@ do_install() {
install -d ${D}/${sysconfdir}/cni/net.d
install -m 755 ${S}/src/import/cnitool/cnitool ${D}/${localbindir}
- install -m 755 -D ${WORKDIR}/plugins/bin/* ${D}/${localbindir}
+ install -m 755 -D ${B}/plugins/bin/* ${D}/${localbindir}
# Parts of k8s expect the cni binaries to be available in /opt/cni
install -d ${D}/opt/cni
--
2.7.4
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [meta-virtualization][PATCH] cri-o: uprev from 1.15 to 1.17
@ 2020-03-06 21:54 ` Mark Asselstine
2020-03-14 1:55 ` Bruce Ashfield
0 siblings, 1 reply; 4+ messages in thread
From: Mark Asselstine @ 2020-03-06 21:54 UTC (permalink / raw)
To: meta-virtualization, bruce.ashfield
Uprev to the latest release of cri-o to pick up some fixes and
CVEs. Makefile updates along with updates to the go.bbclass allow us
to remove most of the do_compile() tweaks that were in place. To test
that these removals are sane builds were done for x86_64 and arm64 in
docker containers with network=none, no issues were found.
Quite a few runtime tests were done as well since we are stepping up 2
releases, and we also just uprev'd 'cni' and wanted to validate its
runtime as well.
Once the system is started and cri-o is given time to start you can
use the new 'crio-status info' command to retrieve the runtime status
of cri-o:
root@qemux86-64:~# crio-status info
cgroup driver: cgroupfs
storage driver:
storage root: /var/lib/containers/storage
default GID mappings (format <container>:<host>:<size>):
0:0:4294967295
default UID mappings (format <container>:<host>:<size>):
0:0:4294967295
Additionally 'crictl' was installed (the recipe will be submitted
shortly) and the cri-o Tutorial found here was run
(https://github.com/cri-o/cri-o/blob/master/tutorials/crictl.md)
In order to run the tutorial /etc/cni/net.d/99-loopback.conf and
/etc/containers/policy.json were taken from
./contrib/cni/99-loopback.conf and ./contrib/policy.json in the cri-o
src repo. The sandbox_config.json and container_redis.json were taken
from https://github.com/cri-o/cri-o/blob/master/test/testdata (note:
using core-image-minimal with systemd enabled I had to remove
"cpu_period": 10000 and "cpu_quota": 20000 to get the tutorial to
work). We are not able to use the loopback networking to telnet to the
redis container, but we can use other techniques to validate that it
is running.
root@qemux86-64:~# /usr/lib/go/src/import/_output/crictl --runtime-endpoint unix:///var/run/crio/crio.sock ps
CONTAINER IMAGE CREATED STATE NAME ATTEMPT POD ID
72718714360ef quay.io/crio/redis:alpine 47 seconds ago Running podsandbox1-redis 0 38b97e5a7bb99
root@qemux86-64:~# /usr/lib/go/src/import/_output/crictl --runtime-endpoint unix:///var/run/crio/crio.sock exec -i 72718714360ef cat /etc/issue
Welcome to Alpine Linux 3.7
Kernel \r on an \m (\l)
The CRIO_BUILD_CROSS approach was no longer valid and was
dropped. There is most likely some other cleanup we can do but this
gets us to a good state on the latest release.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
---
recipes-containers/cri-o/cri-o_git.bb | 74 ++++++--------------------------
recipes-containers/cri-o/files/crio.conf | 7 ++-
2 files changed, 17 insertions(+), 64 deletions(-)
diff --git a/recipes-containers/cri-o/cri-o_git.bb b/recipes-containers/cri-o/cri-o_git.bb
index 4fee385..ebf5bab 100644
--- a/recipes-containers/cri-o/cri-o_git.bb
+++ b/recipes-containers/cri-o/cri-o_git.bb
@@ -14,9 +14,9 @@ At a high level, we expect the scope of cri-o to be restricted to the following
- Resource isolation as required by the CRI \
"
-SRCREV_cri-o = "f61719a88b7de10a88c50e35640f4a7f1f53fbab"
+SRCREV_cri-o = "6d0ffae63b9b7d8f07e7f9cf50736a67fb31faf3"
SRC_URI = "\
- git://github.com/kubernetes-sigs/cri-o.git;branch=release-1.15;name=cri-o \
+ git://github.com/kubernetes-sigs/cri-o.git;branch=release-1.17;name=cri-o \
file://0001-Makefile-force-symlinks.patch \
file://crio.conf \
"
@@ -27,7 +27,7 @@ LIC_FILES_CHKSUM = "file://src/import/LICENSE;md5=e3fc50a88d0a364313df4b21ef20c2
GO_IMPORT = "import"
-PV = "1.15.0+git${SRCREV_cri-o}"
+PV = "1.17.0+git${SRCREV_cri-o}"
DEPENDS = " \
glib-2.0 \
@@ -62,7 +62,7 @@ python __anonymous() {
PACKAGES =+ "${PN}-config"
RDEPENDS_${PN} += " virtual/containerd virtual/runc"
-RDEPENDS_${PN} += " e2fsprogs-mke2fs"
+RDEPENDS_${PN} += " e2fsprogs-mke2fs conmon util-linux iptables conntrack-tools"
inherit systemd
inherit go
@@ -70,63 +70,14 @@ inherit goarch
inherit pkgconfig
EXTRA_OEMAKE="BUILDTAGS=''"
-CRIO_BUILD_CROSS ?= "1"
do_compile() {
set +e
- export GOPATH="${S}/src/import:${S}/src/import/vendor"
-
- # link fixups for compilation
- rm -f ${S}/src/import/vendor/src
- ln -sf ./ ${S}/src/import/vendor/src
-
- mkdir -p ${S}/src/import/vendor/github.com/kubernetes-sigs/cri-o
- ln -sf ../../../../cmd ${S}/src/import/vendor/github.com/kubernetes-sigs/cri-o/cmd
- ln -sf ../../../../test ${S}/src/import/vendor/github.com/kubernetes-sigs/cri-o/test
- ln -sf ../../../../oci ${S}/src/import/vendor/github.com/kubernetes-sigs/cri-o/oci
- ln -sf ../../../../server ${S}/src/import/vendor/github.com/kubernetes-sigs/cri-o/server
- ln -sf ../../../../pkg ${S}/src/import/vendor/github.com/kubernetes-sigs/cri-o/pkg
- ln -sf ../../../../libpod ${S}/src/import/vendor/github.com/kubernetes-sigs/cri-o/libpod
- ln -sf ../../../../libkpod ${S}/src/import/vendor/github.com/kubernetes-sigs/cri-o/libkpod
- ln -sf ../../../../utils ${S}/src/import/vendor/github.com/kubernetes-sigs/cri-o/utils
- ln -sf ../../../../types ${S}/src/import/vendor/github.com/kubernetes-sigs/cri-o/types
- ln -sf ../../../../version ${S}/src/import/vendor/github.com/kubernetes-sigs/cri-o/version
- ln -sf ../../../../lib ${S}/src/import/vendor/github.com/kubernetes-sigs/cri-o/lib
-
-
- rm -f ${S}/src/import/src
- ln -sf ./ ${S}/src/import/src
- mkdir -p ${S}/src/import/src/github.com/cri-o/cri-o/cmd
- ln -sf ../../../../cmd/crio-config ${S}/src/import/src/github.com/cri-o/cri-o/cmd
- ln -sf ../../../lib ${S}/src/import/src/github.com/cri-o/cri-o/lib
- ln -sf ../../../oci ${S}/src/import/src/github.com/cri-o/cri-o/oci
- ln -sf ../../../pkg ${S}/src/import/src/github.com/cri-o/cri-o/pkg
- ln -sf ../../../utils ${S}/src/import/src/github.com/cri-o/cri-o/utils
- ln -sf ../../../version ${S}/src/import/src/github.com/cri-o/cri-o/version
- ln -sf ../../../server ${S}/src/import/src/github.com/cri-o/cri-o/server
- ln -sf ../../../types ${S}/src/import/src/github.com/cri-o/cri-o/types
-
- # fixes the bin/crio build of oe_runmake binaries below
- ln -sf ../../../../cmd/crio ${S}/src/import/src/github.com/cri-o/cri-o/cmd/
-
- # workaround `use of vendored package not allowed' failure
- mv ${S}/src/import/vendor/golang.org ${S}/src/import/
cd ${S}/src/import
- if [ "${CRIO_BUILD_CROSS}" = "1" ]; then
- # New: using the -cross target. But this doesn't build conmon and pause. So
- # keeping the old parts around if someone yells.
- oe_runmake local-cross
- else
- # Build conmon/config.h, requires native versions of
- # cmd/crio-config/config.go and oci/oci.go
- (CGO_ENABLED=0 GO=go GOARCH=${BUILD_GOARCH} GOOS=${BUILD_GOOS} oe_runmake conmon/config.h)
- rm -f bin/crio-config
- rm -rf vendor/pkg
-
- oe_runmake binaries
- fi
+ oe_runmake local-cross
+ oe_runmake binaries
}
SYSTEMD_PACKAGES = "${@bb.utils.contains('DISTRO_FEATURES','systemd','${PN}','',d)}"
@@ -141,6 +92,7 @@ do_install() {
install -d ${D}/${libexecdir}/crio
install -d ${D}/${sysconfdir}/crio
install -d ${D}${systemd_unitdir}/system/
+ install -d ${D}/usr/share/containers/oci/hooks.d
install ${WORKDIR}/crio.conf ${D}/${sysconfdir}/crio/crio.conf
@@ -149,19 +101,21 @@ do_install() {
install -m 755 -D ${S}/src/import/test/testdata/* ${D}/${sysconfdir}/crio/config/
install ${S}/src/import/bin/crio.cross.linux* ${D}/${localbindir}/crio
-
- if [ "${CRIO_BUILD_CROSS}" = "1" ]; then
- install ${S}/src/import/bin/conmon ${D}/${localbindir}/crio
- install ${S}/src/import/bin/pause ${D}/${localbindir}/crio
- fi
+ install ${S}/src/import/bin/crio-status ${D}/${localbindir}/
+ install ${S}/src/import/bin/pinns ${D}/${localbindir}/
install -m 0644 ${S}/src/import/contrib/systemd/crio.service ${D}${systemd_unitdir}/system/
install -m 0644 ${S}/src/import/contrib/systemd/crio-shutdown.service ${D}${systemd_unitdir}/system/
+ install -m 0644 ${S}/src/import/contrib/systemd/crio-wipe.service ${D}${systemd_unitdir}/system/
}
FILES_${PN}-config = "${sysconfdir}/crio/config/*"
FILES_${PN} += "${systemd_unitdir}/system/*"
FILES_${PN} += "/usr/local/bin/*"
+FILES_${PN} += "/usr/share/containers/oci/hooks.d"
+
+# don't clobber hooks.d
+ALLOW_EMPTY_${PN} = "1"
INSANE_SKIP_${PN} += "ldflags already-stripped"
diff --git a/recipes-containers/cri-o/files/crio.conf b/recipes-containers/cri-o/files/crio.conf
index 9135df0..899d255 100644
--- a/recipes-containers/cri-o/files/crio.conf
+++ b/recipes-containers/cri-o/files/crio.conf
@@ -24,7 +24,7 @@ storage_option = [
[crio.api]
# listen is the path to the AF_LOCAL socket on which crio will listen.
-listen = "/var/run/crio.sock"
+listen = "/var/run/crio/crio.sock"
# stream_address is the IP address on which the stream server will listen
stream_address = ""
@@ -69,7 +69,7 @@ runtime_untrusted_workload = ""
default_workload_trust = "trusted"
# conmon is the path to conmon binary, used for managing the runtime.
-conmon = "/usr/libexec/crio/conmon"
+conmon = "/usr/bin/conmon"
# conmon_env is the environment variable list for conmon process,
# used for passing necessary environment variable to conmon or runtime.
@@ -132,8 +132,7 @@ insecure_registries = [
# registries is used to specify a comma separated list of registries to be used
# when pulling an unqualified image (e.g. fedora:rawhide).
-registries = [
-]
+registries = ['docker.io', 'registry.fedoraproject.org', 'registry.access.redhat.com']
# The "crio.network" table contains settings pertaining to the
# management of CNI plugins.
--
2.7.4
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [meta-virtualization][PATCH] cri-o: uprev from 1.15 to 1.17
2020-03-06 21:54 ` [meta-virtualization][PATCH] cri-o: uprev from 1.15 to 1.17 Mark Asselstine
@ 2020-03-14 1:55 ` Bruce Ashfield
0 siblings, 0 replies; 4+ messages in thread
From: Bruce Ashfield @ 2020-03-14 1:55 UTC (permalink / raw)
To: Mark Asselstine; +Cc: meta-virtualization
merged.
Bruce
In message: [meta-virtualization][PATCH] cri-o: uprev from 1.15 to 1.17
on 06/03/2020 Mark Asselstine wrote:
> Uprev to the latest release of cri-o to pick up some fixes and
> CVEs. Makefile updates along with updates to the go.bbclass allow us
> to remove most of the do_compile() tweaks that were in place. To test
> that these removals are sane builds were done for x86_64 and arm64 in
> docker containers with network=none, no issues were found.
>
> Quite a few runtime tests were done as well since we are stepping up 2
> releases, and we also just uprev'd 'cni' and wanted to validate its
> runtime as well.
>
> Once the system is started and cri-o is given time to start you can
> use the new 'crio-status info' command to retrieve the runtime status
> of cri-o:
>
> root@qemux86-64:~# crio-status info
> cgroup driver: cgroupfs
> storage driver:
> storage root: /var/lib/containers/storage
> default GID mappings (format <container>:<host>:<size>):
> 0:0:4294967295
> default UID mappings (format <container>:<host>:<size>):
> 0:0:4294967295
>
> Additionally 'crictl' was installed (the recipe will be submitted
> shortly) and the cri-o Tutorial found here was run
> (https://github.com/cri-o/cri-o/blob/master/tutorials/crictl.md)
>
> In order to run the tutorial /etc/cni/net.d/99-loopback.conf and
> /etc/containers/policy.json were taken from
> ./contrib/cni/99-loopback.conf and ./contrib/policy.json in the cri-o
> src repo. The sandbox_config.json and container_redis.json were taken
> from https://github.com/cri-o/cri-o/blob/master/test/testdata (note:
> using core-image-minimal with systemd enabled I had to remove
> "cpu_period": 10000 and "cpu_quota": 20000 to get the tutorial to
> work). We are not able to use the loopback networking to telnet to the
> redis container, but we can use other techniques to validate that it
> is running.
>
> root@qemux86-64:~# /usr/lib/go/src/import/_output/crictl --runtime-endpoint unix:///var/run/crio/crio.sock ps
> CONTAINER IMAGE CREATED STATE NAME ATTEMPT POD ID
> 72718714360ef quay.io/crio/redis:alpine 47 seconds ago Running podsandbox1-redis 0 38b97e5a7bb99
> root@qemux86-64:~# /usr/lib/go/src/import/_output/crictl --runtime-endpoint unix:///var/run/crio/crio.sock exec -i 72718714360ef cat /etc/issue
> Welcome to Alpine Linux 3.7
> Kernel \r on an \m (\l)
>
> The CRIO_BUILD_CROSS approach was no longer valid and was
> dropped. There is most likely some other cleanup we can do but this
> gets us to a good state on the latest release.
>
> Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
> ---
> recipes-containers/cri-o/cri-o_git.bb | 74 ++++++--------------------------
> recipes-containers/cri-o/files/crio.conf | 7 ++-
> 2 files changed, 17 insertions(+), 64 deletions(-)
>
> diff --git a/recipes-containers/cri-o/cri-o_git.bb b/recipes-containers/cri-o/cri-o_git.bb
> index 4fee385..ebf5bab 100644
> --- a/recipes-containers/cri-o/cri-o_git.bb
> +++ b/recipes-containers/cri-o/cri-o_git.bb
> @@ -14,9 +14,9 @@ At a high level, we expect the scope of cri-o to be restricted to the following
> - Resource isolation as required by the CRI \
> "
>
> -SRCREV_cri-o = "f61719a88b7de10a88c50e35640f4a7f1f53fbab"
> +SRCREV_cri-o = "6d0ffae63b9b7d8f07e7f9cf50736a67fb31faf3"
> SRC_URI = "\
> - git://github.com/kubernetes-sigs/cri-o.git;branch=release-1.15;name=cri-o \
> + git://github.com/kubernetes-sigs/cri-o.git;branch=release-1.17;name=cri-o \
> file://0001-Makefile-force-symlinks.patch \
> file://crio.conf \
> "
> @@ -27,7 +27,7 @@ LIC_FILES_CHKSUM = "file://src/import/LICENSE;md5=e3fc50a88d0a364313df4b21ef20c2
>
> GO_IMPORT = "import"
>
> -PV = "1.15.0+git${SRCREV_cri-o}"
> +PV = "1.17.0+git${SRCREV_cri-o}"
>
> DEPENDS = " \
> glib-2.0 \
> @@ -62,7 +62,7 @@ python __anonymous() {
> PACKAGES =+ "${PN}-config"
>
> RDEPENDS_${PN} += " virtual/containerd virtual/runc"
> -RDEPENDS_${PN} += " e2fsprogs-mke2fs"
> +RDEPENDS_${PN} += " e2fsprogs-mke2fs conmon util-linux iptables conntrack-tools"
>
> inherit systemd
> inherit go
> @@ -70,63 +70,14 @@ inherit goarch
> inherit pkgconfig
>
> EXTRA_OEMAKE="BUILDTAGS=''"
> -CRIO_BUILD_CROSS ?= "1"
>
> do_compile() {
> set +e
> - export GOPATH="${S}/src/import:${S}/src/import/vendor"
> -
> - # link fixups for compilation
> - rm -f ${S}/src/import/vendor/src
> - ln -sf ./ ${S}/src/import/vendor/src
> -
> - mkdir -p ${S}/src/import/vendor/github.com/kubernetes-sigs/cri-o
> - ln -sf ../../../../cmd ${S}/src/import/vendor/github.com/kubernetes-sigs/cri-o/cmd
> - ln -sf ../../../../test ${S}/src/import/vendor/github.com/kubernetes-sigs/cri-o/test
> - ln -sf ../../../../oci ${S}/src/import/vendor/github.com/kubernetes-sigs/cri-o/oci
> - ln -sf ../../../../server ${S}/src/import/vendor/github.com/kubernetes-sigs/cri-o/server
> - ln -sf ../../../../pkg ${S}/src/import/vendor/github.com/kubernetes-sigs/cri-o/pkg
> - ln -sf ../../../../libpod ${S}/src/import/vendor/github.com/kubernetes-sigs/cri-o/libpod
> - ln -sf ../../../../libkpod ${S}/src/import/vendor/github.com/kubernetes-sigs/cri-o/libkpod
> - ln -sf ../../../../utils ${S}/src/import/vendor/github.com/kubernetes-sigs/cri-o/utils
> - ln -sf ../../../../types ${S}/src/import/vendor/github.com/kubernetes-sigs/cri-o/types
> - ln -sf ../../../../version ${S}/src/import/vendor/github.com/kubernetes-sigs/cri-o/version
> - ln -sf ../../../../lib ${S}/src/import/vendor/github.com/kubernetes-sigs/cri-o/lib
> -
> -
> - rm -f ${S}/src/import/src
> - ln -sf ./ ${S}/src/import/src
> - mkdir -p ${S}/src/import/src/github.com/cri-o/cri-o/cmd
> - ln -sf ../../../../cmd/crio-config ${S}/src/import/src/github.com/cri-o/cri-o/cmd
> - ln -sf ../../../lib ${S}/src/import/src/github.com/cri-o/cri-o/lib
> - ln -sf ../../../oci ${S}/src/import/src/github.com/cri-o/cri-o/oci
> - ln -sf ../../../pkg ${S}/src/import/src/github.com/cri-o/cri-o/pkg
> - ln -sf ../../../utils ${S}/src/import/src/github.com/cri-o/cri-o/utils
> - ln -sf ../../../version ${S}/src/import/src/github.com/cri-o/cri-o/version
> - ln -sf ../../../server ${S}/src/import/src/github.com/cri-o/cri-o/server
> - ln -sf ../../../types ${S}/src/import/src/github.com/cri-o/cri-o/types
> -
> - # fixes the bin/crio build of oe_runmake binaries below
> - ln -sf ../../../../cmd/crio ${S}/src/import/src/github.com/cri-o/cri-o/cmd/
> -
> - # workaround `use of vendored package not allowed' failure
> - mv ${S}/src/import/vendor/golang.org ${S}/src/import/
>
> cd ${S}/src/import
>
> - if [ "${CRIO_BUILD_CROSS}" = "1" ]; then
> - # New: using the -cross target. But this doesn't build conmon and pause. So
> - # keeping the old parts around if someone yells.
> - oe_runmake local-cross
> - else
> - # Build conmon/config.h, requires native versions of
> - # cmd/crio-config/config.go and oci/oci.go
> - (CGO_ENABLED=0 GO=go GOARCH=${BUILD_GOARCH} GOOS=${BUILD_GOOS} oe_runmake conmon/config.h)
> - rm -f bin/crio-config
> - rm -rf vendor/pkg
> -
> - oe_runmake binaries
> - fi
> + oe_runmake local-cross
> + oe_runmake binaries
> }
>
> SYSTEMD_PACKAGES = "${@bb.utils.contains('DISTRO_FEATURES','systemd','${PN}','',d)}"
> @@ -141,6 +92,7 @@ do_install() {
> install -d ${D}/${libexecdir}/crio
> install -d ${D}/${sysconfdir}/crio
> install -d ${D}${systemd_unitdir}/system/
> + install -d ${D}/usr/share/containers/oci/hooks.d
>
> install ${WORKDIR}/crio.conf ${D}/${sysconfdir}/crio/crio.conf
>
> @@ -149,19 +101,21 @@ do_install() {
> install -m 755 -D ${S}/src/import/test/testdata/* ${D}/${sysconfdir}/crio/config/
>
> install ${S}/src/import/bin/crio.cross.linux* ${D}/${localbindir}/crio
> -
> - if [ "${CRIO_BUILD_CROSS}" = "1" ]; then
> - install ${S}/src/import/bin/conmon ${D}/${localbindir}/crio
> - install ${S}/src/import/bin/pause ${D}/${localbindir}/crio
> - fi
> + install ${S}/src/import/bin/crio-status ${D}/${localbindir}/
> + install ${S}/src/import/bin/pinns ${D}/${localbindir}/
>
> install -m 0644 ${S}/src/import/contrib/systemd/crio.service ${D}${systemd_unitdir}/system/
> install -m 0644 ${S}/src/import/contrib/systemd/crio-shutdown.service ${D}${systemd_unitdir}/system/
> + install -m 0644 ${S}/src/import/contrib/systemd/crio-wipe.service ${D}${systemd_unitdir}/system/
> }
>
> FILES_${PN}-config = "${sysconfdir}/crio/config/*"
> FILES_${PN} += "${systemd_unitdir}/system/*"
> FILES_${PN} += "/usr/local/bin/*"
> +FILES_${PN} += "/usr/share/containers/oci/hooks.d"
> +
> +# don't clobber hooks.d
> +ALLOW_EMPTY_${PN} = "1"
>
> INSANE_SKIP_${PN} += "ldflags already-stripped"
>
> diff --git a/recipes-containers/cri-o/files/crio.conf b/recipes-containers/cri-o/files/crio.conf
> index 9135df0..899d255 100644
> --- a/recipes-containers/cri-o/files/crio.conf
> +++ b/recipes-containers/cri-o/files/crio.conf
> @@ -24,7 +24,7 @@ storage_option = [
> [crio.api]
>
> # listen is the path to the AF_LOCAL socket on which crio will listen.
> -listen = "/var/run/crio.sock"
> +listen = "/var/run/crio/crio.sock"
>
> # stream_address is the IP address on which the stream server will listen
> stream_address = ""
> @@ -69,7 +69,7 @@ runtime_untrusted_workload = ""
> default_workload_trust = "trusted"
>
> # conmon is the path to conmon binary, used for managing the runtime.
> -conmon = "/usr/libexec/crio/conmon"
> +conmon = "/usr/bin/conmon"
>
> # conmon_env is the environment variable list for conmon process,
> # used for passing necessary environment variable to conmon or runtime.
> @@ -132,8 +132,7 @@ insecure_registries = [
>
> # registries is used to specify a comma separated list of registries to be used
> # when pulling an unqualified image (e.g. fedora:rawhide).
> -registries = [
> -]
> +registries = ['docker.io', 'registry.fedoraproject.org', 'registry.access.redhat.com']
>
> # The "crio.network" table contains settings pertaining to the
> # management of CNI plugins.
> --
> 2.7.4
>
In message: [meta-virtualization][PATCH 1/2] cni: 1.7.0 to 1.7.1 (and plugins 0.8.2 to 0.8.5)
on 06/03/2020 Mark Asselstine wrote:
> Both uprev's are listed as 'minor' in the upstream release
> notes. Neither introduces an uprev in spec. This fixes issues we
> observed while testing the forthcoming cri-o uprev.
>
> NOTE: this commit should only be used with the follow-on commit [cni:
> prevent go from downloading stuff in the background] otherwise you
> will end up with files not owned by you which will prevent the recipe
> being properly cleaned.
>
> Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
> ---
> recipes-networking/cni/cni_git.bb | 7 ++++---
> 1 file changed, 4 insertions(+), 3 deletions(-)
>
> diff --git a/recipes-networking/cni/cni_git.bb b/recipes-networking/cni/cni_git.bb
> index b8adf88..a81e6cc 100644
> --- a/recipes-networking/cni/cni_git.bb
> +++ b/recipes-networking/cni/cni_git.bb
> @@ -9,8 +9,9 @@ Because of this focus, CNI has a wide range of support and the specification \
> is simple to implement. \
> "
>
> -SRCREV_cni = "dc71cd2ba60c452c56a0a259f2a23d2afe42b688"
> -SRCREV_plugins = "0eddc554c0747200b7b112ce5322dcfa525298cf"
> +SRCREV_cni = "4cfb7b568922a3c79a23e438dc52fe537fc9687e"
> +# Version 0.8.5
> +SRCREV_plugins = "1f33fb729ae2b8900785f896df2dc1f6fe5e8239"
> SRC_URI = "\
> git://github.com/containernetworking/cni.git;nobranch=1;name=cni \
> git://github.com/containernetworking/plugins.git;nobranch=1;destsuffix=plugins;name=plugins \
> @@ -23,7 +24,7 @@ LIC_FILES_CHKSUM = "file://src/import/LICENSE;md5=fa818a259cbed7ce8bc2a22d35a464
>
> GO_IMPORT = "import"
>
> -PV = "0.7.0+git${SRCREV_cni}"
> +PV = "0.7.1+git${SRCREV_cni}"
>
> inherit go
> inherit goarch
> --
> 2.7.4
>
In message: [meta-virtualization][PATCH 2/2] cni: prevent go from downloading stuff in the background
on 06/03/2020 Mark Asselstine wrote:
> While testing the cni uprev by building in a container with
> network=none the following error was found:
>
> go: github.com/Microsoft/go-winio@v0.4.11: Get
> https://proxy.golang.org/github.com/%21microsoft/go-winio/@v/v0.4.11.mod:
> dial tcp: lookup proxy.golang.org on 128.224.144.130:53:
> dial udp 128.224.144.130:53: connect: network is unreachable
>
> After some digging through the go documentation it was found that the
> '-mod=vendor' is required for 'go build' to use shipped vendor modules
> when building modules. This can be confirmed by look at the
> 'build_linux.sh' script which is found in the plugins repo.
>
> By using '-mod=vendor' and also ensuring things are properly placed in
> the GOPATH (ie $B) we can avoid having to create many of the links we
> had been previously.
>
> We also put all the build artifacts into $B to avoid mixing source and
> build.
>
> Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
> ---
> recipes-networking/cni/cni_git.bb | 32 +++++++++-----------------------
> 1 file changed, 9 insertions(+), 23 deletions(-)
>
> diff --git a/recipes-networking/cni/cni_git.bb b/recipes-networking/cni/cni_git.bb
> index a81e6cc..3ad939b 100644
> --- a/recipes-networking/cni/cni_git.bb
> +++ b/recipes-networking/cni/cni_git.bb
> @@ -14,7 +14,7 @@ SRCREV_cni = "4cfb7b568922a3c79a23e438dc52fe537fc9687e"
> SRCREV_plugins = "1f33fb729ae2b8900785f896df2dc1f6fe5e8239"
> SRC_URI = "\
> git://github.com/containernetworking/cni.git;nobranch=1;name=cni \
> - git://github.com/containernetworking/plugins.git;nobranch=1;destsuffix=plugins;name=plugins \
> + git://github.com/containernetworking/plugins.git;nobranch=1;destsuffix=${S}/src/github.com/containernetworking/plugins;name=plugins \
> "
>
> RPROVIDES_${PN} += "kubernetes-cni"
> @@ -30,36 +30,22 @@ inherit go
> inherit goarch
>
> do_compile() {
> - # link fixups for compilation
> - rm -f ${S}/src/import/vendor/src
> - mkdir -p ${S}/src/import/vendor/
> - ln -sf ./ ${S}/src/import/vendor/src
> - rm -rf ${S}/src/import/plugins
> - rm -rf ${S}/src/import/vendor/github.com/containernetworking/plugins
> + mkdir -p ${S}/src/github.com/containernetworking
> + ln -sfr ${S}/src/import ${S}/src/github.com/containernetworking/cni
>
> - mkdir -p ${S}/src/import/vendor/github.com/containernetworking/cni
> -
> - ln -sf ../../../../libcni ${S}/src/import/vendor/github.com/containernetworking/cni/libcni
> - ln -sf ../../../../pkg ${S}/src/import/vendor/github.com/containernetworking/cni/pkg
> - ln -sf ../../../../cnitool ${S}/src/import/vendor/github.com/containernetworking/cni/cnitool
> - ln -sf ${WORKDIR}/plugins ${S}/src/import/vendor/github.com/containernetworking/plugins
> -
> - export GOPATH="${S}/src/import/.gopath:${S}/src/import/vendor:${STAGING_DIR_TARGET}/${prefix}/local/go"
> - export CGO_ENABLED="1"
> -
> - cd ${S}/src/import/vendor/github.com/containernetworking/cni/libcni
> + cd ${B}/src/github.com/containernetworking/cni/libcni
> ${GO} build
>
> - cd ${S}/src/import/vendor/github.com/containernetworking/cni/cnitool
> + cd ${B}/src/github.com/containernetworking/cni/cnitool
> ${GO} build
>
> - cd ${S}/src/import/vendor/github.com/containernetworking/plugins/
> + cd ${B}/src/github.com/containernetworking/plugins
> PLUGINS="$(ls -d plugins/meta/*; ls -d plugins/ipam/*; ls -d plugins/main/* | grep -v windows)"
> - mkdir -p ${WORKDIR}/plugins/bin/
> + mkdir -p ${B}/plugins/bin/
> for p in $PLUGINS; do
> plugin="$(basename "$p")"
> echo "building: $p"
> - ${GO} build -o ${WORKDIR}/plugins/bin/$plugin github.com/containernetworking/plugins/$p
> + ${GO} build -mod=vendor -o ${B}/plugins/bin/$plugin github.com/containernetworking/plugins/$p
> done
> }
>
> @@ -70,7 +56,7 @@ do_install() {
> install -d ${D}/${sysconfdir}/cni/net.d
>
> install -m 755 ${S}/src/import/cnitool/cnitool ${D}/${localbindir}
> - install -m 755 -D ${WORKDIR}/plugins/bin/* ${D}/${localbindir}
> + install -m 755 -D ${B}/plugins/bin/* ${D}/${localbindir}
>
> # Parts of k8s expect the cni binaries to be available in /opt/cni
> install -d ${D}/opt/cni
> --
> 2.7.4
>
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2020-03-14 1:55 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-03-06 21:53 [meta-virtualization][PATCH 1/2] cni: 1.7.0 to 1.7.1 (and plugins 0.8.2 to 0.8.5) Mark Asselstine
2020-03-06 21:53 ` [meta-virtualization][PATCH 2/2] cni: prevent go from downloading stuff in the background Mark Asselstine
2020-03-06 21:54 ` [meta-virtualization][PATCH] cri-o: uprev from 1.15 to 1.17 Mark Asselstine
2020-03-14 1:55 ` Bruce Ashfield
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.