Since af6363374cbd ("cgroup: make CONFIG_CGROUP_NET_PRIO bool and drop unnecessary init_netclassid_cgroup()"),
CONFIG_CGROUP_NET_PRIO has become a bool option. Forcedly setting it to "m"
would end up with "n". Change it to "y" here.
Signed-off-by: He Zhe <zhe.he@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
1. set the cross compile sysroot to find the rocksdb library
2. correct the install path for library in Distutils.cmake
Signed-off-by: Dengke Du <dengke.du@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
1. Add a hook support script for libvirt
Add daemon, qemu, lxc and network script when the correspond to
libvirt daemon, qemu guest, lxc guest and network started or stoped,
based on:
https://libvirt.org/hooks.html
2. Add a qemu user and a qemu group and a kvm group
Signed-off-by: Dengke Du <dengke.du@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Generally, our host gcc version below 8.0, but cross toolchain in yocto
above 8.0, now 8.3, the option "macro-prefix-map" coming from 8.0, so if
the host gcc below 8.0, it can't unrecognized the option "macro-prefix-map".
In criu source code, the HOSTCFLAGS coming from CFLAGS:
https://github.com/checkpoint-restore/criu/blob/criu-dev/Makefile#L17
In yocto project, the CFLAGS coming from the cross toolchain, containing
the "-fmacro-prefix-map" default, so we should use the BUILD_CFLAGS, it
contains the flags that used for host building.
Signed-off-by: Dengke Du <dengke.du@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
container-base is a sample/reference image type that uses the
newly integrated image-oci image type to directly create OCI
compatible images from a build.
This image type can be inherited and extended to implement more
complex container types, with modified image configurations.
It is inspired by / based off the samples in the presentation
done by Scott Murray (Building Container Images with
OpenEmbedded and the Yocto Project) at ELCe 2018.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
This image class creates an oci image spec directory from a generated
rootfs. The contents of the rootfs do not matter (i.e. they need not be
container optimized), but by using the container image type and small
footprint images, we can create directly executable container images.
Once the tarball (or oci image directory) has been created of the OCI
image, it can be manipulated by standard tools. For example, to create a
runtime bundle from the oci image, the following can be done:
Assuming the image name is "container-base":
If the oci image was a tarball, extract it (skip, if a directory is being directly used)
% tar xvf container-base-<arch>-<stamp>.rootfs-oci-latest-x86_64-linux.oci-image.tar
And then create the bundle:
% oci-image-tool create --ref name=latest container-base-<arch>-<stamp>.rootfs-oci container-base-oci-bundle
Or to copy (push) the oci image to a docker registry, skopeo can be used (vary the
tag based on the created oci image:
% skopeo copy --dest-creds <username>:<password> oci:container-base-<arch>-<stamp>:latest docker://zeddii/container-base
The following image variables are available to customize the details
of the constructed image (defaults as shown):
OCI_IMAGE_AUTHOR ?= "${PATCH_GIT_USER_NAME}"
OCI_IMAGE_AUTHOR_EMAIL ?= "${PATCH_GIT_USER_EMAIL}"
OCI_IMAGE_TAG ?= "latest"
OCI_IMAGE_RUNTIME_UID ?= ""
OCI_IMAGE_ARCH ?= "${TARGET_ARCH}"
OCI_IMAGE_SUBARCH ?= "${@oci_map_subarch(d.getVar('TARGET_ARCH'), d.getVar('TUNE_FEATURES'), d)}"
OCI_IMAGE_ENTRYPOINT ?= "sh"
OCI_IMAGE_ENTRYPOINT_ARGS ?= ""
OCI_IMAGE_WORKINGDIR ?= ""
//List of ports to expose from a container running this image:
//PORT[/PROT]
// format: <port>/tcp, <port>/udp, or <port> (same as <port>/tcp).
OICI_IMAGE_PORTS ?= ""
// key=value list of labels
OCI_IMAGE_LABELS ?= ""
// key=value list of environment variables
OCI_IMAGE_ENV_VARS ?= ""
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
There are multiple different tools/techniques to generate OCI images.
Many of these techniques are part of more complex workflows, or have
many options that are needed as part of a larger system or are needed
to provide flexibility in the tooling (i.e. they construct the
container as well as build the OCI image, or they can push directly
to a registry, etc).
What we want within the build context of bitbake/oe is to not
duplicate work that is done by bitbake, the other image bbclasses
or the runtime part of the ecosystem. This means only the construction
of an image-spec v1.x image without dependencies on build, or execution
of the container within a tool. We'd also like the tool to not pull
in multiple, unused dependencies that must be built native/native-sdk,
etc, to support the simple use case.
The requirements above exclude (for now) tools such as skopeo, umoci,
buildah, img, orca-build, kaniko, scratchbuild, etc. Leading us to
a from-scratch implementation .. or enter sloci-image.
sloci-image is a simple CLI for packing a rootfs into a single layer
OCI image. It can easily be extended, or ported to other language
implementations in the future. But it brings nearly no native
dependencies and is a pure/clean implementation of the image spec
that integrates nicely in an oe/bitbake environment.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Adds patch to fix detection of the "no-pie" vs "nopie" flag, which needs
to be performed for both the host and target compilers; cannot assume
that one works for the other.
Use EXTRA_HOST_CFLAGS and EXTRA_HOST_LDFLAGS variables for passing
the host tool build parameters: BUILD_CFLAGS and BUILD_LDFLAGS.
Drop unneeded 'NO_WERROR=1' from the recipe and rewrap line.
Uprev commit to latest git revision.
Signed-off-by: Christopher Clark <christopher.clark6@baesystems.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
This module is part of the perl package now and is shipped by default.
Signed-off-by: Oleksandr Kravchuk <oleksandr.kravchuk@pelagicore.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Use git hash which addresses CVE-2019-5736. Use the same git hash
used in top of Docker 18.09 branch.
Changes in runc since
6635b4f0 merge branch 'cve-2019-5736'
0a8e4117 nsenter: clone /proc/self/exe to avoid exposing host binary to container
dd023c45 merge branch 'pr-1972'
Fixes: CVE-2019-5736
Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
When enable ccache for ceph, error occurs:
-----------------------------------------------------
ccache: invalid option -- 'E'
...
Unable to determine C++ standard library, got .
-----------------------------------------------------
This is because variable "CXX_STDLIB" was null in CMakeLists.txt line: 637,
The "CXX_STDLIB" come from:
-----------------------------------------------------
execute_process(
COMMAND ./librarytest.sh ${CMAKE_CXX_COMPILER} ${CMAKE_CXX_FLAGS}
WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}
OUTPUT_VARIABLE CXX_STDLIB
)
-----------------------------------------------------
The script librarytest.sh in ceph accept argument: compile and flags, but when
enable ccache, the compile replace by ccache, so that script failed.
So we disable ccache for ceph now.
Signed-off-by: Dengke Du <dengke.du@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
The only thing which docker uses /etc/docker for is a TLS key for
connecting with other TLS-enabled services. Make /etc/docker a symlink
to the existing docker volatiles directory so that we can use docker on
a read-only rootfs.
Signed-off-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
refreshing the containerd support to 1.2.x. We have to tweak the package
linking and update the go compile patch, but otherwise, the build is
unchanged.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
"libxl" package does not exist, use Xen.
Signed-off-by: Chris Patterson <pattersonc@ainfosec.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
This recipe does not build for mips, so set COMPATIBLE_HOST to avoid that.
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
The v2.11 version fixed a bug as follow.
Error info:
ovs|00002|db_ctl_base|ERR|external-ids:hostname=: argument does not
end in "=" followed by a value.
The result of ptest between v2.11 and v2.10.1 is similar.
v2.11:
ERROR: 2765 tests were run,
317 failed (1 expected failure).
85 tests were skipped.
v2.10.1:
ERROR: 2662 tests were run,
311 failed (1 expected failure).
85 tests were skipped.
I checked the detailed result. The failed tests were mostly related
to python2 as the image only use python3.
Signed-off-by: Hongzhi.Song <hongzhi.song@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
linux-yocto-dev would also use virualization features.
Signed-off-by: He Zhe <zhe.he@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
kernel has replaced CONFIG_NF_CONNTRACK_IPV4 with CONFIG_NF_CONNTRACK.
[commit: a0ae2562c]
Signed-off-by: Hongzhi.Song <hongzhi.song@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
This change reduces the length of ${PV} for several recipes and gives us
auto-incrementing version numbers.
Signed-off-by: Paul Barker <paul@betafive.co.uk>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
If we're building runc-opencontainers it's likely that we're not using
docker.
Signed-off-by: Paul Barker <paul@betafive.co.uk>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
If we don't explicitly set the GO variable as an argument to make then
the native go toolchain is invoked instead of the cross-toolchain we
actually want. This can result in a netns binary which is built for the
wrong architecture.
Signed-off-by: Paul Barker <paul@betafive.co.uk>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
fixes:
WARNING: linux-yocto-4.18.21+gitAUTOINC+9e348b6f9d_db2d813869-r0
do_kernel_configcheck: [kernel config]: This BSP sets config
options that are not offered anywhere within this kernel:
CONFIG_EXT3_FS_XATTR
CONFIG_RESOURCE_COUNTERS
CONFIG_CGROUP_MEM_RES_CTLR
CONFIG_CLS_CGROUP
CONFIG_NETPRIO_CGROUP
CONFIG_DEVPTS_MULTIPLE_INSTANCES
Configs were either dropped or renamed according to the updates made
in the kernel, as capture below.
CONFIG_RESOURCE_COUNTERS gone since kernel v3.19 via mainline
commit 5b1efc027c0b51ca3e76f4e00c83358f8349f543.
CONFIG_CGROUP_MEM_RES_CTLR renamed since kernel v3.6 via mainline
commit c255a458055e459f65eb7b7f51dc5dbdd0caf1d8
CONFIG_CLS_CGROUP never existed AFAICT it should have always
been CONFIG_NET_CLS_CGROUP
CONFIG_NETPRIO_CGROUP renamed since kernel v3.14 via mainline
commit 86f8515f9721fa171483f0fe0391968fbb949cc9
CONFIG_DEVPTS_MULTIPLE_INSTANCES removed since kernel v4.7 via mainline
commit eedf265aa003b4781de24cfed40a655a664457e6
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
add the py2 version for python-docker and python-docker-pycreds packages.
add python-six and python-backport_ssl (for ph2 only) as python-docker dependencies.
verify the connection to docker engine at run time -
>>> import docker
>>> client = docker.from_env()
>>> client.images.list()
[<Image: 'hello-world:latest'>]
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Instead of setting virtio kernel configs in LXC fragment, just reuse
cfg/virtio.scc from yocto-kernel-cache.
Signed-off-by: Chin Huat Ang <chin.huat.ang@intel.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
The script lxc-checkconfig doesn't seem to report virtio related kernel
configs as required, so remove them from lxc.cfg instead.
Signed-off-by: Chin Huat Ang <chin.huat.ang@intel.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Ceph package depends on libibverbs, which is provided by the
meta-cloud-services layer.
Signed-off-by: Oleksandr Kravchuk <oleksandr.kravchuk@pelagicore.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
A very small # of new commits. Most are minor bug fixes, no feature
work. I looked at adding ptests but the tests are mostly in an
unusable state at the moment, for example several require cgm despite
cgmanager being deprecated. So I have opted to continue without them
and only when we can work with upstream to improve their testing can
we seriously consider adding them.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
When CRIU is called for a first time and the /run/criu.kdat file does
not exists, the following warning is shown:
Warn (criu/kerndat.c:847): Can't load /run/criu.kdat
This patch is replacing this warning with a more appropriate debug
message.
File /run/criu.kdat does not exist
Signed-off-by: Hongzhi.Song <hongzhi.song@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Minor update bringing in new features such as better support for
cgroup v2, vfio AP support, support for XEN suspend/wakeup.
Basic usecases pass and the ptest return similar results we have been
achieving with the last few uprevs:
====================================
Testsuite summary for libvirt 4.9.0
====================================
# TOTAL: 120
# PASS: 117
# SKIP: 0
# XFAIL: 0
# FAIL: 3
# XPASS: 0
# ERROR: 0
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Fix numerous docker.init issues such as missing runtime dependency
util-linux-unshare, incomplete handling of start/stop etc. operations
and minor typos.
Signed-off-by: Chin Huat Ang <chin.huat.ang@intel.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
libvmi is looking for yacc during configuration, so we must add it to
our DEPENDS as a native tool.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Strip out the sse4.2 tuning flag to prevent sse instructions
from being generated in the build, which breaks the hvmloader
on some machine types (specifically core-i7 from meta-intel).
Signed-off-by: Brendan Kerrigan <kerriganb@ainfosec.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
When using qemu-img to create rbd based image:
qemu-img create -f rbd rbd:libvirt-pool/libvirt-image 2G
Output errors:
qemu-img: rbd:libvirt-pool/libvirt-image: error rbd create: Operation not supported
Accroding to upstream's advice:
http://lists.ceph.com/pipermail/ceph-users-ceph.com/2018-November/031014.html
This is because the system can't find libcls_rbd.so, this library
was packaged in ceph-dev, we should package it in ceph.
Signed-off-by: Dengke Du <dengke.du@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
docker/k8s and other components have been refreshed to the 18.09 release
tags. So we update runc to keep in sync.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Infrastructure changes triggered updated to supporting parts of the
docker stack, so to make sure that everything stays in sync we update
to the 18.09 release.
There were some minor build differences in this update, but in the
end, things are better since we can use some more of the Make infrastructure
versus calling 'go build' directly.
Also, docker-ce and docker are now virtually the same, except for the
moby based docker pulling in the cli and libnetwork repos independently.
There should be virtually no difference between the results, but we still
keep the two variants for flexibility.
We also drop the unused/legacy 'hi.Dockerfile'.
Tested with both kubernetes and docker unit tests.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
