pre-install: Setup nydus-snapshotter #251
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ChengyuZhu6
changed the title
fidencio
reviewed
Aug 22, 2023
| set -o nounset | ||
|
|
||
| script_dir=$(dirname "$(readlink -f "$0")") | ||
| snapshotter_type=${snapshotter_type:-"nydus"} |
There was a problem hiding this comment.
I'd call this "SNAPSHOTTER", instead, just to follow the "all caps" pattern we're following in Kata Containers, and already using as part of the operator as well.
There was a problem hiding this comment.
Also, I'm thinking this should be part of the script we already have, instead of its own script.
The reason for that is because in the script we have we're already handling what we need to do with the operator.
The current script has to be modified, though, so you can build your patch atop of those changes.
I've written some quick POC here, not tested, but please, take a look at the last 2 patches in this branch here: https://github.com/fidencio/cc-operator/commits/topic/use-latest-containerd-instead-of-our-own-fork
There was a problem hiding this comment.
I'd call this "SNAPSHOTTER", instead, just to follow the "all caps" pattern we're following in Kata Containers, and already using as part of the operator as well.
Done.
Actually, I think we can pass the snapshotter as an env var here. |
ChengyuZhu6
force-pushed
the
remote_snapshotter
branch
16 times, most recently
from
47483bf to
5c073df
Compare
ChengyuZhu6
force-pushed
the
remote_snapshotter
branch
6 times, most recently
from
8580f08 to
006bacd
Compare
Done. I have followed your implementation. |
ChengyuZhu6
force-pushed
the
remote_snapshotter
branch
from
006bacd to
ee45611
Compare
ChengyuZhu6
changed the title
ChengyuZhu6
force-pushed
the
remote_snapshotter
branch
from
ee45611 to
912a07a
Compare
ChengyuZhu6
pushed a commit
to ChengyuZhu6/tests
that referenced
this pull request
Sep 10, 2023
Additional tests are necessary to verify new feature that pulling image without forked containerd in CoCo. 1)image sharing on the host with dm-verity. 2)image pulling in the guest with nydus-snapshotter. Fixes kata-containers#5763 Depends-on:github.com/kata-containers/kata-containers/pull/7676 Depends-on:github.com/confidential-containers/operator#251 Signed-off-by: ChengyuZhu6 <[email protected]>
ChengyuZhu6
pushed a commit
to ChengyuZhu6/tests
that referenced
this pull request
Sep 10, 2023
Additional tests are necessary to verify new feature that pulling image without forked containerd in CoCo. 1)image sharing on the host with dm-verity. 2)image pulling in the guest with nydus-snapshotter. Fixes kata-containers#5763 Depends-on:github.com/kata-containers/kata-containers/pull/7676 Depends-on:github.com/confidential-containers/operator#251 Signed-off-by: ChengyuZhu6 <[email protected]>
ChengyuZhu6
pushed a commit
to ChengyuZhu6/tests
that referenced
this pull request
Sep 11, 2023
Additional tests are necessary to verify new feature that pulling image without forked containerd in CoCo. 1)image sharing on the host with dm-verity. 2)image pulling in the guest with nydus-snapshotter. Fixes kata-containers#5763 Depends-on:github.com/kata-containers/kata-containers/pull/7676 Depends-on:github.com/confidential-containers/operator#251 Signed-off-by: ChengyuZhu6 <[email protected]>
ChengyuZhu6
pushed a commit
to ChengyuZhu6/tests
that referenced
this pull request
Sep 11, 2023
Additional tests are necessary to verify new feature that pulling image without forked containerd in CoCo. 1)image sharing on the host without dm-verity. 2)image sharing on the host with dm-verity. 3)image pulling in the guest with nydus-snapshotter. Fixes kata-containers#5763 Depends-on:github.com/kata-containers/kata-containers/pull/7676 Depends-on:github.com/confidential-containers/operator#251 Signed-off-by: ChengyuZhu6 <[email protected]>
ChengyuZhu6
pushed a commit
to ChengyuZhu6/tests
that referenced
this pull request
Sep 11, 2023
Additional tests are necessary to verify new feature that pulling image without forked containerd in CoCo. 1)image sharing on the host without dm-verity. 2)image sharing on the host with dm-verity. 3)image pulling in the guest with nydus-snapshotter. Fixes kata-containers#5763 Depends-on:github.com/kata-containers/kata-containers/pull/7676 Depends-on:github.com/confidential-containers/operator#251 Signed-off-by: ChengyuZhu6 <[email protected]>
ChengyuZhu6
force-pushed
the
remote_snapshotter
branch
2 times, most recently
from
9ee6f19 to
9d12f47
Compare
ChengyuZhu6
pushed a commit
to ChengyuZhu6/tests
that referenced
this pull request
Sep 11, 2023
Additional tests are necessary to verify new feature that pulling image without forked containerd in CoCo. 1)image sharing on the host without dm-verity. 2)image sharing on the host with dm-verity. 3)image pulling in the guest with nydus-snapshotter. Fixes kata-containers#5763 Depends-on:github.com/kata-containers/kata-containers/pull/7676 Depends-on:github.com/confidential-containers/operator#251 Signed-off-by: ChengyuZhu6 <[email protected]>
ChengyuZhu6
pushed a commit
to ChengyuZhu6/tests
that referenced
this pull request
Sep 11, 2023
Additional tests are necessary to verify new feature that pulling image without forked containerd in CoCo. 1)image sharing on the host without dm-verity. 2)image sharing on the host with dm-verity. 3)image pulling in the guest with nydus-snapshotter. Fixes kata-containers#5763 Depends-on:github.com/kata-containers/kata-containers/pull/7676 Depends-on:github.com/confidential-containers/operator#251 Signed-off-by: ChengyuZhu6 <[email protected]>
ChengyuZhu6
pushed a commit
to ChengyuZhu6/tests
that referenced
this pull request
Sep 11, 2023
Additional tests are necessary to verify new feature that pulling image without forked containerd in CoCo. 1)image sharing on the host without dm-verity. 2)image sharing on the host with dm-verity. 3)image pulling in the guest with nydus-snapshotter. Fixes kata-containers#5763 Depends-on:github.com/kata-containers/kata-containers/pull/7676 Depends-on:github.com/confidential-containers/operator#251 Signed-off-by: ChengyuZhu6 <[email protected]>
ChengyuZhu6
pushed a commit
to ChengyuZhu6/tests
that referenced
this pull request
Sep 11, 2023
Additional tests are necessary to verify new feature that pulling image without forked containerd in CoCo. 1)image sharing on the host without dm-verity. 2)image sharing on the host with dm-verity. 3)image pulling in the guest with nydus-snapshotter. Fixes kata-containers#5763 Depends-on:github.com/kata-containers/kata-containers/pull/7676 Depends-on:github.com/confidential-containers/operator#251 Signed-off-by: ChengyuZhu6 <[email protected]>
ChengyuZhu6
pushed a commit
to ChengyuZhu6/tests
that referenced
this pull request
Sep 12, 2023
Additional tests are necessary to verify new feature that pulling image without forked containerd in CoCo. 1)image sharing on the host with dm-verity. 2)image pulling in the guest with nydus-snapshotter. Fixes kata-containers#5763 Depends-on:github.com/kata-containers/kata-containers/pull/7676 Depends-on:github.com/confidential-containers/operator#251 Signed-off-by: ChengyuZhu6 <[email protected]>
ChengyuZhu6
force-pushed
the
remote_snapshotter
branch
2 times, most recently
from
df9d87e to
5d688cb
Compare
|
Simply doing ...
=> CACHED [nydus-binary-downloader 2/4] RUN mkdir -p /opt/confidential-containers-pre-install-artifacts/opt/confidential-containers/bin && apk add --no-cache ca-certificates build-base git curl && git clone https://github.com/containerd/nydus-snapshotter -b main /nydus-snapshotter && make -C /nydus-snapshotter && chmod +x /nydus-snapshotter/bin/containe 0.0s
=> ERROR [nydus-binary-downloader 3/4] RUN [ "s390x" != "s390x" ] && curl -fOL --progress-bar https://github.com/dragonflyoss/image-service/releases/download/v2.2.3/nydus-static-v2.2.3-linux-s390x.tgz && tar xvzpf nydus-static-v2.2.3-linux-s390x.tgz -C / && chmod +x /nydus-static/nydus-image && mv /nydus-static/nydus-image /opt/confidential-containers-p 0.2s
------
> [nydus-binary-downloader 3/4] RUN [ "s390x" != "s390x" ] && curl -fOL --progress-bar https://github.com/dragonflyoss/image-service/releases/download/v2.2.3/nydus-static-v2.2.3-linux-s390x.tgz && tar xvzpf nydus-static-v2.2.3-linux-s390x.tgz -C / && chmod +x /nydus-static/nydus-image && mv /nydus-static/nydus-image /opt/confidential-containers-pre-install-artifacts/opt/confidential-containers/bin && rm -rf /nydus-static /nydus-static-v2.2.3-linux-s390x.tgz:
------
Dockerfile:80
--------------------
79 |
80 | >>> RUN [ "${ARCH}" != "s390x" ] && \
81 | >>> curl -fOL --progress-bar ${NYDUS_REPO}/releases/download/${NYDUS_VERSION}/nydus-static-${NYDUS_VERSION}-linux-${ARCH}.tgz && \
82 | >>> tar xvzpf nydus-static-${NYDUS_VERSION}-linux-${ARCH}.tgz -C / && \
83 | >>> chmod +x /nydus-static/nydus-image && \
84 | >>> mv /nydus-static/nydus-image ${NODE_DESTINATION}/bin && \
85 | >>> rm -rf /nydus-static /nydus-static-${NYDUS_VERSION}-linux-${ARCH}.tgz
86 |
--------------------
ERROR: failed to solve: process "/dev/.buildkit_qemu_emulator /bin/sh -c [ \"${ARCH}\" != \"s390x\" ] && curl -fOL --progress-bar ${NYDUS_REPO}/releases/download/${NYDUS_VERSION}/nydus-static-${NYDUS_VERSION}-linux-${ARCH}.tgz && tar xvzpf nydus-static-${NYDUS_VERSION}-linux-${ARCH}.tgz -C / && chmod +x /nydus-static/nydus-image && mv /nydus-static/nydus-image ${NODE_DESTINATION}/bin && rm -rf /nydus-static /nydus-static-${NYDUS_VERSION}-linux-${ARCH}.tgz" did not complete successfully: exit code: 1
make: *** [Makefile:10: reqs-image] Error 1Here are the commands that I ran: export registry=quay.io/surajd/reqs-payload
pushd install/pre-install-payload
make reqs-imageDo I need anything else I should be doing? |
ChengyuZhu6
force-pushed
the
remote_snapshotter
branch
2 times, most recently
from
ed069de to
315116f
Compare
Thanks for your information. Let me take a look. |
ChengyuZhu6
force-pushed
the
remote_snapshotter
branch
3 times, most recently
from
ae59de3 to
04a1ef5
Compare
That's the error in downloading nydus and I have fixed it. Please try again. Thanks. |
|
@ChengyuZhu6 yes the build worked fine, I will try to deploy this now. |
|
I was able to do the regular operator installation with this. |
ChengyuZhu6
force-pushed
the
remote_snapshotter
branch
2 times, most recently
from
c6a919c to
b40adfd
Compare
nydus-snapshotter / nydus will be used to get rid of the containerd fork we have, allowing us to do both the image pulling on the host side and inside the guest. NOTE: This PR should NOT be merged as it's, as it breaks s390x payload build. Signed-off-by: ChengyuZhu6 <[email protected]> Signed-off-by: Fabiano Fidêncio <[email protected]>
ChengyuZhu6
force-pushed
the
remote_snapshotter
branch
from
b40adfd to
b0d409c
Compare
|
@ChengyuZhu6, I'm closing this one as your commit was part of #267 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is a patch to setup remote snapshotter instead forked containerd in CoCo. As discussed in kata-containers/kata-containers#7658, operator is responsible to set up the snapshotter.