podvm-mkosi: refine podvm-mkosi s390x se image build logical

- Update podvm-mkosi s390x podvm image build logical - Use `SE_BOOT=true` to enable se image build - support push fedora s390x-se image Signed-off-by: Da Li Liu <[email protected]>
confidential-containers · Jul 24, 2024 · ab65bf2 · ab65bf2
1 parent 9b34e82
commit ab65bf2
Show file tree

Hide file tree

Showing 5 changed files with 51 additions and 13 deletions.
diff --git a/src/cloud-api-adaptor/hack/build-s390x-se-image.sh b/src/cloud-api-adaptor/hack/build-s390x-se-image.sh
@@ -174,5 +174,7 @@ qemu-nbd --disconnect "${tmp_nbd}"
 
 output_img_name="podvm-s390x-se.qcow2"
 qemu-img convert -O qcow2 -c "${tmp_img_path}" "${output_img_name}"
+output_img_path=$(realpath "${output_img_name}")
+echo "podvm se-image is generated: ${output_img_path}"
 
 popd
diff --git a/src/cloud-api-adaptor/podvm-mkosi/Makefile b/src/cloud-api-adaptor/podvm-mkosi/Makefile
@@ -3,7 +3,7 @@ include ../Makefile.defaults
 ATTESTER  ?= none
 ARCH      ?= $(subst x86_64,amd64,$(shell uname -m))
 BUILDER   = fedora-binaries-builder-$(ARCH)
-SEDEBUG   ?= false
+SE_BOOT   ?= false
 
 REGISTRY ?= quay.io/confidential-containers
 PODVM_DISTRO ?= fedora
@@ -60,10 +60,26 @@ image:
 	rm -rf resources/build*Image
 	rm -rf ./build
 	@echo "Building image..."
-ifeq ($(ARCH),s390x)
+ifeq ($(SE_BOOT),true)
 	touch resources/buildS390xImage
 	sudo mkosi --profile production.conf --image system
 	sudo -E ../hack/build-s390x-se-image.sh
+	@echo "Building docker image..."
+	docker buildx build \
+		-t $(PODVM_NAME)-se:$(PODVM_TAG) \
+		-t $(PODVM_NAME)-se:latest \
+		--load \
+		-f ../podvm/Dockerfile.podvm.fedora .
+else ifeq ($(ARCH),s390x)
+	touch resources/buildS390xImage
+	sudo mkosi --profile production.conf --image system
+	sudo -E ../hack/build-s390x-image.sh
+	@echo "Building docker image..."
+	docker buildx build \
+		-t $(PODVM_NAME):$(PODVM_TAG) \
+		-t $(PODVM_NAME):latest \
+		--load \
+		-f ../podvm/Dockerfile.podvm.fedora .
 else
 	touch resources/buildBootableImage
 	nix develop ..#podvm-mkosi --command mkosi --environment=VARIANT_ID=production
@@ -76,14 +92,26 @@ image-debug:
 	touch resources/buildDebugImage
 	rm -rf ./build
 	@echo "Building debug image..."
-ifeq ($(SEDEBUG),true)
+ifeq ($(SE_BOOT),true)
 	touch resources/buildS390xImage
 	sudo mkosi --profile debug.conf
 	sudo -E ../hack/build-s390x-se-image.sh
+	@echo "Building docker image..."
+	docker buildx build \
+		-t $(PODVM_NAME)-se:$(PODVM_TAG) \
+		-t $(PODVM_NAME)-se:latest \
+		--load \
+		-f ../podvm/Dockerfile.podvm.fedora .
 else ifeq ($(ARCH),s390x)
 	touch resources/buildS390xImage
 	sudo mkosi --profile debug.conf
 	sudo -E ../hack/build-s390x-image.sh
+	@echo "Building docker image..."
+	docker buildx build \
+		-t $(PODVM_NAME):$(PODVM_TAG) \
+		-t $(PODVM_NAME):latest \
+		--load \
+		-f ../podvm/Dockerfile.podvm.fedora .
 else
 	touch resources/buildBootableImage
 	nix develop ..#podvm-mkosi --command mkosi --environment=VARIANT_ID=debug
@@ -97,16 +125,15 @@ image-container:
 		-t $(PODVM_CONTAINER_NAME):latest \
 		-f Dockerfile.podvm .
 
-
 PHONY: push-image
 push-image:
 	@echo "Push podvm image to remote repository..."
-ifeq ($(ARCH),s390x)
-	docker buildx build \
-		-t $(PODVM_NAME):$(PODVM_TAG) \
-		-t $(PODVM_NAME):latest \
-		--load \
-		-f ../podvm/Dockerfile.podvm.fedora .
+ifeq ($(SE_BOOT),true)
+	docker push $(PODVM_NAME)-se:$(PODVM_TAG)
+	docker push $(PODVM_NAME)-se:latest
+else
+	docker push $(PODVM_NAME):$(PODVM_TAG)
+	docker push $(PODVM_NAME):latest
 endif
 
 PHONY: push-image-container

diff --git a/src/cloud-api-adaptor/podvm-mkosi/README.md b/src/cloud-api-adaptor/podvm-mkosi/README.md
@@ -95,8 +95,9 @@ It requires a **s390x host** to build s390x image with make commands:
 make fedora-binaries-builder
 ATTESTER=se-attester make binaries
 make image
+# SE_BOOT=true make image
 # make image-debug
-# SEDEBUG=true make image-debug
+# SE_BOOT=true make image-debug
 ```
 
 The final output is `build/podvm-s390x.qcow2` or `build/podvm-s390x-se.qcow2`, which can be used as the Pod VM image in libvirt environment.
diff --git a/src/cloud-api-adaptor/podvm/Dockerfile.podvm.fedora b/src/cloud-api-adaptor/podvm/Dockerfile.podvm.fedora
@@ -10,4 +10,4 @@ ARG ARCH=s390x
 
 ENV ARCH=${ARCH}
 
-COPY build/podvm-${ARCH}.qcow2 /
+COPY build/podvm-*.qcow2 /
diff --git a/src/cloud-api-adaptor/podvm/hack/download-image.sh b/src/cloud-api-adaptor/podvm/hack/download-image.sh
@@ -38,8 +38,16 @@ fi
 
 [ -z "$container_binary" ] && error "please install docker or podman"
 
+# Check if the image name includes "podvm-generic-fedora-s390x-se"
+# The "podvm-generic-fedora-s390x-se" docker image is built on s390x host, so here must use s390x platform 
+if [[ "$image" == *"podvm-generic-fedora-s390x-se"* ]]; then
+    platform="s390x"
+else
+    platform="amd64"
+fi
+
 # Create a non-running container to extract image
-$container_binary create --platform=amd64 --name "$container_name" "$image" /bin/sh >/dev/null 2>&1;
+$container_binary create --platform="$platform" --name "$container_name" "$image" /bin/sh >/dev/null 2>&1;
 # Destory container after use
 rm-container(){
     $container_binary rm -f "$container_name" >/dev/null 2>&1;
Original file line number	Diff line number	Diff line change
Expand Up		@@ -10,4 +10,4 @@ ARG ARCH=s390x

		ENV ARCH=${ARCH}

		COPY build/podvm-${ARCH}.qcow2 /
		COPY build/podvm-*.qcow2 /