From ab65bf29a87ffe3a5eaa5345f085d06233702d68 Mon Sep 17 00:00:00 2001 From: Da Li Liu Date: Mon, 22 Jul 2024 09:57:21 +0800 Subject: [PATCH] podvm-mkosi: refine podvm-mkosi s390x se image build logical - Update podvm-mkosi s390x podvm image build logical - Use `SE_BOOT=true` to enable se image build - support push fedora s390x-se image Signed-off-by: Da Li Liu --- .../hack/build-s390x-se-image.sh | 2 + src/cloud-api-adaptor/podvm-mkosi/Makefile | 47 +++++++++++++++---- src/cloud-api-adaptor/podvm-mkosi/README.md | 3 +- .../podvm/Dockerfile.podvm.fedora | 2 +- .../podvm/hack/download-image.sh | 10 +++- 5 files changed, 51 insertions(+), 13 deletions(-) diff --git a/src/cloud-api-adaptor/hack/build-s390x-se-image.sh b/src/cloud-api-adaptor/hack/build-s390x-se-image.sh index af6ec2bb38..d9dabff8be 100755 --- a/src/cloud-api-adaptor/hack/build-s390x-se-image.sh +++ b/src/cloud-api-adaptor/hack/build-s390x-se-image.sh @@ -174,5 +174,7 @@ qemu-nbd --disconnect "${tmp_nbd}" output_img_name="podvm-s390x-se.qcow2" qemu-img convert -O qcow2 -c "${tmp_img_path}" "${output_img_name}" +output_img_path=$(realpath "${output_img_name}") +echo "podvm se-image is generated: ${output_img_path}" popd diff --git a/src/cloud-api-adaptor/podvm-mkosi/Makefile b/src/cloud-api-adaptor/podvm-mkosi/Makefile index 53f18a260b..5caabf03bf 100644 --- a/src/cloud-api-adaptor/podvm-mkosi/Makefile +++ b/src/cloud-api-adaptor/podvm-mkosi/Makefile @@ -3,7 +3,7 @@ include ../Makefile.defaults ATTESTER ?= none ARCH ?= $(subst x86_64,amd64,$(shell uname -m)) BUILDER = fedora-binaries-builder-$(ARCH) -SEDEBUG ?= false +SE_BOOT ?= false REGISTRY ?= quay.io/confidential-containers PODVM_DISTRO ?= fedora @@ -60,10 +60,26 @@ image: rm -rf resources/build*Image rm -rf ./build @echo "Building image..." -ifeq ($(ARCH),s390x) +ifeq ($(SE_BOOT),true) touch resources/buildS390xImage sudo mkosi --profile production.conf --image system sudo -E ../hack/build-s390x-se-image.sh + @echo "Building docker image..." + docker buildx build \ + -t $(PODVM_NAME)-se:$(PODVM_TAG) \ + -t $(PODVM_NAME)-se:latest \ + --load \ + -f ../podvm/Dockerfile.podvm.fedora . +else ifeq ($(ARCH),s390x) + touch resources/buildS390xImage + sudo mkosi --profile production.conf --image system + sudo -E ../hack/build-s390x-image.sh + @echo "Building docker image..." + docker buildx build \ + -t $(PODVM_NAME):$(PODVM_TAG) \ + -t $(PODVM_NAME):latest \ + --load \ + -f ../podvm/Dockerfile.podvm.fedora . else touch resources/buildBootableImage nix develop ..#podvm-mkosi --command mkosi --environment=VARIANT_ID=production @@ -76,14 +92,26 @@ image-debug: touch resources/buildDebugImage rm -rf ./build @echo "Building debug image..." -ifeq ($(SEDEBUG),true) +ifeq ($(SE_BOOT),true) touch resources/buildS390xImage sudo mkosi --profile debug.conf sudo -E ../hack/build-s390x-se-image.sh + @echo "Building docker image..." + docker buildx build \ + -t $(PODVM_NAME)-se:$(PODVM_TAG) \ + -t $(PODVM_NAME)-se:latest \ + --load \ + -f ../podvm/Dockerfile.podvm.fedora . else ifeq ($(ARCH),s390x) touch resources/buildS390xImage sudo mkosi --profile debug.conf sudo -E ../hack/build-s390x-image.sh + @echo "Building docker image..." + docker buildx build \ + -t $(PODVM_NAME):$(PODVM_TAG) \ + -t $(PODVM_NAME):latest \ + --load \ + -f ../podvm/Dockerfile.podvm.fedora . else touch resources/buildBootableImage nix develop ..#podvm-mkosi --command mkosi --environment=VARIANT_ID=debug @@ -97,16 +125,15 @@ image-container: -t $(PODVM_CONTAINER_NAME):latest \ -f Dockerfile.podvm . - PHONY: push-image push-image: @echo "Push podvm image to remote repository..." -ifeq ($(ARCH),s390x) - docker buildx build \ - -t $(PODVM_NAME):$(PODVM_TAG) \ - -t $(PODVM_NAME):latest \ - --load \ - -f ../podvm/Dockerfile.podvm.fedora . +ifeq ($(SE_BOOT),true) + docker push $(PODVM_NAME)-se:$(PODVM_TAG) + docker push $(PODVM_NAME)-se:latest +else + docker push $(PODVM_NAME):$(PODVM_TAG) + docker push $(PODVM_NAME):latest endif PHONY: push-image-container diff --git a/src/cloud-api-adaptor/podvm-mkosi/README.md b/src/cloud-api-adaptor/podvm-mkosi/README.md index 58805bf00d..99bb268460 100644 --- a/src/cloud-api-adaptor/podvm-mkosi/README.md +++ b/src/cloud-api-adaptor/podvm-mkosi/README.md @@ -95,8 +95,9 @@ It requires a **s390x host** to build s390x image with make commands: make fedora-binaries-builder ATTESTER=se-attester make binaries make image +# SE_BOOT=true make image # make image-debug -# SEDEBUG=true make image-debug +# SE_BOOT=true make image-debug ``` The final output is `build/podvm-s390x.qcow2` or `build/podvm-s390x-se.qcow2`, which can be used as the Pod VM image in libvirt environment. diff --git a/src/cloud-api-adaptor/podvm/Dockerfile.podvm.fedora b/src/cloud-api-adaptor/podvm/Dockerfile.podvm.fedora index 24ea5f7e60..d8496f8a5f 100644 --- a/src/cloud-api-adaptor/podvm/Dockerfile.podvm.fedora +++ b/src/cloud-api-adaptor/podvm/Dockerfile.podvm.fedora @@ -10,4 +10,4 @@ ARG ARCH=s390x ENV ARCH=${ARCH} -COPY build/podvm-${ARCH}.qcow2 / +COPY build/podvm-*.qcow2 / diff --git a/src/cloud-api-adaptor/podvm/hack/download-image.sh b/src/cloud-api-adaptor/podvm/hack/download-image.sh index bb76cc62ac..b771e89d71 100755 --- a/src/cloud-api-adaptor/podvm/hack/download-image.sh +++ b/src/cloud-api-adaptor/podvm/hack/download-image.sh @@ -38,8 +38,16 @@ fi [ -z "$container_binary" ] && error "please install docker or podman" +# Check if the image name includes "podvm-generic-fedora-s390x-se" +# The "podvm-generic-fedora-s390x-se" docker image is built on s390x host, so here must use s390x platform +if [[ "$image" == *"podvm-generic-fedora-s390x-se"* ]]; then + platform="s390x" +else + platform="amd64" +fi + # Create a non-running container to extract image -$container_binary create --platform=amd64 --name "$container_name" "$image" /bin/sh >/dev/null 2>&1; +$container_binary create --platform="$platform" --name "$container_name" "$image" /bin/sh >/dev/null 2>&1; # Destory container after use rm-container(){ $container_binary rm -f "$container_name" >/dev/null 2>&1;