Support arm64 builds with multipass #307
Conversation
|
build-me-please |
Move 'kernel-patches' directory to 'provision/kernel-patches', and copy files to '/tmp/provision/kernel-patches' so that we do not accidentally apply patches not in 'provision/kernel-patches'. Signed-off-by: Jarno Rajahalme <[email protected]>
jrajahalme
force-pushed
the
pr/jrajahalme/arm64-multipass
branch
from
d6acbaf
to
35f91ff
Compare
|
build-me-please |
|
build-me-please |
Remove kernel patch that has already been applied in bpf-next. Signed-off-by: Jarno Rajahalme <[email protected]>
jrajahalme
force-pushed
the
pr/jrajahalme/arm64-multipass
branch
2 times, most recently
from
1f4ce92
to
c99e02f
Compare
Use versions that have arm64 images available. Signed-off-by: Jarno Rajahalme <[email protected]>
jrajahalme
force-pushed
the
pr/jrajahalme/arm64-multipass
branch
from
c99e02f
to
4a66df8
Compare
|
build-me-please |
1 similar comment
|
build-me-please |
Default to "amd64", but support "arm64" as well. Remove install of gcc-multilib, as it is not available for arm64, and apparently not deeded with amd64 either. Signed-off-by: Jarno Rajahalme <[email protected]>
Use $HOME_DIR exclusively instead of $HOME to refer to the target user home directory, as sudo can override $HOME with 'root' depending on the execution context. Signed-off-by: Jarno Rajahalme <[email protected]>
Pass the install user name via $USERNAME, so that same scripts can be used for different default user names (e.g., 'ubuntu' in addition to 'vagrant'). Signed-off-by: Jarno Rajahalme <[email protected]>
Make sure the home directory is owned by the target ${USERNAME} before
trying to create the 'go' directory on it.
Not sure if needed still, but failed due to this at one point.
Signed-off-by: Jarno Rajahalme <[email protected]>
Add export for GOPATH in .profile so that make targets that depend on it being set work as expected (e.g., 'make generate-k8s-api'). Signed-off-by: Jarno Rajahalme <[email protected]>
Add -f to 'ln -s' commands so that they do not fail if executed again. This is helpful when improving the provisioning scripts. Signed-off-by: Jarno Rajahalme <[email protected]>
Append to SSH authorized keys instead of overwriting them to keep any authorized keys set previously. This allows building of local images that have local users public key as an authorized key for local testing. Signed-off-by: Jarno Rajahalme <[email protected]>
Only install VirtualBox guest additions if VirtualBox is detected via "$HOME_DIR/.vbox_version". Signed-off-by: Jarno Rajahalme <[email protected]>
Install docker only if not already installed. This allows building on top of image stages that already install docker before these provisioning steps. Signed-off-by: Jarno Rajahalme <[email protected]>
…the rest Add script provision/provision-kernel.sh for provisioning an old or new kernel, and provision/provision.sh for provisioning everything after the kernel reboot. Add kernel modules needed by kube-proxy 1.19.11 to provision/ubuntu/kernel-next.sh. Signed-off-by: Jarno Rajahalme <[email protected]>
jrajahalme
force-pushed
the
pr/jrajahalme/arm64-multipass
branch
from
5087f1e
to
cdaedae
Compare
|
build-me-please |
|
Looks like this needs another rebase after #309 being merged. |
Use "sudo reboot" also for old kernel version install like for net-next build so that we can scan for it the same way from the console output. Signed-off-by: Jarno Rajahalme <[email protected]>
Add 'multipass' target for creating Cilium Development VMs with Canonical Multipass. Example use: NETNEXT=true VM_NAME=netnext VM_CPUS=8 VM_MEMORY=8G make multipass This will launch a new VM with Ubuntu 20.04 and run the standard Cilium VM provisioning scripts on it, followed by mounting the Cilium repos from the host to the VM (at /home/ubuntu/go/src/github.com/cilium) using NFS. See the Makefile for all the supported environment variables. This has been tested on MacOS on Apple Silicon (arm64), but should also work on the Intel models (amd64):. Multipass should also work on Linux, but that has not been tested. Install the package needed (nfs-common) for mounting NFS shares to the dev VM. Signed-off-by: Jarno Rajahalme <[email protected]>
jrajahalme
force-pushed
the
pr/jrajahalme/arm64-multipass
branch
from
cdaedae
to
4f9f922
Compare
|
build-me-please |
nbusseneau
requested review from
gentoo-root and
lmb
and removed request for
a team
| git am /tmp/provision/kernel-patches/*.patch | ||
| if [ -d /tmp/provision/kernel-patches ]; then | ||
| for patch in /tmp/provision/kernel-patches/*.patch; do | ||
| git am $patch |
There was a problem hiding this comment.
This will still fail if the directory exists, but it's empty.
Besides that, it kind of doesn't make sense to me when you keep this part, but remove copying the directory from cilium-ubuntu-next.json. If the directory isn't even copied, what's the point of this loop? If you want to keep the boilerplate for potential future patches, then it would make sense to keep the lines in cilium-ubuntu-next.json, just keep the empty directory for now.
| "CILIUM_BRANCH={{ user `CILIUM_BRANCH` }}", | ||
| "NAME_PREFIX={{ user `NAME_PREFIX` }}" | ||
| "VM_ARCH=amd64", | ||
| "ENV_FILEPATH=/tmp/env.bash", |
There was a problem hiding this comment.
Nit: unintentional indentation change for three existing lines? It seems like most of this file is indented with two spaces.
Same for the files below.
| export HOME_DIR=/home/vagrant | ||
| export HOME=/home/vagrant | ||
| export GOPATH="${HOME}/go" | ||
| export HOME_DIR=/home/${USERNAME} |
There was a problem hiding this comment.
Not sure if $USERNAME can contain whitespace, but it would be safer to use double quotes around it. Same for $HOME_DIR in the next file below.
provision/ubuntu/install.sh
Outdated
| ISO="VBoxGuestAdditions_$VER.iso"; | ||
|
|
||
| # Validate that custom GuestAdditions are needed | ||
| if [[ -n "${GUESTADDITIONS}" ]]; then | ||
| cd $HOME_DIR | ||
| cd ${HOME_DIR} |
There was a problem hiding this comment.
What's the purpose of this change? If you touch this, I suggest adding double quotes around as the general good practice to avoid surprises if the variable ever contains whitespace. Curly braces don't add any extra safety.
| @@ -4,6 +4,7 @@ source "${ENV_FILEPATH}" | |||
|
|
|||
| set -e | |||
|
|
|||
| sudo -E chown ${USERNAME}:${USERNAME} ${HOME_DIR} | |||
There was a problem hiding this comment.
Why is -E needed? Doesn't look necessary to me, chown shouldn't use any env vars.
| @@ -12,3 +12,5 @@ sudo -u ${USERNAME} -E bash -c "mkdir -p ${GOPATH} && \ | |||
| curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sudo sh -s -- -b ${GOPATH}/bin/ v1.42.1 | |||
|
|
|||
| sudo -E ln -s "${GOPATH}/bin/"* /usr/bin | |||
|
|
|||
| if ! grep "export GOPATH=" ${HOME_DIR}/.profile ; then echo "export GOPATH=${GOPATH}" >>${HOME_DIR}/.profile; fi | |||
There was a problem hiding this comment.
grep ... || echo ... >> ... would be more compact if you want a one-liner.
grep -q is also a good idea to suppress unneeded output.
| @@ -11,6 +11,6 @@ sudo -u ${USERNAME} -E bash -c "mkdir -p ${GOPATH} && \ | |||
|
|
|||
| curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sudo sh -s -- -b ${GOPATH}/bin/ v1.42.1 | |||
|
|
|||
| sudo -E ln -s "${GOPATH}/bin/"* /usr/bin | |||
| sudo -E ln -sf "${GOPATH}/bin/"* /usr/bin | |||
There was a problem hiding this comment.
-E doesn't seem necessary here as well.
| @@ -9,9 +9,11 @@ source "${ENV_FILEPATH}" | |||
| pubkey_url="https://raw.githubusercontent.com/hashicorp/vagrant/master/keys/vagrant.pub"; | |||
| mkdir -p "${HOME_DIR}/.ssh"; | |||
| if command -v wget >/dev/null 2>&1; then | |||
| wget --no-check-certificate "${pubkey_url}" -O "${HOME_DIR}/.ssh/authorized_keys"; | |||
| wget --no-check-certificate "${pubkey_url}" -O vagrant.pub; | |||
| cat vagrant.pub >> "${HOME_DIR}/.ssh/authorized_keys"; | |||
There was a problem hiding this comment.
A temporary file is not needed, wget supports -O - to write output to stdout, you can use the same pipeline as with curl:
wget --no-check-certificate "${pubkey_url}" -O - >> "${HOME_DIR}/.ssh/authorized_keys"
|
|
||
| # share parent if it is named "cilium", so that it can be correctly mounted | ||
| # as ~/go/src/github.com/cilium" | ||
| ifeq (cilium,$(notdir $(abspath $(ROOT_DIR)/..))) |
There was a problem hiding this comment.
I'm not sure I get the logic here...
If the parent directory is called "cilium", mount the whole github.com, but if it's not "cilium", mount only github.com/cilium... what's the idea of this?
| nfs-export: HOST_MASK ?= 255.255.255.0 | ||
| nfs-export: ETC_EXPORTS ?= $(realpath $(SHARE_SOURCE)) -mapall=$(shell whoami) -alldirs -network $(HOST_NETWORK) -mask $(HOST_MASK) | ||
| nfs-export: | ||
| @if ! grep "$(ETC_EXPORTS)" /etc/exports; then \ |
There was a problem hiding this comment.
Not sure about macOS, but at least my Linux supports /etc/exports.d, where you can put multiple files. It has the advantage that the file can be owned by the corresponding user or group (therefore, sudo is not needed), and different applications have their own files, not competing over the single /etc/exports and not needing to invent ingenious ways to mark ownership of the lines of that file.
Vagrant that doesn't support /etc/exports.d is my personal pain. This script is written by us, so we can make it good from the beginning. Could you change it to a dedicated file under /etc/exports.d (e.g., /etc/exports.d/cilium-multipass, or whatever name you prefer) and use sudo only if a regular write as the current user failed?
Another note: grep should be grep -Fx to match the whole lines and not try to treat it as a regexp.
Add 'multipass' make target for creating Cilium Development VMs with Canonical Multipass. As on now there is no vagrant provider for multipass, so the resulting images do not work with vagrant, but can be locally created and used directly with multipass.
Example use:
NETNEXT=true VM_NAME=netnext VM_CPUS=8 VM_MEMORY=8G make multipass
This will launch a new VM with Ubuntu 20.04 and run the standard Cilium VM provisioning scripts on it, followed by mounting the Cilium repos from the host to the VM (at /home/ubuntu/go/src/github.com/cilium) using NFS. Adjusting NFS exports is done with 'sudo', so the password will be asked for when needed.
See the Makefile for all the supported environment variables.
This has been tested on MacOS on Apple Silicon (arm64), but should also work on the Intel models (amd64). Multipass should also work on Linux, but that has not been tested.
To enable this dependencies have been bumped to versions with arm64 support and virtual box guest additions install has been made conditional.