From 155f374180ca38f8a938cb6e44e28095874ca356 Mon Sep 17 00:00:00 2001
From: "James O. D. Hunt" <james.o.hunt@intel.com>
Date: Fri, 25 Aug 2017 10:29:10 +0100
Subject: [PATCH] docs: Create CentOS 7 installation guide

Wrote a document explaining how to install Clear Containers 3.0
on a CentOS 7 system.

Added associated scripts and configuration files (which are lightly
modified versions from https://github.com/01org/cc-oci-runtime).

Fixes #371.

Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
---
 docs/centos-installation-guide.md  |  74 +++++++++++
 installation/centos-setup.sh       | 145 ++++++++++++++++++++
 installation/installation-setup.sh | 204 +++++++++++++++++++++++++++++
 versions.txt                       |   9 ++
 4 files changed, 432 insertions(+)
 create mode 100644 docs/centos-installation-guide.md
 create mode 100755 installation/centos-setup.sh
 create mode 100755 installation/installation-setup.sh

diff --git a/docs/centos-installation-guide.md b/docs/centos-installation-guide.md
new file mode 100644
index 00000000..72bd5edf
--- /dev/null
+++ b/docs/centos-installation-guide.md
@@ -0,0 +1,74 @@
+# Installing Intel® Clear Containers 3.0 on CentOS* version 7
+
+This document _only_ covers installing on a
+[CentOS](https://www.centos.org/) system. It explicitly does **not**
+cover installation on Red Hat* Enterprise Linux (RHEL).
+
+## Required Setup
+
+The installation requires the current user to run the `sudo` command
+without specifying a password. Verify this with the following commands:
+
+```
+$ su -
+# echo "$some_user ALL=(ALL:ALL) NOPASSWD: ALL" | (EDITOR="tee -a" visudo)
+$ exit
+
+```
+
+## Installation steps
+
+1. Ensure the system packages are up-to-date:
+
+```
+$ sudo yum -y update
+
+```
+2. Install Git:
+
+```
+$ sudo yum install -y git
+
+```
+3. Create the installation directory and clone the repository:
+
+```
+$ mkdir -p $HOME/go/src/github/clearcontainers
+$ cd $HOME/go/src/github/clearcontainers
+$ git clone https://github.com/clearcontainers/runtime
+$ cd runtime
+
+```
+4. Run the installation script:
+
+```
+$ script -efc ./installation/centos-setup.sh
+
+```
+
+Note:
+
+- Running the installation script can take a long time as it needs to
+  download source packages and compile them.
+
+- Although it is not strictly necessary to run the installation
+  script using the `script(1)` command, doing so ensures that a log of the
+  installation is written to the file `typescript`. This is useful for
+  administrators to see what changes were made and can also be used to
+  debug any issues.
+
+## Verify the installation was successful
+
+1. Check the `cc-runtime` version:
+
+```
+$ cc-runtime --version
+
+```
+
+2. Test that a Clear Container can be created:
+
+```
+$ sudo docker run -ti busybox sh
+
+```
diff --git a/installation/centos-setup.sh b/installation/centos-setup.sh
new file mode 100755
index 00000000..0f137b20
--- /dev/null
+++ b/installation/centos-setup.sh
@@ -0,0 +1,145 @@
+#!/bin/bash
+
+#  This file is part of cc-runtime.
+#
+#  Copyright (C) 2017 Intel Corporation
+#
+#  This program is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU General Public License
+#  as published by the Free Software Foundation; either version 2
+#  of the License, or (at your option) any later version.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this program; if not, write to the Free Software
+#  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+
+# Description: This script installs Clear Containers on a
+#   CentOS 7 system.
+#
+
+# all errors are fatal
+set -e
+
+# enable tracing
+set -x
+
+SCRIPT_PATH=$(dirname "$(readlink -f "$0")")
+source "${SCRIPT_PATH}/installation-setup.sh"
+source "${SCRIPT_PATH}/../versions.txt"
+
+# List of packages to install to satisfy build dependencies
+pkgs=""
+
+mnl_dev_pkg="libmnl-devel"
+
+# general
+pkgs+=" zlib-devel"
+pkgs+=" gettext-devel"
+pkgs+=" libtool-ltdl-devel"
+pkgs+=" libtool-ltdl"
+pkgs+=" glib2-devel"
+pkgs+=" bzip2"
+pkgs+=" m4"
+
+# for yum-config-manager
+pkgs+=" yum-utils"
+
+# runtime dependencies
+pkgs+=" libuuid-devel"
+pkgs+=" libmnl"
+pkgs+=" ${mnl_dev_pkg}"
+pkgs+=" libffi-devel"
+pkgs+=" pcre-devel"
+
+# qemu lite dependencies
+pkgs+=" libattr-devel"
+pkgs+=" libcap-devel"
+pkgs+=" libcap-ng-devel"
+pkgs+=" pixman-devel"
+
+pkgs+=" gcc-c++"
+
+source /etc/os-release
+
+major_version=$(echo "${VERSION_ID}"|cut -d\. -f1)
+
+if [ "${os_distribution}" = centos ]
+then
+    distro="CentOS"
+else
+    echo >&2 "ERROR: Unrecognised distribution: ${os_distribution}"
+    echo >&2 "ERROR: This script is designed to work on CentOS systems only."
+    exit 1
+fi
+
+site="http://download.opensuse.org"
+dir="repositories/home:/clearcontainers:/clear-containers-3/${distro}_${major_version}"
+repo_file="home:clearcontainers:clear-containers-3.repo"
+cc_repo_url="${site}/${dir}/${repo_file}"
+
+sudo yum -y update
+eval sudo yum -y install "${pkgs}"
+
+sudo yum groupinstall -y 'Development Tools'
+
+pushd "${deps_dir}"
+
+# Install pre-requisites for gcc
+gmp_file="gmp-${gmp_version}.tar.bz2"
+curl -L -O "https://gcc.gnu.org/pub/gcc/infrastructure/${gmp_file}"
+compile gmp "${gmp_file}" "gmp-${gmp_version}"
+
+mpfr_file="mpfr-${mpfr_version}.tar.bz2"
+curl -L -O "https://gcc.gnu.org/pub/gcc/infrastructure/${mpfr_file}"
+compile mpfr "${mpfr_file}" "mpfr-${mpfr_version}"
+
+mpc_file="mpc-${mpc_version}.tar.gz"
+curl -L -O "https://gcc.gnu.org/pub/gcc/infrastructure/${mpc_file}"
+compile mpc "${mpc_file}" "mpc-${mpc_version}"
+
+# Install glib
+glib_setup
+
+# Install json-glib
+json_glib_setup
+
+# Install gcc
+gcc_setup
+
+# Install qemu-lite
+qemu_lite_setup
+
+popd
+
+# Install docker
+sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
+sudo yum -y install docker-ce
+
+# Install Clear Containers components and their dependencies
+sudo yum-config-manager --add-repo "${cc_repo_url}"
+sudo yum -y install cc-runtime cc-proxy cc-shim linux-container clear-containers-image
+
+# Override runtime configuration to use hypervisor from prefix_dir
+# rather than the OBS default values.
+sudo -E prefix_dir="${prefix_dir}" sed -i -e \
+    "s,^path = \"/usr/bin/qemu-system-x86_64\",path = \"${prefix_dir}/bin/qemu-system-x86_64\",g" \
+    /etc/clear-containers/configuration.toml
+
+# Configure CC by default
+service_dir="/etc/systemd/system/docker.service.d"
+sudo mkdir -p "${service_dir}"
+cat <<EOF|sudo tee "${service_dir}/clear-containers.conf"
+[Service]
+ExecStart=
+ExecStart=/usr/bin/dockerd -D --add-runtime cc-runtime=/usr/bin/cc-runtime --default-runtime=cc-runtime
+EOF
+
+sudo systemctl daemon-reload
+sudo systemctl restart docker
+sudo systemctl enable cc-proxy.socket
+sudo systemctl start cc-proxy.socket
diff --git a/installation/installation-setup.sh b/installation/installation-setup.sh
new file mode 100755
index 00000000..648df561
--- /dev/null
+++ b/installation/installation-setup.sh
@@ -0,0 +1,204 @@
+#!/bin/bash
+
+#  This file is part of cc-oci-runtime.
+#
+#  Copyright (C) 2017 Intel Corporation
+#
+#  This program is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU General Public License
+#  as published by the Free Software Foundation; either version 2
+#  of the License, or (at your option) any later version.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this program; if not, write to the Free Software
+#  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+
+os_distribution=`cat /etc/os-release | grep -w ID | cut -d '=' -f2 | sed s/\"//g`
+
+export prefix_dir="/usr/local/"
+export GOROOT="$prefix_dir/go"
+export deps_dir="$PWD/dependencies"
+mkdir -p "$deps_dir"
+
+SCRIPT_PATH=$(dirname "$(readlink -f "$0")")
+source "${SCRIPT_PATH}/../versions.txt"
+
+# if chronic(1) is available, it will be used to hide all output
+# (unless an error occurs).
+chronic=$(command -v chronic || true)
+
+# Ensure "make install" as root can find clang
+#
+# See: https://github.com/travis-ci/travis-ci/issues/2607
+export CC=$(which "$CC")
+gnome_dl=https://download.gnome.org/sources
+
+function compile {
+	name="$1"
+	tarball="$2"
+	directory="$3"
+	configure_opts="$4"
+	eval $chronic tar -xvf "${tarball}"
+	pushd ${directory}
+
+	if [ -n "$configure_opts" ]
+	then
+		args="$configure_opts"
+	else
+		args=""
+		args+=" --disable-silent-rules"
+		args+=" --prefix=\"${prefix_dir}\""
+	fi
+
+	eval CC=${CC:-cc} "$chronic" ./configure "$args"
+	eval "$chronic make -j5"
+	eval "$chronic sudo make install"
+	popd
+}
+
+# Determine if the specified library version is available
+# Note that this is an exact match test: this is by design - see the
+# top-level "versions.txt" file.
+function lib_installed {
+	local name="$1"
+	local required_version="$2"
+	version=$(pkg-config --print-provides "$name" 2>/dev/null | awk '{print $3}')
+	[ "$version" = "$required_version" ]
+}
+
+# Determined if the specified command has already been installed
+function cmd_installed {
+	local cmd="$1"
+	local path="${prefix_dir}/bin/$cmd"
+	[ -e "$path" ]
+}
+
+# Build glib
+function glib_setup {
+	glib_major=`echo $glib_version | cut -d. -f1`
+	glib_minor=`echo $glib_version | cut -d. -f2`
+	file="glib-${glib_version}.tar.xz"
+
+	if ! lib_installed "glib-2.0" "$glib_version"
+	then
+		if [ ! -e "$file" ]
+		then
+			curl -L -O "$gnome_dl/glib/${glib_major}.${glib_minor}/$file"
+		fi
+		compile glib glib-${glib_version}.tar.xz glib-${glib_version}
+	fi
+}
+
+# Build json-glib
+function json_glib_setup {
+	json_major=`echo $json_glib_version | cut -d. -f1`
+	json_minor=`echo $json_glib_version | cut -d. -f2`
+	file="json-glib-${json_glib_version}.tar.xz"
+
+	if ! lib_installed "json-glib-1.0" "$json_glib_version"
+	then
+		if [ ! -e "$file" ]
+		then
+			curl -L -O "$gnome_dl/json-glib/${json_major}.${json_minor}/$file"
+		fi
+		compile json-glib json-glib-${json_glib_version}.tar.xz json-glib-${json_glib_version}
+	fi
+}
+
+function gcc_setup {
+	cmd="gcc"
+	if ! cmd_installed "$cmd"
+	then
+		# build gcc (required for qemu-lite)
+		gcc_dir="gcc-${gcc_version}"
+		gcc_site="https://mirrors.kernel.org/gnu/gcc/${gcc_dir}"
+		gcc_file="gcc-${gcc_version}.tar.bz2"
+		gcc_url="${gcc_site}/${gcc_file}"
+
+		if [ ! -e "$gcc_file" ]
+		then
+			curl -L -O "$gcc_url"
+		fi
+		gcc_opts=""
+		gcc_opts+=" --enable-languages=c"
+		gcc_opts+=" --disable-multilib"
+		gcc_opts+=" --disable-libstdcxx"
+		gcc_opts+=" --disable-bootstrap"
+		gcc_opts+=" --disable-nls"
+		gcc_opts+=" --prefix=\"${prefix_dir}\""
+		compile gcc "$gcc_file" "$gcc_dir" "$gcc_opts"
+	fi
+	# Use built version of gcc
+	export CC="${prefix_dir}/bin/gcc"
+}
+
+function qemu_lite_setup {
+	cmd="qemu-system-x86_64"
+	if ! cmd_installed "$cmd"
+	then
+		qemu_lite_site="https://github.com/01org/qemu-lite/archive/"
+		qemu_lite_file="${qemu_lite_version}.tar.gz"
+		qemu_lite_url="${qemu_lite_site}/${qemu_lite_file}"
+		qemu_lite_dir="qemu-lite-${qemu_lite_version}"
+		qemu_lite_opts=""
+		qemu_lite_opts+=" --disable-bluez"
+		qemu_lite_opts+=" --disable-brlapi"
+		qemu_lite_opts+=" --disable-bzip2"
+		qemu_lite_opts+=" --disable-curl"
+		qemu_lite_opts+=" --disable-curses"
+		qemu_lite_opts+=" --disable-debug-tcg"
+		qemu_lite_opts+=" --disable-fdt"
+		qemu_lite_opts+=" --disable-glusterfs"
+		qemu_lite_opts+=" --disable-gtk"
+		qemu_lite_opts+=" --disable-libiscsi"
+		qemu_lite_opts+=" --disable-libnfs"
+		qemu_lite_opts+=" --disable-libssh2"
+		qemu_lite_opts+=" --disable-libusb"
+		qemu_lite_opts+=" --disable-linux-aio"
+		qemu_lite_opts+=" --disable-lzo"
+		qemu_lite_opts+=" --disable-opengl"
+		qemu_lite_opts+=" --disable-qom-cast-debug"
+		qemu_lite_opts+=" --disable-rbd"
+		qemu_lite_opts+=" --disable-rdma"
+		qemu_lite_opts+=" --disable-sdl"
+		qemu_lite_opts+=" --disable-seccomp"
+		qemu_lite_opts+=" --disable-slirp"
+		qemu_lite_opts+=" --disable-snappy"
+		qemu_lite_opts+=" --disable-spice"
+		qemu_lite_opts+=" --disable-strip"
+		qemu_lite_opts+=" --disable-tcg-interpreter"
+		qemu_lite_opts+=" --disable-tcmalloc"
+		qemu_lite_opts+=" --disable-tools"
+		qemu_lite_opts+=" --disable-tpm"
+		qemu_lite_opts+=" --disable-usb-redir"
+		qemu_lite_opts+=" --disable-uuid"
+		qemu_lite_opts+=" --disable-vnc"
+		qemu_lite_opts+=" --disable-vnc-{jpeg,png,sasl}"
+		qemu_lite_opts+=" --disable-vte"
+		qemu_lite_opts+=" --disable-xen"
+		qemu_lite_opts+=" --enable-attr"
+		qemu_lite_opts+=" --enable-cap-ng"
+		qemu_lite_opts+=" --enable-kvm"
+		qemu_lite_opts+=" --enable-virtfs"
+		qemu_lite_opts+=" --enable-vhost-net"
+		qemu_lite_opts+=" --target-list=x86_64-softmmu"
+		qemu_lite_opts+=" --extra-cflags=\"-fno-semantic-interposition -O3 -falign-functions=32\""
+		qemu_lite_opts+=" --prefix=\"${prefix_dir}\""
+		qemu_lite_opts+=" --datadir=\"${prefix_dir}/share/qemu-lite\""
+		qemu_lite_opts+=" --libdir=\"${prefix_dir}/lib64/qemu-lite\""
+		qemu_lite_opts+=" --libexecdir=\"${prefix_dir}/libexec/qemu-lite\""
+
+		if [ ! -e "$qemu_lite_file" ]
+		then
+			curl -L -O "${qemu_lite_url}"
+		fi
+
+		compile qemu-lite "$qemu_lite_file" \
+			"$qemu_lite_dir" "$qemu_lite_opts"
+	fi
+}
diff --git a/versions.txt b/versions.txt
index 5610a3ff..ab0186da 100644
--- a/versions.txt
+++ b/versions.txt
@@ -7,3 +7,12 @@ clear_container_kernel=v4.9.35-76.container
 docker_version=v17.06-ce
 #Supported OCI spec: https://github.com/opencontainers/runtime-spec/releases
 oci_spec_version=v1.0.0-rc5
+
+# Package versions required for CentOS 7 installation.
+gcc_version=6.2.0
+glib_version=2.46.2
+gmp_version=6.1.0
+json_glib_version=1.2.2
+mpc_version=1.0.3
+mpfr_version=3.1.4
+qemu_lite_version=741f430a960b5b67745670e8270db91aeb083c5f