-
Notifications
You must be signed in to change notification settings - Fork 139
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[base/kvm] Add KVM enabled base container #949
Open
nrybowski
wants to merge
9
commits into
UCL-INGI:master
Choose a base branch
from
nrybowski:kvm_container
base: master
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Changes from all commits
Commits
Show all changes
9 commits
Select commit
Hold shift + click to select a range
88d9b49
[base/kvm] Add KVM enabled base container
nrybowski 16303b4
[base/kvm] Fixes + make codacy happy
nrybowski f8a83de
Enable KVM passthrough agent-side
nrybowski ecbcfd2
[base/kvm] Fix virtme patch + add missing telnet config
nrybowski a954d86
[base/kvm] Fix virtme-run path
nrybowski 99a07f6
[base/kvm] Automated KVM launch on student container launch
nrybowski e7c4628
[base/kvm] Launch telnet to KVM at SSH connection
nrybowski 703ba30
[base/kvm] Hardcode qemu-kvm src rpm URL
nrybowski d726555
[env/kvm] Launch task script, if any, on student SSH login
nrybowski File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,102 @@ | ||
ARG VERSION=latest | ||
ARG REGISTRY | ||
|
||
# Rockylinux does not enable 9P virtfs in the shipped QEMU builds, hence we have to rebuild our own version | ||
# Inspired from https://github.com/acudovs/qemu-kvm-virtfs/blob/master/rpmbuild/build | ||
FROM rockylinux:8 as builder | ||
|
||
# Enable additional repos | ||
RUN dnf -y install 'dnf-command(config-manager)' &&\ | ||
dnf config-manager --set-enabled powertools | ||
|
||
# Install dependencies to build QEMU | ||
RUN yum -y update && yum -y install \ | ||
glusterfs-api-devel \ | ||
glusterfs-devel \ | ||
iasl \ | ||
libcacard-devel \ | ||
libpmem-devel \ | ||
nss-devel \ | ||
pkgconfig \ | ||
spice-protocol \ | ||
spice-server-devel \ | ||
usbredir-devel \ | ||
yum-utils \ | ||
'pkgconfig(epoxy)' \ | ||
'pkgconfig(gbm)' \ | ||
'pkgconfig(libdrm)' \ | ||
git | ||
|
||
# Apply patches and build QEMU | ||
WORKDIR /opt | ||
RUN yum-builddep -y qemu-kvm | ||
#RUN yumdownloader --source qemu-kvm | ||
RUN wget "http://download.rockylinux.org/pub/rocky/8/AppStream/source/tree/Packages/q/qemu-kvm-6.2.0-32.module%2Bel8.8.0%2B1279%2B230c2115.src.rpm" | ||
RUN rpm -Uvh qemu-kvm-*.src.rpm | ||
#RUN git clone https://git.rockylinux.org/staging/rpms/qemu-kvm.git &&\ | ||
# git -C qemu-kvm checkout r8s-stream-rhel &&\ | ||
# if [[ ! -d /root/rpmbuild ]]; then mkdir /root/rpmbuild; fi &&\ | ||
# mv qemu-kvm/{SOURCES,SPECS} /root/rpmbuild/ | ||
RUN sed -i -e 's/--disable-virtfs/--enable-virtfs/' \ | ||
-e 's/--disable-virtiofsd/--enable-virtiofsd/g' \ | ||
/root/rpmbuild/SPECS/qemu-kvm.spec | ||
RUN sed -i -e '/^%files -n qemu-kvm-common/,/^$/s/^$/%{_bindir}\/virtfs-proxy-helper\n%{_mandir}\/man1\/virtfs-proxy-helper.1.gz\n/' \ | ||
-e '/^%if %{rhev}$/,/^%else$/s/pkgsuffix -ev/pkgsuffix -virtfs/' \ | ||
-e '/%define rhel_rhev_conflicts()/ a Provides: %1-ev = %{epoch}:%{version}-%{release} \\\nObsoletes: %1-ev < %{obsoletes_version} \\' \ | ||
-e 's/rm -rf ${RPM_BUILD_ROOT}%{_mandir}\/man1\/virtfs-proxy-helper\*//g' \ | ||
-e 's/rm -rf ${RPM_BUILD_ROOT}%{_libexecdir}\/virtfs-proxy-helper/mv ${RPM_BUILD_ROOT}%{_libexecdir}\/virtfs-proxy-helper ${RPM_BUILD_ROOT}%{_bindir}\/virtfs-proxy-helper/g' \ | ||
/root/rpmbuild/SPECS/qemu-kvm.spec | ||
COPY virtio-9p-pci.patch /root/rpmbuild/SOURCES/ | ||
COPY qemu-kvm.spec.patch /tmp | ||
RUN patch /root/rpmbuild/SPECS/qemu-kvm.spec /tmp/qemu-kvm.spec.patch | ||
#RUN mkdir /tmp/qemu-6.2.0 &&\ | ||
# cp /root/rpmbuild/SOURCES/* /tmp/qemu-6.2.0/ &&\ | ||
# cd /tmp &&\ | ||
# tar cJf /tmp/qemu-6.2.0.tar.xz qemu-6.2.0 &&\ | ||
# mv /tmp/qemu-6.2.0.tar.xz /root/rpmbuild/SOURCES/ | ||
RUN rpmbuild -ba --clean /root/rpmbuild/SPECS/qemu-kvm.spec | ||
|
||
# Build GNU telnetd server since classical builds do not allow running bash as login util | ||
RUN wget "https://ftp.gnu.org/gnu/inetutils/inetutils-2.4.tar.xz" &&\ | ||
tar xf inetutils-2.4.tar.xz &&\ | ||
cd inetutils-2.4 &&\ | ||
./configure --disable-servers --disable-clients --enable-telnetd --enable-telnet &&\ | ||
make -j$(nproc) | ||
|
||
# ===================== | ||
# KVM base container | ||
# ===================== | ||
FROM ${REGISTRY}/inginious/env-base:${VERSION} | ||
anthonygego marked this conversation as resolved.
Show resolved
Hide resolved
|
||
LABEL org.inginious.kvm 1 | ||
|
||
# Install QEMU with 9P virtifs enabled | ||
COPY --from=builder /root/rpmbuild/RPMS/x86_64/qemu-*.rpm /tmp/ | ||
RUN yum localinstall -y /tmp/*rpm &&\ | ||
rm -rf /tmp/*rpm &&\ | ||
ln -s /usr/libexec/qemu-kvm /bin/qemu-kvm | ||
|
||
# Install GNU telnet utils | ||
COPY --from=builder /opt/inetutils-2.4/telnet/telnet /usr/sbin | ||
COPY --from=builder /opt/inetutils-2.4/telnetd/telnetd /usr/sbin | ||
|
||
# Install dependecies | ||
RUN dnf install -y expect xinetd git | ||
|
||
# Make xinet config readable for worker user in SSH container | ||
RUN chmod 644 /etc/xinetd.conf | ||
|
||
# Install virtme | ||
WORKDIR /opt | ||
COPY virtme.patch . | ||
RUN git clone https://github.com/amluto/virtme &&\ | ||
git -C virtme apply < virtme.patch &&\ | ||
ln -s $(pwd)/virtme/virtme-run /bin/virtme-run | ||
|
||
WORKDIR / | ||
|
||
# Get expect script launching the VM | ||
COPY run.expect setup.sh telnet_login.sh / | ||
ENV KVM_START_PATH=/run.expect | ||
|
||
# Add telnetd config | ||
COPY telnet /etc/xinetd.d/ |
Empty file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
--- qemu-kvm.spec 2023-05-22 13:26:12.087046202 +0000 | ||
+++ /root/rpmbuild/SPECS/qemu-kvm.spec 2023-05-22 12:40:09.838715272 +0000 | ||
@@ -652,6 +652,8 @@ | ||
Patch256: kvm-dma-helpers-prevent-dma_blk_cb-vs-dma_aio_cancel-rac.patch | ||
# For bz#2090990 - qemu crash with error scsi_req_unref(SCSIRequest *): Assertion `req->refcount > 0' failed or scsi_dma_complete(void *, int): Assertion `r->req.aiocb != NULL' failed [8.7.0] | ||
Patch257: kvm-virtio-scsi-reset-SCSI-devices-from-main-loop-thread.patch | ||
+# Enable 9P virtfs | ||
+Patch258: virtio-9p-pci.patch | ||
|
||
BuildRequires: wget | ||
BuildRequires: rpm-build |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
#!/usr/bin/expect -f | ||
|
||
log_user 0 | ||
set timeout 600 | ||
spawn /setup.sh | ||
expect "virtme-init: console is ttyS0\r" | ||
send -- "ip a add 10.0.2.15/24 dev enp0s2\r" | ||
send -- "ip l set dev enp0s2 up\r" | ||
send -- "touch /tmp/student/.telnet\r" | ||
send -- "stdbuf -oL xinetd -d\r" | ||
wait |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
#! /bin/bash -x | ||
|
||
# Load env variables | ||
STUDENT_DIR=/task/student | ||
KVM_DIR="${STUDENT_DIR}/kvm" | ||
SCRIPTS_DIR="${STUDENT_DIR}/scripts" | ||
STUDENT_LOGIN="${SCRIPTS_DIR}/student_login" | ||
|
||
# Set kvm group in human-readable way | ||
groupdel kvm | ||
groupadd -g $(stat -c '%g' /dev/kvm) kvm | ||
|
||
# Create RW dir mounted in the KVM | ||
mkdir "${KVM_DIR}" | ||
chown worker:worker /task | ||
chown worker:worker "${KVM_DIR}" | ||
|
||
# Copy the kernel in a path readable by "worker" within the SSH container | ||
cp "${SCRIPTS_DIR}/bzImage" /tmp | ||
|
||
# Copy student_login file, if any, in a path readable by "worker" within the VM | ||
if [[ -f "${STUDENT_LOGIN}" ]] | ||
then | ||
cp "${STUDENT_LOGIN}" / | ||
fi | ||
|
||
# Launch the KVM as "worker" | ||
su - worker -G worker -G kvm -c "virtme-run --cpus 2 --memory 256 --kimg /tmp/bzImage --rwdir=/tmp/student=${KVM_DIR}" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
service telnet | ||
{ | ||
flags = REUSE IPv4 | ||
socket_type = stream | ||
wait = no | ||
user = root | ||
server = /usr/sbin/telnetd | ||
server_args = -E /telnet_login.sh | ||
disable = no | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
#! /bin/bash | ||
|
||
FIRST=/tmp/.first | ||
STUDENT_LOGIN="/student_login" | ||
|
||
if [[ ! -f "${FIRST}" ]] | ||
then | ||
# On first login within the KVM | ||
touch "${FIRST}" | ||
|
||
if [[ -f "${STUDENT_LOGIN}" ]] | ||
then | ||
# If the task specifies a given setup to launch (e.g. a mininet script), run it | ||
./"${STUDENT_LOGIN}" | ||
else | ||
# Else, simply spawn a shell in the KVM | ||
/bin/bash | ||
fi | ||
else | ||
/bin/bash | ||
fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
+++ a/configs/devices/x86_64-softmmu/x86_64-rh-devices.mak 2023-05-22 12:17:06.102529121 +0000 | ||
--- /dev/null | ||
@@ -90,6 +90,7 @@ | ||
CONFIG_VHOST_USER_BLK=y | ||
CONFIG_VIRTIO_PCI=y | ||
CONFIG_VIRTIO_VGA=y | ||
+CONFIG_VIRTIO_9P=y | ||
CONFIG_VMMOUSE=y | ||
CONFIG_VMPORT=y | ||
CONFIG_VTD=y |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
diff --git a/virtme/architectures.py b/virtme/architectures.py | ||
index ba16138..6bc5e42 100644 | ||
--- a/virtme/architectures.py | ||
+++ b/virtme/architectures.py | ||
@@ -71,7 +71,7 @@ class Arch_x86(Arch): | ||
ret = Arch.qemuargs(is_native) | ||
|
||
# Add a watchdog. This is useful for testing. | ||
- ret.extend(['-watchdog', 'i6300esb']) | ||
+ ret.extend(['-device', 'i6300esb', '-action', 'watchdog=pause']) | ||
|
||
if is_native and os.access('/dev/kvm', os.R_OK): | ||
# If we're likely to use KVM, request a full-featured CPU. | ||
diff --git a/virtme/commands/run.py b/virtme/commands/run.py | ||
index 8cecb07..9b082c0 100644 | ||
--- a/virtme/commands/run.py | ||
+++ b/virtme/commands/run.py | ||
@@ -367,6 +367,7 @@ def do_it() -> int: | ||
# Set up / override baseline devices | ||
qemuargs.extend(['-parallel', 'none']) | ||
qemuargs.extend(['-net', 'none']) | ||
+ qemuargs.extend(['-nic', 'user,hostfwd=tcp::2223-:23']) | ||
|
||
if not args.graphics and not args.script_sh and not args.script_exec: | ||
# It would be nice to use virtconsole, but it's terminally broken |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd document the args at both sides, here and at the call side in
_docker_interface.py
(to avoid implementing a useless argumentparser that would be self documenting)There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The arguments managment will be replaced by an argparser.