jodh-intel/kata-2.0-agent-tracing-setup.sh

## kata-2.0-agent-tracing-setup.sh
#!/bin/bash
#
# Copyright (c) 2021 Intel Corporation
#
# SPDX-License-Identifier: Apache-2.0

#---------------------------------------------------------------------
# FIXME: - start trace forwarder!
#---------------------------------------------------------------------

readonly script_name=${0##*/}

# XXX:
#default_distro="clearlinux"
default_distro="centos"

distro="${distro:-${default_distro}}"
rootfs="${rootfs:-}"

set -o errexit
set -o nounset
set -o pipefail
set -o errtrace

[ -n "${DEBUG:-}" ] && set -o xtrace

[ -e ~/bin/libutil.sh ] && source ~/bin/libutil.sh

usage()
{
    cat <<EOT
Usage: $script_name [options]

Description: FIXME.

Options:

 -h       : Show this help statement.

Notes:

FIXME

Examples:

FIXME

EOT
}

setup()
{
    [ -z "$GOPATH" ] && die "need GOPATH"
    [ -z "$distro" ] && die "need distro"

    if [ -z "$rootfs" ]
    then
        local osbuilder_dir=$(goto_dir "tools/osbuilder" && echo "$PWD")

        rootfs="${osbuilder_dir}/${distro}_rootfs"
    fi

    local deps=()

    deps+=("chronic:moreutils")
    deps+=("crudini:crudini")

    local dep

    for dep in ${deps[@]}
    do
        local cmd=$(echo "$dep"|cut -d: -f1)
        local pkg=$(echo "$dep"|cut -d: -f2-)

        local result=$(command -v "$cmd" || true)

        [ -z "$result" ] && sudo apt -y install "$pkg"
    done

    # Install Kata if required
    kata-runtime &>/dev/null || \
        bash -c "$(curl -fsSL \
            https://raw.githubusercontent.com/kata-containers/kata-containers/main/utils/kata-manager.sh)"

    # Create local config
    handle_config
}

# 'cd' to the specified top-level repo sub-directory from an arbitrary repo
# directory.
goto_dir()
{
    local dir="${1:-}"

    [ -z "$dir" ] && die "need sub-dir below repo root dir"

    local cwd="$PWD"

    local git_dir=$(git rev-parse --git-dir)

    local top_level_dir=$(echo "$git_dir"|sed 's/\.git$//g')

    [ -z "$top_level_dir" ] && top_level_dir="$cwd"

    #info "$top_level_dir"

    pushd "${top_level_dir}/${dir}" &>/dev/null
}

handle_config()
{
    local cfg_file="/etc/kata-containers/configuration.toml"

    if [ ! -e "$cfg_file" ]
    then
        sudo mkdir -p $(dirname "$cfg_file")

        local cfg

        for cfg in \
            "/opt/kata/share/defaults/kata-containers/configuration.toml" \
            "/usr/share/defaults/kata-containers/configuration.toml"
        do
            [ -e "$cfg" ] && sudo cp "$cfg" "$cfg_file" && break
        done
    fi

    [ -e "$cfg_file" ] || die "cannot create local config file: $cfg_file"

    #----------------------------------------------------------------
    # Enable debug
    #
    # Note: Don't use 'kata-manager.sh "enable-debug"' since this enables all
    # debug (including the problematic hypervisor debug - see below).
    sudo crudini --set "$cfg_file" agent.kata enable_debug 'true'
    sudo crudini --set "$cfg_file" runtime enable_debug 'true'

    # CRITICAL: XXX: For Kata 2.x, hypervisor debug *MUST* be *DISABLED*; if
    # enabled, it stops kata-debug.service from attaching to the console and
    # the socat call made on the client hangs until the VM is shut
    # down!
    sudo crudini --set "$cfg_file" hypervisor.qemu enable_debug 'false'

    #----------------------------------------------------------------
    # Enable agent tracing

    sudo crudini --set "$cfg_file" agent.kata enable_tracing 'true'
    sudo crudini --set "$cfg_file" agent.kata trace_mode '"static"'
}

build_runtime()
{
    info "Building runtime"

    goto_dir "src/runtime"

    make && sudo make install

    local file

    for file in \
        "containerd-shim-kata-v2" \
        "kata-runtime"
        do
            sudo ln -sf "/usr/local/bin/$file" /usr/bin
        done
}

handle_runtime()
{
    build_runtime
}

build_agent()
{
    info "Building agent"

    goto_dir "src/agent"

    make
}

handle_agent()
{
    build_agent
}

install_agent_to_rootfs()
{
    goto_dir "tools/osbuilder"

    info "Installing latest agent to rootfs"

    [ -d "$rootfs" ] || die "rootfs does not exist: $rootfs"

    # Install agent to osbuilder rootfs
    local dir="${rootfs}/etc/systemd/system/kata-agent.service.d/"
    sudo mkdir -p "$dir"

    # XXX: Now install latest version of the rust agent.
    local agent_dir="${PWD}/../../src/agent"

    local agent_binaries=$(find "${agent_dir}/target" -type f -name "kata-agent")

    local count=$(echo "$agent_binaries"|wc -l)

    [ "$count" -eq 1 ] || die "expected 1 agent binary found $count: $agent_binaries"

    local agent_binary=$(readlink -f "$agent_binaries")

    info "Adding agent $agent_binary to rootfs ($rootfs)"

    sudo install -o root -g root -m 0550 -t ${rootfs}/bin "${agent_binary}"

    sudo install -o root -g root -m 0440 \
        "${agent_dir}/kata-agent.service" \
        ${rootfs}/usr/lib/systemd/system/

    sudo install -o root -g root -m 0440 \
        "${agent_dir}/kata-containers.target" \
        ${rootfs}/usr/lib/systemd/system/
}

make_rootfs()
{
    [ -z "$rootfs" ] && die "need rootfs"

    info "Making rootfs"

    goto_dir "tools/osbuilder"

    local pkgs=$(get_pkgs)

    local lockfile=".${rootfs}.done"

    # Required to ensure make actually builds something
    # in the scenario when an old rootfs has been deleted.
    sudo rm -f "$lockfile"

    # Build the default rootfs with the latest rust agent.
    sudo -E PATH="$PATH" \
        GOPATH="$GOPATH" \
        make \
        USE_DOCKER="true" \
        DISTRO="$distro" \
        DISTRO_ROOTFS="$rootfs" \
        EXTRA_PKGS="$pkgs" \
        AGENT_INIT=no \
        rootfs

    install_agent_to_rootfs
}

make_image()
{
    [ -z "$rootfs" ] && die "need rootfs"
    [ -d "$rootfs" ] || die "rootfs does not exist: $rootfs"

    info "Making image"

    goto_dir "tools/osbuilder"

    sudo -E PATH="$PATH" \
        GOPATH="$GOPATH" \
        make USE_DOCKER="true" \
        DISTRO="$distro" \
        DISTRO_ROOTFS="$rootfs" \
        image
}

install_image()
{
    goto_dir "tools/osbuilder"

    info "Installing image"

    local image_name="kata-containers.img"

    [ -e "$image_name" ] || die "image does not exist: $image_name"

    #------------------------------
    # Packaged version
    ##install_dir="/usr/share/kata-containers"

    # GitHub release version (static binaries)
    install_dir="/opt/kata/share/kata-containers/"

    #------------------------------

    local commit=$(git log --format=%h -1 HEAD)
    local date=$(date +%Y-%m-%d-%T.%N%z)
    local image="kata-containers-${date}-${distro}-kata-containers.img${commit}"

    local dest="${install_dir}/${image}"

    sudo install -o root -g root -m 0640 -D "$image_name" "$dest"

    (cd "$install_dir" && sudo ln -sf "$image" "$image_name")

    info "Image installed at $dest (and linked as $image_name)"

    sudo rm "$image_name"
}

get_pkgs()
{
    local pkgs=()

    if [ "$distro" = "clearlinux" ]; then

        pkgs+=("bash-bin")
        pkgs+=("binutils")
        pkgs+=("coreutils-bin")
        pkgs+=("curl-bin")
        pkgs+=("gdb-bin")
        pkgs+=("grep-bin")
        pkgs+=("htop-bin")
        pkgs+=("iproute2-bin")
        pkgs+=("kmod-bin")
        pkgs+=("less-bin")
        pkgs+=("make-bin")
        pkgs+=("nano-bin")
        pkgs+=("ncurses-bin")
        pkgs+=("net-tools-bin")
        pkgs+=("nmap-bin")
        pkgs+=("pigz-bin")
        pkgs+=("procps-ng-bin")
        pkgs+=("psstop-bin")
        pkgs+=("sed-bin")
        pkgs+=("socat-bin")
        pkgs+=("strace-bin")
        pkgs+=("tar-bin")
        pkgs+=("util-linux-bin")
        pkgs+=("vim-bin")
        pkgs+=("which-bin")
        pkgs+=("xz-bin")

    elif [ "$distro" = "centos" ]; then

        pkgs+=("bash")
        pkgs+=("binutils")
        pkgs+=("busybox")
        pkgs+=("coreutils")
        pkgs+=("curl")
        pkgs+=("gdb")
        pkgs+=("grep")
        pkgs+=("htop")
        pkgs+=("iproute")
        pkgs+=("kmod-bin")
        pkgs+=("less")
        pkgs+=("make")
        pkgs+=("nano")
        pkgs+=("net-tools")
        pkgs+=("nmap")
        pkgs+=("pigz")
        pkgs+=("procps-ng")
        pkgs+=("rust-gdb")
        pkgs+=("sed")
        pkgs+=("socat")
        pkgs+=("strace")
        pkgs+=("tar")
        pkgs+=("util-linux")
        pkgs+=("xz")

    else
        die "need to define packages for distro '$distro'"
    fi

    echo "${pkgs[@]}"
}

handle_image()
{
    handle_agent

    make_rootfs
    make_image
    install_image
}

handle_rootfs()
{
    goto_dir "tools/osbuilder"

    make_rootfs
}

handle_agent_update()
{
    handle_agent

    install_agent_to_rootfs
}

handle_rootfs_update()
{
    handle_agent_update

    make_rootfs
}

handle_image_update()
{
    handle_agent

    install_agent_to_rootfs

    make_image

    install_image
}

handle_all()
{
    handle_runtime
    handle_image
}

handle_args()
{
    local cmd="${1:-}"

    case "$cmd" in

        # XXX: the useful one!
        add-agent-to-image) handle_image_update ;;

        add-agent-to-rootfs) handle_agent_update ;;
        agent) handle_agent ;;
        all) handle_all ;;
        image-from-rootfs) handle_rootfs_update ;;
        install-image) install_image ;;
        new-image) handle_image ;;
        new-rootfs) handle_rootfs ;;
        runtime) handle_runtime ;;

        *) die "invalid command: '$cmd'" ;;
    esac
}

main()
{
    local cmd="${1:-}"

    case "$cmd" in
        -h|--help|help) usage; exit 0 ;;
    esac

    setup

    handle_args "$@"
}

main "$@"
	#!/bin/bash
	#
	# Copyright (c) 2021 Intel Corporation
	#
	# SPDX-License-Identifier: Apache-2.0

	#---------------------------------------------------------------------
	# FIXME: - start trace forwarder!
	#---------------------------------------------------------------------

	readonly script_name=${0##*/}

	# XXX:
	#default_distro="clearlinux"
	default_distro="centos"

	distro="${distro:-${default_distro}}"
	rootfs="${rootfs:-}"

	set -o errexit
	set -o nounset
	set -o pipefail
	set -o errtrace

	[ -n "${DEBUG:-}" ] && set -o xtrace

	[ -e ~/bin/libutil.sh ] && source ~/bin/libutil.sh

	usage()
	{
	cat <<EOT
	Usage: $script_name [options]

	Description: FIXME.

	Options:

	-h : Show this help statement.

	Notes:

	FIXME

	Examples:

	FIXME

	EOT
	}

	setup()
	{
	[ -z "$GOPATH" ] && die "need GOPATH"
	[ -z "$distro" ] && die "need distro"

	if [ -z "$rootfs" ]
	then
	local osbuilder_dir=$(goto_dir "tools/osbuilder" && echo "$PWD")

	rootfs="${osbuilder_dir}/${distro}_rootfs"
	fi

	local deps=()

	deps+=("chronic:moreutils")
	deps+=("crudini:crudini")

	local dep

	for dep in ${deps[@]}
	do
	local cmd=$(echo "$dep"\|cut -d: -f1)
	local pkg=$(echo "$dep"\|cut -d: -f2-)

	local result=$(command -v "$cmd" \|\| true)

	[ -z "$result" ] && sudo apt -y install "$pkg"
	done

	# Install Kata if required
	kata-runtime &>/dev/null \|\| \
	bash -c "$(curl -fsSL \
	https://raw.githubusercontent.com/kata-containers/kata-containers/main/utils/kata-manager.sh)"

	# Create local config
	handle_config
	}

	# 'cd' to the specified top-level repo sub-directory from an arbitrary repo
	# directory.
	goto_dir()
	{
	local dir="${1:-}"

	[ -z "$dir" ] && die "need sub-dir below repo root dir"

	local cwd="$PWD"

	local git_dir=$(git rev-parse --git-dir)

	local top_level_dir=$(echo "$git_dir"\|sed 's/\.git$//g')

	[ -z "$top_level_dir" ] && top_level_dir="$cwd"

	#info "$top_level_dir"

	pushd "${top_level_dir}/${dir}" &>/dev/null
	}

	handle_config()
	{
	local cfg_file="/etc/kata-containers/configuration.toml"

	if [ ! -e "$cfg_file" ]
	then
	sudo mkdir -p $(dirname "$cfg_file")

	local cfg

	for cfg in \
	"/opt/kata/share/defaults/kata-containers/configuration.toml" \
	"/usr/share/defaults/kata-containers/configuration.toml"
	do
	[ -e "$cfg" ] && sudo cp "$cfg" "$cfg_file" && break
	done
	fi

	[ -e "$cfg_file" ] \|\| die "cannot create local config file: $cfg_file"

	#----------------------------------------------------------------
	# Enable debug
	#
	# Note: Don't use 'kata-manager.sh "enable-debug"' since this enables all
	# debug (including the problematic hypervisor debug - see below).
	sudo crudini --set "$cfg_file" agent.kata enable_debug 'true'
	sudo crudini --set "$cfg_file" runtime enable_debug 'true'

	# CRITICAL: XXX: For Kata 2.x, hypervisor debug MUST be DISABLED; if
	# enabled, it stops kata-debug.service from attaching to the console and
	# the socat call made on the client hangs until the VM is shut
	# down!
	sudo crudini --set "$cfg_file" hypervisor.qemu enable_debug 'false'

	#----------------------------------------------------------------
	# Enable agent tracing

	sudo crudini --set "$cfg_file" agent.kata enable_tracing 'true'
	sudo crudini --set "$cfg_file" agent.kata trace_mode '"static"'
	}

	build_runtime()
	{
	info "Building runtime"

	goto_dir "src/runtime"

	make && sudo make install

	local file

	for file in \
	"containerd-shim-kata-v2" \
	"kata-runtime"
	do
	sudo ln -sf "/usr/local/bin/$file" /usr/bin
	done
	}

	handle_runtime()
	{
	build_runtime
	}

	build_agent()
	{
	info "Building agent"

	goto_dir "src/agent"

	make
	}

	handle_agent()
	{
	build_agent
	}

	install_agent_to_rootfs()
	{
	goto_dir "tools/osbuilder"

	info "Installing latest agent to rootfs"

	[ -d "$rootfs" ] \|\| die "rootfs does not exist: $rootfs"

	# Install agent to osbuilder rootfs
	local dir="${rootfs}/etc/systemd/system/kata-agent.service.d/"
	sudo mkdir -p "$dir"

	# XXX: Now install latest version of the rust agent.
	local agent_dir="${PWD}/../../src/agent"

	local agent_binaries=$(find "${agent_dir}/target" -type f -name "kata-agent")

	local count=$(echo "$agent_binaries"\|wc -l)

	[ "$count" -eq 1 ] \|\| die "expected 1 agent binary found $count: $agent_binaries"

	local agent_binary=$(readlink -f "$agent_binaries")

	info "Adding agent $agent_binary to rootfs ($rootfs)"

	sudo install -o root -g root -m 0550 -t ${rootfs}/bin "${agent_binary}"

	sudo install -o root -g root -m 0440 \
	"${agent_dir}/kata-agent.service" \
	${rootfs}/usr/lib/systemd/system/

	sudo install -o root -g root -m 0440 \
	"${agent_dir}/kata-containers.target" \
	${rootfs}/usr/lib/systemd/system/
	}

	make_rootfs()
	{
	[ -z "$rootfs" ] && die "need rootfs"

	info "Making rootfs"

	goto_dir "tools/osbuilder"

	local pkgs=$(get_pkgs)

	local lockfile=".${rootfs}.done"

	# Required to ensure make actually builds something
	# in the scenario when an old rootfs has been deleted.
	sudo rm -f "$lockfile"

	# Build the default rootfs with the latest rust agent.
	sudo -E PATH="$PATH" \
	GOPATH="$GOPATH" \
	make \
	USE_DOCKER="true" \
	DISTRO="$distro" \
	DISTRO_ROOTFS="$rootfs" \
	EXTRA_PKGS="$pkgs" \
	AGENT_INIT=no \
	rootfs

	install_agent_to_rootfs
	}

	make_image()
	{
	[ -z "$rootfs" ] && die "need rootfs"
	[ -d "$rootfs" ] \|\| die "rootfs does not exist: $rootfs"

	info "Making image"

	goto_dir "tools/osbuilder"

	sudo -E PATH="$PATH" \
	GOPATH="$GOPATH" \
	make USE_DOCKER="true" \
	DISTRO="$distro" \
	DISTRO_ROOTFS="$rootfs" \
	image
	}

	install_image()
	{
	goto_dir "tools/osbuilder"

	info "Installing image"

	local image_name="kata-containers.img"

	[ -e "$image_name" ] \|\| die "image does not exist: $image_name"

	#------------------------------
	# Packaged version
	##install_dir="/usr/share/kata-containers"

	# GitHub release version (static binaries)
	install_dir="/opt/kata/share/kata-containers/"

	#------------------------------

	local commit=$(git log --format=%h -1 HEAD)
	local date=$(date +%Y-%m-%d-%T.%N%z)
	local image="kata-containers-${date}-${distro}-kata-containers.img${commit}"

	local dest="${install_dir}/${image}"

	sudo install -o root -g root -m 0640 -D "$image_name" "$dest"

	(cd "$install_dir" && sudo ln -sf "$image" "$image_name")

	info "Image installed at $dest (and linked as $image_name)"

	sudo rm "$image_name"
	}

	get_pkgs()
	{
	local pkgs=()

	if [ "$distro" = "clearlinux" ]; then

	pkgs+=("bash-bin")
	pkgs+=("binutils")
	pkgs+=("coreutils-bin")
	pkgs+=("curl-bin")
	pkgs+=("gdb-bin")
	pkgs+=("grep-bin")
	pkgs+=("htop-bin")
	pkgs+=("iproute2-bin")
	pkgs+=("kmod-bin")
	pkgs+=("less-bin")
	pkgs+=("make-bin")
	pkgs+=("nano-bin")
	pkgs+=("ncurses-bin")
	pkgs+=("net-tools-bin")
	pkgs+=("nmap-bin")
	pkgs+=("pigz-bin")
	pkgs+=("procps-ng-bin")
	pkgs+=("psstop-bin")
	pkgs+=("sed-bin")
	pkgs+=("socat-bin")
	pkgs+=("strace-bin")
	pkgs+=("tar-bin")
	pkgs+=("util-linux-bin")
	pkgs+=("vim-bin")
	pkgs+=("which-bin")
	pkgs+=("xz-bin")

	elif [ "$distro" = "centos" ]; then

	pkgs+=("bash")
	pkgs+=("binutils")
	pkgs+=("busybox")
	pkgs+=("coreutils")
	pkgs+=("curl")
	pkgs+=("gdb")
	pkgs+=("grep")
	pkgs+=("htop")
	pkgs+=("iproute")
	pkgs+=("kmod-bin")
	pkgs+=("less")
	pkgs+=("make")
	pkgs+=("nano")
	pkgs+=("net-tools")
	pkgs+=("nmap")
	pkgs+=("pigz")
	pkgs+=("procps-ng")
	pkgs+=("rust-gdb")
	pkgs+=("sed")
	pkgs+=("socat")
	pkgs+=("strace")
	pkgs+=("tar")
	pkgs+=("util-linux")
	pkgs+=("xz")

	else
	die "need to define packages for distro '$distro'"
	fi

	echo "${pkgs[@]}"
	}

	handle_image()
	{
	handle_agent

	make_rootfs
	make_image
	install_image
	}

	handle_rootfs()
	{
	goto_dir "tools/osbuilder"

	make_rootfs
	}

	handle_agent_update()
	{
	handle_agent

	install_agent_to_rootfs
	}

	handle_rootfs_update()
	{
	handle_agent_update

	make_rootfs
	}

	handle_image_update()
	{
	handle_agent

	install_agent_to_rootfs

	make_image

	install_image
	}

	handle_all()
	{
	handle_runtime
	handle_image
	}

	handle_args()
	{
	local cmd="${1:-}"

	case "$cmd" in

	# XXX: the useful one!
	add-agent-to-image) handle_image_update ;;

	add-agent-to-rootfs) handle_agent_update ;;
	agent) handle_agent ;;
	all) handle_all ;;
	image-from-rootfs) handle_rootfs_update ;;
	install-image) install_image ;;
	new-image) handle_image ;;
	new-rootfs) handle_rootfs ;;
	runtime) handle_runtime ;;

	*) die "invalid command: '$cmd'" ;;
	esac
	}

	main()
	{
	local cmd="${1:-}"

	case "$cmd" in
	-h\|--help\|help) usage; exit 0 ;;
	esac

	setup

	handle_args "$@"
	}

	main "$@"