diff mbox series

vm_images: Update to handle additional host configurations

Message ID 20220302170637.24095-1-ohilyard@iol.unh.edu (mailing list archive)
State Accepted
Headers show
Series vm_images: Update to handle additional host configurations | expand

Checks

Context Check Description
ci/Intel-dts-suite-test warning SKIPPED

Commit Message

Owen Hilyard March 2, 2022, 5:06 p.m. UTC
From: Owen Hilyard <ohilyard@iol.unh.edu>

While doing testing on UNH's ARM system, there were a few edge cases. Namely
that docker must be run in privileged mode. This is not due to ARM but
SeLinux/AppArmor getting the way of accessing some of kvm's resources
while in an unprivileged namespace. Issues with passing through the
hardware clock resulted in both the addition of chronyd and trusting the
ssl certificates on python's pip repositories while installing meson due
to issues with SSL and the VM time starting at Jan 1, 1970.

Signed-off-by: Owen Hilyard <ohilyard@iol.unh.edu>
---
 vm_images/Dockerfile         |  2 +-
 vm_images/create_vm_image.py | 12 ++++++++----
 2 files changed, 9 insertions(+), 5 deletions(-)

Comments

Tu, Lijuan March 23, 2022, 8:13 a.m. UTC | #1
On Wed,  2 Mar 2022 12:06:37 -0500, ohilyard@iol.unh.edu wrote:
> From: Owen Hilyard <ohilyard@iol.unh.edu>
> 
> While doing testing on UNH's ARM system, there were a few edge cases. Namely
> that docker must be run in privileged mode. This is not due to ARM but
> SeLinux/AppArmor getting the way of accessing some of kvm's resources
> while in an unprivileged namespace. Issues with passing through the
> hardware clock resulted in both the addition of chronyd and trusting the
> ssl certificates on python's pip repositories while installing meson due
> to issues with SSL and the VM time starting at Jan 1, 1970.
> 
> Signed-off-by: Owen Hilyard <ohilyard@iol.unh.edu>


Applied, thanks
diff mbox series

Patch

diff --git a/vm_images/Dockerfile b/vm_images/Dockerfile
index e3f1e0d9..ce4dbca4 100644
--- a/vm_images/Dockerfile
+++ b/vm_images/Dockerfile
@@ -6,4 +6,4 @@  RUN apt-get update && apt-get upgrade -y
 
 RUN apt-get install --no-install-recommends -y libguestfs-tools \
     qemu linux-image-generic qemu-kvm libvirt-daemon-system libvirt-clients bridge-utils \
-    linux-image-unsigned-5.11.0-46-generic
\ No newline at end of file
+    linux-image-unsigned-5.11.0-46-generic qemu-system-x86
diff --git a/vm_images/create_vm_image.py b/vm_images/create_vm_image.py
index 88ffc7f9..8a010c99 100755
--- a/vm_images/create_vm_image.py
+++ b/vm_images/create_vm_image.py
@@ -153,7 +153,7 @@  def run_subprocess(
         "docker",
         "run",
         # The container needs to access QEMU/KVM
-        # "--privileged",
+        "--privileged",
         "-d",
         "--platform",
     ]
@@ -262,14 +262,13 @@  def get_virt_customize_command(
     os_family_tags: Set[OsFamily], output_path: str, root_password: str
 ) -> str:
     commands = [
-        f"virt-customize -a {output_path} --root-password password:{root_password} --update",
+        f"virt-customize -a {output_path} --root-password password:{root_password} --update"
     ]
 
     commands = commands + get_enable_additional_repos_commands(os_family_tags)
 
     packages = get_packages_for_os_family(os_family_tags)
     packagelist = ",".join(packages)
-    commands += (f"--run-command dhclient",)
     commands += (f"--install {packagelist}",)
     commands += (f"--run-command {get_install_meson_command(os_family_tags)}",)
     commands += (f"--run-command {get_setup_hugepages_command(os_family_tags)}",)
@@ -324,6 +323,7 @@  def get_packages_for_os_family(os_family_tags: Set[OsFamily]) -> List[str]:
             "python3-setuptools",
             "python3-wheel",
             "iperf",
+            "chrony",
         ]
     elif OsFamily.RHEL in os_family_tags:
         return [
@@ -354,7 +354,9 @@  def get_packages_for_os_family(os_family_tags: Set[OsFamily]) -> List[str]:
 
 def get_install_meson_command(os_family_tags: Set[OsFamily]) -> str:
     if OsFamily.DEBIAN in os_family_tags or OsFamily.RHEL in os_family_tags:
-        return '"python3 -m pip install meson"'
+        # the "--trusted-host" flags are included because the date on the system will be Jan 1, 1970 due to the way
+        # guestfs-tools starts the vm. This breaks pip's ssl, so making these hosts trusted fixes that.
+        return '"python3 -m pip install --trusted-host pypi.org --trusted-host pypi.python.org --trusted-host files.pythonhosted.org meson"'
     else:
         error(f"Unknown command to install meson for {os_family_tags}")
 
@@ -426,6 +428,8 @@  def get_image_info(base_image_path: str) -> (OsFamily, Arch):
         base_image_path,
     ]
 
+    print(" ".join(command))
+
     proc = subprocess.run(command, capture_output=True)
     if proc.returncode != 0:
         print(proc.stdout)