diff options
Diffstat (limited to 'external/meta-virtualization/recipes-containers/cri-o')
3 files changed, 308 insertions, 0 deletions
diff --git a/external/meta-virtualization/recipes-containers/cri-o/cri-o_git.bb b/external/meta-virtualization/recipes-containers/cri-o/cri-o_git.bb new file mode 100644 index 00000000..822c57ff --- /dev/null +++ b/external/meta-virtualization/recipes-containers/cri-o/cri-o_git.bb @@ -0,0 +1,135 @@ +HOMEPAGE = "https://github.com/kubernetes-sigs/cri-o" +SUMMARY = "Open Container Initiative-based implementation of Kubernetes Container Runtime Interface" +DESCRIPTION = "cri-o is meant to provide an integration path between OCI conformant \ +runtimes and the kubelet. Specifically, it implements the Kubelet Container Runtime \ +Interface (CRI) using OCI conformant runtimes. The scope of cri-o is tied to the scope of the CRI. \ +. \ +At a high level, we expect the scope of cri-o to be restricted to the following functionalities: \ +. \ + - Support multiple image formats including the existing Docker image format \ + - Support for multiple means to download images including trust & image verification \ + - Container image management (managing image layers, overlay filesystems, etc) \ + - Container process lifecycle management \ + - Monitoring and logging required to satisfy the CRI \ + - Resource isolation as required by the CRI \ + " + +SRCREV_cri-o = "774a29ecf6855f2dff266dc2aa2fe81d7d964465" +SRC_URI = "\ + git://github.com/kubernetes-sigs/cri-o.git;nobranch=1;name=cri-o \ + file://0001-Makefile-force-symlinks.patch \ + file://crio.conf \ + " + +# Apache-2.0 for docker +LICENSE = "Apache-2.0" +LIC_FILES_CHKSUM = "file://src/import/LICENSE;md5=e3fc50a88d0a364313df4b21ef20c29e" + +GO_IMPORT = "import" + +PV = "1.12.0+git${SRCREV_cri-o}" + +DEPENDS = " \ + glib-2.0 \ + btrfs-tools \ + gpgme \ + ostree \ + libdevmapper \ + " +RDEPENDS_${PN} = " \ + cni \ + " + +PACKAGES =+ "${PN}-config" + +RDEPENDS_${PN} += " virtual/containerd virtual/runc" +RDEPENDS_${PN} += " e2fsprogs-mke2fs" + +inherit systemd +inherit go +inherit goarch +inherit pkgconfig + +EXTRA_OEMAKE="BUILDTAGS=''" + +do_compile() { + export GOARCH="${TARGET_GOARCH}" + export GOROOT="${STAGING_LIBDIR_NATIVE}/${TARGET_SYS}/go" + export GOPATH="${S}/src/import:${S}/src/import/vendor" + + # Pass the needed cflags/ldflags so that cgo + # can find the needed headers files and libraries + export CGO_ENABLED="1" + export CFLAGS="" + export LDFLAGS="" + export CGO_CFLAGS="${BUILDSDK_CFLAGS} --sysroot=${STAGING_DIR_TARGET}" + export CGO_LDFLAGS="${BUILDSDK_LDFLAGS} --sysroot=${STAGING_DIR_TARGET}" + + # link fixups for compilation + rm -f ${S}/src/import/vendor/src + ln -sf ./ ${S}/src/import/vendor/src + + mkdir -p ${S}/src/import/vendor/github.com/kubernetes-sigs/cri-o + ln -sf ../../../../cmd ${S}/src/import/vendor/github.com/kubernetes-sigs/cri-o/cmd + ln -sf ../../../../test ${S}/src/import/vendor/github.com/kubernetes-sigs/cri-o/test + ln -sf ../../../../oci ${S}/src/import/vendor/github.com/kubernetes-sigs/cri-o/oci + ln -sf ../../../../server ${S}/src/import/vendor/github.com/kubernetes-sigs/cri-o/server + ln -sf ../../../../pkg ${S}/src/import/vendor/github.com/kubernetes-sigs/cri-o/pkg + ln -sf ../../../../libpod ${S}/src/import/vendor/github.com/kubernetes-sigs/cri-o/libpod + ln -sf ../../../../libkpod ${S}/src/import/vendor/github.com/kubernetes-sigs/cri-o/libkpod + ln -sf ../../../../utils ${S}/src/import/vendor/github.com/kubernetes-sigs/cri-o/utils + ln -sf ../../../../types ${S}/src/import/vendor/github.com/kubernetes-sigs/cri-o/types + ln -sf ../../../../version ${S}/src/import/vendor/github.com/kubernetes-sigs/cri-o/version + ln -sf ../../../../lib ${S}/src/import/vendor/github.com/kubernetes-sigs/cri-o/lib + + export GOPATH="${S}/src/import/.gopath:${S}/src/import/vendor:${STAGING_DIR_TARGET}/${prefix}/local/go" + export GOROOT="${STAGING_DIR_NATIVE}/${nonarch_libdir}/${HOST_SYS}/go" + + # Pass the needed cflags/ldflags so that cgo + # can find the needed headers files and libraries + export CGO_ENABLED="1" + export CGO_CFLAGS="${CFLAGS} --sysroot=${STAGING_DIR_TARGET}" + export CGO_LDFLAGS="${LDFLAGS} --sysroot=${STAGING_DIR_TARGET}" + + cd ${S}/src/import + + oe_runmake binaries +} + +SYSTEMD_PACKAGES = "${@bb.utils.contains('DISTRO_FEATURES','systemd','${PN}','',d)}" +SYSTEMD_SERVICE_${PN} = "${@bb.utils.contains('DISTRO_FEATURES','systemd','crio.service','',d)}" +SYSTEMD_AUTO_ENABLE_${PN} = "enable" + +do_install() { + localbindir="/usr/local/bin" + + install -d ${D}${localbindir} + install -d ${D}/${libexecdir}/crio + install -d ${D}/${sysconfdir}/crio + install -d ${D}${systemd_unitdir}/system/ + + install ${WORKDIR}/crio.conf ${D}/${sysconfdir}/crio/crio.conf + + # sample config files, they'll go in the ${PN}-config below + install -d ${D}/${sysconfdir}/crio/config/ + install -m 755 -D ${S}/src/import/test/testdata/* ${D}/${sysconfdir}/crio/config/ + + install ${S}/src/import/bin/crio ${D}/${localbindir} + install ${S}/src/import/bin/crio-config ${D}/${localbindir} + + install ${S}/src/import/bin/conmon ${D}/${localbindir}/crio + install ${S}/src/import/bin/pause ${D}/${localbindir}/crio + + install -m 0644 ${S}/src/import/contrib/systemd/crio.service ${D}${systemd_unitdir}/system/ + install -m 0644 ${S}/src/import/contrib/systemd/crio-shutdown.service ${D}${systemd_unitdir}/system/ +} + +FILES_${PN}-config = "${sysconfdir}/crio/config/*" +FILES_${PN} += "${systemd_unitdir}/system/*" +FILES_${PN} += "/usr/local/bin/*" + +INHIBIT_PACKAGE_STRIP = "1" +INSANE_SKIP_${PN} += "ldflags already-stripped" + +deltask compile_ptest_base + diff --git a/external/meta-virtualization/recipes-containers/cri-o/files/0001-Makefile-force-symlinks.patch b/external/meta-virtualization/recipes-containers/cri-o/files/0001-Makefile-force-symlinks.patch new file mode 100644 index 00000000..0b106e41 --- /dev/null +++ b/external/meta-virtualization/recipes-containers/cri-o/files/0001-Makefile-force-symlinks.patch @@ -0,0 +1,26 @@ +From 53371afbf0f20a1651ee6f2406cd2be056a31066 Mon Sep 17 00:00:00 2001 +From: Bruce Ashfield <bruce.ashfield@windriver.com> +Date: Thu, 1 Nov 2018 11:17:05 -0400 +Subject: [PATCH] Makefile: force symlinks + +Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com> +--- + Makefile | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/import/Makefile b/src/import/Makefile +index cf37bec..68c8eeb 100644 +--- a/src/import/Makefile ++++ b/src/import/Makefile +@@ -66,7 +66,7 @@ help: + .gopathok: + ifeq ("$(wildcard $(GOPKGDIR))","") + mkdir -p "$(GOPKGBASEDIR)" +- ln -s "$(CURDIR)" "$(GOPKGDIR)" ++ ln -sf "$(CURDIR)" "$(GOPKGDIR)" + endif + touch "$(GOPATH)/.gopathok" + +-- +2.7.4 + diff --git a/external/meta-virtualization/recipes-containers/cri-o/files/crio.conf b/external/meta-virtualization/recipes-containers/cri-o/files/crio.conf new file mode 100644 index 00000000..51d7f404 --- /dev/null +++ b/external/meta-virtualization/recipes-containers/cri-o/files/crio.conf @@ -0,0 +1,147 @@ +# generated via: crio --config="" config --default + +# The "crio" table contains all of the server options. +[crio] + +# root is a path to the "root directory". CRIO stores all of its data, +# including container images, in this directory. +root = "/var/lib/containers/storage" + +# run is a path to the "run directory". CRIO stores all of its state +# in this directory. +runroot = "/var/run/containers/storage" + +# storage_driver select which storage driver is used to manage storage +# of images and containers. +storage_driver = "" + +# storage_option is used to pass an option to the storage driver. +storage_option = [ +] + +# The "crio.api" table contains settings for the kubelet/gRPC +# interface (which is also used by crioctl). +[crio.api] + +# listen is the path to the AF_LOCAL socket on which crio will listen. +listen = "/var/run/crio.sock" + +# stream_address is the IP address on which the stream server will listen +stream_address = "" + +# stream_port is the port on which the stream server will listen +stream_port = "10010" + +# file_locking is whether file-based locking will be used instead of +# in-memory locking +file_locking = true + +# The "crio.runtime" table contains settings pertaining to the OCI +# runtime used and options for how to set up and manage the OCI runtime. +[crio.runtime] + +# runtime is the OCI compatible runtime used for trusted container workloads. +# This is a mandatory setting as this runtime will be the default one +# and will also be used for untrusted container workloads if +# runtime_untrusted_workload is not set. +runtime = "/usr/bin/runc" + +# runtime_untrusted_workload is the OCI compatible runtime used for untrusted +# container workloads. This is an optional setting, except if +# default_container_trust is set to "untrusted". +runtime_untrusted_workload = "" + +# default_workload_trust is the default level of trust crio puts in container +# workloads. It can either be "trusted" or "untrusted", and the default +# is "trusted". +# Containers can be run through different container runtimes, depending on +# the trust hints we receive from kubelet: +# - If kubelet tags a container workload as untrusted, crio will try first to +# run it through the untrusted container workload runtime. If it is not set, +# crio will use the trusted runtime. +# - If kubelet does not provide any information about the container workload trust +# level, the selected runtime will depend on the default_container_trust setting. +# If it is set to "untrusted", then all containers except for the host privileged +# ones, will be run by the runtime_untrusted_workload runtime. Host privileged +# containers are by definition trusted and will always use the trusted container +# runtime. If default_container_trust is set to "trusted", crio will use the trusted +# container runtime for all containers. +default_workload_trust = "trusted" + +# conmon is the path to conmon binary, used for managing the runtime. +conmon = "/usr/libexec/crio/conmon" + +# conmon_env is the environment variable list for conmon process, +# used for passing necessary environment variable to conmon or runtime. +conmon_env = [ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", +] + +# selinux indicates whether or not SELinux will be used for pod +# separation on the host. If you enable this flag, SELinux must be running +# on the host. +selinux = false + +# seccomp_profile is the seccomp json profile path which is used as the +# default for the runtime. +seccomp_profile = "/etc/crio/seccomp.json" + +# apparmor_profile is the apparmor profile name which is used as the +# default for the runtime. +apparmor_profile = "crio-default" + +# cgroup_manager is the cgroup management implementation to be used +# for the runtime. +cgroup_manager = "cgroupfs" + +# hooks_dir_path is the oci hooks directory for automatically executed hooks +hooks_dir_path = "/usr/share/containers/oci/hooks.d" + +# pids_limit is the number of processes allowed in a container +pids_limit = 1024 + +# The "crio.image" table contains settings pertaining to the +# management of OCI images. +[crio.image] + +# default_transport is the prefix we try prepending to an image name if the +# image name as we receive it can't be parsed as a valid source reference +default_transport = "docker://" + +# pause_image is the image which we use to instantiate infra containers. +pause_image = "kubernetes/pause" + +# pause_command is the command to run in a pause_image to have a container just +# sit there. If the image contains the necessary information, this value need +# not be specified. +pause_command = "/pause" + +# signature_policy is the name of the file which decides what sort of policy we +# use when deciding whether or not to trust an image that we've pulled. +# Outside of testing situations, it is strongly advised that this be left +# unspecified so that the default system-wide policy will be used. +signature_policy = "" + +# image_volumes controls how image volumes are handled. +# The valid values are mkdir and ignore. +image_volumes = "mkdir" + +# insecure_registries is used to skip TLS verification when pulling images. +insecure_registries = [ +] + +# registries is used to specify a comma separated list of registries to be used +# when pulling an unqualified image (e.g. fedora:rawhide). +registries = [ +] + +# The "crio.network" table contains settings pertaining to the +# management of CNI plugins. +[crio.network] + +# network_dir is is where CNI network configuration +# files are stored. +network_dir = "/etc/cni/net.d/" + +# plugin_dir is is where CNI plugin binaries are stored. +plugin_dir = "/opt/cni/bin/" |