一.安裝qemu
注意,目前kata-container所要求的qemu最低版本是v2.7.0.在筆者的環境下(Ubuntu16.04 VM),apt-get官方源的最高版本是v2.5.0.所以不要用apt-get install的方式安裝qemu.從github下載源碼進行安裝.這里推薦安裝v2.8.1版本.因為更高版本的qemu的依賴無法用apt-get install直接安裝.
具體安裝步驟為:
1.進入qemu源碼目錄
執行./configure --enable-virtfs,這里是為了開啟虛擬文件系統,如果不添加這個參數.在運行docker啟動kata-container時,會報'virtio-9p-pci' is not a valid device model name: unknown的錯誤
2.執行make&&sudo make install
3.將/usr/local/bin/qemu-system-x86_64拷貝為/usr/bin/qemu-lite-system-x86_64
Kata-container 環境搭建手順
二.安裝kata組件
1.從github下載kata的相關組件,包括runtime,agent,proxy,shim,osbuilder,tests
2.進入kata-containers/runtime目錄,執行sudo make&&sudo make install.
執行sudo kata-runtime kata-check,這條指令會給出一組檢查結果,這組檢查結果告訴用戶,當前系統是否滿足運行kata-containers的條件.參考結果如下圖,
可以看到該主機沒有開啟虛擬化支持.我的測試環境是一台qemu虛擬機,利用virsh指令編輯其xml文件可以解決這個問題.
在測試主機所在的物理機上執行virsh edit wlh-kata,修改其cpu配置為
<cpu mode='custom' match='exact'>
<model fallback='forbid'>core2duo</model>
<feature policy='require' name='vmx'/>
<feature policy='require' name='sse4.1'/>
</cpu>
這里wlh-kata是這台虛擬機的名字,可以用virsh list --all獲得.
修改了xml文件后重啟虛擬機,再次執行sudo kata-runtime kata-check,確認所有檢查通過.
3.依次在其他kata-containers組件目錄下執行make&&sudo make install.
三.生成kata-container.img
1.Create a local rootfs
$ export ROOTFS_DIR=${GOPATH}/src/github.com/kata-containers/osbuilder/rootfs-builder/rootfs
$ sudo rm -rf ${ROOTFS_DIR}
$ cd $GOPATH/src/github.com/kata-containers/osbuilder/rootfs-builder
$ script -fec 'sudo -E GOPATH=$GOPATH USE_DOCKER=true ./rootfs.sh ${distro}'
2.build a rootfs image
$ cd $GOPATH/src/github.com/kata-containers/osbuilder/image-builder
$ script -fec 'sudo -E USE_DOCKER=true ./image_builder.sh ${ROOTFS_DIR}'
3.Install the rootfs image
$ commit=$(git log --format=%h -1 HEAD)
$ date=$(date +%Y-%m-%d-%T.%N%z)
$ image="kata-containers-${date}-${commit}"
$ sudo install -o root -g root -m 0640 -D kata-containers.img "/usr/share/kata-containers/${image}"
$ (cd /usr/share/kata-containers && sudo ln -sf "$image" kata-containers.img)
執行完以上步驟以后,會生成以下文件
wlh-kata@wlhkata-Standard-PC-i440FX-PIIX-1996:/usr/share/kata-containers$ ls -al
total 148020
drwxr-xr-x 2 root root 4096 6月 16 06:00 .
drwxr-xr-x 294 root root 12288 6月 16 05:59 ..
-rw-r----- 1 root root 268435456 6月 16 05:59 kata-containers-2018-06-16-05:59:41.532756720+0800-72dca93
lrwxrwxrwx 1 root root 58 6月 16 06:00 kata-containers.img -> kata-containers-2018-06-16-05:59:41.532756720+0800-72dca93
四.安裝guest kernel image
$ go get github.com/kata-containers/tests
$ cd $GOPATH/src/github.com/kata-containers/tests/.ci
$ kernel_arch="$(./kata-arch.sh --golang)"
$ kernel_dir="$(./kata-arch.sh --kernel)"
$ tmpdir="$(mktemp -d)"
$ pushd "$tmpdir"
$ curl -L https://raw.githubusercontent.com/kata-containers/packaging/master/kernel/configs/${kernel_arch}_kata_kvm_4.14.x -o .config
$ kernel_version=$(grep "Linux/[${kernel_arch}]*" .config | cut -d' ' -f3 | tail -1)
$ kernel_tar_file="linux-${kernel_version}.tar.xz"
$ kernel_url="https://cdn.kernel.org/pub/linux/kernel/v$(echo $kernel_version | cut -f1 -d.).x/${kernel_tar_file}"
$ curl -LOk ${kernel_url}
$ tar -xf ${kernel_tar_file}
$ mv .config "linux-${kernel_version}"
$ pushd "linux-${kernel_version}"
$ curl -L https://raw.githubusercontent.com/kata-containers/packaging/master/kernel/patches/0001-NO-UPSTREAM-9P-always-use-cached-inode-to-fill-in-v9.patch | patch -p1
$ make ARCH=${kernel_dir} -j$(nproc)
$ kata_kernel_dir="/usr/share/kata-containers"
$ kata_vmlinuz="${kata_kernel_dir}/kata-vmlinuz-${kernel_version}.container"
$ [ $kernel_arch = ppc64le ] && kernel_file="$(realpath ./vmlinux)" || kernel_file="$(realpath arch/${kernel_arch}/boot/bzImage)"
$ sudo install -o root -g root -m 0755 -D "${kernel_file}" "${kata_vmlinuz}"
$ sudo ln -sf "${kata_vmlinuz}" "${kata_kernel_dir}/vmlinuz.container"
$ kata_vmlinux="${kata_kernel_dir}/kata-vmlinux-${kernel_version}"
$ sudo install -o root -g root -m 0755 -D "$(realpath vmlinux)" "${kata_vmlinux}"
$ sudo ln -sf "${kata_vmlinux}" "${kata_kernel_dir}/vmlinux.container"
$ popd
$ popd
$ rm -rf "${tmpdir}"
這一長串安裝步驟來自於:
注意以下指令:
curl -L https://raw.githubusercontent.com/kata-containers/packaging/master/kernel/configs/${kernel_arch}_kata_kvm_4.14.x -o .config
這條指令用到了kernel_arch參數,kernel_arch的值是通過kernel_arch=”$(./kata_arch.sh --golang)”確定的.在筆者的機器上,執行這條指令得到的kernel_arch的值是amd64,然而並不存在文件.../configs/amd64_kata_kvm_4.14.x.如果是這樣的話,直接讓kernel_arch的值為x86_64.
五.配置docker
$ dir=/etc/systemd/system/docker.service.d
$ file="$dir/kata-containers.conf"
$ sudo mkdir -p "$dir"
$ sudo test -e "$file" || echo -e "[Service]\nType=simple\nExecStart=\nExecStart=/usr/bin/dockerd -D --default-runtime runc" | sudo tee "$file"
$ sudo grep -q "kata-runtime=" $file || sudo sed -i 's!^\(ExecStart=[^$].*$\)!\1 --add-runtime kata-runtime=/usr/local/bin/kata-runtime!g' "$file"
$ sudo systemctl daemon-reload
$ sudo systemctl restart docker
至此kata-containers搭建完成
執行 sudo docker run -ti --runtime kata-runtime busybox sh啟動kata-container
參考:https://github.com/kata-containers/documentation/blob/master/Developer-Guide.md