gabibeyer · August 12, 2019 17:54
diff --git a/setup_rootless.sh b/setup_rootless.sh
 #!/bin/bash -x

 # Needs reboot after modify selinux/config file to disable selinux

 # this is bring ran on a fedora28 ccloudvm instance
 # ccloudvm create --cpus 4 --mem 4096 --disk 64 --name KataPodmanDemo fedora28

 # install dependencies (tmux/vim optional)
 sudo yum update -y
 sudo yum install -y \
        git \
        wget \
        podman \
        atomic-registries \
        btrfs-progs-devel \
        containernetworking-cni \
        device-mapper-devel \
        gcc \
        git \
        glib2-devel \
        glibc-devel \
        glibc-static \
        go \
        golang-github-cpuguy83-go-md2man \
        gpgme-devel \
        iptables \
        libassuan-devel \
        libgpg-error-devel \
        libseccomp-devel \
        libselinux-devel \
        make \
        ostree-devel \
        pkgconfig \
        runc \
        containers-common \
        autoconf \
        automake \
        libcap-devel \
        qemu

 # add to kvm group
 sudo usermod -a -G kvm $USER

 # disable selinux - not supported by kata
 sudo sed -i 's/^SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config

 # golang version 1.11.12 or newer
 tmpDlDir='/tmp/dlgo'
 mkdir -p $tmpDlDir
 pushd $tmpDlDir
 wget https://dl.google.com/go/go1.11.12.linux-amd64.tar.gz
 tar -xvf go1.11.12.linux-amd64.tar.gz
 sudo mv go/ /usr/local/
 popd
 rm -rf $tmpDlDir

 GOPATH=~/go
 PATH=/usr/local/go/bin:$GOPATH/bin:$PATH

 # make go dir
 mkdir -p $GOPATH/src/

 # get libpod and build branch with latest conmon and slirp4netns
 libpodDir="github.com/containers/libpod"
 conmonDir="github.com/containers/conmon"
 slirpDir="github.com/rootless-containers/slirp4netns"
 kataDir="github.com/kata-containers/runtime"
 go get -u -d $libpodDir
 go get -u -d $conmonDir
 go get -u -d $slirpDir
 go get -u $kataDir

 pushd $GOPATH/src/$conmonDir
 make && sudo -E make install
 conmonBin=$(which conmon)
 sudo rm -f /usr/libexec/podman/conmon
 sudo ln -s $conmonBin /usr/libexec/podman/conmon
 popd

 pushd $GOPATH/src/$slirpDir
 ./autogen.sh
 ./configure
 make && sudo -E make install
 popd

 pushd $GOPATH/src/$libpodDir
 git remote add demo http://github.com/gabibeyer/libpod
 git fetch demo
 git checkout rootlessKata
 make && sudo -E make install
 popd

 # install kata
 source /etc/os-release
 ARCH=$(arch)
 BRANCH="${BRANCH:-master}"
 sudo dnf -y install dnf-plugins-core
 sudo -E dnf config-manager --add-repo "http://download.opensuse.org/repositories/home:/katacontainers:/releases:/${ARCH}:/${BRANCH}/Fedora_${VERSION_ID}/home:katacontainers:releases:${ARCH}:${BRANCH}.repo"
 sudo -E dnf -y install kata-runtime kata-proxy kata-shim

 pushd $GOPATH/src/$kataDir
 git remote add demo http://github.com/gabibeyer/runtime
 git fetch demo
 git checkout rootlessLogic
 make && sudo -E make install
 popd

 # modify kata config file
 # move to /etc
 sudo mkdir /etc/kata-containers
 sudo install -o $USER -g root -m 0640 /usr/share/defaults/kata-containers/configuration.toml /etc/kata-containers
 sudo sed -i 's/^\(initrd =.*\)/# \1/g' /etc/kata-containers/configuration.toml

 # enable full debug
 sudo sed -i -e 's/^# *\(enable_debug\).*=.*$/\1 = true/g' /etc/kata-containers/configuration.toml
 sudo sed -i -e 's/^kernel_params = "\(.*\)"/kernel_params = "\1 agent.log=debug initcall_debug"/g' /etc/kata-containers/configuration.toml

 # disable_vhost_net
 sudo sed -i -e 's/^#disable_vhost_net = true/disable_vhost_net = true/' /etc/kata-containers/configuration.toml

 # run qemu-lite
 sudo sed -i -e 's/^path = "\/usr\/bin\/qemu-system-x86_64"/path = "\/usr\/bin\/qemu-lite-system-x86_64"/' /etc/kata-containers/configuration.toml

 sudo chown -R gnbeyer:root /usr/share/kata-containers

 # reboot machine to selinux disabling and kvm group append to take place
 sudo reboot

 # to run kata
 # podman run -it --runtime=/usr/local/bin/kata-runtime alpine sh

 # or, you can add kata to the libpod config, so you don't have to use the runtime full qualified path everytime. You can even make it the default runtime.
 # echo "  kata = [\"/usr/local/bin/kata-runtime\"]" >> ~/.config/containers/libpod.conf
 # note: With other commands you will still need to pass the runtime if you don't make it the default: 
 # ex: podman rm --runtime=kata -l

 # Also, there is a --log-level=debug if you want to see libpod logs, and then the kata logs are in journal
	#!/bin/bash -x

	# Needs reboot after modify selinux/config file to disable selinux

	# this is bring ran on a fedora28 ccloudvm instance
	# ccloudvm create --cpus 4 --mem 4096 --disk 64 --name KataPodmanDemo fedora28

	# install dependencies (tmux/vim optional)
	sudo yum update -y
	sudo yum install -y \
	git \
	wget \
	podman \
	atomic-registries \
	btrfs-progs-devel \
	containernetworking-cni \
	device-mapper-devel \
	gcc \
	git \
	glib2-devel \
	glibc-devel \
	glibc-static \
	go \
	golang-github-cpuguy83-go-md2man \
	gpgme-devel \
	iptables \
	libassuan-devel \
	libgpg-error-devel \
	libseccomp-devel \
	libselinux-devel \
	make \
	ostree-devel \
	pkgconfig \
	runc \
	containers-common \
	autoconf \
	automake \
	libcap-devel \
	qemu

	# add to kvm group
	sudo usermod -a -G kvm $USER

	# disable selinux - not supported by kata
	sudo sed -i 's/^SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config

	# golang version 1.11.12 or newer
	tmpDlDir='/tmp/dlgo'
	mkdir -p $tmpDlDir
	pushd $tmpDlDir
	wget https://dl.google.com/go/go1.11.12.linux-amd64.tar.gz
	tar -xvf go1.11.12.linux-amd64.tar.gz
	sudo mv go/ /usr/local/
	popd
	rm -rf $tmpDlDir

	GOPATH=~/go
	PATH=/usr/local/go/bin:$GOPATH/bin:$PATH

	# make go dir
	mkdir -p $GOPATH/src/

	# get libpod and build branch with latest conmon and slirp4netns
	libpodDir="github.com/containers/libpod"
	conmonDir="github.com/containers/conmon"
	slirpDir="github.com/rootless-containers/slirp4netns"
	kataDir="github.com/kata-containers/runtime"
	go get -u -d $libpodDir
	go get -u -d $conmonDir
	go get -u -d $slirpDir
	go get -u $kataDir

	pushd $GOPATH/src/$conmonDir
	make && sudo -E make install
	conmonBin=$(which conmon)
	sudo rm -f /usr/libexec/podman/conmon
	sudo ln -s $conmonBin /usr/libexec/podman/conmon
	popd

	pushd $GOPATH/src/$slirpDir
	./autogen.sh
	./configure
	make && sudo -E make install
	popd

	pushd $GOPATH/src/$libpodDir
	git remote add demo http://github.com/gabibeyer/libpod
	git fetch demo
	git checkout rootlessKata
	make && sudo -E make install
	popd

	# install kata
	source /etc/os-release
	ARCH=$(arch)
	BRANCH="${BRANCH:-master}"
	sudo dnf -y install dnf-plugins-core
	sudo -E dnf config-manager --add-repo "http://download.opensuse.org/repositories/home:/katacontainers:/releases:/${ARCH}:/${BRANCH}/Fedora_${VERSION_ID}/home:katacontainers:releases:${ARCH}:${BRANCH}.repo"
	sudo -E dnf -y install kata-runtime kata-proxy kata-shim

	pushd $GOPATH/src/$kataDir
	git remote add demo http://github.com/gabibeyer/runtime
	git fetch demo
	git checkout rootlessLogic
	make && sudo -E make install
	popd

	# modify kata config file
	# move to /etc
	sudo mkdir /etc/kata-containers
	sudo install -o $USER -g root -m 0640 /usr/share/defaults/kata-containers/configuration.toml /etc/kata-containers
	sudo sed -i 's/^\(initrd =.*\)/# \1/g' /etc/kata-containers/configuration.toml

	# enable full debug
	sudo sed -i -e 's/^# \(enable_debug\).=.*$/\1 = true/g' /etc/kata-containers/configuration.toml
	sudo sed -i -e 's/^kernel_params = "\(.*\)"/kernel_params = "\1 agent.log=debug initcall_debug"/g' /etc/kata-containers/configuration.toml

	# disable_vhost_net
	sudo sed -i -e 's/^#disable_vhost_net = true/disable_vhost_net = true/' /etc/kata-containers/configuration.toml

	# run qemu-lite
	sudo sed -i -e 's/^path = "\/usr\/bin\/qemu-system-x86_64"/path = "\/usr\/bin\/qemu-lite-system-x86_64"/' /etc/kata-containers/configuration.toml

	sudo chown -R gnbeyer:root /usr/share/kata-containers

	# reboot machine to selinux disabling and kvm group append to take place
	sudo reboot

	# to run kata
	# podman run -it --runtime=/usr/local/bin/kata-runtime alpine sh

	# or, you can add kata to the libpod config, so you don't have to use the runtime full qualified path everytime. You can even make it the default runtime.
	# echo " kata = [\"/usr/local/bin/kata-runtime\"]" >> ~/.config/containers/libpod.conf
	# note: With other commands you will still need to pass the runtime if you don't make it the default:
	# ex: podman rm --runtime=kata -l

	# Also, there is a --log-level=debug if you want to see libpod logs, and then the kata logs are in journal