test suite reviews and discussions
 help / color / mirror / Atom feed
* [PATCH] vm_images: Update to handle additional host configurations
@ 2022-03-02 17:06 ohilyard
  2022-03-23  8:13 ` lijuan.tu
  0 siblings, 1 reply; 2+ messages in thread
From: ohilyard @ 2022-03-02 17:06 UTC (permalink / raw)
  To: dts; +Cc: Owen Hilyard

From: Owen Hilyard <ohilyard@iol.unh.edu>

While doing testing on UNH's ARM system, there were a few edge cases. Namely
that docker must be run in privileged mode. This is not due to ARM but
SeLinux/AppArmor getting the way of accessing some of kvm's resources
while in an unprivileged namespace. Issues with passing through the
hardware clock resulted in both the addition of chronyd and trusting the
ssl certificates on python's pip repositories while installing meson due
to issues with SSL and the VM time starting at Jan 1, 1970.

Signed-off-by: Owen Hilyard <ohilyard@iol.unh.edu>
---
 vm_images/Dockerfile         |  2 +-
 vm_images/create_vm_image.py | 12 ++++++++----
 2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/vm_images/Dockerfile b/vm_images/Dockerfile
index e3f1e0d9..ce4dbca4 100644
--- a/vm_images/Dockerfile
+++ b/vm_images/Dockerfile
@@ -6,4 +6,4 @@ RUN apt-get update && apt-get upgrade -y
 
 RUN apt-get install --no-install-recommends -y libguestfs-tools \
     qemu linux-image-generic qemu-kvm libvirt-daemon-system libvirt-clients bridge-utils \
-    linux-image-unsigned-5.11.0-46-generic
\ No newline at end of file
+    linux-image-unsigned-5.11.0-46-generic qemu-system-x86
diff --git a/vm_images/create_vm_image.py b/vm_images/create_vm_image.py
index 88ffc7f9..8a010c99 100755
--- a/vm_images/create_vm_image.py
+++ b/vm_images/create_vm_image.py
@@ -153,7 +153,7 @@ def run_subprocess(
         "docker",
         "run",
         # The container needs to access QEMU/KVM
-        # "--privileged",
+        "--privileged",
         "-d",
         "--platform",
     ]
@@ -262,14 +262,13 @@ def get_virt_customize_command(
     os_family_tags: Set[OsFamily], output_path: str, root_password: str
 ) -> str:
     commands = [
-        f"virt-customize -a {output_path} --root-password password:{root_password} --update",
+        f"virt-customize -a {output_path} --root-password password:{root_password} --update"
     ]
 
     commands = commands + get_enable_additional_repos_commands(os_family_tags)
 
     packages = get_packages_for_os_family(os_family_tags)
     packagelist = ",".join(packages)
-    commands += (f"--run-command dhclient",)
     commands += (f"--install {packagelist}",)
     commands += (f"--run-command {get_install_meson_command(os_family_tags)}",)
     commands += (f"--run-command {get_setup_hugepages_command(os_family_tags)}",)
@@ -324,6 +323,7 @@ def get_packages_for_os_family(os_family_tags: Set[OsFamily]) -> List[str]:
             "python3-setuptools",
             "python3-wheel",
             "iperf",
+            "chrony",
         ]
     elif OsFamily.RHEL in os_family_tags:
         return [
@@ -354,7 +354,9 @@ def get_packages_for_os_family(os_family_tags: Set[OsFamily]) -> List[str]:
 
 def get_install_meson_command(os_family_tags: Set[OsFamily]) -> str:
     if OsFamily.DEBIAN in os_family_tags or OsFamily.RHEL in os_family_tags:
-        return '"python3 -m pip install meson"'
+        # the "--trusted-host" flags are included because the date on the system will be Jan 1, 1970 due to the way
+        # guestfs-tools starts the vm. This breaks pip's ssl, so making these hosts trusted fixes that.
+        return '"python3 -m pip install --trusted-host pypi.org --trusted-host pypi.python.org --trusted-host files.pythonhosted.org meson"'
     else:
         error(f"Unknown command to install meson for {os_family_tags}")
 
@@ -426,6 +428,8 @@ def get_image_info(base_image_path: str) -> (OsFamily, Arch):
         base_image_path,
     ]
 
+    print(" ".join(command))
+
     proc = subprocess.run(command, capture_output=True)
     if proc.returncode != 0:
         print(proc.stdout)
-- 
2.30.2


^ permalink raw reply	[flat|nested] 2+ messages in thread

* [PATCH] vm_images: Update to handle additional host configurations
  2022-03-02 17:06 [PATCH] vm_images: Update to handle additional host configurations ohilyard
@ 2022-03-23  8:13 ` lijuan.tu
  0 siblings, 0 replies; 2+ messages in thread
From: lijuan.tu @ 2022-03-23  8:13 UTC (permalink / raw)
  To: dts, ohilyard; +Cc: Owen Hilyard

On Wed,  2 Mar 2022 12:06:37 -0500, ohilyard@iol.unh.edu wrote:
> From: Owen Hilyard <ohilyard@iol.unh.edu>
> 
> While doing testing on UNH's ARM system, there were a few edge cases. Namely
> that docker must be run in privileged mode. This is not due to ARM but
> SeLinux/AppArmor getting the way of accessing some of kvm's resources
> while in an unprivileged namespace. Issues with passing through the
> hardware clock resulted in both the addition of chronyd and trusting the
> ssl certificates on python's pip repositories while installing meson due
> to issues with SSL and the VM time starting at Jan 1, 1970.
> 
> Signed-off-by: Owen Hilyard <ohilyard@iol.unh.edu>


Applied, thanks

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2022-03-23  8:13 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-03-02 17:06 [PATCH] vm_images: Update to handle additional host configurations ohilyard
2022-03-23  8:13 ` lijuan.tu

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).