Skip to content

Commit

Permalink
Complete revamp of installer build
Browse files Browse the repository at this point in the history 
* pkg/installer now is just the installer, the software that runs when an OS boots into installer mode. It includes the verifier. pkg/installer/README explains in detail.
* all builds of installer images happen via images/installer.yml.in, just like the rootfs is images/rootfs.yml.in. The installer is inserted as an onboot container, and the make-raw-efi, which is needed by the installer to install onto the target disk, is inserted as a volume accessible to the installer onboot container
* all of the strange ways to build installer and verifier by injecting into a container go away
* any future changes to the installer or verifier happen entirely inside pkg/verifier
* revamped how grub.cfg finds its include for special installer cases, by always executing grub.cfg, but it can find and include grub_include.cfg
* removed redundant parts of Makefile, such as verification, which no longer exists as a standalone image or package
* for local qemu net booting via make run-installer-net, run from $(BUILD_DIR)/netboot instead of $(BUILD_DIR)/installer, so it doesn't overwrite things
* detailed the boot process in docs/BOOT-INSTALLER.md, so it captures everything I learned, how it works, and how to change it in the future

Signed-off-by: Avi Deitcher <[email protected]>
  • Loading branch information
@deitch
deitch committed Sep 12, 2024
1 parent 43d4521 commit 30662be
Show file tree
Hide file tree
Showing 994 changed files with 390,480 additions and 2,669 deletions.
1 change: 1 addition & 0 deletions .spdxignore
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
pkg/edgeview/vendor/
pkg/installer/src/vendor/
pkg/kube/eve-bridge/vendor/
pkg/measure-config/vendor/
pkg/newlog/vendor/
Expand Down
109 changes: 38 additions & 71 deletions Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,8 +51,6 @@ ROOTFS_FORMAT?=squash
endif
# Image type for installer image
INSTALLER_IMG_FORMAT=raw
# Image type for verification image
VERIFICATION_IMG_FORMAT=raw
# SSH port to use for running images live
SSH_PORT=2222
# ports to proxy into a running EVE instance (in ssh notation with -L)
Expand Down Expand Up @@ -134,19 +132,16 @@ include $(CURDIR)/kernel-version.mk
DIST=$(CURDIR)/dist/$(ZARCH)
DOCKER_DIST=/eve/dist/$(ZARCH)

BUILD_DIR=$(DIST)/$(ROOTFS_VERSION)
INSTALLER=$(BUILD_DIR)/installer
LIVE=$(BUILD_DIR)/live
LIVE_IMG=$(BUILD_DIR)/live.$(IMG_FORMAT)
TARGET_IMG=$(BUILD_DIR)/target.img
INSTALLER=$(BUILD_DIR)/installer
VERSION_FILE=$(INSTALLER)/eve_version
VERIFICATION=$(BUILD_DIR)/verification
BUILD_DIR=$(DIST)/$(ROOTFS_VERSION)
CURRENT_DIR=$(DIST)/current
CURRENT_IMG=$(CURRENT_DIR)/live.$(IMG_FORMAT)
CURRENT_SWTPM=$(CURRENT_DIR)/swtpm
CURRENT_INSTALLER=$(CURRENT_DIR)/installer
INSTALLER_IMG=$(INSTALLER).$(INSTALLER_IMG_FORMAT)
VERIFICATION_IMG=$(VERIFICATION).$(VERIFICATION_IMG_FORMAT)
INSTALLER_FIRMWARE_DIR=$(INSTALLER)/firmware
CURRENT_FIRMWARE_DIR=$(CURRENT_INSTALLER)/firmware
UBOOT_IMG=$(INSTALLER_FIRMWARE_DIR)/boot
Expand All @@ -171,10 +166,11 @@ ROOTFS_IMG=$(ROOTFS).img
ROOTFS_TAR=$(BUILD_DIR)/rootfs.tar
CONFIG_IMG=$(INSTALLER)/config.img
INITRD_IMG=$(INSTALLER)/initrd.img
INSTALLER_TAR=$(BUILD_DIR)/installer.tar
INSTALLER_IMG=$(INSTALLER)/installer.img
VERIFICATION_IMG=$(INSTALLER)/verification.img
PERSIST_IMG=$(INSTALLER)/persist.img
IPXE_IMG=$(INSTALLER)/ipxe.efi
NETBOOT=$(BUILD_DIR)/netboot
IPXE_IMG=$(NETBOOT)/ipxe.efi
EFI_PART=$(INSTALLER)/EFI
BOOT_PART=$(INSTALLER)/boot
BSP_IMX_PART=$(INSTALLER)/bsp-imx
Expand All @@ -187,7 +183,7 @@ DEVICETREE_DTB_arm64=$(DIST)/dtb/eve.dtb
DEVICETREE_DTB=$(DEVICETREE_DTB_$(ZARCH))

CONF_FILES=$(shell ls -d $(CONF_DIR)/*)
PART_SPEC=efi conf imga
LIVE_PART_SPEC=efi conf imga

# parallels settings
# https://github.com/qemu/qemu/blob/595123df1d54ed8fbab9e1a73d5a58c5bb71058f/docs/interop/prl-xml.txt
Expand Down Expand Up @@ -373,11 +369,11 @@ endif
# We are currently filtering out a few packages from bulk builds
# since they are not getting published in Docker HUB
ifeq ($(HV),kubevirt)
PKGS_$(ZARCH)=$(shell find pkg -maxdepth 1 -type d | grep -Ev "eve|alpine|sources|verification$$")
PKGS_$(ZARCH)=$(shell find pkg -maxdepth 1 -type d | grep -Ev "eve|alpine|sources$$")
ROOTFS_MAXSIZE_MB=450
else
#kube container will not be in non-kubevirt builds
PKGS_$(ZARCH)=$(shell find pkg -maxdepth 1 -type d | grep -Ev "eve|alpine|sources|kube|external-boot-image|verification$$")
PKGS_$(ZARCH)=$(shell find pkg -maxdepth 1 -type d | grep -Ev "eve|alpine|sources|kube|external-boot-image$$")
# nvidia platform requires more space
ifeq ($(PLATFORM),nvidia)
ROOTFS_MAXSIZE_MB=450
Expand All @@ -399,7 +395,7 @@ PKGS=pkg/alpine $(PKGS_$(ZARCH))

# these are the packages that, when built, also need to be loaded into docker
# if you need a pkg to be loaded into docker, in addition to the lkt cache, add it here
PKGS_DOCKER_LOAD=mkconf mkimage-iso-efi mkimage-raw-efi mkverification-raw-efi mkrootfs-ext4 mkrootfs-squash
PKGS_DOCKER_LOAD=mkconf mkimage-iso-efi mkimage-raw-efi mkrootfs-ext4 mkrootfs-squash
# these packages should exists for HOSTARCH as well as for ZARCH
# alpine-base, alpine and cross-compilers are dependencies for others
PKGS_HOSTARCH=alpine-base alpine cross-compilers $(PKGS_DOCKER_LOAD)
Expand Down Expand Up @@ -500,13 +496,11 @@ $(DEVICETREE_DTB): $(BIOS_IMG) | $(DIST)
$(EFI_PART): PKG=grub
$(BOOT_PART): PKG=u-boot
$(INITRD_IMG): PKG=mkimage-raw-efi
$(INSTALLER_IMG): PKG=mkimage-raw-efi
$(VERIFICATION_IMG): PKG=mkverification-raw-efi
$(IPXE_IMG): PKG=ipxe
$(BIOS_IMG): PKG=uefi
$(UBOOT_IMG): PKG=u-boot
$(BSP_IMX_PART): PKG=bsp-imx
$(EFI_PART) $(BOOT_PART) $(INITRD_IMG) $(INSTALLER_IMG) $(VERIFICATION_IMG) $(IPXE_IMG) $(BIOS_IMG) $(UBOOT_IMG) $(BSP_IMX_PART): $(LINUXKIT) | $(INSTALLER)
$(EFI_PART) $(BOOT_PART) $(INITRD_IMG) $(IPXE_IMG) $(BIOS_IMG) $(UBOOT_IMG) $(BSP_IMX_PART): $(LINUXKIT) | $(INSTALLER)
mkdir -p $(dir $@)
$(LINUXKIT) pkg build --pull --platforms linux/$(ZARCH) pkg/$(PKG) # running linuxkit pkg build _without_ force ensures that we either pull it down or build it.
cd $(dir $@) && $(LINUXKIT) cache export --arch $(DOCKER_ARCH_TAG) --format filesystem --outfile - $(shell $(LINUXKIT) pkg show-tag pkg/$(PKG)) | tar xvf - $(notdir $@)
Expand Down Expand Up @@ -542,16 +536,9 @@ run-installer-raw: $(BIOS_IMG) $(DEVICETREE_DTB) $(SWTPM) GETTY
qemu-img create -f ${IMG_FORMAT} $(TARGET_IMG) ${MEDIA_SIZE}M
$(QEMU_SYSTEM) -drive file=$(TARGET_IMG),format=$(IMG_FORMAT) -drive file=$(INSTALLER).raw,format=raw $(QEMU_OPTS)

run-verification-raw: $(BIOS_IMG) $(DEVICETREE_DTB) $(SWTPM)
qemu-img create -f ${IMG_FORMAT} $(TARGET_IMG) ${MEDIA_SIZE}M
@if [ "$(BUILD_DIR)" != "$(shell readlink -f $(CURRENT_DIR))" ]; then\
cp -r $(BUILD_DIR)/installer $(CURRENT_DIR);\
fi
$(QEMU_SYSTEM) -drive file=$(TARGET_IMG),format=$(IMG_FORMAT) -drive file=$(CURRENT_DIR)/verification.raw,format=raw $(QEMU_OPTS)

run-installer-net: QEMU_TFTP_OPTS=,tftp=$(dir $(IPXE_IMG)),bootfile=$(notdir $(IPXE_IMG))
run-installer-net: $(BIOS_IMG) $(IPXE_IMG) $(DEVICETREE_DTB) $(SWTPM) GETTY
tar -C $(INSTALLER) -xvf $(INSTALLER).net || :
tar -C $(NETBOOT) -xvf $(INSTALLER).net || :
qemu-img create -f ${IMG_FORMAT} $(TARGET_IMG) ${MEDIA_SIZE}M
$(QEMU_SYSTEM) -drive file=$(TARGET_IMG),format=$(IMG_FORMAT) $(QEMU_OPTS)

Expand Down Expand Up @@ -642,17 +629,13 @@ $(INSTALLER):
# sample output 0.0.0-HEAD-a437e8e4-xen-amd64
@echo $(FULL_VERSION) > $(VERSION_FILE)

$(VERIFICATION):
@rm -rf $@
@cp -rp $(INSTALLER) $@
@cp -r pkg/verification/verification/* $@
@echo $(FULL_VERSION) > $(VERIFICATION)/eve_version
$(NETBOOT):
@mkdir -p $@

# convenience targets - so you can do `make config` instead of `make dist/config.img`, and `make installer` instead of `make dist/amd64/installer.img
linuxkit: $(LINUXKIT)
build-vm: $(BUILD_VM)
initrd: $(INITRD_IMG)
installer-img: $(INSTALLER_IMG)
config: $(CONFIG_IMG) ; $(QUIET): "$@: Succeeded, CONFIG_IMG=$(CONFIG_IMG)"
ssh-key: $(SSH_KEY)
rootfs: $(ROOTFS_TAR) $(ROOTFS_IMG) current
Expand All @@ -661,12 +644,13 @@ rootfstar: $(ROOTFS_TAR)
sbom: $(SBOM)
live: $(LIVE_IMG) $(BIOS_IMG) current ; $(QUIET): "$@: Succeeded, LIVE_IMG=$(LIVE_IMG)"
live-%: $(LIVE).% ; $(QUIET): "$@: Succeeded, LIVE=$(LIVE)"
installer: $(INSTALLER_IMG)
installer: $(INSTALLER).raw current
installer.tar: $(INSTALLER_TAR)
installertar: $(INSTALLER_TAR)
installer-img: $(INSTALLER_IMG)
installer-%: $(INSTALLER).% current ; @echo "$@: Succeeded, INSTALLER_IMG=$<"
collected_sources: $(COLLECTED_SOURCES)
gosources: $(GOSOURCES)
verification: $(VERIFICATION_IMG)
verification-%: $(VERIFICATION).% current ; @echo "$@: Succeeded, VERIFICATION_IMG=$<"

$(SSH_KEY):
rm -f $@*
Expand Down Expand Up @@ -703,6 +687,11 @@ ifdef KERNEL_IMAGE
tar -P -u --transform="flags=r;s|$(KIMAGE)|/boot/kernel|" -f "$@" "$(KIMAGE)"
endif

$(INSTALLER_TAR): images/out/installer-$(HV)-$(PLATFORM).yml $(ROOTFS_IMG) $(PERSIST_IMG) | $(INSTALLER)
$(QUIET): $@: Begin
./tools/makerootfs.sh tar $(UPDATE_TAR) -y $< -t $@ -d $(INSTALLER) -a $(ZARCH)
$(QUIET): $@: Succeeded

ifdef LIVE_UPDATE
# Don't regenerate the whole image if tar was changed, but
# do generate if does not exist. qcow2 target will handle
Expand Down Expand Up @@ -786,20 +775,25 @@ publish_sources: $(COLLECTED_SOURCES)

$(LIVE).raw: $(BOOT_PART) $(EFI_PART) $(ROOTFS_IMG) $(CONFIG_IMG) $(PERSIST_IMG) $(BSP_IMX_PART) | $(INSTALLER)
./tools/prepare-platform.sh "$(PLATFORM)" "$(BUILD_DIR)" "$(INSTALLER)" || :
./tools/makeflash.sh "mkimage-raw-efi" -C $| $@ $(PART_SPEC)
./tools/makeflash.sh "mkimage-raw-efi" -C $| $@ $(LIVE_PART_SPEC)
$(QUIET): $@: Succeeded

$(INSTALLER_IMG): $(INSTALLER_TAR) | $(INSTALLER)
$(QUIET): $@: Begin
./tools/makerootfs.sh imagefromtar -t $(INSTALLER_TAR) -i $@ -f $(ROOTFS_FORMAT) -a $(ZARCH)
$(QUIET): $@: Succeeded

$(INSTALLER).raw: $(BOOT_PART) $(EFI_PART) $(ROOTFS_IMG) $(INITRD_IMG) $(INSTALLER_IMG) $(CONFIG_IMG) $(PERSIST_IMG) $(BSP_IMX_PART) | $(INSTALLER)
$(INSTALLER).raw: $(INSTALLER_IMG) $(EFI_PART) $(BOOT_PART) $(CONFIG_IMG) $(BSP_IMX_PART) | $(INSTALLER)
./tools/prepare-platform.sh "$(PLATFORM)" "$(BUILD_DIR)" "$(INSTALLER)" || :
./tools/makeflash.sh "mkimage-raw-efi" -C $| $@ "conf_win installer inventory_win"
./tools/makeflash.sh "mkimage-raw-efi" -C $| $@ "efi conf_win installer inventory_win"
$(QUIET): $@: Succeeded

$(INSTALLER).iso: $(EFI_PART) $(ROOTFS_IMG) $(INITRD_IMG) $(INSTALLER_IMG) $(CONFIG_IMG) $(PERSIST_IMG) | $(INSTALLER)
./tools/makeiso.sh $| $@ installer
$(INSTALLER).iso: $(INSTALLER_TAR) $(BSP_IMX_PART) | $(INSTALLER)
./tools/makeiso.sh $< $@ installer
$(QUIET): $@: Succeeded

$(INSTALLER).net: $(EFI_PART) $(ROOTFS_TAR) $(ROOTFS_IMG) $(INITRD_IMG) $(INSTALLER_IMG) $(CONFIG_IMG) $(PERSIST_IMG) | $(INSTALLER)
./tools/makenet.sh $| $(ROOTFS_TAR) installer.img $@
$(INSTALLER).net: $(INSTALLER).iso $(EFI_PART) $(INITRD_IMG) $(CONFIG_IMG) | $(INSTALLER)
./tools/makenet.sh $| $< $@
$(QUIET): $@: Succeeded

$(LIVE).vdi: $(LIVE).raw
Expand All @@ -812,20 +806,6 @@ $(LIVE).parallels: $(LIVE).raw
qemu-img convert -O parallels $< $@/live.0.$(PARALLELS_UUID).hds
qemu-img info -f parallels --output json $(LIVE).parallels/live.0.$(PARALLELS_UUID).hds | jq --raw-output '.["virtual-size"]' | xargs ./tools/parallels_disk.sh $(LIVE) $(PARALLELS_UUID)

$(VERIFICATION).raw: $(BOOT_PART) $(EFI_PART) $(ROOTFS_IMG) $(INITRD_IMG) $(VERIFICATION_IMG) $(CONFIG_IMG) $(PERSIST_IMG) $(BSP_IMX_PART) | $(VERIFICATION)
./tools/prepare-platform.sh "$(PLATFORM)" "$(BUILD_DIR)" "$(VERIFICATION)" || :
./tools/makeflash.sh "mkverification-raw-efi" -C $| $@ "conf_win verification inventory_win"
$(QUIET): $@: Succeeded

$(VERIFICATION).net: $(EFI_PART) $(ROOTFS_TAR) $(ROOTFS_IMG) $(INITRD_IMG) $(VERIFICATION_IMG) $(CONFIG_IMG) $(PERSIST_IMG) | $(VERIFICATION)
./tools/prepare-platform.sh "$(PLATFORM)" "$(BUILD_DIR)" "$(VERIFICATION)" || :
./tools/makenet.sh $| $(ROOTFS_TAR) verification.img $@

$(VERIFICATION).iso: $(EFI_PART) $(ROOTFS_IMG) $(INITRD_IMG) $(VERIFICATION_IMG) $(CONFIG_IMG) $(PERSIST_IMG) | $(VERIFICATION)
./tools/prepare-platform.sh "$(PLATFORM)" "$(BUILD_DIR)" "$(VERIFICATION)" || :
./tools/makeiso.sh $| $@ verification
$(QUIET): $@: Succeeded

# top-level linuxkit packages targets, note the one enforcing ordering between packages
pkgs: RESCAN_DEPS=
pkgs: build-tools $(PKGS)
Expand Down Expand Up @@ -856,7 +836,7 @@ pkg/%: eve-% FORCE
$(RUNME) $(BUILD_YML):
cp pkg/eve/$(@F) $@

EVE_ARTIFACTS=$(BIOS_IMG) $(EFI_PART) $(CONFIG_IMG) $(PERSIST_IMG) $(INITRD_IMG) $(INSTALLER_IMG) $(ROOTFS_IMG) $(SBOM) $(BSP_IMX_PART) fullname-rootfs $(BOOT_PART)
EVE_ARTIFACTS=$(BIOS_IMG) $(EFI_PART) $(CONFIG_IMG) $(PERSIST_IMG) $(INITRD_IMG) $(ROOTFS_IMG) $(INSTALLER_IMG) $(SBOM) $(BSP_IMX_PART) fullname-rootfs $(BOOT_PART)
eve: $(INSTALLER) $(EVE_ARTIFACTS) current $(RUNME) $(BUILD_YML) | $(BUILD_DIR)
$(QUIET): "$@: Begin: EVE_REL=$(EVE_REL), HV=$(HV), LINUXKIT_PKG_TARGET=$(LINUXKIT_PKG_TARGET)"
cp images/out/*.yml $|
Expand All @@ -867,18 +847,6 @@ eve: $(INSTALLER) $(EVE_ARTIFACTS) current $(RUNME) $(BUILD_YML) | $(BUILD_DIR)
fi
$(QUIET): $@: Succeeded

VERIFICATION_ARTIFACTS=$(BIOS_IMG) $(EFI_PART) $(CONFIG_IMG) $(PERSIST_IMG) $(INITRD_IMG) $(VERIFICATION_IMG) $(ROOTFS_IMG) $(SBOM) $(BSP_IMX_PART) fullname-rootfs $(BOOT_PART)
verification: $(VERIFICATION_ARTIFACTS) current $(VERIFICATION) | $(BUILD_DIR)
$(QUIET): "$@: Begin: EVE_REL=$(EVE_REL), HV=$(HV), LINUXKIT_PKG_TARGET=$(LINUXKIT_PKG_TARGET)"
cp images/out/*.yml $|
cp pkg/verification/runme.sh pkg/verification/build.yml $|
$(PARSE_PKGS) pkg/verification/Dockerfile.in > $|/Dockerfile
$(LINUXKIT) $(DASH_V) pkg $(LINUXKIT_PKG_TARGET) --platforms linux/$(ZARCH) --hash-path $(CURDIR) --hash $(ROOTFS_VERSION)-$(HV) --docker $(if $(strip $(EVE_REL)),--release) $(EVE_REL)$(if $(strip $(EVE_REL)),-$(HV)) $(FORCE_BUILD) $|
$(QUIET)if [ -n "$(EVE_REL)" ] && [ $(HV) = $(HV_DEFAULT) ]; then \
$(LINUXKIT) $(DASH_V) pkg $(LINUXKIT_PKG_TARGET) --platforms linux/$(ZARCH) --hash-path $(CURDIR) --hash $(EVE_REL)-$(HV) --docker --release $(EVE_REL) $(FORCE_BUILD) $| ;\
fi
$(QUIET): $@: Succeeded

.PHONY: image-set outfile-set cache-export cache-export-docker-load cache-export-docker-load-all

image-set:
Expand Down Expand Up @@ -1058,6 +1026,9 @@ images/out:
images/out/rootfs-%.yml.in: images/rootfs.yml.in $(RESCAN_DEPS) | images/out
$(QUIET)tools/compose-image-yml.sh -b $< -v "$(ROOTFS_VERSION)-$*-$(ZARCH)" -o $@ -h $(HV) $(patsubst %,images/modifiers/%.yq,$(subst -, ,$*))

images/out/installer-%.yml.in: images/installer.yml.in $(RESCAN_DEPS) | images/out
$(QUIET)tools/compose-image-yml.sh -b $< -v "$(ROOTFS_VERSION)-$*-$(ZARCH)" -o $@ -h $(HV) $(patsubst %,images/modifiers/%.yq,$(subst -, ,$*))

pkg-deps.mk: $(GET_DEPS)
$(QUIET)$(GET_DEPS) $(ROOTFS_GET_DEPS) -m $@

Expand Down Expand Up @@ -1136,9 +1107,6 @@ help:
@echo " installer-raw builds raw disk installer image (to be installed on bootable media)"
@echo " installer-iso builds an ISO installers image (to be installed on bootable media)"
@echo " installer-net builds a tarball of artifacts to be used for PXE booting"
@echo " verification-raw builds raw disk verification image (to be installed on bootable media)"
@echo " verification-net builds a tarball of artifacts to be used for PXE verification"
@echo " verification-iso builds an ISO verification image (to be installed on bootable media)"
@echo
@echo "Commonly used run targets (note they don't automatically rebuild images they run):"
@echo " run-compose runs all EVE microservices via docker-compose deployment"
Expand All @@ -1150,7 +1118,6 @@ help:
@echo " run-grub runs our copy of GRUB bootloader and nothing else (very limited usefulness)"
@echo " run-installer-iso runs installer.iso (via qemu) and 'installs' EVE into (initially blank) target.img"
@echo " run-installer-raw runs installer.raw (via qemu) and 'installs' EVE into (initially blank) target.img"
@echo " run-verification-raw runs verification.raw (via qemu), installs EVE into (initially blank) target.img, and verifies it"
@echo " run-installer-net runs installer.net (via qemu/iPXE) and 'installs' EVE into (initially blank) target.img"
@echo " run-target runs a full fledged virtual device on qemu from target.img (similar to run-live)"
@echo
Expand Down
Loading

0 comments on commit 30662be

Please sign in to comment.