From db75013cd91ff7a36dce2fedf28cb7ad1566fccf Mon Sep 17 00:00:00 2001 From: Channing Gaddy Date: Tue, 18 Jul 2023 21:19:10 -0700 Subject: [PATCH 01/23] soci-comments Signed-off-by: Channing Gaddy --- pkg/config/config.go | 1 + 1 file changed, 1 insertion(+) diff --git a/pkg/config/config.go b/pkg/config/config.go index aaef3e748..579a0f80c 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -35,6 +35,7 @@ type AdditionalDirectory struct { type Finch struct { CPUs *int `yaml:"cpus"` Memory *string `yaml:"memory"` + /** add soci here? **/ // CredsHelper: the list of credential helpers that will be installed and configured automatically on vm init or on vm start CredsHelpers []string `yaml:"creds_helpers,omitempty"` // AdditionalDirectories are the work directories that are not supported by default. In macOS, only home directory is supported by default. From e4916498ffee8fd3ac34eb6a84f45b0a04b9f9ed Mon Sep 17 00:00:00 2001 From: Channing Gaddy Date: Thu, 27 Jul 2023 10:58:56 -0700 Subject: [PATCH 02/23] initial commit for soci packaging Signed-off-by: Channing Gaddy --- cmd/finch/main.go | 3 + config.yaml | 3 + finch-support-20230726184827.zip | Bin 0 -> 14785 bytes pkg/config/config.go | 1 + pkg/config/lima_config_applier.go | 55 +++++++++++ pkg/dependency/dependency.go | 5 + pkg/dependency/soci/soci.go | 84 ++++++++++++++++ pkg/dependency/soci/soci_binary.go | 150 +++++++++++++++++++++++++++++ 8 files changed, 301 insertions(+) create mode 100644 finch-support-20230726184827.zip create mode 100644 pkg/dependency/soci/soci.go create mode 100644 pkg/dependency/soci/soci_binary.go diff --git a/cmd/finch/main.go b/cmd/finch/main.go index dfef4cbd9..8176971d8 100644 --- a/cmd/finch/main.go +++ b/cmd/finch/main.go @@ -16,6 +16,7 @@ import ( "github.com/runfinch/finch/pkg/config" "github.com/runfinch/finch/pkg/dependency" "github.com/runfinch/finch/pkg/dependency/credhelper" + "github.com/runfinch/finch/pkg/dependency/soci" "github.com/runfinch/finch/pkg/dependency/vmnet" "github.com/runfinch/finch/pkg/disk" "github.com/runfinch/finch/pkg/flog" @@ -125,6 +126,8 @@ func virtualMachineCommands( vmnet.NewDependencyGroup(ecc, lcc, fs, fp, logger), credhelper.NewDependencyGroup(ecc, fs, fp, logger, fc, system.NewStdLib().Env("USER"), system.NewStdLib().Arch()), + soci.NewDependencyGroup(ecc, fs, fp, logger, fc, system.NewStdLib().Env("USER"), + system.NewStdLib().Arch()), } return newVirtualMachineCommand( lcc, diff --git a/config.yaml b/config.yaml index d5b00a556..d40e5eeda 100644 --- a/config.yaml +++ b/config.yaml @@ -1,3 +1,6 @@ # Every field is optional, even an empty file would work memory: 4GiB cpus: 4 +creds_helpers: + - ecr-login +soci_snapshotter: true diff --git a/finch-support-20230726184827.zip b/finch-support-20230726184827.zip new file mode 100644 index 0000000000000000000000000000000000000000..fc83b59eba29f47b2a690a9bb6e0b34fcd401359 GIT binary patch literal 14785 zcmb_@b$FXklBQ#h8DwT=W{xRlW{w>*Gh1e6W@dKG%*@P8F*D=kH+Qo$J9j&~e_Tl| zef_oiRdql0NLAHu$xDHO13>;?g7@d9v6=NxQ#uDHTU#4@M>=LkW)?;cW_Bh{R!(LP z2Km2Dg$9BCzh+bacT;UG^&O3E?5*hC^sOvM85$MknOPTE6m}(PB`0eX#c4;`Sau}G z#=-1p;p3FX$EEM>Z1e16JHK|x=k%2KiX`67lt?Y~y#uhD_LOF5+;<5L#ZpWgb^OiSjl__SE))sA%OA&J-OE4*N>P~Luj0uiS%t^8QK zE%vD*{MDD}8`Jdi+EP?tba-RUt@LpVe&9J=JO?xV2No;N6-J(Sq*Y(lX^Z2v|m zVT<%I+crNg%ubvyd$>}px+a8lHCXY5a?u?MKN13juM`5S*g?$K1FVGbM+8jN4< zE{ug(_;zSpCbQv_?3U|zm~y^d-!;E`+uiMCUtU8zk zFLAW!aEwxjNYXMQv}^DAKlxS@xE)*p!sTL8)O-=XQRwXr*-UByYjMaiH zYTYQvlQ!G3Fce!76xTAibbV-$$TfLNBD3Nsf&n*jl(OiNhDO!%a}*%DOVbMqWbVQ& z4OE_+Fp#C=Ji$8Z!3(njgk{?`pT;1_)i{*(PDm;d7>Y#W1$Mb|jv7p3M71jL485wC z?5DxnIQ1*x(`b;XH5vrO`ulK#hZ>p5#3VOC zGv9MYTum)@v14`XNGs&oQdOmt*H}7?n2ByPaQPG5zQ4q917_`w`{$_ikObQdyKy}d zd;wS(-_^cmDr)Y0gl#OBd?U3bce8LWB^j%XFsB!$Vt&b}KzPEV@0IwumZ^*4UV$ec z0^s&#$!V8ZLTe>eKB|RBBf@Wo6Ya5((r-TgCLWbKC3@(ZX}ugh+p|sY95^X#V^{x1 zGg#Mzw&!wLJ>59Dv2z~WGOWuh+w=*tao_e`=9peYD6X8|$MWlpj z-$SeE#PqTRtJ#@(e5anQrm&+&hoM!|Y~(=OD;rA%?XR<^8^2ViXEQQ$R8{f5{z=^h zGM+rl#>y{TM;Q{y$GnJAd|q*NoBQ%d+k#O19T3mqC^{ud-9_*yxuAlUeK06G@D)+RY1kU=scLk8ly*@`E(tqdzQzWj3f8s_Fg|b;=Uhrt+q75??rWs4l;j=|=QSqtOTk+MgVVb0|2Sw6A%Z}Ztr+X_{NN_P| zMSbtPjlXxm3wQA6!uB`tS~7NGp(5+*hsflfRgpJ zNpmb0tEHb_w#0q&xFtok&N9&4h8Z_GbfgA86^V?76%X})^ zN`TCSY?I6qIVrdko~@+N3?DWS?l4l62|xW>9T|!^yL#}3UGhrT@~t#SvD@PKEnoeo zzO8Ldwh$FE(3JX0kqapQ^j&S@;sbBUS%`!!D~9VbDU0vEj4USyZu~fDW#t#M=5xSETQdPy&@b zpd}VTaB0IMypYOD(H!{o>$s6dFL+PReJbn#0ZHF5&W{}?0T#;-%TV0vQ$_pZQ3$uR z9?7ZcY)xX~em%6gpdJc{;G(!Pul+fgiVSMiUJ(0ynvz1FkDi?`yaXH)H+~!^akHFm zAYvBp#QdCnc)Y67-ru6^gFwGiY-MG5!S$d=T2NT-iojee3>THG>t=k{i@nN(bBVtB z^HWNlJ^z^R*)^<0t}*y+Y^Pf2Q!RH(`$(YP$t2zH^GBq>^3~q-JIZUgOFK>$)JQte z8?{HbOv#zgN0;y72a9j=3mMY2rGCbvl>!8$qxNC^L2+}Pp> z0T(?f*GSgR>X*|}sBq){s9%P&uX;Y|+|}u&Aqs%yr}FZ4?_@o?pzjC})zPSePmZ_$ zl3YuhJQcTQZkm76Q44GAn+Tbz?%KxxW&jkv?fMVbLL1Q(@&gJ4q?7Rfmuq3;+hu)IaUN_LXS=jQ;n&l7o@GnZD&;t7-StO5SZwI&@gl zyoWt8no120OMxgL-SQ%LXZvCZnJEYk6~f{~o|YR(=P&o9T8o#g{k~@+(bzMHlw5JL zPlO74ZewF5@k-8h@jZKJ`FQaFLWUrJ!ta}}5R)(b&0aH*!u;6r{{gnsSLH#!{ z=F0>K4!f$Aj6bK}*8?9mB(Ev&53_!^aVyMV$379cfRG!vADYla;w+;qS0x0DOF?av z6Y->nSPpWr`s?Ivp)60hzhhr-<-$oxZ$0r|RtOPu3EnV`B6G3XgcE`CLmO3dbL3AlyTdW~0A?Q9m()_MSa+d)Ce|;Bc9^WpX zp*^IcD1q?3GdRBdTREj60pY1;5`sfn>Z}+~b7`Rgg{$j)nSro`3Uc5{cMRVP0?&j< za*YQq*Pb`vEZGC_VP75Mt$Zz~V{wC#{{j))RknXJc6NbMCiBf*{PXyCHt^#BztmfF z|3vAr>-m=8kB&07FAUEEwfh(y<}>B!`Q}Vz=ym2y<>=++zedp`{yfXjwHvm}0+s0s z%oWPe3(XbE(HqQ54F?m)o8z$5nD-=&wMQaoQtilCs{XoJ5SOaV94~3CI3i7*DnZ6l zYDk_qE;9N?U~~K#4dj2fmn)zLwooX75%RlG`CE={fBG`gMPGI6D*mEULT9A#FRr|_ z^cBVO{vr@q*|h@sVVus?1XT?LzO+1fk7}gBfDA&MaYwO?RCk-uuTSz^WuK{ClQ_KZ ziWS#5QdOj4IFOh28;5hf72ndhGHvb5l{s)+ku3VpcoODtj@jc2_O9d;{H6+^9o>p) zevY+R|E?y#RbU_x#+Rf0UOhD)$rWfJFq*w1eM!Y9-3p$Y^_$W-TJgft=^ht=IteM5 z(Z*>1J|3Na+k}aco%Ch;!#q`O0H{>89m8|1p>rVj6JfwP=?!i~ZnbeLktC~5T3YM{ zeY{N|@K?;6^vGq`vr-E2$kdDATZLbCje~$+He-Gq!H3|R?MU<+A+TV-_|L24h}^s2 z+k9O1ga1?F1H`F7h@P2V&Gp|ppML@G z^ww`FYDEZ)pD%cibl$%i8xj9_o4Q1p1ERGgO1ss0TJ^S0BzPoLfc zKg_nSWt}nU>BG;aLP@5!_A_AQW5~kYFK6l)4ifb3Mw^FmltNt@00Hjez@)Y>Xc>FZ zapzLhtO)+ccsVBZuift-W-Gl^N9DLT0sPyv5t+eG7f=^n3gN`Pl%mQ5Wu>P{<)_Ok zjzKbbsE3(-D}#31XJbEX5!8=&@RI`33x1+a8jlCkq$LVCF5Dt`wzT+nR~G&XTWBDC zb$H6gJdCH3Hp!ncY*mNoEg5%gSJTLr~4v_Z~;uIO~<85^9vl z__gZj1PmEhIx`avy)t@fRGshfE2jKu?_SER)hfICsG2vn*e!OZ{(brIPqEp)IARqG zG9mhXAvfEF>ayFGskbqQx$>o#&$7SfwFS_+S}8z`Z+9HKEJK(np-8ipIXy(c>209Y z95@Ahuhu-9Iln#e*1~{$5hB@!f+TmzK-u>tXWIRGM@~W-~k z*7xM$$q0_sjOt1FDgQwjJjP&!@SP3OmUO|bTrS=3U#Y9EnY7A^TbAhP2X>w8Fh8>Y)IfJjF?s?N(QMX(nY)wpsm)^o1nJl zkYnNI)7t7z_u7nS2K468nNt(~H5?cy3OIC6qYw<~#k7x7{M_O+=v}o@H*W%hW6Hh+ zQg0<7xlxcMFotEIqLZ(T#UgMpA(~C^`YVJ_(WLp*E_%gHkpdHBPtq|R-K0?*e$20o zmYO01vgi!;$MwQSsFj@p8s5-AR&2^8n@!x!p^I&u`8z`EKJami1BEj#yNRrEhTidU z7kd@%FS`{Y(I+*Z5i%OwL-v^7>~N!F*(Y7b+lDl6FMeI7xI{M`ZrpbM?BuOx)1zqG z=e%JN%&Mi8gOR?=g11MR{#pvpLSBn{=vUR--<1HBRI~J? zh+1EtA~alKcZQv#;}z!FqcSbN?Riqz2hfj&-GU0NuDmFTh$18zv)WU+kU{e1;eTO> z#>K*m4z}`FoThipLLWjwdP!%t3Ezd|eC2z5j`eBHNtc6U%n>ByMBF`!6^*+=evB#! zw4)fY!VI)HY#oOX^$oCAe;JXm7pGI{0dEea1FaHr)Ct6;!Css|pRJi4b>!9QZa$Sa z8542mOxbLB4pW}_$vVa*b)Na%>Zq-Xw=mbO5zRiCs(;0mIdJEQW%>uIgTPvlRW%UC zK8ulJui~|&QQS0!34dnX8$ik`;g_rfqy1Sa`jiUUlg5pR>rB{2b?1CPt`na%bH_F(tGz zlp@ko-sQphxdB_&T~`GCWF!5FWn4stw>un|z-X6~oY6LKR9$#m+x3+YlL`b**sO}q z)Nz@Gzmv=oV=FonnoNVTj0)A2x}xisjRFj_PGE#T>cV*k%7k4BQbXE z9jJ=_vS?Dr_DdhG6XPPZP^^ZHHA6|;5m8t+v8yQ}F3PCcF!P|&)0i({t1zz1(K)d= zpvVjv;*e@DhJ2pO05(XprED2RE6sY$Q-k%@po~dTW@36rx{3ma@xrGxr6@{Ty~~jH zd^lEqQ}^MgzFJ#xE?XYT+&W1$#9 z8E{ji{wO>T-RCpA!Tz7Hbdep>_$!e%`gUGsU-)xBvEXF&k9= zDGcU~s&ixxWj%1GlT$V88%nTI^*NG3+wl!g|6vxkkmOv>-B(Lqcd)eY%pk9%V%@AL zH{LuDn&CS@88fq~B(?1lRu0$*QCaiDN>Tz^+Lb_@h5iX$g=kPtEg*;i8Qu%3C?k|` zGiZo&I6vaXnR6<0z3S!JV78He&%k?Bao^Gw3YY>;Yp6i(CGHU`5#Wu?$AyZ*t;i*m zEy`%iq6J^%atn*5(Ym~Ytj8tMd9!gRWS0Lv<~PR}TG-=OuwJYH`3nj*jlVz<7kz|@ zAUEUSBG?Q)gIlqffH+ah=SRofv?1)7aU=HB2YZts?Q2N2 z=ZA+TFKNd4lK#xPGdRnR#b8}mPttd5Lg~#x7u5m(ZgXT$EJS<>Qw)`br&zm-u{I5F z3e=SGq4EKNqI|53O0!W*RHuNETBn8%6B^u9Qq`bQkv7(Eo@feIP=|BZ9if&L)aOWQ zWz1-jG!@ovJ-McmELl8Q1s@zqen{fF;SRf$GzRSt<00@0oV++0;1+~k*@eHmZzY%rR{YZQi%iA z0*9i4TZren%PJALvBQu4}B>wxZDHyUJve_9rTDep##gm0@bD%*v zlwC%*#>+Nru*W9Vgz$te;3W1`-1T+K0iBDX1HZ%=k*GO>hFi0C9SeRraeW`P>Lc1Zstma9)u$xif7_t z(r_yzyn3A zZYLyzy6uI}#BFZtM;^7!w<4{rv4Adec|(v~*KQd=<{K7e(ltd6WtmFad$~I}i#K0D zPgoYY!h)7&7um~Zc|cK z>qaBS$V+S$O0$i@?4a#_t-(NHt6IWh4Y*xKS_@4j`XQ>>Ajy-Wynu7QP!=3Ykt#Q2 zf(D6&=tz5NxZIR5qMu)-vE<%aEfA$&W#{94UT}PX`?Ue0RUu<6daYE*uh*PDbvv$h zn<6Z-`H|C(%V(BZ7jK1(<^(h&$U1eh!jq7pBwM~miemJ{oNf3I#dVJ)+EZfR>eTnc zD2jEwjqJh?4xudjw2ycU>Utufv9@FcPN($mGJc5%sonNYag^$5Jl+P3m`YApQT-;S z;7`|M53cU2-Nsl-7R~xXgk~p8YWXf9gK3;Af%D?qUP!X*?FKrijXV-ng=4&2b2Tz+ zdc7#~IO4KW3R7wjmfLp51dGaG1-{gvTV`+~C9W|@+(ge=Q!^WpEjd=>aV?>KVR>3y zh~&fwUkarmnOfc$AMamZV9q}*Srf=K6I*uDKOGQjQ$$`y4(h-#wR{`uj=v%%X|8d{ zg-7|7o|rN!BLZr>|BaBM6ew})_T#QzSA|0fut|vM`?afBG;4UrFr`s{EuhAc5@2&Y-%=q5kibYp7#Gxl3BT#MJ zcF@3!GFAOK+ss6IFC6X`8fV`N}zU_98?G z{osBwY?)`R_#%zvg|Lnkr=2reds=^syw4OZ%kSmOScGWX^%>$ey!@%#NQjHSf>7(&nI`{VaDl4a`|^T3cba&px31<`qowTbjO>~mI;7#yiX5$rz9G-7dCsBQV1e;Iz z0%9Ud3mev^-Xtqh(+F;J9-`AoN$(Q6snSt3qe9ennsU?Z<-|jfEn~oesP5){+`gj6 zH|yOhB@rEGDkh$Q@3-K|xB*pp%v16Z@sbX2f@4-5b)`&Km^T=xaw1n1o_DEy>*Ap}T@BwMB{^Ttw82;~6 z0;>~c?pkaNzVMpLuyP)sweJ|^B8DUHEBi1+5mo_~!?npD1<@jByr~g3`Y!rNlb#IS$AZiYa=NuQI0Zu3l>01XS1N+_TPm=#Y9@&f4}{8;s4_2!p0y zO{{6-K;3XqE|%P2pq*lyc&qzLFwvsGi#U|##fos3PMrB`cARww)~VLV?su782)FQk zK0LX7eWB}%QB&$Q@D|RnP^W5-X5$#zUX_u zH-PLr&OtExfh?GT&J&hh7QvZ#@PGeX2D1v^H1(D9w!E|Xm+dUE|?r}e^3ryT18N*rM}TFt*2F8Qv)s#9GY#&$eg%I8rNIp zbt8%68!3c|sE}%8P3s)hpQM7bB(xI8X7EcEk%qd6_N5?CnUR!27}13|@(B^n#kJ;) zRe%UN<)=A>&^9=$OyDz0@WHt927OrQf&h2=pw8Ujtr4wpKD-euI0oU%?OWtW7tAp zVt$5VbB?9Hl-wRJ<=Q%phnMC`YaYIkIsEMj{!Fw#pshN%zWP6%n>6qQg#6;MJ=dul;MjR_is)q%ZJcP?OK9 z0zP0w;njO3+t(UQM#&rX+=gY*fH)$?emo2_B}bSlaf!&H7JG2@sk1hE17 zxV4-1;p;ox>Ji5CbBWJwe^J}yoWJJ}Aj|;lP3Px1rXO-65AgELhIEF_SX=e@0C;(+ z#l?@{tNc(oP+UH_`i_{3M`CKu`u#5A-%&-mto!BiQXocsX(74OqBDf3YDw0|qu}s% z;#FTM!!&bDWdMP=@D_4;M-Y-q46Rie+G1h~FdeM7Si(&S237>5ohqH>KuQ`8I8WZC z>g{@$!o8r}6Z6Ud71bBR0og2Duhi(7i)a<)B`ITXFwt`VBXl4bI03}WDIxme76_4; zU<7tZsLBmwh&`ac!vCnO6$otKp zJbEIzrGZ%Ib9EvEInlz!d<2@QbP=&?RW~+d;uomlrsr1Kim*u6u;zB#HWTe)+Hr}v zDi}q#EeGyQVQ=mru|W@?XoMw^B-)!Z=-&%kv~l96RD5`?j3MzD7dDMpNCEZqg2O%< zXM?^NeHa1=8cEMrT^t8Z-tlT`9>9lcw(sg_I3BGj=q~uqY;*aF`Wu8&nDDP)DR7og zJbTV|aygqrij`yqvPWuph~#_kZe9vxJbp5UNRzyuu{VbjmMf5Uy-zz#O%jg!pw{Zn zGE1~II2>lD8*t?_m6{tjgQ6$iKWk^L7pZ7vY~+=N#dkn2tgBv=^G|1xAoq^n9uxuv zKQ%qezfh`EmP5vf`92M54|CqP-|T;sQr;&uC7<4fg(f3$YZwTNleES*arA`tkw)!z z(EW-&Fg&lPVbu+u4m9Dj&o*FImzLYgWkgdNl5$;_A6;@jwH#13LaVnEGyd2&nQV0R zs(cVW4f4hlRf`~dd%s-|%FX8QzI4l&0cc-;N?smEsuZTBC})ZWFKsIJ6|^&em4Mwu z;<#xQIh*R6t7Ep2N?N9TpWDrlP%m}IaHDCg|54~o?X@1e>VA;X9eUfHSd3`VSbngi z51)Fq$fd>sVrwR8KDI{OuN*zO{bXFv$>)#G1hL@?(@7Jp617Q7eW9)95r$ShbSJi)$Up1x{*TY0_54!2)J)#I78#gRfv=MMk`};J%20}Wp+{Nbz zyu4UXq@I=ZZP$Pig4~Amxm3N%Mi?jaq+@7q8k-&FsDYpZYVL$}>nj&zS$PndpjGqg zmm;S}Z&d>EQq>+kpw+k3pw561W$}~&L|Sg@JWrN3AlcTeo`=aib4?Y)jy0#3$Ldz+ zwoNFUXr5E```Odr2V;SLY`(|u3*)!7;^W^7_vbm@@1x|*$cs^+Z|t4}?waI1!FFxq z^Dd9OV<9`zZ*UvlXdB`>wn`+6wILu-OAg-_kfaE{v}#^fT*{5R=qoo)kR)F_;o?5- zCs9pI`;DciXu!E8$p6lD-Qb4kdUCibtq;uz(!H&2(m+SvdF}fN{pf1ew;)g?N=P}r zd9kqM?yd9maQzXzmSD_A^GVwS=CK2;FU8@P!mg=4E5w}U&YASD;Tj6^NAB&{?o}Em z0EZj1d{+Du!ZB)8zSDNd!?_&`(`Ui@>1XmF($Zur;7RBby!~NFB<;m7kRfZS*?_Gu zR!(Mgp_6c8pBMzh8n7RYTEs1MN5|_IP!2_Uf4+>3+y^tw1~6y+v=$yVO_M@sTgq|q zR;QCu_s1C|76Ao`uN%}8Yz+KWOPit%luT7Bjw!SUkr$8ehg4A*W`dC#i1WLVS5v$B zE-jI32BWwJ0RO3sP}D4{^xgp57GA_cn zAxX>$sQ7xFQZANm|uZkkYoL=4$Wy0K!m+n9=`-)IKq4N^eCFkBWpFl#oU+ zEktHdAmwrsdY%SZ0V>SwHx~1d2X37jZ0#sE+oB&qImxCG;!4UQGY8OH+8KKI-av0B zx5dx#hSC1^tr!V&RdLFg-_l>TzLmMD(Ar2|b9`|~`pWA$Xv2h{WN`vyy#_?~Qr*7DOVG3ll-8mAqIa6g+ zg%O*~pXn_YO%&c+gz8j!nYZRw<`v5^NIxN)iL5D`@6ltbJa6u7u zV$D0al%1A8wpDVkY23i`iX5LjSR%j8l@${YP8SjJyT4jr594#_=>p{m2ne`JMdDd@ zp+QvAow)R&pS`HPUnm{B;t8wkf^P4!f2~C6Dfd(>jGp;?^9~uIoacvuX|S|OonhiCFy4aQ3>u7 zdnRhD-pc}Ni3cLrLkT{bkNEfGnN5#feuOLM>rI_MCB+?sUuf=J{CN2|dDu<3OJ*`d zX0~D5f3nWV@uZY^@JT4u8 zR&?4to;nZ|QWijIL7Adx8W(hvouVK#L1BCG&Ag+AZ~%1Y<^4X1G?GWSY{or{#tMD= zmf58?NF~Z#OR>v9pK2$rY&L0SkACh5xwpL`+?B)w{%{;rDM#vtf}AMc5+Oq(l*%*R zjOzZRt`e4Nz89Dt0Ih#F4_UdY$}Ur-f~}Jm%Z6F6Nzb$qDly$p1Ap5A#b$x%yCuJ? z8H;Rb(H`UhI)sjiTvc$|Ag7hzYeO{0Ec#Pxt$nGn!8YIYlH3rAK_rOMpAT-5W<*-p zl!u6|*ZX&1R~mn%Ie{urM1HM)X0>W|YeQSuydOozCX$MH8j@Hiua-U9>Tq;9Pa`ih zZipcM9o}9CP%`^ldz%JOD?e0x=`XGHiEAvxq=fn|tww$B>&%swSkoN4=s;pn48%LV z$4j&-kS(vB4)d)k8Vep&=Ay!_|rJPCTtmzdx41F0vgpKI?P zSnZXdJahQ6%Z0qO_g0g1U)=2`)}4+ks4@TtFWOV#oXf2$v&m1LYv}2VAgL-fF^gaL z)t~W0x1DS+cBwXXq1GNcP(H6D%p?FOYSUA$Fbxt-dBKHk(T5F2P?9VGS&9y#nqVoV zNga{6wBa5j^&YE)$yA}nzOoWW32dsNQG~Vq=F5(mB?%$q;;+=0eL4IuJ(A7q42>E? zL2|Y1Y*nx`e=^bNrhrkAbT@&8cJI|~D?QoQ^a{&YF{9m!jX7>DhOmgd`mi<7#r;9u zHeC15?F|eKHz@WB#i!}Gh&vtWOusRwv^Woa z>vvOJtKs}TslC9%tfr-l+p?CyMvN(i{R`E7znJ=gtj{how>aA>H zo#W97;q|#9X^d4GGxH|dbGO%eCBTx!%z<@z7i#g5?tEU7Q^ROVHu-dZbVQvy?&Y!C z#@or(HJt!uuWP9yMQcVYr?Y#6h=2fDsk#T-fQ2|Pki|6J`6P4L&^MzN!Xh_4k2Tz9 zQk_3mPnT;ijqXSnN93a%X*7z%Cna4BO9d#^W_iDRylk-xoNt@t9)dimA2{}8Y~#Z- zSqx}Hw8Ak9!-uk4Z_Pc~IytakiyNtRjaJWFbClhE2-0jEMa7VD+pfm*;=+9=xol?{ z#Hc4XZIj6c5qGT)v9J=?6*v~E1AMH?RZP5o#w09^``3LhCw(S~bTyiJ$`!=p4-uj# z38fC#AnTi@gs;SOf*?YDofT)K&SDBL&7K@p3_}_~w;XWT;#$_cmZ`ewX^f&4IOip8 z$)Jm!PLc0)CZeqgk}Nb$Q@JNxz$ZoVZbH7NQesDn8SO81o;!X$HGkk+bmsA9wH9{8 zS;qC!yJ39OiwUXyc9=qG*+4>fPY~3{aNL=3hS;}*K7*sAvDDf7EknwesG&2XpxFPo zh{wy?;#l<0|LW<}-Q0C>eBIn<2OWLys5B+3nK(kHXfNc|AdRG}hh3OZ>1(>Dr zlO%0MAVA75HcZKFizKmd3wFuB^r!I$i!>UIRaK^N-6!Y-l8xGzYUp zz4IqmYSyDw-iG9K;f$I-EP{(TPFA=P%eI|87mL|ATg%+}P&m>rt*Ksq#4}`cB8o5@qjFdcs7NO{;7n&R;99$mrvgr#cenxV_}QYZU*MOYXEswnAKV zSC+iQrhseH7*al+CcV?zI*01FDpv+$Sfd`NPPQNc4&L2@TEKecVd`4JPu)xQa5T-; zMb~`!iU0g0cv=+VDQ4c86SFrFl@^UQj7g#1?U^r<60TiNZT2JGguSI3lw(*tx)6C4 zJcq`zZeTBQ&GAEK^Upbl&sGIOcbwzHH$wuB)dQTtgn3QL0G;Di^7G!b1-@FX#u3c5 zWR_BscfYTq@Db;yv*e{Iy(N&HZQjevW*4!IKyKRC7ucb@w zE{SgP$k;p47KiF+CpOzBYwg@QfqlAo5kn!CocOqt#$wf+JU@;t3@z7(JWNu~n_4%C zF`K4P(p?yW_Ut^Fa0%G+-fUkse$VZt`#|h8?N{N;JXl@eEPu)==)ns!U#YI4op~E( zR>!{_JghwFQNum!oh~t4wFXTOYNbIjXwSsYElCs5K3x91MkDU>YXxw_EXK9GL16Dm zvi^eia?H4RWzZf~E4H>MGYf1+>B=~{xYMgj)8q3D+T*w$n9inX|5nYQcctoVQB-*h zMAqyIx%gSfG3NpTqtZYpy_N^#135Bb3%`TApt29^ZA}I+``y9^AI--Lcix*A$F^Si zdy|c!FZ9{nW62e%~NK-%$;N$u123@wwrf0!unMiEVVGA-g3OJwm$?mUQKbpF>Sq|A~ zDC7<;ee0R*CrSo3PD07)+m>BZvRhR8VH`btAv`_?W1mpCMPn%^?Q}R{L5eu|SR`W7$V=$T9`ikIRpCmu*gRxS*+x`zARc7iP*HeK>1wM`VjiT^tH zUBJyPCBoe&z0P>2vRQsUpA+xl2r!w7Dg~~P5WyoST)vTS0s*n7rc_PS=1)lmOE%M{ zVs@7u%i}#4{kk(2_0iMwL?!i%=9Hsz{7{TG$@r}S@V(qG?SYKNZ$15mxUr$QO5=oO zTD9x9&>Fak1ie>${y^n1fL5DE3r(Lwk23f>)7J!})!I1=1lLN)q$2({9=w>LBzcjK zcD^OMZe^L1Xl6AaePn0#2xmd{22Wcje6jH98oAS}mr7UXM&)TYXj!dDpGI3zO?2C4 zHloM$crQ$$XOUu_CZr9|ijTzrOg-7{)}j1mX5$v{c}k?2&~u$~L=F#eQIFDU>6X_l zde!f2VnwLNSKwhty5x`qT5kAqi7vojz^pE3^MNTB#k@zhihmt9+ne*%_2s$m`e5bm zoI=n+PBvOBDYua{h0tw*DSD|BbHvx6m29o2jao5e{;D zqxgwo`j}1*U!xhs11*pMo2u0Robdj^)2T}SZDgCV3-I~q9AC5gz&RGt$9x=iCt5mb zat8HU5DWui`QyHFtu6BgFWN%!dPjX1eVjH-?O5;`;_vE*4?|BF{8^02pC&K$1rz}C zUl-5)`N%)Xza>`x9qRAJbpKr2_E$08KZNJc<-djcPo;JLiu=#R_P_S{A2Rso^55eA z-*s~T3jWU|^ZyJ^^!0xZ{(qSA{|f%k8JE9!>i>|N{}K2> $config + sudo soci-snapshotter-grpc &> ~/soci-snapshotter-logs & +fi +sudo systemctl restart containerd.service +`, sociInstallationProvisioningScriptHeader), + }) + } else if hasScript && !enabled { + if len(limaCfg.Provision) > 0 { + limaCfg.Provision = append(limaCfg.Provision[:idx], limaCfg.Provision[idx+1:]...) + } + } +} + +func hasSociInstallationScript(limaCfg *limayaml.LimaYAML) (int, bool) { + hasSociInstallationScript := false + var scriptIdx int + for idx, prov := range limaCfg.Provision { + trimmed := strings.Trim(prov.Script, " ") + if !hasSociInstallationScript && strings.HasPrefix(trimmed, sociInstallationProvisioningScriptHeader) { + hasSociInstallationScript = true + scriptIdx = idx + } + } + + return scriptIdx, hasSociInstallationScript +} + func hasUserModeEmulationInstallationScript(limaCfg *limayaml.LimaYAML) (int, bool) { hasCrossArchToolInstallationScript := false var scriptIdx int diff --git a/pkg/dependency/dependency.go b/pkg/dependency/dependency.go index 4a50fd9c8..ad9b91e4e 100644 --- a/pkg/dependency/dependency.go +++ b/pkg/dependency/dependency.go @@ -89,3 +89,8 @@ func InstallOptionalDeps(groups []*Group, logger flog.Logger) error { return nil } + +/*function to run dependency commands after VM is started (implement 8/26) +func AfterStart(){ + +}*/ diff --git a/pkg/dependency/soci/soci.go b/pkg/dependency/soci/soci.go new file mode 100644 index 000000000..8d1fe4351 --- /dev/null +++ b/pkg/dependency/soci/soci.go @@ -0,0 +1,84 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Package credhelper for integrating SOCI into Finch +package soci + +import ( + "fmt" + + "github.com/spf13/afero" + + "github.com/runfinch/finch/pkg/command" + "github.com/runfinch/finch/pkg/config" + "github.com/runfinch/finch/pkg/dependency" + "github.com/runfinch/finch/pkg/flog" + "github.com/runfinch/finch/pkg/path" +) + +const ( + description = "Installing SOCI" + errMsg = "Failed to finish installing SOCI" +) + +// NewDependencyGroup returns a dependency group that contains all the dependencies required to make credhelper work. +func NewDependencyGroup( + execCmdCreator command.Creator, + fs afero.Fs, + fp path.Finch, + logger flog.Logger, + fc *config.Finch, + user string, + arch string, +) *dependency.Group { + deps := newDeps(execCmdCreator, fs, fp, logger, fc, user, arch) + return dependency.NewGroup(deps, description, errMsg) +} + +type helperConfig struct { + binaryName string + sociURL string + installFolder string + finchPath string +} + +func newDeps( + execCmdCreator command.Creator, + fs afero.Fs, + fp path.Finch, + logger flog.Logger, + fc *config.Finch, + user string, + arch string, +) []dependency.Dependency { + var deps []dependency.Dependency + empty := dependency.Dependency(nil) + if fc == nil { + deps = append(deps, empty) + return deps + } + if fc.Soci == nil { + deps = append(deps, empty) + return deps + } + configs := map[string]helperConfig{} + installFolder := fmt.Sprintf("/Users/%s/.finch/soci/", user) + finchPath := fmt.Sprintf("/Users/%s/.finch/", user) + + const versionSoci = "0.3.0" + + binaryName := fmt.Sprintf("soci-snapshotter-%s-linux-%s.tar.gz", versionSoci, arch) + sociURL := fmt.Sprintf("https://github.com/awslabs/soci-snapshotter/releases/download/v%s/%s", + versionSoci, binaryName) + hcSoci := helperConfig{ + binaryName: binaryName, sociURL: sociURL, + installFolder: installFolder, + finchPath: finchPath, + } + configs["soci"] = hcSoci + + binaries := newSociBinary(fp, fs, execCmdCreator, logger, user, configs["soci"]) + deps = append(deps, dependency.Dependency(binaries)) + + return deps +} diff --git a/pkg/dependency/soci/soci_binary.go b/pkg/dependency/soci/soci_binary.go new file mode 100644 index 000000000..9c7d39ee1 --- /dev/null +++ b/pkg/dependency/soci/soci_binary.go @@ -0,0 +1,150 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package soci + +import ( + "fmt" + "strings" + + "github.com/spf13/afero" + + "github.com/runfinch/finch/pkg/command" + "github.com/runfinch/finch/pkg/dependency" + "github.com/runfinch/finch/pkg/flog" + "github.com/runfinch/finch/pkg/path" +) + +type socibin struct { + fp path.Finch + fs afero.Fs + cmdCreator command.Creator + l flog.Logger + user string + hcfg helperConfig +} + +var _ dependency.Dependency = (*socibin)(nil) + +func newSociBinary(fp path.Finch, fs afero.Fs, cmdCreator command.Creator, l flog.Logger, + user string, hcfg helperConfig, +) *socibin { + return &socibin{ + // TODO: consider replacing fp with only the strings that are used instead of the entire type + fp: fp, + fs: fs, + cmdCreator: cmdCreator, + l: l, + user: user, + hcfg: hcfg, + } +} + +const sociInstallationProvision = `` + +// credHelperConfigName returns the name of the credential helper binary that will be used +// inside the config.json. +func (bin *socibin) credHelperConfigName() string { + return strings.ReplaceAll(bin.hcfg.binaryName, "docker-credential-", "") +} + +// fullInstallPath returns the full installation path of the credential helper binary. +func (bin *socibin) fullInstallPath() string { + return fmt.Sprintf("%s%s", bin.hcfg.installFolder, bin.hcfg.binaryName) +} + +// Installed checks if the credential helper already exists in the specified +// folder and checks if the hash of the installed binary is correct. +func (bin *socibin) Installed() bool { + bin.l.Infof("Checking if SOCI is installed") + dirExists, err := afero.DirExists(bin.fs, bin.hcfg.installFolder) + if err != nil { + bin.l.Errorf("failed to get status of SOCI directory: %v", err) + return false + } + if !dirExists { + return false + } + fileExists, err := afero.Exists(bin.fs, bin.fullInstallPath()) + if err != nil { + bin.l.Errorf("failed to get status of SOCI binary: %v", err) + return false + } + if !fileExists { + return false + } + file, err := bin.fs.Open(bin.fullInstallPath()) + if err != nil { + bin.l.Error(err) + return false + } + defer file.Close() //nolint:errcheck // closing the file + + return true +} + +// Install installs SOCI. +func (bin *socibin) Install() error { + bin.l.Infof("Installing SOCI") + //installation of SOCI occurs in apply() of lima_config_applier.go + + // mkdirCmd := bin.cmdCreator.Create("mkdir", "-p", bin.hcfg.installFolder) + // _, err := mkdirCmd.Output() + // if err != nil { + // return fmt.Errorf("error creating installation directory %s, err: %w", bin.hcfg.installFolder, err) + // } + + // /*wgetInstall, err := bin.cmdCreator.Create("sudo", "yum", "install", "wget", "-y").Output() + // bin.l.Infof("wget install output: %s", wgetInstall) + // if err != nil { + // return fmt.Errorf("failed to install wget: %w", err) + // }*/ + // curlCmd := bin.cmdCreator.Create("curl", "-OL", bin.hcfg.sociURL) + + // sociInstall, err := curlCmd.Output() + // bin.l.Infof("soci install output: %s", sociInstall) + // if err != nil { + // return fmt.Errorf("error installing binary %s, err: %w", bin.hcfg.binaryName, err) + // } + + // tarCmd := bin.cmdCreator.Create("sudo", "tar", "-C", bin.hcfg.installFolder, "-xvf", bin.hcfg.binaryName, "./soci", "./soci-snapshotter-grpc") + // sociArchive, err := tarCmd.Output() + // bin.l.Infof("tar command result:", string(sociArchive)) + // if err != nil { + // return fmt.Errorf("error archiving binary %s, err: %w", bin.hcfg.binaryName, err) + // } + + // /*err = bin.fs.Chmod(bin.fullInstallPath(), 0o755) + // if err != nil { + // return err + // }*/ + // //err = updateConfigFile(bin) + // if err != nil { + // return err + // } + return nil +} + +/* +func (bin *socibin) addProvisioningScript(filePath string){ + f, err := bin.fs.OpenFile(filePath, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0o644) + if err != nil { + return fmt.Errorf("error opening file at path %s, error: %w", filePath, err) + } + defer func() { + if err := f.Close(); err != nil { + overConf.l.Errorf("error closing file at path %s, error: %v", filePath, err) + } + }() + if _, err := f.WriteString(sociInstallationProvision); err != nil { + return fmt.Errorf("error writing to file at path %s", filePath) + } + + return nil + +} +*/ +// RequiresRoot returns whether the installation of the binary needs root permissions. +func (bin *socibin) RequiresRoot() bool { + return false +} From a5ab5368c087b4922873986bb0692da92d23375b Mon Sep 17 00:00:00 2001 From: Channing Gaddy Date: Thu, 27 Jul 2023 15:15:56 -0700 Subject: [PATCH 03/23] making toggle for soci configurable Signed-off-by: Channing Gaddy --- pkg/config/config.go | 2 +- pkg/config/lima_config_applier.go | 42 +++++++++++++++---------------- pkg/dependency/dependency.go | 5 ---- pkg/dependency/soci/soci.go | 4 +++ 4 files changed, 25 insertions(+), 28 deletions(-) diff --git a/pkg/config/config.go b/pkg/config/config.go index 1b649dbb3..cba1538e6 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -35,7 +35,7 @@ type AdditionalDirectory struct { type Finch struct { CPUs *int `yaml:"cpus"` Memory *string `yaml:"memory"` - /** add soci here? **/ + //Soci: boolean value of whether user wants SOCI installed Soci *bool `yaml:"soci_snapshotter,omitempty"` // CredsHelper: the list of credential helpers that will be installed and configured automatically on vm init or on vm start CredsHelpers []string `yaml:"creds_helpers,omitempty"` diff --git a/pkg/config/lima_config_applier.go b/pkg/config/lima_config_applier.go index f104fc170..9b9e5db75 100644 --- a/pkg/config/lima_config_applier.go +++ b/pkg/config/lima_config_applier.go @@ -88,16 +88,15 @@ func (lca *limaConfigApplier) Apply(isInit bool) error { limaCfg.Rosetta.Enabled = pointer.Bool(false) limaCfg.Rosetta.BinFmt = pointer.Bool(false) } - //limaCfg.Env = map[string]string{"soci-wanted": "true"} - var sociWanted bool + var sociEnabled bool if lca.cfg.Soci == nil { - sociWanted = false + sociEnabled = false } else { - sociWanted = true + sociEnabled = *lca.cfg.Soci } - toggleSoci(&limaCfg, sociWanted) + toggleSoci(&limaCfg, sociEnabled) if isInit { cfgAfterInit, err := lca.applyInit(&limaCfg) @@ -186,9 +185,22 @@ fi } } +func hasUserModeEmulationInstallationScript(limaCfg *limayaml.LimaYAML) (int, bool) { + hasCrossArchToolInstallationScript := false + var scriptIdx int + for idx, prov := range limaCfg.Provision { + trimmed := strings.Trim(prov.Script, " ") + if !hasCrossArchToolInstallationScript && strings.HasPrefix(trimmed, userModeEmulationProvisioningScriptHeader) { + hasCrossArchToolInstallationScript = true + scriptIdx = idx + } + } + + return scriptIdx, hasCrossArchToolInstallationScript +} + func toggleSoci(limaCfg *limayaml.LimaYAML, enabled bool) { idx, hasScript := hasSociInstallationScript(limaCfg) - hasScript = false if !hasScript && enabled { limaCfg.Provision = append(limaCfg.Provision, limayaml.Provision{ Mode: "system", @@ -204,9 +216,9 @@ if [ ! -f /usr/local/bin/soci ]; then echo " [proxy_plugins.soci] type = \"snapshot\" address = \"/run/soci-snapshotter-grpc/soci-snapshotter-grpc.sock\" " >> $config - sudo soci-snapshotter-grpc &> ~/soci-snapshotter-logs & -fi sudo systemctl restart containerd.service +sudo soci-snapshotter-grpc &> ~/soci-snapshotter-logs & +fi `, sociInstallationProvisioningScriptHeader), }) } else if hasScript && !enabled { @@ -229,17 +241,3 @@ func hasSociInstallationScript(limaCfg *limayaml.LimaYAML) (int, bool) { return scriptIdx, hasSociInstallationScript } - -func hasUserModeEmulationInstallationScript(limaCfg *limayaml.LimaYAML) (int, bool) { - hasCrossArchToolInstallationScript := false - var scriptIdx int - for idx, prov := range limaCfg.Provision { - trimmed := strings.Trim(prov.Script, " ") - if !hasCrossArchToolInstallationScript && strings.HasPrefix(trimmed, userModeEmulationProvisioningScriptHeader) { - hasCrossArchToolInstallationScript = true - scriptIdx = idx - } - } - - return scriptIdx, hasCrossArchToolInstallationScript -} diff --git a/pkg/dependency/dependency.go b/pkg/dependency/dependency.go index ad9b91e4e..4a50fd9c8 100644 --- a/pkg/dependency/dependency.go +++ b/pkg/dependency/dependency.go @@ -89,8 +89,3 @@ func InstallOptionalDeps(groups []*Group, logger flog.Logger) error { return nil } - -/*function to run dependency commands after VM is started (implement 8/26) -func AfterStart(){ - -}*/ diff --git a/pkg/dependency/soci/soci.go b/pkg/dependency/soci/soci.go index 8d1fe4351..ffb886db9 100644 --- a/pkg/dependency/soci/soci.go +++ b/pkg/dependency/soci/soci.go @@ -61,6 +61,10 @@ func newDeps( deps = append(deps, empty) return deps } + if *fc.Soci == false { + deps = append(deps, empty) + return deps + } configs := map[string]helperConfig{} installFolder := fmt.Sprintf("/Users/%s/.finch/soci/", user) finchPath := fmt.Sprintf("/Users/%s/.finch/", user) From 1d14f802c4124fb3d8d99e8825f90c5e21a4e797 Mon Sep 17 00:00:00 2001 From: Channing Gaddy Date: Thu, 27 Jul 2023 15:32:04 -0700 Subject: [PATCH 04/23] removed soci dependency group Signed-off-by: Channing Gaddy --- cmd/finch/main.go | 3 - config.yaml | 3 - pkg/dependency/soci/soci.go | 88 ----------------- pkg/dependency/soci/soci_binary.go | 150 ----------------------------- 4 files changed, 244 deletions(-) delete mode 100644 pkg/dependency/soci/soci.go delete mode 100644 pkg/dependency/soci/soci_binary.go diff --git a/cmd/finch/main.go b/cmd/finch/main.go index 8176971d8..dfef4cbd9 100644 --- a/cmd/finch/main.go +++ b/cmd/finch/main.go @@ -16,7 +16,6 @@ import ( "github.com/runfinch/finch/pkg/config" "github.com/runfinch/finch/pkg/dependency" "github.com/runfinch/finch/pkg/dependency/credhelper" - "github.com/runfinch/finch/pkg/dependency/soci" "github.com/runfinch/finch/pkg/dependency/vmnet" "github.com/runfinch/finch/pkg/disk" "github.com/runfinch/finch/pkg/flog" @@ -126,8 +125,6 @@ func virtualMachineCommands( vmnet.NewDependencyGroup(ecc, lcc, fs, fp, logger), credhelper.NewDependencyGroup(ecc, fs, fp, logger, fc, system.NewStdLib().Env("USER"), system.NewStdLib().Arch()), - soci.NewDependencyGroup(ecc, fs, fp, logger, fc, system.NewStdLib().Env("USER"), - system.NewStdLib().Arch()), } return newVirtualMachineCommand( lcc, diff --git a/config.yaml b/config.yaml index d40e5eeda..d5b00a556 100644 --- a/config.yaml +++ b/config.yaml @@ -1,6 +1,3 @@ # Every field is optional, even an empty file would work memory: 4GiB cpus: 4 -creds_helpers: - - ecr-login -soci_snapshotter: true diff --git a/pkg/dependency/soci/soci.go b/pkg/dependency/soci/soci.go deleted file mode 100644 index ffb886db9..000000000 --- a/pkg/dependency/soci/soci.go +++ /dev/null @@ -1,88 +0,0 @@ -// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -// Package credhelper for integrating SOCI into Finch -package soci - -import ( - "fmt" - - "github.com/spf13/afero" - - "github.com/runfinch/finch/pkg/command" - "github.com/runfinch/finch/pkg/config" - "github.com/runfinch/finch/pkg/dependency" - "github.com/runfinch/finch/pkg/flog" - "github.com/runfinch/finch/pkg/path" -) - -const ( - description = "Installing SOCI" - errMsg = "Failed to finish installing SOCI" -) - -// NewDependencyGroup returns a dependency group that contains all the dependencies required to make credhelper work. -func NewDependencyGroup( - execCmdCreator command.Creator, - fs afero.Fs, - fp path.Finch, - logger flog.Logger, - fc *config.Finch, - user string, - arch string, -) *dependency.Group { - deps := newDeps(execCmdCreator, fs, fp, logger, fc, user, arch) - return dependency.NewGroup(deps, description, errMsg) -} - -type helperConfig struct { - binaryName string - sociURL string - installFolder string - finchPath string -} - -func newDeps( - execCmdCreator command.Creator, - fs afero.Fs, - fp path.Finch, - logger flog.Logger, - fc *config.Finch, - user string, - arch string, -) []dependency.Dependency { - var deps []dependency.Dependency - empty := dependency.Dependency(nil) - if fc == nil { - deps = append(deps, empty) - return deps - } - if fc.Soci == nil { - deps = append(deps, empty) - return deps - } - if *fc.Soci == false { - deps = append(deps, empty) - return deps - } - configs := map[string]helperConfig{} - installFolder := fmt.Sprintf("/Users/%s/.finch/soci/", user) - finchPath := fmt.Sprintf("/Users/%s/.finch/", user) - - const versionSoci = "0.3.0" - - binaryName := fmt.Sprintf("soci-snapshotter-%s-linux-%s.tar.gz", versionSoci, arch) - sociURL := fmt.Sprintf("https://github.com/awslabs/soci-snapshotter/releases/download/v%s/%s", - versionSoci, binaryName) - hcSoci := helperConfig{ - binaryName: binaryName, sociURL: sociURL, - installFolder: installFolder, - finchPath: finchPath, - } - configs["soci"] = hcSoci - - binaries := newSociBinary(fp, fs, execCmdCreator, logger, user, configs["soci"]) - deps = append(deps, dependency.Dependency(binaries)) - - return deps -} diff --git a/pkg/dependency/soci/soci_binary.go b/pkg/dependency/soci/soci_binary.go deleted file mode 100644 index 9c7d39ee1..000000000 --- a/pkg/dependency/soci/soci_binary.go +++ /dev/null @@ -1,150 +0,0 @@ -// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -package soci - -import ( - "fmt" - "strings" - - "github.com/spf13/afero" - - "github.com/runfinch/finch/pkg/command" - "github.com/runfinch/finch/pkg/dependency" - "github.com/runfinch/finch/pkg/flog" - "github.com/runfinch/finch/pkg/path" -) - -type socibin struct { - fp path.Finch - fs afero.Fs - cmdCreator command.Creator - l flog.Logger - user string - hcfg helperConfig -} - -var _ dependency.Dependency = (*socibin)(nil) - -func newSociBinary(fp path.Finch, fs afero.Fs, cmdCreator command.Creator, l flog.Logger, - user string, hcfg helperConfig, -) *socibin { - return &socibin{ - // TODO: consider replacing fp with only the strings that are used instead of the entire type - fp: fp, - fs: fs, - cmdCreator: cmdCreator, - l: l, - user: user, - hcfg: hcfg, - } -} - -const sociInstallationProvision = `` - -// credHelperConfigName returns the name of the credential helper binary that will be used -// inside the config.json. -func (bin *socibin) credHelperConfigName() string { - return strings.ReplaceAll(bin.hcfg.binaryName, "docker-credential-", "") -} - -// fullInstallPath returns the full installation path of the credential helper binary. -func (bin *socibin) fullInstallPath() string { - return fmt.Sprintf("%s%s", bin.hcfg.installFolder, bin.hcfg.binaryName) -} - -// Installed checks if the credential helper already exists in the specified -// folder and checks if the hash of the installed binary is correct. -func (bin *socibin) Installed() bool { - bin.l.Infof("Checking if SOCI is installed") - dirExists, err := afero.DirExists(bin.fs, bin.hcfg.installFolder) - if err != nil { - bin.l.Errorf("failed to get status of SOCI directory: %v", err) - return false - } - if !dirExists { - return false - } - fileExists, err := afero.Exists(bin.fs, bin.fullInstallPath()) - if err != nil { - bin.l.Errorf("failed to get status of SOCI binary: %v", err) - return false - } - if !fileExists { - return false - } - file, err := bin.fs.Open(bin.fullInstallPath()) - if err != nil { - bin.l.Error(err) - return false - } - defer file.Close() //nolint:errcheck // closing the file - - return true -} - -// Install installs SOCI. -func (bin *socibin) Install() error { - bin.l.Infof("Installing SOCI") - //installation of SOCI occurs in apply() of lima_config_applier.go - - // mkdirCmd := bin.cmdCreator.Create("mkdir", "-p", bin.hcfg.installFolder) - // _, err := mkdirCmd.Output() - // if err != nil { - // return fmt.Errorf("error creating installation directory %s, err: %w", bin.hcfg.installFolder, err) - // } - - // /*wgetInstall, err := bin.cmdCreator.Create("sudo", "yum", "install", "wget", "-y").Output() - // bin.l.Infof("wget install output: %s", wgetInstall) - // if err != nil { - // return fmt.Errorf("failed to install wget: %w", err) - // }*/ - // curlCmd := bin.cmdCreator.Create("curl", "-OL", bin.hcfg.sociURL) - - // sociInstall, err := curlCmd.Output() - // bin.l.Infof("soci install output: %s", sociInstall) - // if err != nil { - // return fmt.Errorf("error installing binary %s, err: %w", bin.hcfg.binaryName, err) - // } - - // tarCmd := bin.cmdCreator.Create("sudo", "tar", "-C", bin.hcfg.installFolder, "-xvf", bin.hcfg.binaryName, "./soci", "./soci-snapshotter-grpc") - // sociArchive, err := tarCmd.Output() - // bin.l.Infof("tar command result:", string(sociArchive)) - // if err != nil { - // return fmt.Errorf("error archiving binary %s, err: %w", bin.hcfg.binaryName, err) - // } - - // /*err = bin.fs.Chmod(bin.fullInstallPath(), 0o755) - // if err != nil { - // return err - // }*/ - // //err = updateConfigFile(bin) - // if err != nil { - // return err - // } - return nil -} - -/* -func (bin *socibin) addProvisioningScript(filePath string){ - f, err := bin.fs.OpenFile(filePath, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0o644) - if err != nil { - return fmt.Errorf("error opening file at path %s, error: %w", filePath, err) - } - defer func() { - if err := f.Close(); err != nil { - overConf.l.Errorf("error closing file at path %s, error: %v", filePath, err) - } - }() - if _, err := f.WriteString(sociInstallationProvision); err != nil { - return fmt.Errorf("error writing to file at path %s", filePath) - } - - return nil - -} -*/ -// RequiresRoot returns whether the installation of the binary needs root permissions. -func (bin *socibin) RequiresRoot() bool { - return false -} From eaf316ce926ea9427c94b4bfa251b52dd0d9cb58 Mon Sep 17 00:00:00 2001 From: Channing Gaddy Date: Thu, 27 Jul 2023 15:33:21 -0700 Subject: [PATCH 05/23] removed finch support binary Signed-off-by: Channing Gaddy --- finch-support-20230726184827.zip | Bin 14785 -> 0 bytes 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 finch-support-20230726184827.zip diff --git a/finch-support-20230726184827.zip b/finch-support-20230726184827.zip deleted file mode 100644 index fc83b59eba29f47b2a690a9bb6e0b34fcd401359..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 14785 zcmb_@b$FXklBQ#h8DwT=W{xRlW{w>*Gh1e6W@dKG%*@P8F*D=kH+Qo$J9j&~e_Tl| zef_oiRdql0NLAHu$xDHO13>;?g7@d9v6=NxQ#uDHTU#4@M>=LkW)?;cW_Bh{R!(LP z2Km2Dg$9BCzh+bacT;UG^&O3E?5*hC^sOvM85$MknOPTE6m}(PB`0eX#c4;`Sau}G z#=-1p;p3FX$EEM>Z1e16JHK|x=k%2KiX`67lt?Y~y#uhD_LOF5+;<5L#ZpWgb^OiSjl__SE))sA%OA&J-OE4*N>P~Luj0uiS%t^8QK zE%vD*{MDD}8`Jdi+EP?tba-RUt@LpVe&9J=JO?xV2No;N6-J(Sq*Y(lX^Z2v|m zVT<%I+crNg%ubvyd$>}px+a8lHCXY5a?u?MKN13juM`5S*g?$K1FVGbM+8jN4< zE{ug(_;zSpCbQv_?3U|zm~y^d-!;E`+uiMCUtU8zk zFLAW!aEwxjNYXMQv}^DAKlxS@xE)*p!sTL8)O-=XQRwXr*-UByYjMaiH zYTYQvlQ!G3Fce!76xTAibbV-$$TfLNBD3Nsf&n*jl(OiNhDO!%a}*%DOVbMqWbVQ& z4OE_+Fp#C=Ji$8Z!3(njgk{?`pT;1_)i{*(PDm;d7>Y#W1$Mb|jv7p3M71jL485wC z?5DxnIQ1*x(`b;XH5vrO`ulK#hZ>p5#3VOC zGv9MYTum)@v14`XNGs&oQdOmt*H}7?n2ByPaQPG5zQ4q917_`w`{$_ikObQdyKy}d zd;wS(-_^cmDr)Y0gl#OBd?U3bce8LWB^j%XFsB!$Vt&b}KzPEV@0IwumZ^*4UV$ec z0^s&#$!V8ZLTe>eKB|RBBf@Wo6Ya5((r-TgCLWbKC3@(ZX}ugh+p|sY95^X#V^{x1 zGg#Mzw&!wLJ>59Dv2z~WGOWuh+w=*tao_e`=9peYD6X8|$MWlpj z-$SeE#PqTRtJ#@(e5anQrm&+&hoM!|Y~(=OD;rA%?XR<^8^2ViXEQQ$R8{f5{z=^h zGM+rl#>y{TM;Q{y$GnJAd|q*NoBQ%d+k#O19T3mqC^{ud-9_*yxuAlUeK06G@D)+RY1kU=scLk8ly*@`E(tqdzQzWj3f8s_Fg|b;=Uhrt+q75??rWs4l;j=|=QSqtOTk+MgVVb0|2Sw6A%Z}Ztr+X_{NN_P| zMSbtPjlXxm3wQA6!uB`tS~7NGp(5+*hsflfRgpJ zNpmb0tEHb_w#0q&xFtok&N9&4h8Z_GbfgA86^V?76%X})^ zN`TCSY?I6qIVrdko~@+N3?DWS?l4l62|xW>9T|!^yL#}3UGhrT@~t#SvD@PKEnoeo zzO8Ldwh$FE(3JX0kqapQ^j&S@;sbBUS%`!!D~9VbDU0vEj4USyZu~fDW#t#M=5xSETQdPy&@b zpd}VTaB0IMypYOD(H!{o>$s6dFL+PReJbn#0ZHF5&W{}?0T#;-%TV0vQ$_pZQ3$uR z9?7ZcY)xX~em%6gpdJc{;G(!Pul+fgiVSMiUJ(0ynvz1FkDi?`yaXH)H+~!^akHFm zAYvBp#QdCnc)Y67-ru6^gFwGiY-MG5!S$d=T2NT-iojee3>THG>t=k{i@nN(bBVtB z^HWNlJ^z^R*)^<0t}*y+Y^Pf2Q!RH(`$(YP$t2zH^GBq>^3~q-JIZUgOFK>$)JQte z8?{HbOv#zgN0;y72a9j=3mMY2rGCbvl>!8$qxNC^L2+}Pp> z0T(?f*GSgR>X*|}sBq){s9%P&uX;Y|+|}u&Aqs%yr}FZ4?_@o?pzjC})zPSePmZ_$ zl3YuhJQcTQZkm76Q44GAn+Tbz?%KxxW&jkv?fMVbLL1Q(@&gJ4q?7Rfmuq3;+hu)IaUN_LXS=jQ;n&l7o@GnZD&;t7-StO5SZwI&@gl zyoWt8no120OMxgL-SQ%LXZvCZnJEYk6~f{~o|YR(=P&o9T8o#g{k~@+(bzMHlw5JL zPlO74ZewF5@k-8h@jZKJ`FQaFLWUrJ!ta}}5R)(b&0aH*!u;6r{{gnsSLH#!{ z=F0>K4!f$Aj6bK}*8?9mB(Ev&53_!^aVyMV$379cfRG!vADYla;w+;qS0x0DOF?av z6Y->nSPpWr`s?Ivp)60hzhhr-<-$oxZ$0r|RtOPu3EnV`B6G3XgcE`CLmO3dbL3AlyTdW~0A?Q9m()_MSa+d)Ce|;Bc9^WpX zp*^IcD1q?3GdRBdTREj60pY1;5`sfn>Z}+~b7`Rgg{$j)nSro`3Uc5{cMRVP0?&j< za*YQq*Pb`vEZGC_VP75Mt$Zz~V{wC#{{j))RknXJc6NbMCiBf*{PXyCHt^#BztmfF z|3vAr>-m=8kB&07FAUEEwfh(y<}>B!`Q}Vz=ym2y<>=++zedp`{yfXjwHvm}0+s0s z%oWPe3(XbE(HqQ54F?m)o8z$5nD-=&wMQaoQtilCs{XoJ5SOaV94~3CI3i7*DnZ6l zYDk_qE;9N?U~~K#4dj2fmn)zLwooX75%RlG`CE={fBG`gMPGI6D*mEULT9A#FRr|_ z^cBVO{vr@q*|h@sVVus?1XT?LzO+1fk7}gBfDA&MaYwO?RCk-uuTSz^WuK{ClQ_KZ ziWS#5QdOj4IFOh28;5hf72ndhGHvb5l{s)+ku3VpcoODtj@jc2_O9d;{H6+^9o>p) zevY+R|E?y#RbU_x#+Rf0UOhD)$rWfJFq*w1eM!Y9-3p$Y^_$W-TJgft=^ht=IteM5 z(Z*>1J|3Na+k}aco%Ch;!#q`O0H{>89m8|1p>rVj6JfwP=?!i~ZnbeLktC~5T3YM{ zeY{N|@K?;6^vGq`vr-E2$kdDATZLbCje~$+He-Gq!H3|R?MU<+A+TV-_|L24h}^s2 z+k9O1ga1?F1H`F7h@P2V&Gp|ppML@G z^ww`FYDEZ)pD%cibl$%i8xj9_o4Q1p1ERGgO1ss0TJ^S0BzPoLfc zKg_nSWt}nU>BG;aLP@5!_A_AQW5~kYFK6l)4ifb3Mw^FmltNt@00Hjez@)Y>Xc>FZ zapzLhtO)+ccsVBZuift-W-Gl^N9DLT0sPyv5t+eG7f=^n3gN`Pl%mQ5Wu>P{<)_Ok zjzKbbsE3(-D}#31XJbEX5!8=&@RI`33x1+a8jlCkq$LVCF5Dt`wzT+nR~G&XTWBDC zb$H6gJdCH3Hp!ncY*mNoEg5%gSJTLr~4v_Z~;uIO~<85^9vl z__gZj1PmEhIx`avy)t@fRGshfE2jKu?_SER)hfICsG2vn*e!OZ{(brIPqEp)IARqG zG9mhXAvfEF>ayFGskbqQx$>o#&$7SfwFS_+S}8z`Z+9HKEJK(np-8ipIXy(c>209Y z95@Ahuhu-9Iln#e*1~{$5hB@!f+TmzK-u>tXWIRGM@~W-~k z*7xM$$q0_sjOt1FDgQwjJjP&!@SP3OmUO|bTrS=3U#Y9EnY7A^TbAhP2X>w8Fh8>Y)IfJjF?s?N(QMX(nY)wpsm)^o1nJl zkYnNI)7t7z_u7nS2K468nNt(~H5?cy3OIC6qYw<~#k7x7{M_O+=v}o@H*W%hW6Hh+ zQg0<7xlxcMFotEIqLZ(T#UgMpA(~C^`YVJ_(WLp*E_%gHkpdHBPtq|R-K0?*e$20o zmYO01vgi!;$MwQSsFj@p8s5-AR&2^8n@!x!p^I&u`8z`EKJami1BEj#yNRrEhTidU z7kd@%FS`{Y(I+*Z5i%OwL-v^7>~N!F*(Y7b+lDl6FMeI7xI{M`ZrpbM?BuOx)1zqG z=e%JN%&Mi8gOR?=g11MR{#pvpLSBn{=vUR--<1HBRI~J? zh+1EtA~alKcZQv#;}z!FqcSbN?Riqz2hfj&-GU0NuDmFTh$18zv)WU+kU{e1;eTO> z#>K*m4z}`FoThipLLWjwdP!%t3Ezd|eC2z5j`eBHNtc6U%n>ByMBF`!6^*+=evB#! zw4)fY!VI)HY#oOX^$oCAe;JXm7pGI{0dEea1FaHr)Ct6;!Css|pRJi4b>!9QZa$Sa z8542mOxbLB4pW}_$vVa*b)Na%>Zq-Xw=mbO5zRiCs(;0mIdJEQW%>uIgTPvlRW%UC zK8ulJui~|&QQS0!34dnX8$ik`;g_rfqy1Sa`jiUUlg5pR>rB{2b?1CPt`na%bH_F(tGz zlp@ko-sQphxdB_&T~`GCWF!5FWn4stw>un|z-X6~oY6LKR9$#m+x3+YlL`b**sO}q z)Nz@Gzmv=oV=FonnoNVTj0)A2x}xisjRFj_PGE#T>cV*k%7k4BQbXE z9jJ=_vS?Dr_DdhG6XPPZP^^ZHHA6|;5m8t+v8yQ}F3PCcF!P|&)0i({t1zz1(K)d= zpvVjv;*e@DhJ2pO05(XprED2RE6sY$Q-k%@po~dTW@36rx{3ma@xrGxr6@{Ty~~jH zd^lEqQ}^MgzFJ#xE?XYT+&W1$#9 z8E{ji{wO>T-RCpA!Tz7Hbdep>_$!e%`gUGsU-)xBvEXF&k9= zDGcU~s&ixxWj%1GlT$V88%nTI^*NG3+wl!g|6vxkkmOv>-B(Lqcd)eY%pk9%V%@AL zH{LuDn&CS@88fq~B(?1lRu0$*QCaiDN>Tz^+Lb_@h5iX$g=kPtEg*;i8Qu%3C?k|` zGiZo&I6vaXnR6<0z3S!JV78He&%k?Bao^Gw3YY>;Yp6i(CGHU`5#Wu?$AyZ*t;i*m zEy`%iq6J^%atn*5(Ym~Ytj8tMd9!gRWS0Lv<~PR}TG-=OuwJYH`3nj*jlVz<7kz|@ zAUEUSBG?Q)gIlqffH+ah=SRofv?1)7aU=HB2YZts?Q2N2 z=ZA+TFKNd4lK#xPGdRnR#b8}mPttd5Lg~#x7u5m(ZgXT$EJS<>Qw)`br&zm-u{I5F z3e=SGq4EKNqI|53O0!W*RHuNETBn8%6B^u9Qq`bQkv7(Eo@feIP=|BZ9if&L)aOWQ zWz1-jG!@ovJ-McmELl8Q1s@zqen{fF;SRf$GzRSt<00@0oV++0;1+~k*@eHmZzY%rR{YZQi%iA z0*9i4TZren%PJALvBQu4}B>wxZDHyUJve_9rTDep##gm0@bD%*v zlwC%*#>+Nru*W9Vgz$te;3W1`-1T+K0iBDX1HZ%=k*GO>hFi0C9SeRraeW`P>Lc1Zstma9)u$xif7_t z(r_yzyn3A zZYLyzy6uI}#BFZtM;^7!w<4{rv4Adec|(v~*KQd=<{K7e(ltd6WtmFad$~I}i#K0D zPgoYY!h)7&7um~Zc|cK z>qaBS$V+S$O0$i@?4a#_t-(NHt6IWh4Y*xKS_@4j`XQ>>Ajy-Wynu7QP!=3Ykt#Q2 zf(D6&=tz5NxZIR5qMu)-vE<%aEfA$&W#{94UT}PX`?Ue0RUu<6daYE*uh*PDbvv$h zn<6Z-`H|C(%V(BZ7jK1(<^(h&$U1eh!jq7pBwM~miemJ{oNf3I#dVJ)+EZfR>eTnc zD2jEwjqJh?4xudjw2ycU>Utufv9@FcPN($mGJc5%sonNYag^$5Jl+P3m`YApQT-;S z;7`|M53cU2-Nsl-7R~xXgk~p8YWXf9gK3;Af%D?qUP!X*?FKrijXV-ng=4&2b2Tz+ zdc7#~IO4KW3R7wjmfLp51dGaG1-{gvTV`+~C9W|@+(ge=Q!^WpEjd=>aV?>KVR>3y zh~&fwUkarmnOfc$AMamZV9q}*Srf=K6I*uDKOGQjQ$$`y4(h-#wR{`uj=v%%X|8d{ zg-7|7o|rN!BLZr>|BaBM6ew})_T#QzSA|0fut|vM`?afBG;4UrFr`s{EuhAc5@2&Y-%=q5kibYp7#Gxl3BT#MJ zcF@3!GFAOK+ss6IFC6X`8fV`N}zU_98?G z{osBwY?)`R_#%zvg|Lnkr=2reds=^syw4OZ%kSmOScGWX^%>$ey!@%#NQjHSf>7(&nI`{VaDl4a`|^T3cba&px31<`qowTbjO>~mI;7#yiX5$rz9G-7dCsBQV1e;Iz z0%9Ud3mev^-Xtqh(+F;J9-`AoN$(Q6snSt3qe9ennsU?Z<-|jfEn~oesP5){+`gj6 zH|yOhB@rEGDkh$Q@3-K|xB*pp%v16Z@sbX2f@4-5b)`&Km^T=xaw1n1o_DEy>*Ap}T@BwMB{^Ttw82;~6 z0;>~c?pkaNzVMpLuyP)sweJ|^B8DUHEBi1+5mo_~!?npD1<@jByr~g3`Y!rNlb#IS$AZiYa=NuQI0Zu3l>01XS1N+_TPm=#Y9@&f4}{8;s4_2!p0y zO{{6-K;3XqE|%P2pq*lyc&qzLFwvsGi#U|##fos3PMrB`cARww)~VLV?su782)FQk zK0LX7eWB}%QB&$Q@D|RnP^W5-X5$#zUX_u zH-PLr&OtExfh?GT&J&hh7QvZ#@PGeX2D1v^H1(D9w!E|Xm+dUE|?r}e^3ryT18N*rM}TFt*2F8Qv)s#9GY#&$eg%I8rNIp zbt8%68!3c|sE}%8P3s)hpQM7bB(xI8X7EcEk%qd6_N5?CnUR!27}13|@(B^n#kJ;) zRe%UN<)=A>&^9=$OyDz0@WHt927OrQf&h2=pw8Ujtr4wpKD-euI0oU%?OWtW7tAp zVt$5VbB?9Hl-wRJ<=Q%phnMC`YaYIkIsEMj{!Fw#pshN%zWP6%n>6qQg#6;MJ=dul;MjR_is)q%ZJcP?OK9 z0zP0w;njO3+t(UQM#&rX+=gY*fH)$?emo2_B}bSlaf!&H7JG2@sk1hE17 zxV4-1;p;ox>Ji5CbBWJwe^J}yoWJJ}Aj|;lP3Px1rXO-65AgELhIEF_SX=e@0C;(+ z#l?@{tNc(oP+UH_`i_{3M`CKu`u#5A-%&-mto!BiQXocsX(74OqBDf3YDw0|qu}s% z;#FTM!!&bDWdMP=@D_4;M-Y-q46Rie+G1h~FdeM7Si(&S237>5ohqH>KuQ`8I8WZC z>g{@$!o8r}6Z6Ud71bBR0og2Duhi(7i)a<)B`ITXFwt`VBXl4bI03}WDIxme76_4; zU<7tZsLBmwh&`ac!vCnO6$otKp zJbEIzrGZ%Ib9EvEInlz!d<2@QbP=&?RW~+d;uomlrsr1Kim*u6u;zB#HWTe)+Hr}v zDi}q#EeGyQVQ=mru|W@?XoMw^B-)!Z=-&%kv~l96RD5`?j3MzD7dDMpNCEZqg2O%< zXM?^NeHa1=8cEMrT^t8Z-tlT`9>9lcw(sg_I3BGj=q~uqY;*aF`Wu8&nDDP)DR7og zJbTV|aygqrij`yqvPWuph~#_kZe9vxJbp5UNRzyuu{VbjmMf5Uy-zz#O%jg!pw{Zn zGE1~II2>lD8*t?_m6{tjgQ6$iKWk^L7pZ7vY~+=N#dkn2tgBv=^G|1xAoq^n9uxuv zKQ%qezfh`EmP5vf`92M54|CqP-|T;sQr;&uC7<4fg(f3$YZwTNleES*arA`tkw)!z z(EW-&Fg&lPVbu+u4m9Dj&o*FImzLYgWkgdNl5$;_A6;@jwH#13LaVnEGyd2&nQV0R zs(cVW4f4hlRf`~dd%s-|%FX8QzI4l&0cc-;N?smEsuZTBC})ZWFKsIJ6|^&em4Mwu z;<#xQIh*R6t7Ep2N?N9TpWDrlP%m}IaHDCg|54~o?X@1e>VA;X9eUfHSd3`VSbngi z51)Fq$fd>sVrwR8KDI{OuN*zO{bXFv$>)#G1hL@?(@7Jp617Q7eW9)95r$ShbSJi)$Up1x{*TY0_54!2)J)#I78#gRfv=MMk`};J%20}Wp+{Nbz zyu4UXq@I=ZZP$Pig4~Amxm3N%Mi?jaq+@7q8k-&FsDYpZYVL$}>nj&zS$PndpjGqg zmm;S}Z&d>EQq>+kpw+k3pw561W$}~&L|Sg@JWrN3AlcTeo`=aib4?Y)jy0#3$Ldz+ zwoNFUXr5E```Odr2V;SLY`(|u3*)!7;^W^7_vbm@@1x|*$cs^+Z|t4}?waI1!FFxq z^Dd9OV<9`zZ*UvlXdB`>wn`+6wILu-OAg-_kfaE{v}#^fT*{5R=qoo)kR)F_;o?5- zCs9pI`;DciXu!E8$p6lD-Qb4kdUCibtq;uz(!H&2(m+SvdF}fN{pf1ew;)g?N=P}r zd9kqM?yd9maQzXzmSD_A^GVwS=CK2;FU8@P!mg=4E5w}U&YASD;Tj6^NAB&{?o}Em z0EZj1d{+Du!ZB)8zSDNd!?_&`(`Ui@>1XmF($Zur;7RBby!~NFB<;m7kRfZS*?_Gu zR!(Mgp_6c8pBMzh8n7RYTEs1MN5|_IP!2_Uf4+>3+y^tw1~6y+v=$yVO_M@sTgq|q zR;QCu_s1C|76Ao`uN%}8Yz+KWOPit%luT7Bjw!SUkr$8ehg4A*W`dC#i1WLVS5v$B zE-jI32BWwJ0RO3sP}D4{^xgp57GA_cn zAxX>$sQ7xFQZANm|uZkkYoL=4$Wy0K!m+n9=`-)IKq4N^eCFkBWpFl#oU+ zEktHdAmwrsdY%SZ0V>SwHx~1d2X37jZ0#sE+oB&qImxCG;!4UQGY8OH+8KKI-av0B zx5dx#hSC1^tr!V&RdLFg-_l>TzLmMD(Ar2|b9`|~`pWA$Xv2h{WN`vyy#_?~Qr*7DOVG3ll-8mAqIa6g+ zg%O*~pXn_YO%&c+gz8j!nYZRw<`v5^NIxN)iL5D`@6ltbJa6u7u zV$D0al%1A8wpDVkY23i`iX5LjSR%j8l@${YP8SjJyT4jr594#_=>p{m2ne`JMdDd@ zp+QvAow)R&pS`HPUnm{B;t8wkf^P4!f2~C6Dfd(>jGp;?^9~uIoacvuX|S|OonhiCFy4aQ3>u7 zdnRhD-pc}Ni3cLrLkT{bkNEfGnN5#feuOLM>rI_MCB+?sUuf=J{CN2|dDu<3OJ*`d zX0~D5f3nWV@uZY^@JT4u8 zR&?4to;nZ|QWijIL7Adx8W(hvouVK#L1BCG&Ag+AZ~%1Y<^4X1G?GWSY{or{#tMD= zmf58?NF~Z#OR>v9pK2$rY&L0SkACh5xwpL`+?B)w{%{;rDM#vtf}AMc5+Oq(l*%*R zjOzZRt`e4Nz89Dt0Ih#F4_UdY$}Ur-f~}Jm%Z6F6Nzb$qDly$p1Ap5A#b$x%yCuJ? z8H;Rb(H`UhI)sjiTvc$|Ag7hzYeO{0Ec#Pxt$nGn!8YIYlH3rAK_rOMpAT-5W<*-p zl!u6|*ZX&1R~mn%Ie{urM1HM)X0>W|YeQSuydOozCX$MH8j@Hiua-U9>Tq;9Pa`ih zZipcM9o}9CP%`^ldz%JOD?e0x=`XGHiEAvxq=fn|tww$B>&%swSkoN4=s;pn48%LV z$4j&-kS(vB4)d)k8Vep&=Ay!_|rJPCTtmzdx41F0vgpKI?P zSnZXdJahQ6%Z0qO_g0g1U)=2`)}4+ks4@TtFWOV#oXf2$v&m1LYv}2VAgL-fF^gaL z)t~W0x1DS+cBwXXq1GNcP(H6D%p?FOYSUA$Fbxt-dBKHk(T5F2P?9VGS&9y#nqVoV zNga{6wBa5j^&YE)$yA}nzOoWW32dsNQG~Vq=F5(mB?%$q;;+=0eL4IuJ(A7q42>E? zL2|Y1Y*nx`e=^bNrhrkAbT@&8cJI|~D?QoQ^a{&YF{9m!jX7>DhOmgd`mi<7#r;9u zHeC15?F|eKHz@WB#i!}Gh&vtWOusRwv^Woa z>vvOJtKs}TslC9%tfr-l+p?CyMvN(i{R`E7znJ=gtj{how>aA>H zo#W97;q|#9X^d4GGxH|dbGO%eCBTx!%z<@z7i#g5?tEU7Q^ROVHu-dZbVQvy?&Y!C z#@or(HJt!uuWP9yMQcVYr?Y#6h=2fDsk#T-fQ2|Pki|6J`6P4L&^MzN!Xh_4k2Tz9 zQk_3mPnT;ijqXSnN93a%X*7z%Cna4BO9d#^W_iDRylk-xoNt@t9)dimA2{}8Y~#Z- zSqx}Hw8Ak9!-uk4Z_Pc~IytakiyNtRjaJWFbClhE2-0jEMa7VD+pfm*;=+9=xol?{ z#Hc4XZIj6c5qGT)v9J=?6*v~E1AMH?RZP5o#w09^``3LhCw(S~bTyiJ$`!=p4-uj# z38fC#AnTi@gs;SOf*?YDofT)K&SDBL&7K@p3_}_~w;XWT;#$_cmZ`ewX^f&4IOip8 z$)Jm!PLc0)CZeqgk}Nb$Q@JNxz$ZoVZbH7NQesDn8SO81o;!X$HGkk+bmsA9wH9{8 zS;qC!yJ39OiwUXyc9=qG*+4>fPY~3{aNL=3hS;}*K7*sAvDDf7EknwesG&2XpxFPo zh{wy?;#l<0|LW<}-Q0C>eBIn<2OWLys5B+3nK(kHXfNc|AdRG}hh3OZ>1(>Dr zlO%0MAVA75HcZKFizKmd3wFuB^r!I$i!>UIRaK^N-6!Y-l8xGzYUp zz4IqmYSyDw-iG9K;f$I-EP{(TPFA=P%eI|87mL|ATg%+}P&m>rt*Ksq#4}`cB8o5@qjFdcs7NO{;7n&R;99$mrvgr#cenxV_}QYZU*MOYXEswnAKV zSC+iQrhseH7*al+CcV?zI*01FDpv+$Sfd`NPPQNc4&L2@TEKecVd`4JPu)xQa5T-; zMb~`!iU0g0cv=+VDQ4c86SFrFl@^UQj7g#1?U^r<60TiNZT2JGguSI3lw(*tx)6C4 zJcq`zZeTBQ&GAEK^Upbl&sGIOcbwzHH$wuB)dQTtgn3QL0G;Di^7G!b1-@FX#u3c5 zWR_BscfYTq@Db;yv*e{Iy(N&HZQjevW*4!IKyKRC7ucb@w zE{SgP$k;p47KiF+CpOzBYwg@QfqlAo5kn!CocOqt#$wf+JU@;t3@z7(JWNu~n_4%C zF`K4P(p?yW_Ut^Fa0%G+-fUkse$VZt`#|h8?N{N;JXl@eEPu)==)ns!U#YI4op~E( zR>!{_JghwFQNum!oh~t4wFXTOYNbIjXwSsYElCs5K3x91MkDU>YXxw_EXK9GL16Dm zvi^eia?H4RWzZf~E4H>MGYf1+>B=~{xYMgj)8q3D+T*w$n9inX|5nYQcctoVQB-*h zMAqyIx%gSfG3NpTqtZYpy_N^#135Bb3%`TApt29^ZA}I+``y9^AI--Lcix*A$F^Si zdy|c!FZ9{nW62e%~NK-%$;N$u123@wwrf0!unMiEVVGA-g3OJwm$?mUQKbpF>Sq|A~ zDC7<;ee0R*CrSo3PD07)+m>BZvRhR8VH`btAv`_?W1mpCMPn%^?Q}R{L5eu|SR`W7$V=$T9`ikIRpCmu*gRxS*+x`zARc7iP*HeK>1wM`VjiT^tH zUBJyPCBoe&z0P>2vRQsUpA+xl2r!w7Dg~~P5WyoST)vTS0s*n7rc_PS=1)lmOE%M{ zVs@7u%i}#4{kk(2_0iMwL?!i%=9Hsz{7{TG$@r}S@V(qG?SYKNZ$15mxUr$QO5=oO zTD9x9&>Fak1ie>${y^n1fL5DE3r(Lwk23f>)7J!})!I1=1lLN)q$2({9=w>LBzcjK zcD^OMZe^L1Xl6AaePn0#2xmd{22Wcje6jH98oAS}mr7UXM&)TYXj!dDpGI3zO?2C4 zHloM$crQ$$XOUu_CZr9|ijTzrOg-7{)}j1mX5$v{c}k?2&~u$~L=F#eQIFDU>6X_l zde!f2VnwLNSKwhty5x`qT5kAqi7vojz^pE3^MNTB#k@zhihmt9+ne*%_2s$m`e5bm zoI=n+PBvOBDYua{h0tw*DSD|BbHvx6m29o2jao5e{;D zqxgwo`j}1*U!xhs11*pMo2u0Robdj^)2T}SZDgCV3-I~q9AC5gz&RGt$9x=iCt5mb zat8HU5DWui`QyHFtu6BgFWN%!dPjX1eVjH-?O5;`;_vE*4?|BF{8^02pC&K$1rz}C zUl-5)`N%)Xza>`x9qRAJbpKr2_E$08KZNJc<-djcPo;JLiu=#R_P_S{A2Rso^55eA z-*s~T3jWU|^ZyJ^^!0xZ{(qSA{|f%k8JE9!>i>|N{}K2 Date: Fri, 28 Jul 2023 14:31:26 -0700 Subject: [PATCH 06/23] making soci version configurable and incorporating some comments Signed-off-by: Channing Gaddy --- pkg/config/lima_config_applier.go | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/pkg/config/lima_config_applier.go b/pkg/config/lima_config_applier.go index 9b9e5db75..d65b3c0a3 100644 --- a/pkg/config/lima_config_applier.go +++ b/pkg/config/lima_config_applier.go @@ -18,6 +18,7 @@ import ( const userModeEmulationProvisioningScriptHeader = "# cross-arch tools" const sociInstallationProvisioningScriptHeader = "# soci installation and configuring" +const sociVersion = "0.1.0" // LimaConfigApplierSystemDeps contains the system dependencies for LimaConfigApplier. // @@ -96,7 +97,7 @@ func (lca *limaConfigApplier) Apply(isInit bool) error { sociEnabled = *lca.cfg.Soci } - toggleSoci(&limaCfg, sociEnabled) + toggleSoci(&limaCfg, sociEnabled, sociVersion, system.NewStdLib().Arch()) if isInit { cfgAfterInit, err := lca.applyInit(&limaCfg) @@ -199,27 +200,30 @@ func hasUserModeEmulationInstallationScript(limaCfg *limayaml.LimaYAML) (int, bo return scriptIdx, hasCrossArchToolInstallationScript } -func toggleSoci(limaCfg *limayaml.LimaYAML, enabled bool) { +func toggleSoci(limaCfg *limayaml.LimaYAML, enabled bool, sociVersion string, arch string) { idx, hasScript := hasSociInstallationScript(limaCfg) + fname := fmt.Sprintf("soci-snapshotter-%s-linux-%s.tar.gz", sociVersion, arch) + sociDownloadUrl := fmt.Sprintf("https://github.com/awslabs/soci-snapshotter/releases/download/v%s/%s", sociVersion, fname) if !hasScript && enabled { limaCfg.Provision = append(limaCfg.Provision, limayaml.Provision{ Mode: "system", Script: fmt.Sprintf(`%s if [ ! -f /usr/local/bin/soci ]; then #download soci - curl -OL "https://github.com/awslabs/soci-snapshotter/releases/download/v0.1.0/soci-snapshotter-0.1.0-linux-arm64.tar.gz" + export config=etc/containerd/config.toml + curl -OL "%s" >> $config #move to usr/local/bin - tar -C /usr/local/bin -xvf soci-snapshotter-0.1.0-linux-arm64.tar.gz ./soci ./soci-snapshotter-grpc + tar -C /usr/local/bin -xvf %s ./soci ./soci-snapshotter-grpc #changing containerd config export config=etc/containerd/config.toml - //copy config to soci-config + #copy config to soci-config echo " [proxy_plugins.soci] type = \"snapshot\" address = \"/run/soci-snapshotter-grpc/soci-snapshotter-grpc.sock\" " >> $config -sudo systemctl restart containerd.service -sudo soci-snapshotter-grpc &> ~/soci-snapshotter-logs & + sudo systemctl restart containerd.service + sudo soci-snapshotter-grpc &> ~/soci-snapshotter-logs & fi -`, sociInstallationProvisioningScriptHeader), +`, sociInstallationProvisioningScriptHeader, sociDownloadUrl, fname), }) } else if hasScript && !enabled { if len(limaCfg.Provision) > 0 { @@ -236,6 +240,7 @@ func hasSociInstallationScript(limaCfg *limayaml.LimaYAML) (int, bool) { if !hasSociInstallationScript && strings.HasPrefix(trimmed, sociInstallationProvisioningScriptHeader) { hasSociInstallationScript = true scriptIdx = idx + break } } From 7fb0f869962ec8c799da591903de1db34a627e17 Mon Sep 17 00:00:00 2001 From: Channing Gaddy Date: Mon, 31 Jul 2023 15:39:05 -0700 Subject: [PATCH 07/23] updating soci version + adding tests Signed-off-by: Channing Gaddy --- go.mod | 2 + pkg/config/lima_config_applier.go | 33 ++++--- pkg/config/lima_config_applier_test.go | 130 ++++++++++++++++++++++++- 3 files changed, 147 insertions(+), 18 deletions(-) diff --git a/go.mod b/go.mod index d123877a3..b5f50c889 100644 --- a/go.mod +++ b/go.mod @@ -85,3 +85,5 @@ require ( gopkg.in/warnings.v0 v0.1.2 // indirect k8s.io/klog/v2 v2.90.1 // indirect ) + +replace github.com/runfinch/common-tests => ../common-tests diff --git a/pkg/config/lima_config_applier.go b/pkg/config/lima_config_applier.go index d65b3c0a3..b355ed839 100644 --- a/pkg/config/lima_config_applier.go +++ b/pkg/config/lima_config_applier.go @@ -18,7 +18,7 @@ import ( const userModeEmulationProvisioningScriptHeader = "# cross-arch tools" const sociInstallationProvisioningScriptHeader = "# soci installation and configuring" -const sociVersion = "0.1.0" +const sociVersion = "0.3.0" // LimaConfigApplierSystemDeps contains the system dependencies for LimaConfigApplier. // @@ -97,8 +97,6 @@ func (lca *limaConfigApplier) Apply(isInit bool) error { sociEnabled = *lca.cfg.Soci } - toggleSoci(&limaCfg, sociEnabled, sociVersion, system.NewStdLib().Arch()) - if isInit { cfgAfterInit, err := lca.applyInit(&limaCfg) if err != nil { @@ -107,6 +105,8 @@ func (lca *limaConfigApplier) Apply(isInit bool) error { limaCfg = *cfgAfterInit } + toggleSoci(&limaCfg, sociEnabled, sociVersion, system.NewStdLib().Arch()) + limaCfgBytes, err := yaml.Marshal(limaCfg) if err != nil { return fmt.Errorf("failed to marshal the lima config file: %w", err) @@ -205,27 +205,28 @@ func toggleSoci(limaCfg *limayaml.LimaYAML, enabled bool, sociVersion string, ar fname := fmt.Sprintf("soci-snapshotter-%s-linux-%s.tar.gz", sociVersion, arch) sociDownloadUrl := fmt.Sprintf("https://github.com/awslabs/soci-snapshotter/releases/download/v%s/%s", sociVersion, fname) if !hasScript && enabled { + limaCfg.Env = map[string]string{"CONTAINERD_SNAPSHOTTER": "soci"} limaCfg.Provision = append(limaCfg.Provision, limayaml.Provision{ Mode: "system", Script: fmt.Sprintf(`%s if [ ! -f /usr/local/bin/soci ]; then - #download soci - export config=etc/containerd/config.toml - curl -OL "%s" >> $config - #move to usr/local/bin - tar -C /usr/local/bin -xvf %s ./soci ./soci-snapshotter-grpc - #changing containerd config - export config=etc/containerd/config.toml - #copy config to soci-config - echo " [proxy_plugins.soci] - type = \"snapshot\" - address = \"/run/soci-snapshotter-grpc/soci-snapshotter-grpc.sock\" " >> $config - sudo systemctl restart containerd.service - sudo soci-snapshotter-grpc &> ~/soci-snapshotter-logs & + #download soci + curl -OL "%s" + #move to usr/local/bin + tar -C /usr/local/bin -xvf %s soci soci-snapshotter-grpc + #changing containerd config + export config=etc/containerd/config.toml + echo " [proxy_plugins.soci] + type = \"snapshot\" + address = \"/run/soci-snapshotter-grpc/soci-snapshotter-grpc.sock\" " >> $config + + sudo systemctl restart containerd.service + sudo soci-snapshotter-grpc &> ~/soci-snapshotter-logs & fi `, sociInstallationProvisioningScriptHeader, sociDownloadUrl, fname), }) } else if hasScript && !enabled { + limaCfg.Env = map[string]string{"CONTAINERD_SNAPSHOTTER": ""} if len(limaCfg.Provision) > 0 { limaCfg.Provision = append(limaCfg.Provision[:idx], limaCfg.Provision[idx+1:]...) } diff --git a/pkg/config/lima_config_applier_test.go b/pkg/config/lima_config_applier_test.go index cfd891242..1bd26e447 100644 --- a/pkg/config/lima_config_applier_test.go +++ b/pkg/config/lima_config_applier_test.go @@ -15,6 +15,7 @@ import ( "gopkg.in/yaml.v3" "github.com/runfinch/finch/pkg/mocks" + "github.com/runfinch/finch/pkg/system" ) func TestDiskLimaConfigApplier_Apply(t *testing.T) { @@ -85,8 +86,133 @@ fi `, limaCfg.Provision[0].Script) }, want: nil, - }, - { + }, { + name: "adds soci script when soci is set to true in config", + config: &Finch{ + Memory: pointer.String("2GiB"), + CPUs: pointer.Int(4), + VMType: pointer.String("qemu"), + Rosetta: pointer.Bool(false), + Soci: pointer.Bool(true), + }, + path: "/lima.yaml", + isInit: true, + mockSvc: func( + fs afero.Fs, + l *mocks.Logger, + cmd *mocks.Command, + creator *mocks.CommandCreator, + deps *mocks.LimaConfigApplierSystemDeps, + ) { + err := afero.WriteFile(fs, "/lima.yaml", []byte("memory: 4GiB\ncpus: 8"), 0o600) + require.NoError(t, err) + cmd.EXPECT().Output().Return([]byte("13.0.0"), nil) + creator.EXPECT().Create("sw_vers", "-productVersion").Return(cmd) + }, + postRunCheck: func(t *testing.T, fs afero.Fs) { + buf, err := afero.ReadFile(fs, "/lima.yaml") + require.NoError(t, err) + + const sociVersion = "0.3.0" + fname := fmt.Sprintf("soci-snapshotter-%s-linux-%s.tar.gz", sociVersion, system.NewStdLib().Arch()) + sociDownloadUrl := fmt.Sprintf("https://github.com/awslabs/soci-snapshotter/releases/download/v%s/%s", sociVersion, fname) + + var limaCfg limayaml.LimaYAML + err = yaml.Unmarshal(buf, &limaCfg) + require.NoError(t, err) + require.Equal(t, 4, *limaCfg.CPUs) + require.Equal(t, "2GiB", *limaCfg.Memory) + require.Equal(t, "reverse-sshfs", *limaCfg.MountType) + require.Equal(t, "system", limaCfg.Provision[1].Mode) + require.Equal(t, "soci", limaCfg.Env["CONTAINERD_SNAPSHOTTER"]) + require.Equal(t, fmt.Sprintf(`%s +if [ ! -f /usr/local/bin/soci ]; then + #download soci + curl -OL "%s" + #move to usr/local/bin + tar -C /usr/local/bin -xvf %s soci soci-snapshotter-grpc + #changing containerd config + export config=etc/containerd/config.toml + echo " [proxy_plugins.soci] + type = \"snapshot\" + address = \"/run/soci-snapshotter-grpc/soci-snapshotter-grpc.sock\" " >> $config + + sudo systemctl restart containerd.service + sudo soci-snapshotter-grpc &> ~/soci-snapshotter-logs & +fi +`, sociInstallationProvisioningScriptHeader, sociDownloadUrl, fname), limaCfg.Provision[1].Script) + require.Equal(t, "system", limaCfg.Provision[0].Mode) + require.Equal(t, `# cross-arch tools +#!/bin/bash +qemu_pkgs="" +if [ ! -f /usr/bin/qemu-aarch64-static ]; then + qemu_pkgs="$qemu_pkgs qemu-user-static-aarch64" +elif [ ! -f /usr/bin/qemu-aarch64-static ]; then + qemu_pkgs="$qemu_pkgs qemu-user-static-arm" +elif [ ! -f /usr/bin/qemu-aarch64-static ]; then + qemu_pkgs="$qemu_pkgs qemu-user-static-x86" +fi + +if [[ $qemu_pkgs ]]; then + dnf install -y --setopt=install_weak_deps=False ${qemu_pkgs} +fi +`, limaCfg.Provision[0].Script) + }, + want: nil, + }, { + name: "doesn't add soci script when soci is set to false in config", + config: &Finch{ + Memory: pointer.String("2GiB"), + CPUs: pointer.Int(4), + VMType: pointer.String("qemu"), + Rosetta: pointer.Bool(false), + Soci: pointer.Bool(false), + }, + path: "/lima.yaml", + isInit: true, + mockSvc: func( + fs afero.Fs, + l *mocks.Logger, + cmd *mocks.Command, + creator *mocks.CommandCreator, + deps *mocks.LimaConfigApplierSystemDeps, + ) { + err := afero.WriteFile(fs, "/lima.yaml", []byte("memory: 4GiB\ncpus: 8"), 0o600) + require.NoError(t, err) + cmd.EXPECT().Output().Return([]byte("13.0.0"), nil) + creator.EXPECT().Create("sw_vers", "-productVersion").Return(cmd) + }, + postRunCheck: func(t *testing.T, fs afero.Fs) { + buf, err := afero.ReadFile(fs, "/lima.yaml") + require.NoError(t, err) + + var limaCfg limayaml.LimaYAML + err = yaml.Unmarshal(buf, &limaCfg) + require.NoError(t, err) + require.Equal(t, 4, *limaCfg.CPUs) + require.Equal(t, "2GiB", *limaCfg.Memory) + require.Equal(t, "reverse-sshfs", *limaCfg.MountType) + require.Equal(t, "system", limaCfg.Provision[0].Mode) + require.Equal(t, "", limaCfg.Env["CONTAINERD_SNAPSHOTTER"]) + require.Equal(t, "system", limaCfg.Provision[0].Mode) + require.Equal(t, `# cross-arch tools +#!/bin/bash +qemu_pkgs="" +if [ ! -f /usr/bin/qemu-aarch64-static ]; then + qemu_pkgs="$qemu_pkgs qemu-user-static-aarch64" +elif [ ! -f /usr/bin/qemu-aarch64-static ]; then + qemu_pkgs="$qemu_pkgs qemu-user-static-arm" +elif [ ! -f /usr/bin/qemu-aarch64-static ]; then + qemu_pkgs="$qemu_pkgs qemu-user-static-x86" +fi + +if [[ $qemu_pkgs ]]; then + dnf install -y --setopt=install_weak_deps=False ${qemu_pkgs} +fi +`, limaCfg.Provision[0].Script) + }, + want: nil, + }, { name: "updates vmType and removes cross-arch provisioning script and network config", config: &Finch{ Memory: pointer.String("2GiB"), From e81e15caa3eee142c1b073355bc875685a8de716 Mon Sep 17 00:00:00 2001 From: Channing Gaddy Date: Tue, 1 Aug 2023 12:23:46 -0700 Subject: [PATCH 08/23] making soci installation script a constant Signed-off-by: Channing Gaddy --- go.mod | 2 - pkg/config/lima_config_applier.go | 51 +++++++++++++++----------- pkg/config/lima_config_applier_test.go | 23 ++---------- 3 files changed, 33 insertions(+), 43 deletions(-) diff --git a/go.mod b/go.mod index b5f50c889..d123877a3 100644 --- a/go.mod +++ b/go.mod @@ -85,5 +85,3 @@ require ( gopkg.in/warnings.v0 v0.1.2 // indirect k8s.io/klog/v2 v2.90.1 // indirect ) - -replace github.com/runfinch/common-tests => ../common-tests diff --git a/pkg/config/lima_config_applier.go b/pkg/config/lima_config_applier.go index b355ed839..256d2a4d8 100644 --- a/pkg/config/lima_config_applier.go +++ b/pkg/config/lima_config_applier.go @@ -16,9 +16,30 @@ import ( "github.com/runfinch/finch/pkg/system" ) -const userModeEmulationProvisioningScriptHeader = "# cross-arch tools" -const sociInstallationProvisioningScriptHeader = "# soci installation and configuring" -const sociVersion = "0.3.0" +const ( + sociVersion = "0.3.0" + sociInstallationProvisioningScriptHeader = "# soci installation and configuring" + fnameFormat = "soci-snapshotter-%s-linux-%s.tar.gz" + sociDownloadUrlFormat = "https://github.com/awslabs/soci-snapshotter/releases/download/v%s/%s" + sociInstallationScriptFormat = `%s +if [ ! -f /usr/local/bin/soci ]; then + #download soci + curl -OL "%s" + #move to usr/local/bin + tar -C /usr/local/bin -xvf %s soci soci-snapshotter-grpc + #changing containerd config + export config=etc/containerd/config.toml + echo " [proxy_plugins.soci] + type = \"snapshot\" + address = \"/run/soci-snapshotter-grpc/soci-snapshotter-grpc.sock\" " >> $config + + sudo systemctl restart containerd.service + sudo soci-snapshotter-grpc &> ~/soci-snapshotter-logs & +fi + ` + + userModeEmulationProvisioningScriptHeader = "# cross-arch tools" +) // LimaConfigApplierSystemDeps contains the system dependencies for LimaConfigApplier. // @@ -202,28 +223,14 @@ func hasUserModeEmulationInstallationScript(limaCfg *limayaml.LimaYAML) (int, bo func toggleSoci(limaCfg *limayaml.LimaYAML, enabled bool, sociVersion string, arch string) { idx, hasScript := hasSociInstallationScript(limaCfg) - fname := fmt.Sprintf("soci-snapshotter-%s-linux-%s.tar.gz", sociVersion, arch) - sociDownloadUrl := fmt.Sprintf("https://github.com/awslabs/soci-snapshotter/releases/download/v%s/%s", sociVersion, fname) + fname := fmt.Sprintf(fnameFormat, sociVersion, system.NewStdLib().Arch()) + sociDownloadUrl := fmt.Sprintf(sociDownloadUrlFormat, sociVersion, fname) + sociInstallationScript := fmt.Sprintf(sociInstallationScriptFormat, sociInstallationProvisioningScriptHeader, sociDownloadUrl, fname) if !hasScript && enabled { limaCfg.Env = map[string]string{"CONTAINERD_SNAPSHOTTER": "soci"} limaCfg.Provision = append(limaCfg.Provision, limayaml.Provision{ - Mode: "system", - Script: fmt.Sprintf(`%s -if [ ! -f /usr/local/bin/soci ]; then - #download soci - curl -OL "%s" - #move to usr/local/bin - tar -C /usr/local/bin -xvf %s soci soci-snapshotter-grpc - #changing containerd config - export config=etc/containerd/config.toml - echo " [proxy_plugins.soci] - type = \"snapshot\" - address = \"/run/soci-snapshotter-grpc/soci-snapshotter-grpc.sock\" " >> $config - - sudo systemctl restart containerd.service - sudo soci-snapshotter-grpc &> ~/soci-snapshotter-logs & -fi -`, sociInstallationProvisioningScriptHeader, sociDownloadUrl, fname), + Mode: "system", + Script: sociInstallationScript, }) } else if hasScript && !enabled { limaCfg.Env = map[string]string{"CONTAINERD_SNAPSHOTTER": ""} diff --git a/pkg/config/lima_config_applier_test.go b/pkg/config/lima_config_applier_test.go index 1bd26e447..4575b2170 100644 --- a/pkg/config/lima_config_applier_test.go +++ b/pkg/config/lima_config_applier_test.go @@ -113,9 +113,9 @@ fi buf, err := afero.ReadFile(fs, "/lima.yaml") require.NoError(t, err) - const sociVersion = "0.3.0" - fname := fmt.Sprintf("soci-snapshotter-%s-linux-%s.tar.gz", sociVersion, system.NewStdLib().Arch()) - sociDownloadUrl := fmt.Sprintf("https://github.com/awslabs/soci-snapshotter/releases/download/v%s/%s", sociVersion, fname) + fname := fmt.Sprintf(fnameFormat, sociVersion, system.NewStdLib().Arch()) + sociDownloadUrl := fmt.Sprintf(sociDownloadUrlFormat, sociVersion, fname) + sociInstallationScript := fmt.Sprintf(sociInstallationScriptFormat, sociInstallationProvisioningScriptHeader, sociDownloadUrl, fname) var limaCfg limayaml.LimaYAML err = yaml.Unmarshal(buf, &limaCfg) @@ -125,22 +125,7 @@ fi require.Equal(t, "reverse-sshfs", *limaCfg.MountType) require.Equal(t, "system", limaCfg.Provision[1].Mode) require.Equal(t, "soci", limaCfg.Env["CONTAINERD_SNAPSHOTTER"]) - require.Equal(t, fmt.Sprintf(`%s -if [ ! -f /usr/local/bin/soci ]; then - #download soci - curl -OL "%s" - #move to usr/local/bin - tar -C /usr/local/bin -xvf %s soci soci-snapshotter-grpc - #changing containerd config - export config=etc/containerd/config.toml - echo " [proxy_plugins.soci] - type = \"snapshot\" - address = \"/run/soci-snapshotter-grpc/soci-snapshotter-grpc.sock\" " >> $config - - sudo systemctl restart containerd.service - sudo soci-snapshotter-grpc &> ~/soci-snapshotter-logs & -fi -`, sociInstallationProvisioningScriptHeader, sociDownloadUrl, fname), limaCfg.Provision[1].Script) + require.Equal(t, sociInstallationScript, limaCfg.Provision[1].Script) require.Equal(t, "system", limaCfg.Provision[0].Mode) require.Equal(t, `# cross-arch tools #!/bin/bash From 016b0c67859668dc7e30618b8db000e64f57d60c Mon Sep 17 00:00:00 2001 From: Channing Gaddy Date: Thu, 3 Aug 2023 17:13:45 -0700 Subject: [PATCH 09/23] fixing containerd config bug when stopping and starting vm Signed-off-by: Channing Gaddy --- pkg/config/lima_config_applier.go | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/pkg/config/lima_config_applier.go b/pkg/config/lima_config_applier.go index 256d2a4d8..0a7629932 100644 --- a/pkg/config/lima_config_applier.go +++ b/pkg/config/lima_config_applier.go @@ -27,15 +27,17 @@ if [ ! -f /usr/local/bin/soci ]; then curl -OL "%s" #move to usr/local/bin tar -C /usr/local/bin -xvf %s soci soci-snapshotter-grpc - #changing containerd config - export config=etc/containerd/config.toml - echo " [proxy_plugins.soci] - type = \"snapshot\" - address = \"/run/soci-snapshotter-grpc/soci-snapshotter-grpc.sock\" " >> $config - - sudo systemctl restart containerd.service - sudo soci-snapshotter-grpc &> ~/soci-snapshotter-logs & fi + +#changing containerd config +export config=etc/containerd/config.toml +echo " [proxy_plugins.soci] +type = \"snapshot\" +address = \"/run/soci-snapshotter-grpc/soci-snapshotter-grpc.sock\" " >> $config + +sudo systemctl restart containerd.service +sudo soci-snapshotter-grpc &> ~/soci-snapshotter-logs & + ` userModeEmulationProvisioningScriptHeader = "# cross-arch tools" From cc766d1d88065caff1efa4d0ea2da39d0d2209c2 Mon Sep 17 00:00:00 2001 From: Channing Gaddy Date: Fri, 4 Aug 2023 18:19:53 -0700 Subject: [PATCH 10/23] adding e2e tests for pulling and running with soci Signed-off-by: Channing Gaddy --- e2e/e2e.go | 17 +++++++++++++ e2e/vm/soci_test.go | 61 +++++++++++++++++++++++++++++++++++++++++++++ e2e/vm/vm_test.go | 8 ++++++ finch.yaml | 9 ++++--- 4 files changed, 91 insertions(+), 4 deletions(-) create mode 100644 e2e/vm/soci_test.go diff --git a/e2e/e2e.go b/e2e/e2e.go index 9fa225d91..1b373d863 100644 --- a/e2e/e2e.go +++ b/e2e/e2e.go @@ -63,3 +63,20 @@ func CreateOption() (*option.Option, error) { } return o, nil } + +// CreateLimaOption creates an option for shelling into VM in e2e tests. +func CreateLimaOption() (*option.Option, string, error) { + wd, err := os.Getwd() + if err != nil { + return nil, "", fmt.Errorf("failed to get the current working directory: %w", err) + } + + subject := "LIMA_HOME=" + filepath.Join(wd, "../../_output/lima/data") + subject2 := filepath.Join(wd, "../../_output/lima/bin/limactl") + + o, err := option.New([]string{subject2}, option.Env([]string{subject})) + if err != nil { + return nil, "", fmt.Errorf("failed to initialize a testing option: %w", err) + } + return o, subject, nil +} diff --git a/e2e/vm/soci_test.go b/e2e/vm/soci_test.go new file mode 100644 index 000000000..080e8c7ee --- /dev/null +++ b/e2e/vm/soci_test.go @@ -0,0 +1,61 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package vm + +import ( + "strings" + "testing" + + "github.com/onsi/ginkgo/v2" + "github.com/onsi/gomega" + "github.com/onsi/gomega/gexec" + "github.com/runfinch/common-tests/command" + "github.com/runfinch/common-tests/option" +) + +var testSoci = func(o *option.Option, limactlO *option.Option, limaHomePath string, installed bool, t *testing.T) { + + ginkgo.Describe("Soci", func() { + ginkgo.It("finch pull should have same mounts as nerdctl pull with SOCI", func() { + resetVM(o, installed) + resetDisks(o, installed) + writeFile(finchConfigFilePath, []byte("cpus: 6\nmemory: 4GiB\nsoci_snapshotter: true\n"+ + "vmType: qemu\nrosetta: false")) + initCmdSession := command.New(o, virtualMachineRootCmd, "init").WithTimeoutInSeconds(600).Run() + gomega.Expect(initCmdSession).Should(gexec.Exit(0)) + command.New(o, "pull", FfmpegSociImage).WithTimeoutInSeconds(30).Run() + finchPullMounts := countMounts(limactlO) + command.New(o, "rmi", "-f", FfmpegSociImage).WithTimeoutInSeconds(30).Run() + command.New(limactlO, "shell", "finch", "sudo", "nerdctl", "pull", FfmpegSociImage).WithTimeoutInSeconds(30).Run().Out.Contents() + nerdctlPullMounts := countMounts(limactlO) + command.New(o, "rmi", "-f", FfmpegSociImage).WithTimeoutInSeconds(30).Run() + gomega.Expect(finchPullMounts).Should(gomega.Equal(nerdctlPullMounts)) + }) + }) + + ginkgo.Describe("Soci", func() { + ginkgo.It("finch run should have same mounts as nerdctl run with SOCI", func() { + resetVM(o, installed) + resetDisks(o, installed) + writeFile(finchConfigFilePath, []byte("cpus: 6\nmemory: 4GiB\nsoci_snapshotter: true\n"+ + "vmType: qemu\nrosetta: false")) + initCmdSession := command.New(o, virtualMachineRootCmd, "init").WithTimeoutInSeconds(600).Run() + gomega.Expect(initCmdSession).Should(gexec.Exit(0)) + command.New(o, "run", FfmpegSociImage).WithTimeoutInSeconds(30).Run() + finchPullMounts := countMounts(limactlO) + command.New(o, "rmi", "-f", FfmpegSociImage).WithTimeoutInSeconds(30).Run() + command.New(limactlO, "shell", "finch", "sudo", "nerdctl", "run", FfmpegSociImage).WithTimeoutInSeconds(30).Run().Out.Contents() + nerdctlPullMounts := countMounts(limactlO) + command.New(o, "rmi", "-f", FfmpegSociImage).WithTimeoutInSeconds(30).Run() + gomega.Expect(finchPullMounts).Should(gomega.Equal(nerdctlPullMounts)) + }) + }) + +} + +// counts the mounts present in the VM after pulling an image +func countMounts(limactlO *option.Option) int { + mountOutput := string(command.New(limactlO, "shell", "finch", "mount").WithTimeoutInSeconds(30).Run().Out.Contents()) + return strings.Count(mountOutput, sociMountString) +} diff --git a/e2e/vm/vm_test.go b/e2e/vm/vm_test.go index e0813f0f8..1f50f109f 100644 --- a/e2e/vm/vm_test.go +++ b/e2e/vm/vm_test.go @@ -23,6 +23,8 @@ import ( const ( virtualMachineRootCmd = "vm" + FfmpegSociImage = "public.ecr.aws/soci-workshop-examples/ffmpeg:latest" + sociMountString = "fuse.rawBridge" ) //nolint:paralleltest // TestVM is like TestMain for the VM-related tests. @@ -34,6 +36,11 @@ func TestVM(t *testing.T) { t.Fatal(err) } + limactlO, limaHomePath, err := e2e.CreateLimaOption() + if err != nil { + t.Fatal(err) + } + ginkgo.SynchronizedBeforeSuite(func() []byte { command.New(o, "vm", "init").WithTimeoutInSeconds(600).Run() return nil @@ -53,6 +60,7 @@ func TestVM(t *testing.T) { testVirtualizationFrameworkAndRosetta(o, *e2e.Installed) testSupportBundle(o) testCredHelper(o, *e2e.Installed, *e2e.Registry) + testSoci(o, limactlO, limaHomePath, *e2e.Installed, t) }) gomega.RegisterFailHandler(ginkgo.Fail) diff --git a/finch.yaml b/finch.yaml index f1dcc0f43..8e19f8623 100644 --- a/finch.yaml +++ b/finch.yaml @@ -121,10 +121,11 @@ containerd: user: false # # Override containerd archive # # 🟢 Builtin default: hard-coded URL with hard-coded digest (see the output of `limactl info | jq .defaultTemplate.containerd.archives`) -# archives: -# - location: "~/Downloads/nerdctl-full-X.Y.Z-linux-amd64.tar.gz" -# arch: "x86_64" -# digest: "sha256:..." + # adding archive for nerdctl 1.5.0 just for e2e testing + archives: + - location: "https://github.com/containerd/nerdctl/releases/download/v1.5.0/nerdctl-full-1.5.0-linux-arm64.tar.gz" + arch: "aarch64" + digest: "sha256:32a2537e0a80e1493b5934ca56c3e237466606a1b720aef23b9c0a7fc3303bdb" # Provisioning scripts need to be idempotent because they might be called # multiple times, e.g. when the host VM is being restarted. From 47bc078f7ed38751d21a88f35c1d523863bd4136 Mon Sep 17 00:00:00 2001 From: Channing Gaddy Date: Fri, 4 Aug 2023 18:22:27 -0700 Subject: [PATCH 11/23] fixing testSoci method signature Signed-off-by: Channing Gaddy --- e2e/vm/soci_test.go | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/e2e/vm/soci_test.go b/e2e/vm/soci_test.go index 080e8c7ee..4293f0ce3 100644 --- a/e2e/vm/soci_test.go +++ b/e2e/vm/soci_test.go @@ -5,7 +5,6 @@ package vm import ( "strings" - "testing" "github.com/onsi/ginkgo/v2" "github.com/onsi/gomega" @@ -14,7 +13,7 @@ import ( "github.com/runfinch/common-tests/option" ) -var testSoci = func(o *option.Option, limactlO *option.Option, limaHomePath string, installed bool, t *testing.T) { +var testSoci = func(o *option.Option, limactlO *option.Option, limaHomePath string, installed bool) { ginkgo.Describe("Soci", func() { ginkgo.It("finch pull should have same mounts as nerdctl pull with SOCI", func() { From 49680dc061ff18e6bdf739092c1c7057c88d9e2f Mon Sep 17 00:00:00 2001 From: Channing Gaddy Date: Fri, 4 Aug 2023 18:26:16 -0700 Subject: [PATCH 12/23] fixing testSoci method signature in vm_test.go Signed-off-by: Channing Gaddy --- e2e/vm/vm_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/e2e/vm/vm_test.go b/e2e/vm/vm_test.go index 1f50f109f..bac5e19ae 100644 --- a/e2e/vm/vm_test.go +++ b/e2e/vm/vm_test.go @@ -60,7 +60,7 @@ func TestVM(t *testing.T) { testVirtualizationFrameworkAndRosetta(o, *e2e.Installed) testSupportBundle(o) testCredHelper(o, *e2e.Installed, *e2e.Registry) - testSoci(o, limactlO, limaHomePath, *e2e.Installed, t) + testSoci(o, limactlO, limaHomePath, *e2e.Installed) }) gomega.RegisterFailHandler(ginkgo.Fail) From 41a1ae5dcd8d643eda9cbeb16484aa4f0d25ffcd Mon Sep 17 00:00:00 2001 From: Channing Gaddy Date: Tue, 8 Aug 2023 10:49:40 -0700 Subject: [PATCH 13/23] taking out CreateLimaOption() + making config option a str instead of bool Signed-off-by: Channing Gaddy --- e2e/e2e.go | 17 ---------------- e2e/vm/soci_test.go | 32 +++++++++++++++++++++++-------- e2e/vm/vm_test.go | 9 +-------- pkg/config/config.go | 4 ++-- pkg/config/lima_config_applier.go | 21 +++++++------------- 5 files changed, 34 insertions(+), 49 deletions(-) diff --git a/e2e/e2e.go b/e2e/e2e.go index 1b373d863..9fa225d91 100644 --- a/e2e/e2e.go +++ b/e2e/e2e.go @@ -63,20 +63,3 @@ func CreateOption() (*option.Option, error) { } return o, nil } - -// CreateLimaOption creates an option for shelling into VM in e2e tests. -func CreateLimaOption() (*option.Option, string, error) { - wd, err := os.Getwd() - if err != nil { - return nil, "", fmt.Errorf("failed to get the current working directory: %w", err) - } - - subject := "LIMA_HOME=" + filepath.Join(wd, "../../_output/lima/data") - subject2 := filepath.Join(wd, "../../_output/lima/bin/limactl") - - o, err := option.New([]string{subject2}, option.Env([]string{subject})) - if err != nil { - return nil, "", fmt.Errorf("failed to initialize a testing option: %w", err) - } - return o, subject, nil -} diff --git a/e2e/vm/soci_test.go b/e2e/vm/soci_test.go index 4293f0ce3..16b6163cc 100644 --- a/e2e/vm/soci_test.go +++ b/e2e/vm/soci_test.go @@ -4,6 +4,8 @@ package vm import ( + "os" + "path/filepath" "strings" "github.com/onsi/ginkgo/v2" @@ -13,38 +15,52 @@ import ( "github.com/runfinch/common-tests/option" ) -var testSoci = func(o *option.Option, limactlO *option.Option, limaHomePath string, installed bool) { +const ( + FfmpegSociImage = "public.ecr.aws/soci-workshop-examples/ffmpeg:latest" + sociMountString = "fuse.rawBridge" +) + +var testSoci = func(o *option.Option, installed bool) { + + ginkgo.Describe("SOCI", func() { + var limactlO *option.Option + var limaHomePathEnv string + var wd string + + ginkgo.BeforeEach(func() { + wd, _ = os.Getwd() + limaHomePathEnv = "LIMA_HOME=" + filepath.Join(wd, "../../_output/lima/data") + limactlO, _ = option.New([]string{filepath.Join(wd, "../../_output/lima/bin/limactl")}, + option.Env([]string{limaHomePathEnv})) + }) - ginkgo.Describe("Soci", func() { ginkgo.It("finch pull should have same mounts as nerdctl pull with SOCI", func() { resetVM(o, installed) resetDisks(o, installed) - writeFile(finchConfigFilePath, []byte("cpus: 6\nmemory: 4GiB\nsoci_snapshotter: true\n"+ + writeFile(finchConfigFilePath, []byte("cpus: 6\nmemory: 4GiB\nsnapshotter: soci\n"+ "vmType: qemu\nrosetta: false")) initCmdSession := command.New(o, virtualMachineRootCmd, "init").WithTimeoutInSeconds(600).Run() gomega.Expect(initCmdSession).Should(gexec.Exit(0)) command.New(o, "pull", FfmpegSociImage).WithTimeoutInSeconds(30).Run() finchPullMounts := countMounts(limactlO) command.New(o, "rmi", "-f", FfmpegSociImage).WithTimeoutInSeconds(30).Run() - command.New(limactlO, "shell", "finch", "sudo", "nerdctl", "pull", FfmpegSociImage).WithTimeoutInSeconds(30).Run().Out.Contents() + command.New(limactlO, "shell", "finch", "sudo", "nerdctl", "--snapshotter=soci", "pull", FfmpegSociImage).WithTimeoutInSeconds(30).Run().Out.Contents() nerdctlPullMounts := countMounts(limactlO) command.New(o, "rmi", "-f", FfmpegSociImage).WithTimeoutInSeconds(30).Run() gomega.Expect(finchPullMounts).Should(gomega.Equal(nerdctlPullMounts)) }) - }) - ginkgo.Describe("Soci", func() { ginkgo.It("finch run should have same mounts as nerdctl run with SOCI", func() { resetVM(o, installed) resetDisks(o, installed) - writeFile(finchConfigFilePath, []byte("cpus: 6\nmemory: 4GiB\nsoci_snapshotter: true\n"+ + writeFile(finchConfigFilePath, []byte("cpus: 6\nmemory: 4GiB\nsnapshotter: soci\n"+ "vmType: qemu\nrosetta: false")) initCmdSession := command.New(o, virtualMachineRootCmd, "init").WithTimeoutInSeconds(600).Run() gomega.Expect(initCmdSession).Should(gexec.Exit(0)) command.New(o, "run", FfmpegSociImage).WithTimeoutInSeconds(30).Run() finchPullMounts := countMounts(limactlO) command.New(o, "rmi", "-f", FfmpegSociImage).WithTimeoutInSeconds(30).Run() - command.New(limactlO, "shell", "finch", "sudo", "nerdctl", "run", FfmpegSociImage).WithTimeoutInSeconds(30).Run().Out.Contents() + command.New(limactlO, "shell", "finch", "sudo", "nerdctl", "--snapshotter=soci", "run", FfmpegSociImage).WithTimeoutInSeconds(30).Run().Out.Contents() nerdctlPullMounts := countMounts(limactlO) command.New(o, "rmi", "-f", FfmpegSociImage).WithTimeoutInSeconds(30).Run() gomega.Expect(finchPullMounts).Should(gomega.Equal(nerdctlPullMounts)) diff --git a/e2e/vm/vm_test.go b/e2e/vm/vm_test.go index bac5e19ae..02245e356 100644 --- a/e2e/vm/vm_test.go +++ b/e2e/vm/vm_test.go @@ -23,8 +23,6 @@ import ( const ( virtualMachineRootCmd = "vm" - FfmpegSociImage = "public.ecr.aws/soci-workshop-examples/ffmpeg:latest" - sociMountString = "fuse.rawBridge" ) //nolint:paralleltest // TestVM is like TestMain for the VM-related tests. @@ -36,11 +34,6 @@ func TestVM(t *testing.T) { t.Fatal(err) } - limactlO, limaHomePath, err := e2e.CreateLimaOption() - if err != nil { - t.Fatal(err) - } - ginkgo.SynchronizedBeforeSuite(func() []byte { command.New(o, "vm", "init").WithTimeoutInSeconds(600).Run() return nil @@ -60,7 +53,7 @@ func TestVM(t *testing.T) { testVirtualizationFrameworkAndRosetta(o, *e2e.Installed) testSupportBundle(o) testCredHelper(o, *e2e.Installed, *e2e.Registry) - testSoci(o, limactlO, limaHomePath, *e2e.Installed) + testSoci(o, *e2e.Installed) }) gomega.RegisterFailHandler(ginkgo.Fail) diff --git a/pkg/config/config.go b/pkg/config/config.go index cba1538e6..e83b3692a 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -35,8 +35,8 @@ type AdditionalDirectory struct { type Finch struct { CPUs *int `yaml:"cpus"` Memory *string `yaml:"memory"` - //Soci: boolean value of whether user wants SOCI installed - Soci *bool `yaml:"soci_snapshotter,omitempty"` + // Soci: the snapshotter that will be installed and configured automatically on vm init or on vm start + Snapshotter *string `yaml:"snapshotter,omitempty"` // CredsHelper: the list of credential helpers that will be installed and configured automatically on vm init or on vm start CredsHelpers []string `yaml:"creds_helpers,omitempty"` // AdditionalDirectories are the work directories that are not supported by default. In macOS, only home directory is supported by default. diff --git a/pkg/config/lima_config_applier.go b/pkg/config/lima_config_applier.go index 0a7629932..f8adcd03f 100644 --- a/pkg/config/lima_config_applier.go +++ b/pkg/config/lima_config_applier.go @@ -19,7 +19,7 @@ import ( const ( sociVersion = "0.3.0" sociInstallationProvisioningScriptHeader = "# soci installation and configuring" - fnameFormat = "soci-snapshotter-%s-linux-%s.tar.gz" + sociFileNameFormat = "soci-snapshotter-%s-linux-%s.tar.gz" sociDownloadUrlFormat = "https://github.com/awslabs/soci-snapshotter/releases/download/v%s/%s" sociInstallationScriptFormat = `%s if [ ! -f /usr/local/bin/soci ]; then @@ -32,8 +32,8 @@ fi #changing containerd config export config=etc/containerd/config.toml echo " [proxy_plugins.soci] -type = \"snapshot\" -address = \"/run/soci-snapshotter-grpc/soci-snapshotter-grpc.sock\" " >> $config + type = \"snapshot\" + address = \"/run/soci-snapshotter-grpc/soci-snapshotter-grpc.sock\" " >> $config sudo systemctl restart containerd.service sudo soci-snapshotter-grpc &> ~/soci-snapshotter-logs & @@ -113,13 +113,6 @@ func (lca *limaConfigApplier) Apply(isInit bool) error { limaCfg.Rosetta.BinFmt = pointer.Bool(false) } - var sociEnabled bool - if lca.cfg.Soci == nil { - sociEnabled = false - } else { - sociEnabled = *lca.cfg.Soci - } - if isInit { cfgAfterInit, err := lca.applyInit(&limaCfg) if err != nil { @@ -128,7 +121,7 @@ func (lca *limaConfigApplier) Apply(isInit bool) error { limaCfg = *cfgAfterInit } - toggleSoci(&limaCfg, sociEnabled, sociVersion, system.NewStdLib().Arch()) + toggleSoci(&limaCfg, *lca.cfg.Snapshotter == "soci", sociVersion, system.NewStdLib().Arch()) limaCfgBytes, err := yaml.Marshal(limaCfg) if err != nil { @@ -225,9 +218,9 @@ func hasUserModeEmulationInstallationScript(limaCfg *limayaml.LimaYAML) (int, bo func toggleSoci(limaCfg *limayaml.LimaYAML, enabled bool, sociVersion string, arch string) { idx, hasScript := hasSociInstallationScript(limaCfg) - fname := fmt.Sprintf(fnameFormat, sociVersion, system.NewStdLib().Arch()) - sociDownloadUrl := fmt.Sprintf(sociDownloadUrlFormat, sociVersion, fname) - sociInstallationScript := fmt.Sprintf(sociInstallationScriptFormat, sociInstallationProvisioningScriptHeader, sociDownloadUrl, fname) + sociFileName := fmt.Sprintf(sociFileNameFormat, sociVersion, system.NewStdLib().Arch()) + sociDownloadUrl := fmt.Sprintf(sociDownloadUrlFormat, sociVersion, sociFileNameFormat) + sociInstallationScript := fmt.Sprintf(sociInstallationScriptFormat, sociInstallationProvisioningScriptHeader, sociDownloadUrl, sociFileName) if !hasScript && enabled { limaCfg.Env = map[string]string{"CONTAINERD_SNAPSHOTTER": "soci"} limaCfg.Provision = append(limaCfg.Provision, limayaml.Provision{ From 877eb380f0c7cde0eda108af210360a8c9d8f873 Mon Sep 17 00:00:00 2001 From: Channing Gaddy Date: Tue, 8 Aug 2023 14:41:25 -0700 Subject: [PATCH 14/23] fixing lint errors + adding error checking Signed-off-by: Channing Gaddy --- e2e/vm/soci_test.go | 7 +++++-- pkg/config/lima_config_applier.go | 9 ++++++++- pkg/config/lima_config_applier_test.go | 26 +++++++++++++------------- 3 files changed, 26 insertions(+), 16 deletions(-) diff --git a/e2e/vm/soci_test.go b/e2e/vm/soci_test.go index 16b6163cc..9dd7df1b9 100644 --- a/e2e/vm/soci_test.go +++ b/e2e/vm/soci_test.go @@ -26,12 +26,15 @@ var testSoci = func(o *option.Option, installed bool) { var limactlO *option.Option var limaHomePathEnv string var wd string + var err error ginkgo.BeforeEach(func() { - wd, _ = os.Getwd() + wd, err = os.Getwd() + gomega.Expect(err).Should(gomega.BeNil()) limaHomePathEnv = "LIMA_HOME=" + filepath.Join(wd, "../../_output/lima/data") - limactlO, _ = option.New([]string{filepath.Join(wd, "../../_output/lima/bin/limactl")}, + limactlO, err = option.New([]string{filepath.Join(wd, "../../_output/lima/bin/limactl")}, option.Env([]string{limaHomePathEnv})) + gomega.Expect(err).Should(gomega.BeNil()) }) ginkgo.It("finch pull should have same mounts as nerdctl pull with SOCI", func() { diff --git a/pkg/config/lima_config_applier.go b/pkg/config/lima_config_applier.go index f8adcd03f..317f6ba32 100644 --- a/pkg/config/lima_config_applier.go +++ b/pkg/config/lima_config_applier.go @@ -121,7 +121,14 @@ func (lca *limaConfigApplier) Apply(isInit bool) error { limaCfg = *cfgAfterInit } - toggleSoci(&limaCfg, *lca.cfg.Snapshotter == "soci", sociVersion, system.NewStdLib().Arch()) + var sociEnabled bool + if lca.cfg.Snapshotter == nil { + sociEnabled = false + } else { + sociEnabled = (*lca.cfg.Snapshotter == "soci") + } + + toggleSoci(&limaCfg, sociEnabled, sociVersion, system.NewStdLib().Arch()) limaCfgBytes, err := yaml.Marshal(limaCfg) if err != nil { diff --git a/pkg/config/lima_config_applier_test.go b/pkg/config/lima_config_applier_test.go index 4575b2170..c82dd2637 100644 --- a/pkg/config/lima_config_applier_test.go +++ b/pkg/config/lima_config_applier_test.go @@ -89,11 +89,11 @@ fi }, { name: "adds soci script when soci is set to true in config", config: &Finch{ - Memory: pointer.String("2GiB"), - CPUs: pointer.Int(4), - VMType: pointer.String("qemu"), - Rosetta: pointer.Bool(false), - Soci: pointer.Bool(true), + Memory: pointer.String("2GiB"), + CPUs: pointer.Int(4), + VMType: pointer.String("qemu"), + Rosetta: pointer.Bool(false), + Snapshotter: pointer.String("soci"), }, path: "/lima.yaml", isInit: true, @@ -113,9 +113,9 @@ fi buf, err := afero.ReadFile(fs, "/lima.yaml") require.NoError(t, err) - fname := fmt.Sprintf(fnameFormat, sociVersion, system.NewStdLib().Arch()) - sociDownloadUrl := fmt.Sprintf(sociDownloadUrlFormat, sociVersion, fname) - sociInstallationScript := fmt.Sprintf(sociInstallationScriptFormat, sociInstallationProvisioningScriptHeader, sociDownloadUrl, fname) + sociFileName := fmt.Sprintf(sociFileNameFormat, sociVersion, system.NewStdLib().Arch()) + sociDownloadUrl := fmt.Sprintf(sociDownloadUrlFormat, sociVersion, sociFileName) + sociInstallationScript := fmt.Sprintf(sociInstallationScriptFormat, sociInstallationProvisioningScriptHeader, sociDownloadUrl, sociFileName) var limaCfg limayaml.LimaYAML err = yaml.Unmarshal(buf, &limaCfg) @@ -147,11 +147,11 @@ fi }, { name: "doesn't add soci script when soci is set to false in config", config: &Finch{ - Memory: pointer.String("2GiB"), - CPUs: pointer.Int(4), - VMType: pointer.String("qemu"), - Rosetta: pointer.Bool(false), - Soci: pointer.Bool(false), + Memory: pointer.String("2GiB"), + CPUs: pointer.Int(4), + VMType: pointer.String("qemu"), + Rosetta: pointer.Bool(false), + Snapshotter: pointer.String("string"), }, path: "/lima.yaml", isInit: true, From f49625f4a2b92884a375f1fdee600f642dea996c Mon Sep 17 00:00:00 2001 From: Channing Gaddy Date: Tue, 8 Aug 2023 15:31:21 -0700 Subject: [PATCH 15/23] fixing lint and unit test issues Signed-off-by: Channing Gaddy --- e2e/vm/soci_test.go | 10 +++++----- pkg/config/lima_config_applier.go | 10 +++++----- pkg/config/lima_config_applier_test.go | 16 +++++++++++----- 3 files changed, 21 insertions(+), 15 deletions(-) diff --git a/e2e/vm/soci_test.go b/e2e/vm/soci_test.go index 9dd7df1b9..a349c052f 100644 --- a/e2e/vm/soci_test.go +++ b/e2e/vm/soci_test.go @@ -21,7 +21,6 @@ const ( ) var testSoci = func(o *option.Option, installed bool) { - ginkgo.Describe("SOCI", func() { var limactlO *option.Option var limaHomePathEnv string @@ -47,7 +46,8 @@ var testSoci = func(o *option.Option, installed bool) { command.New(o, "pull", FfmpegSociImage).WithTimeoutInSeconds(30).Run() finchPullMounts := countMounts(limactlO) command.New(o, "rmi", "-f", FfmpegSociImage).WithTimeoutInSeconds(30).Run() - command.New(limactlO, "shell", "finch", "sudo", "nerdctl", "--snapshotter=soci", "pull", FfmpegSociImage).WithTimeoutInSeconds(30).Run().Out.Contents() + command.New(limactlO, "shell", "finch", + "sudo", "nerdctl", "--snapshotter=soci", "pull", FfmpegSociImage).WithTimeoutInSeconds(30).Run().Out.Contents() nerdctlPullMounts := countMounts(limactlO) command.New(o, "rmi", "-f", FfmpegSociImage).WithTimeoutInSeconds(30).Run() gomega.Expect(finchPullMounts).Should(gomega.Equal(nerdctlPullMounts)) @@ -63,16 +63,16 @@ var testSoci = func(o *option.Option, installed bool) { command.New(o, "run", FfmpegSociImage).WithTimeoutInSeconds(30).Run() finchPullMounts := countMounts(limactlO) command.New(o, "rmi", "-f", FfmpegSociImage).WithTimeoutInSeconds(30).Run() - command.New(limactlO, "shell", "finch", "sudo", "nerdctl", "--snapshotter=soci", "run", FfmpegSociImage).WithTimeoutInSeconds(30).Run().Out.Contents() + command.New(limactlO, "shell", "finch", + "sudo", "nerdctl", "--snapshotter=soci", "run", FfmpegSociImage).WithTimeoutInSeconds(30).Run().Out.Contents() nerdctlPullMounts := countMounts(limactlO) command.New(o, "rmi", "-f", FfmpegSociImage).WithTimeoutInSeconds(30).Run() gomega.Expect(finchPullMounts).Should(gomega.Equal(nerdctlPullMounts)) }) }) - } -// counts the mounts present in the VM after pulling an image +// counts the mounts present in the VM after pulling an image. func countMounts(limactlO *option.Option) int { mountOutput := string(command.New(limactlO, "shell", "finch", "mount").WithTimeoutInSeconds(30).Run().Out.Contents()) return strings.Count(mountOutput, sociMountString) diff --git a/pkg/config/lima_config_applier.go b/pkg/config/lima_config_applier.go index 317f6ba32..7b76481ff 100644 --- a/pkg/config/lima_config_applier.go +++ b/pkg/config/lima_config_applier.go @@ -20,7 +20,7 @@ const ( sociVersion = "0.3.0" sociInstallationProvisioningScriptHeader = "# soci installation and configuring" sociFileNameFormat = "soci-snapshotter-%s-linux-%s.tar.gz" - sociDownloadUrlFormat = "https://github.com/awslabs/soci-snapshotter/releases/download/v%s/%s" + sociDownloadURLFormat = "https://github.com/awslabs/soci-snapshotter/releases/download/v%s/%s" sociInstallationScriptFormat = `%s if [ ! -f /usr/local/bin/soci ]; then #download soci @@ -128,7 +128,7 @@ func (lca *limaConfigApplier) Apply(isInit bool) error { sociEnabled = (*lca.cfg.Snapshotter == "soci") } - toggleSoci(&limaCfg, sociEnabled, sociVersion, system.NewStdLib().Arch()) + toggleSoci(&limaCfg, sociEnabled, sociVersion) limaCfgBytes, err := yaml.Marshal(limaCfg) if err != nil { @@ -223,11 +223,11 @@ func hasUserModeEmulationInstallationScript(limaCfg *limayaml.LimaYAML) (int, bo return scriptIdx, hasCrossArchToolInstallationScript } -func toggleSoci(limaCfg *limayaml.LimaYAML, enabled bool, sociVersion string, arch string) { +func toggleSoci(limaCfg *limayaml.LimaYAML, enabled bool, sociVersion string) { idx, hasScript := hasSociInstallationScript(limaCfg) sociFileName := fmt.Sprintf(sociFileNameFormat, sociVersion, system.NewStdLib().Arch()) - sociDownloadUrl := fmt.Sprintf(sociDownloadUrlFormat, sociVersion, sociFileNameFormat) - sociInstallationScript := fmt.Sprintf(sociInstallationScriptFormat, sociInstallationProvisioningScriptHeader, sociDownloadUrl, sociFileName) + sociDownloadURL := fmt.Sprintf(sociDownloadURLFormat, sociVersion, sociFileName) + sociInstallationScript := fmt.Sprintf(sociInstallationScriptFormat, sociInstallationProvisioningScriptHeader, sociDownloadURL, sociFileName) if !hasScript && enabled { limaCfg.Env = map[string]string{"CONTAINERD_SNAPSHOTTER": "soci"} limaCfg.Provision = append(limaCfg.Provision, limayaml.Provision{ diff --git a/pkg/config/lima_config_applier_test.go b/pkg/config/lima_config_applier_test.go index c82dd2637..a6cd9003b 100644 --- a/pkg/config/lima_config_applier_test.go +++ b/pkg/config/lima_config_applier_test.go @@ -86,7 +86,8 @@ fi `, limaCfg.Provision[0].Script) }, want: nil, - }, { + }, + { name: "adds soci script when soci is set to true in config", config: &Finch{ Memory: pointer.String("2GiB"), @@ -114,8 +115,11 @@ fi require.NoError(t, err) sociFileName := fmt.Sprintf(sociFileNameFormat, sociVersion, system.NewStdLib().Arch()) - sociDownloadUrl := fmt.Sprintf(sociDownloadUrlFormat, sociVersion, sociFileName) - sociInstallationScript := fmt.Sprintf(sociInstallationScriptFormat, sociInstallationProvisioningScriptHeader, sociDownloadUrl, sociFileName) + sociDownloadURL := fmt.Sprintf(sociDownloadURLFormat, sociVersion, sociFileName) + sociInstallationScript := fmt.Sprintf(sociInstallationScriptFormat, + sociInstallationProvisioningScriptHeader, + sociDownloadURL, + sociFileName) var limaCfg limayaml.LimaYAML err = yaml.Unmarshal(buf, &limaCfg) @@ -144,7 +148,8 @@ fi `, limaCfg.Provision[0].Script) }, want: nil, - }, { + }, + { name: "doesn't add soci script when soci is set to false in config", config: &Finch{ Memory: pointer.String("2GiB"), @@ -197,7 +202,8 @@ fi `, limaCfg.Provision[0].Script) }, want: nil, - }, { + }, + { name: "updates vmType and removes cross-arch provisioning script and network config", config: &Finch{ Memory: pointer.String("2GiB"), From 3d32a8e532754e248de0f7cda2ef17e15ba9f3d4 Mon Sep 17 00:00:00 2001 From: Channing Gaddy Date: Wed, 9 Aug 2023 13:38:45 -0700 Subject: [PATCH 16/23] removing nerdctl archive in VM Signed-off-by: Channing Gaddy --- README.md | 9 +++++++++ finch.yaml | 9 ++++----- pkg/config/lima_config_applier_test.go | 6 +++--- 3 files changed, 16 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 8f67b71d2..056e74c79 100644 --- a/README.md +++ b/README.md @@ -99,6 +99,15 @@ An example `finch.yaml` looks like this: cpus: 4 # memory: the amount of memory to dedicate to the virtual machine. (required) memory: 4GiB +# snapshotter: the snapshotter a user want to use as there default snapshotter +# Supported Snapshotters List: +# - soci https://github.com/awslabs/soci-snapshotter/tree/main +# Once the option has been set the snapshotter will be installed on either finch vm init or finch vm start. +# The snapshotter binary will be downloaded on the virtual machine and will be configured and ready for use. +# To change your default snpahotter back to overlayfs, simply remove the snapshotter value from finch.yaml +# To completely remove the snapshotter binary, shell into your VM and remove /usr/local/bin/{snapshotter binary} +# and remove the snapshotter configuration in the containerd config file found at /etc/containerd/config.toml +snapshotter: soci # creds_helpers: a list of credential helpers that will be installed and configured automatically. # Supported Credential Helpers List: # - ecr-login https://github.com/awslabs/amazon-ecr-credential-helper diff --git a/finch.yaml b/finch.yaml index 8e19f8623..f1dcc0f43 100644 --- a/finch.yaml +++ b/finch.yaml @@ -121,11 +121,10 @@ containerd: user: false # # Override containerd archive # # 🟢 Builtin default: hard-coded URL with hard-coded digest (see the output of `limactl info | jq .defaultTemplate.containerd.archives`) - # adding archive for nerdctl 1.5.0 just for e2e testing - archives: - - location: "https://github.com/containerd/nerdctl/releases/download/v1.5.0/nerdctl-full-1.5.0-linux-arm64.tar.gz" - arch: "aarch64" - digest: "sha256:32a2537e0a80e1493b5934ca56c3e237466606a1b720aef23b9c0a7fc3303bdb" +# archives: +# - location: "~/Downloads/nerdctl-full-X.Y.Z-linux-amd64.tar.gz" +# arch: "x86_64" +# digest: "sha256:..." # Provisioning scripts need to be idempotent because they might be called # multiple times, e.g. when the host VM is being restarted. diff --git a/pkg/config/lima_config_applier_test.go b/pkg/config/lima_config_applier_test.go index a6cd9003b..97aeb7b8f 100644 --- a/pkg/config/lima_config_applier_test.go +++ b/pkg/config/lima_config_applier_test.go @@ -88,7 +88,7 @@ fi want: nil, }, { - name: "adds soci script when soci is set to true in config", + name: "adds soci script when snapshotter is set to soci in config", config: &Finch{ Memory: pointer.String("2GiB"), CPUs: pointer.Int(4), @@ -150,13 +150,13 @@ fi want: nil, }, { - name: "doesn't add soci script when soci is set to false in config", + name: "doesn't add soci script when snapshotter is not set in config", config: &Finch{ Memory: pointer.String("2GiB"), CPUs: pointer.Int(4), VMType: pointer.String("qemu"), Rosetta: pointer.Bool(false), - Snapshotter: pointer.String("string"), + Snapshotter: pointer.String(""), }, path: "/lima.yaml", isInit: true, From 3635d25f824147c85bfd9e6067a9ed96ae7792df Mon Sep 17 00:00:00 2001 From: Channing Gaddy Date: Wed, 9 Aug 2023 18:46:20 -0700 Subject: [PATCH 17/23] replacing .New with .Run when possible Signed-off-by: Channing Gaddy --- e2e/vm/soci_test.go | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/e2e/vm/soci_test.go b/e2e/vm/soci_test.go index a349c052f..5a538ec21 100644 --- a/e2e/vm/soci_test.go +++ b/e2e/vm/soci_test.go @@ -45,11 +45,11 @@ var testSoci = func(o *option.Option, installed bool) { gomega.Expect(initCmdSession).Should(gexec.Exit(0)) command.New(o, "pull", FfmpegSociImage).WithTimeoutInSeconds(30).Run() finchPullMounts := countMounts(limactlO) - command.New(o, "rmi", "-f", FfmpegSociImage).WithTimeoutInSeconds(30).Run() + command.Run(o, "rmi", "-f", FfmpegSociImage) command.New(limactlO, "shell", "finch", - "sudo", "nerdctl", "--snapshotter=soci", "pull", FfmpegSociImage).WithTimeoutInSeconds(30).Run().Out.Contents() + "sudo", "nerdctl", "--snapshotter=soci", "pull", FfmpegSociImage).WithTimeoutInSeconds(30).Run() nerdctlPullMounts := countMounts(limactlO) - command.New(o, "rmi", "-f", FfmpegSociImage).WithTimeoutInSeconds(30).Run() + command.Run(o, "rmi", "-f", FfmpegSociImage) gomega.Expect(finchPullMounts).Should(gomega.Equal(nerdctlPullMounts)) }) @@ -62,11 +62,11 @@ var testSoci = func(o *option.Option, installed bool) { gomega.Expect(initCmdSession).Should(gexec.Exit(0)) command.New(o, "run", FfmpegSociImage).WithTimeoutInSeconds(30).Run() finchPullMounts := countMounts(limactlO) - command.New(o, "rmi", "-f", FfmpegSociImage).WithTimeoutInSeconds(30).Run() + command.Run(o, "rmi", "-f", FfmpegSociImage) command.New(limactlO, "shell", "finch", - "sudo", "nerdctl", "--snapshotter=soci", "run", FfmpegSociImage).WithTimeoutInSeconds(30).Run().Out.Contents() + "sudo", "nerdctl", "--snapshotter=soci", "run", FfmpegSociImage).WithTimeoutInSeconds(30).Run() nerdctlPullMounts := countMounts(limactlO) - command.New(o, "rmi", "-f", FfmpegSociImage).WithTimeoutInSeconds(30).Run() + command.Run(o, "rmi", "-f", FfmpegSociImage) gomega.Expect(finchPullMounts).Should(gomega.Equal(nerdctlPullMounts)) }) }) @@ -74,6 +74,6 @@ var testSoci = func(o *option.Option, installed bool) { // counts the mounts present in the VM after pulling an image. func countMounts(limactlO *option.Option) int { - mountOutput := string(command.New(limactlO, "shell", "finch", "mount").WithTimeoutInSeconds(30).Run().Out.Contents()) + mountOutput := command.StdoutStr(limactlO, "shell", "finch", "mount") return strings.Count(mountOutput, sociMountString) } From f2d03ad1c840070e521ebb7c3fdf072cb22ab953 Mon Sep 17 00:00:00 2001 From: Channing Gaddy Date: Thu, 10 Aug 2023 10:11:39 -0700 Subject: [PATCH 18/23] fixing godoc and not exporting socified ffmpeg image Signed-off-by: Channing Gaddy --- pkg/config/config.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pkg/config/config.go b/pkg/config/config.go index e83b3692a..a8752252f 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -35,7 +35,8 @@ type AdditionalDirectory struct { type Finch struct { CPUs *int `yaml:"cpus"` Memory *string `yaml:"memory"` - // Soci: the snapshotter that will be installed and configured automatically on vm init or on vm start + // Snapshotter: the snapshotter that will be installed and configured automatically on vm init or on vm start + // Values: `soci` for SOCI snapshotter or empty for default overlay snapshotter. Snapshotter *string `yaml:"snapshotter,omitempty"` // CredsHelper: the list of credential helpers that will be installed and configured automatically on vm init or on vm start CredsHelpers []string `yaml:"creds_helpers,omitempty"` From 807432357a8de886a4e497fec6d302570fcc7a56 Mon Sep 17 00:00:00 2001 From: Channing Gaddy Date: Thu, 10 Aug 2023 11:51:06 -0700 Subject: [PATCH 19/23] removing redundant .Expect Signed-off-by: Channing Gaddy --- e2e/vm/soci_test.go | 25 +++++++++++-------------- 1 file changed, 11 insertions(+), 14 deletions(-) diff --git a/e2e/vm/soci_test.go b/e2e/vm/soci_test.go index 5a538ec21..ec033e95b 100644 --- a/e2e/vm/soci_test.go +++ b/e2e/vm/soci_test.go @@ -10,13 +10,12 @@ import ( "github.com/onsi/ginkgo/v2" "github.com/onsi/gomega" - "github.com/onsi/gomega/gexec" "github.com/runfinch/common-tests/command" "github.com/runfinch/common-tests/option" ) const ( - FfmpegSociImage = "public.ecr.aws/soci-workshop-examples/ffmpeg:latest" + ffmpegSociImage = "public.ecr.aws/soci-workshop-examples/ffmpeg:latest" sociMountString = "fuse.rawBridge" ) @@ -41,15 +40,14 @@ var testSoci = func(o *option.Option, installed bool) { resetDisks(o, installed) writeFile(finchConfigFilePath, []byte("cpus: 6\nmemory: 4GiB\nsnapshotter: soci\n"+ "vmType: qemu\nrosetta: false")) - initCmdSession := command.New(o, virtualMachineRootCmd, "init").WithTimeoutInSeconds(600).Run() - gomega.Expect(initCmdSession).Should(gexec.Exit(0)) - command.New(o, "pull", FfmpegSociImage).WithTimeoutInSeconds(30).Run() + command.New(o, virtualMachineRootCmd, "init").WithTimeoutInSeconds(600).Run() + command.New(o, "pull", ffmpegSociImage).WithTimeoutInSeconds(30).Run() finchPullMounts := countMounts(limactlO) - command.Run(o, "rmi", "-f", FfmpegSociImage) + command.Run(o, "rmi", "-f", ffmpegSociImage) command.New(limactlO, "shell", "finch", - "sudo", "nerdctl", "--snapshotter=soci", "pull", FfmpegSociImage).WithTimeoutInSeconds(30).Run() + "sudo", "nerdctl", "--snapshotter=soci", "pull", ffmpegSociImage).WithTimeoutInSeconds(30).Run() nerdctlPullMounts := countMounts(limactlO) - command.Run(o, "rmi", "-f", FfmpegSociImage) + command.Run(o, "rmi", "-f", ffmpegSociImage) gomega.Expect(finchPullMounts).Should(gomega.Equal(nerdctlPullMounts)) }) @@ -58,15 +56,14 @@ var testSoci = func(o *option.Option, installed bool) { resetDisks(o, installed) writeFile(finchConfigFilePath, []byte("cpus: 6\nmemory: 4GiB\nsnapshotter: soci\n"+ "vmType: qemu\nrosetta: false")) - initCmdSession := command.New(o, virtualMachineRootCmd, "init").WithTimeoutInSeconds(600).Run() - gomega.Expect(initCmdSession).Should(gexec.Exit(0)) - command.New(o, "run", FfmpegSociImage).WithTimeoutInSeconds(30).Run() + command.New(o, virtualMachineRootCmd, "init").WithTimeoutInSeconds(600).Run() + command.New(o, "run", ffmpegSociImage).WithTimeoutInSeconds(30).Run() finchPullMounts := countMounts(limactlO) - command.Run(o, "rmi", "-f", FfmpegSociImage) + command.Run(o, "rmi", "-f", ffmpegSociImage) command.New(limactlO, "shell", "finch", - "sudo", "nerdctl", "--snapshotter=soci", "run", FfmpegSociImage).WithTimeoutInSeconds(30).Run() + "sudo", "nerdctl", "--snapshotter=soci", "run", ffmpegSociImage).WithTimeoutInSeconds(30).Run() nerdctlPullMounts := countMounts(limactlO) - command.Run(o, "rmi", "-f", FfmpegSociImage) + command.Run(o, "rmi", "-f", ffmpegSociImage) gomega.Expect(finchPullMounts).Should(gomega.Equal(nerdctlPullMounts)) }) }) From 774708301ea8ad55573331c3ead365696dbc4ce5 Mon Sep 17 00:00:00 2001 From: Channing Gaddy Date: Thu, 10 Aug 2023 15:11:14 -0700 Subject: [PATCH 20/23] retrying cURL and exiting when it fails Signed-off-by: Channing Gaddy --- pkg/config/lima_config_applier.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pkg/config/lima_config_applier.go b/pkg/config/lima_config_applier.go index 7b76481ff..0fe00f8c6 100644 --- a/pkg/config/lima_config_applier.go +++ b/pkg/config/lima_config_applier.go @@ -24,7 +24,8 @@ const ( sociInstallationScriptFormat = `%s if [ ! -f /usr/local/bin/soci ]; then #download soci - curl -OL "%s" + set -e + curl --retry 2 --retry-max-time 120 -OL "%s" #move to usr/local/bin tar -C /usr/local/bin -xvf %s soci soci-snapshotter-grpc fi From c3950207dde6d863ec204d0b58bc6c9c9a6483c5 Mon Sep 17 00:00:00 2001 From: Channing Gaddy Date: Thu, 10 Aug 2023 15:14:59 -0700 Subject: [PATCH 21/23] fixing spacing for comments and typos Signed-off-by: Channing Gaddy --- README.md | 2 +- pkg/config/lima_config_applier.go | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 056e74c79..55710fc3a 100644 --- a/README.md +++ b/README.md @@ -99,7 +99,7 @@ An example `finch.yaml` looks like this: cpus: 4 # memory: the amount of memory to dedicate to the virtual machine. (required) memory: 4GiB -# snapshotter: the snapshotter a user want to use as there default snapshotter +# snapshotter: the snapshotter a user want to use as their default snapshotter # Supported Snapshotters List: # - soci https://github.com/awslabs/soci-snapshotter/tree/main # Once the option has been set the snapshotter will be installed on either finch vm init or finch vm start. diff --git a/pkg/config/lima_config_applier.go b/pkg/config/lima_config_applier.go index 0fe00f8c6..501177ecb 100644 --- a/pkg/config/lima_config_applier.go +++ b/pkg/config/lima_config_applier.go @@ -23,14 +23,14 @@ const ( sociDownloadURLFormat = "https://github.com/awslabs/soci-snapshotter/releases/download/v%s/%s" sociInstallationScriptFormat = `%s if [ ! -f /usr/local/bin/soci ]; then - #download soci + # download soci set -e curl --retry 2 --retry-max-time 120 -OL "%s" - #move to usr/local/bin + # move to usr/local/bin tar -C /usr/local/bin -xvf %s soci soci-snapshotter-grpc fi -#changing containerd config +# changing containerd config export config=etc/containerd/config.toml echo " [proxy_plugins.soci] type = \"snapshot\" @@ -225,7 +225,7 @@ func hasUserModeEmulationInstallationScript(limaCfg *limayaml.LimaYAML) (int, bo } func toggleSoci(limaCfg *limayaml.LimaYAML, enabled bool, sociVersion string) { - idx, hasScript := hasSociInstallationScript(limaCfg) + idx, hasScript := findSociInstallationScript(limaCfg) sociFileName := fmt.Sprintf(sociFileNameFormat, sociVersion, system.NewStdLib().Arch()) sociDownloadURL := fmt.Sprintf(sociDownloadURLFormat, sociVersion, sociFileName) sociInstallationScript := fmt.Sprintf(sociInstallationScriptFormat, sociInstallationProvisioningScriptHeader, sociDownloadURL, sociFileName) @@ -243,7 +243,7 @@ func toggleSoci(limaCfg *limayaml.LimaYAML, enabled bool, sociVersion string) { } } -func hasSociInstallationScript(limaCfg *limayaml.LimaYAML) (int, bool) { +func findSociInstallationScript(limaCfg *limayaml.LimaYAML) (int, bool) { hasSociInstallationScript := false var scriptIdx int for idx, prov := range limaCfg.Provision { From d4d8d19cec793e70cda87800cffe5393a90558ea Mon Sep 17 00:00:00 2001 From: Channing Gaddy Date: Fri, 11 Aug 2023 00:14:57 -0700 Subject: [PATCH 22/23] making config option a slice instead of string + adding as conifg value to make it easier for users to switch back to overlayfs from soci Signed-off-by: Channing Gaddy --- README.md | 13 +- e2e/vm/soci_test.go | 8 +- go.mod | 1 + go.sum | 2 + pkg/config/config.go | 4 +- pkg/config/lima_config_applier.go | 67 ++++++-- pkg/config/lima_config_applier_test.go | 202 +++++++++++++++++++++++-- 7 files changed, 264 insertions(+), 33 deletions(-) diff --git a/README.md b/README.md index 55710fc3a..7657c26d5 100644 --- a/README.md +++ b/README.md @@ -99,15 +99,16 @@ An example `finch.yaml` looks like this: cpus: 4 # memory: the amount of memory to dedicate to the virtual machine. (required) memory: 4GiB -# snapshotter: the snapshotter a user want to use as their default snapshotter +# snapshotters: the snapshotters a user wants to use (the first snapshotter will be set as the default snapshotter) # Supported Snapshotters List: # - soci https://github.com/awslabs/soci-snapshotter/tree/main -# Once the option has been set the snapshotter will be installed on either finch vm init or finch vm start. -# The snapshotter binary will be downloaded on the virtual machine and will be configured and ready for use. -# To change your default snpahotter back to overlayfs, simply remove the snapshotter value from finch.yaml -# To completely remove the snapshotter binary, shell into your VM and remove /usr/local/bin/{snapshotter binary} +# Once the option has been set the snapshotters will be installed on either finch vm init or finch vm start. +# The snapshotters binary will be downloaded on the virtual machine and will be configured and ready for use. +# To change your default snpahotter back to overlayfs, simply remove the snapshotters value from finch.yaml or set snapshotters to `overlayfs` +# To completely remove the snapshotters' binaries, shell into your VM and remove /usr/local/bin/{snapshotter binary} # and remove the snapshotter configuration in the containerd config file found at /etc/containerd/config.toml -snapshotter: soci +snapshotters: + - soci # creds_helpers: a list of credential helpers that will be installed and configured automatically. # Supported Credential Helpers List: # - ecr-login https://github.com/awslabs/amazon-ecr-credential-helper diff --git a/e2e/vm/soci_test.go b/e2e/vm/soci_test.go index ec033e95b..ada22cb47 100644 --- a/e2e/vm/soci_test.go +++ b/e2e/vm/soci_test.go @@ -38,8 +38,8 @@ var testSoci = func(o *option.Option, installed bool) { ginkgo.It("finch pull should have same mounts as nerdctl pull with SOCI", func() { resetVM(o, installed) resetDisks(o, installed) - writeFile(finchConfigFilePath, []byte("cpus: 6\nmemory: 4GiB\nsnapshotter: soci\n"+ - "vmType: qemu\nrosetta: false")) + writeFile(finchConfigFilePath, []byte("cpus: 6\nmemory: 4GiB\nsnapshotters:\n "+ + "- soci\nvmType: qemu\nrosetta: false")) command.New(o, virtualMachineRootCmd, "init").WithTimeoutInSeconds(600).Run() command.New(o, "pull", ffmpegSociImage).WithTimeoutInSeconds(30).Run() finchPullMounts := countMounts(limactlO) @@ -54,8 +54,8 @@ var testSoci = func(o *option.Option, installed bool) { ginkgo.It("finch run should have same mounts as nerdctl run with SOCI", func() { resetVM(o, installed) resetDisks(o, installed) - writeFile(finchConfigFilePath, []byte("cpus: 6\nmemory: 4GiB\nsnapshotter: soci\n"+ - "vmType: qemu\nrosetta: false")) + writeFile(finchConfigFilePath, []byte("cpus: 6\nmemory: 4GiB\nsnapshotters:\n "+ + "- soci\nvmType: qemu\nrosetta: false")) command.New(o, virtualMachineRootCmd, "init").WithTimeoutInSeconds(600).Run() command.New(o, "run", ffmpegSociImage).WithTimeoutInSeconds(30).Run() finchPullMounts := countMounts(limactlO) diff --git a/go.mod b/go.mod index d123877a3..c969e0c70 100644 --- a/go.mod +++ b/go.mod @@ -20,6 +20,7 @@ require ( github.com/stretchr/testify v1.8.4 github.com/xorcare/pointer v1.2.2 golang.org/x/crypto v0.11.0 + golang.org/x/exp v0.0.0-20230810033253-352e893a4cad golang.org/x/tools v0.11.1 gopkg.in/yaml.v3 v3.0.1 k8s.io/apimachinery v0.27.4 diff --git a/go.sum b/go.sum index f48c097cc..3a3dd014a 100644 --- a/go.sum +++ b/go.sum @@ -400,6 +400,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= +golang.org/x/exp v0.0.0-20230810033253-352e893a4cad h1:g0bG7Z4uG+OgH2QDODnjp6ggkk1bJDsINcuWmJN1iJU= +golang.org/x/exp v0.0.0-20230810033253-352e893a4cad/go.mod h1:FXUEEKJgO7OQYeo8N01OfiKP8RXMtf6e8aTskBGqWdc= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= diff --git a/pkg/config/config.go b/pkg/config/config.go index a8752252f..276d0e6fb 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -36,8 +36,8 @@ type Finch struct { CPUs *int `yaml:"cpus"` Memory *string `yaml:"memory"` // Snapshotter: the snapshotter that will be installed and configured automatically on vm init or on vm start - // Values: `soci` for SOCI snapshotter or empty for default overlay snapshotter. - Snapshotter *string `yaml:"snapshotter,omitempty"` + // Values: `soci` for SOCI snapshotter; `overlayfs` for default overlay snapshotter. + Snapshotters []string `yaml:"snapshotters,omitempty"` // CredsHelper: the list of credential helpers that will be installed and configured automatically on vm init or on vm start CredsHelpers []string `yaml:"creds_helpers,omitempty"` // AdditionalDirectories are the work directories that are not supported by default. In macOS, only home directory is supported by default. diff --git a/pkg/config/lima_config_applier.go b/pkg/config/lima_config_applier.go index 501177ecb..7c837ec45 100644 --- a/pkg/config/lima_config_applier.go +++ b/pkg/config/lima_config_applier.go @@ -10,6 +10,7 @@ import ( "github.com/lima-vm/lima/pkg/limayaml" "github.com/spf13/afero" "github.com/xorcare/pointer" + "golang.org/x/exp/slices" "gopkg.in/yaml.v3" "github.com/runfinch/finch/pkg/command" @@ -122,14 +123,25 @@ func (lca *limaConfigApplier) Apply(isInit bool) error { limaCfg = *cfgAfterInit } - var sociEnabled bool - if lca.cfg.Snapshotter == nil { - sociEnabled = false - } else { - sociEnabled = (*lca.cfg.Snapshotter == "soci") + supportedSnapshotters := []string{"overlayfs", "soci"} + enabledSnapshotters := initializeEnabledSnapshotterSlice(len(supportedSnapshotters)) + + for i, snapshotter := range lca.cfg.Snapshotters { + supportedIdx := slices.Index(supportedSnapshotters, snapshotter) + if supportedIdx < 0 { + return fmt.Errorf("invalid snapshotter config value: %s", snapshotter) + } + + isDefaultSnapshotter := false + if i == 0 { + isDefaultSnapshotter = true + } + + isEnabled := true + enabledSnapshotters[supportedIdx] = [2]bool{isEnabled, isDefaultSnapshotter} } - toggleSoci(&limaCfg, sociEnabled, sociVersion) + toggleSnaphotters(&limaCfg, supportedSnapshotters, enabledSnapshotters) limaCfgBytes, err := yaml.Marshal(limaCfg) if err != nil { @@ -224,23 +236,60 @@ func hasUserModeEmulationInstallationScript(limaCfg *limayaml.LimaYAML) (int, bo return scriptIdx, hasCrossArchToolInstallationScript } -func toggleSoci(limaCfg *limayaml.LimaYAML, enabled bool, sociVersion string) { +// initializes the bool slice for what snapshotter the user has enabled to all false +// this will be changed later depending on the user's snapshotters config values. +func initializeEnabledSnapshotterSlice(numSupportedSnapshotters int) [2][2]bool { + var enabledSnapshotters [2][2]bool + + for i := 0; i < numSupportedSnapshotters; i++ { + enabledSnapshotters[i] = [2]bool{false, false} + } + + return enabledSnapshotters +} + +// toggles enabled snapshotters and sets default snapshotter. +func toggleSnaphotters(limaCfg *limayaml.LimaYAML, supportedSnapshotters []string, enabledSnapshotters [2][2]bool) { + for i := len(enabledSnapshotters) - 1; i > 0; i-- { + enabledSlice := enabledSnapshotters[i] + if enabledSlice[0] { + if supportedSnapshotters[i] == "overlayfs" { + toggleOverlayFs(limaCfg, enabledSlice[1]) + } else if supportedSnapshotters[i] == "soci" { + toggleSoci(limaCfg, enabledSlice[0], enabledSlice[1], sociVersion) + } + } + } +} + +// sets overlayfs as the default snapshotter. +func toggleOverlayFs(limaCfg *limayaml.LimaYAML, isDefault bool) { + if isDefault { + limaCfg.Env = map[string]string{"CONTAINERD_SNAPSHOTTER": ""} + } +} + +func toggleSoci(limaCfg *limayaml.LimaYAML, enabled bool, isDefault bool, sociVersion string) { idx, hasScript := findSociInstallationScript(limaCfg) sociFileName := fmt.Sprintf(sociFileNameFormat, sociVersion, system.NewStdLib().Arch()) sociDownloadURL := fmt.Sprintf(sociDownloadURLFormat, sociVersion, sociFileName) sociInstallationScript := fmt.Sprintf(sociInstallationScriptFormat, sociInstallationProvisioningScriptHeader, sociDownloadURL, sociFileName) if !hasScript && enabled { - limaCfg.Env = map[string]string{"CONTAINERD_SNAPSHOTTER": "soci"} limaCfg.Provision = append(limaCfg.Provision, limayaml.Provision{ Mode: "system", Script: sociInstallationScript, }) } else if hasScript && !enabled { - limaCfg.Env = map[string]string{"CONTAINERD_SNAPSHOTTER": ""} if len(limaCfg.Provision) > 0 { limaCfg.Provision = append(limaCfg.Provision[:idx], limaCfg.Provision[idx+1:]...) } } + + if isDefault { + limaCfg.Env = map[string]string{"CONTAINERD_SNAPSHOTTER": "soci"} + } else { + limaCfg.Env = map[string]string{"CONTAINERD_SNAPSHOTTER": ""} + } } func findSociInstallationScript(limaCfg *limayaml.LimaYAML) (int, bool) { diff --git a/pkg/config/lima_config_applier_test.go b/pkg/config/lima_config_applier_test.go index 97aeb7b8f..6ea05586b 100644 --- a/pkg/config/lima_config_applier_test.go +++ b/pkg/config/lima_config_applier_test.go @@ -88,13 +88,13 @@ fi want: nil, }, { - name: "adds soci script when snapshotter is set to soci in config", + name: "adds soci script and sets soci as default snapshotter when soci is first in snapshotters array", config: &Finch{ - Memory: pointer.String("2GiB"), - CPUs: pointer.Int(4), - VMType: pointer.String("qemu"), - Rosetta: pointer.Bool(false), - Snapshotter: pointer.String("soci"), + Memory: pointer.String("2GiB"), + CPUs: pointer.Int(4), + VMType: pointer.String("qemu"), + Rosetta: pointer.Bool(false), + Snapshotters: []string{"soci"}, }, path: "/lima.yaml", isInit: true, @@ -150,13 +150,121 @@ fi want: nil, }, { - name: "doesn't add soci script when snapshotter is not set in config", + name: "doesn't add soci script and doesn't change default snapshotter when snapshotters is not set in config", + config: &Finch{ + Memory: pointer.String("2GiB"), + CPUs: pointer.Int(4), + VMType: pointer.String("qemu"), + Rosetta: pointer.Bool(false), + Snapshotters: []string{}, + }, + path: "/lima.yaml", + isInit: true, + mockSvc: func( + fs afero.Fs, + l *mocks.Logger, + cmd *mocks.Command, + creator *mocks.CommandCreator, + deps *mocks.LimaConfigApplierSystemDeps, + ) { + err := afero.WriteFile(fs, "/lima.yaml", []byte("memory: 4GiB\ncpus: 8"), 0o600) + require.NoError(t, err) + cmd.EXPECT().Output().Return([]byte("13.0.0"), nil) + creator.EXPECT().Create("sw_vers", "-productVersion").Return(cmd) + }, + postRunCheck: func(t *testing.T, fs afero.Fs) { + buf, err := afero.ReadFile(fs, "/lima.yaml") + require.NoError(t, err) + + var limaCfg limayaml.LimaYAML + err = yaml.Unmarshal(buf, &limaCfg) + require.NoError(t, err) + require.Equal(t, 4, *limaCfg.CPUs) + require.Equal(t, "2GiB", *limaCfg.Memory) + require.Equal(t, "reverse-sshfs", *limaCfg.MountType) + require.Equal(t, "system", limaCfg.Provision[0].Mode) + require.Equal(t, "", limaCfg.Env["CONTAINERD_SNAPSHOTTER"]) + require.Equal(t, "system", limaCfg.Provision[0].Mode) + require.Equal(t, `# cross-arch tools +#!/bin/bash +qemu_pkgs="" +if [ ! -f /usr/bin/qemu-aarch64-static ]; then + qemu_pkgs="$qemu_pkgs qemu-user-static-aarch64" +elif [ ! -f /usr/bin/qemu-aarch64-static ]; then + qemu_pkgs="$qemu_pkgs qemu-user-static-arm" +elif [ ! -f /usr/bin/qemu-aarch64-static ]; then + qemu_pkgs="$qemu_pkgs qemu-user-static-x86" +fi + +if [[ $qemu_pkgs ]]; then + dnf install -y --setopt=install_weak_deps=False ${qemu_pkgs} +fi +`, limaCfg.Provision[0].Script) + }, + want: nil, + }, + { + name: "doesn't add soci script when soci is not in snapshotters array", + config: &Finch{ + Memory: pointer.String("2GiB"), + CPUs: pointer.Int(4), + VMType: pointer.String("qemu"), + Rosetta: pointer.Bool(false), + Snapshotters: []string{"overlayfs"}, + }, + path: "/lima.yaml", + isInit: true, + mockSvc: func( + fs afero.Fs, + l *mocks.Logger, + cmd *mocks.Command, + creator *mocks.CommandCreator, + deps *mocks.LimaConfigApplierSystemDeps, + ) { + err := afero.WriteFile(fs, "/lima.yaml", []byte("memory: 4GiB\ncpus: 8"), 0o600) + require.NoError(t, err) + cmd.EXPECT().Output().Return([]byte("13.0.0"), nil) + creator.EXPECT().Create("sw_vers", "-productVersion").Return(cmd) + }, + postRunCheck: func(t *testing.T, fs afero.Fs) { + buf, err := afero.ReadFile(fs, "/lima.yaml") + require.NoError(t, err) + + var limaCfg limayaml.LimaYAML + err = yaml.Unmarshal(buf, &limaCfg) + require.NoError(t, err) + require.Equal(t, 4, *limaCfg.CPUs) + require.Equal(t, "2GiB", *limaCfg.Memory) + require.Equal(t, "reverse-sshfs", *limaCfg.MountType) + require.Equal(t, "system", limaCfg.Provision[0].Mode) + require.Equal(t, "", limaCfg.Env["CONTAINERD_SNAPSHOTTER"]) + require.Equal(t, "system", limaCfg.Provision[0].Mode) + require.Equal(t, `# cross-arch tools +#!/bin/bash +qemu_pkgs="" +if [ ! -f /usr/bin/qemu-aarch64-static ]; then + qemu_pkgs="$qemu_pkgs qemu-user-static-aarch64" +elif [ ! -f /usr/bin/qemu-aarch64-static ]; then + qemu_pkgs="$qemu_pkgs qemu-user-static-arm" +elif [ ! -f /usr/bin/qemu-aarch64-static ]; then + qemu_pkgs="$qemu_pkgs qemu-user-static-x86" +fi + +if [[ $qemu_pkgs ]]; then + dnf install -y --setopt=install_weak_deps=False ${qemu_pkgs} +fi +`, limaCfg.Provision[0].Script) + }, + want: nil, + }, + { + name: "adds soci script but keeps overlayfs as default when soci is present in snapshotters array but not first element", config: &Finch{ - Memory: pointer.String("2GiB"), - CPUs: pointer.Int(4), - VMType: pointer.String("qemu"), - Rosetta: pointer.Bool(false), - Snapshotter: pointer.String(""), + Memory: pointer.String("2GiB"), + CPUs: pointer.Int(4), + VMType: pointer.String("qemu"), + Rosetta: pointer.Bool(false), + Snapshotters: []string{"overlayfs", "soci"}, }, path: "/lima.yaml", isInit: true, @@ -176,6 +284,13 @@ fi buf, err := afero.ReadFile(fs, "/lima.yaml") require.NoError(t, err) + sociFileName := fmt.Sprintf(sociFileNameFormat, sociVersion, system.NewStdLib().Arch()) + sociDownloadURL := fmt.Sprintf(sociDownloadURLFormat, sociVersion, sociFileName) + sociInstallationScript := fmt.Sprintf(sociInstallationScriptFormat, + sociInstallationProvisioningScriptHeader, + sociDownloadURL, + sociFileName) + var limaCfg limayaml.LimaYAML err = yaml.Unmarshal(buf, &limaCfg) require.NoError(t, err) @@ -184,6 +299,69 @@ fi require.Equal(t, "reverse-sshfs", *limaCfg.MountType) require.Equal(t, "system", limaCfg.Provision[0].Mode) require.Equal(t, "", limaCfg.Env["CONTAINERD_SNAPSHOTTER"]) + require.Equal(t, sociInstallationScript, limaCfg.Provision[1].Script) + require.Equal(t, "system", limaCfg.Provision[0].Mode) + require.Equal(t, `# cross-arch tools +#!/bin/bash +qemu_pkgs="" +if [ ! -f /usr/bin/qemu-aarch64-static ]; then + qemu_pkgs="$qemu_pkgs qemu-user-static-aarch64" +elif [ ! -f /usr/bin/qemu-aarch64-static ]; then + qemu_pkgs="$qemu_pkgs qemu-user-static-arm" +elif [ ! -f /usr/bin/qemu-aarch64-static ]; then + qemu_pkgs="$qemu_pkgs qemu-user-static-x86" +fi + +if [[ $qemu_pkgs ]]; then + dnf install -y --setopt=install_weak_deps=False ${qemu_pkgs} +fi +`, limaCfg.Provision[0].Script) + }, + want: nil, + }, + { + name: "doesn't add soci script when snapshotter is not set in config", + config: &Finch{ + Memory: pointer.String("2GiB"), + CPUs: pointer.Int(4), + VMType: pointer.String("qemu"), + Rosetta: pointer.Bool(false), + Snapshotters: []string{"soci", "overlayfs"}, + }, + path: "/lima.yaml", + isInit: true, + mockSvc: func( + fs afero.Fs, + l *mocks.Logger, + cmd *mocks.Command, + creator *mocks.CommandCreator, + deps *mocks.LimaConfigApplierSystemDeps, + ) { + err := afero.WriteFile(fs, "/lima.yaml", []byte("memory: 4GiB\ncpus: 8"), 0o600) + require.NoError(t, err) + cmd.EXPECT().Output().Return([]byte("13.0.0"), nil) + creator.EXPECT().Create("sw_vers", "-productVersion").Return(cmd) + }, + postRunCheck: func(t *testing.T, fs afero.Fs) { + buf, err := afero.ReadFile(fs, "/lima.yaml") + require.NoError(t, err) + + sociFileName := fmt.Sprintf(sociFileNameFormat, sociVersion, system.NewStdLib().Arch()) + sociDownloadURL := fmt.Sprintf(sociDownloadURLFormat, sociVersion, sociFileName) + sociInstallationScript := fmt.Sprintf(sociInstallationScriptFormat, + sociInstallationProvisioningScriptHeader, + sociDownloadURL, + sociFileName) + + var limaCfg limayaml.LimaYAML + err = yaml.Unmarshal(buf, &limaCfg) + require.NoError(t, err) + require.Equal(t, 4, *limaCfg.CPUs) + require.Equal(t, "2GiB", *limaCfg.Memory) + require.Equal(t, "reverse-sshfs", *limaCfg.MountType) + require.Equal(t, "system", limaCfg.Provision[0].Mode) + require.Equal(t, "soci", limaCfg.Env["CONTAINERD_SNAPSHOTTER"]) + require.Equal(t, sociInstallationScript, limaCfg.Provision[1].Script) require.Equal(t, "system", limaCfg.Provision[0].Mode) require.Equal(t, `# cross-arch tools #!/bin/bash From bb21ba354fe0e4f905e139bd56c0477841d96954 Mon Sep 17 00:00:00 2001 From: Channing Gaddy Date: Fri, 11 Aug 2023 11:29:52 -0700 Subject: [PATCH 23/23] using map for enabled snapshotter bool values Signed-off-by: Channing Gaddy --- pkg/config/config.go | 2 +- pkg/config/lima_config_applier.go | 38 +++++++------------------------ 2 files changed, 9 insertions(+), 31 deletions(-) diff --git a/pkg/config/config.go b/pkg/config/config.go index 276d0e6fb..88416b03a 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -35,7 +35,7 @@ type AdditionalDirectory struct { type Finch struct { CPUs *int `yaml:"cpus"` Memory *string `yaml:"memory"` - // Snapshotter: the snapshotter that will be installed and configured automatically on vm init or on vm start + // Snapshotters: the snapshotters that will be installed and configured automatically on vm init or on vm start. // Values: `soci` for SOCI snapshotter; `overlayfs` for default overlay snapshotter. Snapshotters []string `yaml:"snapshotters,omitempty"` // CredsHelper: the list of credential helpers that will be installed and configured automatically on vm init or on vm start diff --git a/pkg/config/lima_config_applier.go b/pkg/config/lima_config_applier.go index 7c837ec45..02d3a3262 100644 --- a/pkg/config/lima_config_applier.go +++ b/pkg/config/lima_config_applier.go @@ -124,11 +124,9 @@ func (lca *limaConfigApplier) Apply(isInit bool) error { } supportedSnapshotters := []string{"overlayfs", "soci"} - enabledSnapshotters := initializeEnabledSnapshotterSlice(len(supportedSnapshotters)) - + snapshotters := make(map[string][2]bool) for i, snapshotter := range lca.cfg.Snapshotters { - supportedIdx := slices.Index(supportedSnapshotters, snapshotter) - if supportedIdx < 0 { + if !slices.Contains(supportedSnapshotters, snapshotter) { return fmt.Errorf("invalid snapshotter config value: %s", snapshotter) } @@ -138,10 +136,10 @@ func (lca *limaConfigApplier) Apply(isInit bool) error { } isEnabled := true - enabledSnapshotters[supportedIdx] = [2]bool{isEnabled, isDefaultSnapshotter} + snapshotters[snapshotter] = [2]bool{isEnabled, isDefaultSnapshotter} } - toggleSnaphotters(&limaCfg, supportedSnapshotters, enabledSnapshotters) + toggleSnaphotters(&limaCfg, snapshotters) limaCfgBytes, err := yaml.Marshal(limaCfg) if err != nil { @@ -236,30 +234,10 @@ func hasUserModeEmulationInstallationScript(limaCfg *limayaml.LimaYAML) (int, bo return scriptIdx, hasCrossArchToolInstallationScript } -// initializes the bool slice for what snapshotter the user has enabled to all false -// this will be changed later depending on the user's snapshotters config values. -func initializeEnabledSnapshotterSlice(numSupportedSnapshotters int) [2][2]bool { - var enabledSnapshotters [2][2]bool - - for i := 0; i < numSupportedSnapshotters; i++ { - enabledSnapshotters[i] = [2]bool{false, false} - } - - return enabledSnapshotters -} - -// toggles enabled snapshotters and sets default snapshotter. -func toggleSnaphotters(limaCfg *limayaml.LimaYAML, supportedSnapshotters []string, enabledSnapshotters [2][2]bool) { - for i := len(enabledSnapshotters) - 1; i > 0; i-- { - enabledSlice := enabledSnapshotters[i] - if enabledSlice[0] { - if supportedSnapshotters[i] == "overlayfs" { - toggleOverlayFs(limaCfg, enabledSlice[1]) - } else if supportedSnapshotters[i] == "soci" { - toggleSoci(limaCfg, enabledSlice[0], enabledSlice[1], sociVersion) - } - } - } +// toggles snapshotters and sets default snapshotter. +func toggleSnaphotters(limaCfg *limayaml.LimaYAML, snapshotters map[string][2]bool) { + toggleOverlayFs(limaCfg, snapshotters["overlayfs"][1]) + toggleSoci(limaCfg, snapshotters["soci"][0], snapshotters["soci"][1], sociVersion) } // sets overlayfs as the default snapshotter.