1#!/bin/bash 2 3# Copyright 2018 Amazon.com, Inc. or its affiliates. All Rights Reserved. 4# Copyright © 2020 Intel Corporation 5# SPDX-License-Identifier: Apache-2.0 6 7CLI_NAME="Cloud Hypervisor" 8 9CTR_IMAGE_TAG="cloudhypervisor/dev" 10CTR_IMAGE_VERSION="v3" 11CTR_IMAGE="${CTR_IMAGE_TAG}:${CTR_IMAGE_VERSION}" 12 13DOCKER_RUNTIME="docker" 14 15# Host paths 16CLH_SCRIPTS_DIR=$(cd "$(dirname "$0")" && pwd) 17CLH_ROOT_DIR=$(cd "${CLH_SCRIPTS_DIR}/.." && pwd) 18CLH_BUILD_DIR="${CLH_ROOT_DIR}/build" 19CLH_CARGO_TARGET="${CLH_BUILD_DIR}/cargo_target" 20CLH_DOCKERFILE="${CLH_SCRIPTS_DIR}/../resources/Dockerfile" 21CLH_CTR_BUILD_DIR="/tmp/cloud-hypervisor/ctr-build" 22CLH_INTEGRATION_WORKLOADS="${HOME}/workloads" 23 24# Container paths 25CTR_CLH_ROOT_DIR="/cloud-hypervisor" 26CTR_CLH_CARGO_BUILT_DIR="${CTR_CLH_ROOT_DIR}/build" 27CTR_CLH_CARGO_TARGET="${CTR_CLH_CARGO_BUILT_DIR}/cargo_target" 28CTR_CLH_INTEGRATION_WORKLOADS="/root/workloads" 29 30# Cargo paths 31# Full path to the cargo registry dir on the host. This appears on the host 32# because we want to persist the cargo registry across container invocations. 33# Otherwise, any rust crates from crates.io would be downloaded again each time 34# we build or test. 35CARGO_REGISTRY_DIR="${CLH_BUILD_DIR}/cargo_registry" 36 37# Full path to the cargo git registry on the host. This serves the same purpose 38# as CARGO_REGISTRY_DIR, for crates downloaded from GitHub repos instead of 39# crates.io. 40CARGO_GIT_REGISTRY_DIR="${CLH_BUILD_DIR}/cargo_git_registry" 41 42# Full path to the cargo target dir on the host. 43CARGO_TARGET_DIR="${CLH_BUILD_DIR}/cargo_target" 44 45# Send a decorated message to stdout, followed by a new line 46# 47say() { 48 [ -t 1 ] && [ -n "$TERM" ] \ 49 && echo "$(tput setaf 2)[$CLI_NAME]$(tput sgr0) $*" \ 50 || echo "[$CLI_NAME] $*" 51} 52 53# Send a decorated message to stdout, without a trailing new line 54# 55say_noln() { 56 [ -t 1 ] && [ -n "$TERM" ] \ 57 && echo -n "$(tput setaf 2)[$CLI_NAME]$(tput sgr0) $*" \ 58 || echo "[$CLI_NAME] $*" 59} 60 61# Send a text message to stderr 62# 63say_err() { 64 [ -t 2 ] && [ -n "$TERM" ] \ 65 && echo "$(tput setaf 1)[$CLI_NAME] $*$(tput sgr0)" 1>&2 \ 66 || echo "[$CLI_NAME] $*" 1>&2 67} 68 69# Send a warning-highlighted text to stdout 70say_warn() { 71 [ -t 1 ] && [ -n "$TERM" ] \ 72 && echo "$(tput setaf 3)[$CLI_NAME] $*$(tput sgr0)" \ 73 || echo "[$CLI_NAME] $*" 74} 75 76# Exit with an error message and (optional) code 77# Usage: die [-c <error code>] <error message> 78# 79die() { 80 code=1 81 [[ "$1" = "-c" ]] && { 82 code="$2" 83 shift 2 84 } 85 say_err "$@" 86 exit $code 87} 88 89# Exit with an error message if the last exit code is not 0 90# 91ok_or_die() { 92 code=$? 93 [[ $code -eq 0 ]] || die -c $code "$@" 94} 95 96# Make sure the build/ dirs are available. Exit if we can't create them. 97# Upon returning from this call, the caller can be certain the build/ dirs exist. 98# 99ensure_build_dir() { 100 for dir in "$CLH_BUILD_DIR" \ 101 "$CLH_INTEGRATION_WORKLOADS" \ 102 "$CLH_CTR_BUILD_DIR" \ 103 "$CARGO_TARGET_DIR" \ 104 "$CARGO_REGISTRY_DIR" \ 105 "$CARGO_GIT_REGISTRY_DIR"; do 106 mkdir -p "$dir" || die "Error: cannot create dir $dir" 107 [ -x "$dir" ] && [ -w "$dir" ] || \ 108 { 109 say "Wrong permissions for $dir. Attempting to fix them ..." 110 chmod +x+w "$dir" 111 } || \ 112 die "Error: wrong permissions for $dir. Should be +x+w" 113 done 114} 115 116# Make sure we're using the latest dev container, by just pulling it. 117ensure_latest_ctr() { 118 $DOCKER_RUNTIME pull "$CTR_IMAGE" 119 120 ok_or_die "Error pulling container image. Aborting." 121} 122 123# Fix main directory permissions after a container ran as root. 124# Since the container ran as root, any files it creates will be owned by root. 125# This fixes that by recursively changing the ownership of /cloud-hypervisor to the 126# current user. 127# 128fix_dir_perms() { 129 # Yes, running Docker to get elevated privileges, just to chown some files 130 # is a dirty hack. 131 $DOCKER_RUNTIME run \ 132 --workdir "$CTR_CLH_ROOT_DIR" \ 133 --rm \ 134 --volume /dev:/dev \ 135 --volume "$CLH_ROOT_DIR:$CTR_CLH_ROOT_DIR" \ 136 "$CTR_IMAGE" \ 137 chown -R "$(id -u):$(id -g)" "$CTR_CLH_ROOT_DIR" 138 139 return $1 140} 141 142cmd_help() { 143 echo "" 144 echo "Cloud Hypervisor $(basename $0)" 145 echo "Usage: $(basename $0) <command> [<command args>]" 146 echo "" 147 echo "Available commands:" 148 echo "" 149 echo " build [--debug|--release] [--libc musl|gnu] [-- [<cargo args>]]" 150 echo " Build the Cloud Hypervisor binaries." 151 echo " --debug Build the debug binaries. This is the default." 152 echo " --release Build the release binaries." 153 echo " --libc Select the C library Cloud Hypervisor will be built against. Default is gnu" 154 echo "" 155 echo " tests [--unit|--cargo|--all] [--libc musl|gnu] [-- [<cargo test args>]]" 156 echo " Run the Cloud Hypervisor tests." 157 echo " --unit Run the unit tests." 158 echo " --cargo Run the cargo tests." 159 echo " --integration Run the integration tests." 160 echo " --libc Select the C library Cloud Hypervisor will be built against. Default is gnu" 161 echo " --all Run all tests." 162 echo "" 163 echo " build-container [--type]" 164 echo " Build the Cloud Hypervisor container." 165 echo " --dev Build dev container. This is the default." 166 echo "" 167 echo " clean [<cargo args>]]" 168 echo " Remove the Cloud Hypervisor artifacts." 169 echo "" 170 echo " shell" 171 echo " Run the development container into an interactive, privileged BASH shell." 172 echo "" 173 echo " help" 174 echo " Display this help message." 175 echo "" 176} 177 178cmd_build() { 179 build="debug" 180 libc="gnu" 181 182 while [ $# -gt 0 ]; do 183 case "$1" in 184 "-h"|"--help") { cmd_help; exit 1; } ;; 185 "--debug") { build="debug"; } ;; 186 "--release") { build="release"; } ;; 187 "--libc") 188 shift 189 [[ "$1" =~ ^(musl|gnu)$ ]] || \ 190 die "Invalid libc: $1. Valid options are \"musl\" and \"gnu\"." 191 libc="$1" 192 ;; 193 "--") { shift; break; } ;; 194 *) 195 die "Unknown build argument: $1. Please use --help for help." 196 ;; 197 esac 198 shift 199 done 200 201 target="$(uname -m)-unknown-linux-${libc}" 202 203 cargo_args=("$@") 204 [ $build = "release" ] && cargo_args+=("--release") 205 cargo_args+=(--target "$target") 206 [ $(uname -m) = "aarch64" ] && cargo_args+=("--no-default-features") 207 [ $(uname -m) = "aarch64" ] && cargo_args+=(--features "mmio") 208 209 rustflags="" 210 if [ $(uname -m) = "aarch64" ] && [ $libc = "musl" ] ; then 211 rustflags="-C link-arg=-lgcc" 212 fi 213 214 # A workaround on Arm64 to avoid build errors in kvm-bindings 215 if [ $(uname -m) = "aarch64" ]; then 216 sed -i 's/"with-serde",\ //g' "$CLH_ROOT_DIR"/hypervisor/Cargo.toml 217 fi 218 219 $DOCKER_RUNTIME run \ 220 --user "$(id -u):$(id -g)" \ 221 --workdir "$CTR_CLH_ROOT_DIR" \ 222 --rm \ 223 --volume /dev:/dev \ 224 --volume "$CLH_ROOT_DIR:$CTR_CLH_ROOT_DIR" \ 225 --env RUSTFLAGS="$rustflags" \ 226 "$CTR_IMAGE" \ 227 cargo build --all \ 228 --target-dir "$CTR_CLH_CARGO_TARGET" \ 229 "${cargo_args[@]}" && say "Binaries placed under $CLH_CARGO_TARGET/$target/$build" 230} 231 232cmd_clean() { 233 cargo_args=("$@") 234 235 $DOCKER_RUNTIME run \ 236 --user "$(id -u):$(id -g)" \ 237 --workdir "$CTR_CLH_ROOT_DIR" \ 238 --rm \ 239 --volume "$CLH_ROOT_DIR:$CTR_CLH_ROOT_DIR" \ 240 "$CTR_IMAGE" \ 241 cargo clean \ 242 --target-dir "$CTR_CLH_CARGO_TARGET" \ 243 "${cargo_args[@]}" 244 } 245 246cmd_tests() { 247 unit=false 248 cargo=false 249 integration=false 250 libc="gnu" 251 252 while [ $# -gt 0 ]; do 253 case "$1" in 254 "-h"|"--help") { cmd_help; exit 1; } ;; 255 "--unit") { unit=true; } ;; 256 "--cargo") { cargo=true; } ;; 257 "--integration") { integration=true; } ;; 258 "--libc") 259 shift 260 [[ "$1" =~ ^(musl|gnu)$ ]] || \ 261 die "Invalid libc: $1. Valid options are \"musl\" and \"gnu\"." 262 libc="$1" 263 ;; 264 "--all") { cargo=true; unit=true; integration=true; } ;; 265 "--") { shift; break; } ;; 266 *) 267 die "Unknown tests argument: $1. Please use --help for help." 268 ;; 269 esac 270 shift 271 done 272 273 target="$(uname -m)-unknown-linux-${libc}" 274 cflags="" 275 target_cc="" 276 if [[ "$target" == "x86_64-unknown-linux-musl" ]]; then 277 target_cc="musl-gcc" 278 cflags="-I /usr/include/x86_64-linux-musl/ -idirafter /usr/include/" 279 fi 280 281 if [ "$unit" = true ] ; then 282 say "Running unit tests for $target..." 283 $DOCKER_RUNTIME run \ 284 --workdir "$CTR_CLH_ROOT_DIR" \ 285 --rm \ 286 --device /dev/kvm \ 287 --device /dev/net/tun \ 288 --cap-add net_admin \ 289 --volume "$CLH_ROOT_DIR:$CTR_CLH_ROOT_DIR" \ 290 --env BUILD_TARGET="$target" \ 291 --env CFLAGS="$cflags" \ 292 --env TARGET_CC="$target_cc" \ 293 "$CTR_IMAGE" \ 294 ./scripts/run_unit_tests.sh "$@" || fix_dir_perms $? || exit $? 295 fi 296 297 if [ "$cargo" = true ] ; then 298 say "Running cargo tests..." 299 $DOCKER_RUNTIME run \ 300 --workdir "$CTR_CLH_ROOT_DIR" \ 301 --rm \ 302 --volume "$CLH_ROOT_DIR:$CTR_CLH_ROOT_DIR" \ 303 "$CTR_IMAGE" \ 304 ./scripts/run_cargo_tests.sh || fix_dir_perms $? || exit $? 305 fi 306 307 if [ "$integration" = true ] ; then 308 say "Running integration tests for $target..." 309 $DOCKER_RUNTIME run \ 310 --workdir "$CTR_CLH_ROOT_DIR" \ 311 --rm \ 312 --privileged \ 313 --security-opt seccomp=unconfined \ 314 --ipc=host \ 315 --net=host \ 316 --mount type=tmpfs,destination=/tmp \ 317 --volume /dev:/dev \ 318 --volume "$CLH_ROOT_DIR:$CTR_CLH_ROOT_DIR" \ 319 --volume "$CLH_INTEGRATION_WORKLOADS:$CTR_CLH_INTEGRATION_WORKLOADS" \ 320 --env USER="root" \ 321 --env CH_LIBC="${libc}" \ 322 "$CTR_IMAGE" \ 323 ./scripts/run_integration_tests.sh "$@" || fix_dir_perms $? || exit $? 324 fi 325 326 fix_dir_perms $? 327} 328 329cmd_build-container() { 330 container_type="dev" 331 332 while [ $# -gt 0 ]; do 333 case "$1" in 334 "-h"|"--help") { cmd_help; exit 1; } ;; 335 "--dev") { container_type="dev"; } ;; 336 "--") { shift; break; } ;; 337 *) 338 die "Unknown build-container argument: $1. Please use --help for help." 339 ;; 340 esac 341 shift 342 done 343 344 BUILD_DIR=/tmp/cloud-hypervisor/container/ 345 346 mkdir -p $BUILD_DIR 347 cp $CLH_DOCKERFILE $BUILD_DIR 348 349 $DOCKER_RUNTIME build \ 350 --target $container_type \ 351 -t $CTR_IMAGE \ 352 -f $BUILD_DIR/Dockerfile \ 353 --build-arg TARGETARCH="$(uname -m)" \ 354 $BUILD_DIR 355} 356 357cmd_shell() { 358 say_warn "Starting a privileged shell prompt as root ..." 359 say_warn "WARNING: Your $CLH_ROOT_DIR folder will be bind-mounted in the container under $CTR_CLH_ROOT_DIR" 360 $DOCKER_RUNTIME run \ 361 -ti \ 362 --workdir "$CTR_CLH_ROOT_DIR" \ 363 --rm \ 364 --privileged \ 365 --security-opt seccomp=unconfined \ 366 --ipc=host \ 367 --net=host \ 368 --tmpfs /tmp:exec \ 369 --volume /dev:/dev \ 370 --volume "$CLH_ROOT_DIR:$CTR_CLH_ROOT_DIR" \ 371 --volume "$CLH_INTEGRATION_WORKLOADS:$CTR_CLH_INTEGRATION_WORKLOADS" \ 372 --env USER="root" \ 373 --env CH_LIBC="${libc}" \ 374 --entrypoint bash \ 375 "$CTR_IMAGE" 376 377 fix_dir_perms $? 378} 379 380# Parse main command line args. 381# 382while [ $# -gt 0 ]; do 383 case "$1" in 384 -h|--help) { cmd_help; exit 1; } ;; 385 -y|--unattended) { OPT_UNATTENDED=true; } ;; 386 -*) 387 die "Unknown arg: $1. Please use \`$0 help\` for help." 388 ;; 389 *) 390 break 391 ;; 392 esac 393 shift 394done 395 396# $1 is now a command name. Check if it is a valid command and, if so, 397# run it. 398# 399declare -f "cmd_$1" > /dev/null 400ok_or_die "Unknown command: $1. Please use \`$0 help\` for help." 401 402cmd=cmd_$1 403shift 404 405ensure_build_dir 406if [ $(uname -m) = "x86_64" ]; then 407 ensure_latest_ctr 408fi 409 410# Before a public image for AArch64 ready, we build the container if needed. 411if [ $(uname -m) = "aarch64" ]; then 412 cmd_build-container 413fi 414 415$cmd "$@" 416