xref: /cloud-hypervisor/scripts/dev_cli.sh (revision cfa758fbb113c77fb65ed41cec48a60efbbd0ca1) 
1#!/bin/bash
2
3# Copyright 2018 Amazon.com, Inc. or its affiliates. All Rights Reserved.
4# Copyright © 2020 Intel Corporation
5# SPDX-License-Identifier: Apache-2.0
6
7CLI_NAME="Cloud Hypervisor"
8
9CTR_IMAGE_TAG="cloudhypervisor/dev"
10CTR_IMAGE_VERSION="v3"
11CTR_IMAGE="${CTR_IMAGE_TAG}:${CTR_IMAGE_VERSION}"
12
13DOCKER_RUNTIME="docker"
14
15# Host paths
16CLH_SCRIPTS_DIR=$(cd "$(dirname "$0")" && pwd)
17CLH_ROOT_DIR=$(cd "${CLH_SCRIPTS_DIR}/.." && pwd)
18CLH_BUILD_DIR="${CLH_ROOT_DIR}/build"
19CLH_CARGO_TARGET="${CLH_BUILD_DIR}/cargo_target"
20CLH_DOCKERFILE="${CLH_SCRIPTS_DIR}/../resources/Dockerfile"
21CLH_CTR_BUILD_DIR="/tmp/cloud-hypervisor/ctr-build"
22CLH_INTEGRATION_WORKLOADS="${HOME}/workloads"
23
24# Container paths
25CTR_CLH_ROOT_DIR="/cloud-hypervisor"
26CTR_CLH_CARGO_BUILT_DIR="${CTR_CLH_ROOT_DIR}/build"
27CTR_CLH_CARGO_TARGET="${CTR_CLH_CARGO_BUILT_DIR}/cargo_target"
28CTR_CLH_INTEGRATION_WORKLOADS="/root/workloads"
29
30# Cargo paths
31# Full path to the cargo registry dir on the host. This appears on the host
32# because we want to persist the cargo registry across container invocations.
33# Otherwise, any rust crates from crates.io would be downloaded again each time
34# we build or test.
35CARGO_REGISTRY_DIR="${CLH_BUILD_DIR}/cargo_registry"
36
37# Full path to the cargo git registry on the host. This serves the same purpose
38# as CARGO_REGISTRY_DIR, for crates downloaded from GitHub repos instead of
39# crates.io.
40CARGO_GIT_REGISTRY_DIR="${CLH_BUILD_DIR}/cargo_git_registry"
41
42# Full path to the cargo target dir on the host.
43CARGO_TARGET_DIR="${CLH_BUILD_DIR}/cargo_target"
44
45# Send a decorated message to stdout, followed by a new line
46#
47say() {
48    [ -t 1 ] && [ -n "$TERM" ] \
49        && echo "$(tput setaf 2)[$CLI_NAME]$(tput sgr0) $*" \
50        || echo "[$CLI_NAME] $*"
51}
52
53# Send a decorated message to stdout, without a trailing new line
54#
55say_noln() {
56    [ -t 1 ] && [ -n "$TERM" ] \
57        && echo -n "$(tput setaf 2)[$CLI_NAME]$(tput sgr0) $*" \
58        || echo "[$CLI_NAME] $*"
59}
60
61# Send a text message to stderr
62#
63say_err() {
64    [ -t 2 ] && [ -n "$TERM" ] \
65        && echo "$(tput setaf 1)[$CLI_NAME] $*$(tput sgr0)" 1>&2 \
66        || echo "[$CLI_NAME] $*" 1>&2
67}
68
69# Send a warning-highlighted text to stdout
70say_warn() {
71    [ -t 1 ] && [ -n "$TERM" ] \
72        && echo "$(tput setaf 3)[$CLI_NAME] $*$(tput sgr0)" \
73        || echo "[$CLI_NAME] $*"
74}
75
76# Exit with an error message and (optional) code
77# Usage: die [-c <error code>] <error message>
78#
79die() {
80    code=1
81    [[ "$1" = "-c" ]] && {
82        code="$2"
83        shift 2
84    }
85    say_err "$@"
86    exit $code
87}
88
89# Exit with an error message if the last exit code is not 0
90#
91ok_or_die() {
92    code=$?
93    [[ $code -eq 0 ]] || die -c $code "$@"
94}
95
96# Make sure the build/ dirs are available. Exit if we can't create them.
97# Upon returning from this call, the caller can be certain the build/ dirs exist.
98#
99ensure_build_dir() {
100    for dir in "$CLH_BUILD_DIR" \
101		   "$CLH_INTEGRATION_WORKLOADS" \
102		   "$CLH_CTR_BUILD_DIR" \
103		   "$CARGO_TARGET_DIR" \
104		   "$CARGO_REGISTRY_DIR" \
105		   "$CARGO_GIT_REGISTRY_DIR"; do
106        mkdir -p "$dir" || die "Error: cannot create dir $dir"
107        [ -x "$dir" ] && [ -w "$dir" ] || \
108            {
109                say "Wrong permissions for $dir. Attempting to fix them ..."
110                chmod +x+w "$dir"
111            } || \
112            die "Error: wrong permissions for $dir. Should be +x+w"
113    done
114}
115
116# Make sure we're using the latest dev container, by just pulling it.
117ensure_latest_ctr() {
118    $DOCKER_RUNTIME pull "$CTR_IMAGE"
119
120    ok_or_die "Error pulling container image. Aborting."
121}
122
123# Fix main directory permissions after a container ran as root.
124# Since the container ran as root, any files it creates will be owned by root.
125# This fixes that by recursively changing the ownership of /cloud-hypervisor to the
126# current user.
127#
128fix_dir_perms() {
129    # Yes, running Docker to get elevated privileges, just to chown some files
130    # is a dirty hack.
131    $DOCKER_RUNTIME run \
132	--workdir "$CTR_CLH_ROOT_DIR" \
133	   --rm \
134	   --volume /dev:/dev \
135	   --volume "$CLH_ROOT_DIR:$CTR_CLH_ROOT_DIR" \
136	   "$CTR_IMAGE" \
137           chown -R "$(id -u):$(id -g)" "$CTR_CLH_ROOT_DIR"
138
139    return $1
140}
141
142cmd_help() {
143    echo ""
144    echo "Cloud Hypervisor $(basename $0)"
145    echo "Usage: $(basename $0) <command> [<command args>]"
146    echo ""
147    echo "Available commands:"
148    echo ""
149    echo "    build [--debug|--release] [--libc musl|gnu] [-- [<cargo args>]]"
150    echo "        Build the Cloud Hypervisor binaries."
151    echo "        --debug               Build the debug binaries. This is the default."
152    echo "        --release             Build the release binaries."
153    echo "        --libc                Select the C library Cloud Hypervisor will be built against. Default is gnu"
154    echo ""
155    echo "    tests [--unit|--cargo|--all] [--libc musl|gnu] [-- [<cargo test args>]]"
156    echo "        Run the Cloud Hypervisor tests."
157    echo "        --unit               Run the unit tests."
158    echo "        --cargo              Run the cargo tests."
159    echo "        --integration        Run the integration tests."
160    echo "        --libc               Select the C library Cloud Hypervisor will be built against. Default is gnu"
161    echo "        --all                Run all tests."
162    echo ""
163    echo "    build-container [--type]"
164    echo "        Build the Cloud Hypervisor container."
165    echo "        --dev                Build dev container. This is the default."
166    echo ""
167    echo "    clean [<cargo args>]]"
168    echo "        Remove the Cloud Hypervisor artifacts."
169    echo ""
170    echo "    shell"
171    echo "        Run the development container into an interactive, privileged BASH shell."
172    echo ""
173    echo "    help"
174    echo "        Display this help message."
175    echo ""
176}
177
178cmd_build() {
179    build="debug"
180    libc="gnu"
181
182    while [ $# -gt 0 ]; do
183	case "$1" in
184            "-h"|"--help")  { cmd_help; exit 1;     } ;;
185            "--debug")      { build="debug";      } ;;
186            "--release")    { build="release";    } ;;
187            "--libc")
188                shift
189                [[ "$1" =~ ^(musl|gnu)$ ]] || \
190                    die "Invalid libc: $1. Valid options are \"musl\" and \"gnu\"."
191                libc="$1"
192                ;;
193            "--")           { shift; break;         } ;;
194            *)
195		die "Unknown build argument: $1. Please use --help for help."
196		;;
197	esac
198	shift
199    done
200
201    target="$(uname -m)-unknown-linux-${libc}"
202
203    cargo_args=("$@")
204    [ $build = "release" ] && cargo_args+=("--release")
205    cargo_args+=(--target "$target")
206    [ $(uname -m) = "aarch64" ] && cargo_args+=("--no-default-features")
207    [ $(uname -m) = "aarch64" ] && cargo_args+=(--features "mmio")
208
209    rustflags=""
210    if [ $(uname -m) = "aarch64" ] && [ $libc = "musl" ] ; then
211        rustflags="-C link-arg=-lgcc"
212    fi
213
214    # A workaround on Arm64 to avoid build errors in kvm-bindings
215    if [ $(uname -m) = "aarch64" ]; then
216        sed -i 's/"with-serde",\ //g' "$CLH_ROOT_DIR"/hypervisor/Cargo.toml
217    fi
218
219    $DOCKER_RUNTIME run \
220	   --user "$(id -u):$(id -g)" \
221	   --workdir "$CTR_CLH_ROOT_DIR" \
222	   --rm \
223	   --volume /dev:/dev \
224	   --volume "$CLH_ROOT_DIR:$CTR_CLH_ROOT_DIR" \
225	   --env RUSTFLAGS="$rustflags" \
226	   "$CTR_IMAGE" \
227	   cargo build --all \
228	         --target-dir "$CTR_CLH_CARGO_TARGET" \
229	         "${cargo_args[@]}" && say "Binaries placed under $CLH_CARGO_TARGET/$target/$build"
230}
231
232cmd_clean() {
233    cargo_args=("$@")
234
235    $DOCKER_RUNTIME run \
236	   --user "$(id -u):$(id -g)" \
237	   --workdir "$CTR_CLH_ROOT_DIR" \
238	   --rm \
239	   --volume "$CLH_ROOT_DIR:$CTR_CLH_ROOT_DIR" \
240	   "$CTR_IMAGE" \
241	   cargo clean \
242	         --target-dir "$CTR_CLH_CARGO_TARGET" \
243	         "${cargo_args[@]}"
244    }
245
246cmd_tests() {
247    unit=false
248    cargo=false
249    integration=false
250    libc="gnu"
251
252    while [ $# -gt 0 ]; do
253	case "$1" in
254            "-h"|"--help")           { cmd_help; exit 1;     } ;;
255            "--unit")                { unit=true;      } ;;
256            "--cargo")               { cargo=true;    } ;;
257            "--integration")         { integration=true;    } ;;
258            "--libc")
259                shift
260                [[ "$1" =~ ^(musl|gnu)$ ]] || \
261                    die "Invalid libc: $1. Valid options are \"musl\" and \"gnu\"."
262                libc="$1"
263                ;;
264	    "--all")                 { cargo=true; unit=true; integration=true;  } ;;
265            "--")                    { shift; break;         } ;;
266            *)
267		die "Unknown tests argument: $1. Please use --help for help."
268		;;
269	esac
270	shift
271    done
272
273    target="$(uname -m)-unknown-linux-${libc}"
274    cflags=""
275    target_cc=""
276    if [[ "$target" == "x86_64-unknown-linux-musl" ]]; then
277	target_cc="musl-gcc"
278	cflags="-I /usr/include/x86_64-linux-musl/ -idirafter /usr/include/"
279    fi
280
281    if [ "$unit" = true ] ;  then
282	say "Running unit tests for $target..."
283	$DOCKER_RUNTIME run \
284	       --workdir "$CTR_CLH_ROOT_DIR" \
285	       --rm \
286	       --device /dev/kvm \
287	       --device /dev/net/tun \
288	       --cap-add net_admin \
289	       --volume "$CLH_ROOT_DIR:$CTR_CLH_ROOT_DIR" \
290	       --env BUILD_TARGET="$target" \
291	       --env CFLAGS="$cflags" \
292	       --env TARGET_CC="$target_cc" \
293	       "$CTR_IMAGE" \
294	       ./scripts/run_unit_tests.sh "$@" || fix_dir_perms $? || exit $?
295    fi
296
297    if [ "$cargo" = true ] ;  then
298	say "Running cargo tests..."
299	$DOCKER_RUNTIME run \
300	       --workdir "$CTR_CLH_ROOT_DIR" \
301	       --rm \
302	       --volume "$CLH_ROOT_DIR:$CTR_CLH_ROOT_DIR" \
303	       "$CTR_IMAGE" \
304	       ./scripts/run_cargo_tests.sh || fix_dir_perms $? || exit $?
305    fi
306
307    if [ "$integration" = true ] ;  then
308	say "Running integration tests for $target..."
309	$DOCKER_RUNTIME run \
310	       --workdir "$CTR_CLH_ROOT_DIR" \
311	       --rm \
312	       --privileged \
313	       --security-opt seccomp=unconfined \
314	       --ipc=host \
315	       --net=host \
316	       --mount type=tmpfs,destination=/tmp \
317	       --volume /dev:/dev \
318	       --volume "$CLH_ROOT_DIR:$CTR_CLH_ROOT_DIR" \
319	       --volume "$CLH_INTEGRATION_WORKLOADS:$CTR_CLH_INTEGRATION_WORKLOADS" \
320	       --env USER="root" \
321	       --env CH_LIBC="${libc}" \
322	       "$CTR_IMAGE" \
323	       ./scripts/run_integration_tests.sh "$@" || fix_dir_perms $? || exit $?
324    fi
325
326    fix_dir_perms $?
327}
328
329cmd_build-container() {
330    container_type="dev"
331
332    while [ $# -gt 0 ]; do
333	case "$1" in
334            "-h"|"--help")  { cmd_help; exit 1;     } ;;
335            "--dev")        { container_type="dev"; } ;;
336            "--")           { shift; break;         } ;;
337            *)
338		die "Unknown build-container argument: $1. Please use --help for help."
339		;;
340	esac
341	shift
342    done
343
344    BUILD_DIR=/tmp/cloud-hypervisor/container/
345
346    mkdir -p $BUILD_DIR
347    cp $CLH_DOCKERFILE $BUILD_DIR
348
349    $DOCKER_RUNTIME build \
350	   --target $container_type \
351	   -t $CTR_IMAGE \
352	   -f $BUILD_DIR/Dockerfile \
353	   --build-arg TARGETARCH="$(uname -m)" \
354	   $BUILD_DIR
355}
356
357cmd_shell() {
358    say_warn "Starting a privileged shell prompt as root ..."
359    say_warn "WARNING: Your $CLH_ROOT_DIR folder will be bind-mounted in the container under $CTR_CLH_ROOT_DIR"
360    $DOCKER_RUNTIME run \
361	   -ti \
362	   --workdir "$CTR_CLH_ROOT_DIR" \
363	   --rm \
364	   --privileged \
365	   --security-opt seccomp=unconfined \
366	   --ipc=host \
367	   --net=host \
368	   --tmpfs /tmp:exec \
369	   --volume /dev:/dev \
370	   --volume "$CLH_ROOT_DIR:$CTR_CLH_ROOT_DIR" \
371	   --volume "$CLH_INTEGRATION_WORKLOADS:$CTR_CLH_INTEGRATION_WORKLOADS" \
372	   --env USER="root" \
373	   --env CH_LIBC="${libc}" \
374	   --entrypoint bash \
375	   "$CTR_IMAGE"
376
377    fix_dir_perms $?
378}
379
380# Parse main command line args.
381#
382while [ $# -gt 0 ]; do
383    case "$1" in
384        -h|--help)              { cmd_help; exit 1;     } ;;
385        -y|--unattended)        { OPT_UNATTENDED=true;  } ;;
386        -*)
387            die "Unknown arg: $1. Please use \`$0 help\` for help."
388            ;;
389        *)
390            break
391            ;;
392    esac
393    shift
394done
395
396# $1 is now a command name. Check if it is a valid command and, if so,
397# run it.
398#
399declare -f "cmd_$1" > /dev/null
400ok_or_die "Unknown command: $1. Please use \`$0 help\` for help."
401
402cmd=cmd_$1
403shift
404
405ensure_build_dir
406if [ $(uname -m) = "x86_64" ]; then
407    ensure_latest_ctr
408fi
409
410# Before a public image for AArch64 ready, we build the container if needed.
411if [ $(uname -m) = "aarch64" ]; then
412    cmd_build-container
413fi
414
415$cmd "$@"
416