static-build: build the real static binary for clh#1099
Conversation
|
/test-ubuntu |
|
/test-clh |
|
As pointed by @jcvenegas, the clh CI now is broken and is being fixed by two pending PRs (#1098 and kata-containers/runtime#2843). We will need to land those two PRs before we can merge this one. |
| git fetch || true | ||
| git checkout "${cloud_hypervisor_version}" | ||
| "${script_dir}/docker-build/build.sh" | ||
| ./scripts/dev_cli.sh build --release --libc musl |
There was a problem hiding this comment.
I dont see the dev_cli.sh file in this repo. Are we adding it in this PR?
Also, prefer to use ${script_dir} instead os ./scripts since this script could be invoked from another directory.
There was a problem hiding this comment.
This patch reuses the building script from clh repo: https://github.com/cloud-hypervisor/cloud-hypervisor/blob/master/scripts/dev_cli.sh. It relies on the container image created/maintained as a part of the clh project. I think it is better to leverage their efforts, instead of maintaining another docker image to build clh in Kata.
Also, using the hard-coded path to /scripts/dev_cli.sh should be good given the context of this build-static-clh.sh . I assume this build-static-clh.sh will work independent of where it is invoked. Please correct me if I am wrong. Any other thoughts, please also let me know. :)
There was a problem hiding this comment.
This seems reasonable to me. The relative path is within the repo we just pulled -- it's handled by the cd $repo_dir.
We just have to hope that they don't reorganize within their repos structure. If they do, we'd need to redo our build logic anyway. lgtm.
| ./scripts/dev_cli.sh build --release --libc musl | ||
| rm -f cloud-hypervisor | ||
| cp ./target/release/cloud-hypervisor . | ||
| cp build/cargo_target/x86_64-unknown-linux-musl/release/cloud-hypervisor . |
There was a problem hiding this comment.
I see that the docker file is removed below. Are the builds no longer performed inside a container?
There was a problem hiding this comment.
Yes, the build is inside a container, but with the cloud-hypervisor source folder mounted. The final build artifact (static binary) will be in that location (build/cargo_target/x86_64-unknown-linux-musl/release/cloud-hypervisor relative to the clh src root). I chose to keep the cp after the build assuming this will make this change transparent to the rest of the CI/building flow.
There was a problem hiding this comment.
Can you replace that hard-coded architecture with uname -m?
|
/test-clh |
|
/test-clh |
|
/test |
Again this is a dummy PR to the test repo, and is used to validate the changes to another PR from the packaging PR related to cloud-hypervisor. The following linked issue is just a place holder. Depends-on: github.com/kata-containers/packaging#1099 Fixes: kata-containers#2546 Signed-off-by: Bo Chen <chen.bo@intel.com>
Again this is a dummy PR to the test repo, and is used to validate the changes to another PR from the packaging PR related to cloud-hypervisor. The following linked issue is just a place holder. Depends-on: github.com/kata-containers/packaging#1099 Fixes: kata-containers#2546 Signed-off-by: Bo Chen <chen.bo@intel.com>
Again this is a dummy PR to the test repo, and is used to validate the changes to another PR from the packaging PR related to cloud-hypervisor. The following linked issue is just a place holder. Depends-on: github.com/kata-containers/packaging#1099 Fixes: kata-containers#2546 Signed-off-by: Bo Chen <chen.bo@intel.com>
Again this is a dummy PR to the test repo, and is used to validate the changes to another PR from the packaging PR related to cloud-hypervisor. The following linked issue is just a place holder. Depends-on: github.com/kata-containers/packaging#1099 Fixes: kata-containers#2546 Signed-off-by: Bo Chen <chen.bo@intel.com>
|
/test-clh |
Again this is a dummy PR to the test repo, and is used to validate the changes to another PR from the packaging PR related to cloud-hypervisor. The following linked issue is just a place holder. Depends-on: github.com/kata-containers/packaging#1099 Fixes: kata-containers#2546 Signed-off-by: Bo Chen <chen.bo@intel.com>
|
/AzurePipelines run |
|
Azure Pipelines successfully started running 2 pipeline(s). |
Again this is a dummy PR to the test repo, and is used to validate the changes to another PR from the packaging PR related to cloud-hypervisor. The following linked issue is just a place holder. Depends-on: github.com/kata-containers/packaging#1099 Fixes: kata-containers#2546 Signed-off-by: Bo Chen <chen.bo@intel.com>
|
/test-ubuntu |
|
/test-clh |
Again this is a dummy PR to the test repo, and is used to validate the changes to another PR from the packaging PR related to cloud-hypervisor. The following linked issue is just a place holder. Depends-on: github.com/kata-containers/packaging#1099 Fixes: kata-containers#2546 Signed-off-by: Bo Chen <chen.bo@intel.com>
|
/test-clh |
|
/AzurePipelines run |
|
Azure Pipelines successfully started running 2 pipeline(s). |
|
Although the PR itself passed all necessary checks, we are still facing a metrics CI failure as tested by the dummy PR from the test repo (kata-containers/tests#2733). So I marked it as DNM for now. The metrics CI is failing again on the check over the minimal memory footprint (and only for KSM enabled instances): One interesting observation is that the numbers are very close (1 out of 269000). The question is: how do we want to adjust the metrics CI to make sure it is working with static build of cloud-hypervisor? We either can 1) remove the check over the minimal memory footprint, or 2) adjust the reference number from the metrics CI. WDYT? @GabyCT @jcvenegas @amshinde @egernst |
|
Once we understand the reason for the increased footprint, it would make sense to update the reference value. We have more details on why? @likebreath @sameo? |
@egernst Thanks for the prompt response. My understanding is that the checks is failing not because of increased memory footprint, but the opposite: the actual minimal memory footprint now is smaller than the reference value. This is how I understand the error message: |
|
@kata-containers/packaging Please comment on the above discussions about how we want to proceed with the metrics CI failure, where the current minimum memory footprint is slightly smaller than the reference value. Also, as we are preparing for next release, do we want to have it as a part of that release? Thanks. |
|
@likebreath Is the decrease in memory footprint only in case of KSM? In any case, I feel we should remove the check on the min value, we should'nt really trigger a failure when we are seeing lower memory overhead. I would also readjust the min limits. |
Right.
That is also what I thought when we got the initial metrics CI failure with this PR. For now (after several changes from the metrics CI/runtime/packaging), check in minval is the only failure.
This makes sense to me. Any pointers/help to adjust this in the CI? |
@GabyCT would be the best person to help you here. |
|
This is the file that needs to be updated: https://github.com/kata-containers/tests/blob/master/cmd/checkmetrics/ci_slaves/checkmetrics-json-clh-baremetal-kata-metric3.toml |
|
FYI: the pending PR kata-containers/tests#2809 to loos the check on |
Again this is a dummy PR to the test repo, and is used to validate the changes to another PR from the packaging PR related to cloud-hypervisor. The following linked issue is just a place holder. Depends-on: github.com/kata-containers/packaging#1099 Fixes: kata-containers#2546 Signed-off-by: Bo Chen <chen.bo@intel.com>
|
Please help re-run the AzurePipelines. Just Rebased on master. |
This patch reuses the 'dev_cli.sh' from cloud-hypervisor repo to build a static binary of clh without creating our own docker image nor installing extra dependencies. Fixes: kata-containers#1033 Signed-off-by: Bo Chen <chen.bo@intel.com>
Again this is a dummy PR to the test repo, and is used to validate the changes to another PR from the packaging PR related to cloud-hypervisor. The following linked issue is just a place holder. Depends-on: github.com/kata-containers/packaging#1099 Fixes: kata-containers#2546 Signed-off-by: Bo Chen <chen.bo@intel.com>
|
I see some instability of our clh-docker CI, which mostly can be resolved by restarting the CI. After talking with @jcvenegas, we believe it might be related to the The static build of cloud-hypervisor is using a different set of syscalls from its dynamic build. The static build of clh is less tested in our kata CI, so we may see more instabilities when using the static build of clh. I am setting up a local environment to manually run the clh-docker CI tests, from which I am hoping to find the missing syscalls from the seccomp list in clh if any. Meanwhile, for the sake of stability, we may need to keep using the dynamic build of clh in our current beta release of Kata. Also, I am thinking we may want to disable the |
Again this is a dummy PR to the test repo, and is used to validate the changes to another PR from the packaging PR related to cloud-hypervisor. The following linked issue is just a place holder. Depends-on: github.com/kata-containers/packaging#1099 Depends-on: github.com/kata-containers/runtime#2899 Fixes: kata-containers#2546 Signed-off-by: Bo Chen <chen.bo@intel.com>
Again this is a dummy PR to the test repo, and is used to validate the changes to another PR from the packaging PR related to cloud-hypervisor. The following linked issue is just a place holder. Depends-on: github.com/kata-containers/packaging#1099 Depends-on: github.com/kata-containers/runtime#2900 Fixes: kata-containers#2546 Signed-off-by: Bo Chen <chen.bo@intel.com>
|
@likebreath thanks for the summary about your investigations. I agree disabling seccomp while you try to find out the missing syscalls is acceptable. |
|
@egernst @amshinde Please run the AzurePipeline and I think the PR is ready for being merged. The |
|
/AzurePipelines run |
|
Azure Pipelines successfully started running 2 pipeline(s). |
likebreath
added
the
port-to-2.0
7 participants
This patch reuses the 'dev_cli.sh' from cloud-hypervisor repo to build a
static binary of clh without creating our own docker image nor
installing extra dependencies.
Fixes: #1033
Signed-off-by: Bo Chen chen.bo@intel.com
Note: As we don't have full CI coverage in this repo, I am using a dummy PR from the tests repo (kata-containers/tests#2733) to verify this change is passing all CI jobs related to cloud-hypervisor.