azure: install the patched qemu

csegarragonz · csegarragonz · commit 1beebac9548e · 2025-02-19T18:33:20.000Z
diff --git a/ansible/tasks/qemu.yaml b/ansible/tasks/qemu.yaml
@@ -0,0 +1,14 @@
+---
+
+- name: "Download the QEMU package with Azure's SNP patches"
+  get_url:
+    url: "https://github.com/jepio/AMDSEV/releases/download/v2024.02.24/snp-qemu_2024.10.28-0_amd64.deb"
+    dest: "/tmp/snp-qemu.deb"
+    mode: '0644'
+
+- name: "Install the new QEMU package"
+  become: true
+  apt:
+    deb: "/tmp/snp-qemu.deb"
+    state: present
+
diff --git a/ansible/vm.yaml b/ansible/vm.yaml
@@ -9,6 +9,7 @@
     # reboot)
     - include_tasks: tasks/docker.yaml
     - include_tasks: tasks/update_host_kernel.yaml
+    - include_tasks: tasks/qemu.yaml
     - include_tasks: tasks/rust.yaml
     - include_tasks: tasks/code.yaml
     - include_tasks: tasks/pull_images.yaml
diff --git a/bin/create_venv.sh b/bin/create_venv.sh
@@ -6,7 +6,6 @@ THIS_DIR=$(dirname $(readlink -f $0))
 PROJ_ROOT=${THIS_DIR}/..
 VENV_PATH="${PROJ_ROOT}/venv"
 
-PYTHON=python3.10
 PIP=${VENV_PATH}/bin/pip3
 
 function pip_cmd {
@@ -16,7 +15,7 @@ function pip_cmd {
 pushd ${PROJ_ROOT} >> /dev/null
 
 if [ ! -d ${VENV_PATH} ]; then
-    ${PYTHON} -m venv ${VENV_PATH}
+    python3 -m venv ${VENV_PATH}
 fi
 
 pip_cmd install -U pip setuptools wheel
diff --git a/bin/workon.sh b/bin/workon.sh
@@ -49,6 +49,12 @@ else
     echo "sc2-deploy: WARN: neither SNP nor TDX is enabled"
 fi
 
+if [ "$(sudo dmidecode -s system-manufacturer 2>/dev/null)" == "Microsoft Corporation" ]; then
+    export SC2_ON_AZURE="yes"
+else
+    export SC2_ON_AZURE="no"
+fi
+
 # ----------------------------------
 # VM cache config
 # ----------------------------------
@@ -71,11 +77,17 @@ export PS1="(sc2-deploy) $PS1"
 # Splash
 # -----------------------------
 
+if [ "$SC2_ON_AZURE" == "yes" ]; then
+    tee_str="${TEE}-azure"
+else
+    tee_str="${TEE}"
+fi
+
 echo ""
 echo "----------------------------------"
 echo "CLI for SC2 Deployment Scripts"
 echo "CoCo Version: ${COCO_VERSION}"
-echo "TEE: ${TEE}"
+echo "TEE: ${tee_str}"
 echo "----------------------------------"
 echo ""
 
diff --git a/tasks/sc2.py b/tasks/sc2.py
@@ -25,6 +25,7 @@
     install as operator_install,
     install_cc_runtime as operator_install_cc_runtime,
 )
+from tasks.util.azure import on_azure
 from tasks.util.containerd import restart_containerd
 from tasks.util.env import (
     COCO_ROOT,
@@ -142,6 +143,17 @@ def install_sc2_runtime(debug=False):
         )
         update_toml(dst_conf_path, updated_toml_str)
 
+        # If running on Azure, point QEMU to the system-wide qemu
+        if on_azure():
+            qemu_path = "/usr/local/bin/qemu-system-x86_64"
+            updated_toml_str = """
+            [hypervisor.qemu]
+            path = "{qemu_path}"
+            valid_hypervisor_paths = [ "{qemu_path}" ]
+            """.format(qemu_path=qemu_path)
+
+            update_toml(dst_conf_path, updated_toml_str)
+
         # Update containerd to point the SC2 runtime to the right config
         updated_toml_str = """
         [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.kata-{runtime_name}.options]
diff --git a/tasks/util/azure.py b/tasks/util/azure.py
@@ -0,0 +1,8 @@
+from os import environ
+
+
+def on_azure():
+    if "SC2_ON_AZURE" not in environ:
+        return False
+
+    return environ["SC2_ON_AZURE"] == "yes"
