From d8ec0b4350a1139f5659d4c7940530a1ade55489 Mon Sep 17 00:00:00 2001 From: Carlos Segarra Date: Tue, 11 Feb 2025 17:47:11 +0000 Subject: [PATCH 01/14] deploy: support running sc2 on azure vms --- ansible/ansible.cfg | 0 ansible/inventory/vms.ini | 2 + ansible/tasks/apt.yaml | 23 +++ ansible/tasks/code.yaml | 22 +++ ansible/tasks/docker.yaml | 27 +++ ansible/tasks/pull_images.yaml | 15 ++ ansible/tasks/rust.yaml | 17 ++ ansible/tasks/update_host_kernel.yaml | 31 ++++ ansible/vm.yaml | 12 ++ bin/create_venv.sh | 3 +- requirements.txt | 1 + tasks/__init__.py | 2 + tasks/azure.py | 226 ++++++++++++++++++++++++++ 13 files changed, 380 insertions(+), 1 deletion(-) create mode 100644 ansible/ansible.cfg create mode 100644 ansible/inventory/vms.ini create mode 100644 ansible/tasks/apt.yaml create mode 100644 ansible/tasks/code.yaml create mode 100644 ansible/tasks/docker.yaml create mode 100644 ansible/tasks/pull_images.yaml create mode 100644 ansible/tasks/rust.yaml create mode 100644 ansible/tasks/update_host_kernel.yaml create mode 100644 ansible/vm.yaml create mode 100644 tasks/azure.py diff --git a/ansible/ansible.cfg b/ansible/ansible.cfg new file mode 100644 index 00000000..e69de29b diff --git a/ansible/inventory/vms.ini b/ansible/inventory/vms.ini new file mode 100644 index 00000000..93f9bb27 --- /dev/null +++ b/ansible/inventory/vms.ini @@ -0,0 +1,2 @@ +[all] +sc2-snp-test ansible_host=4.246.173.77 ansible_user=sc2 diff --git a/ansible/tasks/apt.yaml b/ansible/tasks/apt.yaml new file mode 100644 index 00000000..2acab315 --- /dev/null +++ b/ansible/tasks/apt.yaml @@ -0,0 +1,23 @@ +--- + +# Currently the provisioned VM image for CoCo on Azure VMs uses Ubuntu 20.04 +# so we need to add an APT repository to install python3.10 +# - name: "Add deadsnakes APT repository" +# become: yes +# apt_repository: +# repo: "ppa:deadsnakes/ppa" + +- name: "Install APT depdencencies" + become: yes + apt: + name: + - apt-transport-https + - ca-certificates + - curl + - gnupg2 + - software-properties-common + - python3.10-dev + - python3-pip + - python3.10-venv + - unzip + update_cache: yes diff --git a/ansible/tasks/code.yaml b/ansible/tasks/code.yaml new file mode 100644 index 00000000..75fb8543 --- /dev/null +++ b/ansible/tasks/code.yaml @@ -0,0 +1,22 @@ +--- + +- name: "Create code dir" + file: + path: "/home/{{ ansible_user }}/git" + state: directory + +- name: "Clone repos" + git: + repo: "https://www.github.com/sc2-sys/{{ item }}.git" + dest: "/home/{{ ansible_user }}/git/sc2-sys/{{ item }}" + depth: 1 + update: yes + recursive: no + clone: yes + force: yes + accept_hostkey: yes + with_items: + - "applications" + - "deploy" + - "experiments" + diff --git a/ansible/tasks/docker.yaml b/ansible/tasks/docker.yaml new file mode 100644 index 00000000..45317966 --- /dev/null +++ b/ansible/tasks/docker.yaml @@ -0,0 +1,27 @@ +--- + +- name: "Add Docker GPG key" + become: yes + apt_key: url=https://download.docker.com/linux/ubuntu/gpg + +- name: "Add Docker APT repository" + become: yes + apt_repository: + repo: "deb [arch=amd64] https://download.docker.com/linux/{{ ansible_distribution|lower }} {{ ansible_distribution_release }} stable" + +- name: "Install Docker" + become: yes + apt: + name: + - docker-ce + - docker-ce-cli + - containerd.io + - docker-compose-plugin + update_cache: yes + +- name: "Add user to docker group" + become: yes + user: + name: "{{ ansible_user }}" + groups: docker + append: yes diff --git a/ansible/tasks/pull_images.yaml b/ansible/tasks/pull_images.yaml new file mode 100644 index 00000000..7f7977cd --- /dev/null +++ b/ansible/tasks/pull_images.yaml @@ -0,0 +1,15 @@ +--- + +- name: "Extract version numbers from versions.py" + shell: | + grep -oP '{{ item.regex }}' "/home/{{ ansible_user }}/git/sc2-sys/deploy/tasks/util/versions.py" + register: versions + loop: + - { name: "containerd", regex: 'CONTAINERD_VERSION\s*=\s*"\K[^"]+' } + - { name: "kata-containers", regex: 'KATA_VERSION\s*=\s*"\K[^"]+' } + - { name: "nydus", regex: 'NYDUS_VERSION\s*=\s*"\K[^"]+' } + - { name: "nydus-snapshotter", regex: 'NYDUS_SNAPSHOTTER_VERSION\s*=\s*"\K[^"]+' } + +- name: "Pull Docker images with extracted versions" + shell: "docker pull ghcr.io/sc2-sys/{{ item.item.name }}:{{ item.stdout }}" + loop: "{{ versions.results }}" diff --git a/ansible/tasks/rust.yaml b/ansible/tasks/rust.yaml new file mode 100644 index 00000000..d8f22807 --- /dev/null +++ b/ansible/tasks/rust.yaml @@ -0,0 +1,17 @@ +--- + +- name: "Install Rust using rustup" + shell: curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y + args: + creates: ~/.cargo/bin/rustc + +- name: "Add Cargo bin directory to PATH" + lineinfile: + path: ~/.bashrc + line: 'export PATH="$HOME/.cargo/bin:$PATH"' + create: yes + +- name: "Reload shell profile" + shell: source ~/.bashrc + args: + executable: /bin/bash diff --git a/ansible/tasks/update_host_kernel.yaml b/ansible/tasks/update_host_kernel.yaml new file mode 100644 index 00000000..65911bc5 --- /dev/null +++ b/ansible/tasks/update_host_kernel.yaml @@ -0,0 +1,31 @@ +--- + +- name: "Download the kernel with Azure's patches" + get_url: + url: "https://github.com/jepio/AMDSEV/releases/download/v2024.02.24/linux-image-6.8.0-rc5-next-20240221-snp-host-2cfe07293708_6.8.0-rc5-g2cfe07293708-2_amd64.deb" + dest: "/tmp/linux-image.deb" + mode: '0644' + +# Step 2: Install the .deb kernel package +- name: "Install the new kernel package" + apt: + deb: "/tmp/linux-image.deb" + state: present + +# Step 3: Update the grub configuration to use the new kernel +- name: "Update GRUB to use the new kernel" + command: update-grub + +# Step 4: Reboot the system to load the new kernel +- name: "Reboot the system to apply the new kernel" + reboot: + reboot_timeout: 600 + test_command: uname -r + register: reboot_result + +# Step 5: Verify the kernel version after reboot +# TODO: delete me +- name: Check the new kernel version after reboot + debug: + msg: "Using host kernel: {{ reboot_result.stdout }}" + when: reboot_result is succeeded diff --git a/ansible/vm.yaml b/ansible/vm.yaml new file mode 100644 index 00000000..84343ae9 --- /dev/null +++ b/ansible/vm.yaml @@ -0,0 +1,12 @@ +--- + +- hosts: all + gather_facts: yes + tasks: + - include_tasks: tasks/apt.yaml + - include_tasks: tasks/rust.yaml + - include_tasks: tasks/docker.yaml + - include_tasks: tasks/code.yaml + - include_tasks: tasks/pull_images.yaml + - include_tasks: tasks/update_host_kernel.yaml + # - include_tasks: tasks/sc2.yml diff --git a/bin/create_venv.sh b/bin/create_venv.sh index e61aac27..bd715160 100755 --- a/bin/create_venv.sh +++ b/bin/create_venv.sh @@ -6,6 +6,7 @@ THIS_DIR=$(dirname $(readlink -f $0)) PROJ_ROOT=${THIS_DIR}/.. VENV_PATH="${PROJ_ROOT}/venv" +PYTHON=python3.10 PIP=${VENV_PATH}/bin/pip3 function pip_cmd { @@ -15,7 +16,7 @@ function pip_cmd { pushd ${PROJ_ROOT} >> /dev/null if [ ! -d ${VENV_PATH} ]; then - python3 -m venv ${VENV_PATH} + ${PYTHON} -m venv ${VENV_PATH} fi pip_cmd install -U pip setuptools wheel diff --git a/requirements.txt b/requirements.txt index be532c1b..8274934b 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,5 @@ ansible>=8.4.0 +azure-cli>=2.68.0 black>=23.9.1 flake8>=7.1.1 invoke>=2.1.0 diff --git a/tasks/__init__.py b/tasks/__init__.py index b15c1ab5..743d1c19 100644 --- a/tasks/__init__.py +++ b/tasks/__init__.py @@ -1,5 +1,6 @@ from invoke import Collection +from . import azure from . import coco from . import containerd from . import cosign @@ -26,6 +27,7 @@ from . import svsm ns = Collection( + azure, coco, containerd, cosign, diff --git a/tasks/azure.py b/tasks/azure.py new file mode 100644 index 00000000..b8efec34 --- /dev/null +++ b/tasks/azure.py @@ -0,0 +1,226 @@ +from invoke import task +from json import loads as json_loads +from os import makedirs +from os.path import join +from tasks.util.env import PROJ_ROOT +from subprocess import run + +ANSIBLE_ROOT = join(PROJ_ROOT, "ansible") +ANSIBLE_INVENTORY_DIR = join(ANSIBLE_ROOT, "inventory") +ANSIBLE_INVENTORY_FILE = join(ANSIBLE_INVENTORY_DIR, "vms.ini") + +# TODO: request creating a new resource group named sc2 +AZURE_RESOURCE_GROUP = "faasm" + +AZURE_SNP_VM_ADMIN = "sc2" +AZURE_SNP_VM_IMAGE = ( + "/CommunityGalleries/cocopreview-91c44057-c3ab-4652-bf00-9242d5a90170/" + "Images/ubu2204-snp-host-upm/Versions/latest" +) +# AZURE_SNP_VM_IMAGE = "/CommunityGalleries/cocopreview-91c44057-c3ab-4652-bf00-9242d5a90170/Images/ubu2204-snp-host-upm/Versions/latest" +AZURE_SNP_VM_LOCATION = "eastus" +AZURE_SNP_VM_OS_DISK_SIZE = 64 +AZURE_SNP_VM_SSH_PRIV_KEY = "~/.ssh/id_rsa" +AZURE_SNP_VM_SSH_PUB_KEY = "~/.ssh/id_rsa.pub" +AZURE_SNP_VM_SKU = "Standard_DC8as_cc_v5" + +# Specifies order in which to delete resource types +RESOURCE_TYPE_PRECEDENCE = [ + "Microsoft.Network/networkInterfaces", + "Microsoft.Network/networkSecurityGroups", + "Microsoft.Network/virtualNetworks", + "Microsoft.Network/publicIpAddresses", +] + +# ----------------------------------------------------------------------------- +# Azure Functions +# ----------------------------------------------------------------------------- + + +def build_ssh_command(ip_addr): + return f"ssh -A -i {AZURE_SNP_VM_SSH_PRIV_KEY} {AZURE_SNP_VM_ADMIN}@{ip_addr}" + + +def get_ip(name): + cmd = [ + "az vm list-ip-addresses", + "-n {}".format(name), + "-g {}".format(AZURE_RESOURCE_GROUP), + ] + + cmd = " ".join(cmd) + res = run(cmd, shell=True, capture_output=True) + + res = json_loads(res.stdout.decode("utf-8")) + vm_info = res[0]["virtualMachine"] + return vm_info["network"]["publicIpAddresses"][0]["ipAddress"] + + +def vm_op(op, name, extra_args=None, capture=False): + print("Performing {} on {}".format(op, name)) + + cmd = [ + "az vm {}".format(op), + "--resource-group {}".format(AZURE_RESOURCE_GROUP), + "--name {}".format(name), + ] + + if extra_args: + cmd.extend(extra_args) + + cmd = " ".join(cmd) + print(cmd) + + if capture: + res = run(cmd, shell=True, capture_stdout=True) + return res.stdout.decode("utf-8") + else: + run(cmd, shell=True, check=True) + + +def delete_resource(name, resource_type): + print(f"Deleting resource {name}") + + cmd = ( + f"az resource delete --resource-group {AZURE_RESOURCE_GROUP} " + f"--name {name} --resource-type {resource_type}" + ) + run(cmd, check=True, shell=True) + + +def delete_resources(resources): + print("Deleting {} resources".format(len(resources))) + + deleted_resources = list() + + # Prioritise certain types + for t in RESOURCE_TYPE_PRECEDENCE: + to_delete = [r for r in resources if r["type"] == t] + + if to_delete: + print( + "Prioritising {} resources of type {}".format( + len(to_delete), t + ) + ) + + for r in to_delete: + delete_resource(r["name"], r["type"]) + deleted_resources.append(r["id"]) + + remaining = [r for r in resources if r["id"] not in deleted_resources] + for r in remaining: + delete_resource(r["name"], r["type"]) + + +def list_all(azure_cmd, prefix=None): + cmd = f"az {azure_cmd} list --resource-group {AZURE_RESOURCE_GROUP}" + res = run(cmd, shell=True, capture_output=True) + res = json_loads(res.stdout.decode("utf-8")) + + if prefix: + res = [v for v in res if v["name"].startswith(prefix)] + + return res + +# ----------------------------------------------------------------------------- +# Ansible functions +# ----------------------------------------------------------------------------- + + +def ansible_prepare_inventory(prefix): + """ + Create ansbile inventory for VMs + """ + all_vms = list_all("vm", prefix) + + if len(all_vms) == 0: + print(f"Did not find any VMs matching prefix {prefix}") + raise RuntimeError("No VMs found with prefix") + + print("Generating inventory for {} VMs".format(len(all_vms))) + + # Sort VMs based on name to ensure consistent choice of main + all_vms = sorted(all_vms, key=lambda d: d["name"]) + + # Get all IPs + for vm in all_vms: + vm["public_ip"] = get_ip(vm["name"]) + + makedirs(ANSIBLE_INVENTORY_DIR, exist_ok=True) + + # One group for all VMs, one for main, one for workers + lines = ["[all]"] + for v in all_vms: + # Include VM name for debugging purposes + lines.append("{} ansible_host={} ansible_user={}".format(v["name"], v["public_ip"], AZURE_SNP_VM_ADMIN)) + + file_content = "\n".join(lines) + + print("Contents:\n") + print(file_content) + + with open(ANSIBLE_INVENTORY_FILE, "w") as fh: + fh.write(file_content) + fh.write("\n") + +# ----------------------------------------------------------------------------- +# Entrypoint tasks +# ----------------------------------------------------------------------------- + + +@task +def deploy(ctx): + """ + Deploy SC2 on an SNP-enabled VM on Azure + """ + vm_name = "sc2-snp-test" + az_cmd = ( + f"az vm create -g {AZURE_RESOURCE_GROUP} -n {vm_name} " + f"--location {AZURE_SNP_VM_LOCATION} --admin-username {AZURE_SNP_VM_ADMIN} " + f"--image {AZURE_SNP_VM_IMAGE} --accept-term --size {AZURE_SNP_VM_SKU} " + f"--ssh-key-value {AZURE_SNP_VM_SSH_PUB_KEY} --accelerated-networking true " + f"--os-disk-size-gb {AZURE_SNP_VM_OS_DISK_SIZE}" + ) + run(az_cmd, shell=True, check=True) + + +@task +def setup(ctx, vm_name = "sc2-snp-test"): + ansible_prepare_inventory(vm_name) + + vm_playbook = join(ANSIBLE_ROOT, "vm.yaml") + run(f"ansible-playbook -i {ANSIBLE_INVENTORY_FILE} {vm_playbook}", shell=True, check=True) + + +@task +def destroy(ctx, vm_name="sc2-snp-test"): + # First delete the VM + vm_op("delete", vm_name, extra_args=["--yes"]) + + # Delete all other resources associated with it that may be left + all_resources = list_all("resource", prefix=vm_name) + delete_resources(all_resources) + + +@task +def ssh(ctx, name="sc2-snp-test"): + """ + Prints SSH information for given VM + """ + ip_addr = get_ip(name) + print("--- SSH command ---\n") + print(build_ssh_command(ip_addr)) + + print("\n--- SSH config ---") + print( + """ +# Faasm SGX VM +Host {} +HostName {} +User {} +ForwardAgent yes + """.format( + name, ip_addr, AZURE_SNP_VM_ADMIN + ) + ) From c828f0a85ab50751d6d300e1a1326ce9c34d605b Mon Sep 17 00:00:00 2001 From: Carlos Segarra Date: Tue, 11 Feb 2025 18:05:56 +0000 Subject: [PATCH 02/14] fixes --- .gitignore | 3 +++ ansible/inventory/vms.ini | 2 -- ansible/tasks/apt.yaml | 2 ++ ansible/tasks/code.yaml | 14 +++++++++++++- ansible/tasks/update_host_kernel.yaml | 10 +++------- ansible/vm.yaml | 2 +- 6 files changed, 22 insertions(+), 11 deletions(-) delete mode 100644 ansible/inventory/vms.ini diff --git a/.gitignore b/.gitignore index 015dc671..65b4cb73 100644 --- a/.gitignore +++ b/.gitignore @@ -14,6 +14,9 @@ svsm.bin bzImage coconut-qemu.igvm +# Ansible inventories +ansible/inventory + # Kubernetes stuff .config diff --git a/ansible/inventory/vms.ini b/ansible/inventory/vms.ini deleted file mode 100644 index 93f9bb27..00000000 --- a/ansible/inventory/vms.ini +++ /dev/null @@ -1,2 +0,0 @@ -[all] -sc2-snp-test ansible_host=4.246.173.77 ansible_user=sc2 diff --git a/ansible/tasks/apt.yaml b/ansible/tasks/apt.yaml index 2acab315..2328e35f 100644 --- a/ansible/tasks/apt.yaml +++ b/ansible/tasks/apt.yaml @@ -15,6 +15,8 @@ - ca-certificates - curl - gnupg2 + - libssl-dev + - pkg-config - software-properties-common - python3.10-dev - python3-pip diff --git a/ansible/tasks/code.yaml b/ansible/tasks/code.yaml index 75fb8543..592b8df7 100644 --- a/ansible/tasks/code.yaml +++ b/ansible/tasks/code.yaml @@ -5,7 +5,7 @@ path: "/home/{{ ansible_user }}/git" state: directory -- name: "Clone repos" +- name: "Clone SC2 repos" git: repo: "https://www.github.com/sc2-sys/{{ item }}.git" dest: "/home/{{ ansible_user }}/git/sc2-sys/{{ item }}" @@ -20,3 +20,15 @@ - "deploy" - "experiments" +- name: "Clone virtee repos" + git: + repo: "https://www.github.com/virtee/{{ item }}.git" + dest: "/home/{{ ansible_user }}/git/virtee/{{ item }}" + depth: 1 + update: yes + recursive: no + clone: yes + force: yes + accept_hostkey: yes + with_items: + - "snphost" diff --git a/ansible/tasks/update_host_kernel.yaml b/ansible/tasks/update_host_kernel.yaml index 65911bc5..7657b233 100644 --- a/ansible/tasks/update_host_kernel.yaml +++ b/ansible/tasks/update_host_kernel.yaml @@ -8,24 +8,20 @@ # Step 2: Install the .deb kernel package - name: "Install the new kernel package" + become: true apt: deb: "/tmp/linux-image.deb" state: present # Step 3: Update the grub configuration to use the new kernel - name: "Update GRUB to use the new kernel" + become: true command: update-grub # Step 4: Reboot the system to load the new kernel - name: "Reboot the system to apply the new kernel" + become: true reboot: reboot_timeout: 600 test_command: uname -r register: reboot_result - -# Step 5: Verify the kernel version after reboot -# TODO: delete me -- name: Check the new kernel version after reboot - debug: - msg: "Using host kernel: {{ reboot_result.stdout }}" - when: reboot_result is succeeded diff --git a/ansible/vm.yaml b/ansible/vm.yaml index 84343ae9..bd4a2702 100644 --- a/ansible/vm.yaml +++ b/ansible/vm.yaml @@ -4,9 +4,9 @@ gather_facts: yes tasks: - include_tasks: tasks/apt.yaml + # - include_tasks: tasks/update_host_kernel.yaml - include_tasks: tasks/rust.yaml - include_tasks: tasks/docker.yaml - include_tasks: tasks/code.yaml - include_tasks: tasks/pull_images.yaml - - include_tasks: tasks/update_host_kernel.yaml # - include_tasks: tasks/sc2.yml From 7722cb596c90cd9c59de85aa46af306ebabfc3a6 Mon Sep 17 00:00:00 2001 From: Carlos Segarra Date: Tue, 11 Feb 2025 18:27:23 +0000 Subject: [PATCH 03/14] manual sc2 build seems to work --- ansible/tasks/update_host_kernel.yaml | 22 ++++++++++++++++++---- ansible/vm.yaml | 4 ++-- tasks/azure.py | 23 ++++++++++++++--------- 3 files changed, 34 insertions(+), 15 deletions(-) diff --git a/ansible/tasks/update_host_kernel.yaml b/ansible/tasks/update_host_kernel.yaml index 7657b233..54ec5ac3 100644 --- a/ansible/tasks/update_host_kernel.yaml +++ b/ansible/tasks/update_host_kernel.yaml @@ -6,19 +6,33 @@ dest: "/tmp/linux-image.deb" mode: '0644' -# Step 2: Install the .deb kernel package - name: "Install the new kernel package" become: true apt: deb: "/tmp/linux-image.deb" state: present -# Step 3: Update the grub configuration to use the new kernel -- name: "Update GRUB to use the new kernel" +- name: "Update GRUB to pick up the newly installed kernel" become: true command: update-grub -# Step 4: Reboot the system to load the new kernel +- name: "List all installed kernels" + shell: dpkg --list | grep linux-image + register: installed_kernels + +# You can see the different options by running `dpkg --list | grep linux-image` +- name: "Set the default kernel in GRUB" + become: true + lineinfile: + path: /etc/default/grub + regexp: '^GRUB_DEFAULT=' + line: 'GRUB_DEFAULT="Advanced options for Ubuntu>Ubuntu, with Linux 6.8.0-rc5-next-20240221-snp-host-2cfe07293708"' + +- name: "Update GRUB configuration again to pick up new changes" + become: true + command: update-grub + when: installed_kernels is changed + - name: "Reboot the system to apply the new kernel" become: true reboot: diff --git a/ansible/vm.yaml b/ansible/vm.yaml index bd4a2702..28bb25f8 100644 --- a/ansible/vm.yaml +++ b/ansible/vm.yaml @@ -4,9 +4,9 @@ gather_facts: yes tasks: - include_tasks: tasks/apt.yaml - # - include_tasks: tasks/update_host_kernel.yaml + - include_tasks: tasks/update_host_kernel.yaml - include_tasks: tasks/rust.yaml - include_tasks: tasks/docker.yaml - include_tasks: tasks/code.yaml - include_tasks: tasks/pull_images.yaml - # - include_tasks: tasks/sc2.yml + - include_tasks: tasks/sc2.yml diff --git a/tasks/azure.py b/tasks/azure.py index b8efec34..3bda0979 100644 --- a/tasks/azure.py +++ b/tasks/azure.py @@ -17,7 +17,6 @@ "/CommunityGalleries/cocopreview-91c44057-c3ab-4652-bf00-9242d5a90170/" "Images/ubu2204-snp-host-upm/Versions/latest" ) -# AZURE_SNP_VM_IMAGE = "/CommunityGalleries/cocopreview-91c44057-c3ab-4652-bf00-9242d5a90170/Images/ubu2204-snp-host-upm/Versions/latest" AZURE_SNP_VM_LOCATION = "eastus" AZURE_SNP_VM_OS_DISK_SIZE = 64 AZURE_SNP_VM_SSH_PRIV_KEY = "~/.ssh/id_rsa" @@ -98,11 +97,7 @@ def delete_resources(resources): to_delete = [r for r in resources if r["type"] == t] if to_delete: - print( - "Prioritising {} resources of type {}".format( - len(to_delete), t - ) - ) + print("Prioritising {} resources of type {}".format(len(to_delete), t)) for r in to_delete: delete_resource(r["name"], r["type"]) @@ -123,6 +118,7 @@ def list_all(azure_cmd, prefix=None): return res + # ----------------------------------------------------------------------------- # Ansible functions # ----------------------------------------------------------------------------- @@ -153,7 +149,11 @@ def ansible_prepare_inventory(prefix): lines = ["[all]"] for v in all_vms: # Include VM name for debugging purposes - lines.append("{} ansible_host={} ansible_user={}".format(v["name"], v["public_ip"], AZURE_SNP_VM_ADMIN)) + lines.append( + "{} ansible_host={} ansible_user={}".format( + v["name"], v["public_ip"], AZURE_SNP_VM_ADMIN + ) + ) file_content = "\n".join(lines) @@ -164,6 +164,7 @@ def ansible_prepare_inventory(prefix): fh.write(file_content) fh.write("\n") + # ----------------------------------------------------------------------------- # Entrypoint tasks # ----------------------------------------------------------------------------- @@ -186,11 +187,15 @@ def deploy(ctx): @task -def setup(ctx, vm_name = "sc2-snp-test"): +def setup(ctx, vm_name="sc2-snp-test"): ansible_prepare_inventory(vm_name) vm_playbook = join(ANSIBLE_ROOT, "vm.yaml") - run(f"ansible-playbook -i {ANSIBLE_INVENTORY_FILE} {vm_playbook}", shell=True, check=True) + run( + f"ansible-playbook -i {ANSIBLE_INVENTORY_FILE} {vm_playbook}", + shell=True, + check=True, + ) @task From 72809d390f41116e6fc46f6d0763945d43674db2 Mon Sep 17 00:00:00 2001 From: Carlos Segarra Date: Thu, 13 Feb 2025 13:54:33 +0000 Subject: [PATCH 04/14] ansible: reorder things --- ansible/vm.yaml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/ansible/vm.yaml b/ansible/vm.yaml index 28bb25f8..f1177b86 100644 --- a/ansible/vm.yaml +++ b/ansible/vm.yaml @@ -4,9 +4,12 @@ gather_facts: yes tasks: - include_tasks: tasks/apt.yaml + # Install docker before updating the host kernel so that the reboot in the + # latter also means we can use docker without sudo (which also requires a + # reboot) + - include_tasks: tasks/docker.yaml - include_tasks: tasks/update_host_kernel.yaml - include_tasks: tasks/rust.yaml - - include_tasks: tasks/docker.yaml - include_tasks: tasks/code.yaml - include_tasks: tasks/pull_images.yaml - - include_tasks: tasks/sc2.yml + # - include_tasks: tasks/sc2.yml From 5d82e1e91d0c7da0a953f33be68bfd0d50bddf32 Mon Sep 17 00:00:00 2001 From: Carlos Segarra Date: Wed, 19 Feb 2025 18:33:20 +0000 Subject: [PATCH 05/14] azure: install the patched qemu --- ansible/tasks/qemu.yaml | 14 ++++++++++++++ ansible/vm.yaml | 1 + bin/create_venv.sh | 3 +-- bin/workon.sh | 14 +++++++++++++- tasks/sc2.py | 12 ++++++++++++ tasks/util/azure.py | 8 ++++++++ 6 files changed, 49 insertions(+), 3 deletions(-) create mode 100644 ansible/tasks/qemu.yaml create mode 100644 tasks/util/azure.py diff --git a/ansible/tasks/qemu.yaml b/ansible/tasks/qemu.yaml new file mode 100644 index 00000000..1e9ae600 --- /dev/null +++ b/ansible/tasks/qemu.yaml @@ -0,0 +1,14 @@ +--- + +- name: "Download the QEMU package with Azure's SNP patches" + get_url: + url: "https://github.com/jepio/AMDSEV/releases/download/v2024.02.24/snp-qemu_2024.10.28-0_amd64.deb" + dest: "/tmp/snp-qemu.deb" + mode: '0644' + +- name: "Install the new QEMU package" + become: true + apt: + deb: "/tmp/snp-qemu.deb" + state: present + diff --git a/ansible/vm.yaml b/ansible/vm.yaml index f1177b86..0e7d2ffa 100644 --- a/ansible/vm.yaml +++ b/ansible/vm.yaml @@ -9,6 +9,7 @@ # reboot) - include_tasks: tasks/docker.yaml - include_tasks: tasks/update_host_kernel.yaml + - include_tasks: tasks/qemu.yaml - include_tasks: tasks/rust.yaml - include_tasks: tasks/code.yaml - include_tasks: tasks/pull_images.yaml diff --git a/bin/create_venv.sh b/bin/create_venv.sh index bd715160..e61aac27 100755 --- a/bin/create_venv.sh +++ b/bin/create_venv.sh @@ -6,7 +6,6 @@ THIS_DIR=$(dirname $(readlink -f $0)) PROJ_ROOT=${THIS_DIR}/.. VENV_PATH="${PROJ_ROOT}/venv" -PYTHON=python3.10 PIP=${VENV_PATH}/bin/pip3 function pip_cmd { @@ -16,7 +15,7 @@ function pip_cmd { pushd ${PROJ_ROOT} >> /dev/null if [ ! -d ${VENV_PATH} ]; then - ${PYTHON} -m venv ${VENV_PATH} + python3 -m venv ${VENV_PATH} fi pip_cmd install -U pip setuptools wheel diff --git a/bin/workon.sh b/bin/workon.sh index 994bbdf5..3ed04319 100644 --- a/bin/workon.sh +++ b/bin/workon.sh @@ -49,6 +49,12 @@ else echo "sc2-deploy: WARN: neither SNP nor TDX is enabled" fi +if [ "$(sudo dmidecode -s system-manufacturer 2>/dev/null)" == "Microsoft Corporation" ]; then + export SC2_ON_AZURE="yes" +else + export SC2_ON_AZURE="no" +fi + # ---------------------------------- # VM cache config # ---------------------------------- @@ -71,11 +77,17 @@ export PS1="(sc2-deploy) $PS1" # Splash # ----------------------------- +if [ "$SC2_ON_AZURE" == "yes" ]; then + tee_str="${TEE}-azure" +else + tee_str="${TEE}" +fi + echo "" echo "----------------------------------" echo "CLI for SC2 Deployment Scripts" echo "CoCo Version: ${COCO_VERSION}" -echo "TEE: ${SC2_TEE}" +echo "TEE: ${tee_str}" echo "----------------------------------" echo "" diff --git a/tasks/sc2.py b/tasks/sc2.py index 6fd32b89..11858164 100644 --- a/tasks/sc2.py +++ b/tasks/sc2.py @@ -27,6 +27,7 @@ install_cc_runtime as operator_install_cc_runtime, ) from tasks.ovmf import install as ovmf_install +from tasks.util.azure import on_azure from tasks.util.containerd import restart_containerd from tasks.util.docker import pull_artifact_images from tasks.util.env import ( @@ -149,6 +150,17 @@ def install_sc2_runtime(debug=False): ) update_toml(dst_conf_path, updated_toml_str) + # If running on Azure, point QEMU to the system-wide qemu + if on_azure(): + qemu_path = "/usr/local/bin/qemu-system-x86_64" + updated_toml_str = """ + [hypervisor.qemu] + path = "{qemu_path}" + valid_hypervisor_paths = [ "{qemu_path}" ] + """.format(qemu_path=qemu_path) + + update_toml(dst_conf_path, updated_toml_str) + # Update containerd to point the SC2 runtime to the right config updated_toml_str = """ [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.kata-{runtime_name}.options] diff --git a/tasks/util/azure.py b/tasks/util/azure.py new file mode 100644 index 00000000..b8f4c8c3 --- /dev/null +++ b/tasks/util/azure.py @@ -0,0 +1,8 @@ +from os import environ + + +def on_azure(): + if "SC2_ON_AZURE" not in environ: + return False + + return environ["SC2_ON_AZURE"] == "yes" From e4499f0cae5fef34cf6e4f073ff49c5939088258 Mon Sep 17 00:00:00 2001 From: Carlos Segarra Date: Tue, 25 Feb 2025 17:37:30 +0000 Subject: [PATCH 06/14] sc2: disable nesting checks --- tasks/sc2.py | 1 + 1 file changed, 1 insertion(+) diff --git a/tasks/sc2.py b/tasks/sc2.py index 11858164..62abef41 100644 --- a/tasks/sc2.py +++ b/tasks/sc2.py @@ -157,6 +157,7 @@ def install_sc2_runtime(debug=False): [hypervisor.qemu] path = "{qemu_path}" valid_hypervisor_paths = [ "{qemu_path}" ] + disable_nesting_checks = true """.format(qemu_path=qemu_path) update_toml(dst_conf_path, updated_toml_str) From 1204d16f1793ce53ccfa506c3dadaffc57cc9208 Mon Sep 17 00:00:00 2001 From: Carlos Segarra Date: Mon, 3 Mar 2025 16:38:07 +0000 Subject: [PATCH 07/14] nits: cleanup --- ansible/tasks/pull_images.yaml | 15 --------------- ansible/vm.yaml | 1 - tasks/azure.py | 5 +---- 3 files changed, 1 insertion(+), 20 deletions(-) delete mode 100644 ansible/tasks/pull_images.yaml diff --git a/ansible/tasks/pull_images.yaml b/ansible/tasks/pull_images.yaml deleted file mode 100644 index 7f7977cd..00000000 --- a/ansible/tasks/pull_images.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- - -- name: "Extract version numbers from versions.py" - shell: | - grep -oP '{{ item.regex }}' "/home/{{ ansible_user }}/git/sc2-sys/deploy/tasks/util/versions.py" - register: versions - loop: - - { name: "containerd", regex: 'CONTAINERD_VERSION\s*=\s*"\K[^"]+' } - - { name: "kata-containers", regex: 'KATA_VERSION\s*=\s*"\K[^"]+' } - - { name: "nydus", regex: 'NYDUS_VERSION\s*=\s*"\K[^"]+' } - - { name: "nydus-snapshotter", regex: 'NYDUS_SNAPSHOTTER_VERSION\s*=\s*"\K[^"]+' } - -- name: "Pull Docker images with extracted versions" - shell: "docker pull ghcr.io/sc2-sys/{{ item.item.name }}:{{ item.stdout }}" - loop: "{{ versions.results }}" diff --git a/ansible/vm.yaml b/ansible/vm.yaml index 0e7d2ffa..f8870210 100644 --- a/ansible/vm.yaml +++ b/ansible/vm.yaml @@ -12,5 +12,4 @@ - include_tasks: tasks/qemu.yaml - include_tasks: tasks/rust.yaml - include_tasks: tasks/code.yaml - - include_tasks: tasks/pull_images.yaml # - include_tasks: tasks/sc2.yml diff --git a/tasks/azure.py b/tasks/azure.py index 3bda0979..493142bb 100644 --- a/tasks/azure.py +++ b/tasks/azure.py @@ -185,9 +185,6 @@ def deploy(ctx): ) run(az_cmd, shell=True, check=True) - -@task -def setup(ctx, vm_name="sc2-snp-test"): ansible_prepare_inventory(vm_name) vm_playbook = join(ANSIBLE_ROOT, "vm.yaml") @@ -220,7 +217,7 @@ def ssh(ctx, name="sc2-snp-test"): print("\n--- SSH config ---") print( """ -# Faasm SGX VM +# SC2 Azure SNP VM Host {} HostName {} User {} From 606b1d87be07252a64e9716f4e819f078712a657 Mon Sep 17 00:00:00 2001 From: Carlos Segarra Date: Mon, 3 Mar 2025 16:51:39 +0000 Subject: [PATCH 08/14] deploy: patch qemu and nesting for all snp classes --- tasks/sc2.py | 27 +++++++++++++++------------ 1 file changed, 15 insertions(+), 12 deletions(-) diff --git a/tasks/sc2.py b/tasks/sc2.py index 62abef41..6e4efc80 100644 --- a/tasks/sc2.py +++ b/tasks/sc2.py @@ -150,18 +150,6 @@ def install_sc2_runtime(debug=False): ) update_toml(dst_conf_path, updated_toml_str) - # If running on Azure, point QEMU to the system-wide qemu - if on_azure(): - qemu_path = "/usr/local/bin/qemu-system-x86_64" - updated_toml_str = """ - [hypervisor.qemu] - path = "{qemu_path}" - valid_hypervisor_paths = [ "{qemu_path}" ] - disable_nesting_checks = true - """.format(qemu_path=qemu_path) - - update_toml(dst_conf_path, updated_toml_str) - # Update containerd to point the SC2 runtime to the right config updated_toml_str = """ [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.kata-{runtime_name}.options] @@ -344,6 +332,21 @@ def deploy(ctx, debug=False, clean=False): requires_root=True, ) + # If running on Azure, point QEMU to the system-wide qemu + if on_azure(): + qemu_path = "/usr/local/bin/qemu-system-x86_64" + updated_toml_str = """ + [hypervisor.qemu] + path = "{qemu_path}" + valid_hypervisor_paths = [ "{qemu_path}" ] + disable_nesting_checks = true + """.format(qemu_path=qemu_path) + update_toml( + join(KATA_CONFIG_DIR, "configuration-qemu-snp.toml"), + updated_toml_str, + requires_root=True, + ) + # Apply general patches to the Kata runtime replace_kata_shim( dst_shim_binary=join(KATA_ROOT, "bin", "containerd-shim-kata-v2"), From c0e71efd4efaa4a2f06e71320fce54e24df10e26 Mon Sep 17 00:00:00 2001 From: Carlos Segarra Date: Mon, 3 Mar 2025 16:55:09 +0000 Subject: [PATCH 09/14] deploy: fix host kernel checking for snp-azure --- tasks/util/kernel.py | 10 +++++++++- tasks/util/versions.py | 1 + 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/tasks/util/kernel.py b/tasks/util/kernel.py index 42dc3b90..70207d32 100644 --- a/tasks/util/kernel.py +++ b/tasks/util/kernel.py @@ -1,11 +1,19 @@ from os import environ from subprocess import run -from tasks.util.versions import HOST_KERNEL_VERSION_SNP, HOST_KERNEL_VERSION_TDX +from tasks.util.azure import on_azure +from tasks.util.versions import ( + HOST_KERNEL_VERSION_SNP, + HOST_KERNEL_VERSION_SNP_AZURE, + HOST_KERNEL_VERSION_TDX, +) def get_host_kernel_expected_prefix(): sc2_runtime_class = environ["SC2_RUNTIME_CLASS"] if "snp" in sc2_runtime_class: + if on_azure(): + return HOST_KERNEL_VERSION_SNP_AZURE + return HOST_KERNEL_VERSION_SNP if "tdx" in sc2_runtime_class: diff --git a/tasks/util/versions.py b/tasks/util/versions.py index 6c479992..a9ff7fcc 100644 --- a/tasks/util/versions.py +++ b/tasks/util/versions.py @@ -31,6 +31,7 @@ # WARNING: if we update the host kernel version, make sure to update it in the # table in ./docs/host_kernel.md HOST_KERNEL_VERSION_SNP = "6.11.0-snp-host-cc2568386" +HOST_KERNEL_VERSION_SNP_AZURE = "6.8.0-rc5-next-20240221-snp-host-2cfe07293708" HOST_KERNEL_VERSION_TDX = "6.8.0-1013-intel" GUEST_KERNEL_VERSION = "6.12.13" From 6666eebf86585350dbe7e8451fa2e6e0607f9ab0 Mon Sep 17 00:00:00 2001 From: Carlos Segarra Date: Mon, 3 Mar 2025 18:34:49 +0000 Subject: [PATCH 10/14] disable patching ovmf on azure --- tasks/sc2.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/tasks/sc2.py b/tasks/sc2.py index 6e4efc80..f251775a 100644 --- a/tasks/sc2.py +++ b/tasks/sc2.py @@ -310,9 +310,10 @@ def deploy(ctx, debug=False, clean=False): # Install an up-to-date version of OVMF (the one currently shipped with # CoCo is not enough to run on 6.11 and QEMU 9.1) - print_dotted_line(f"Installing OVMF ({OVMF_VERSION})") - ovmf_install() - print("Success!") + if not on_azure(): + print_dotted_line(f"Installing OVMF ({OVMF_VERSION})") + ovmf_install() + print("Success!") # Update SNP class to use default QEMU (we use host kernel 6.11, so we # can use upstream QEMU 9.1). We do this update before generating the SC2 From ae35ffa4d61db99aea8d56d87ebcf3e0a20f3be7 Mon Sep 17 00:00:00 2001 From: Carlos Segarra Date: Wed, 19 Mar 2025 18:42:32 +0000 Subject: [PATCH 11/14] ansible: few nits --- ansible/ansible.cfg | 2 ++ ansible/vm.yaml | 1 + 2 files changed, 3 insertions(+) diff --git a/ansible/ansible.cfg b/ansible/ansible.cfg index e69de29b..14c80651 100644 --- a/ansible/ansible.cfg +++ b/ansible/ansible.cfg @@ -0,0 +1,2 @@ +[defaults] +host_key_checking = False diff --git a/ansible/vm.yaml b/ansible/vm.yaml index f8870210..37ffe655 100644 --- a/ansible/vm.yaml +++ b/ansible/vm.yaml @@ -8,6 +8,7 @@ # latter also means we can use docker without sudo (which also requires a # reboot) - include_tasks: tasks/docker.yaml + # TODO: manually cherry-pick patches on top of svsm/linux - include_tasks: tasks/update_host_kernel.yaml - include_tasks: tasks/qemu.yaml - include_tasks: tasks/rust.yaml From 59652d8d057b47187319d9ec0f3ade65267a3a02 Mon Sep 17 00:00:00 2001 From: Carlos Segarra Date: Thu, 20 Mar 2025 09:40:31 +0000 Subject: [PATCH 12/14] attempt at building older ovmf --- docker/ovmf.dockerfile | 17 +++++++++++++++++ tasks/util/ovmf.py | 4 ++-- tasks/util/versions.py | 1 + 3 files changed, 20 insertions(+), 2 deletions(-) diff --git a/docker/ovmf.dockerfile b/docker/ovmf.dockerfile index eead9d7d..171abc17 100644 --- a/docker/ovmf.dockerfile +++ b/docker/ovmf.dockerfile @@ -28,3 +28,20 @@ RUN mkdir -p ${CODE_DIR} \ && build -a X64 -b RELEASE -t GCC5 -p OvmfPkg/OvmfPkgX64.dsc \ && touch OvmfPkg/AmdSev/Grub/grub.efi \ && build -a X64 -b RELEASE -t GCC5 -p OvmfPkg/AmdSev/AmdSevX64.dsc + +ARG OVMF_VERSION_AZURE +ARG CODE_DIR=/git/sc2-sys/edk2-azure +RUN mkdir -p ${CODE_DIR} \ + && git clone \ + --branch ${OVMF_VERSION_AZURE} \ + --depth 1 \ + https://github.com/tianocore/edk2.git \ + ${CODE_DIR} \ + && cd ${CODE_DIR} \ + && git submodule update --init \ + && export PYTHON3_ENABLE=TRUE \ + && export PYTHON_COMMAND=python3 \ + && make -j $(nproc) -C BaseTools/ \ + && . ./edksetup.sh --reconfig \ + && touch OvmfPkg/AmdSev/Grub/grub.efi + # && build -a X64 -b RELEASE -t GCC5 -p OvmfPkg/AmdSev/AmdSevX64.dsc diff --git a/tasks/util/ovmf.py b/tasks/util/ovmf.py index e4b18fb6..c5451de2 100644 --- a/tasks/util/ovmf.py +++ b/tasks/util/ovmf.py @@ -2,7 +2,7 @@ from os.path import join from tasks.util.env import GHCR_URL, GITHUB_ORG, PROJ_ROOT from tasks.util.docker import build_image -from tasks.util.versions import OVMF_VERSION +from tasks.util.versions import OVMF_VERSION, OVMF_VERSION_AZURE OVMF_IMAGE_TAG = join(GHCR_URL, GITHUB_ORG, f"ovmf:{OVMF_VERSION}") @@ -16,7 +16,7 @@ def build_ovmf_image(nocache, push, debug=True): build_image( OVMF_IMAGE_TAG, join(PROJ_ROOT, "docker", "ovmf.dockerfile"), - build_args={"OVMF_VERSION": OVMF_VERSION}, + build_args={"OVMF_VERSION": OVMF_VERSION, "OVMF_VERSION_AZURE": OVMF_VERSION_AZURE}, nocache=nocache, push=push, debug=debug, diff --git a/tasks/util/versions.py b/tasks/util/versions.py index a9ff7fcc..7ebf6aa9 100644 --- a/tasks/util/versions.py +++ b/tasks/util/versions.py @@ -40,3 +40,4 @@ # Firmware OVMF_VERSION = "edk2-stable202411" +OVMF_VERSION_AZURE = "edk2-stable202402" From d3dc06aba4d49c097c62578db111c7888984cffb Mon Sep 17 00:00:00 2001 From: Carlos Segarra Date: Tue, 15 Apr 2025 09:12:15 +0000 Subject: [PATCH 13/14] ovmf: fix installation from azure branch --- docker/ovmf.dockerfile | 7 +++++-- tasks/ovmf.py | 4 +++- tasks/sc2.py | 11 ++++++----- tasks/util/ovmf.py | 5 ++++- 4 files changed, 18 insertions(+), 9 deletions(-) diff --git a/docker/ovmf.dockerfile b/docker/ovmf.dockerfile index 171abc17..31fc32f9 100644 --- a/docker/ovmf.dockerfile +++ b/docker/ovmf.dockerfile @@ -38,10 +38,13 @@ RUN mkdir -p ${CODE_DIR} \ https://github.com/tianocore/edk2.git \ ${CODE_DIR} \ && cd ${CODE_DIR} \ + && sed -i \ + 's#https://github\.com/Zeex/subhook\.git#https://github.com/tianocore/edk2-subhook.git#g' \ + .gitmodules \ && git submodule update --init \ && export PYTHON3_ENABLE=TRUE \ && export PYTHON_COMMAND=python3 \ && make -j $(nproc) -C BaseTools/ \ && . ./edksetup.sh --reconfig \ - && touch OvmfPkg/AmdSev/Grub/grub.efi - # && build -a X64 -b RELEASE -t GCC5 -p OvmfPkg/AmdSev/AmdSevX64.dsc + && touch OvmfPkg/AmdSev/Grub/grub.efi \ + && build -a X64 -b RELEASE -t GCC5 -p OvmfPkg/AmdSev/AmdSevX64.dsc diff --git a/tasks/ovmf.py b/tasks/ovmf.py index dce8e609..46fc31de 100644 --- a/tasks/ovmf.py +++ b/tasks/ovmf.py @@ -1,5 +1,6 @@ from invoke import task from os.path import join +from tasks.util.azure import on_azure from tasks.util.docker import copy_from_ctr_image from tasks.util.env import KATA_ROOT from tasks.util.ovmf import OVMF_IMAGE_TAG, build_ovmf_image @@ -9,7 +10,8 @@ def install(): """ Copy a custom build of OVMF into the destination path """ - ctr_paths = ["/git/sc2-sys/edk2/Build/AmdSev/RELEASE_GCC5/FV/OVMF.fd"] + repo = "edk2-azure" if on_azure() else "edk2" + ctr_paths = [f"/git/sc2-sys/{repo}/Build/AmdSev/RELEASE_GCC5/FV/OVMF.fd"] host_paths = [join(KATA_ROOT, "share", "ovmf", "AMDSEV.fd")] copy_from_ctr_image(OVMF_IMAGE_TAG, ctr_paths, host_paths, requires_sudo=True) diff --git a/tasks/sc2.py b/tasks/sc2.py index f251775a..f637b438 100644 --- a/tasks/sc2.py +++ b/tasks/sc2.py @@ -310,10 +310,9 @@ def deploy(ctx, debug=False, clean=False): # Install an up-to-date version of OVMF (the one currently shipped with # CoCo is not enough to run on 6.11 and QEMU 9.1) - if not on_azure(): - print_dotted_line(f"Installing OVMF ({OVMF_VERSION})") - ovmf_install() - print("Success!") + print_dotted_line(f"Installing OVMF ({OVMF_VERSION})") + ovmf_install() + print("Success!") # Update SNP class to use default QEMU (we use host kernel 6.11, so we # can use upstream QEMU 9.1). We do this update before generating the SC2 @@ -341,7 +340,9 @@ def deploy(ctx, debug=False, clean=False): path = "{qemu_path}" valid_hypervisor_paths = [ "{qemu_path}" ] disable_nesting_checks = true - """.format(qemu_path=qemu_path) + """.format( + qemu_path=qemu_path + ) update_toml( join(KATA_CONFIG_DIR, "configuration-qemu-snp.toml"), updated_toml_str, diff --git a/tasks/util/ovmf.py b/tasks/util/ovmf.py index c5451de2..aa7ef515 100644 --- a/tasks/util/ovmf.py +++ b/tasks/util/ovmf.py @@ -16,7 +16,10 @@ def build_ovmf_image(nocache, push, debug=True): build_image( OVMF_IMAGE_TAG, join(PROJ_ROOT, "docker", "ovmf.dockerfile"), - build_args={"OVMF_VERSION": OVMF_VERSION, "OVMF_VERSION_AZURE": OVMF_VERSION_AZURE}, + build_args={ + "OVMF_VERSION": OVMF_VERSION, + "OVMF_VERSION_AZURE": OVMF_VERSION_AZURE, + }, nocache=nocache, push=push, debug=debug, From c36ca61b784af138ef61695a7263adcc4a1868fc Mon Sep 17 00:00:00 2001 From: Carlos Segarra Date: Tue, 15 Apr 2025 18:36:21 +0000 Subject: [PATCH 14/14] few fixes --- bin/workon.sh | 4 ++-- tasks/ovmf.py | 13 +++++++++++-- tasks/sc2.py | 2 -- 3 files changed, 13 insertions(+), 6 deletions(-) diff --git a/bin/workon.sh b/bin/workon.sh index 3ed04319..27053ae0 100644 --- a/bin/workon.sh +++ b/bin/workon.sh @@ -78,9 +78,9 @@ export PS1="(sc2-deploy) $PS1" # ----------------------------- if [ "$SC2_ON_AZURE" == "yes" ]; then - tee_str="${TEE}-azure" + tee_str="${SC2_TEE}-azure" else - tee_str="${TEE}" + tee_str="${SC2_TEE}" fi echo "" diff --git a/tasks/ovmf.py b/tasks/ovmf.py index 46fc31de..a6f0a3e8 100644 --- a/tasks/ovmf.py +++ b/tasks/ovmf.py @@ -2,8 +2,13 @@ from os.path import join from tasks.util.azure import on_azure from tasks.util.docker import copy_from_ctr_image -from tasks.util.env import KATA_ROOT -from tasks.util.ovmf import OVMF_IMAGE_TAG, build_ovmf_image +from tasks.util.env import KATA_ROOT, print_dotted_line +from tasks.util.ovmf import ( + OVMF_IMAGE_TAG, + OVMF_VERSION, + OVMF_VERSION_AZURE, + build_ovmf_image +) def install(): @@ -11,9 +16,13 @@ def install(): Copy a custom build of OVMF into the destination path """ repo = "edk2-azure" if on_azure() else "edk2" + ovmf_version = OVMF_VERSION_AZURE if on_azure() else OVMF_VERSION + + print_dotted_line(f"Installing OVMF ({ovmf_version})") ctr_paths = [f"/git/sc2-sys/{repo}/Build/AmdSev/RELEASE_GCC5/FV/OVMF.fd"] host_paths = [join(KATA_ROOT, "share", "ovmf", "AMDSEV.fd")] copy_from_ctr_image(OVMF_IMAGE_TAG, ctr_paths, host_paths, requires_sudo=True) + print("Success!") @task diff --git a/tasks/sc2.py b/tasks/sc2.py index f637b438..e9af68e1 100644 --- a/tasks/sc2.py +++ b/tasks/sc2.py @@ -310,9 +310,7 @@ def deploy(ctx, debug=False, clean=False): # Install an up-to-date version of OVMF (the one currently shipped with # CoCo is not enough to run on 6.11 and QEMU 9.1) - print_dotted_line(f"Installing OVMF ({OVMF_VERSION})") ovmf_install() - print("Success!") # Update SNP class to use default QEMU (we use host kernel 6.11, so we # can use upstream QEMU 9.1). We do this update before generating the SC2