Skip to content

Commit

Permalink
node-installer: package as container image
Browse files Browse the repository at this point in the history
  • Loading branch information
malt3 committed Apr 17, 2024
1 parent b8a8edf commit 9dc7377
Show file tree
Hide file tree
Showing 4 changed files with 151 additions and 1 deletion.
4 changes: 4 additions & 0 deletions justfile
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,10 @@ service-mesh-proxy: (push "service-mesh-proxy")
# Build the initializer, containerize and push it.
initializer: (push "initializer")

# Build the node-installer, containerize and push it.
node-installer:
nix run .#containers.push-node-installer -- "$container_registry/contrast/node-installer" >&2

default_cli := "contrast.cli"
default_deploy_target := "simple"
workspace_dir := "workspace"
Expand Down
96 changes: 96 additions & 0 deletions packages/by-name/contrast-node-installer-image/package.nix
Original file line number Diff line number Diff line change
@@ -0,0 +1,96 @@
{ lib
, ociLayerTar
, ociImageManifest
, ociImageLayout
, contrast-node-installer
, runtime-class-files
, pkgsStatic
, writers
}:
let
node-installer = ociLayerTar {
files = [
{
source = lib.getExe contrast-node-installer;
destination = "/bin/node-installer";
}
{
source = "${pkgsStatic.util-linux}/bin/nsenter";
destination = "/bin/nsenter";
}
];
};
launch-digest = lib.removeSuffix "\n" (builtins.readFile "${runtime-class-files}/launch-digest.hex");
runtime-handler = lib.removeSuffix "\n" (builtins.readFile "${runtime-class-files}/runtime-handler");
installer-config = ociLayerTar {
files = [
{
source = writers.writeJSON "contrast-node-install.json" {
files = [
{
url = "file:///opt/edgeless/share/kata-containers.img";
path = "/opt/edgeless/${runtime-handler}/share/kata-containers.img";
}
{
url = "file:///opt/edgeless/share/kata-containers-igvm.img";
path = "/opt/edgeless/${runtime-handler}/share/kata-containers-igvm.img";
}
{
url = "file:///opt/edgeless/bin/cloud-hypervisor-snp";
path = "/opt/edgeless/${runtime-handler}/bin/cloud-hypervisor-snp";
}
{
url = "file:///opt/edgeless/bin/containerd-shim-contrast-cc-v2";
path = "/opt/edgeless/${runtime-handler}/bin/containerd-shim-contrast-cc-v2";
}
];
runtimeHandlerName = runtime-handler;
};
destination = "/config/contrast-node-install.json";
}
];
};
kata-container-img = ociLayerTar {
files = [
{ source = runtime-class-files.rootfs; destination = "/opt/edgeless/share/kata-containers.img"; }
{ source = runtime-class-files.igvm; destination = "/opt/edgeless/share/kata-containers-igvm.img"; }
];
};
cloud-hypervisor = ociLayerTar {
files = [{ source = runtime-class-files.cloud-hypervisor-bin; destination = "/opt/edgeless/bin/cloud-hypervisor-snp"; }];
};
containerd-shim = ociLayerTar {
files = [{ source = runtime-class-files.containerd-shim-contrast-cc-v2; destination = "/opt/edgeless/bin/containerd-shim-contrast-cc-v2"; }];
};
manifest = ociImageManifest
{
layers = [
node-installer
installer-config
kata-container-img
cloud-hypervisor
containerd-shim
];
extraConfig = {
"config" = {
"Env" = [
"PATH=/bin:/usr/bin"
"CONFIG_DIR=/config"
"HOST_MOUNT=/host"
];
"Entrypoint" = [ "/bin/node-installer" ];
};
};
extraManifest = {
"annotations" = {
"org.opencontainers.image.title" = "contrast-node-installer";
"org.opencontainers.image.description" = "Contrast Node Installer";
"systems.edgeless.contrast.snp-launch-digest" = launch-digest;
};
};
};

in
ociImageLayout {
manifests = [ manifest ];
}
41 changes: 41 additions & 0 deletions packages/by-name/runtime-class-files/package.nix
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
{ fetchurl
, stdenvNoCC
, igvmmeasure
}:
let
rootfs = fetchurl {
url = "https://cdn.confidential.cloud/contrast/node-components/2024-03-13/kata-containers.img";
hash = "sha256-EdFywKAU+xD0BXmmfbjV4cB6Gqbq9R9AnMWoZFCM3A0=";
};
igvm = fetchurl {
url = "https://cdn.confidential.cloud/contrast/node-components/2024-03-13/kata-containers-igvm.img";
hash = "sha256-E9Ttx6f9QYwKlQonO/fl1bF2MNBoU4XG3/HHvt9Zv30=";
};
cloud-hypervisor-bin = fetchurl {
url = "https://cdn.confidential.cloud/contrast/node-components/2024-03-13/cloud-hypervisor-cvm";
hash = "sha256-coTHzd5/QLjlPQfrp9d2TJTIXKNuANTN7aNmpa8PRXo=";
};
containerd-shim-contrast-cc-v2 = fetchurl {
url = "https://cdn.confidential.cloud/contrast/node-components/2024-03-13/containerd-shim-kata-cc-v2";
hash = "sha256-yhk3ZearqQVz1X1p67OFPCSHbF0P66E7KknpO/JGzZg=";
};
in
stdenvNoCC.mkDerivation {
name = "runtime-class-files";
version = "2024-03-13";

dontUnpack = true;

buildInputs = [ igvmmeasure ];

buildPhase = ''
mkdir -p $out
igvmmeasure -b ${igvm} | dd conv=lcase > $out/launch-digest.hex
echo -n "contrast-cc-" > $out/runtime-handler
cat $out/launch-digest.hex | head -c 32 >> $out/runtime-handler
'';

passthru = {
inherit rootfs igvm cloud-hypervisor-bin containerd-shim-contrast-cc-v2;
};
}
11 changes: 10 additions & 1 deletion packages/containers.nix
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,15 @@ let
'';
};

pushOCIDir = name: dir: tag: writeShellApplication {
name = "push-${name}";
runtimeInputs = [ crane ];
text = ''
imageName="$1"
crane push "${dir}" "$imageName:${tag}"
'';
};

containers = {
coordinator = dockerTools.buildImage {
name = "coordinator";
Expand Down Expand Up @@ -71,4 +80,4 @@ let
};
};
in
containers // (lib.concatMapAttrs (name: container: { "push-${name}" = pushContainer container; }) containers)
containers // { push-node-installer = pushOCIDir "push-node-installer" contrast-node-installer-image "v${contrast.version}"; } // (lib.concatMapAttrs (name: container: { "push-${name}" = pushContainer container; }) containers)

0 comments on commit 9dc7377

Please sign in to comment.