ci: containerd_nydus_setup

Ensure nydus is setup to be used by containerd as part of our tests.

Signed-off-by: Fabiano Fidêncio <[email protected]>
Signed-off-by: ChengyuZhu6 <[email protected]>

.ci/containerd_nydus_setup.sh

@@ -0,0 +1,31 @@
+#!/bin/bash
+#
+# Copyright (c) 2023 Intel Corporation
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+cidir=$(dirname "$0")
+source "${cidir}/../lib/common.bash"
+
+# Nydus related configurations
+NYDUS_SNAPSHOTTER_BINARY="/usr/local/bin/containerd-nydus-grpc"
+NYDUS_SNAPSHOTTER_TARFS_CONFIG="/usr/local/share/nydus-snapshotter/config-coco-host-sharing.toml"
+NYDUS_SNAPSHOTTER_GUEST_CONFIG="/usr/local/share/nydus-snapshotter/config-coco-guest-pulling.toml"
+NYDUS_SNAPSHOTTER_CONFIG="${NYDUS_SNAPSHOTTER_CONFIG:-${NYDUS_SNAPSHOTTER_TARFS_CONFIG}}"
+NYDUS_SNAPSHOTTER_TARFS_EXPORT_MODE="${NYDUS_SNAPSHOTTER_TARFS_EXPORT_MODE:-image_block}"
+
+echo "Configure nydus snapshotter"
+if [ "${IMAGE_OFFLOAD_TO_GUEST:-"no"}" == "yes" ]; then
+	NYDUS_SNAPSHOTTER_CONFIG="${NYDUS_SNAPSHOTTER_GUEST_CONFIG}"
+else
+	NYDUS_SNAPSHOTTER_CONFIG="${NYDUS_SNAPSHOTTER_TARFS_CONFIG}"
+	sudo sed -i "s/export_mode = .*/export_mode = \"${NYDUS_SNAPSHOTTER_TARFS_EXPORT_MODE}\"/" "$NYDUS_SNAPSHOTTER_CONFIG"
+fi
+
+echo "Start nydus snapshotter"
+sudo "${NYDUS_SNAPSHOTTER_BINARY}" --config "${NYDUS_SNAPSHOTTER_CONFIG}" >/dev/stdout 2>&1 &

.ci/setup.sh

@@ -138,6 +138,7 @@ install_extra_tools() {
 	if [ "${IMAGE_OFFLOAD_TO_GUEST}" == "yes" ]; then
 		info "Install nydus-snapshotter"
 		bash -f "${cidir}/install_nydus_snapshotter.sh"
+		bash -f "${cidir}/containerd_nydus_setup.sh"
 	fi
 
 	echo "Install CNI plugins"

integration/confidential/lib.sh

@@ -209,11 +209,32 @@ configure_cc_containerd() {
 	waitForProcess 30 5 "sudo crictl info >/dev/null"
 
 	# Ensure the cc CRI handler is set.
-	local cri_handler=$(sudo crictl info | \
-		jq '.config.containerd.runtimes.kata.cri_handler')
-	if [[ ! "$cri_handler" =~ cc ]]; then
-		sudo sed -i 's/\([[:blank:]]*\)\(runtime_type = "io.containerd.kata.v2"\)/\1\2\n\1cri_handler = "cc"/' \
-			"$containerd_conf_file"
+
+	if [ "${IMAGE_OFFLOAD_TO_GUEST}" == "yes" ]; then
+		echo "Configure containerd to use the nydus snapshotter"
+
+		local containerd_config_dir="/etc/containerd"
+		local containerd_config_file="${containerd_config_dir}/config.toml"
+
+		local snapshotter_socket="/run/containerd-nydus/containerd-nydus-grpc.sock"
+		local proxy_config="  [proxy_plugins.nydus]\n    type = \"snapshot\"\n    address = \"${snapshotter_socket}\""
+		local snapshotter_config="      disable_snapshot_annotations = false\n      snapshotter = \"nydus\""
+
+		if ! grep -q "proxy_plugins"; then
+			echo -e "[proxy_plugins]" | sudo tee -a "${containerd_config_file}"
+			echo -e "${proxy_config}" | sudo tee -a "${containerd_config_file}"
+		fi
+
+		if ! grep -q "${snapshotter_config}"; then
+			sudo sed -i '/\[plugins.cri.containerd\]/a\'"${snapshotter_config}" "${containerd_config_file}"
+		fi
+	else
+		local cri_handler=$(sudo crictl info | \
+			jq '.config.containerd.runtimes.kata.cri_handler')
+		if [[ ! "$cri_handler" =~ cc ]]; then
+			sudo sed -i 's/\([[:blank:]]*\)\(runtime_type = "io.containerd.kata.v2"\)/\1\2\n\1cri_handler = "cc"/' \
+				"$containerd_conf_file"
+		fi
 	fi
 
 	if [ "$(sudo crictl info | jq -r '.config.cni.confDir')" = "null" ]; then

integration/kubernetes/confidential/tests_common.sh

@@ -31,7 +31,9 @@ setup_common() {
 	configure_cc_containerd "$SAVED_CONTAINERD_CONF_FILE"
 
 	echo "Reconfigure Kata Containers"
-	switch_image_service_offload on
+	if [ "${IMAGE_OFFLOAD_TO_GUEST}" == "no" ]; then
+		switch_image_service_offload on
+	fi
 	clear_kernel_params
 	add_kernel_params "${original_kernel_params}"