Featured in Blog >

Running Kata Containers on IBM Power Systems

Running Kata Containers on IBM Power systems

In this article, you will learn how to use Kata Containers on IBM Power systems.

#Prerequisites:

You need to install golang version 1.8.3 or newer, make, gcc, qemu.

#Steps:

  1. Build and install the Kata Containers runtime $ go get -d -u github.com/kata-containers/runtime $ cd $GOPATH/src/github.com/kata-containers/runtime $ make && sudo -E PATH=$PATH make install

    The build will create the following:

    runtime binary: /usr/local/bin/kata-runtime

    configuration file: /usr/share/defaults/kata-containers/configuration.toml

  2. Check if your system is capable of creating a Kata Container: $ sudo kata-runtime kata-check

    If your system is not able to run Kata Containers, the previous command will error out and explain why.

  3. Configure to use initrd image $ sudo sed -i ‘s/^\(image =.*\)/# \1/g’ /usr/share/defaults/kata-containers/configuration.toml
  4. Enable full debug $ sudo sed -i -e ‘s/^# *\(enable_debug\).*=.*$/\1 = true/g’ /usr/share/defaults/kata-containers/configuration.toml $ sudo sed -i -e ‘s/^kernel_params = “\(.*\)”/kernel_params = “\1 agent.log=debug”/g’ /usr/share/defaults/kata-containers/configuration.toml
  5. Build and install Kata proxy $ go get -d -u github.com/kata-containers/proxy $ cd $GOPATH/src/github.com/kata-containers/proxy && make && sudo make install
  6. Build and install Kata shim $ go get -d -u github.com/kata-containers/shim $ cd $GOPATH/src/github.com/kata-containers/shim && make && sudo make install
  7. Get the osbuilder $ go get -d -u github.com/kata-containers/osbuilder
  8. Build a custom Kata agent — OPTIONAL $ go get -d -u github.com/kata-containers/agent $ cd $GOPATH/src/github.com/kata-containers/agent && make
  9. Create an initrd image $ export ROOTFS_DIR=”${GOPATH}/src/github.com/kata-containers/osbuilder/rootfs-builder/rootfs" $ sudo rm -rf ${ROOTFS_DIR} $ cd $GOPATH/src/github.com/kata-containers/osbuilder/rootfs-builder $ script -fec ‘sudo -E GOPATH=$GOPATH AGENT_INIT=yes USE_DOCKER=true ./rootfs.sh ${distro}’

    AGENT_INIT controls if the guest image uses kata agent as the guest init process. When you create an initrd image, always set AGENT_INIT to yes.

    You MUST choose one of alpine, centos and fedora for ${distro}.

    Optionally, add your custom agent binary to the rootfs with the following:

    $ sudo install -o root -g root -m 0550 -T ../../agent/kata-agent ${ROOTFS_DIR}/sbin/init
  10. Build an initrd image $ cd $GOPATH/src/github.com/kata-containers/osbuilder/initrd-builder $ script -fec ‘sudo -E AGENT_INIT=yes USE_DOCKER=true ./initrd_builder.sh ${ROOTFS_DIR}’
  11. Install the initrd image $ commit=$(git log — format=%h -1 HEAD) $ date=$(date +%Y-%m-%d-%T.%N%z) $ image=”kata-containers-initrd-${date}-${commit}” $ sudo install -o root -g root -m 0640 -D kata-containers-initrd.img “/usr/share/kata-containers/${image}” $ (cd /usr/share/kata-containers && sudo ln -sf “$image” kata-containers-initrd.img)
  12. Install guest kernel images

    As a prerequisite, you need to install libelf-dev and bc. Otherwise, you will not be able to build the kernel from sources.

    $ go get github.com/kata-containers/tests $ cd $GOPATH/src/github.com/kata-containers/tests/.ci $ kernel_arch=”$(./kata-arch.sh)” $ kernel_dir=”$(./kata-arch.sh — kernel)” $ tmpdir=”$(mktemp -d)” $ pushd “$tmpdir” $ curl -L https://raw.githubusercontent.com/kata-containers/packaging/master/kernel/configs/${kernel_arch}_kata_kvm_4.14.x -o .config $ kernel_version=$(grep “Linux/[${kernel_arch}]*” .config | cut -d’ ‘ -f3 | tail -1) $ kernel_tar_file=”linux-${kernel_version}.tar.xz” $ kernel_url=”https://cdn.kernel.org/pub/linux/kernel/v$(echo $kernel_version | cut -f1 -d.).x/${kernel_tar_file}” $ curl -LOk ${kernel_url} $ tar -xf ${kernel_tar_file} $ mv .config “linux-${kernel_version}” $ pushd “linux-${kernel_version}” $ make ARCH=${kernel_dir} -j$(nproc) $ kata_kernel_dir=”/usr/share/kata-containers” $ kata_vmlinuz=”${kata_kernel_dir}/kata-vmlinuz-${kernel_version}.container” $ [ $kernel_arch = ppc64le ] && kernel_file=”$(realpath ./vmlinux)” || kernel_file=”$(realpath arch/${kernel_arch}/boot/bzImage)” $ sudo install -o root -g root -m 0755 -D “${kernel_file}” “${kata_vmlinuz}” $ sudo ln -sf “${kata_vmlinuz}” “${kata_kernel_dir}/vmlinuz.container” $ kata_vmlinux=”${kata_kernel_dir}/kata-vmlinux-${kernel_version}” $ sudo install -o root -g root -m 0755 -D “$(realpath vmlinux)” “${kata_vmlinux}” $ sudo ln -sf “${kata_vmlinux}” “${kata_kernel_dir}/vmlinux.container” $ popd $ popd $ rm -rf “${tmpdir}”
  13. Run Kata Containers with Docker

    Update Docker configuration

    $ dir=/etc/systemd/system/docker.service.d $ file=”$dir/kata-containers.conf” $ sudo mkdir -p “$dir” $ sudo test -e “$file” || echo -e “[Service]\nType=simple\nExecStart=\nExecStart=/usr/bin/dockerd -D — default-runtime runc” | sudo tee “$file” $ sudo grep -q “kata-runtime=” $file || sudo sed -i ‘s!^\(ExecStart=[^$].*$\)!\1 — add-runtime kata-runtime=/usr/local/bin/kata-runtime!g’ “$file” $ sudo systemctl daemon-reload $ sudo systemctl restart docker
  14. Create a Kata Container using Docker $ sudo docker run -ti — runtime kata-runtime busybox sh
  15. Check the logs in-case of failure $ journalctl -q -o cat -a -t kata-runtime
    $ journalctl -q -o cat -a -t kata-proxy