diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index ad444f71a..6d1e17dc4 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -36,7 +36,7 @@ jobs: if: github.event_name == 'pull_request' - name: Upload artifact with ShellCheck defects in SARIF format - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: Differential ShellCheck SARIF path: ${{ steps.ShellCheck.outputs.sarif }} diff --git a/lxd-qemu-snap/README.md b/lxd-qemu-snap/README.md new file mode 100644 index 000000000..50c9a8617 --- /dev/null +++ b/lxd-qemu-snap/README.md @@ -0,0 +1,69 @@ +# External QEMU snap for LXD snap + +## How to build and use + +``` +cd lxd-qemu-snap + +# clean up previous builds +rm -f qemu-for-lxd_*.snap + +# build +snapcraft + +# install +sudo snap install qemu-for-lxd_*.snap --devmode + +# connect snaps +sudo snap connect lxd:gpu-2404 mesa-2404:gpu-2404 +sudo snap connect lxd:qemu-external qemu-for-lxd:qemu-external +``` + +## How to use with virgl (only specific to this example of snapcraft.yaml) + +``` +lxc init images:ubuntu/noble/desktop desktop -c limits.memory=8GiB --vm + +# modify instance configuration: +lxc config edit desktop + +# choose an appropriate renderer: +ls -la /dev/dri/by-path/*-render + +# for example, on my system it is /dev/dri/by-path/pci-0000:67:00.0-render +# lspci | grep -E "(3D|VGA)" shows: +# 67:00.0 VGA compatible controller: Advanced Micro Devices, Inc. [AMD/ATI] Rembrandt (rev d8) + +# add the following lines: + raw.apparmor: |- + /snap/lxd/*/gpu-2404/** mr, + /dev/dri/ r, + /dev/dri/card[0-9]* rw, + /dev/dri/renderD[0-9]* rw, + /run/udev/data/c226:[0-9]* r, # 226 drm + /sys/devices/** r, + /sys/bus/** r, + raw.qemu: -display egl-headless,rendernode=/dev/dri/by-path/pci-0000:67:00.0-render + raw.qemu.conf: |- + [device "qemu_gpu"] + driver = "virtio-vga-gl" + +# try it +lxc start desktop --console=vga + +# you can check output from: +dmesg | grep -i drm +# if you see: +# [drm] features: +virgl ... +# it's a good sign + +glxinfo | grep -i vir +# it should show something like: +# Device: virgl ... +``` + +## References: + +https://github.com/snapcore/snapd/blob/5c8d8431baa425464b279ff26b8c44eecb9aab22/interfaces/builtin/opengl.go#L41 + +https://gitlab.gnome.org/GNOME/gnome-boxes/-/issues/586 \ No newline at end of file diff --git a/lxd-qemu-snap/snapcraft.yaml b/lxd-qemu-snap/snapcraft.yaml new file mode 100644 index 000000000..a83ad2086 --- /dev/null +++ b/lxd-qemu-snap/snapcraft.yaml @@ -0,0 +1,237 @@ +name: qemu-for-lxd +base: core24 +assumes: + - snapd2.63 +version: '1' +grade: devel +summary: External Qemu for LXD +description: |- + External Qemu for LXD + +contact: lxd@lists.canonical.com +issues: https://github.com/canonical/lxd/issues +source-code: https://github.com/canonical/lxd +website: https://ubuntu.com/lxd +confinement: strict + +slots: + qemu-external: + interface: content + content: qemu-external-binaries + read: + - $SNAP/external/qemu + +parts: + # + # This step is extremely important, as it ensures that no mesa libs will + # be provided with this snap to prevent any possible version mistmatches + # between this snap and mesa-2404 snap. + # If you the error like: + # DRI driver not from this Mesa build ('24.0.5-1ubuntu1' vs '24.0.9-0ubuntu0.1') + # this is a clear sign that you likely ship some mesa library along with your qemu-for-lxd + # snap and it has a version conflict with what you have in gpu-2404 interface snap. + # + gpu-2404: + after: + - virgl + - qemu + source: https://github.com/canonical/gpu-snap.git + plugin: dump + override-prime: | + set -ex + + CUSTOM_PREFIX="external/qemu" + CRAFT_PRIME_OVERRIDE="${CRAFT_PRIME}/${CUSTOM_PREFIX}" + + # cleanup script expects to see libraries in usr/lib, while we have them in lib + mkdir "${CRAFT_PRIME_OVERRIDE}/usr" + ln -s "${CRAFT_PRIME_OVERRIDE}/lib" "${CRAFT_PRIME_OVERRIDE}/usr/lib" + + # a bit hacky way to call a cleanup script forcing it to look in a right directory + CRAFT_PRIME="${CRAFT_PRIME_OVERRIDE}" ${CRAFT_PART_SRC}/bin/gpu-2404-cleanup mesa-2404 nvidia-2404 + + rm -rf "${CRAFT_PRIME_OVERRIDE}/usr" + + set +ex + + virgl: + source: https://gitlab.freedesktop.org/virgl/virglrenderer.git + source-tag: virglrenderer-1.0.1 + source-depth: 1 + plugin: meson + meson-parameters: + - --prefix=/external/qemu + build-packages: + - meson + - libgbm-dev + - libdrm-dev + + qemu: + after: + - virgl + source: https://gitlab.com/qemu-project/qemu + source-commit: 6a54d5cf55b446ec50d5c5a0b0568a7b28e2913e # v9.0.3 + source-depth: 1 + source-submodules: [] + source-type: git + plugin: autotools + autotools-configure-parameters: + - --prefix=/external/qemu + - --enable-opengl + - --enable-virglrenderer + - --disable-smartcard +# options from LXD snap: + - --disable-bochs + - --disable-cloop + - --disable-dmg + - --disable-docs + - --disable-guest-agent + - --disable-parallels + - --disable-qed + - --disable-slirp + - --disable-user + - --disable-vdi + - --disable-vnc + - --disable-xen + - --enable-attr + - --enable-cap-ng + - --enable-kvm + - --enable-libusb + - --enable-usb-redir + - --enable-linux-aio +# - --enable-linux-io-uring + - --enable-numa + - --enable-pie + - --enable-rbd + - --enable-seccomp + - --enable-spice + - --enable-system + - --enable-tcg + - --enable-tools + - --enable-vhost-crypto + - --enable-vhost-kernel + - --enable-vhost-net + - --enable-vhost-user + - --enable-virtfs + - --firmwarepath=/snap/lxd/current/share/qemu/ + - --localstatedir=/var/ + build-environment: + - ACLOCAL_PATH: /usr/share/aclocal + - PKG_CONFIG_PATH: $CRAFT_STAGE/external/qemu/lib/$CRAFT_ARCH_TRIPLET/pkgconfig:$CRAFT_STAGE/usr/lib/$CRAFT_ARCH_TRIPLET/pkgconfig:/usr/lib/$CRAFT_ARCH_TRIPLET/pkgconfig:/usr/lib/pkgconfig:/usr/share/pkgconfig${PKG_CONFIG_PATH:+:$PKG_CONFIG_PATH} + - PATH: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin:/snap/snapcraft/current/bin/scriptlet-bin:$PATH + - LD_LIBRARY_PATH: $CRAFT_STAGE/usr/lib/$CRAFT_ARCH_TRIPLET:/usr/lib/$CRAFT_ARCH_TRIPLET${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH} + override-pull: | + [ "$(uname -m)" != "x86_64" ] && [ "$(uname -m)" != "aarch64" ] && [ "$(uname -m)" != "ppc64le" ] && [ "$(uname -m)" != "s390x" ] && exit 0 + + craftctl default + override-build: | + [ "$(uname -m)" != "x86_64" ] && [ "$(uname -m)" != "aarch64" ] && [ "$(uname -m)" != "ppc64le" ] && [ "$(uname -m)" != "s390x" ] && exit 0 + set -ex + # Mangle the configure a bit + QEMUARCH="$(uname -m)" + [ "${QEMUARCH}" = "ppc64le" ] && QEMUARCH="ppc64" + + sed -i "s/^unset target_list$/target_list=\"${QEMUARCH}-softmmu\"/" configure + + set +ex + craftctl default + build-packages: + - bison + - flex + - gettext + - libaio-dev + - libbluetooth-dev + - libbrlapi-dev + - libbz2-dev + - libcap-dev + - libcap-ng-dev + - libcacard-dev + - libcurl4-gnutls-dev + - libepoxy-dev + - libfdt-dev + - libgtk-3-dev + - libglib2.0-dev + - libglusterfs-dev + - libibverbs-dev + - libiscsi-dev + - libjemalloc-dev + - libjpeg8-dev + - liblzo2-dev + - libncurses5-dev + - libnfs-dev + - libnuma-dev + - libpango1.0-dev + - libpixman-1-dev + - libpulse-dev + - librbd-dev + - librdmacm-dev + - libsasl2-dev + - libseccomp-dev + - libsdl2-dev + - libsdl2-image-dev + - libsnappy-dev + - libspice-protocol-dev + - libspice-server-dev + - libusb-1.0-0-dev + - libusbredirhost-dev + - libusbredirparser-dev + - libvde-dev + - libvdeplug-dev + - libvte-2.91-dev + - libxml2-dev + - libx11-dev + - libzstd-dev + - ninja-build + - zlib1g-dev + stage-packages: + - libepoxy0 + - libvte-2.91-0 + - libsndio7.0 + - libaio1t64 + - libasn1-8-heimdal + - libboost-iostreams1.74.0 + - libboost-thread1.74.0 + - libbrlapi0.8 + - libcurl3-gnutls + - libfdt1 + - libgfapi0 + - libgfrpc0 + - libgfxdr0 + - libgssapi3-heimdal + - libhcrypto5t64-heimdal + - libheimbase1-heimdal + - libheimntlm0-heimdal + - libhx509-5-heimdal + - libibverbs1 + - libiscsi7 + - libjemalloc2 + - libkrb5-26-heimdal + - libnfs14 + - libnghttp2-14 + - libnuma1 + - librados2 + - librbd1 + - librdmacm1 + - libroken19-heimdal + - librtmp1 + - libsasl2-2 + - libsdl2-2.0-0 + - libsdl2-image-2.0-0 + - libsnappy1v5 + - libspice-server1 + - libtirpc3 + - liburcu8 + - libusb-1.0-0 + - libusbredirhost1 + - libusbredirparser1 + - libvdeplug2 + - libwind0-heimdal + - seabios + organize: + lib/: external/qemu/lib/ + usr/bin/: external/qemu/bin/ + usr/lib/: external/qemu/lib/ + usr/local/bin/: external/qemu/bin/ + usr/local/lib/: external/qemu/lib/ + usr/local/libexec/: external/qemu/bin/ + usr/local/share/: external/qemu/share/ diff --git a/snapcraft.yaml b/snapcraft.yaml index c737d06e4..040c029f9 100644 --- a/snapcraft.yaml +++ b/snapcraft.yaml @@ -1,5 +1,5 @@ name: lxd -base: core22 +base: core24 assumes: - snapd2.39 version: "6.2" @@ -42,6 +42,7 @@ description: |- - daemon.preseed: Pass a YAML configuration to `lxd init` on initial start - daemon.syslog: Send LXD log events to syslog [default=false] - daemon.verbose: Increase logging to verbose level [default=false] + - db.trace: Enable dqlite trace logging (very verbose) [default=false] - lvm.external: Use the system's LVM tools [default=false] - lxcfs.pidfd: Start per-container process tracking [default=false] - lxcfs.loadavg: Start tracking per-container load average [default=false] @@ -73,6 +74,20 @@ plugs: ovn-chassis: interface: content target: "$SNAP_DATA/microovn/chassis" + gpu-2404: + interface: content + target: $SNAP/gpu-2404 +# default-provider: mesa-2404 + qemu-external: + interface: content + content: qemu-external-binaries + target: $SNAP/external/qemu + +layout: + /usr/share/libdrm: + bind: $SNAP/gpu-2404/libdrm + /usr/share/drirc.d: + symlink: $SNAP/gpu-2404/drirc.d apps: # Main commands @@ -84,6 +99,8 @@ apps: - system-observe daemon: + command-chain: + - bin/gpu-2404-custom-wrapper command: commands/daemon.start reload-command: commands/daemon.reload stop-command: commands/daemon.stop @@ -117,7 +134,7 @@ apps: lxc: command: commands/lxc - completer: etc/bash_completion.d/snap.lxd.lxc + completer: lxc-completer.sh plugs: - lxd-support - system-observe @@ -165,6 +182,14 @@ hooks: plugs: - lxd-support - system-observe + connect-plug-qemu-external: + plugs: + - lxd-support + - system-observe + disconnect-plug-qemu-external: + plugs: + - lxd-support + - system-observe configure: plugs: - lxd-support @@ -231,6 +256,7 @@ parts: - lib/*/libboost_iostreams.so* - lib/*/libboost_program_options.so* - lib/*/libboost_thread.so* + - lib/*/libboost_url.so* - lib/*/libbrotlicommon.so* - lib/*/libbrotlidec.so* - lib/*/libcurl-gnutls.so* @@ -239,8 +265,12 @@ parts: - lib/*/libicudata.so* - lib/*/libicuuc.so* - lib/*/liblber-2.5.so* + - lib/*/liblber.so* - lib/*/libldap-2.5.so* - - lib/*/liblua5.3.so* + - lib/*/libldap.so* + - lib/*/liblmdb.so* + - lib/*/liblua5.4.so* + - lib/*/libncurses.so* - lib/*/libndctl.so* - lib/*/libnghttp2.so* - lib/*/liboath.so* @@ -301,8 +331,6 @@ parts: - lib/*/libproto* dqlite: - after: - - sqlite source: https://github.com/canonical/dqlite # XXX: We often cherry-pick for candidate builds so don't do shallow clone #source-depth: 1 @@ -314,9 +342,11 @@ parts: - --enable-build-raft stage-packages: - liblz4-1 - - libuv1 + - libuv1t64 + - sqlite3 build-packages: - liblz4-dev + - libsqlite3-dev - libuv1-dev override-build: | set -ex @@ -330,15 +360,16 @@ parts: craftctl default organize: + usr/bin/: bin/ usr/lib/: lib/ prime: + - bin/sqlite3 - lib/libdqlite*so* + - lib/*/libsqlite3*so* - lib/*/libuv* #- lib/*/liblz4.so* # use liblz4.so from the base snap edk2: - after: - - nasm source: https://github.com/tianocore/edk2 source-depth: 1 source-commit: 8736b8fdca85e02933cdb0a13309de14c9799ece # edk2-stable202311 @@ -349,10 +380,12 @@ parts: - on amd64: - g++ - acpica-tools + - nasm - uuid-dev - on arm64: - g++ - acpica-tools + - nasm - uuid-dev override-prime: |- [ "$(uname -m)" != "x86_64" ] && [ "$(uname -m)" != "aarch64" ] && exit 0 @@ -473,36 +506,6 @@ parts: prime: - lib/*/libatomic.so* - libmnl: - # XXX: Netfilter's git repo is unreliable - source: https://www.netfilter.org/projects/libmnl/files/libmnl-1.0.5.tar.bz2 - source-checksum: sha256/274b9b919ef3152bfb3da3a13c950dd60d6e2bcd54230ffeca298d03b40d0525 - plugin: autotools - autotools-configure-parameters: - - --prefix= - organize: - usr/lib/: lib/ - prime: - - lib/libmnl*so* - - libnftnl: - after: - - libmnl - # XXX: Netfilter's git repo is unreliable - source: https://www.netfilter.org/projects/libnftnl/files/libnftnl-1.2.6.tar.xz - source-checksum: sha256/ceeaea2cd92147da19f13a35a7f1a4bc2767ff897e838e4b479cf54b59c777f4 - plugin: autotools - autotools-configure-parameters: - - --prefix= - organize: - usr/lib/: lib/ - prime: - - lib/libnftnl*so* - override-build: | - craftctl default - - sed -i "s# /lib/libmnl.la# ${CRAFT_STAGE}/lib/libmnl.la#g" "${CRAFT_PART_INSTALL}/lib/libnftnl.la" - libtpms: source: https://github.com/stefanberger/libtpms source-commit: f8c2dc7e12a730dcca4220d7ac5ad86d13dfd630 # v0.9.6 @@ -518,28 +521,6 @@ parts: prime: - lib/libtpms*so* - liburing: - source: https://github.com/axboe/liburing - source-commit: f4e42a515cd78c8c9cac2be14222834be5f8df2b # liburing-2.5 - source-depth: 1 - source-type: git - plugin: autotools - autotools-configure-parameters: - - --prefix= - override-prime: |- - [ "$(uname -m)" != "x86_64" ] && [ "$(uname -m)" != "aarch64" ] && [ "$(uname -m)" != "ppc64le" ] && [ "$(uname -m)" != "s390x" ] && exit 0 - craftctl default - override-pull: |- - [ "$(uname -m)" != "x86_64" ] && [ "$(uname -m)" != "aarch64" ] && [ "$(uname -m)" != "ppc64le" ] && [ "$(uname -m)" != "s390x" ] && exit 0 - craftctl default - override-build: |- - [ "$(uname -m)" != "x86_64" ] && [ "$(uname -m)" != "aarch64" ] && [ "$(uname -m)" != "ppc64le" ] && [ "$(uname -m)" != "s390x" ] && exit 0 - craftctl default - organize: - usr/lib/: lib/ - prime: - - lib/liburing*so* - libusb: source: https://github.com/libusb/libusb source-commit: d52e355daa09f17ce64819122cb067b8a2ee0d4b # v1.0.27 @@ -577,14 +558,16 @@ parts: usr/lib/: lib/ usr/sbin/: bin/ override-build: |- - # Patch lvm.conf - # lvm.conf changes for lvm2 from 22.04/core22 - sed -i \ - -e "s%\(# \)\?obtain_device_list_from_udev = 1%obtain_device_list_from_udev = 0%" \ - -e "s%\(# \)\?cache_file_prefix = \"\"%cache_file_prefix = \"lxd\"%" \ - "${CRAFT_PART_INSTALL}/etc/lvm/lvm.conf" - - # Generic lvm.conf changes + # Patch lvm.conf to: + # 1) Disable bits that don't apply in a snap'ed env. Handle commented + # out variants that represent builtin values. + # * udev_sync + # * udev_rules + # * use_lvmetad + # * monitoring + # 2) Uncomment all executable directives to override their builtin + # values. Replace paths in /usr/bin, /usr/sbin, /bin and /sbin + # by /snap/lxd/current/bin to use executables from the snap. sed -i \ -e "s%\(# \)\?udev_sync = 1%udev_sync = 0%" \ -e "s%\(# \)\?udev_rules = 1%udev_rules = 0%" \ @@ -617,53 +600,17 @@ parts: - lib/*/liblvm* - lib/*/libreadline.so* - nasm: - source: https://github.com/netwide-assembler/nasm - source-depth: 1 - source-commit: cd37b81b320ead83ca5a6bbce5da0a6456663bc6 # nasm-2.16.03 - source-type: git - plugin: autotools - autotools-configure-parameters: - - --prefix= - organize: - usr/bin/: bin/ - override-prime: - # no need to prime anything as the nasm binary is only used by edk2 - # and is not needed in the final snap artifact - exit 0 - override-pull: |- - [ "$(uname -m)" != "x86_64" ] && [ "$(uname -m)" != "aarch64" ] && exit 0 - craftctl default - override-build: | - [ "$(uname -m)" != "x86_64" ] && [ "$(uname -m)" != "aarch64" ] && exit 0 - patch -p1 < "${CRAFT_PROJECT_DIR}/patches/nasm-0000-disable-manpages.patch" - craftctl default - nftables: - after: - - libmnl - - libnftnl - # XXX: Netfilter's git repo is unreliable - source: https://www.netfilter.org/projects/nftables/files/nftables-1.0.9.tar.xz - source-checksum: sha256/a3c304cd9ba061239ee0474f9afb938a9bb99d89b960246f66f0c3a0a85e14cd - plugin: autotools - autotools-configure-parameters: - - --prefix= - - --with-json - - --disable-man-doc - build-packages: - - libedit-dev - - libjansson-dev - - libreadline-dev + plugin: nil stage-packages: - - libjansson4 + - nftables organize: - sbin/: bin/ usr/lib/: lib/ + usr/sbin/: bin/ prime: - bin/nft - lib/*/libjansson*so* - - lib/libnftables*so* + - lib/*/libnftables*so* nvidia-container: source: https://github.com/NVIDIA/libnvidia-container @@ -748,15 +695,13 @@ parts: openvswitch: source: https://github.com/openvswitch/ovs - source-commit: 2b87b844dbedeb2582920634205b52f1eea7c0b7 # v3.3.1 + source-commit: dfe601bbc154c836e6ec3526a1eb331c1c09a06e # v3.3.2 source-depth: 1 source-type: git plugin: autotools autotools-configure-parameters: - --enable-ssl - --prefix= - stage-packages: - - uuid-runtime organize: sbin/: bin/ usr/bin/: bin/ @@ -765,14 +710,13 @@ parts: - bin/ovs-vsctl - bin/ovs-vswitchd - bin/ovsdb-* - - bin/uuidgen - share/openvswitch/ ovn: after: - openvswitch source: https://github.com/ovn-org/ovn - source-commit: 41836afafd99d579bb277f638a31bffd5cf3efa3 # v24.03.2 + source-commit: 459a3bab4c4a11b904aa3c37015372d34e1e1209 # v24.03.3 source-depth: 1 source-type: git plugin: autotools @@ -853,7 +797,7 @@ parts: after: - libtpms source: https://github.com/stefanberger/swtpm - source-commit: 507d14219dde88eb3eb2d10d15872d4044aa9d3e # v0.8.2 + source-commit: f756ee8a281ddff7e09b49e1ef00d5cbb42abb63 # v0.9.0 source-depth: 1 source-type: git plugin: autotools @@ -885,7 +829,6 @@ parts: qemu: after: - libatomic - - liburing - libusb - spice-protocol - spice-server @@ -895,18 +838,35 @@ parts: source-type: git plugin: autotools autotools-configure-parameters: + - --disable-auth-pam - --disable-bochs + - --disable-brlapi - --disable-cloop + - --disable-curl - --disable-dmg - --disable-docs + - --disable-fuse + - --disable-glusterfs + - --disable-gnutls + - --disable-gtk - --disable-guest-agent + - --disable-libiscsi + - --disable-libnfs + - --disable-libpmem + - --disable-libssh + - --disable-nettle + - --disable-oss - --disable-parallels - --disable-pvrdma - --disable-qed + - --disable-sdl - --disable-slirp - --disable-user + - --disable-vde - --disable-vdi + - --disable-vmnet - --disable-vnc + - --disable-vvfat - --disable-xen - --disable-xkbcommon - --enable-attr @@ -944,6 +904,7 @@ parts: - libnuma-dev - libpixman-1-dev - libseccomp-dev + - liburing-dev - libusbredirhost-dev - quilt - on amd64: # workaround for armhf, because it lacks of librbd-dev @@ -958,11 +919,12 @@ parts: - genisoimage - ipxe-qemu # This is needed due to --disable-install-blobs. - libfdt1 - - libmagic1 + - libmagic1t64 - libnuma1 - libpixman-1-0 - - libusbredirhost1 - - libusbredirparser1 + - libusbredirhost1t64 + - libusbredirparser1t64 + - liburing2 - seabios # This is needed due to --disable-install-blobs. - qemu-system-data # This is needed due to --disable-install-blobs. override-prime: |- @@ -984,9 +946,6 @@ parts: sed -i "s/^unset target_list$/target_list=\"${QEMUARCH}-softmmu\"/" configure sed -i 's#libseccomp_minver=".*#libseccomp_minver="0.0"#g' configure - # Restore vendored copies of meson and tomli Python wheels - git restore --source=4769f7051b0753455b775ab10c9226e149ed6237~ -- python/wheels/ - # Extract efi-virtio.rom from ipxe-qemu. # This doesn't work in the organize section below. mkdir -p "${CRAFT_PART_INSTALL}"/share/qemu @@ -1018,6 +977,7 @@ parts: - lib/*/libmagic*so* - lib/*/libnuma*so* - lib/*/libpixman*so* + - lib/*/liburing*so* - lib/*/libusbredir*so* - lib/*/libfdt*.so* - share/qemu/keymaps/* @@ -1076,20 +1036,6 @@ parts: prime: - share/qemu/* - sqlite: - source: https://github.com/sqlite/sqlite - source-commit: 189e44dfecdc7868bb860dfb5d98eab371318c37 # version-3.45.1 - source-depth: 1 - source-type: git - plugin: autotools - autotools-configure-parameters: - - --prefix= - build-packages: - - tcl - prime: - - bin/sqlite3 - - lib/libsqlite3*so* - squashfs-tools-ng: source: https://github.com/AgentD/squashfs-tools-ng source-commit: 8f9966c8ea3ea8a854941d041e7fcb9eb4f772fb # v1.3.1 @@ -1107,7 +1053,7 @@ parts: virtiofsd: source: https://gitlab.com/virtio-fs/virtiofsd - source-commit: 3988b7304ceb2fdb4eed2c8bf8682e6ea19c4ecc # v1.10.1 + source-commit: d20f4d698c14ada07ea9ff5cb7050c2c4703ff66 # v1.11.1 source-depth: 1 source-type: git plugin: rust @@ -1183,7 +1129,7 @@ parts: zfs-2-1: source: https://github.com/openzfs/zfs - source-commit: fb6d532066f23458f768a97ae94b158c42cbe484 # zfs-2.1.15 + source-commit: a7186651d3306debca6b4f72797239eea61db36c # zfs-2.1.16 source-depth: 1 source-type: git plugin: autotools @@ -1218,7 +1164,7 @@ parts: zfs-2-2: source: https://github.com/openzfs/zfs - source-commit: baa50314567afd986a00838f0fa65fdacbd12daf # zfs-2.2.6 + source-commit: e269af1b3c7b1b1c000d05f147a2f75e5e72e0ca # zfs-2.2.7 source-depth: 1 source-type: git plugin: autotools @@ -1365,7 +1311,6 @@ parts: source-type: git build-packages: - libfuse3-dev - - libpam0g-dev - pkg-config - python3-jinja2 - meson @@ -1431,7 +1376,7 @@ parts: [ "$(uname -m)" != "x86_64" ] && [ "$(uname -m)" != "aarch64" ] && exit 0 craftctl default organize: - lib/python3.10/site-packages/: lib/python3/dist-packages/ + lib/python3.12/site-packages/: lib/python3/dist-packages/ bin/uefivars: bin/uefivars.py prime: - bin/uefivars.py @@ -1442,12 +1387,11 @@ parts: source: https://github.com/canonical/lxd # XXX: We often cherry-pick for candidate builds so don't do shallow clone #source-depth: 1 - source-commit: 01c912bff20bc04208ddfcfca558ec76a7dac0b8 # LXD 6.2 + source-commit: 2e5ca4f50e83e53db3f5c16a0948b615c82dba31 # LXD pre-6.3 source-type: git after: - lxc - dqlite - - sqlite build-packages: - cmake - libacl1-dev @@ -1499,11 +1443,6 @@ parts: git config user.email "noreply@lists.canonical.com" git config user.name "LXD snap builder" - git cherry-pick a014ad5514ee753d602b55ebce6f743a2efdbe5a # lxd/instance/drivers/driver/qemu: Fix nvram file update from 2MB OVMF and CSM mode - git cherry-pick dd7b99ed41424c3e86cf4fbd245648527088de63 # lxd/instance/instance_utils: Fix detection of suitable architecture when LXD is clustered - git cherry-pick 8a40cd43747687494ea7cd7487b04a090cfd63f1 # Patches: Remove volatile.%.last_state.ip_addresses keys more efficiently - git cherry-pick bc61d00724e69133d96c2151a71eabe1e49a689c # doc: fix malformed ref to cloud-init docs - # Setup build environment export GOPATH="$(realpath ./.go)" export CGO_CFLAGS="-I${CRAFT_STAGE}/include/ -I${CRAFT_STAGE}/usr/local/include/" @@ -1549,16 +1488,16 @@ parts: # When executed by snapd, the `compopt` support detection doesn't work so fake that it is always `builtin` set_compopt='s|$(type -t compopt)|"builtin"|' # Modify requestComp variable to use lxc based on context ($SNAP/bin/lxc in Snap environment) - set_request_comp='s|requestComp="${words\[0\]} __complete ${args\[\*\]}"|requestComp="/snap/lxd/current/bin/lxc __complete ${args[*]}"|' + set_request_comp='s|requestComp="${words\[0\]} __complete ${args\[\*\]}"|requestComp="/snap/lxd/current/commands/lxc __complete ${args[*]}"|' # Generate completions script - "${CRAFT_PART_INSTALL}/bin/lxc" completion bash | sed -e "${set_cmds}" -e "${set_cols}" -e "${set_compopt}" -e "${set_request_comp}" > "${CRAFT_PART_INSTALL}/etc/bash_completion.d/snap.lxd.lxc" + "${CRAFT_PART_INSTALL}/bin/lxc" completion bash | sed -e "${set_cmds}" -e "${set_cols}" -e "${set_compopt}" -e "${set_request_comp}" > "${CRAFT_PART_INSTALL}/lxc-completer.sh" + chmod +x "${CRAFT_PART_INSTALL}/lxc-completer.sh" organize: usr/bin/: bin/ usr/lib/: lib/ usr/share/misc/: share/misc/ var/lib/usbutils/usb.ids: share/misc/ usr/sbin/: bin/ - sbin/iw: bin/ # core22 installs iw in sbin (not needed for core24 which installs to usr/sbin) sbin/sgdisk: bin/ prime: - bin/dnsmasq @@ -1573,7 +1512,7 @@ parts: - lib/*/libidn.so.* - - etc/bash_completion.d/snap.lxd.lxc + - lxc-completer.sh - share/lxd-documentation* - share/misc/pci.ids @@ -1618,6 +1557,15 @@ parts: prime: - bin/setup-shmounts + gpu-2404: + after: + - lxd + - qemu + source: https://github.com/canonical/gpu-snap.git + plugin: dump + override-prime: | + ${CRAFT_PART_SRC}/bin/gpu-2404-cleanup mesa-2404 nvidia-2404 + strip: after: - btrfs @@ -1630,7 +1578,6 @@ parts: - ovn - qemu-ovmf-secureboot - spice-server - - sqlite - squashfs-tools-ng - swtpm - virtiofsd @@ -1720,6 +1667,7 @@ parts: commands/snap-query: bin/ hooks/: snap/hooks/ wrappers/lxd-stophook: bin/lxd + wrappers/gpu-2404-custom-wrapper: bin/ wrappers/editor: bin/ wrappers/remote-viewer: bin/ wrappers/sshfs: bin/ diff --git a/snapcraft/commands/daemon.start b/snapcraft/commands/daemon.start index f898c3e2d..cb464cce0 100755 --- a/snapcraft/commands/daemon.start +++ b/snapcraft/commands/daemon.start @@ -39,6 +39,13 @@ fi # Detect base name SNAP_BASE="$(sed -n '/^name:/ s/^name:\s*\(core[0-9]\{2\}\)/\1/p' /meta/snap.yaml)" +# Temporary hack to workaround systemctl reload snap.lxd.daemon +# problem with core24-based LXD snap +if [ "${SNAP_BASE}" = "core24" ]; then + _LXD_SNAP_DEVCGROUP_CONFIG="/var/lib/snapd/hostfs/var/lib/snapd/cgroup/snap.lxd.device" + grep -qxF 'self-managed=true' "${_LXD_SNAP_DEVCGROUP_CONFIG}" || echo 'self-managed=true' >> "${_LXD_SNAP_DEVCGROUP_CONFIG}" +fi + # Wait for appliance configuration if [ "${LXD_APPLIANCE}" = "true" ]; then while :; do @@ -173,6 +180,13 @@ echo "==> Preparing /run/bin" mkdir -p "/run/bin" export PATH="/run/bin:${PATH}" +if [ -e "${SNAP_COMMON}/use-qemu-external-snap" ]; then + echo "==> Setting up external QEMU snap integration" + export SNAP_QEMU_PREFIX="external/qemu" + LD_LPATH_PIPEWIRE="$(readlink -f "${SNAP_CURRENT}"/${SNAP_QEMU_PREFIX}/lib/"${ARCH}"/pipewire-*/)" + export LD_LIBRARY_PATH="${SNAP_CURRENT}/${SNAP_QEMU_PREFIX}/lib/${ARCH}:${SNAP_CURRENT}/${SNAP_QEMU_PREFIX}/lib/${ARCH}/pulseaudio:${SNAP_CURRENT}/${SNAP_QEMU_PREFIX}/lib/${ARCH}/ceph:${LD_LPATH_PIPEWIRE:+${LD_LPATH_PIPEWIRE}:}${LD_LIBRARY_PATH}" +fi + if [ "${ceph_external:-"false"}" = "true" ]; then ln -s "${SNAP}/wrappers/run-host" "/run/bin/ceph" ln -s "${SNAP}/wrappers/run-host" "/run/bin/radosgw-admin" @@ -222,6 +236,9 @@ ln -s "${SNAP}/wrappers/run-host" "/run/bin/getent" # Redirect journalctl to the host ln -s "${SNAP}/wrappers/run-host" "/run/bin/journalctl" +# Redirect iscsiadm to the host. +ln -s "${SNAP}/wrappers/run-host" "/run/bin/iscsiadm" + # Avoid xtables talking to nft ln -s "${SNAP}/bin/arptables-legacy" "/run/bin/arptables" ln -s "${SNAP}/bin/ebtables-legacy" "/run/bin/ebtables" @@ -530,6 +547,11 @@ if [ "${openvswitch_builtin:-"false"}" = "true" ]; then export OVS_SBINDIR="${SNAP}/bin/" mkdir -p "${OVS_SYSCONFDIR}/openvswitch" + OVS_SYSTEM_ID_FILE="${OVS_SYSCONFDIR}/openvswitch/system-id.conf" + if ! [ -s "${OVS_SYSTEM_ID_FILE}" ]; then + systemd-id128 new --uuid > "${OVS_SYSTEM_ID_FILE}" + fi + ( # Close socket activation fd exec 3<&- || true @@ -707,6 +729,10 @@ if [ "${daemon_verbose:-"false"}" = "true" ]; then CMD="${CMD} --verbose" fi +if [ "${db_trace:-"false"}" = "true" ]; then + export LIBDQLITE_TRACE=1 +fi + # Check if this is the first time LXD is started. FIRSTRUN="false" if [ ! -d "${SNAP_COMMON}/lxd/database" ]; then diff --git a/snapcraft/hooks/configure b/snapcraft/hooks/configure index 9a3208f59..2b7d25792 100755 --- a/snapcraft/hooks/configure +++ b/snapcraft/hooks/configure @@ -48,6 +48,7 @@ daemon_group=$(snapctl get daemon.group) daemon_user_group=$(snapctl get daemon.user.group) daemon_syslog=$(get_bool "$(snapctl get daemon.syslog)") daemon_verbose=$(get_bool "$(snapctl get daemon.verbose)") +db_trace=$(get_bool "$(snapctl get db.trace)") lvm_external=$(get_bool "$(snapctl get lvm.external)") lxcfs_loadavg=$(get_bool "$(snapctl get lxcfs.loadavg)") lxcfs_pidfd=$(get_bool "$(snapctl get lxcfs.pidfd)") @@ -80,6 +81,7 @@ daemon_group=${daemon_group:-"lxd"} daemon_syslog=${daemon_syslog:-"false"} daemon_user_group=${daemon_user_group:-"lxd"} daemon_verbose=${daemon_verbose:-"false"} +db_trace=${db_trace:-"false"} lvm_external=${lvm_external:-"false"} lxcfs_cfs=${lxcfs_cfs:-"false"} lxcfs_debug=${lxcfs_debug:-"false"} diff --git a/snapcraft/hooks/connect-plug-qemu-external b/snapcraft/hooks/connect-plug-qemu-external new file mode 100755 index 000000000..fd952af0a --- /dev/null +++ b/snapcraft/hooks/connect-plug-qemu-external @@ -0,0 +1,16 @@ +#!/bin/sh +set -eu + +# Re-exec outside of apparmor confinement +if [ -d /sys/kernel/security/apparmor ]; then + label="$(cat /proc/self/attr/current 2>/dev/null)" + if [ "$label" != "unconfined" ] && [ -n "${label##*(unconfined)}" ]; then + exec aa-exec -p unconfined -- "$0" "$@" + fi +fi + +echo 1 > "${SNAP_COMMON}/use-qemu-external-snap" + +echo reload > "${SNAP_COMMON}/state" +read -r PID < "${SNAP_COMMON}/lxd.pid" +kill "$PID" diff --git a/snapcraft/hooks/disconnect-plug-qemu-external b/snapcraft/hooks/disconnect-plug-qemu-external new file mode 100755 index 000000000..9fce6546f --- /dev/null +++ b/snapcraft/hooks/disconnect-plug-qemu-external @@ -0,0 +1,16 @@ +#!/bin/sh +set -eu + +# Re-exec outside of apparmor confinement +if [ -d /sys/kernel/security/apparmor ]; then + label="$(cat /proc/self/attr/current 2>/dev/null)" + if [ "$label" != "unconfined" ] && [ -n "${label##*(unconfined)}" ]; then + exec aa-exec -p unconfined -- "$0" "$@" + fi +fi + +rm -f "${SNAP_COMMON}/use-qemu-external-snap" + +echo reload > "${SNAP_COMMON}/state" +read -r PID < "${SNAP_COMMON}/lxd.pid" +kill "$PID" diff --git a/snapcraft/wrappers/gpu-2404-custom-wrapper b/snapcraft/wrappers/gpu-2404-custom-wrapper new file mode 100755 index 000000000..eec138d6f --- /dev/null +++ b/snapcraft/wrappers/gpu-2404-custom-wrapper @@ -0,0 +1,18 @@ +#!/bin/sh + +# see also https://github.com/canonical/gpu-snap/blob/929a4228ebeb17dd1cb82c48346b192ac02ac1a3/bin/gpu-2404-wrapper#L1 + +if snapctl is-connected gpu-2404 +then + echo "INFO: the gpu-2404 interface is connected. Running with gpu-2404 wrapper." + # + # We need this to help nvidia-container-toolkit with finding of + # some configuration files so they can be bindmounted in the container + # if needed. + # + export XDG_DATA_DIRS=${XDG_DATA_DIRS:+$XDG_DATA_DIRS:}/usr/share + exec "${SNAP}/gpu-2404/bin/gpu-2404-provider-wrapper" "$@" +else + echo "INFO: the gpu-2404 interface isn't connected. Skipping gpu-2404 wrapper." + exec "$@" +fi diff --git a/snapcraft/wrappers/nvidia-container-cli b/snapcraft/wrappers/nvidia-container-cli index c7c2d6461..a40be9929 100755 --- a/snapcraft/wrappers/nvidia-container-cli +++ b/snapcraft/wrappers/nvidia-container-cli @@ -1,4 +1,18 @@ #!/bin/sh -# Set the root path -exec nvidia-container-cli.real -r /var/lib/snapd/hostfs/ "$@" +# +# This is a bit hacky, as we rely on a library names but at the moment, +# we don't have any way to distinguish generic mesa-2404 snap from +# mesa-2404 snap with NVIDIA drivers connected to it. (At least, I don't know one.) +# Let's do this like that for now at least for PoC purpose. +# +if snapctl is-connected gpu-2404 && + [ -f "${SNAP}/gpu-2404-2/usr/lib/x86_64-linux-gnu/libnvidia-ml.so" ] && + [ -f "${SNAP}/gpu-2404-2/usr/lib/x86_64-linux-gnu/libcuda.so" ]; +then + # We have NVIDIA drivers snap connected, let's use it + exec nvidia-container-cli.real "$@" +else + # Set the root path to use NVIDIA libraries from the host + exec nvidia-container-cli.real -r /var/lib/snapd/hostfs/ "$@" +fi