总结了一下自己编译kata-containers的过程,尽力构造了一个从0开始的环境
环境如下:
root@MSI:~/git/kata-containers/src/runtime# uname -a
Linux MSI 6.6.87.1-microsoft-standard-WSL2 #1 SMP PREEMPT_DYNAMIC Mon Apr 21 17:08:54 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
root@MSI:~/git/kata-containers/src/runtime# cat /etc/os-release
PRETTY_NAME="Ubuntu 24.04.2 LTS"
NAME="Ubuntu"
VERSION_ID="24.04"
VERSION="24.04.2 LTS (Noble Numbat)"
VERSION_CODENAME=noble
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=noble
LOGO=ubuntu-logo
为了避免可能遇见的问题,所以提前做以下工作
#vim ~/.bashrc
export PATH=$PATH:/usr/local/go/bin
export PATH=$PATH:/root/go/bin
export GOPATH=$HOME/go
#安装一些必备的软件,大概是这些,还缺的话,看见什么,安装什么了。
#因为是使用了一段时间的WSL,然后导出迁移的
apt install build-essential bison flex mmdebstrap makedev libelf-dev containernetworking-plugins parted cpio virtiofsd containerd bind9-dnsutils net-tools git qemu-utils qemu-system
#rust必备
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
#拉取代码,只是为了编译的话,不用下载全部
git clone https://github.com/kata-containers/kata-containers.git --depth 1
#当前版本: 5b8f7b2e3c2d4fbedb201717c7c243fc461478c6
root@MSI:~/git/kata-containers/tools/osbuilder/image-builder# git log
commit 5b8f7b2e3c2d4fbedb201717c7c243fc461478c6 (HEAD -> main, origin/main, origin/HEAD)
Merge: ac6779428 e290587f9
Author: RuoqingHe <heruoqing@iscas.ac.cn>
Date: Tue Jun 10 17:28:12 2025 +0800
Merge pull request #11391 from RuoqingHe/disable-runtime-rs-test-on-riscv
runtime-rs: Skip test on RISC-V architecture
继续准备工作
#cd kata-containers 去下载的代码根目录
#参考https://github.com/kata-containers/kata-containers/blob/main/versions.yaml
#准备的环境以这个文件为准
#安装指定版本的rust
export RUST_VERSION=1.80.0
rustup install ${RUST_VERSION}
rustup default ${RUST_VERSION}-x86_64-unknown-linux-gnu
rustup target add x86_64-unknown-linux-musl
#安装指定版本的golang
wget https://go.dev/dl/go1.23.7.linux-amd64.tar.gz
tar -C /usr/local -xzf go1.23.7.linux-amd64.tar.gz
echo 'export PATH=$PATH:/usr/local/go/bin' >> ~/.bashrc
echo 'alias sc="source ~/.bashrc"'>> ~/.bashrc
source ~/.bashrc
#安装教程里面的musl
#参考 https://github.com/kata-containers/kata-containers/blob/main/docs/install/kata-containers-3.0-rust-runtime-installation-guide.md
curl -O https://git.musl-libc.org/cgit/musl/snapshot/musl-1.2.3.tar.gz
tar vxf musl-1.2.3.tar.gz
cd musl-1.2.3/
./configure --prefix=/usr/local/
make && make install
继续准备工作
#cd kata-containers 去下载的代码根目录,安装指定的yq
./ci/install_yq.sh
#我是g++13,所以是这个路径,不过,不管怎么样,如果遇见这个错误的话,改法是类似的。
vim /usr/include/x86_64-linux-gnu/c++/13/bits/os_defines.h
#在文件开头添加下面的宏定义、注释可选
//this is copy from the right features.h
// /usr/include/features.h
#define __GLIBC__ 2
#define __GLIBC_MINOR__ 39
#define __GLIBC_PREREQ(maj, min) \
((__GLIBC__ << 16) + __GLIBC_MINOR__ >= ((maj) << 16) + (min))
构建内核
#https://github.com/kata-containers/kata-containers/blob/main/tools/packaging/kernel/README.md
#有参考文档,版本的话还是看上面的version.md
#为构建内核准备
./build-kernel.sh -v 6.12.28 -d setup
INFO: Copying config file from: /git/kata-containers/tools/packaging/kernel/configs/fragments/x86_64/.config
Line 469: cp /git/kata-containers/tools/packaging/kernel/configs/fragments/x86_64/.config ./.config
Line 470: ARCH=x86_64
Line 470: make oldconfig
#
# No change to .config
#
Line 719: '[' -d /git/kata-containers/tools/packaging/kernel/kata-linux-6.12.28-156 ']'
Line 720: echo 'Kernel source ready: /git/kata-containers/tools/packaging/kernel/kata-linux-6.12.28-156 '
Kernel source ready: /git/kata-containers/tools/packaging/kernel/kata-linux-6.12.28-156
#构建内核
./build-kernel.sh build
#安装
root@MSI:~/git/kata-containers/tools/packaging/kernel# ./build-kernel.sh install
INFO: Config version: 156
INFO: Kernel version: 6.12.28
lrwxrwxrwx 1 root root 19 Jun 10 15:01 /usr/share/kata-containers/vmlinux.container -> vmlinux-6.12.28-156
lrwxrwxrwx 1 root root 19 Jun 10 15:01 /usr/share/kata-containers/vmlinuz.container -> vmlinuz-6.12.28-156
#这个过程一般很顺利,除非build的时候,yq没有安装好会出错
rootfs
root@4ba2628d4e59: kata-containers/tools/osbuilder/rootfs-builder# ./rootfs.sh -l
alpine
cbl-mariner
centos
debian
ubuntu
#不列举其他会遇见的错误了,直接提前安装好需要的软件,这里前面已经装好了
rootfs_lib.sh: 行 18: mmdebstrap: 未找到命令
ERROR: mmdebstrap failed, cannot proceed
apt install mmdebstrap makedev libelf-dev
#在version.yaml查看支持的OS版本,必须是代号,而不是数字
#https://github.com/kata-containers/kata-containers/blob/main/versions.yaml
export OS_VERSION=jammy
#可以不用docker来安装
#export USE_DOCKER=true
#生成roots,只能选择 -l展示的发行版
./rootfs.sh ubuntu
#result
Installing systemd unit files...
install -D -m 644 kata-agent.service /git/kata-containers/tools/osbuilder/rootfs-builder/rootfs-ubuntu/usr/lib/systemd/system/kata-agent.service || exit 1; install -D -m 644 kata-containers.target /git/kata-containers/tools/osbuilder/rootfs-builder/rootfs-ubuntu/usr/lib/systemd/system/kata-containers.target || exit 1;
/git/kata-containers/tools/osbuilder/rootfs-builder
[OK] Agent installed
INFO: Setup systemd-base environment for kata-agent
INFO: Check init is installed
[OK] init is installed
INFO: Create /etc/resolv.conf file in rootfs if not exist
INFO: Creating summary file
INFO: Created summary file '/var/lib/osbuilder/osbuilder.yaml' inside rootfs
#这个过程遇见错误,见下面运行install_libseccomp.sh
imgs
pwd
/git/kata-containers/tools/osbuilder/rootfs-builder
#查看上面生成的rootfs
ls rootfs-ubuntu/
bin boot dev etc home lib lib32 lib64 libx32 media mnt opt proc root run sbin srv sys tmp usr var
#切换目录
cd ../image-builder/
#生成img
./image_builder.sh ../rootfs-builder/rootfs-ubuntu/
Opening file 'kata-containers.img.header'
Writing metadata
OK!
1+0 records in
1+0 records out
2097152 bytes (2.1 MB, 2.0 MiB) copied, 0.00499731 s, 420 MB/s
520192+0 records in
520192+0 records out
266338304 bytes (266 MB, 254 MiB) copied, 1.34391 s, 198 MB/s
initrd(这个,只是运行容器,并没有用到,可以不构建)
#进入initrd-builder目录
root@MSI:~/git/kata-containers/tools/osbuilder/initrd-builder# ls
README.md initrd_builder.sh
root@MSI:~/git/kata-containers/tools/osbuilder/initrd-builder# ./initrd_builder.sh ../rootfs-builder/rootfs-ubuntu/
[OK] init is installed
[OK] Agent is installed
INFO: Creating /root/git/kata-containers/tools/osbuilder/initrd-builder/kata-containers-initrd.img based on rootfs at /root/git/kata-containers/tools/osbuilder/rootfs-builder/rootfs-ubuntu
208272 blocks
runtime:
#切换到对应的位置
cd ~/git/kata-containers/src/runtime
make && make install
#这个操作很简单,一般不会遇见什么问题,之前的环境变量配置已经提前解决了
#如果想构造runtime-rs的话,根据官方教程操作就好了
git clone https://github.com/kata-containers/kata-containers.git
cd kata-containers/src/runtime-rs
#With Builtin Dragonball VMM
make && make install
#Without Builtin Dragonball VMM
make USE_BUILDIN_DB=false
make install HYPERVISOR=qemu
#可以选择VMM,推荐下面的方案
运行容器
#我这里containerd状态正常,不正常需要自行处理
systemctl status containerd
root@MSI:~/git/kata-containers/src/runtime# which kata-runtime
/usr/local/bin/kata-runtime
root@MSI:~/git/kata-containers/src/runtime# kata-runtime check
ERRO[0000] /usr/share/defaults/kata-containers/configuration-qemu.toml: file /usr/share/kata-containers/kata-containers.img does not exist arch=amd64 name=kata-runtime pid=82039 source=runtime
/usr/share/defaults/kata-containers/configuration-qemu.toml: file /usr/share/kata-containers/kata-containers.img does not exist
#修改配置文件即可,改成img步骤生成的那个kata-containers.img
root@MSI:~/git/kata-containers/src/runtime# vim /usr/share/defaults/kata-containers/configuration-qemu.toml
#配置文件没问题,出现下面的提示,就可以正常用了
root@MSI:~/git/kata-containers/src/runtime# kata-runtime check
WARN[0000] Not running network checks as super user arch=amd64 name=kata-runtime pid=82517 source=runtime
System is capable of running Kata Containers
System can currently create Kata Containers
#拉取镜像
ctr image pull docker.io/library/nginx:alpine
#运行容器
ctr run --rm -t --runtime io.containerd.kata.v2 docker.io/library/nginx:alpine kata-test
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
......
/docker-entrypoint.sh: Configuration complete; ready for start up
2025/06/10 07:11:47 [notice] 1#1: using the "epoll" event method
2025/06/10 07:11:47 [notice] 1#1: nginx/1.27.5
2025/06/10 07:11:47 [notice] 1#1: built by gcc 14.2.0 (Alpine 14.2.0)
2025/06/10 07:11:47 [notice] 1#1: OS: Linux 6.12.28
2025/06/10 07:11:47 [notice] 1#1: getrlimit(RLIMIT_NOFILE): 1024:1024
2025/06/10 07:11:47 [notice] 1#1: start worker processes
2025/06/10 07:11:47 [notice] 1#1: start worker process 25
#很明显,一看就是刚构建的内核
#也可以进入容器查看
ctr task exec --tty --exec-id shell kata-test /bin/sh
/ # cat /etc/os-release
NAME="Alpine Linux"
ID=alpine
VERSION_ID=3.21.3
PRETTY_NAME="Alpine Linux v3.21"
HOME_URL="https://alpinelinux.org/"
BUG_REPORT_URL="https://gitlab.alpinelinux.org/alpine/aports/-/issues"
/ # uname -a
Linux MSI 6.12.28 #1 SMP Tue Jun 10 15:00:33 CST 2025 x86_64 Linux
#不指定kata的话,就不会显示我们指定的linux内核了,关闭刚才的容器
ctr run --rm docker.io/library/nginx:alpine kata-test
ctr task exec --tty --exec-id shell kata-test /bin/sh
/ # cat /etc/os-release
NAME="Alpine Linux"
ID=alpine
VERSION_ID=3.21.3
PRETTY_NAME="Alpine Linux v3.21"
HOME_URL="https://alpinelinux.org/"
BUG_REPORT_URL="https://gitlab.alpinelinux.org/alpine/aports/-/issues"
/ # uname -a
Linux MSI 6.6.87.1-microsoft-standard-WSL2 #1 SMP PREEMPT_DYNAMIC Mon Apr 21 17:08:54 UTC 2025 x86_64 Linux
#有点太顺利了,本来还想着新系统要配置containerd的运行时为kata呢
运行install_libseccomp.sh
export libseccomp_install_dir=$(mktemp -d -t libseccomp.XXXXXXXXXX)
export gperf_install_dir=$(mktemp -d -t gperf.XXXXXXXXXX)
./install_libseccomp.sh ${libseccomp_install_dir} ${gperf_install_dir}
#出错:
g++ -g -O2 -I. -I./../lib -c ./version.cc
g++ -g -O2 -I. -I./../lib -c ./positions.cc
In file included from /usr/include/x86_64-linux-gnu/c++/13/bits/c++config.h:679,
from /usr/include/c++/13/cstdlib:41,
from /usr/include/c++/13/stdlib.h:36,
from ./positions.cc:25:
/usr/include/x86_64-linux-gnu/c++/13/bits/os_defines.h:44:19: error: missing binary operator before token "("
44 | #if __GLIBC_PREREQ(2,15) && defined(_GNU_SOURCE)
| ^
/usr/include/x86_64-linux-gnu/c++/13/bits/os_defines.h:55:19: error: missing binary operator before token "("
55 | #if __GLIBC_PREREQ(2, 26) \
| ^
/usr/include/x86_64-linux-gnu/c++/13/bits/os_defines.h:66:20: error: missing binary operator before token "("
66 | # if __GLIBC_PREREQ(2, 27)
| ^
/usr/include/x86_64-linux-gnu/c++/13/bits/os_defines.h:78:20: error: missing binary operator before token "("
78 | # if __GLIBC_PREREQ(2, 34)
| ^
make[1]: *** [Makefile:101: positions.o] Error 1
make[1]: Leaving directory '/tmp/build-libseccomp.siLtq/gperf-3.1/src'
make: *** [Makefile:34: all] Error 2
root@4ba2628d4e59:/git/kata-containers/ci# gcc --version
gcc (Ubuntu 13.3.0-6ubuntu2~24.04) 13.3.0
Copyright (C) 2023 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
cat /usr/include/x86_64-linux-gnu/c++/13/bits/os_defines.h
#里面只导入了一个头文件,缺少的宏必然来自与那个文件,然后查找库的路径,找到那个名称的文件,看一下又没可以对应的宏
root@4ba2628d4e59:/git/kata-containers/ci# g++ -E ./positions.cc -o /dev/null -v
Using built-in specs.
COLLECT_GCC=g++
OFFLOAD_TARGET_NAMES=nvptx-none:amdgcn-amdhsa
OFFLOAD_TARGET_DEFAULT=1
Target: x86_64-linux-gnu
Configured with: ../src/configure -v --with-pkgversion='Ubuntu 13.3.0-6ubuntu2~24.04' --with-bugurl=file:///usr/share/doc/gcc-13/README.Bugs --enable-
......此处省略一大堆
......
fstack-clash-protection -fcf-protection -dumpbase positions.cc -dumpbase-ext .cc
ignoring duplicate directory "/usr/include/x86_64-linux-gnu/c++/13"
ignoring nonexistent directory "/usr/local/include/x86_64-linux-gnu"
ignoring nonexistent directory "/usr/lib/gcc/x86_64-linux-gnu/13/include-fixed/x86_64-linux-gnu"
ignoring nonexistent directory "/usr/lib/gcc/x86_64-linux-gnu/13/include-fixed"
ignoring nonexistent directory "/usr/lib/gcc/x86_64-linux-gnu/13/../../../../x86_64-linux-gnu/include"
#include "..." search starts here:
#include <...> search starts here:
/usr/include/c++/13
/usr/include/x86_64-linux-gnu/c++/13
/usr/include/c++/13/backward
/usr/lib/gcc/x86_64-linux-gnu/13/include
/usr/local/include
/usr/include/x86_64-linux-gnu
/usr/include
End of search list.
cc1plus: fatal error: ./positions.cc: No such file or directory
compilation terminated.
#最后,在这几个路径下查看有没有features.h。
/usr/local/include
/usr/include
#二者都有,下面的才有定义,个人认为最简单的处理方式就是把需要的宏定义复制到
/usr/include/x86_64-linux-gnu/c++/13/bits/os_defines.h
#所以,上面才首先修改这个文件
本文只是基础的构建了内核、rootfs和img来启动kata容器,如何高级的自定义还有待深入学习
如果有不恰当的地方,欢迎批评指正!
浙公网安备 33010602011771号