diff --git a/Dockerfile b/Dockerfile index 5f25c81..520c4cb 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,10 @@ -ARG BASE_IMAGE=ghcr.io/converged-computing/usernetes:node-base +# ARG BASE_IMAGE=ghcr.io/converged-computing/usernetes:node-base +ARG BASE_IMAGE=usernetes_base # Edit this image to add / adopt for your environment FROM ${BASE_IMAGE} # This are private on our cluster and need to be copied to here COPY cspca.llnl.gov.cer.pem /usr/local/share/ca-certificates/ COPY cspca.cer.pem /usr/local/share/ca-certificates/ +COPY PAN-cspca.llnl.gov.crt /usr/local/share/ca-certificates/ +COPY hpc-profile.json /var/lib/kubelet/seccomp/hpc-profile.json RUN update-ca-certificates diff --git a/Makefile b/Makefile index 8ed4c7b..81203db 100644 --- a/Makefile +++ b/Makefile @@ -24,9 +24,7 @@ export NODE_SUBNET ?= $(shell $(CURDIR)/Makefile.d/node-subnet.sh) export NODE_IP := $(subst .0/24,.100,$(NODE_SUBNET)) export CONTAINER_ENGINE ?= $(shell $(CURDIR)/Makefile.d/detect-container-engine.sh CONTAINER_ENGINE) - export CONTAINER_ENGINE_TYPE ?= $(shell $(CURDIR)/Makefile.d/detect-container-engine.sh CONTAINER_ENGINE_TYPE) - COMPOSE ?= $(shell $(CURDIR)/Makefile.d/detect-container-engine.sh COMPOSE) NODE_SERVICE_NAME := node @@ -85,7 +83,13 @@ render: check-preflight up: check-preflight # Podman creates cni files in a shared location, this ensures unique names that do not clobbed one another sed -i "s/default_network/$(HOSTNAME)/g" $(HERE)/docker-compose.yaml - $(COMPOSE) up --build -d + $(COMPOSE) up -d + +.PHONY: up-built +up-built: check-preflight + # Podman creates cni files in a shared location, this ensures unique names that do not clobbed one another + sed -i "s/default_network/$(HOSTNAME)/g" $(HERE)/docker-compose.yaml + $(COMPOSE) -f $(HERE)/docker-compose.yaml -f $(HERE)/compose/prebuilt-node.yaml up -d .PHONY: down down: diff --git a/compose/prebuilt-node.yaml b/compose/prebuilt-node.yaml new file mode 100644 index 0000000..27b475a --- /dev/null +++ b/compose/prebuilt-node.yaml @@ -0,0 +1,3 @@ +services: + usernetes_node: + image: usernetes_node diff --git a/service/usernetes-start-control-plane.sh b/service/usernetes-start-control-plane.sh index 3eb884d..7882506 100755 --- a/service/usernetes-start-control-plane.sh +++ b/service/usernetes-start-control-plane.sh @@ -5,7 +5,7 @@ set -euo pipefail # These are variables we likely will change # LC only supplies podman USERNETES_CONTAINER_TECH=${1:-"podman"} -USERNETES_TEMPLATE_PATH=/usr/workspace/usernetes/usernetes-06-26-2025 +USERNETES_TEMPLATE_PATH=/usr/workspace/usernetes/usernetes-develop # We will copy join command here shared_join_command_dir="/usr/workspace/usernetes" @@ -101,9 +101,12 @@ mkdir -p "${XDG_RUNTIME_DIR}" setup_podman() { # These are likely to give issues. This resets podman with a vfs backend and then # cleans up tmp in the unshared context + if [[ -e "${HOME}/.config/containers/storage.conf" ]]; then + return + fi if [[ -x "/collab/usr/gapps/lcweg/containers/scripts/enable-podman.sh" ]]; then log " Running enable-podman.sh vfs" - if ! bash /collab/usr/gapps/lcweg/containers/scripts/enable-podman.sh vfs; then + if ! bash /collab/usr/gapps/lcweg/containers/scripts/enable-podman.sh overlay; then log " WARNING: enable-podman.sh script failed. Continuing, but podman might not be configured correctly." fi else @@ -126,8 +129,13 @@ unshare_cleanup # Usernetes Specific Setup log "๐Ÿ“‚ Copying Usernetes template from ${USERNETES_TEMPLATE_PATH}" cp -R "${USERNETES_TEMPLATE_PATH}" "${TMPDIR}/usernetes" -cd "${TMPDIR}/usernetes" # Now inside the copied template -sleep 3 # Allow filesystem operations to settle if needed + + # Now inside the copied template +cd "${TMPDIR}/usernetes" +sleep 3 + +log "๐Ÿ‘ท Building Usernetes container image 'usernetes_base'" +${container_runtime_path} build --userns-uid-map=0:0:1 --userns-uid-map=1:1:1999 --userns-uid-map=65534:2000:2 -f $(pwd)/Dockerfile.d/Dockerfile.base -t usernetes_base $(pwd) log "๐Ÿ‘ท Building Usernetes container image 'usernetes_node'" ${container_runtime_path} build --userns-uid-map=0:0:1 --userns-uid-map=1:1:1999 --userns-uid-map=65534:2000:2 -f $(pwd)/Dockerfile -t usernetes_node $(pwd) @@ -136,6 +144,7 @@ cleanup() { log "๐Ÿงน Cleaning up old networks or volumes (best effort)" make down-v || log " 'make down-v' failed, possibly because nothing was running. Continuing." + # Explicit cleanup, as 'make down-v' might not cover everything or could fail "${container_runtime_path}" network rm usernetes_default -f || log " Network 'usernetes_default' not found." "${container_runtime_path}" volume rm usernetes_node-var -f || log " Volume 'usernetes_node-var' not found." @@ -145,7 +154,7 @@ cleanup() { cleanup log " โฌ†๏ธ Bringing up the Usernetes node(s) with 'make up'" -if ! make up; then +if ! make up-built; then error_exit "Failed to bring up Usernetes with 'make up'." fi sleep 3 diff --git a/service/usernetes-start-worker.sh b/service/usernetes-start-worker.sh index 276984d..eda0ae9 100755 --- a/service/usernetes-start-worker.sh +++ b/service/usernetes-start-worker.sh @@ -5,7 +5,7 @@ set -euo pipefail # These are variables we likely will change # LC only supplies podman USERNETES_CONTAINER_TECH=${1:-"podman"} -USERNETES_TEMPLATE_PATH=/usr/workspace/usernetes/usernetes-06-26-2025 +USERNETES_TEMPLATE_PATH=/usr/workspace/usernetes/usernetes-develop # Logging functions for consistency (like Akihiro!) log() { @@ -104,6 +104,9 @@ mkdir -p "${XDG_RUNTIME_DIR}" setup_podman() { # These are likely to give issues. This resets podman with a vfs backend and then # cleans up tmp in the unshared context + if [[ -e "${HOME}/.config/containers/storage.conf" ]]; then + return + fi if [[ -x "/collab/usr/gapps/lcweg/containers/scripts/enable-podman.sh" ]]; then log " Running enable-podman.sh vfs" if ! bash /collab/usr/gapps/lcweg/containers/scripts/enable-podman.sh vfs; then @@ -134,6 +137,9 @@ cp -R "${USERNETES_TEMPLATE_PATH}" "${TMPDIR}/usernetes" cd "${TMPDIR}/usernetes" sleep 3 +log "๐Ÿ‘ท Building Usernetes container image 'usernetes_base'" +${container_runtime_path} build --userns-uid-map=0:0:1 --userns-uid-map=1:1:1999 --userns-uid-map=65534:2000:2 -f $(pwd)/Dockerfile.d/Dockerfile.base -t usernetes_base $(pwd) + log "๐Ÿ‘ท Building Usernetes container image 'usernetes_node'" ${container_runtime_path} build --userns-uid-map=0:0:1 --userns-uid-map=1:1:1999 --userns-uid-map=65534:2000:2 -f $(pwd)/Dockerfile -t usernetes_node $(pwd) @@ -150,7 +156,7 @@ cleanup() { cleanup log " โฌ†๏ธ Bringing up the Usernetes node(s) with 'make up'" -if ! make up; then +if ! make up-built; then error_exit "Failed to bring up Usernetes with 'make up'." fi sleep 3