Include the xt-statistic kernel module required by K3S for iptables
configuration.

Signed-off-by: Kamil Dziezyk <kamil.dziezyk@arm.com>
Change-Id: I7592261c65c7c0831ce553ee907fba9e3e458b6f
---
recipes-containers/k3s/k3s_git.bb | 1 +
1 file changed, 1 insertion(+)

diff --git a/recipes-containers/k3s/k3s_git.bb b/recipes-containers/k3s/k3s_git.bb
index 0300fc3..e341ad7 100644
--- a/recipes-containers/k3s/k3s_git.bb
+++ b/recipes-containers/k3s/k3s_git.bb
@@ -95,6 +95,7 @@ RRECOMMENDS:${PN} = "\
kernel-module-xt-connmark \
kernel-module-vxlan \
kernel-module-xt-masquerade \
+ kernel-module-xt-statistic \
"

RCONFLICTS:${PN} = "kubectl"
--
2.17.1

Update k3s.service with the latest changes from install.sh script.
Add k3s-killall.sh script to stop all of the K3s containers and reset
the containerd state.

The killall script cleans up containers, K3s directories, and networking
components while also removing the iptables chain with all the associated
rules. The cluster data will not be deleted.

Signed-off-by: Kamil Dziezyk <kamil.dziezyk@arm.com>
Change-Id: If1794367cabfc18fc8e3ecaf26badd4d0bc25114
---
recipes-containers/k3s/k3s/k3s-killall.sh | 82 +++++++++++++++++++++++
recipes-containers/k3s/k3s/k3s.service | 12 +++-
recipes-containers/k3s/k3s_git.bb | 2 +
3 files changed, 95 insertions(+), 1 deletion(-)
create mode 100644 recipes-containers/k3s/k3s/k3s-killall.sh

diff --git a/recipes-containers/k3s/k3s/k3s-killall.sh b/recipes-containers/k3s/k3s/k3s-killall.sh
new file mode 100644
index 0000000..9e72615
--- /dev/null
+++ b/recipes-containers/k3s/k3s/k3s-killall.sh
@@ -0,0 +1,82 @@
+#!/bin/sh
+
+# Based on: k3s-killall.sh installed when running Rancher Lab's K3S install.sh
+# In open-source project: https://github.com/k3s-io/k3s
+#
+# Original file: Copyright (c) 2021 Rancher Labs and Contributors.
+# Modifications: Copyright (c) 2021 Arm Limited and Contributors. All rights reserved.
+#
+# Modifications:
+# - Change systemd service directory location
+# - Fix PID parsing to run on core image
+# - Remove service stopping code (as this is intended to run as part of service
+# stop)
+# - Changes to resolve warnings from the ShellCheck static analysis tool
+#
+# SPDX-License-Identifier: Apache License 2.0
+
+[ "$(id -u)" -eq 0 ] || exec sudo "$0" "$@"
+
+for bin in /var/lib/rancher/k3s/data/**/bin/; do
+ [ -d "$bin" ] && export PATH=$PATH:$bin:$bin/aux
+done
+
+set -x
+
+pschildren() {
+ ps -e -o ppid= -o pid= | sed -e 's/^\s*//g; s/\s\s*/\t/g;' | grep -w "^$1" | cut -f2
+}
+
+pstree() {
+ for pid in "$@"; do
+ echo "$pid"
+ for child in $(pschildren "$pid"); do
+ pstree "$child"
+ done
+ done
+}
+
+killtree() {
+ while read -r pid; do
+ if [ -n "${pid}" ]; then
+ kill -9 "${pid}" 2>/dev/null
+ fi
+ done <<EOF
+$({ set +x; } 2>/dev/null; pstree "$@"; set -x;)
+EOF
+}
+
+getshims() {
+ ps -e -o pid= -o args= | sed -e 's/^ *//; s/\s\s*/\t/;' | grep -w '[^/]*/bin/containerd-shim' | cut -f1
+}
+
+killtree "$({ set +x; } 2>/dev/null; getshims; set -x)"
+
+# shellcheck disable=SC2016
+do_unmount_and_remove() {
+ set +x
+ while read -r _ path _; do
+ case "$path" in $1*) echo "$path" ;; esac
+ done < /proc/self/mounts | sort -r | xargs -r -t -n 1 sh -c 'umount "$0" && rm -rf "$0"'
+ set -x
+}
+
+do_unmount_and_remove '/run/k3s'
+do_unmount_and_remove '/var/lib/rancher/k3s'
+do_unmount_and_remove '/var/lib/kubelet/pods'
+do_unmount_and_remove '/var/lib/kubelet/plugins'
+do_unmount_and_remove '/run/netns/cni-'
+
+# Remove CNI namespaces
+ip netns show 2>/dev/null | grep cni- | xargs -r -t -n 1 ip netns delete
+
+# Delete network interface(s) that match 'master cni0'
+ip link show 2>/dev/null | grep 'master cni0' | while read -r _ iface _; do
+ iface=${iface%%@*}
+ [ -z "$iface" ] || ip link delete "$iface"
+done
+ip link delete cni0
+ip link delete flannel.1
+ip link delete flannel-v6.1
+rm -rf /var/lib/cni/
+iptables-save | grep -v KUBE- | grep -v CNI- | iptables-restore
diff --git a/recipes-containers/k3s/k3s/k3s.service b/recipes-containers/k3s/k3s/k3s.service
index 34c7a80..33d3ee7 100644
--- a/recipes-containers/k3s/k3s/k3s.service
+++ b/recipes-containers/k3s/k3s/k3s.service
@@ -4,12 +4,17 @@ Description=Lightweight Kubernetes
Documentation=https://k3s.io
Requires=containerd.service
After=containerd.service
+After=network-online.target
+Wants=network-online.target

[Install]
WantedBy=multi-user.target

[Service]
Type=notify
+EnvironmentFile=-/etc/default/%N
+EnvironmentFile=-/etc/sysconfig/%N
+EnvironmentFile=-/etc/systemd/system/k3s.service.env
KillMode=process
Delegate=yes
# Having non-zero Limit*s causes performance problems due to accounting overhead
@@ -21,7 +26,12 @@ TasksMax=infinity
TimeoutStartSec=0
Restart=always
RestartSec=5s
+ExecStartPre=/bin/sh -xc '! systemctl is-enabled --quiet nm-cloud-setup.service'
ExecStartPre=-/sbin/modprobe br_netfilter
ExecStartPre=-/sbin/modprobe overlay
ExecStart=/usr/local/bin/k3s server
-
+# Avoid any delay due to this service when the system is rebooting or shutting
+# down by using the k3s-killall.sh script to kill all of the running k3s
+# services and containers
+ExecStopPost=/bin/sh -c "if systemctl is-system-running | grep -i \
+ 'stopping'; then /usr/local/bin/k3s-killall.sh; fi"
diff --git a/recipes-containers/k3s/k3s_git.bb b/recipes-containers/k3s/k3s_git.bb
index 5971dde..0300fc3 100644
--- a/recipes-containers/k3s/k3s_git.bb
+++ b/recipes-containers/k3s/k3s_git.bb
@@ -11,6 +11,7 @@ SRC_URI = "git://github.com/rancher/k3s.git;branch=release-1.22;name=k3s \
file://k3s-clean \
file://cni-containerd-net.conf \
file://0001-Finding-host-local-in-usr-libexec.patch;patchdir=src/import \
+ file://k3s-killall.sh \
"
SRC_URI[k3s.md5sum] = "363d3a08dc0b72ba6e6577964f6e94a5"
SRCREV_k3s = "737f722315b9832e9180fa232253d28ae1f2272f"
@@ -60,6 +61,7 @@ do_install() {
# ln -sr "${D}/${BIN_PREFIX}/bin/k3s" "${D}${BIN_PREFIX}/bin/ctr"
ln -sr "${D}/${BIN_PREFIX}/bin/k3s" "${D}${BIN_PREFIX}/bin/kubectl"
install -m 755 "${WORKDIR}/k3s-clean" "${D}${BIN_PREFIX}/bin"
+ install -m 755 "${WORKDIR}/k3s-killall.sh" "${D}${BIN_PREFIX}/bin"

if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
install -D -m 0644 "${WORKDIR}/k3s.service" "${D}${systemd_system_unitdir}/k3s.service"
--
2.17.1

On Tue, Oct 19, 2021 at 6:51 AM Diego Sueiro <Diego.Sueiro@arm.com> wrote:

Hi Bruce,

This is the current fix that I have for docker-moby and cni recipes and I think it is aligned with the patch that you linked since you are also setting the SRCREV_FORMAT:

Indeed.

I'll take care of the changes, since I can run tests as I go.

What branches are you using ? I can backport to wherever it makes sense.

Bruce

```
diff --git a/recipes-containers/docker/docker-moby_git.bb b/recipes-containers/docker/docker-moby_git.bb
index defb321..f2ccfcd 100644
--- a/recipes-containers/docker/docker-moby_git.bb
+++ b/recipes-containers/docker/docker-moby_git.bb
@@ -47,6 +47,8 @@ SRC_URI = "\
file://0001-dynbinary-use-go-cross-compiler.patch \
"

+SRCRV_FORMAT = "moby"
+
require docker.inc

# Apache-2.0 for docker
diff --git a/recipes-networking/cni/cni_git.bb b/recipes-networking/cni/cni_git.bb
index cb8d6ff..385d170 100644
--- a/recipes-networking/cni/cni_git.bb
+++ b/recipes-networking/cni/cni_git.bb
@@ -24,6 +24,8 @@ LIC_FILES_CHKSUM = "file://src/import/LICENSE;md5=fa818a259cbed7ce8bc2a22d35a464

GO_IMPORT = "import"

+SRCREV_FORMAT = "cni"
+
PV = "v0.8.0+git${SRCREV_cni}"

inherit go
```

________________________________
From: Bruce Ashfield <bruce.ashfield@gmail.com>
Sent: 18 October 2021 20:44
To: Diego Sueiro <Diego.Sueiro@arm.com>
Cc: meta-virtualization@lists.yoctoproject.org <meta-virtualization@lists.yoctoproject.org>; nd <nd@arm.com>
Subject: Re: [meta-virtualization] Issues with Setscene tasks

On Mon, Oct 18, 2021 at 3:30 PM Diego Sueiro <diego.sueiro@arm.com> wrote:

Hi,



Recently I realized that we are having issues with setscene tasks (for docker-moby and cni recipes) where the packages were rebuild even already have their tasks in the sstate mirror and bitbake-diffsigs not showing any difference.
This is the sample of the output that I was getting:
```

WARNING: Logfile for failed setscene task is /<snip>/build/tmp/work/neoversen1-poky-linux/cni/v0.8.0+gitb5ab16f010e822936eb974690ecec38ba69afc01-r0/temp/log.do_package_qa_setscene.3335

WARNING: Setscene task (/<snip>/layers/meta-virtualization/recipes-networking/cni/cni_git.bb:do_package_qa_setscene) failed with exit code '1' - real task will be run instead

WARNING: Logfile for failed setscene task is /<snip>/build/tmp/work/neoversen1-poky-linux/cni/v0.8.0+gitb5ab16f010e822936eb974690ecec38ba69afc01-0/temp/log.do_package_write_rpm_setscene.3336

WARNING: Setscene task (/<snip>/layers/meta-virtualization/recipes-networking/cni/cni_git.bb:do_package_write_rpm_setscene) failed with exit code '1' - real task will be run instead

WARNING: Logfile for failed setscene task is /<snip>/build/tmp/work/neoversen1-poky-linux/cni/v0.8.0+gitb5ab16f010e822936eb974690ecec38ba69afc01-r0/temp/log.do_populate_lic_setscene.3337

WARNING: Setscene task (/<snip>/layers/meta-virtualization/recipes-networking/cni/cni_git.bb:do_populate_lic_setscene) failed with exit code '1' - real task will be run instead

WARNING: Logfile for failed setscene task is /<snip>/build/tmp/work/neoversen1-poky-linux/cni/v0.8.0+gitb5ab16f010e822936eb974690ecec38ba69afc01-r0/temp/log.do_populate_sysroot_setscene.3338

WARNING: Setscene task (/<snip>/layers/meta-virtualization/recipes-networking/cni/cni_git.bb:do_populate_sysroot_setscene) failed with exit code '1' - real task will be run instead

WARNING: Logfile for failed setscene task is /<snip>/build/tmp/work/neoversen1-poky-linux/cni/v0.8.0+gitb5ab16f010e822936eb974690ecec38ba69afc01-r0/temp/log.do_package_qa_setscene.3339

WARNING: Setscene task (/<snip>/layers/meta-virtualization/recipes-networking/cni/cni_git.bb:do_packagedata_setscene) failed with exit code '1' - real task will be run instead

WARNING: Logfile for failed setscene task is /<snip>/build/tmp/work/neoversen1-poky-linux/cni/v0.8.0+gitb5ab16f010e822936eb974690ecec38ba69afc01-r0/temp/log.do_package_setscene.3380

WARNING: Setscene task (/<snip>/layers/meta-virtualization/recipes-networking/cni/cni_git.bb:do_package_setscene) failed with exit code '1' - real task will be run instead

WARNING: Logfile for failed setscene task is /<snip>/build/tmp/work/neoversen1-poky-linux/cni/v0.8.0+gitb5ab16f010e822936eb974690ecec38ba69afc01-r0/temp/log.do_deploy_source_date_epoch_setscene.3383

WARNING: Setscene task (/<snip>/layers/meta-virtualization/recipes-networking/cni/cni_git.bb:do_deploy_source_date_epoch_setscene) failed with exit code '1' - real task will be run instead

```



After some debugging I found that the “failed with exit code 1” comes from this line http://git.yoctoproject.org/cgit/cgit.cgi/poky/tree/meta/classes/sstate.bbclass#n764:
```

localdata.setVar('SRCPV', d.getVar('SRCPV'))
```


The root cause is because the cni and docker-moby recipes are using named SRC_URI (a.k.a http://...;name=foo), setting the PV with it and were not setting the SRCREV_FORMAT which consequentially not set the SRCPV accordingly.



Setting the SRCREV_FORMAT for cni and docker-moby recipes fixed the issue, but I also suspect that the following recipes are potentially having the same issue:

```
$ grep -r PV | grep SRCREV_

recipes-core/runx/runx_git.bb:PV = "v1.0-git${SRCREV_runx}"

recipes-core/runv/runv_git.bb:PV = "0.4.0+git${SRCREV_runv}"

recipes-containers/docker/docker-ce_git.bb:PV = "${DOCKER_VERSION}+git${SRCREV_docker}"

recipes-containers/docker/docker-moby_git.bb:PV = "${DOCKER_VERSION}+git${SRCREV_moby}"

recipes-containers/cri-o/cri-o_git.bb:PV = "1.22.0+git${SRCREV_cri-o}"

recipes-containers/kubernetes/kubernetes_git.bb:PV = "v1.22.2+git${SRCREV_kubernetes}"

recipes-containers/cri-tools/cri-tools_git.bb:PV = "1.21.0+git${SRCREV_cri-tools}"

recipes-containers/crun/crun_git.bb:PV = "0.18+git${SRCREV_crun}"

recipes-networking/cni/cni_git.bb:PV = "v0.8.0+git${SRCREV_cni}"

recipes-devtools/yq/yq_git.bb:PV = "1.13.1+git${SRCREV_yq}"

recipes-devtools/go/go-build_git.bb:PV = "0.1-git${SRCREV_runx}"

```



I can send a patch to fix cni and docker-moby but unfortunately I don’t have resources to test the other mentioned recipes.

I've actually been going through and fixing these as they pop up, and
just had to do it for kubernetes:

https://git.yoctoproject.org/cgit/cgit.cgi/meta-virtualization/commit/?h=master-next&id=45e5f2e821784f0b55a41ee5f08d7acb98f8f288

If you were doing anything other than what you see that I did in that
recipe, let me know. Otherwise, I'll make a similar change globally to
the layer.

Bruce

--
Diego Sueiro
Staff Software Developer – Automotive and Industrial Solutions (CE-OSS)

--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II

--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II

On 10/19/21 11:04 AM, Bruce Ashfield wrote:

On Mon, Oct 18, 2021 at 10:53 PM kai <kai.kang@windriver.com> wrote:

From: Kai Kang <kai.kang@windriver.com>

According to oe-core commit

8e26252b45 layer.conf: Extend recipes not to install without explict dependencies

pkgconfig-native is not deployed in sysroot by default any more. Inherit
pkgconfig.bbclass to make it available for ceph.

Signed-off-by: Kai Kang <kai.kang@windriver.com>
---
v2:
* correct referenced commit

v2 is staged on master-next.

If this is needed anywhere else than master (i.e. honister), let me
know ... It wouldn't break anything on honister, but I'm trying to
keep the changes there to a minimum.

It is only required by master that the oe-core commit only exists in oe-core master and next release(kirkstone) branches:

$ git br -r --contains 8e26252b45

  origin/HEAD -> origin/master
  origin/kirkstone-next
  origin/master
  origin/master-next

Regards,
Kai

Cheers,

Bruce

recipes-extended/ceph/ceph_15.2.12.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/recipes-extended/ceph/ceph_15.2.12.bb b/recipes-extended/ceph/ceph_15.2.12.bb
index 6636d7a..693b525 100644
--- a/recipes-extended/ceph/ceph_15.2.12.bb
+++ b/recipes-extended/ceph/ceph_15.2.12.bb
@@ -4,7 +4,7 @@ LIC_FILES_CHKSUM = "file://COPYING-LGPL2.1;md5=fbc093901857fcd118f065f900982c24
file://COPYING-GPL2;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
file://COPYING;md5=4eb012c221c5fd4b760029a2981a6754 \
"
-inherit cmake python3native python3-dir systemd
+inherit cmake pkgconfig python3native python3-dir systemd
# Disable python pybind support for ceph temporary, when corss compiling pybind,
# pybind mix cmake and python setup environment, would case a lot of errors.

--
2.17.1

--
Kai Kang
Wind River Linux

On Mon, Oct 18, 2021 at 10:53 PM kai <kai.kang@windriver.com> wrote:

From: Kai Kang <kai.kang@windriver.com>

According to oe-core commit

8e26252b45 layer.conf: Extend recipes not to install without explict dependencies

pkgconfig-native is not deployed in sysroot by default any more. Inherit
pkgconfig.bbclass to make it available for ceph.

Signed-off-by: Kai Kang <kai.kang@windriver.com>
---
v2:
* correct referenced commit

v2 is staged on master-next.

If this is needed anywhere else than master (i.e. honister), let me
know ... It wouldn't break anything on honister, but I'm trying to
keep the changes there to a minimum.

Cheers,

Bruce

recipes-extended/ceph/ceph_15.2.12.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/recipes-extended/ceph/ceph_15.2.12.bb b/recipes-extended/ceph/ceph_15.2.12.bb
index 6636d7a..693b525 100644
--- a/recipes-extended/ceph/ceph_15.2.12.bb
+++ b/recipes-extended/ceph/ceph_15.2.12.bb
@@ -4,7 +4,7 @@ LIC_FILES_CHKSUM = "file://COPYING-LGPL2.1;md5=fbc093901857fcd118f065f900982c24
file://COPYING-GPL2;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
file://COPYING;md5=4eb012c221c5fd4b760029a2981a6754 \
"
-inherit cmake python3native python3-dir systemd
+inherit cmake pkgconfig python3native python3-dir systemd
# Disable python pybind support for ceph temporary, when corss compiling pybind,
# pybind mix cmake and python setup environment, would case a lot of errors.

--
2.17.1

--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II

From: Kai Kang <kai.kang@windriver.com>

According to oe-core commit

8e26252b45 layer.conf: Extend recipes not to install without explict dependencies

pkgconfig-native is not deployed in sysroot by default any more. Inherit
pkgconfig.bbclass to make it available for ceph.

Signed-off-by: Kai Kang <kai.kang@windriver.com>
---
v2:
* correct referenced commit

recipes-extended/ceph/ceph_15.2.12.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/recipes-extended/ceph/ceph_15.2.12.bb b/recipes-extended/ceph/ceph_15.2.12.bb
index 6636d7a..693b525 100644
--- a/recipes-extended/ceph/ceph_15.2.12.bb
+++ b/recipes-extended/ceph/ceph_15.2.12.bb
@@ -4,7 +4,7 @@ LIC_FILES_CHKSUM = "file://COPYING-LGPL2.1;md5=fbc093901857fcd118f065f900982c24
file://COPYING-GPL2;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
file://COPYING;md5=4eb012c221c5fd4b760029a2981a6754 \
"
-inherit cmake python3native python3-dir systemd
+inherit cmake pkgconfig python3native python3-dir systemd
# Disable python pybind support for ceph temporary, when corss compiling pybind,
# pybind mix cmake and python setup environment, would case a lot of errors.

--
2.17.1

On 10/15/21 5:52 PM, Martin Jansa wrote:

On Fri, Oct 15, 2021 at 11:37 AM kai <kai.kang@...> wrote:

From: Kai Kang <kai.kang@...>

According to oe-core commit

652fdf8719 sstate: Allow validation of sstate singatures against list of keys

I think you should refer to this oe-core commit instead:

https://git.openembedded.org/openembedded-core/commit/?id=8e26252b45b7660c7c67c702411bdec187a76ffc

My fault. I referred to wrong commit. Thank you for pointing out.

Regards,
Kai

Sorry, just ref the commit in Yocto. Will ref to URL link next time.

Regards,
Kai

pkgconfig-native is not deployed in sysroot by default any more. Inherit
pkgconfig.bbclass to make it work for ceph.

Signed-off-by: Kai Kang <kai.kang@...>
---
 recipes-extended/ceph/ceph_15.2.12.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/recipes-extended/ceph/ceph_15.2.12.bb b/recipes-extended/ceph/ceph_15.2.12.bb
index 6636d7a..693b525 100644
--- a/recipes-extended/ceph/ceph_15.2.12.bb
+++ b/recipes-extended/ceph/ceph_15.2.12.bb
@@ -4,7 +4,7 @@ LIC_FILES_CHKSUM = "file://COPYING-LGPL2.1;md5=fbc093901857fcd118f065f900982c24
                     file://COPYING-GPL2;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
                     file://COPYING;md5=4eb012c221c5fd4b760029a2981a6754 \
 "
-inherit cmake python3native python3-dir systemd
+inherit cmake pkgconfig python3native python3-dir systemd
 # Disable python pybind support for ceph temporary, when corss compiling pybind,
 # pybind mix cmake and python setup environment, would case a lot of errors.

--
2.17.1

-- 
Kai Kang
Wind River Linux

-- 
Kai Kang
Wind River Linux

On Fri, Oct 15, 2021 at 11:37 AM kai <kai.kang@...> wrote:

From: Kai Kang <kai.kang@...>

According to oe-core commit

652fdf8719 sstate: Allow validation of sstate singatures against list of keys

I think you should refer to this oe-core commit instead:

https://git.openembedded.org/openembedded-core/commit/?id=8e26252b45b7660c7c67c702411bdec187a76ffc

Sorry, just ref the commit in Yocto. Will ref to URL link next time.

Regards,
Kai

pkgconfig-native is not deployed in sysroot by default any more. Inherit
pkgconfig.bbclass to make it work for ceph.

Signed-off-by: Kai Kang <kai.kang@...>
---
 recipes-extended/ceph/ceph_15.2.12.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/recipes-extended/ceph/ceph_15.2.12.bb b/recipes-extended/ceph/ceph_15.2.12.bb
index 6636d7a..693b525 100644
--- a/recipes-extended/ceph/ceph_15.2.12.bb
+++ b/recipes-extended/ceph/ceph_15.2.12.bb
@@ -4,7 +4,7 @@ LIC_FILES_CHKSUM = "file://COPYING-LGPL2.1;md5=fbc093901857fcd118f065f900982c24
                     file://COPYING-GPL2;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
                     file://COPYING;md5=4eb012c221c5fd4b760029a2981a6754 \
 "
-inherit cmake python3native python3-dir systemd
+inherit cmake pkgconfig python3native python3-dir systemd
 # Disable python pybind support for ceph temporary, when corss compiling pybind,
 # pybind mix cmake and python setup environment, would case a lot of errors.

--
2.17.1

-- 
Kai Kang
Wind River Linux

On Mon, Oct 18, 2021 at 3:30 PM Diego Sueiro <diego.sueiro@arm.com> wrote:

Hi,



Recently I realized that we are having issues with setscene tasks (for docker-moby and cni recipes) where the packages were rebuild even already have their tasks in the sstate mirror and bitbake-diffsigs not showing any difference.
This is the sample of the output that I was getting:
```

WARNING: Logfile for failed setscene task is /<snip>/build/tmp/work/neoversen1-poky-linux/cni/v0.8.0+gitb5ab16f010e822936eb974690ecec38ba69afc01-r0/temp/log.do_package_qa_setscene.3335

WARNING: Setscene task (/<snip>/layers/meta-virtualization/recipes-networking/cni/cni_git.bb:do_package_qa_setscene) failed with exit code '1' - real task will be run instead

WARNING: Logfile for failed setscene task is /<snip>/build/tmp/work/neoversen1-poky-linux/cni/v0.8.0+gitb5ab16f010e822936eb974690ecec38ba69afc01-0/temp/log.do_package_write_rpm_setscene.3336

WARNING: Setscene task (/<snip>/layers/meta-virtualization/recipes-networking/cni/cni_git.bb:do_package_write_rpm_setscene) failed with exit code '1' - real task will be run instead

WARNING: Logfile for failed setscene task is /<snip>/build/tmp/work/neoversen1-poky-linux/cni/v0.8.0+gitb5ab16f010e822936eb974690ecec38ba69afc01-r0/temp/log.do_populate_lic_setscene.3337

WARNING: Setscene task (/<snip>/layers/meta-virtualization/recipes-networking/cni/cni_git.bb:do_populate_lic_setscene) failed with exit code '1' - real task will be run instead

WARNING: Logfile for failed setscene task is /<snip>/build/tmp/work/neoversen1-poky-linux/cni/v0.8.0+gitb5ab16f010e822936eb974690ecec38ba69afc01-r0/temp/log.do_populate_sysroot_setscene.3338

WARNING: Setscene task (/<snip>/layers/meta-virtualization/recipes-networking/cni/cni_git.bb:do_populate_sysroot_setscene) failed with exit code '1' - real task will be run instead

WARNING: Logfile for failed setscene task is /<snip>/build/tmp/work/neoversen1-poky-linux/cni/v0.8.0+gitb5ab16f010e822936eb974690ecec38ba69afc01-r0/temp/log.do_package_qa_setscene.3339

WARNING: Setscene task (/<snip>/layers/meta-virtualization/recipes-networking/cni/cni_git.bb:do_packagedata_setscene) failed with exit code '1' - real task will be run instead

WARNING: Logfile for failed setscene task is /<snip>/build/tmp/work/neoversen1-poky-linux/cni/v0.8.0+gitb5ab16f010e822936eb974690ecec38ba69afc01-r0/temp/log.do_package_setscene.3380

WARNING: Setscene task (/<snip>/layers/meta-virtualization/recipes-networking/cni/cni_git.bb:do_package_setscene) failed with exit code '1' - real task will be run instead

WARNING: Logfile for failed setscene task is /<snip>/build/tmp/work/neoversen1-poky-linux/cni/v0.8.0+gitb5ab16f010e822936eb974690ecec38ba69afc01-r0/temp/log.do_deploy_source_date_epoch_setscene.3383

WARNING: Setscene task (/<snip>/layers/meta-virtualization/recipes-networking/cni/cni_git.bb:do_deploy_source_date_epoch_setscene) failed with exit code '1' - real task will be run instead

```



After some debugging I found that the “failed with exit code 1” comes from this line http://git.yoctoproject.org/cgit/cgit.cgi/poky/tree/meta/classes/sstate.bbclass#n764:
```

localdata.setVar('SRCPV', d.getVar('SRCPV'))
```


The root cause is because the cni and docker-moby recipes are using named SRC_URI (a.k.a http://...;name=foo), setting the PV with it and were not setting the SRCREV_FORMAT which consequentially not set the SRCPV accordingly.



Setting the SRCREV_FORMAT for cni and docker-moby recipes fixed the issue, but I also suspect that the following recipes are potentially having the same issue:

```
$ grep -r PV | grep SRCREV_

recipes-core/runx/runx_git.bb:PV = "v1.0-git${SRCREV_runx}"

recipes-core/runv/runv_git.bb:PV = "0.4.0+git${SRCREV_runv}"

recipes-containers/docker/docker-ce_git.bb:PV = "${DOCKER_VERSION}+git${SRCREV_docker}"

recipes-containers/docker/docker-moby_git.bb:PV = "${DOCKER_VERSION}+git${SRCREV_moby}"

recipes-containers/cri-o/cri-o_git.bb:PV = "1.22.0+git${SRCREV_cri-o}"

recipes-containers/kubernetes/kubernetes_git.bb:PV = "v1.22.2+git${SRCREV_kubernetes}"

recipes-containers/cri-tools/cri-tools_git.bb:PV = "1.21.0+git${SRCREV_cri-tools}"

recipes-containers/crun/crun_git.bb:PV = "0.18+git${SRCREV_crun}"

recipes-networking/cni/cni_git.bb:PV = "v0.8.0+git${SRCREV_cni}"

recipes-devtools/yq/yq_git.bb:PV = "1.13.1+git${SRCREV_yq}"

recipes-devtools/go/go-build_git.bb:PV = "0.1-git${SRCREV_runx}"

```



I can send a patch to fix cni and docker-moby but unfortunately I don’t have resources to test the other mentioned recipes.

I've actually been going through and fixing these as they pop up, and
just had to do it for kubernetes:

https://git.yoctoproject.org/cgit/cgit.cgi/meta-virtualization/commit/?h=master-next&id=45e5f2e821784f0b55a41ee5f08d7acb98f8f288

If you were doing anything other than what you see that I did in that
recipe, let me know. Otherwise, I'll make a similar change globally to
the layer.

Bruce

--
Diego Sueiro
Staff Software Developer – Automotive and Industrial Solutions (CE-OSS)

--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II

On Mon, Oct 18, 2021 at 8:59 AM <kovac167@gmail.com> wrote:

Bruce,

Thank you for the response. I believe I am running into the same issue attempting to build podman with crun as the container runtime. These are the steps I have taken to reproduce the error:

- execute a build with podman & crun with networking enabled on the VM
- delete the tmp, cache, & sstate-cache directories from the build
- save the downloads directory (for offline builds)
- set the bb_no_network to 1
- disable networking on the VM
- execute the build again offline

It looks like the build is attempting to reach & out download yajl, even when the bb_no_network flag is set. When I remove the crun setting from podman, the build completes successfully.

Ah yes, they've committed crimes in autogen.sh, that I hadn't noticed
creeping in.

I've bumped crun to the latest, and will confirm no network access
before pushing.

Bruce

Logs:

DEBUG: crun-0.18+gitf302dd8c02c6fddd2c50d1685d82b7a19aae8afe-r0 do_configure: Executing shell function do_configure

Submodule 'libocispec' (https://github.com/containers/libocispec.git) registered for path 'libocispec'
Submodule path 'libocispec': checked out 'fa3e8338c62ae482e509884ee2edaefc8e00499e'
Submodule 'image-spec' (https://github.com/opencontainers/image-spec) registered for path 'libocispec/image-spec'
Submodule 'runtime-spec' (https://github.com/opencontainers/runtime-spec) registered for path 'libocispec/runtime-spec'
Submodule 'yajl' (https://github.com/containers/yajl.git) registered for path 'libocispec/yajl'

Cloning into '/opt/roast/bitbake/build/tmp/work/corei7-64-gmit-linux/crun/0.18+gitf302dd8c02c6fddd2c50d1685d82b7a19aae8afe-r0/git/libocispec/yajl'...
fatal: unable to access 'https://github.com/containers/yajl.git/': Failed to connect to github.com port 443: Connection refused
fatal: clone of 'https://github.com/containers/yajl.git' into submodule path '/opt/roast/bitbake/build/tmp/work/corei7-64-gmit-linux/crun/0.18+gitf302dd8c02c6fddd2c50d1685d82b7a19aae8afe-r0/git/libocispec/yajl' failed

Failed to clone 'yajl' a second time, aborting

--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II

I was just finishing up a move to the master branch of the repository
.. because it now seems that they are willing to force-push crui-dev.
At the same time, I'm moving it to 3.16.1.

But thanks for the patch, for a while, I thought I was seeing some
local breakage when that commit disappeared!

Bruce

--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II

Commit e49ce513c8df43e8d3b30b7acfbe7bd496d89862 is no longer in repo.
Use 95ead14874244f3c12e5970a74d1f4dd2433d652 instead, which is tagged
3.14.

Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
---
recipes-containers/criu/criu_git.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/recipes-containers/criu/criu_git.bb b/recipes-containers/criu/criu_git.bb
index 045a431..6b1b809 100644
--- a/recipes-containers/criu/criu_git.bb
+++ b/recipes-containers/criu/criu_git.bb
@@ -13,7 +13,7 @@ EXCLUDE_FROM_WORLD = "1"

LIC_FILES_CHKSUM = "file://COPYING;md5=412de458544c1cb6a2b512cd399286e2"

-SRCREV = "e49ce513c8df43e8d3b30b7acfbe7bd496d89862"
+SRCREV = "95ead14874244f3c12e5970a74d1f4dd2433d652"
PV = "3.14+git${SRCPV}"

SRC_URI = "git://github.com/checkpoint-restore/criu.git;branch=criu-dev \
--
2.33.0

On Fri, Oct 15, 2021 at 8:49 AM Fabio Estevam <festevam@denx.de> wrote:

On 15/10/2021 01:40, Fabio Estevam wrote:

Hi,

I am running the dunfell branch and I notice
that ip6tables is not getting installed:

After passing 'ipv6' into DISTRO_FEATURES, ip6tables gets installed.

ipv6 is always in my distro features, so I didn't notice that myself.
I've added ipv6 to the required distros check of podman, so it will be
caught in the future.

Bruce

~# podman run hello-world
....
[ 207.201607] cni-podman0: port 1(veth6b661354) entered disabled state
Error: systemd cgroup flag passed, but systemd support for managing
cgroups is not available: OCI runtime error

Does anyone know how to add systemd support for managing cgroups?

Thanks,

Fabio Estevam
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: (+49)-8142-66989-60 Fax: (+49)-8142-66989-80 Email:
festevam@denx.de

--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II

On Fri, Oct 15, 2021 at 9:00 AM Fabio Estevam <festevam@denx.de> wrote:

On 15/10/2021 09:49, Fabio Estevam wrote:

On 15/10/2021 01:40, Fabio Estevam wrote:

Hi,

I am running the dunfell branch and I notice
that ip6tables is not getting installed:

After passing 'ipv6' into DISTRO_FEATURES, ip6tables gets installed.

~# podman run hello-world
....
[ 207.201607] cni-podman0: port 1(veth6b661354) entered disabled state
Error: systemd cgroup flag passed, but systemd support for managing
cgroups is not available: OCI runtime error

Does anyone know how to add systemd support for managing cgroups?

I had to add a /etc/containers/libpod.conf file with the following
content:

There's definitely something different in your image composition than
the core-image* (poky based) that are used in much of the (my) regular
testing.

In a systemd based image, you shouldn't need to specify the
cgroup_manager ... crun yes, but that isn't all that common a
configuration.

From my build this morning:

root@qemux86-64:~# podman run hello-world
Trying to pull docker.io/library/hello-world:latest...
Getting image source signatures
Copying blob 2db29710123e done
Copying config feb5d9fea6 done
Writing manifest to image destination
Storing signatures
[ 170.623873] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
[ 170.629244] cni-podman0: port 1(vetha3693c5d) entered blocking state
[ 170.632659] cni-podman0: port 1(vetha3693c5d) entered disabled state
[ 170.633441] device vetha3693c5d entered promiscuous mode
[ 170.634203] cni-podman0: port 1(vetha3693c5d) entered blocking state
[ 170.634938] cni-podman0: port 1(vetha3693c5d) entered forwarding state
[ 170.635725] IPv6: ADDRCONF(NETDEV_CHANGE): cni-podman0: link becomes ready
[ 170.783982] cgroup: cgroup: disabling cgroup2 socket matching due
to net_prio or net_cls activation

Hello from Docker!
This message shows that your installation appears to be working correctly.

<snip>

root@qemux86-64:~# uname -a
Linux qemux86-64 5.14.9-yocto-standard #1 SMP PREEMPT Wed Oct 6
11:28:32 UTC 2021 x86_64 GNU/Linux

----------------

If what you are seeing can be reproduced on master, and your image
definitions are public, I'd be interested in seeing them, so I can
expand the rdepends/requires of podman to make sure it pull in what it
needs.

Bruce

cgroup_manager = "cgroupfs"
runtime = "/usr/bin/crun"

And now podman can run:

@iotgate:~# podman run hello-world
....

Hello from Docker!
This message shows that your installation appears to be working
correctly.
...

Thanks

--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: (+49)-8142-66989-60 Fax: (+49)-8142-66989-80 Email:
festevam@denx.de

--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II

On 15/10/2021 09:49, Fabio Estevam wrote:

On 15/10/2021 01:40, Fabio Estevam wrote:

Hi,
I am running the dunfell branch and I notice
that ip6tables is not getting installed:

After passing 'ipv6' into DISTRO_FEATURES, ip6tables gets installed.
~# podman run hello-world
....
[ 207.201607] cni-podman0: port 1(veth6b661354) entered disabled state
Error: systemd cgroup flag passed, but systemd support for managing
cgroups is not available: OCI runtime error
Does anyone know how to add systemd support for managing cgroups?

I had to add a /etc/containers/libpod.conf file with the following
content:

cgroup_manager = "cgroupfs"
runtime = "/usr/bin/crun"

And now podman can run:

@iotgate:~# podman run hello-world
....

Hello from Docker!
This message shows that your installation appears to be working correctly.
...

Thanks

--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: (+49)-8142-66989-60 Fax: (+49)-8142-66989-80 Email: festevam@denx.de

On 15/10/2021 01:40, Fabio Estevam wrote:

Hi,
I am running the dunfell branch and I notice
that ip6tables is not getting installed:

After passing 'ipv6' into DISTRO_FEATURES, ip6tables gets installed.

~# podman run hello-world
....
[ 207.201607] cni-podman0: port 1(veth6b661354) entered disabled state
Error: systemd cgroup flag passed, but systemd support for managing cgroups is not available: OCI runtime error

Does anyone know how to add systemd support for managing cgroups?

Thanks,

Fabio Estevam
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: (+49)-8142-66989-60 Fax: (+49)-8142-66989-80 Email: festevam@denx.de