From 78f137a5ef08398a6de0d5bd82a1af22356195e1 Mon Sep 17 00:00:00 2001 From: Evan Lezar Date: Wed, 22 Sep 2021 13:42:19 +0200 Subject: [PATCH 01/14] Bump version for 1.6.0 development Signed-off-by: Evan Lezar --- Makefile | 2 +- packaging/debian/changelog | 2 +- packaging/rpm/SPECS/nvidia-container-toolkit.spec | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Makefile b/Makefile index 27d414c8..709fe572 100644 --- a/Makefile +++ b/Makefile @@ -17,7 +17,7 @@ MKDIR ?= mkdir DIST_DIR ?= $(CURDIR)/dist LIB_NAME := nvidia-container-toolkit -LIB_VERSION := 1.5.2 +LIB_VERSION := 1.6.0 LIB_TAG ?= rc.1 GOLANG_VERSION := 1.16.3 diff --git a/packaging/debian/changelog b/packaging/debian/changelog index da13bd12..11d5bc40 100644 --- a/packaging/debian/changelog +++ b/packaging/debian/changelog @@ -1,4 +1,4 @@ -nvidia-container-toolkit (1.5.2~rc.1-1) experimental; urgency=medium +nvidia-container-toolkit (1.6.0~rc.1-1) experimental; urgency=medium * Include nvidia-container-runtime into nvidia-container-toolkit package diff --git a/packaging/rpm/SPECS/nvidia-container-toolkit.spec b/packaging/rpm/SPECS/nvidia-container-toolkit.spec index 3a1ad3f0..94a1ce6e 100644 --- a/packaging/rpm/SPECS/nvidia-container-toolkit.spec +++ b/packaging/rpm/SPECS/nvidia-container-toolkit.spec @@ -64,7 +64,7 @@ rm -f %{_bindir}/nvidia-container-runtime-hook /usr/share/containers/oci/hooks.d/oci-nvidia-hook.json %changelog -* Mon Sep 06 2021 NVIDIA CORPORATION 1.5.2-0.1.rc.1 +* Mon Sep 06 2021 NVIDIA CORPORATION 1.6.0-0.1.rc.1 - Include nvidia-container-runtime into nvidia-container-toolkit package From cc9c3c0d2859a45450af1ccefd4db146d707cb5a Mon Sep 17 00:00:00 2001 From: Evan Lezar Date: Wed, 22 Sep 2021 13:26:59 +0200 Subject: [PATCH 02/14] Copy scripts from nvidia-container-toolkit-release Signed-off-by: Evan Lezar --- DEVELOPMENT.md | 94 +++++++++++++++++++++++++++++++++++++++++ scripts/build-all.sh | 59 ++++++++++++++++++++++++++ scripts/get-versions.sh | 59 ++++++++++++++++++++++++++ 3 files changed, 212 insertions(+) create mode 100644 DEVELOPMENT.md create mode 100755 scripts/build-all.sh create mode 100755 scripts/get-versions.sh diff --git a/DEVELOPMENT.md b/DEVELOPMENT.md new file mode 100644 index 00000000..8a784377 --- /dev/null +++ b/DEVELOPMENT.md @@ -0,0 +1,94 @@ +# NVIDIA Container Toolkit Release Tooling + +This repository allows for the components of the NVIDIA container stack to be +built and released as the NVIDIA Container Toolkit from a single repository. The components: +* `libnvidia-container` +* `nvidia-container-runtime` +* `nvidia-docker` +are included as submodules in the `third_party` folder. + +The `nvidia-container-toolkit` resides in this repo directly. + +## Building + +In oder to build the packages, the following command is executed +```sh +./scripts/build-all.sh TARGET +``` +where `TARGET` is a make target that is valid for each of the sub-components. + +These include: +* `ubuntu18.04-amd64` +* `docker-all` +with the later generating for all supported distribution and platform combinations. + +The packages are generated in the `dist` folder. + +## Testing local changes + +In oder to use the same build logic to be used to generate packages with local changes, +the location of the individual components can be overridded using the: `LIBNVIDIA_CONTAINER_ROOT`, +`NVIDIA_CONTAINER_TOOLKIT_ROOT`, `NVIDIA_CONTAINER_RUNTIME_ROOT`, and `NVIDIA_DOCKER_ROOT` +environment variables. + +## Testing packages locally + +### Ubuntu + +Launch a docker container: + +``` +docker run --rm -it \ + -v $(pwd):/work \ + -v $(pwd)/dist/ubuntu18.04/amd64:/local-repository \ + -w /work \ + ubuntu:18.04 +``` + + +``` +apt-get update && apt-get install -y apt-utils +``` + +``` +echo "deb [trusted=yes] file:/local-repository/ ./" > /etc/apt/sources.list.d/local.list +``` + +``` +cd /local-repository && apt-ftparchive packages . > Packages +``` + +``` +apt-get update +``` + + + +### Centos + +``` + docker run --rm -it \ + -v $(pwd):/work \ + -v $(pwd)/dist/centos8/x86_64:/local-repository \ + -w /work \ + centos:8 +``` + +``` +yum install -y createrepo +``` + +``` +createrepo /local-repository +``` + +``` +cat >/etc/yum.repos.d/local.repo < Date: Wed, 22 Sep 2021 13:31:48 +0200 Subject: [PATCH 03/14] Add libnvidia-container as a git submodule Signed-off-by: Evan Lezar --- .gitmodules | 3 +++ third_party/libnvidia-container | 1 + 2 files changed, 4 insertions(+) create mode 100644 .gitmodules create mode 160000 third_party/libnvidia-container diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 00000000..6bc71fd5 --- /dev/null +++ b/.gitmodules @@ -0,0 +1,3 @@ +[submodule "third_party/libnvidia-container"] + path = third_party/libnvidia-container + url = https://gitlab.com/nvidia/container-toolkit/libnvidia-container.git diff --git a/third_party/libnvidia-container b/third_party/libnvidia-container new file mode 160000 index 00000000..d78f1f4a --- /dev/null +++ b/third_party/libnvidia-container @@ -0,0 +1 @@ +Subproject commit d78f1f4afa7e8d809434e71cf717f0817a450b37 From 2ed7d867093dc12532fc67b771bb1e89bada214c Mon Sep 17 00:00:00 2001 From: Evan Lezar Date: Wed, 22 Sep 2021 13:33:47 +0200 Subject: [PATCH 04/14] Add nvidia-container-runtime as a git submodule Signed-off-by: Evan Lezar --- .gitmodules | 3 +++ third_party/nvidia-container-runtime | 1 + 2 files changed, 4 insertions(+) create mode 160000 third_party/nvidia-container-runtime diff --git a/.gitmodules b/.gitmodules index 6bc71fd5..4bda5067 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,3 +1,6 @@ [submodule "third_party/libnvidia-container"] path = third_party/libnvidia-container url = https://gitlab.com/nvidia/container-toolkit/libnvidia-container.git +[submodule "third_party/nvidia-container-runtime"] + path = third_party/nvidia-container-runtime + url = https://gitlab.com/nvidia/container-toolkit/container-runtime.git diff --git a/third_party/nvidia-container-runtime b/third_party/nvidia-container-runtime new file mode 160000 index 00000000..14755ba0 --- /dev/null +++ b/third_party/nvidia-container-runtime @@ -0,0 +1 @@ +Subproject commit 14755ba04483ab655bfeb17f1b679ce456460a07 From 34e023361b6b0b64de362a3a834092630601a154 Mon Sep 17 00:00:00 2001 From: Evan Lezar Date: Wed, 22 Sep 2021 13:34:57 +0200 Subject: [PATCH 05/14] Add nvidia-docker as a git submodule Signed-off-by: Evan Lezar --- .gitmodules | 3 +++ third_party/nvidia-docker | 1 + 2 files changed, 4 insertions(+) create mode 160000 third_party/nvidia-docker diff --git a/.gitmodules b/.gitmodules index 4bda5067..08eb138c 100644 --- a/.gitmodules +++ b/.gitmodules @@ -4,3 +4,6 @@ [submodule "third_party/nvidia-container-runtime"] path = third_party/nvidia-container-runtime url = https://gitlab.com/nvidia/container-toolkit/container-runtime.git +[submodule "third_party/nvidia-docker"] + path = third_party/nvidia-docker + url = https://gitlab.com/nvidia/container-toolkit/nvidia-docker.git diff --git a/third_party/nvidia-docker b/third_party/nvidia-docker new file mode 160000 index 00000000..5a304331 --- /dev/null +++ b/third_party/nvidia-docker @@ -0,0 +1 @@ +Subproject commit 5a304331c0f381cdf56516b75326838aaddbf3ac From 5ee2150eaaaadf1b8b645bf449d09c17cb6dffc6 Mon Sep 17 00:00:00 2001 From: Evan Lezar Date: Wed, 22 Sep 2021 14:14:31 +0200 Subject: [PATCH 06/14] Add basic version checks Signed-off-by: Evan Lezar --- scripts/build-all.sh | 12 ++++++++++-- scripts/get-versions.sh | 11 +++++++---- 2 files changed, 17 insertions(+), 6 deletions(-) diff --git a/scripts/build-all.sh b/scripts/build-all.sh index e9c3379b..752211e4 100755 --- a/scripts/build-all.sh +++ b/scripts/build-all.sh @@ -46,14 +46,22 @@ echo "Building ${TARGET} for all packages to ${DIST_DIR}" : ${NVIDIA_CONTAINER_RUNTIME_ROOT:=${PROJECT_ROOT}/third_party/nvidia-container-runtime} : ${NVIDIA_DOCKER_ROOT:=${PROJECT_ROOT}/third_party/nvidia-docker} + +${SCRIPTS_DIR}/get-versions.sh + # Build libnvidia-container make -C ${LIBNVIDIA_CONTAINER_ROOT} -f mk/docker.mk ${TARGET} # Build nvidia-container-toolkit make -C ${NVIDIA_CONTAINER_TOOLKIT_ROOT} ${TARGET} +# We set the TOOLKIT_VERSION for the nvidia-container-runtime and nvidia-docker targets +# TODO: This is not yet enabled in the makefiles below +: ${PREVIOUS_TOOLKIT_VERSION:=1.5.1} +echo "Using TOOLKIT_VERSION=${PREVIOUS_TOOLKIT_VERSION} as previous nvidia-container-toolkit version" + # Build nvidia-container-runtime -make -C ${NVIDIA_CONTAINER_RUNTIME_ROOT} ${TARGET} +make -C ${NVIDIA_CONTAINER_RUNTIME_ROOT} TOOLKIT_VERSION=${PREVIOUS_TOOLKIT_VERSION} ${TARGET} # Build nvidia-docker2 -make -C ${NVIDIA_DOCKER_ROOT} ${TARGET} \ No newline at end of file +make -C ${NVIDIA_DOCKER_ROOT} TOOLKIT_VERSION=${PREVIOUS_TOOLKIT_VERSION} ${TARGET} diff --git a/scripts/get-versions.sh b/scripts/get-versions.sh index efc0a7ec..2c51a700 100755 --- a/scripts/get-versions.sh +++ b/scripts/get-versions.sh @@ -53,7 +53,10 @@ nvidia_docker_tag=$(grep -m 1 "^LIB_TAG .= " ${NVIDIA_DOCKER_ROOT}/Makefile | se nvidia_docker_version="${nvidia_docker_version}${nvidia_docker_tag:+~${nvidia_docker_tag}}" -echo "libnvidia-container version=${libnvidia_container_version}" -echo "nvidia-container-toolkit version=${nvidia_container_toolkit_version}" -echo "nvidia-container-runtime version=${nvidia_container_runtime_version}" -echo "nvidia-docker version=${nvidia_docker_version}" +echo "LIBNVIDIA_CONTAINER_VERSION=${libnvidia_container_version}" +echo "NVIDIA_CONTAINER_TOOLKIT_VERSION=${nvidia_container_toolkit_version}" +if [[ "${libnvidia_container_version}" != "${nvidia_container_toolkit_version}" ]]; then + >&2 echo "WARNING: The libnvidia-container and nvidia-container-toolkit versions do not match" +fi +echo "NVIDIA_CONTAINER_RUNTIME_VERSION=${nvidia_container_runtime_version}" +echo "NVIDIA_DOCKER_VERSION=${nvidia_docker_version}" From f0fb4739ff85d37f419ca58c99570b2f6f69c244 Mon Sep 17 00:00:00 2001 From: Evan Lezar Date: Wed, 22 Sep 2021 15:42:09 +0200 Subject: [PATCH 07/14] Remove docker-all target from Makefile Signed-off-by: Evan Lezar --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 709fe572..a4c47645 100644 --- a/Makefile +++ b/Makefile @@ -43,7 +43,7 @@ CMD_TARGETS := $(patsubst %,cmd-%, $(CMDS)) $(info CMD_TARGETS=$(CMD_TARGETS)) CHECK_TARGETS := assert-fmt vet lint ineffassign misspell -MAKE_TARGETS := binaries build all check fmt lint-internal test examples cmds coverage generate $(CHECK_TARGETS) +MAKE_TARGETS := binaries build check fmt lint-internal test examples cmds coverage generate $(CHECK_TARGETS) TARGETS := $(MAKE_TARGETS) $(EXAMPLE_TARGETS) $(CMD_TARGETS) From 77740c2a807903eb0514ddf466f1a7b39ea0192e Mon Sep 17 00:00:00 2001 From: Evan Lezar Date: Wed, 22 Sep 2021 16:36:20 +0200 Subject: [PATCH 08/14] Add release script for specific targets Signed-off-by: Evan Lezar --- DEVELOPMENT.md | 2 +- .../{build-all.sh => build-all-components.sh} | 2 +- ...-versions.sh => get-component-versions.sh} | 0 scripts/release.sh | 56 +++++++++++++++++++ 4 files changed, 58 insertions(+), 2 deletions(-) rename scripts/{build-all.sh => build-all-components.sh} (98%) rename scripts/{get-versions.sh => get-component-versions.sh} (100%) create mode 100755 scripts/release.sh diff --git a/DEVELOPMENT.md b/DEVELOPMENT.md index 8a784377..fda48e62 100644 --- a/DEVELOPMENT.md +++ b/DEVELOPMENT.md @@ -13,7 +13,7 @@ The `nvidia-container-toolkit` resides in this repo directly. In oder to build the packages, the following command is executed ```sh -./scripts/build-all.sh TARGET +./scripts/build-all-components.sh TARGET ``` where `TARGET` is a make target that is valid for each of the sub-components. diff --git a/scripts/build-all.sh b/scripts/build-all-components.sh similarity index 98% rename from scripts/build-all.sh rename to scripts/build-all-components.sh index 752211e4..528c2f3d 100755 --- a/scripts/build-all.sh +++ b/scripts/build-all-components.sh @@ -47,7 +47,7 @@ echo "Building ${TARGET} for all packages to ${DIST_DIR}" : ${NVIDIA_DOCKER_ROOT:=${PROJECT_ROOT}/third_party/nvidia-docker} -${SCRIPTS_DIR}/get-versions.sh +${SCRIPTS_DIR}/get-component-versions.sh # Build libnvidia-container make -C ${LIBNVIDIA_CONTAINER_ROOT} -f mk/docker.mk ${TARGET} diff --git a/scripts/get-versions.sh b/scripts/get-component-versions.sh similarity index 100% rename from scripts/get-versions.sh rename to scripts/get-component-versions.sh diff --git a/scripts/release.sh b/scripts/release.sh new file mode 100755 index 00000000..56f7f8ca --- /dev/null +++ b/scripts/release.sh @@ -0,0 +1,56 @@ +#!/usr/bin/env bash + +# Copyright (c) 2021, NVIDIA CORPORATION. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This script is used to build the packages for the components of the NVIDIA +# Container Stack. These include the nvidia-container-toolkit in this repository +# as well as the components included in the third_party folder. +# All required packages are generated in the specified dist folder. + +set -e -x + +SCRIPTS_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )"/../scripts && pwd )" +PROJECT_ROOT="$( cd ${SCRIPTS_DIR}/.. && pwd )" + +# This list represents the distribution-architecture pairs that are actually published +# to the relevant repositories. This targets forwarded to the build-all-components script +# can be overridden by specifying command line arguments. +all=( + amazonlinux1-x86_64 + amazonlinux2-x86_64 + centos7-ppc64le + centos7-x86_64 + centos8-aarch64 + centos8-ppc64le + centos8-x86_64 + debian10-amd64 + debian9-amd64 + opensuse-leap15.1-x86_64 + ubuntu16.04-amd64 + ubuntu16.04-ppc64le + ubuntu18.04-amd64 + ubuntu18.04-arm64 + ubuntu18.04-ppc64le +) + +if [[ $# -gt 0 ]]; then + targets=($*) +else + targets=${all[@]} +fi + +for target in ${targets[@]}; do + ${SCRIPTS_DIR}/build-all-components.sh ${target} +done From bb6f4745e99ccc3b2b9037e9cedc866cbc10269e Mon Sep 17 00:00:00 2001 From: Evan Lezar Date: Thu, 23 Sep 2021 14:32:54 +0200 Subject: [PATCH 09/14] Fix nvidia-container-runtime breaks / replaces dependency The relationship between packages also considers the package revision when determining validity. This means that 3.5.0-1 is considered greater than 3.5.0. This changed adds the package revision to the nvidia-container-runtime breaks / replaces relationship. Signed-off-by: Evan Lezar --- packaging/debian/control | 4 ++-- packaging/rpm/SPECS/nvidia-container-toolkit.spec | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/packaging/debian/control b/packaging/debian/control index e02e0931..cdd4158a 100644 --- a/packaging/debian/control +++ b/packaging/debian/control @@ -11,7 +11,7 @@ Build-Depends: debhelper (>= 9) Package: nvidia-container-toolkit Architecture: any Depends: ${misc:Depends}, libnvidia-container-tools (>= 1.4.0), libnvidia-container-tools (<< 2.0.0), libseccomp2 -Breaks: nvidia-container-runtime (<= 3.5.0), nvidia-container-runtime-hook -Replaces: nvidia-container-runtime (<= 3.5.0), nvidia-container-runtime-hook +Breaks: nvidia-container-runtime (<= 3.5.0-1), nvidia-container-runtime-hook +Replaces: nvidia-container-runtime (<= 3.5.0-1), nvidia-container-runtime-hook Description: NVIDIA container runtime hook Provides a OCI hook to enable GPU support in containers. diff --git a/packaging/rpm/SPECS/nvidia-container-toolkit.spec b/packaging/rpm/SPECS/nvidia-container-toolkit.spec index 94a1ce6e..a2289b12 100644 --- a/packaging/rpm/SPECS/nvidia-container-toolkit.spec +++ b/packaging/rpm/SPECS/nvidia-container-toolkit.spec @@ -17,7 +17,7 @@ Source3: oci-nvidia-hook Source4: oci-nvidia-hook.json Source5: LICENSE -Obsoletes: nvidia-container-runtime <= 3.5.0, nvidia-container-runtime-hook +Obsoletes: nvidia-container-runtime <= 3.5.0-1, nvidia-container-runtime-hook Provides: nvidia-container-runtime Provides: nvidia-container-runtime-hook Requires: libnvidia-container-tools >= 1.4.0, libnvidia-container-tools < 2.0.0 From 2dc85de5d4e8ab81a401ab32c73ce02e6e8d832c Mon Sep 17 00:00:00 2001 From: Evan Lezar Date: Thu, 23 Sep 2021 15:36:27 +0200 Subject: [PATCH 10/14] Use consistent package revisions for all rpm-based packages Signed-off-by: Evan Lezar --- docker/docker.mk | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docker/docker.mk b/docker/docker.mk index 935d8181..f1188107 100644 --- a/docker/docker.mk +++ b/docker/docker.mk @@ -97,11 +97,11 @@ docker-all: $(AMD64_TARGETS) $(X86_64_TARGETS) \ # private centos target --centos%: OS := centos ---centos%: PKG_REV := $(if $(LIB_TAG),0.1.$(LIB_TAG),2) +--centos%: PKG_REV := $(if $(LIB_TAG),0.1.$(LIB_TAG),1) # private amazonlinux target --amazonlinux%: OS := amazonlinux ---amazonlinux%: PKG_REV = $(if $(LIB_TAG),0.1.$(LIB_TAG).amzn$(VERSION),2.amzn$(VERSION)) +--amazonlinux%: PKG_REV := $(if $(LIB_TAG),0.1.$(LIB_TAG),1) # private opensuse-leap target --opensuse-leap%: OS = opensuse-leap @@ -110,7 +110,7 @@ docker-all: $(AMD64_TARGETS) $(X86_64_TARGETS) \ # private rhel target (actually built on centos) --rhel%: OS := centos ---rhel%: PKG_REV := $(if $(LIB_TAG),0.1.$(LIB_TAG),2) +--rhel%: PKG_REV := $(if $(LIB_TAG),0.1.$(LIB_TAG),1) --rhel%: VERSION = $(patsubst rhel%-$(ARCH),%,$(TARGET_PLATFORM)) --rhel%: ARTIFACTS_DIR = $(DIST_DIR)/rhel$(VERSION)/$(ARCH) From fa7dc8cb31c03efea298e1dfc30e8a411bfe53de Mon Sep 17 00:00:00 2001 From: Evan Lezar Date: Thu, 23 Sep 2021 21:34:09 +0200 Subject: [PATCH 11/14] Require at least a matching libnvidia-container-tools version This change ensures that at least the same libnvidia-container-tools version is required when installing nvidia-container-toolkit. Signed-off-by: Evan Lezar --- docker/Dockerfile.amazonlinux | 1 + docker/Dockerfile.centos | 1 + docker/Dockerfile.debian | 3 ++- docker/Dockerfile.opensuse-leap | 1 + docker/Dockerfile.ubuntu | 3 ++- packaging/debian/control | 2 +- packaging/debian/prepare | 1 + packaging/rpm/SPECS/nvidia-container-toolkit.spec | 2 +- 8 files changed, 10 insertions(+), 4 deletions(-) diff --git a/docker/Dockerfile.amazonlinux b/docker/Dockerfile.amazonlinux index 12a6732f..ea5b989a 100644 --- a/docker/Dockerfile.amazonlinux +++ b/docker/Dockerfile.amazonlinux @@ -59,6 +59,7 @@ CMD arch=$(uname -m) && \ rpmbuild --clean --target=$arch -bb \ -D "_topdir $PWD" \ -D "version $VERSION" \ + -D "libnvidia_container_version ${VERSION}-${RELEASE}" \ -D "release $RELEASE" \ SPECS/nvidia-container-toolkit.spec && \ mv RPMS/$arch/*.rpm /dist diff --git a/docker/Dockerfile.centos b/docker/Dockerfile.centos index 94e46e4c..3413bfa5 100644 --- a/docker/Dockerfile.centos +++ b/docker/Dockerfile.centos @@ -57,6 +57,7 @@ CMD arch=$(uname -m) && \ rpmbuild --clean --target=$arch -bb \ -D "_topdir $PWD" \ -D "version $VERSION" \ + -D "libnvidia_container_version ${VERSION}-${RELEASE}" \ -D "release $RELEASE" \ SPECS/nvidia-container-toolkit.spec && \ mv RPMS/$arch/*.rpm /dist diff --git a/docker/Dockerfile.debian b/docker/Dockerfile.debian index bafa1dbb..e4855f1d 100644 --- a/docker/Dockerfile.debian +++ b/docker/Dockerfile.debian @@ -64,5 +64,6 @@ RUN sed -i "s;@VERSION@;${REVISION};" debian/changelog && \ if [ "$REVISION" != "$(dpkg-parsechangelog --show-field=Version)" ]; then exit 1; fi CMD export DISTRIB="$(lsb_release -cs)" && \ - debuild -eDISTRIB -eSECTION --dpkg-buildpackage-hook='sh debian/prepare' -i -us -uc -b && \ + debuild -eDISTRIB -eSECTION -eLIBNVIDIA_CONTAINER_VERSION="${REVISION}" \ + --dpkg-buildpackage-hook='sh debian/prepare' -i -us -uc -b && \ mv /tmp/nvidia-container-toolkit_*.deb /dist diff --git a/docker/Dockerfile.opensuse-leap b/docker/Dockerfile.opensuse-leap index 6fbdab15..313290e0 100644 --- a/docker/Dockerfile.opensuse-leap +++ b/docker/Dockerfile.opensuse-leap @@ -56,6 +56,7 @@ CMD arch=$(uname -m) && \ rpmbuild --clean --target=$arch -bb \ -D "_topdir $PWD" \ -D "version $VERSION" \ + -D "libnvidia_container_version ${VERSION}-${RELEASE}" \ -D "release $RELEASE" \ SPECS/nvidia-container-toolkit.spec && \ mv RPMS/$arch/*.rpm /dist diff --git a/docker/Dockerfile.ubuntu b/docker/Dockerfile.ubuntu index 7f2571af..4c8e5b92 100644 --- a/docker/Dockerfile.ubuntu +++ b/docker/Dockerfile.ubuntu @@ -57,5 +57,6 @@ RUN sed -i "s;@VERSION@;${REVISION};" debian/changelog && \ if [ "$REVISION" != "$(dpkg-parsechangelog --show-field=Version)" ]; then exit 1; fi CMD export DISTRIB="$(lsb_release -cs)" && \ - debuild -eDISTRIB -eSECTION --dpkg-buildpackage-hook='sh debian/prepare' -i -us -uc -b && \ + debuild -eDISTRIB -eSECTION -eLIBNVIDIA_CONTAINER_VERSION="${REVISION}" \ + --dpkg-buildpackage-hook='sh debian/prepare' -i -us -uc -b && \ mv /tmp/*.deb /dist diff --git a/packaging/debian/control b/packaging/debian/control index cdd4158a..f21c42e7 100644 --- a/packaging/debian/control +++ b/packaging/debian/control @@ -10,7 +10,7 @@ Build-Depends: debhelper (>= 9) Package: nvidia-container-toolkit Architecture: any -Depends: ${misc:Depends}, libnvidia-container-tools (>= 1.4.0), libnvidia-container-tools (<< 2.0.0), libseccomp2 +Depends: ${misc:Depends}, libnvidia-container-tools (>= @LIBNVIDIA_CONTAINER_VERSION@), libnvidia-container-tools (<< 2.0.0), libseccomp2 Breaks: nvidia-container-runtime (<= 3.5.0-1), nvidia-container-runtime-hook Replaces: nvidia-container-runtime (<= 3.5.0-1), nvidia-container-runtime-hook Description: NVIDIA container runtime hook diff --git a/packaging/debian/prepare b/packaging/debian/prepare index b6e05d45..edff676a 100755 --- a/packaging/debian/prepare +++ b/packaging/debian/prepare @@ -3,6 +3,7 @@ set -e sed -i "s;@SECTION@;${SECTION:+$SECTION/};g" debian/control +sed -i "s;@LIBNVIDIA_CONTAINER_VERSION@;${LIBNVIDIA_CONTAINER_VERSION:+$LIBNVIDIA_CONTAINER_VERSION};g" debian/control if [ -n "$DISTRIB" ]; then sed -i "s;UNRELEASED;$DISTRIB;" debian/changelog diff --git a/packaging/rpm/SPECS/nvidia-container-toolkit.spec b/packaging/rpm/SPECS/nvidia-container-toolkit.spec index a2289b12..dcfc1a9d 100644 --- a/packaging/rpm/SPECS/nvidia-container-toolkit.spec +++ b/packaging/rpm/SPECS/nvidia-container-toolkit.spec @@ -20,7 +20,7 @@ Source5: LICENSE Obsoletes: nvidia-container-runtime <= 3.5.0-1, nvidia-container-runtime-hook Provides: nvidia-container-runtime Provides: nvidia-container-runtime-hook -Requires: libnvidia-container-tools >= 1.4.0, libnvidia-container-tools < 2.0.0 +Requires: libnvidia-container-tools >= %{libnvidia_container_version}, libnvidia-container-tools < 2.0.0 %if 0%{?suse_version} Requires: libseccomp2 From f10fa7b292ffb016d1a5c7e04fc4b845b6373793 Mon Sep 17 00:00:00 2001 From: Evan Lezar Date: Thu, 23 Sep 2021 21:38:03 +0200 Subject: [PATCH 12/14] FIXUP: Update development Signed-off-by: Evan Lezar --- DEVELOPMENT.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/DEVELOPMENT.md b/DEVELOPMENT.md index fda48e62..b78c492e 100644 --- a/DEVELOPMENT.md +++ b/DEVELOPMENT.md @@ -67,11 +67,11 @@ apt-get update ### Centos ``` - docker run --rm -it \ - -v $(pwd):/work \ - -v $(pwd)/dist/centos8/x86_64:/local-repository \ - -w /work \ - centos:8 +docker run --rm -it \ + -v $(pwd):/work \ + -v $(pwd)/dist/centos8/x86_64:/local-repository \ + -w /work \ + centos:8 ``` ``` From 22a958fae79a15d1dec69886e58eeb2ad66c2a65 Mon Sep 17 00:00:00 2001 From: Evan Lezar Date: Fri, 24 Sep 2021 14:23:00 +0200 Subject: [PATCH 13/14] Add docker-based tests for package installation workflows Signed-off-by: Evan Lezar --- test/release/Makefile | 59 ++++++++++ test/release/README.md | 107 ++++++++++++++++++ test/release/docker/centos8/Dockerfile | 35 ++++++ test/release/docker/centos8/entrypoint.sh | 42 +++++++ test/release/docker/ubuntu18.04/Dockerfile | 50 ++++++++ test/release/docker/ubuntu18.04/entrypoint.sh | 35 ++++++ 6 files changed, 328 insertions(+) create mode 100644 test/release/Makefile create mode 100644 test/release/README.md create mode 100644 test/release/docker/centos8/Dockerfile create mode 100755 test/release/docker/centos8/entrypoint.sh create mode 100644 test/release/docker/ubuntu18.04/Dockerfile create mode 100755 test/release/docker/ubuntu18.04/entrypoint.sh diff --git a/test/release/Makefile b/test/release/Makefile new file mode 100644 index 00000000..7c58c518 --- /dev/null +++ b/test/release/Makefile @@ -0,0 +1,59 @@ +# Copyright (c) 2021, NVIDIA CORPORATION. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +WORKFLOW ?= nvidia-docker +TEST_REPO ?= elezar.github.io + +DISTRIBUTIONS := ubuntu18.04 centos8 + +IMAGE_TARGETS := $(patsubst %,image-%, $(DISTRIBUTIONS)) +RUN_TARGETS := $(patsubst %,run-%, $(DISTRIBUTIONS)) +RELEASE_TARGETS := $(patsubst %,release-%, $(DISTRIBUTIONS)) +LOCAL_TARGETS := $(patsubst %,local-%, $(DISTRIBUTIONS)) + +.PHONY: $(IMAGE_TARGETS) + +image-%: DOCKERFILE = docker/$(*)/Dockerfile + +images: $(IMAGE_TARGETS) +$(IMAGE_TARGETS): image-%: + docker build \ + --build-arg WORKFLOW="$(WORKFLOW)" \ + --build-arg TEST_REPO="$(TEST_REPO)" \ + -t nvidia-container-toolkit-repo-test:$(*) \ + -f $(DOCKERFILE) \ + $(shell dirname $(DOCKERFILE)) + + +%-ubuntu18.04: ARCH = amd64 +%-centos8: ARCH = x86_64 + +RELEASE_TEST_DIR := $(patsubst %/,%,$(dir $(abspath $(lastword $(MAKEFILE_LIST))))) +PROJECT_ROOT := $(RELEASE_TEST_DIR)/../.. + +LOCAL_PACKAGE_ROOT := $(PROJECT_ROOT)/dist + +local-%: DIST = $(*) +local-%: LOCAL_REPO_ARGS = -v $(LOCAL_PACKAGE_ROOT)/$(DIST)/$(ARCH):/local-repository +$(LOCAL_TARGETS): local-%: release-% run-% | release-% + +run-%: DIST = $(*) +$(RUN_TARGETS): run-%: + docker run --rm -ti \ + $(LOCAL_REPO_ARGS) \ + nvidia-container-toolkit-repo-test:$(*) + +# Ensure that the local package root exists +$(RELEASE_TARGETS): release-%: $(LOCAL_PACKAGE_ROOT)/$(*)/$(ARCH) + $(PROJECT_ROOT)/scripts/release.sh $(*)-$(ARCH) \ No newline at end of file diff --git a/test/release/README.md b/test/release/README.md new file mode 100644 index 00000000..ca998a77 --- /dev/null +++ b/test/release/README.md @@ -0,0 +1,107 @@ +# Testing Packaging Workflows + +## Building the Docker images: + +```bash +make images +``` + +This assumes that the `nvidia-docker` workflow is being tested and that the test packages have been published to the `elezar.github.io` GitHub pages page. These can be overridden +using make variables. + +Valid values for `workflow` are: +* `nvidia-docker` +* `nvidia-container-runtime` + +This follows the instructions for setting up the [`nvidia-docker` repostitory](https://docs.nvidia.com/datacenter/cloud-native/container-toolkit/install-guide.html#setting-up-nvidia-container-toolkit). + + +## Testing local package changes + +Running: +```bash +make local-ubuntu18.04 +``` +will build the `ubuntu18.04-amd64` packages for release and launch a docker container with these packages added to a local APT repository. + +The various `apt` workflows can then be tested as if the packages were released to the `libnvidia-container` experimental repository. + +The `local-centos8` make target is available for testing the `centos8-x86_64` workflows as representative of `yum`-based installation workflows. + + +### Example + +In the `centos8`-based container above we see the following `nvidia-docker2` packages available with the `local-repository` disabled: + +```bash +$ yum list --showduplicates nvidia-docker2 | tail -2 +nvidia-docker2.noarch 2.5.0-1 nvidia-docker +nvidia-docker2.noarch 2.6.0-1 nvidia-docker +``` + +Installing `nvidia-docker2` shows: +```bash +$ yum install -y nvidia-docker2 +``` + +installs the following packages: +```bash +$ yum list installed | grep nvidia +libnvidia-container-tools.x86_64 1.5.1-1 @libnvidia-container +libnvidia-container1.x86_64 1.5.1-1 @libnvidia-container +nvidia-container-runtime.x86_64 3.5.0-1 @nvidia-container-runtime +nvidia-container-toolkit.x86_64 1.5.1-2 @nvidia-container-runtime +nvidia-docker2.noarch 2.6.0-1 @nvidia-docker +``` +Note the repositories where these packages were installed from. + +We now enable the `local-repository` to simulate the new packages being published to the `libnvidia-container` experimental repository and check the available `nvidia-docker2` versions: +```bash +$ yum-config-manager --enable local-repository +$ yum list --showduplicates nvidia-docker2 | tail -2 +nvidia-docker2.noarch 2.6.0-1 nvidia-docker +nvidia-docker2.noarch 2.6.1-0.1.rc.1 local-repository +``` +Showing the new version available in the local repository. + +Running: +``` +$ yum install nvidia-docker2 +Last metadata expiration check: 0:01:15 ago on Fri Sep 24 12:49:20 2021. +Package nvidia-docker2-2.6.0-1.noarch is already installed. +Dependencies resolved. +=============================================================================================================================== + Package Architecture Version Repository Size +=============================================================================================================================== +Upgrading: + libnvidia-container-tools x86_64 1.6.0-0.1.rc.1 local-repository 48 k + libnvidia-container1 x86_64 1.6.0-0.1.rc.1 local-repository 95 k + nvidia-container-toolkit x86_64 1.6.0-0.1.rc.1 local-repository 1.5 M + replacing nvidia-container-runtime.x86_64 3.5.0-1 + nvidia-docker2 noarch 2.6.1-0.1.rc.1 local-repository 13 k + +Transaction Summary +=============================================================================================================================== +Upgrade 4 Packages + +Total size: 1.7 M +``` +Showing that all the components of the stack will be updated with versions from the `local-repository`. + +After installation the installed packages are shown as: +```bash +$ yum list installed | grep nvidia +libnvidia-container-tools.x86_64 1.6.0-0.1.rc.1 @local-repository +libnvidia-container1.x86_64 1.6.0-0.1.rc.1 @local-repository +nvidia-container-toolkit.x86_64 1.6.0-0.1.rc.1 @local-repository +nvidia-docker2.noarch 2.6.1-0.1.rc.1 @local-repository +``` +Showing that: +1. All versions have been installed from the same repository +2. The `nvidia-container-runtime` package was removed as it is no longer required. + +The `nvidia-container-runtime` executable is, however, still present on the system: +```bash +# ls -l /usr/bin/nvidia-container-runtime +-rwxr-xr-x 1 root root 2256280 Sep 24 12:42 /usr/bin/nvidia-container-runtime +``` diff --git a/test/release/docker/centos8/Dockerfile b/test/release/docker/centos8/Dockerfile new file mode 100644 index 00000000..e0947bbe --- /dev/null +++ b/test/release/docker/centos8/Dockerfile @@ -0,0 +1,35 @@ +FROM centos:8 + +RUN yum install -y \ + yum-utils \ + ruby-devel \ + gcc \ + make \ + rpm-build \ + rubygems \ + createrepo + +RUN gem install --no-document fpm + +# We create and install a dummy docker package since these dependencies are out of +# scope for the tests performed here. +RUN fpm -s empty \ + -t rpm \ + --description "A dummy package for docker-ce_18.06.3.ce-3.el7" \ + -n docker-ce --version 18.06.3.ce-3.el7 \ + -p /tmp/docker.rpm \ + && \ + yum localinstall -y /tmp/docker.rpm \ + && \ + rm -f /tmp/docker.rpm + + +ARG WORKFLOW=nvidia-docker +ARG TEST_REPO=nvidia.github.io +ENV TEST_REPO ${TEST_REPO} +RUN curl -s -L https://nvidia.github.io/${WORKFLOW}/centos8/nvidia-docker.repo \ + | tee /etc/yum.repos.d/nvidia-docker.repo + +COPY entrypoint.sh / + +ENTRYPOINT [ "/entrypoint.sh" ] \ No newline at end of file diff --git a/test/release/docker/centos8/entrypoint.sh b/test/release/docker/centos8/entrypoint.sh new file mode 100755 index 00000000..9dd4de0e --- /dev/null +++ b/test/release/docker/centos8/entrypoint.sh @@ -0,0 +1,42 @@ +#!/usr/bin/env bash + +# Copyright (c) 2021, NVIDIA CORPORATION. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This script is used to build the packages for the components of the NVIDIA +# Container Stack. These include the nvidia-container-toolkit in this repository +# as well as the components included in the third_party folder. +# All required packages are generated in the specified dist folder. + +: ${LOCAL_REPO_DIRECTORY:=/local-repository} +if [[ -d ${LOCAL_REPO_DIRECTORY} ]]; then + echo "Setting up local-repository" + createrepo /local-repository + + cat >/etc/yum.repos.d/local.repo < /etc/apt/sources.list.d/local.list + $(cd /local-repository && apt-ftparchive packages . > Packages) + apt-get update +else + echo "Setting up TEST repo: ${TEST_REPO}" + sed -i -e 's#nvidia\.github\.io/libnvidia-container#${TEST_REPO}/libnvidia-container#g' /etc/apt/sources.list.d/nvidia-docker.list + sed -i -e '/experimental/ s/^#//g' /etc/apt/sources.list.d/nvidia-docker.list + apt-get update +fi + +exec bash $@ From 1ad98df39f2620549bf5d113e502ac38eb2f2881 Mon Sep 17 00:00:00 2001 From: Evan Lezar Date: Tue, 28 Sep 2021 20:05:40 +0200 Subject: [PATCH 14/14] Update submodules for packaging fixes This change updates the git submodules for nvidia-docker and nvidia-container-runtime to contain the package fixes and code cleanup. Signed-off-by: Evan Lezar --- third_party/nvidia-container-runtime | 2 +- third_party/nvidia-docker | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/third_party/nvidia-container-runtime b/third_party/nvidia-container-runtime index 14755ba0..2e721ab3 160000 --- a/third_party/nvidia-container-runtime +++ b/third_party/nvidia-container-runtime @@ -1 +1 @@ -Subproject commit 14755ba04483ab655bfeb17f1b679ce456460a07 +Subproject commit 2e721ab3b2202470e940fd5a29c1f681e761fbf0 diff --git a/third_party/nvidia-docker b/third_party/nvidia-docker index 5a304331..52ed1032 160000 --- a/third_party/nvidia-docker +++ b/third_party/nvidia-docker @@ -1 +1 @@ -Subproject commit 5a304331c0f381cdf56516b75326838aaddbf3ac +Subproject commit 52ed1032c80be535c44822f67151a4b0a0e72658