File Dockerfile of Package virt-launcher-container

# SPDX-License-Identifier: Apache-2.0

# Define the tags for OBS and build script builds:
#!BuildTag: %%TAGPREFIX%%/virt-launcher:%%PKG_VERSION%%
#!BuildTag: %%TAGPREFIX%%/virt-launcher:%%PKG_VERSION%%.%RELEASE%
#!BuildTag: %%TAGPREFIX%%/virt-launcher:%%PKG_VERSION%%-%%PKG_RELEASE%%

#!ExclusiveArch: x86_64 aarch64

# virt-launcher container image
# KUBEVIRTBASE and KUBEVIRTFROM defined in prjconf, e.g.
#  BuildFlags: dockerarg:KUBEVIRTBASE=opensuse/bci/bci-micro
#  BuildFlags: dockerarg:KUBEVIRTFROM=opensuse/tumbleweed
ARG KUBEVIRTBASE
ARG KUBEVIRTFROM

FROM $KUBEVIRTBASE AS base

FROM $KUBEVIRTFROM AS builder
COPY --from=base / /chroot/
RUN zypper --installroot /chroot -n install \
        curl \
        ethtool \
        gawk \
        iptables \
        kubevirt-container-disk \
        kubevirt-virt-launcher \
        libcap-progs \
        libvirt-client \
        libvirt-daemon-driver-qemu \
        netcat \
        nftables \
        passt \
        procps \
        psmisc \
        qemu-hw-usb-host \
        qemu-hw-usb-redirect \
        qemu-img \
        socat \
        tar \
        timezone \
        vim-small \
        virtiofsd \
        xorriso; \
    exit_code=$? && [ $exit_code -eq 0 -o $exit_code -eq 107 ]

#!ArchExclusiveLine: x86_64
RUN if [ "$(uname -m)" = "x86_64" ]; then \
        zypper --installroot /chroot -n install \
            qemu-x86; \
    fi

#!ArchExclusiveLine: aarch64
RUN if [ "$(uname -m)" = "aarch64" ]; then \
        zypper --installroot /chroot -n install \
            qemu-arm \
            qemu-uefi-aarch64; \
    fi

RUN zypper --installroot /chroot clean -a && \
    rm -rf /chroot/var/log/*

FROM base

# Mandatory labels for the build service:
#   https://en.opensuse.org/Building_derived_containers
# labelprefix=%%LABELPREFIX%%
LABEL org.opencontainers.image.title="kubevirt virt-launcher container"
LABEL org.opencontainers.image.description="Container to host VM processes for kubevirt"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.version="%%PKG_VERSION%%.%RELEASE%"
LABEL org.opencontainers.image.source="%SOURCEURL%"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL org.opensuse.reference="%%REGISTRY%%/%%TAGPREFIX%%/virt-launcher:%%PKG_VERSION%%.%RELEASE%"
# endlabelprefix

COPY --from=builder /chroot /

#!ArchExclusiveLine: x86_64
RUN if [ "$(uname -m)" = "x86_64" ]; then \
        mkdir -p /usr/share/OVMF && \
        ln -s ../qemu/ovmf-x86_64-code.bin /usr/share/OVMF/OVMF_CODE.fd && \
        ln -s ../qemu/ovmf-x86_64-vars.bin /usr/share/OVMF/OVMF_VARS.fd && \
        ln -s ../qemu/ovmf-x86_64-code.bin /usr/share/OVMF/OVMF_CODE.cc.fd && \
        ln -s ../qemu/ovmf-x86_64-smm-ms-code.bin /usr/share/OVMF/OVMF_CODE.secboot.fd && \
        ln -s ../qemu/ovmf-x86_64-smm-ms-vars.bin /usr/share/OVMF/OVMF_VARS.secboot.fd ; \
    fi

#!ArchExclusiveLine: aarch64
RUN if [ "$(uname -m)" = "aarch64" ]; then \
        mkdir -p /usr/share/AAVMF && \
        ln -s ../qemu/aavmf-aarch64-code.bin /usr/share/AAVMF/AAVMF_CODE.fd && \
        ln -s ../qemu/aavmf-aarch64-vars.bin /usr/share/AAVMF/AAVMF_VARS.fd ; \
    fi

RUN cp -f /usr/share/kube-virt/virt-launcher/virtqemud.conf /etc/libvirt/virtqemud.conf && \
    cp -f /usr/share/kube-virt/virt-launcher/qemu.conf /etc/libvirt/qemu.conf

# KubeVirt expects virtiofsd to be installed in /usr/libexec
# NOTE: the value of %{_libexecdir} may vary across distros
RUN VIRTIOFSD=$(rpm --eval '%{_libexecdir}')/virtiofsd; \
    [ -d ${VIRTIOFSD} ] && VIRTIOFSD=${VIRTIOFSD}/virtiofsd; \
    [ -f /usr/libexec/virtiofsd ] || \
    (mkdir -p /usr/libexec && ln -svrt /usr/libexec ${VIRTIOFSD})

# Setup permissions and capabilities for non-root VMIs
RUN setcap 'cap_net_bind_service=+ep' /usr/bin/virt-launcher && \
    setcap 'cap_net_bind_service=+ep' /usr/bin/virt-launcher-monitor && \
    setcap 'cap_net_bind_service=+ep' /usr/bin/qemu-system-$(uname -m) && \
    chmod 0755 /etc/libvirt

RUN cd /var && rm -rf run && ln -s ../run .

ENTRYPOINT [ "/usr/bin/virt-launcher-monitor" ]
openSUSE Build Service is sponsored by