sc2-sys · csegarragonz · Jan 24, 2025 · Jan 24, 2025 · Jan 24, 2025
diff --git a/docs/upgrade_coco.md b/docs/upgrade_coco.md
@@ -21,42 +21,31 @@ to the version they point to.
 
 ### Upgrade CoCo Version Tag
 
-First, bump the `COCO_RELEASE_VERSION` in `tasks/util/env.py`. Then work-out
+First, bump the `COCO_VERSION` in `tasks/util/versions.py`. Then work-out
 what Kata version is being used, and `cd` into your `kata-containers` source
 tree.
 
 ### Update Kata and Guest Components
 
-The source tree should point to `sc2-main`. We need to rebase it on the latest
-Kata:
+First, rebase `guest-components` to the latest `main` (guest-components is
+not tagged anymore, afaict).
 
-```bash
-git fetch upstream
-
-# You may try to first rebase and re-build on a test branch
-git checkout -b sc2-main-test
-git rebase <TAG>
-git push origin sc2-main-test
-```
+Then rebase `sc2-main` and `sc2-baseline` to the new Kata tag (pinned by the
+CoCo release). You should also update the `KATA_VERSION` variable in the
+versions file.
 
-If you have any changes on top of guest components, you should rebase them
-on top of `0.10.0`, re-build, and push the tag. Note that you Kata fork should
-point to a guest components version with the `sc2-main` branch.
-
-Now, if you have used a test branch, update the branch name in the kata
-dockerfile in `./docker/kata.dockerfile`, and try to re-build Kata:
+Once you have pushed the branches to the remote, you will have to re-build
+the Kata image:
 
 ```bash
-inv kata.build
-inv kata.replace-agent
+inv kata.build --nocache --push
 ```
 
 ### Dry Run
 
-The only thing remaining is to test a fresh install:
+The easies way to test the deployment is to start a new cluster from scratch,
+and run some demo functions:
 
 ```bash
-inv kubeadm.create operator.install operator.install-cc-runtime knative.install
+inv sc2.destroy sc2.deploy --clean
 ```
-
-and run some demo functions.
diff --git a/tasks/sc2.py b/tasks/sc2.py
@@ -116,6 +116,10 @@ def install_sc2_runtime(debug=False):
         # FIXME: we need to update the default_memory to be able to run the
         # Knative chaining test. This will change when memory hot-plugging
         # is supported
+        # FIXME 2: we need to set the default max vcpus, as the kata-runtime,
+        # and containerd-shim seem to give it different default values. Not
+        # an issue as hot-plugging vCPUs is not supported so we can never
+        # exceed the default (1).
         updated_toml_str = """
         [factory]
         vm_cache_number = {vm_cache_number}
@@ -124,6 +128,7 @@ def install_sc2_runtime(debug=False):
         hot_plug_vfio = "root-port"
         pcie_root_port = 2
         default_memory = 6144
+        default_maxvcpus = 1
         """.format(
             vm_cache_number=VM_CACHE_SIZE
         )

diff --git a/tasks/util/kata.py b/tasks/util/kata.py
@@ -194,6 +194,7 @@ def replace_agent(
     script_files = [
         "initrd-builder/initrd_builder.sh",
         "rootfs-builder/rootfs.sh",
+        "rootfs-builder/nvidia/",
         "rootfs-builder/ubuntu/config.sh",
         "rootfs-builder/ubuntu/Dockerfile.in",
         "rootfs-builder/ubuntu/rootfs_lib.sh",

diff --git a/tasks/util/registry.py b/tasks/util/registry.py
@@ -160,7 +160,7 @@ def start(debug=False, clean=False):
     """.format(
         containerd_base_certs_dir=containerd_base_certs_dir
     )
-    update_toml(CONTAINERD_CONFIG_FILE, updated_toml_str)
+    update_toml(CONTAINERD_CONFIG_FILE, updated_toml_str, requires_root=True)
 
     # Add the correspnding configuration to containerd
     containerd_certs_dir = join(containerd_base_certs_dir, LOCAL_REGISTRY_URL)

diff --git a/tasks/util/toml.py b/tasks/util/toml.py
@@ -1,5 +1,5 @@
 from re import findall
-from os import remove
+from os import getuid, getgid, remove, stat
 from os.path import basename, join
 from subprocess import run
 from toml import (
@@ -55,7 +55,20 @@ def update_toml(toml_path, updates_toml, requires_root=True):
                     express arbitrarily complex TOML files)
     - requires_root: whether the TOML file is root-owned (usually the case)
     """
-    conf_file = toml_load(toml_path)
+    if requires_root:
+        new_toml_file_path = join("/tmp", basename(toml_path) + "-read")
+        run(f"sudo cp {toml_path} {new_toml_file_path}", shell=True, check=True)
+        run(
+            "sudo chown {}:{} {}".format(getuid(), getgid(), new_toml_file_path),
+            shell=True,
+            check=True,
+        )
+
+        conf_file = toml_load(new_toml_file_path)
+        run(f"sudo rm {new_toml_file_path}", shell=True, check=True)
+    else:
+        conf_file = toml_load(toml_path)
+
     merge_dicts_recursively(conf_file, toml_load_from_string(updates_toml))
 
     if requires_root:
@@ -101,6 +114,26 @@ def read_value_from_toml(toml_file_path, toml_path, tolerate_missing=False):
     """
     Return the value in a TOML specified by a "." delimited TOML path
     """
+    # Check if the pointed-to file is sudo-owned
+    try:
+        stat_info = stat(toml_file_path)
+    except FileNotFoundError:
+        if tolerate_missing:
+            return ""
+        print(f"ERROR: cannot find TOML at path: {toml_file_path}")
+        raise RuntimeError("Error reading value from toml")
+
+    if stat_info.st_uid == 0:
+        new_toml_file_path = join("/tmp", basename(toml_file_path))
+        run(f"sudo cp {toml_file_path} {new_toml_file_path}", shell=True, check=True)
+        run(
+            "sudo chown {}:{} {}".format(getuid(), getgid(), new_toml_file_path),
+            shell=True,
+            check=True,
+        )
+
+        toml_file_path = new_toml_file_path
+
     toml_file = toml_load(toml_file_path)
     for toml_level in split_dot_preserve_quotes(toml_path):
         if toml_level not in toml_file:

diff --git a/tasks/util/versions.py b/tasks/util/versions.py
@@ -1,6 +1,6 @@
 # CoCo versions (note that the CoCo release pins the Kata Version)
-COCO_VERSION = "0.10.0"
-KATA_VERSION = "3.9.0"
+COCO_VERSION = "0.12.0"
+KATA_VERSION = "3.13.0"
 
 # Base software versions
 GO_VERSION = "1.23.0"

diff --git a/tools/check-fork-hashes/src/main.rs b/tools/check-fork-hashes/src/main.rs
@@ -102,14 +102,6 @@ fn main() {
             dict.insert("branches", "sc2-main,sc2-baseline");
             dict
         },
-        {
-            let mut dict = HashMap::new();
-            dict.insert("repo_name", "guest-components");
-            dict.insert("version_str", "COCO_VERSION");
-            dict.insert("ctr_src_paths", "/usr/src/guest-components");
-            dict.insert("branches", "sc2-main");
-            dict
-        },
         {
             let mut dict = HashMap::new();
             dict.insert("repo_name", "containerd");