feat(deployment): add urunc configuration file and update install script

deployment/urunc-deploy/Dockerfile

@@ -95,6 +95,7 @@ COPY --from=intermediate /urunc-artifacts /urunc-artifacts
 COPY --from=intermediate /usr/bin/jq /usr/bin/jq
 COPY --from=intermediate /usr/bin/kubectl /usr/bin/kubectl
 COPY scripts/install.sh /urunc-artifacts/scripts/install.sh
+COPY config.toml /urunc-artifacts/config.toml
 RUN apk update && \
     apk add --no-cache bash curl py3-pip && \
     pip install --no-cache-dir --break-system-packages yq==3.2.3 && \

deployment/urunc-deploy/config.toml

@@ -0,0 +1,19 @@
+# urunc configuration file
+# Installed by urunc-deploy
+
+[monitors.qemu]
+path = "/opt/urunc/bin/qemu-system-x86_64"
+data_path = "/opt/urunc/share"
+
+[monitors.firecracker]
+path = "/opt/urunc/bin/firecracker"
+
+[monitors.hvt]
+path = "/opt/urunc/bin/solo5-hvt"
+
+[monitors.spt]
+path = "/opt/urunc/bin/solo5-spt"
+
+[extra_binaries.virtiofsd]
+path = "/opt/urunc/libexec/virtiofsd"
+

deployment/urunc-deploy/scripts/install.sh

@@ -44,37 +44,36 @@ function install_artifact() {
 
 function install_artifacts() {
     echo "copying urunc artifacts onto host"
-    mkdir -p /host/usr/local/bin
+    local urunc_base_dir="/host/opt/urunc"
+    mkdir -p "${urunc_base_dir}/bin"
+    mkdir -p "${urunc_base_dir}/libexec"
+    mkdir -p "${urunc_base_dir}/share"
 
-    install_artifact /urunc-artifacts/urunc /host/usr/local/bin/urunc
-    install_artifact /urunc-artifacts/containerd-shim-urunc-v2 /host/usr/local/bin/containerd-shim-urunc-v2
+    install_artifact /urunc-artifacts/urunc "${urunc_base_dir}/bin/urunc"
+    install_artifact /urunc-artifacts/containerd-shim-urunc-v2 "${urunc_base_dir}/bin/containerd-shim-urunc-v2"
 
     # install only the hypervisors found in the HYPERVISORS environment variable
     echo "Installing hypervisors: ${HYPERVISORS}"
     for hypervisor in "${hypervisors[@]}" ; do
         case "$hypervisor" in
         qemu)
             echo "Installing qemu"
-            if which "qemu-system-$(uname -m)" >/dev/null 2>&1; then
-                echo "QEMU is already installed."
-            else
-                install_artifact /urunc-artifacts/hypervisors/qemu-system-$(uname -m) /host/usr/local/bin/qemu-system-$(uname -m)
-                install_artifact /urunc-artifacts/libexec/virtiofsd /host/usr/libexec/virtiofsd
-                mkdir -p /host/usr/local/share/qemu/
-                cp -r /urunc-artifacts/opt/kata/share/kata-qemu/qemu /host/usr/local/share
-            fi
+            install_artifact /urunc-artifacts/hypervisors/qemu-system-$(uname -m) "${urunc_base_dir}/bin/qemu-system-$(uname -m)"
+            install_artifact /urunc-artifacts/libexec/virtiofsd "${urunc_base_dir}/libexec/virtiofsd"
+            mkdir -p "${urunc_base_dir}/share/qemu/"
+            cp -r /urunc-artifacts/opt/kata/share/kata-qemu/qemu "${urunc_base_dir}/share/"
             ;;
         firecracker)
             echo "Installing firecracker"
-            install_artifact /urunc-artifacts/hypervisors/firecracker /host/usr/local/bin/firecracker
+            install_artifact /urunc-artifacts/hypervisors/firecracker "${urunc_base_dir}/bin/firecracker"
             ;;
         solo5-spt)
             echo "Installing solo5-spt"
-            install_artifact /urunc-artifacts/hypervisors/solo5-spt /host/usr/local/bin/solo5-spt
+            install_artifact /urunc-artifacts/hypervisors/solo5-spt "${urunc_base_dir}/bin/solo5-spt"
             ;;
         solo5-hvt)
             echo "Installing solo5-hvt"
-            install_artifact /urunc-artifacts/hypervisors/solo5-hvt /host/usr/local/bin/solo5-hvt
+            install_artifact /urunc-artifacts/hypervisors/solo5-hvt "${urunc_base_dir}/bin/solo5-hvt"
             ;;
         *)
             echo "Unsupported hypervisor: $hypervisor"
@@ -83,38 +82,35 @@ function install_artifacts() {
     done
 }
 
+function install_urunc_config() {
+    echo "Installing urunc configuration file"
+    local urunc_config_dir="/host/etc/urunc"
+    local urunc_config_file="${urunc_config_dir}/config.toml"
+    local arch=$(uname -m)
+
+    mkdir -p "${urunc_config_dir}"
+
+    # Copy the static config file and replace architecture placeholder if needed
+    cp /urunc-artifacts/config.toml "${urunc_config_file}"
+
+    # Replace architecture placeholder in qemu path (x86_64 -> actual arch)
+    if [ "${arch}" != "x86_64" ]; then
+        sed -i "s/qemu-system-x86_64/qemu-system-${arch}/g" "${urunc_config_file}"
+    fi
+
+    echo "urunc configuration file installed at ${urunc_config_file}"
+}
+
 function remove_artifacts() {
-    rm -f /host/usr/local/bin/urunc
-    rm -f /host/usr/local/bin/containerd-shim-urunc-v2
-    local hypervisors="${HYPERVISORS:-"firecracker qemu solo5-hvt solo5-spt"}"
-    for hypervisor in $hypervisors; do
-        case "$hypervisor" in
-        qemu)
-            if [ -e "/host/usr/local/bin/qemu-system-$(uname -m)" ]; then
-                rm -f "/host/usr/local/bin/qemu-system-$(uname -m)"
-                rm -rf /host/usr/local/share/qemu
-            fi
-            ;;
-        firecracker)
-            if [ -e "/host/usr/local/bin/firecracker" ]; then
-                rm -f "/host/usr/local/bin/firecracker"
-            fi
-            ;;
-        solo5-spt)
-            if [ -e "/host/usr/local/bin/solo5-spt" ]; then
-                rm -f "/host/usr/local/bin/solo5-spt"
-            fi
-            ;;
-        solo5-hvt)
-            if [ -e "/host/usr/local/bin/solo5-hvt" ]; then
-                rm -f "/host/usr/local/bin/solo5-hvt"
-            fi
-            ;;
-        *)
-            echo "Unsupported hypervisor: $hypervisor"
-            ;;
-        esac
-    done
+    local urunc_base_dir="/host/opt/urunc"
+    # Remove urunc base directory and all its contents
+    if [ -d "${urunc_base_dir}" ]; then
+        rm -rf "${urunc_base_dir}"
+    fi
+    # Also remove urunc configuration file
+    if [ -f "/host/etc/urunc/config.toml" ]; then
+        rm -f "/host/etc/urunc/config.toml"
+    fi
 }
 
 
@@ -377,6 +373,7 @@ function main() {
                 fi
             fi
             install_artifacts
+            install_urunc_config
             configure_cri_runtime "$runtime"
             kubectl label node "$NODE_NAME" --overwrite urunc.io/urunc-runtime=true
             echo "urunc-deploy completed successfully"

docs/tutorials/How-to-urunc-on-k8s.md

@@ -179,18 +179,21 @@ During installation, the following steps take place:
 - A RBAC role is created to allow `urunc-deploy` to run with privileged access.
 - The `urunc-deploy` Pod is deployed with privileges on the host, and the `containerd` configuration is mounted inside the Pod.
 - `urunc-deploy` performs the following tasks:
-    * Copies `urunc` and hypervisor binaries to the host under `usr/local/bin`.
+    * Copies `urunc` and hypervisor binaries to the host under `/opt/urunc/bin`.
+    * Installs `virtiofsd` to `/opt/urunc/libexec` and QEMU data files to `/opt/urunc/share`.
+    * Installs the urunc configuration file at `/etc/urunc/config.toml` with paths pointing to `/opt/urunc`.
     * Creates a backup of the current `containerd` configuration file.
     * Edits the `containerd` configuration file to add `urunc` as a supported runtime.
     * Restarts `containerd`, if necessary.
     * Labels the Node with label `urunc.io/urunc-runtime=true`.
 - Finally, `urunc` is added as a runtime class in k8s.
 
-> Note: `urunc-deploy` will install a static version of QEMU in `/usr/local/bin/` along with the QEMU BIOS files in `/usr/local/share/`. Therefore, files with the same names under these directories will get overwritten.
+> Note: `urunc-deploy` installs all artifacts under `/opt/urunc` to avoid overwriting existing system files. The urunc configuration file is installed as a static file that points to these locations.
 
 During cleanup, these changes are reverted:
 
-- The `urunc` and hypervisor binaries are deleted.
+- The `/opt/urunc` directory and all its contents are removed.
+- The urunc configuration file at `/etc/urunc/config.toml` is removed.
 - The `containerd` configuration file is restored to the pre-`urunc-deploy` state.
 - The `urunc.io/urunc-runtime=true` label is removed from the Node.
 - The RBAC role, the `urunc-deploy` Pod and the runtime class are removed.