[PATCH] vm_images: Update to handle additional host configurations

[ohilyard at iol.unh.edu]

From: Owen Hilyard <ohilyard at iol.unh.edu>

While doing testing on UNH's ARM system, there were a few edge cases. Namely
that docker must be run in privileged mode. This is not due to ARM but
SeLinux/AppArmor getting the way of accessing some of kvm's resources
while in an unprivileged namespace. Issues with passing through the
hardware clock resulted in both the addition of chronyd and trusting the
ssl certificates on python's pip repositories while installing meson due
to issues with SSL and the VM time starting at Jan 1, 1970.

Signed-off-by: Owen Hilyard <ohilyard at iol.unh.edu>
---
 vm_images/Dockerfile         |  2 +-
 vm_images/create_vm_image.py | 12 ++++++++----
 2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/vm_images/Dockerfile b/vm_images/Dockerfile
index e3f1e0d9..ce4dbca4 100644
--- a/vm_images/Dockerfile
+++ b/vm_images/Dockerfile
@@ -6,4 +6,4 @@ RUN apt-get update && apt-get upgrade -y
 
 RUN apt-get install --no-install-recommends -y libguestfs-tools \
     qemu linux-image-generic qemu-kvm libvirt-daemon-system libvirt-clients bridge-utils \
-    linux-image-unsigned-5.11.0-46-generic
\ No newline at end of file
+    linux-image-unsigned-5.11.0-46-generic qemu-system-x86
diff --git a/vm_images/create_vm_image.py b/vm_images/create_vm_image.py
index 88ffc7f9..8a010c99 100755
--- a/vm_images/create_vm_image.py
+++ b/vm_images/create_vm_image.py
@@ -153,7 +153,7 @@ def run_subprocess(
         "docker",
         "run",
         # The container needs to access QEMU/KVM
-        # "--privileged",
+        "--privileged",
         "-d",
         "--platform",
     ]
@@ -262,14 +262,13 @@ def get_virt_customize_command(
     os_family_tags: Set[OsFamily], output_path: str, root_password: str
 ) -> str:
     commands = [
-        f"virt-customize -a {output_path} --root-password password:{root_password} --update",
+        f"virt-customize -a {output_path} --root-password password:{root_password} --update"
     ]
 
     commands = commands + get_enable_additional_repos_commands(os_family_tags)
 
     packages = get_packages_for_os_family(os_family_tags)
     packagelist = ",".join(packages)
-    commands += (f"--run-command dhclient",)
     commands += (f"--install {packagelist}",)
     commands += (f"--run-command {get_install_meson_command(os_family_tags)}",)
     commands += (f"--run-command {get_setup_hugepages_command(os_family_tags)}",)
@@ -324,6 +323,7 @@ def get_packages_for_os_family(os_family_tags: Set[OsFamily]) -> List[str]:
             "python3-setuptools",
             "python3-wheel",
             "iperf",
+            "chrony",
         ]
     elif OsFamily.RHEL in os_family_tags:
         return [
@@ -354,7 +354,9 @@ def get_packages_for_os_family(os_family_tags: Set[OsFamily]) -> List[str]:
 
 def get_install_meson_command(os_family_tags: Set[OsFamily]) -> str:
     if OsFamily.DEBIAN in os_family_tags or OsFamily.RHEL in os_family_tags:
-        return '"python3 -m pip install meson"'
+        # the "--trusted-host" flags are included because the date on the system will be Jan 1, 1970 due to the way
+        # guestfs-tools starts the vm. This breaks pip's ssl, so making these hosts trusted fixes that.
+        return '"python3 -m pip install --trusted-host pypi.org --trusted-host pypi.python.org --trusted-host files.pythonhosted.org meson"'
     else:
         error(f"Unknown command to install meson for {os_family_tags}")
 
@@ -426,6 +428,8 @@ def get_image_info(base_image_path: str) -> (OsFamily, Arch):
         base_image_path,
     ]
 
+    print(" ".join(command))
+
     proc = subprocess.run(command, capture_output=True)
     if proc.returncode != 0:
         print(proc.stdout)
-- 
2.30.2