Skip to content

Commit

Permalink
ubuntu: Bump to latest LTS 24.04
Browse files Browse the repository at this point in the history 
The LLVM image will be tackled later due to the below upstream verifier
test failures

```
    --- FAIL: TestVerifier/bpf_host (111.35s)
        --- FAIL: TestVerifier/bpf_host/1 (24.05s)
        --- FAIL: TestVerifier/bpf_host/2 (21.32s)
	...
```

Sample error log for TestVerifier/bpf_host/1

```
    verifier_test.go:244: Error: program tail_nodeport_nat_ingress_ipv4: load program: argument list too long: BPF program is too large. Processed 1000001 insn (1445 line(s) omitted)
        Verifier error tail: load program: argument list too long:
        	(1436 line(s) omitted)
        	; struct ipv4_ct_tuple icmp_tuple = {
        	1201: (63) *(u32 *)(r10 -12) = r1
        	; .flags = tuple->flags | TUPLE_F_RELATED,
        	1202: (71) r1 = *(u8 *)(r10 -123)
        	; .flags = tuple->flags | TUPLE_F_RELATED,
        	1203: (44) w1 |= 2
        	; struct ipv4_ct_tuple icmp_tuple = {
        	1204: (73) *(u8 *)(r10 -3) = r1
        	BPF program is too large. Processed 1000001 insn
        	processed 1000001 insns (limit 1000000) max_states_per_insn 17 total_states 55755 peak_states 1015 mark_read 59
```

Sample error log for TestVerifier/bpf_host/2
```
    verifier_test.go:244: Error: program tail_nodeport_nat_ingress_ipv4: load program: argument list too long: BPF program is too large. Processed 1000001 insn (1445 line(s) omitted)
        Verifier error tail: load program: argument list too long:
        	(1436 line(s) omitted)
        	; struct ipv4_ct_tuple icmp_tuple = {
        	1201: (63) *(u32 *)(r10 -12) = r1
        	; .flags = tuple->flags | TUPLE_F_RELATED,
        	1202: (71) r1 = *(u8 *)(r10 -123)
        	; .flags = tuple->flags | TUPLE_F_RELATED,
        	1203: (44) w1 |= 2
        	; struct ipv4_ct_tuple icmp_tuple = {
        	1204: (73) *(u8 *)(r10 -3) = r1
        	BPF program is too large. Processed 1000001 insn
        	processed 1000001 insns (limit 1000000) max_states_per_insn 17 total_states 55755 peak_states 1015 mark_read 59
 ```

Signed-off-by: Tam Mach <[email protected]>
  • Loading branch information
@sayboras
sayboras committed Jun 21, 2024
1 parent 2494ae7 commit a843c76
Show file tree
Hide file tree
Showing 5 changed files with 36 additions and 15 deletions.
2 changes: 1 addition & 1 deletion images/bpftool/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
# SPDX-License-Identifier: Apache-2.0

ARG COMPILERS_IMAGE=quay.io/cilium/image-compilers:5569a29cea6b3ad50aeb03102aaf3dc03841197c@sha256:b15dbedb7c49816c74a765e2f6ecdb9359763b8e4e4328d794f48b9cefae9804
ARG UBUNTU_IMAGE=docker.io/library/ubuntu:22.04@sha256:26c68657ccce2cb0a31b330cb0be2b5e108d467f641c62e13ab40cbec258c68d
ARG UBUNTU_IMAGE=docker.io/library/ubuntu:24.04@sha256:2e863c44b718727c860746568e1d54afd13b2fa71b160f5cd9058fc436217b30
ARG TESTER_IMAGE=quay.io/cilium/image-tester:dd09c8d3ef349a909fbcdc99279516baef153f22@sha256:c056d064cb47c97acd607343db5457e1d49d9338d6d8a87e93e23cc93f052c73

FROM --platform=linux/amd64 ${COMPILERS_IMAGE} as builder
Expand Down
2 changes: 1 addition & 1 deletion images/compilers/Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
# Copyright 2020 Authors of Cilium
# SPDX-License-Identifier: Apache-2.0

ARG UBUNTU_IMAGE=docker.io/library/ubuntu:22.04@sha256:26c68657ccce2cb0a31b330cb0be2b5e108d467f641c62e13ab40cbec258c68d
ARG UBUNTU_IMAGE=docker.io/library/ubuntu:24.04@sha256:2e863c44b718727c860746568e1d54afd13b2fa71b160f5cd9058fc436217b30
ARG TESTER_IMAGE=quay.io/cilium/image-tester:dd09c8d3ef349a909fbcdc99279516baef153f22@sha256:c056d064cb47c97acd607343db5457e1d49d9338d6d8a87e93e23cc93f052c73

FROM ${UBUNTU_IMAGE} as builder
Expand Down
41 changes: 30 additions & 11 deletions images/compilers/install-deps.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,6 @@ packages=(
make
ninja-build
pkg-config
python2
python3
python3-pip
unzip
Expand All @@ -42,15 +41,36 @@ packages_amd64=(

export DEBIAN_FRONTEND=noninteractive

cat > /etc/apt/sources.list << EOF
deb [arch=amd64] http://archive.ubuntu.com/ubuntu jammy main restricted universe multiverse
deb [arch=amd64] http://security.ubuntu.com/ubuntu jammy-updates main restricted universe multiverse
deb [arch=amd64] http://security.ubuntu.com/ubuntu jammy-security main restricted universe multiverse
deb [arch=amd64] http://archive.ubuntu.com/ubuntu jammy-backports main restricted universe multiverse
deb [arch=arm64] http://ports.ubuntu.com/ jammy main restricted universe multiverse
deb [arch=arm64] http://ports.ubuntu.com/ jammy-updates main restricted universe multiverse
deb [arch=arm64] http://ports.ubuntu.com/ jammy-security main restricted universe multiverse
deb [arch=arm64] http://ports.ubuntu.com/ jammy-backports main restricted universe multiverse
cat > /etc/apt/sources.list.d/ubuntu.sources << EOF
Types: deb
URIs: http://archive.ubuntu.com/ubuntu/
Suites: noble noble-updates noble-backports
Components: main universe restricted multiverse
Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg
Architectures: amd64
## Ubuntu security updates. Aside from URIs and Suites,
## this should mirror your choices in the previous section.
Types: deb
URIs: http://security.ubuntu.com/ubuntu/
Suites: noble-security
Components: main universe restricted multiverse
Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg
Architectures: amd64
Types: deb
URIs: http://ports.ubuntu.com/
Suites: noble noble-updates noble-backports
Components: main restricted universe multiverse
Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg
Architectures: arm64
Types: deb
URIs: http://ports.ubuntu.com/ubuntu-ports/
Suites: noble-security
Components: main universe restricted multiverse
Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg
Architectures: arm64
EOF

if [ "$(uname -m)" == "x86_64" ] ; then
Expand All @@ -66,7 +86,6 @@ if [ "$(uname -m)" == "x86_64" ] ; then
apt-get install -y --no-install-recommends "${packages_amd64[@]}"
fi

update-alternatives --install /usr/bin/python python /usr/bin/python2 1
update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-9 2
if [ "$(uname -m)" == "x86_64" ] ; then
update-alternatives --install /usr/bin/aarch64-linux-gnu-gcc aarch64-linux-gnu-gcc /usr/bin/aarch64-linux-gnu-gcc-9 3
Expand Down
4 changes: 2 additions & 2 deletions images/iptables/Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,14 +1,14 @@
# Copyright Authors of Cilium
# SPDX-License-Identifier: Apache-2.0

# This file builds iptables 1.8.8-1 from source using Ubuntu 22.04
# This file builds iptables 1.8.8-1 from source using Ubuntu 24.04
# The source code comes from Debian Bookworm snapshots
# To upgrade to a new iptables version, change also the snapshot date.

ARG IPTABLES_VERSION=1.8.8-1
ARG SNAPSHOT_DATE=20230116T212610Z

FROM docker.io/library/ubuntu:22.04@sha256:27cb6e6ccef575a4698b66f5de06c7ecd61589132d5a91d098f7f3f9285415a9
FROM docker.io/library/ubuntu:24.04@sha256:2e863c44b718727c860746568e1d54afd13b2fa71b160f5cd9058fc436217b30

RUN mkdir /iptables
WORKDIR /iptables
Expand Down
2 changes: 2 additions & 0 deletions images/llvm/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,8 @@
# SPDX-License-Identifier: Apache-2.0

ARG COMPILERS_IMAGE=quay.io/cilium/image-compilers:5569a29cea6b3ad50aeb03102aaf3dc03841197c@sha256:b15dbedb7c49816c74a765e2f6ecdb9359763b8e4e4328d794f48b9cefae9804
#TODO Bump to 24.04 once the verifier tests are fixed
#Verifier tests TestVerifier/bpf_host/{1,2} is failing if we use ubuntu 24.04
ARG UBUNTU_IMAGE=docker.io/library/ubuntu:22.04@sha256:26c68657ccce2cb0a31b330cb0be2b5e108d467f641c62e13ab40cbec258c68d
ARG TESTER_IMAGE=quay.io/cilium/image-tester:dd09c8d3ef349a909fbcdc99279516baef153f22@sha256:c056d064cb47c97acd607343db5457e1d49d9338d6d8a87e93e23cc93f052c73

Expand Down

0 comments on commit a843c76

Please sign in to comment.