From 32dca574101fbce6365e9a7383a8370facec4f3b Mon Sep 17 00:00:00 2001
From: Roman Mohr <rmohr@redhat.com>
Date: Mon, 21 Dec 2020 14:54:15 +0100
Subject: [PATCH] Prepare binary containers for bazeldnf built content

 * Move controll-plane to distroless containers (compile them static)
 * Let virt-launcher and virt-handler use the new container base
   which means that we need to add users manually.
 * Add full libvirt and qemu config files to our codebase
   which cuts the last connection to kubevirt/libvirt

Signed-off-by: Roman Mohr <rmohr@redhat.com>
---
 cmd/subresource-access-test/BUILD.bazel |  1 +
 cmd/virt-api/BUILD.bazel                |  1 +
 cmd/virt-controller/BUILD.bazel         |  1 +
 cmd/virt-handler/BUILD.bazel            | 71 ++++++++++++++++++++--
 cmd/virt-launcher/BUILD.bazel           | 80 +++++++++++++++++++++++--
 cmd/virt-launcher/libvirtd.conf         |  4 ++
 cmd/virt-launcher/qemu.conf             | 12 ++++
 cmd/virt-operator/BUILD.bazel           |  1 +
 8 files changed, 163 insertions(+), 8 deletions(-)
 create mode 100644 cmd/virt-launcher/libvirtd.conf
 create mode 100644 cmd/virt-launcher/qemu.conf

diff --git a/cmd/subresource-access-test/BUILD.bazel b/cmd/subresource-access-test/BUILD.bazel
index 8a894f8706a4..0cf98a2f772d 100644
--- a/cmd/subresource-access-test/BUILD.bazel
+++ b/cmd/subresource-access-test/BUILD.bazel
@@ -14,6 +14,7 @@ go_library(
 go_binary(
     name = "subresource-access-test",
     embed = [":go_default_library"],
+    static = "on",
     visibility = ["//visibility:public"],
 )
 
diff --git a/cmd/virt-api/BUILD.bazel b/cmd/virt-api/BUILD.bazel
index 61677b799142..545e06f9270c 100644
--- a/cmd/virt-api/BUILD.bazel
+++ b/cmd/virt-api/BUILD.bazel
@@ -20,6 +20,7 @@ load("//vendor/kubevirt.io/client-go/version:def.bzl", "version_x_defs")
 go_binary(
     name = "virt-api",
     embed = [":go_default_library"],
+    static = "on",
     visibility = ["//visibility:public"],
     x_defs = version_x_defs(),
 )
diff --git a/cmd/virt-controller/BUILD.bazel b/cmd/virt-controller/BUILD.bazel
index a2dab7eafc9f..09f108ec8187 100644
--- a/cmd/virt-controller/BUILD.bazel
+++ b/cmd/virt-controller/BUILD.bazel
@@ -18,6 +18,7 @@ load("//vendor/kubevirt.io/client-go/version:def.bzl", "version_x_defs")
 go_binary(
     name = "virt-controller",
     embed = [":go_default_library"],
+    static = "on",
     visibility = ["//visibility:public"],
     x_defs = version_x_defs(),
 )
diff --git a/cmd/virt-handler/BUILD.bazel b/cmd/virt-handler/BUILD.bazel
index 89c2369918a0..26890e3a1fcb 100644
--- a/cmd/virt-handler/BUILD.bazel
+++ b/cmd/virt-handler/BUILD.bazel
@@ -59,18 +59,81 @@ load(
     "@io_bazel_rules_docker//container:container.bzl",
     "container_image",
 )
+load("@io_bazel_rules_docker//contrib:group.bzl", "group_entry", "group_file")
+load("@io_bazel_rules_docker//contrib:passwd.bzl", "passwd_entry", "passwd_file")
+load("@bazel_tools//tools/build_defs/pkg:pkg.bzl", "pkg_tar")
+
+passwd_entry(
+    name = "root-user",
+    gid = 0,
+    home = "/root",
+    info = "root",
+    shell = "/bin/bash",
+    uid = 0,
+    username = "root",
+)
+
+passwd_entry(
+    name = "qemu-user",
+    gid = 107,
+    home = "",
+    shell = "/bin/bash",
+    uid = 107,
+    username = "qemu",
+)
+
+passwd_file(
+    name = "passwd",
+    entries = [
+        ":qemu-user",
+        ":root-user",
+    ],
+)
+
+group_entry(
+    name = "qemu-group",
+    gid = 107,
+    groupname = "qemu",
+)
+
+group_entry(
+    name = "root-group",
+    gid = 0,
+    groupname = "qemu",
+)
+
+
+
+group_file(
+    name = "group",
+    entries = [
+        ":qemu-group",
+        ":root-group",
+    ],
+)
+
+pkg_tar(
+    name = "passwd-tar",
+    srcs = [
+        ":group",
+        ":passwd",
+    ],
+    mode = "0644",
+    package_dir = "etc",
+    visibility = ["//visibility:public"],
+)
 
 container_image(
     name = "version-container",
-    base = select({
-        "@io_bazel_rules_go//go/platform:linux_ppc64le": "@libvirt_ppc64le//image",
-        "//conditions:default": "@libvirt//image",
-    }),
     directory = "/",
     files = [
         ":virt_launcher.cil",
         "//:get-version",
     ],
+    tars = [
+        ":passwd-tar",
+        "//rpm:launcherbase",
+    ],
 )
 
 container_image(
diff --git a/cmd/virt-launcher/BUILD.bazel b/cmd/virt-launcher/BUILD.bazel
index 81ecb254dabe..8409ef3b4bc0 100644
--- a/cmd/virt-launcher/BUILD.bazel
+++ b/cmd/virt-launcher/BUILD.bazel
@@ -45,15 +45,87 @@ load(
     "@io_bazel_rules_docker//container:container.bzl",
     "container_image",
 )
+load("@io_bazel_rules_docker//contrib:group.bzl", "group_entry", "group_file")
+load("@io_bazel_rules_docker//contrib:passwd.bzl", "passwd_entry", "passwd_file")
+load("@bazel_tools//tools/build_defs/pkg:pkg.bzl", "pkg_tar")
+
+passwd_entry(
+    name = "root-user",
+    gid = 0,
+    home = "/root",
+    info = "root",
+    shell = "/bin/bash",
+    uid = 0,
+    username = "root",
+)
+
+group_entry(
+    name = "qemu-group",
+    gid = 107,
+    groupname = "qemu",
+)
+
+group_entry(
+    name = "root-group",
+    gid = 0,
+    groupname = "qemu",
+)
+
+
+group_file(
+    name = "group",
+    entries = [
+        ":qemu-group",
+        ":root-group",
+    ],
+)
+
+passwd_entry(
+    name = "qemu-user",
+    gid = 107,
+    home = "",
+    shell = "/bin/bash",
+    uid = 107,
+    username = "qemu",
+)
+
+passwd_file(
+    name = "passwd",
+    entries = [
+        ":qemu-user",
+        ":root-user",
+    ],
+)
+
+pkg_tar(
+    name = "libvirt-config",
+    srcs = [
+        ":qemu.conf",
+        ":libvirtd.conf",
+    ],
+    package_dir = "/etc/libvirt",
+)
+
+pkg_tar(
+    name = "passwd-tar",
+    srcs = [
+        ":group",
+        ":passwd",
+    ],
+    mode = "0644",
+    package_dir = "etc",
+    visibility = ["//visibility:public"],
+)
 
 container_image(
     name = "version-container",
-    base = select({
-        "@io_bazel_rules_go//go/platform:linux_ppc64le": "@libvirt_ppc64le//image",
-        "//conditions:default": "@libvirt//image",
-    }),
     directory = "/",
     files = ["//:get-version"],
+    tars = [
+        ":libvirt-config",
+        ":passwd-tar",
+        "//rpm:launcherbase",
+    ],
 )
 
 container_image(
diff --git a/cmd/virt-launcher/libvirtd.conf b/cmd/virt-launcher/libvirtd.conf
new file mode 100644
index 000000000000..86d57da445b1
--- /dev/null
+++ b/cmd/virt-launcher/libvirtd.conf
@@ -0,0 +1,4 @@
+listen_tls = 0
+listen_tcp = 1
+auth_tcp = "none"
+log_outputs = "1:stderr"
diff --git a/cmd/virt-launcher/qemu.conf b/cmd/virt-launcher/qemu.conf
new file mode 100644
index 000000000000..9d6602b2b067
--- /dev/null
+++ b/cmd/virt-launcher/qemu.conf
@@ -0,0 +1,12 @@
+stdio_handler = "logd"
+spice_listen = "0.0.0.0"
+vnc_listen = "0.0.0.0"
+vnc_tls = 0
+vnc_sasl = 0
+user = "qemu"
+group = "qemu"
+dynamic_ownership = 1
+remember_owner = 0
+namespaces = [ ]
+cgroup_controllers = [ ]
+cgroup_controllers = [ ]
diff --git a/cmd/virt-operator/BUILD.bazel b/cmd/virt-operator/BUILD.bazel
index fee638160d02..fa5e24044e98 100644
--- a/cmd/virt-operator/BUILD.bazel
+++ b/cmd/virt-operator/BUILD.bazel
@@ -16,6 +16,7 @@ go_library(
 go_binary(
     name = "virt-operator",
     embed = [":go_default_library"],
+    static = "on",
     visibility = ["//visibility:public"],
 )