fix: kvm perms

AidanAbd · AidanAbd · commit b744e17b748a · 2025-03-07T09:48:49.000-08:00
diff --git a/sysbox-eks-incremental.pkr.hcl b/sysbox-eks-incremental.pkr.hcl
@@ -54,7 +54,7 @@ local "git_branch" {
 }
 
 local "ami_name" {
-  expression = "latch-bio/sysbox-eks_0.6.5/k8s_1.29/jammy-22.04-amd64-server/nvidia-560.35.05/kvm-support-aed4"
+  expression = "latch-bio/sysbox-eks_0.6.5/k8s_1.29/jammy-22.04-amd64-server/nvidia-560.35.05/kvm-support-ccf4"
 }
 
 source "amazon-ebs" "ubuntu-eks" {
@@ -116,6 +116,11 @@ build {
       "sudo dasel put string --parser toml --file /etc/crio/crio.conf --selector 'crio.runtime.allowed_devices.[]' --multiple /dev/kvm",
 
       "sudo systemctl restart crio"
+
+      # configure /dev/kvm perms to allow containers to r/w to it
+      "echo 'KERNEL==\"kvm\", MODE=\"0666\"' | sudo tee /etc/udev/rules.d/99-kvm-permissions.rules > /dev/null",
+      "sudo udevadm control --reload-rules",
+      "sudo udevadm trigger"
     ]
   }
 }
diff --git a/sysbox-eks.pkr.hcl b/sysbox-eks.pkr.hcl
@@ -536,7 +536,12 @@ build {
 
       "sudo dasel put string --parser toml --file /etc/crio/crio.conf --selector 'crio.runtime.allowed_devices.[]' --multiple /dev/kvm",
 
-      "sudo systemctl restart crio"
+      "sudo systemctl restart crio",
+
+      # configure /dev/kvm perms to allow containers to r/w to it
+      "echo 'KERNEL==\"kvm\", MODE=\"0666\"' | sudo tee /etc/udev/rules.d/99-kvm-permissions.rules > /dev/null",
+      "sudo udevadm control --reload-rules",
+      "sudo udevadm trigger"
     ]
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -54,7 +54,7 @@ local "git_branch" {`
`54`	`54`	`}`
`55`	`55`
`56`	`56`	`local "ami_name" {`
`57`		`- expression = "latch-bio/sysbox-eks_0.6.5/k8s_1.29/jammy-22.04-amd64-server/nvidia-560.35.05/kvm-support-aed4"`
	`57`	`+ expression = "latch-bio/sysbox-eks_0.6.5/k8s_1.29/jammy-22.04-amd64-server/nvidia-560.35.05/kvm-support-ccf4"`
`58`	`58`	`}`
`59`	`59`
`60`	`60`	`source "amazon-ebs" "ubuntu-eks" {`
`@@ -116,6 +116,11 @@ build {`
`116`	`116`	`"sudo dasel put string --parser toml --file /etc/crio/crio.conf --selector 'crio.runtime.allowed_devices.[]' --multiple /dev/kvm",`
`117`	`117`
`118`	`118`	`"sudo systemctl restart crio"`
	`119`	`+`
	`120`	`+ # configure /dev/kvm perms to allow containers to r/w to it`
	`121`	`+ "echo 'KERNEL==\"kvm\", MODE=\"0666\"' \| sudo tee /etc/udev/rules.d/99-kvm-permissions.rules > /dev/null",`
	`122`	`+ "sudo udevadm control --reload-rules",`
	`123`	`+ "sudo udevadm trigger"`
`119`	`124`	`]`
`120`	`125`	`}`
`121`	`126`	`}`
Original file line number	Diff line number	Diff line change
`@@ -536,7 +536,12 @@ build {`
`536`	`536`
`537`	`537`	`"sudo dasel put string --parser toml --file /etc/crio/crio.conf --selector 'crio.runtime.allowed_devices.[]' --multiple /dev/kvm",`
`538`	`538`
`539`		`- "sudo systemctl restart crio"`
	`539`	`+ "sudo systemctl restart crio",`
	`540`	`+`
	`541`	`+ # configure /dev/kvm perms to allow containers to r/w to it`
	`542`	`+ "echo 'KERNEL==\"kvm\", MODE=\"0666\"' \| sudo tee /etc/udev/rules.d/99-kvm-permissions.rules > /dev/null",`
	`543`	`+ "sudo udevadm control --reload-rules",`
	`544`	`+ "sudo udevadm trigger"`
`540`	`545`	`]`
`541`	`546`	`}`
`542`	`547`	`}`