-
Notifications
You must be signed in to change notification settings - Fork 56
Building OPA
The instructions specify the steps to build OPA version 1.3.0 on Linux on IBM Z for following distributions:
- RHEL (8.8, 8.10, 9.2, 9.4, 9.5)
- SLES 15 SP6
- Ubuntu (22.04, 24.04, 24.10)
General Notes:
- When following the steps below please use a standard permission user unless otherwise specified.
- A directory
/<source_root>/will be referred to in these instructions, this is a temporary writable directory anywhere you'd like to place it.
Ensure that Docker-CE is installed.
Ensure the current user belongs to group docker.
Use the below command to add group docker if it does not exist:
sudo groupadd dockerUse the below command to add current user to group docker if it has not been done:
sudo usermod -aG docker $USER && newgrp dockerIf you want to build OPA using manual steps, go to STEP 3.
Use the following commands to build OPA using the build script. Please make sure you have wget installed.
wget https://raw.githubusercontent.com/linux-on-ibm-z/scripts/master/OPA/1.3.0/build_opa.sh
# Build OPA
bash build_opa.sh [Provide -t option for executing build with tests]If the build and tests complete successfully, go to STEP 6. In case of error, check logs at <source_root>/logs/ for more details or go to STEP 3 to follow manual build steps.
export SOURCE_ROOT=/<source_root>/
export PATCH_URL="https://raw.githubusercontent.com/linux-on-ibm-z/scripts/master/OPA/1.3.0/patch"-
RHEL (8.8, 8.10, 9.2, 9.4, 9.5)
sudo yum install -y gcc git make python3 python3-pip tar wget xz
-
SLES 15 SP6
sudo zypper refresh sudo zypper install -y gcc git make python3 python3-pip tar wget awk hostname
-
Ubuntu (22.04, 24.04, 24.10)
sudo apt-get update sudo apt-get install -y gcc git make python3 python3-pip tar wget
cd $SOURCE_ROOT
GO_VERSION=1.24.0
wget -q https://storage.googleapis.com/golang/go"${GO_VERSION}".linux-s390x.tar.gz
chmod ugo+r go"${GO_VERSION}".linux-s390x.tar.gz
sudo tar -C /usr/local -xzf go"${GO_VERSION}".linux-s390x.tar.gz
sudo ln -sf /usr/bin/gcc /usr/bin/s390x-linux-gnu-gcc # Rhel and Sles only
export PATH=$PATH:/usr/local/go/bin
go versioncd $SOURCE_ROOT
mkdir golang-wasmtime && cd golang-wasmtime
wget https://github.com/bytecodealliance/wasmtime/releases/download/v3.0.1/wasmtime-v3.0.1-s390x-linux-c-api.tar.xz
tar xf wasmtime-v3.0.1-s390x-linux-c-api.tar.xz
sudo cp wasmtime-v3.0.1-s390x-linux-c-api/lib/libwasmtime.a /usr/libcd $SOURCE_ROOT
export GOLANGCI_VERSION=v1.64.5
git clone -b $GOLANGCI_VERSION https://github.com/golangci/golangci-lint.git
cd golangci-lint/
./install.sh $GOLANGCI_VERSION
cd bin
docker build -t golangci/golangci-lint:v1.64.5 -f ../build/buildx.Dockerfile .cd $SOURCE_ROOT
git clone --depth 1 -b v1.3.0 https://github.com/open-policy-agent/opa.git
cd opa
curl -sSL $PATCH_URL/opa.diff | git apply -
make buildNote: In case of errors encountered while cloning the OPA repository, you might try increasing the POST buffer size:
git config --global http.postBuffer 1048576000
git config --global https.postBuffer 1048576000cd $SOURCE_ROOT/opa
make image-s390x # For RHEL (8.x, 9.2, 9.4), SLES 15 SP6 and Ubuntu 22.04
make image-s390x-static # For RHEL 9.5 and Ubuntu (24.04, 24.10) due to glibc dependencyNote: Docker image uses the built OPA binary which internally depends on glibc library. Hence its possible that you could get this error /opa: /lib/s390x-linux-gnu/libm.so.6: version 'GLIBC_2.XX' not found (required by /opa) as glibc installed on base image gcr.io/distroless/cc could be of a lesser version that the environment in which the binary was built. If that is the case, you can use image-s390x-static which disables cgo and wasm, removing such dependencies from docker image. This is the reason we have used image-s390x-static for RHEL 9.5 and Ubuntu (24.04, 24.10).
cd $SOURCE_ROOT/opa
make testcd $SOURCE_ROOT/opa
make perfcd $SOURCE_ROOT/opa
make checkcd $SOURCE_ROOT/opa
makecd $SOURCE_ROOT/opa
./opa_linux_s390x runPlease refer to Running OPA for more information
The information provided in this article is accurate at the time of writing, but on-going development in the open-source projects involved may make the information incorrect or obsolete. Please open issue or contact us on IBM Z Community if you have any questions or feedback.