github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-06-26 15:32:30 +00:00
Code Issues Projects Releases Wiki Activity

agent: fix startup when guest_components_procs is set to none

Browse Source 
This PR ensures that OCICRYPT_CONFIG_PATH file is initialized only
when CDH socket exists. This prevents startup error if attestation
binaries are not installed in PodVM.

Fixes: https://github.com/kata-containers/kata-containers/issues/10568

Signed-off-by: Silenio Quarti <silenio_quarti@ca.ibm.com>
This commit is contained in:
Silenio Quarti 2024-11-26 09:57:04 -05:00
parent 8763a9bc90
commit 1230bc77f2
1 changed files with 3 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/agent/src/main.rs
View File

@ -519,14 +519,13 @@ async fn launch_guest_component_procs(logger: &Logger, config: &AgentConfig) ->
async fn init_attestation_components(logger: &Logger, config: &AgentConfig) -> Result<()> { async fn init_attestation_components(logger: &Logger, config: &AgentConfig) -> Result<()> {
launch_guest_component_procs(logger, config).await?; launch_guest_component_procs(logger, config).await?;
fs::write(OCICRYPT_CONFIG_PATH, OCICRYPT_CONFIG.as_bytes())?; // If a CDH socket exists, initialize the CDH client and enable ocicrypt
env::set_var("OCICRYPT_KEYPROVIDER_CONFIG", OCICRYPT_CONFIG_PATH);
// If a CDH socket exists, initialize the CDH client
match tokio::fs::metadata(CDH_SOCKET).await { match tokio::fs::metadata(CDH_SOCKET).await {
Ok(md) => { Ok(md) => {
if md.file_type().is_socket() { if md.file_type().is_socket() {
cdh::init_cdh_client(CDH_SOCKET_URI).await?; cdh::init_cdh_client(CDH_SOCKET_URI).await?;
fs::write(OCICRYPT_CONFIG_PATH, OCICRYPT_CONFIG.as_bytes())?;
env::set_var("OCICRYPT_KEYPROVIDER_CONFIG", OCICRYPT_CONFIG_PATH);
} else { } else {
debug!(logger, "File {} is not a socket", CDH_SOCKET); debug!(logger, "File {} is not a socket", CDH_SOCKET);
} }