github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-07-06 12:06:49 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #781 from jcvenegas/urandom-source

Browse Source 
vc: qemu: Add config option to choose entropy source.
This commit is contained in:
Peng Tao 2018-09-26 09:43:28 +08:00 committed by GitHub
commit 304ec7e231
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
10 changed files with 42 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
Makefile
View File

@ -136,6 +136,8 @@ DEFMEMSLOTS := 10
DEFBRIDGES := 1 DEFBRIDGES := 1
#Default network model #Default network model
DEFNETWORKMODEL := macvtap DEFNETWORKMODEL := macvtap
#Default entropy source
DEFENTROPYSOURCE := /dev/urandom
DEFDISABLEBLOCK := false DEFDISABLEBLOCK := false
DEFBLOCKSTORAGEDRIVER := virtio-scsi DEFBLOCKSTORAGEDRIVER := virtio-scsi
@ -222,6 +224,8 @@ USER_VARS += DEFENABLEDEBUG
USER_VARS += DEFDISABLENESTINGCHECKS USER_VARS += DEFDISABLENESTINGCHECKS
USER_VARS += DEFMSIZE9P USER_VARS += DEFMSIZE9P
USER_VARS += DEFHOTPLUGVFIOONROOTBUS USER_VARS += DEFHOTPLUGVFIOONROOTBUS
USER_VARS += DEFENTROPYSOURCE
V = @ V = @
Q = $(V:1=) Q = $(V:1=)
@ -323,6 +327,7 @@ const defaultEnableDebug bool = $(DEFENABLEDEBUG)
const defaultDisableNestingChecks bool = $(DEFDISABLENESTINGCHECKS) const defaultDisableNestingChecks bool = $(DEFDISABLENESTINGCHECKS)
const defaultMsize9p uint32 = $(DEFMSIZE9P) const defaultMsize9p uint32 = $(DEFMSIZE9P)
const defaultHotplugVFIOOnRootBus bool = $(DEFHOTPLUGVFIOONROOTBUS) const defaultHotplugVFIOOnRootBus bool = $(DEFHOTPLUGVFIOONROOTBUS)
const defaultEntropySource = "$(DEFENTROPYSOURCE)"
// Default config file used by stateless systems. // Default config file used by stateless systems.
var defaultRuntimeConfiguration = "$(CONFIG_PATH)" var defaultRuntimeConfiguration = "$(CONFIG_PATH)"
@ -413,6 +418,7 @@ $(GENERATED_FILES): %: %.in Makefile VERSION
-e "s|@DEFDISABLENESTINGCHECKS@|$(DEFDISABLENESTINGCHECKS)|g" \ -e "s|@DEFDISABLENESTINGCHECKS@|$(DEFDISABLENESTINGCHECKS)|g" \
-e "s|@DEFMSIZE9P@|$(DEFMSIZE9P)|g" \ -e "s|@DEFMSIZE9P@|$(DEFMSIZE9P)|g" \
-e "s|@DEFHOTPLUGONROOTBUS@|$(DEFHOTPLUGVFIOONROOTBUS)|g" \ -e "s|@DEFHOTPLUGONROOTBUS@|$(DEFHOTPLUGVFIOONROOTBUS)|g" \
-e "s|@DEFENTROPYSOURCE@|$(DEFENTROPYSOURCE)|g" \
$< > $@ $< > $@
generate-config: $(CONFIG) generate-config: $(CONFIG)

10
cli/config.go
View File

@ -81,6 +81,7 @@ type hypervisor struct {
KernelParams string `toml:"kernel_params"` KernelParams string `toml:"kernel_params"`
MachineType string `toml:"machine_type"` MachineType string `toml:"machine_type"`
BlockDeviceDriver string `toml:"block_device_driver"` BlockDeviceDriver string `toml:"block_device_driver"`
EntropySource string `toml:"entropy_source"`
NumVCPUs int32 `toml:"default_vcpus"` NumVCPUs int32 `toml:"default_vcpus"`
DefaultMaxVCPUs uint32 `toml:"default_maxvcpus"` DefaultMaxVCPUs uint32 `toml:"default_maxvcpus"`
MemorySize uint32 `toml:"default_memory"` MemorySize uint32 `toml:"default_memory"`
@ -208,6 +209,14 @@ func (h hypervisor) machineType() string {
return h.MachineType return h.MachineType
} }
func (h hypervisor) GetEntropySource() string {
if h.EntropySource == "" {
return defaultEntropySource
}
return h.EntropySource
}
func (h hypervisor) defaultVCPUs() uint32 { func (h hypervisor) defaultVCPUs() uint32 {
numCPUs := goruntime.NumCPU() numCPUs := goruntime.NumCPU()
@ -403,6 +412,7 @@ func newQemuHypervisorConfig(h hypervisor) (vc.HypervisorConfig, error) {
DefaultMaxVCPUs: h.defaultMaxVCPUs(), DefaultMaxVCPUs: h.defaultMaxVCPUs(),
MemorySize: h.defaultMemSz(), MemorySize: h.defaultMemSz(),
MemSlots: h.defaultMemSlots(), MemSlots: h.defaultMemSlots(),
EntropySource: h.GetEntropySource(),
DefaultBridges: h.defaultBridges(), DefaultBridges: h.defaultBridges(),
DisableBlockDeviceUse: h.DisableBlockDeviceUse, DisableBlockDeviceUse: h.DisableBlockDeviceUse,
MemPrealloc: h.MemPrealloc, MemPrealloc: h.MemPrealloc,

11
cli/config/configuration.toml.in
View File

@ -155,6 +155,17 @@ enable_iothreads = @DEFENABLEIOTHREADS@
# If host doesn't support vhost_net, set to true. Thus we won't create vhost fds for nics. # If host doesn't support vhost_net, set to true. Thus we won't create vhost fds for nics.
# Default false # Default false
#disable_vhost_net = true #disable_vhost_net = true
#
# Default entropy source.
# The path to a host source of entropy (including a real hardware RNG)
# /dev/urandom and /dev/random are two main options.
# Be aware that /dev/random is a blocking source of entropy. If the host
# runs out of entropy, the VMs boot time will increase leading to get startup
# timeouts.
# The source of entropy /dev/urandom is non-blocking and provides a
# generally acceptable source of entropy. It should work well for pretty much
# all practical purposes.
#entropy_source= "@DEFENTROPYSOURCE@"
[factory] [factory]
# VM templating support. Once enabled, new VMs are created from template # VM templating support. Once enabled, new VMs are created from template

1
cli/config_test.go
View File

@ -160,6 +160,7 @@ func createAllRuntimeConfigFiles(dir, hypervisor string) (config testRuntimeConf
HotplugVFIOOnRootBus: hotplugVFIOOnRootBus, HotplugVFIOOnRootBus: hotplugVFIOOnRootBus,
Msize9p: defaultMsize9p, Msize9p: defaultMsize9p,
MemSlots: defaultMemSlots, MemSlots: defaultMemSlots,
EntropySource: defaultEntropySource,
} }
agentConfig := vc.KataAgentConfig{} agentConfig := vc.KataAgentConfig{}

4
cli/kata-env.go
View File

@ -25,7 +25,7 @@ import (
// //
// XXX: Increment for every change to the output format // XXX: Increment for every change to the output format
// (meaning any change to the EnvInfo type). // (meaning any change to the EnvInfo type).
const formatVersion = "1.0.17" const formatVersion = "1.0.18"
// MetaInfo stores information on the format of the output itself // MetaInfo stores information on the format of the output itself
type MetaInfo struct { type MetaInfo struct {
@ -81,6 +81,7 @@ type HypervisorInfo struct {
Version string Version string
Path string Path string
BlockDeviceDriver string BlockDeviceDriver string
EntropySource string
Msize9p uint32 Msize9p uint32
MemorySlots uint32 MemorySlots uint32
Debug bool Debug bool
@ -319,6 +320,7 @@ func getHypervisorInfo(config oci.RuntimeConfig) HypervisorInfo {
Msize9p: config.HypervisorConfig.Msize9p, Msize9p: config.HypervisorConfig.Msize9p,
UseVSock: config.HypervisorConfig.UseVSock, UseVSock: config.HypervisorConfig.UseVSock,
MemorySlots: config.HypervisorConfig.MemSlots, MemorySlots: config.HypervisorConfig.MemSlots,
EntropySource: config.HypervisorConfig.EntropySource,
} }
} }

1
cli/kata-env_test.go
View File

@ -264,6 +264,7 @@ func getExpectedHypervisor(config oci.RuntimeConfig) HypervisorInfo {
Msize9p: config.HypervisorConfig.Msize9p, Msize9p: config.HypervisorConfig.Msize9p,
MemorySlots: config.HypervisorConfig.MemSlots, MemorySlots: config.HypervisorConfig.MemSlots,
Debug: config.HypervisorConfig.Debug, Debug: config.HypervisorConfig.Debug,
EntropySource: config.HypervisorConfig.EntropySource,
} }
} }

2
virtcontainers/device/config/config.go
View File

@ -142,6 +142,8 @@ type VFIODev struct {
type RNGDev struct { type RNGDev struct {
// ID is used to identify the device in the hypervisor options. // ID is used to identify the device in the hypervisor options.
ID string ID string
// Filename is the file to use as entropy source.
Filename string
} }
// VhostUserDeviceAttrs represents data shared by most vhost-user devices // VhostUserDeviceAttrs represents data shared by most vhost-user devices

4
virtcontainers/hypervisor.go
View File

@ -196,6 +196,10 @@ type HypervisorConfig struct {
// BootFromTemplate is true. // BootFromTemplate is true.
DevicesStatePath string DevicesStatePath string
// EntropySource is the path to a host source of
// entropy (/dev/random, /dev/urandom or real hardware RNG device)
EntropySource string
// customAssets is a map of assets. // customAssets is a map of assets.
// Each value in that map takes precedence over the configured assets. // Each value in that map takes precedence over the configured assets.
// For example, if there is a value for the "kernel" key in this map, // For example, if there is a value for the "kernel" key in this map,

3
virtcontainers/qemu.go
View File

@ -496,7 +496,8 @@ func (q *qemu) createSandbox() error {
} }
// Add RNG device to hypervisor // Add RNG device to hypervisor
rngDev := config.RNGDev{ rngDev := config.RNGDev{
ID: rngID, ID: rngID,
Filename: q.config.EntropySource,
} }
qemuConfig.Devices = q.arch.appendRNGDevice(qemuConfig.Devices, rngDev) qemuConfig.Devices = q.arch.appendRNGDevice(qemuConfig.Devices, rngDev)

3
virtcontainers/qemu_arch_base.go
View File

@ -525,7 +525,8 @@ func (q *qemuArchBase) appendVFIODevice(devices []govmmQemu.Device, vfioDev conf
func (q *qemuArchBase) appendRNGDevice(devices []govmmQemu.Device, rngDev config.RNGDev) []govmmQemu.Device { func (q *qemuArchBase) appendRNGDevice(devices []govmmQemu.Device, rngDev config.RNGDev) []govmmQemu.Device {
devices = append(devices, devices = append(devices,
govmmQemu.RngDevice{ govmmQemu.RngDevice{
ID: rngDev.ID, ID: rngDev.ID,
Filename: rngDev.Filename,
}, },
) )