From 43299bcca6e93b66118030b0726dcbba5f50a99d Mon Sep 17 00:00:00 2001 From: Archana Shinde Date: Fri, 20 Oct 2023 18:13:14 -0700 Subject: [PATCH] kata-manager: Add clh config to containerd config file kata-manager currently adds default config which currently is qemu. Add config for clh as well to containerd configuration. This should allow new users to get started with clh using kata-manager. Also add config related to enabling privileged_without_host_devices. Always good to have this config enabled when users try to run privileged containers so that devices from host are not inadverdantly passed to the guest. Fixes: #8280 Signed-off-by: Archana Shinde (cherry picked from commit d3250dff34f83d2412994436d2c111bc83e6e51d) --- utils/kata-manager.sh | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/utils/kata-manager.sh b/utils/kata-manager.sh index 249a510fa3..43bc89aeb1 100755 --- a/utils/kata-manager.sh +++ b/utils/kata-manager.sh @@ -34,6 +34,12 @@ readonly kata_install_dir="${kata_install_dir:-/opt/kata}" readonly kata_runtime_name="kata" readonly kata_runtime_type="io.containerd.${kata_runtime_name}.v2" readonly kata_shim_v2="containerd-shim-${kata_runtime_name}-v2" +readonly kata_configuration="configuration" + +readonly kata_clh_runtime_name="kata-clh" +readonly kata_clh_runtime_type="io.containerd.${kata_clh_runtime_name}.v2" +readonly kata_clh_shim_v2="containerd-shim-${kata_clh_runtime_name}-v2" +readonly kata_clh_configuration="configuration-clh" # Systemd unit name for containerd daemon readonly containerd_service_name="containerd.service" @@ -477,6 +483,14 @@ configure_containerd() [plugins."io.containerd.grpc.v1.cri".containerd.runtimes] [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.${kata_runtime_name}] runtime_type = "${kata_runtime_type}" + privileged_without_host_devices = true + [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.${kata_runtime_name}.options] + ConfigPath = "/opt/kata/share/defaults/kata-containers/${kata_configuration}.toml" + [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.${kata_clh_runtime_name}] + runtime_type = "${kata_clh_runtime_type}" + privileged_without_host_devices = true + [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.${kata_clh_runtime_name}.options] + ConfigPath = "/opt/kata/share/defaults/kata-containers/${kata_clh_configuration}.toml" EOF modified="true"