github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-07-17 17:02:42 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #5134 from Megan-Wright/CCv0

Browse Source 
CCv0: Merge main into CCv0 branch
This commit is contained in:
Fabiano Fidêncio 2022-09-08 19:35:45 +02:00 committed by GitHub
commit 55c8c7226d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
57 changed files with 1011 additions and 244 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
.github/cargo-deny-composite-action/cargo-deny-generator.sh vendored Normal file
View File

@ -0,0 +1,40 @@
#!/bin/bash
#
# Copyright (c) 2022 Red Hat
#
# SPDX-License-Identifier: Apache-2.0
#
script_dir=$(dirname "$(readlink -f "$0")")
parent_dir=$(realpath "${script_dir}/../..")
cidir="${parent_dir}/ci"
source "${cidir}/lib.sh"
cargo_deny_file="${script_dir}/action.yaml"
cat cargo-deny-skeleton.yaml.in > "${cargo_deny_file}"
changed_files_status=$(run_get_pr_changed_file_details)
changed_files_status=$(echo "$changed_files_status" | grep "Cargo\.toml$" || true)
changed_files=$(echo "$changed_files_status" | awk '{print $NF}' || true)
if [ -z "$changed_files" ]; then
cat >> "${cargo_deny_file}" << EOF
- run: echo "No Cargo.toml files to check"
shell: bash
EOF
fi
for path in $changed_files
do
cat >> "${cargo_deny_file}" << EOF
- name: ${path}
continue-on-error: true
shell: bash
run: |
pushd $(dirname ${path})
cargo deny check
popd
EOF
done

30
.github/cargo-deny-composite-action/cargo-deny-skeleton.yaml.in vendored Normal file
View File

@ -0,0 +1,30 @@
#
# Copyright (c) 2022 Red Hat
#
# SPDX-License-Identifier: Apache-2.0
#
name: 'Cargo Crates Check'
description: 'Checks every Cargo.toml file using cargo-deny'
env:
CARGO_TERM_COLOR: always
runs:
using: "composite"
steps:
- name: Install Rust
uses: actions-rs/toolchain@v1
with:
profile: minimal
toolchain: nightly
override: true
- name: Cache
uses: Swatinem/rust-cache@v2
- name: Install Cargo deny
shell: bash
run: |
which cargo
cargo install --locked cargo-deny || true

19
.github/workflows/cargo-deny-runner.yaml vendored Normal file
View File

@ -0,0 +1,19 @@
name: Cargo Crates Check Runner
on: [pull_request]
jobs:
cargo-deny-runner:
runs-on: ubuntu-latest
steps:
- name: Checkout Code
if: ${{ !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') }}
uses: actions/checkout@v3
- name: Generate Action
if: ${{ !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') }}
run: bash cargo-deny-generator.sh
working-directory: ./.github/cargo-deny-composite-action/
env:
GOPATH: ${{ runner.workspace }}/kata-containers
- name: Run Action
if: ${{ !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') }}
uses: ./.github/cargo-deny-composite-action

2
VERSION
View File

@ -1 +1 @@
3.0.0-alpha0
3.0.0-alpha1

10
ci/lib.sh
View File

@ -54,3 +54,13 @@ run_docs_url_alive_check()
git fetch -a
bash "$tests_repo_dir/.ci/static-checks.sh" --docs --all "github.com/kata-containers/kata-containers"
}
run_get_pr_changed_file_details()
{
clone_tests_repo
# Make sure we have the targeting branch
git remote set-branches --add origin "${branch}"
git fetch -a
source "$tests_repo_dir/.ci/lib.sh"
get_pr_changed_file_details
}

33
deny.toml Normal file
View File

@ -0,0 +1,33 @@
targets = [
{ triple = "x86_64-apple-darwin" },
{ triple = "x86_64-unknown-linux-gnu" },
{ triple = "x86_64-unknown-linux-musl" },
]
[advisories]
vulnerability = "deny"
unsound = "deny"
unmaintained = "deny"
ignore = ["RUSTSEC-2020-0071"]
[bans]
multiple-versions = "allow"
deny = [
{ name = "cmake" },
{ name = "openssl-sys" },
]
[licenses]
unlicensed = "deny"
allow-osi-fsf-free = "neither"
copyleft = "allow"
# We want really high confidence when inferring licenses from text
confidence-threshold = 0.93
allow = ["0BSD", "Apache-2.0", "BSD-2-Clause", "BSD-3-Clause", "CC0-1.0", "ISC", "MIT", "MPL-2.0"]
private = { ignore = true}
exceptions = []
[sources]
unknown-registry = "allow"
unknown-git = "allow"

2
docs/Developer-Guide.md
View File

@ -522,7 +522,7 @@ bash-4.2# exit
exit
```
`kata-runtime exec` has a command-line option `runtime-namespace`, which is used to specify under which [runtime namespace](https://github.com/containerd/containerd/blob/master/docs/namespaces.md) the particular pod was created. By default, it is set to `k8s.io` and works for containerd when configured
`kata-runtime exec` has a command-line option `runtime-namespace`, which is used to specify under which [runtime namespace](https://github.com/containerd/containerd/blob/main/docs/namespaces.md) the particular pod was created. By default, it is set to `k8s.io` and works for containerd when configured
with Kubernetes. For CRI-O, the namespace should set to `default` explicitly. This should not be confused with [Kubernetes namespaces](https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/).
For other CRI-runtimes and configurations, you may need to set the namespace utilizing the `runtime-namespace` option.

2
docs/Unit-Test-Advice.md
View File

@ -341,7 +341,7 @@ The main repository has the most comprehensive set of skip abilities. See:
One method is to use the `nix` crate along with some custom macros:
```
```rust
#[cfg(test)]
mod tests {
#[allow(unused_macros)]

233
src/agent/Cargo.lock generated
View File

@ -96,18 +96,18 @@ dependencies = [
[[package]]
name = "aho-corasick"
version = "0.7.18"
version = "0.7.19"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1e37cfd5e7657ada45f742d6e99ca5788580b5c529dc78faf11ece6dc702656f"
checksum = "b4f55bd91a0978cbfd91c457a164bab8b4001c833b7f323132c0a4e1922dd44e"
dependencies = [
"memchr",
]
[[package]]
name = "android_system_properties"
version = "0.1.4"
version = "0.1.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d7ed72e1635e121ca3e79420540282af22da58be50de153d36f81ddc6b83aa9e"
checksum = "819e7219dbd41043ac279b19830f2efc897156490d7fd6ea916720117ee66311"
dependencies = [
"libc",
]
@ -123,9 +123,9 @@ dependencies = [
[[package]]
name = "anyhow"
version = "1.0.62"
version = "1.0.64"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1485d4d2cc45e7b201ee3767015c96faa5904387c9d87c6efdd0fb511f12d305"
checksum = "b9a8f622bcf6ff3df478e9deba3e03e4e04b300f8e6a139e192c05fa3490afc7"
[[package]]
name = "arc-swap"
@ -323,9 +323,9 @@ dependencies = [
[[package]]
name = "block-buffer"
version = "0.10.2"
version = "0.10.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0bf7fe51849ea569fd452f37822f606a5cabb684dc918707a0193fd4664ff324"
checksum = "69cce20737498f97b993470a6e536b8523f0af7892a4f928cceb1ac5e52ebe7e"
dependencies = [
"generic-array",
]
@ -370,9 +370,9 @@ dependencies = [
[[package]]
name = "bumpalo"
version = "3.10.0"
version = "3.11.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "37ccbd214614c6783386c1af30caf03192f17891059cecc394b4fb119e363de3"
checksum = "c1ad822118d20d2c234f427000d5acc36eabe1e29a348c89b63dd60b13f28e5d"
[[package]]
name = "byte-unit"
@ -533,9 +533,9 @@ dependencies = [
[[package]]
name = "clap"
version = "3.2.17"
version = "3.2.20"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "29e724a68d9319343bb3328c9cc2dfde263f4b3142ee1059a9980580171c954b"
checksum = "23b71c3ce99b7611011217b366d923f1d0a7e07a92bb2dbf1e84508c673ca3bd"
dependencies = [
"atty",
"bitflags",
@ -550,9 +550,9 @@ dependencies = [
[[package]]
name = "clap_derive"
version = "3.2.17"
version = "3.2.18"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "13547f7012c01ab4a0e8f8967730ada8f9fdf419e8b6c792788f39cf4e46eefa"
checksum = "ea0c8bce528c4be4da13ea6fead8965e95b6073585a2f05204bd8f4119f82a65"
dependencies = [
"heck 0.4.0",
"proc-macro-error",
@ -610,9 +610,9 @@ checksum = "5827cebf4670468b8772dd191856768aedcb1b0278a04f989f7766351917b9dc"
[[package]]
name = "cpufeatures"
version = "0.2.2"
version = "0.2.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "59a6001667ab124aebae2a495118e11d30984c3a653e99d86d58971708cf5e4b"
checksum = "28d997bd5e24a5928dd43e46dc529867e207907fe0b239c3477d924f7f2ca320"
dependencies = [
"libc",
]
@ -876,7 +876,7 @@ version = "0.10.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f2fb860ca6fafa5552fb6d0e816a69c8e49f0908bf524e30a90d97c85892d506"
dependencies = [
"block-buffer 0.10.2",
"block-buffer 0.10.3",
"crypto-common",
"subtle",
]
@ -957,9 +957,9 @@ dependencies = [
[[package]]
name = "either"
version = "1.7.0"
version = "1.8.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "3f107b87b6afc2a64fd13cac55fe06d6c8859f12d4b14cbcdd2c67d0976781be"
checksum = "90e5c1c8368803113bf0c9584fc495a58b86dc8a29edbf8fe877d21d9507e797"
[[package]]
name = "elliptic-curve"
@ -1099,9 +1099,9 @@ checksum = "fed34cd105917e91daa4da6b3728c47b068749d6a62c59811f06ed2ac71d9da7"
[[package]]
name = "futures"
version = "0.3.23"
version = "0.3.24"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ab30e97ab6aacfe635fad58f22c2bb06c8b685f7421eb1e064a729e2a5f481fa"
checksum = "7f21eda599937fba36daeb58a22e8f5cee2d14c4a17b5b7739c7c8e5e3b8230c"
dependencies = [
"futures-channel",
"futures-core",
@ -1114,9 +1114,9 @@ dependencies = [
[[package]]
name = "futures-channel"
version = "0.3.23"
version = "0.3.24"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "2bfc52cbddcfd745bf1740338492bb0bd83d76c67b445f91c5fb29fae29ecaa1"
checksum = "30bdd20c28fadd505d0fd6712cdfcb0d4b5648baf45faef7f852afb2399bb050"
dependencies = [
"futures-core",
"futures-sink",
@ -1124,15 +1124,15 @@ dependencies = [
[[package]]
name = "futures-core"
version = "0.3.23"
version = "0.3.24"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d2acedae88d38235936c3922476b10fced7b2b68136f5e3c03c2d5be348a1115"
checksum = "4e5aa3de05362c3fb88de6531e6296e85cde7739cccad4b9dfeeb7f6ebce56bf"
[[package]]
name = "futures-executor"
version = "0.3.23"
version = "0.3.24"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1d11aa21b5b587a64682c0094c2bdd4df0076c5324961a40cc3abd7f37930528"
checksum = "9ff63c23854bee61b6e9cd331d523909f238fc7636290b96826e9cfa5faa00ab"
dependencies = [
"futures-core",
"futures-task",
@ -1141,15 +1141,15 @@ dependencies = [
[[package]]
name = "futures-io"
version = "0.3.23"
version = "0.3.24"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "93a66fc6d035a26a3ae255a6d2bca35eda63ae4c5512bef54449113f7a1228e5"
checksum = "bbf4d2a7a308fd4578637c0b17c7e1c7ba127b8f6ba00b29f717e9655d85eb68"
[[package]]
name = "futures-macro"
version = "0.3.23"
version = "0.3.24"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0db9cce532b0eae2ccf2766ab246f114b56b9cf6d445e00c2549fbc100ca045d"
checksum = "42cd15d1c7456c04dbdf7e88bcd69760d74f3a798d6444e16974b505b0e62f17"
dependencies = [
"proc-macro2",
"quote",
@ -1158,21 +1158,21 @@ dependencies = [
[[package]]
name = "futures-sink"
version = "0.3.23"
version = "0.3.24"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ca0bae1fe9752cf7fd9b0064c674ae63f97b37bc714d745cbde0afb7ec4e6765"
checksum = "21b20ba5a92e727ba30e72834706623d94ac93a725410b6a6b6fbc1b07f7ba56"
[[package]]
name = "futures-task"
version = "0.3.23"
version = "0.3.24"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "842fc63b931f4056a24d59de13fb1272134ce261816e063e634ad0c15cdc5306"
checksum = "a6508c467c73851293f390476d4491cf4d227dbabcd4170f3bb6044959b294f1"
[[package]]
name = "futures-util"
version = "0.3.23"
version = "0.3.24"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f0828a5471e340229c11c77ca80017937ce3c58cb788a17e5f1c2d5c485a9577"
checksum = "44fb6cb1be61cc1d2e43b262516aafcf63b241cffdb1d3fa115f91d9c7b09c90"
dependencies = [
"futures-channel",
"futures-core",
@ -1378,9 +1378,9 @@ checksum = "0bfe8eed0a9285ef776bb792479ea3834e8b94e13d615c2f66d03dd50a435a29"
[[package]]
name = "httparse"
version = "1.7.1"
version = "1.8.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "496ce29bb5a52785b44e0f7ca2847ae0bb839c9bd28f69acac9b99d461c0c04c"
checksum = "d897f394bad6a705d5f4104762e116a75639e470d80901eed05a860a95cb1904"
[[package]]
name = "httpdate"
@ -1455,13 +1455,14 @@ dependencies = [
[[package]]
name = "iana-time-zone"
version = "0.1.45"
version = "0.1.47"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ef5528d9c2817db4e10cc78f8d4c8228906e5854f389ff6b076cee3572a09d35"
checksum = "4c495f162af0bf17656d0014a0eded5f3cd2f365fdd204548c2869db89359dc7"
dependencies = [
"android_system_properties",
"core-foundation-sys",
"js-sys",
"once_cell",
"wasm-bindgen",
"winapi",
]
@ -1521,7 +1522,7 @@ dependencies = [
"prost 0.8.0",
"serde",
"serde_json",
"sha2 0.10.2",
"sha2 0.10.5",
"shadow-rs",
"signature 0.1.0",
"strum",
@ -1645,7 +1646,7 @@ dependencies = [
"serde",
"serde_json",
"thiserror",
"time 0.3.13",
"time 0.3.14",
]
[[package]]
@ -1691,8 +1692,8 @@ dependencies = [
"libc",
"log",
"logging",
"netlink-packet-utils 0.4.1",
"netlink-sys 0.7.0",
"netlink-packet-utils",
"netlink-sys",
"nix 0.24.2",
"oci",
"openssl",
@ -1872,9 +1873,9 @@ checksum = "0717cef1bc8b636c6e1c1bbdefc09e6322da8a9321966e8928ef80d20f7f770f"
[[package]]
name = "lock_api"
version = "0.4.7"
version = "0.4.8"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "327fa5b6a6940e4699ec49a9beae1ea4845c6bab9314e4f84ac68742139d8c53"
checksum = "9f80bf5aacaf25cbfc8210d1cfb718f2bf3b11c4c54e5afe36c236853a8ec390"
dependencies = [
"autocfg 1.1.0",
"scopeguard",
@ -1961,9 +1962,9 @@ checksum = "2a60c7ce501c71e03a9c9c0d35b861413ae925bd979cc7a4e30d060069aaac8d"
[[package]]
name = "miniz_oxide"
version = "0.5.3"
version = "0.5.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6f5c75688da582b8ffc1f1799e9db273f32133c49e048f614d22ec3256773ccc"
checksum = "96590ba8f175222643a85693f33d26e9c8a015f599c216509b1a6894af675d34"
dependencies = [
"adler",
]
@ -2006,28 +2007,28 @@ dependencies = [
[[package]]
name = "netlink-packet-core"
version = "0.4.2"
version = "0.2.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "345b8ab5bd4e71a2986663e88c56856699d060e78e152e6e9d7966fcd5491297"
checksum = "ac48279d5062bdf175bdbcb6b58ff1d6b0ecd54b951f7a0ff4bc0550fe903ccb"
dependencies = [
"anyhow",
"byteorder",
"libc",
"netlink-packet-utils 0.5.1",
"netlink-packet-utils",
]
[[package]]
name = "netlink-packet-route"
version = "0.13.0"
version = "0.8.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f5dee5ed749373c298237fe694eb0a51887f4cc1a27370c8464bac4382348f1a"
checksum = "76aed5d3b6e3929713bf1e1334a11fd65180b6d9f5d7c8572664c48b122604f8"
dependencies = [
"anyhow",
"bitflags",
"byteorder",
"libc",
"netlink-packet-core",
"netlink-packet-utils 0.5.1",
"netlink-packet-utils",
]
[[package]]
@ -2042,31 +2043,19 @@ dependencies = [
"thiserror",
]
[[package]]
name = "netlink-packet-utils"
version = "0.5.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "25af9cf0dc55498b7bd94a1508af7a78706aa0ab715a73c5169273e03c84845e"
dependencies = [
"anyhow",
"byteorder",
"paste",
"thiserror",
]
[[package]]
name = "netlink-proto"
version = "0.10.0"
version = "0.7.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "65b4b14489ab424703c092062176d52ba55485a89c076b4f9db05092b7223aa6"
checksum = "ddd06e90449ae973fe3888c1ff85949604ef5189b4ac9a2ae39518da1e00762d"
dependencies = [
"bytes 1.1.0",
"futures",
"log",
"netlink-packet-core",
"netlink-sys 0.8.3",
"thiserror",
"netlink-sys",
"tokio",
"tokio-util 0.6.10",
]
[[package]]
@ -2081,25 +2070,25 @@ dependencies = [
"tokio",
]
[[package]]
name = "netlink-sys"
version = "0.8.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "92b654097027250401127914afb37cb1f311df6610a9891ff07a757e94199027"
dependencies = [
"bytes 1.1.0",
"futures",
"libc",
"log",
"tokio",
]
[[package]]
name = "new_debug_unreachable"
version = "1.0.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e4a24736216ec316047a1fc4252e27dabb04218aa4a3f37c6e7ddbf1f9782b54"
[[package]]
name = "nix"
version = "0.22.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e4916f159ed8e5de0082076562152a76b7a1f64a01fd9d1e0fea002c37624faf"
dependencies = [
"bitflags",
"cc",
"cfg-if 1.0.0",
"libc",
"memoffset",
]
[[package]]
name = "nix"
version = "0.23.1"
@ -2248,8 +2237,8 @@ dependencies = [
[[package]]
name = "oci-spec"
version = "0.5.7"
source = "git+https://github.com/containers/oci-spec-rs#407ef2863c893ad80b154c784f2a6547f12333a7"
version = "0.5.8"
source = "git+https://github.com/containers/oci-spec-rs#61d684933ad06649daadebd6101bef08b586d792"
dependencies = [
"derive_builder",
"getset",
@ -2278,7 +2267,7 @@ dependencies = [
"rand 0.8.5",
"serde",
"serde_json",
"sha2 0.10.2",
"sha2 0.10.5",
"tokio",
"tonic 0.8.0",
"tonic-build 0.8.0",
@ -2297,9 +2286,9 @@ dependencies = [
[[package]]
name = "once_cell"
version = "1.13.1"
version = "1.14.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "074864da206b4973b84eb91683020dbefd6a8c3f0f38e054d93954e891935e4e"
checksum = "2f7254b99e31cad77da24b08ebf628882739a608578bb1bcdfc1f9c21260d7c0"
[[package]]
name = "opaque-debug"
@ -2449,9 +2438,9 @@ dependencies = [
[[package]]
name = "paste"
version = "1.0.8"
version = "1.0.9"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9423e2b32f7a043629287a536f21951e8c6a82482d0acb1eeebfc90bc2225b22"
checksum = "b1de2e551fb905ac83f73f7aedf2f0cb4a0da7e35efa24a202a936269f1f18e1"
[[package]]
name = "path-absolutize"
@ -2598,9 +2587,9 @@ checksum = "925383efa346730478fb4838dbe9137d2a47675ad789c546d150a6e1dd4ab31c"
[[package]]
name = "prettyplease"
version = "0.1.18"
version = "0.1.19"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "697ae720ee02011f439e0701db107ffe2916d83f718342d65d7f8bf7b8a5fee9"
checksum = "a49e86d2c26a24059894a3afa13fd17d063419b05dfb83f06d9c3566060c3f5a"
dependencies = [
"proc-macro2",
"syn",
@ -3062,15 +3051,15 @@ dependencies = [
[[package]]
name = "rtnetlink"
version = "0.11.0"
version = "0.8.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "46f1cfa18f8cebe685373a2697915d7e0db3b4554918bba118385e0f71f258a7"
checksum = "7c9a6200d18ec1acfc218ce71363dcc9b6075f399220f903fdfeacd476a876ef"
dependencies = [
"futures",
"log",
"netlink-packet-route",
"netlink-proto",
"nix 0.24.2",
"nix 0.22.3",
"thiserror",
"tokio",
]
@ -3149,9 +3138,9 @@ checksum = "d29ab0c6d3fc0ee92fe66e2d99f700eab17a8d57d1c1d3b748380fb20baa78cd"
[[package]]
name = "security-framework"
version = "2.6.1"
version = "2.7.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "2dc14f172faf8a0194a3aded622712b0de276821addc574fa54fc0a1167e10dc"
checksum = "2bc1bb97804af6631813c55739f771071e0f2ed33ee20b68c86ec505d906356c"
dependencies = [
"bitflags",
"core-foundation",
@ -3224,18 +3213,18 @@ dependencies = [
[[package]]
name = "serde"
version = "1.0.143"
version = "1.0.144"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "53e8e5d5b70924f74ff5c6d64d9a5acd91422117c60f48c4e07855238a254553"
checksum = "0f747710de3dcd43b88c9168773254e809d8ddbdf9653b84e2554ab219f17860"
dependencies = [
"serde_derive",
]
[[package]]
name = "serde_derive"
version = "1.0.143"
version = "1.0.144"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d3d8e8de557aee63c26b85b947f5e59b690d0454c753f3adeb5cd7835ab88391"
checksum = "94ed3a816fb1d101812f83e789f888322c34e291f894f19590dc310963e87a00"
dependencies = [
"proc-macro2",
"quote",
@ -3244,9 +3233,9 @@ dependencies = [
[[package]]
name = "serde_json"
version = "1.0.83"
version = "1.0.85"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "38dd04e3c8279e75b31ef29dbdceebfe5ad89f4d0937213c53f7d49d01b3d5a7"
checksum = "e55a28e3aaef9d5ce0506d0a14dbba8054ddc7e499ef522dd8b26859ec9d4a44"
dependencies = [
"indexmap",
"itoa",
@ -3315,9 +3304,9 @@ dependencies = [
[[package]]
name = "sha1collisiondetection"
version = "0.2.5"
version = "0.2.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f31bf4e9fe5cd8cea8e0887e2e4eb1b4d736ff11b776c8537bf0912a4b381285"
checksum = "c66558a774ef5044cb4a834db5f5c7f95e139d2341d7f502fe6034afa7082461"
dependencies = [
"digest 0.9.0",
"generic-array",
@ -3338,9 +3327,9 @@ dependencies = [
[[package]]
name = "sha2"
version = "0.10.2"
version = "0.10.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "55deaec60f81eefe3cce0dc50bda92d6d8e88f2a27df7c5033b42afeb1ed2676"
checksum = "cf9db03534dff993187064c4e0c05a5708d2a9728ace9a8959b77bedf415dac5"
dependencies = [
"cfg-if 1.0.0",
"cpufeatures",
@ -3461,7 +3450,7 @@ dependencies = [
"serde",
"serde_json",
"slog",
"time 0.3.13",
"time 0.3.14",
]
[[package]]
@ -3494,9 +3483,9 @@ checksum = "2fd0db749597d91ff862fd1d55ea87f7855a744a8425a64695b6fca237d1dad1"
[[package]]
name = "socket2"
version = "0.4.4"
version = "0.4.7"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "66d72b759436ae32898a2af0a14218dbf55efde3feeb170eb623637db85ee1e0"
checksum = "02e2d2db9033d13a1567121ddd7a095ee144db4e1ca1b1bda3419bc0da294ebd"
dependencies = [
"libc",
"winapi",
@ -3690,18 +3679,18 @@ checksum = "b1141d4d61095b28419e22cb0bbf02755f5e54e0526f97f1e3d1d160e60885fb"
[[package]]
name = "thiserror"
version = "1.0.32"
version = "1.0.34"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f5f6586b7f764adc0231f4c79be7b920e766bb2f3e51b3661cdb263828f19994"
checksum = "8c1b05ca9d106ba7d2e31a9dab4a64e7be2cce415321966ea3132c49a656e252"
dependencies = [
"thiserror-impl",
]
[[package]]
name = "thiserror-impl"
version = "1.0.32"
version = "1.0.34"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "12bafc5b54507e0149cdf1b145a5d80ab80a90bcd9275df43d4fff68460f6c21"
checksum = "e8f2591983642de85c921015f3f070c665a197ed69e417af436115e3a1407487"
dependencies = [
"proc-macro2",
"quote",
@ -3730,9 +3719,9 @@ dependencies = [
[[package]]
name = "time"
version = "0.3.13"
version = "0.3.14"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "db76ff9fa4b1458b3c7f077f3ff9887394058460d21e634355b273aaf11eea45"
checksum = "3c3f9a28b618c3a6b9251b6908e9c99e04b9e5c02e6581ccbb67d59c34ef7f9b"
dependencies = [
"itoa",
"libc",
@ -3856,9 +3845,9 @@ dependencies = [
[[package]]
name = "tokio-vsock"
version = "0.3.2"
version = "0.3.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5523f441d845b676d78b71dc76cf3772ee80b9f55372ccbde59e930264445466"
checksum = "3d2ad075b54bbb450ae2e3770211d7954362a488fcd386085c9fbb6d787ade8b"
dependencies = [
"bytes 0.4.12",
"futures",
@ -4425,13 +4414,13 @@ dependencies = [
[[package]]
name = "which"
version = "4.2.5"
version = "4.3.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5c4fb54e6113b6a8772ee41c3404fb0301ac79604489467e0a9ce1f3e97c24ae"
checksum = "1c831fbbee9e129a8cf93e7747a82da9d95ba8e16621cae60ec2cdc849bacb7b"
dependencies = [
"either",
"lazy_static",
"libc",
"once_cell",
]
[[package]]

3
src/agent/Cargo.toml
View File

@ -3,6 +3,7 @@ name = "kata-agent"
version = "0.1.0"
authors = ["The Kata Containers community <kata-dev@lists.katacontainers.io>"]
edition = "2018"
license = "Apache-2.0"
[dependencies]
oci = { path = "../libs/oci" }
@ -35,7 +36,7 @@ tokio = { version = "1.14.0", features = ["full"] }
tokio-vsock = "0.3.1"
netlink-sys = { version = "0.7.0", features = ["tokio_socket",]}
rtnetlink = "0.11.0"
rtnetlink = "0.8.0"
netlink-packet-utils = "0.4.1"
ipnetwork = "0.17.0"

1
src/agent/rustjail/Cargo.toml
View File

@ -3,6 +3,7 @@ name = "rustjail"
version = "0.1.0"
authors = ["The Kata Containers community <kata-dev@lists.katacontainers.io>"]
edition = "2018"
license = "Apache-2.0"
[dependencies]
serde = "1.0.91"

70
src/agent/src/netlink.rs
View File

@ -4,7 +4,7 @@
//
use anyhow::{anyhow, Context, Result};
use futures::{future, TryStreamExt};
use futures::{future, StreamExt, TryStreamExt};
use ipnetwork::{IpNetwork, Ipv4Network, Ipv6Network};
use nix::errno::Errno;
use protobuf::RepeatedField;
@ -164,7 +164,7 @@ impl Handle {
let request = self.handle.link().get();
let filtered = match filter {
LinkFilter::Name(name) => request.match_name(name.to_owned()),
LinkFilter::Name(name) => request.set_name_filter(name.to_owned()),
LinkFilter::Index(index) => request.match_index(index),
_ => request, // Post filters
};
@ -516,6 +516,7 @@ impl Handle {
}
/// Adds an ARP neighbor.
/// TODO: `rtnetlink` has no neighbours API, remove this after https://github.com/little-dude/netlink/pull/135
async fn add_arp_neighbor(&mut self, neigh: &ARPNeighbor) -> Result<()> {
let ip_address = neigh
.toIPAddress
@ -527,13 +528,58 @@ impl Handle {
let ip = IpAddr::from_str(ip_address)
.map_err(|e| anyhow!("Failed to parse IP {}: {:?}", ip_address, e))?;
// Import rtnetlink objects that make sense only for this function
use packet::constants::{NDA_UNSPEC, NLM_F_ACK, NLM_F_CREATE, NLM_F_EXCL, NLM_F_REQUEST};
use packet::neighbour::{NeighbourHeader, NeighbourMessage};
use packet::nlas::neighbour::Nla;
use packet::{NetlinkMessage, NetlinkPayload, RtnlMessage};
use rtnetlink::Error;
const IFA_F_PERMANENT: u16 = 0x80; // See https://github.com/little-dude/netlink/blob/0185b2952505e271805902bf175fee6ea86c42b8/netlink-packet-route/src/rtnl/constants.rs#L770
let link = self.find_link(LinkFilter::Name(&neigh.device)).await?;
self.handle
.neighbours()
.add(link.index(), ip)
.execute()
.await?;
let message = NeighbourMessage {
header: NeighbourHeader {
family: match ip {
IpAddr::V4(_) => packet::AF_INET,
IpAddr::V6(_) => packet::AF_INET6,
} as u8,
ifindex: link.index(),
state: if neigh.state != 0 {
neigh.state as u16
} else {
IFA_F_PERMANENT
},
flags: neigh.flags as u8,
ntype: NDA_UNSPEC as u8,
},
nlas: {
let mut nlas = vec![Nla::Destination(match ip {
IpAddr::V4(v4) => v4.octets().to_vec(),
IpAddr::V6(v6) => v6.octets().to_vec(),
})];
if !neigh.lladdr.is_empty() {
nlas.push(Nla::LinkLocalAddress(
parse_mac_address(&neigh.lladdr)?.to_vec(),
));
}
nlas
},
};
// Send request and ACK
let mut req = NetlinkMessage::from(RtnlMessage::NewNeighbour(message));
req.header.flags = NLM_F_REQUEST | NLM_F_ACK | NLM_F_EXCL | NLM_F_CREATE;
let mut response = self.handle.request(req)?;
while let Some(message) = response.next().await {
if let NetlinkPayload::Error(err) = message.payload {
return Err(anyhow!(Error::NetlinkError(err)));
}
}
Ok(())
}
@ -909,7 +955,7 @@ mod tests {
.expect("prepare: failed to delete neigh");
}
fn prepare_env_for_test_add_one_arp_neighbor(dummy_name: &str, ip: &str, mac: &str) {
fn prepare_env_for_test_add_one_arp_neighbor(dummy_name: &str, ip: &str) {
clean_env_for_test_add_one_arp_neighbor(dummy_name, ip);
// modprobe dummy
Command::new("modprobe")
@ -923,12 +969,6 @@ mod tests {
.output()
.expect("failed to add dummy interface");
// ip link set dummy address 6a:92:3a:59:70:aa
Command::new("ip")
.args(&["link", "set", dummy_name, "address", mac])
.output()
.expect("failed to add dummy interface");
// ip addr add 192.168.0.2/16 dev dummy
Command::new("ip")
.args(&["addr", "add", "192.168.0.2/16", "dev", dummy_name])
@ -950,7 +990,7 @@ mod tests {
let to_ip = "169.254.1.1";
let dummy_name = "dummy_for_arp";
prepare_env_for_test_add_one_arp_neighbor(dummy_name, to_ip, mac);
prepare_env_for_test_add_one_arp_neighbor(dummy_name, to_ip);
let mut ip_address = IPAddress::new();
ip_address.set_address(to_ip.to_string());

1
src/agent/vsock-exporter/Cargo.toml
View File

@ -3,6 +3,7 @@ name = "vsock-exporter"
version = "0.1.0"
authors = ["James O. D. Hunt <james.o.hunt@intel.com>"]
edition = "2018"
license = "Apache-2.0"
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html

80
src/libs/Cargo.lock generated
View File

@ -46,6 +46,12 @@ version = "1.2.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "cf1de2fe8c75bc145a2f577add951f8134889b4795d47466a54a5c846d691693"
[[package]]
name = "bumpalo"
version = "3.11.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c1ad822118d20d2c234f427000d5acc36eabe1e29a348c89b63dd60b13f28e5d"
[[package]]
name = "byte-unit"
version = "3.1.4"
@ -100,14 +106,15 @@ dependencies = [
[[package]]
name = "chrono"
version = "0.4.19"
version = "0.4.20"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "670ad68c9088c2a963aaa298cb369688cf3f9465ce5e2d4ca10e6e0098a1ce73"
checksum = "6127248204b9aba09a362f6c930ef6a78f2c1b2215f8a7b398c06e1083f17af0"
dependencies = [
"libc",
"js-sys",
"num-integer",
"num-traits",
"time",
"wasm-bindgen",
"winapi",
]
@ -119,9 +126,9 @@ checksum = "2382f75942f4b3be3690fe4f86365e9c853c1587d6ee58212cebf6e2a9ccd101"
[[package]]
name = "crossbeam-channel"
version = "0.5.2"
version = "0.5.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e54ea8bc3fb1ee042f5aace6e3c6e025d3874866da222930f70ce62aceba0bfa"
checksum = "c2dd04ddaf88237dc3b8d8f9a3c1004b506b54b3313403944054d23c0870c521"
dependencies = [
"cfg-if",
"crossbeam-utils",
@ -364,6 +371,15 @@ version = "1.0.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1aab8fc367588b89dcee83ab0fd66b72b50b72fa1904d7095045ace2b0c81c35"
[[package]]
name = "js-sys"
version = "0.3.58"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c3fac17f7123a73ca62df411b1bf727ccc805daa070338fda671c86dac1bdc27"
dependencies = [
"wasm-bindgen",
]
[[package]]
name = "kata-sys-util"
version = "0.1.0"
@ -1203,6 +1219,60 @@ version = "0.11.0+wasi-snapshot-preview1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423"
[[package]]
name = "wasm-bindgen"
version = "0.2.81"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7c53b543413a17a202f4be280a7e5c62a1c69345f5de525ee64f8cfdbc954994"
dependencies = [
"cfg-if",
"wasm-bindgen-macro",
]
[[package]]
name = "wasm-bindgen-backend"
version = "0.2.81"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5491a68ab4500fa6b4d726bd67408630c3dbe9c4fe7bda16d5c82a1fd8c7340a"
dependencies = [
"bumpalo",
"lazy_static",
"log",
"proc-macro2",
"quote",
"syn",
"wasm-bindgen-shared",
]
[[package]]
name = "wasm-bindgen-macro"
version = "0.2.81"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c441e177922bc58f1e12c022624b6216378e5febc2f0533e41ba443d505b80aa"
dependencies = [
"quote",
"wasm-bindgen-macro-support",
]
[[package]]
name = "wasm-bindgen-macro-support"
version = "0.2.81"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7d94ac45fcf608c1f45ef53e748d35660f168490c10b23704c7779ab8f5c3048"
dependencies = [
"proc-macro2",
"quote",
"syn",
"wasm-bindgen-backend",
"wasm-bindgen-shared",
]
[[package]]
name = "wasm-bindgen-shared"
version = "0.2.81"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6a89911bd99e5f3659ec4acf9c4d93b0a90fe4a2a11f15328472058edc5261be"
[[package]]
name = "which"
version = "4.2.5"

8
src/libs/Cargo.toml
View File

@ -1,11 +1,11 @@
[workspace]
members = [
"logging",
"kata-types",
"kata-sys-util",
"safe-path",
"protocols",
"kata-types",
"logging",
"oci",
"protocols",
"safe-path",
"test-utils",
]
resolver = "2"

11
src/libs/kata-types/src/annotations/cri_containerd.rs
View File

@ -11,3 +11,14 @@ pub const SANDBOX: &str = "sandbox";
pub const CONTAINER: &str = "container";
pub const SANDBOX_ID_LABEL_KEY: &str = "io.kubernetes.cri.sandbox-id";
// Ref: https://pkg.go.dev/github.com/containerd/containerd@v1.6.7/pkg/cri/annotations
// SandboxCPU annotations are based on the initial CPU configuration for the sandbox. This is calculated as the
// sum of container CPU resources, optionally provided by Kubelet (introduced in 1.23) as part of the PodSandboxConfig
pub const SANDBOX_CPU_QUOTA_KEY: &str = "io.kubernetes.cri.sandbox-cpu-quota";
pub const SANDBOX_CPU_PERIOD_KEY: &str = "io.kubernetes.cri.sandbox-cpu-period";
pub const SANDBOX_CPU_SHARE_KEY: &str = "io.kubernetes.cri.sandbox-cpu-shares";
// SandboxMemory is the initial amount of memory associated with this sandbox. This is calculated as the sum
// of container memory, optionally provided by Kubelet (introduced in 1.23) as part of the PodSandboxConfig
pub const SANDBOX_MEM_KEY: &str = "io.kubernetes.cri.sandbox-memory";

68
src/libs/kata-types/src/annotations/mod.rs
View File

@ -12,10 +12,16 @@ use std::u32;
use serde::Deserialize;
use crate::config::default::DEFAULT_AGENT_TYPE_NAME;
use crate::config::default::DEFAULT_HYPERVISOR;
use crate::config::default::DEFAULT_RUNTIME_NAME;
use crate::config::hypervisor::get_hypervisor_plugin;
use crate::config::TomlConfig;
use crate::sl;
use self::cri_containerd::{SANDBOX_CPU_PERIOD_KEY, SANDBOX_CPU_QUOTA_KEY, SANDBOX_MEM_KEY};
/// CRI-containerd specific annotations.
pub mod cri_containerd;
@ -175,7 +181,7 @@ pub const KATA_ANNO_CFG_HYPERVISOR_FIRMWARE_HASH: &str =
/// A sandbox annotation to specify cpu specific features.
pub const KATA_ANNO_CFG_HYPERVISOR_CPU_FEATURES: &str =
"io.katacontainers.config.hypervisor.cpu_features";
/// A sandbox annotation for passing the default vcpus assigned for a VM by the hypervisor.
/// A sandbox annotation for passing the default vCPUs assigned for a VM by the hypervisor.
pub const KATA_ANNO_CFG_HYPERVISOR_DEFAULT_VCPUS: &str =
"io.katacontainers.config.hypervisor.default_vcpus";
/// A sandbox annotation that specifies the maximum number of vCPUs allocated for the VM by the hypervisor.
@ -196,7 +202,7 @@ pub const KATA_ANNO_CFG_HYPERVISOR_IOMMU: &str = "io.katacontainers.config.hyper
pub const KATA_ANNO_CFG_HYPERVISOR_IOMMU_PLATFORM: &str =
"io.katacontainers.config.hypervisor.enable_iommu_platform";
// Hypervisor Machine related annotations
// Hypervisor Machine related annotations
/// A sandbox annotation to specify the type of machine being emulated by the hypervisor.
pub const KATA_ANNO_CFG_HYPERVISOR_MACHINE_TYPE: &str =
"io.katacontainers.config.hypervisor.machine_type";
@ -254,7 +260,7 @@ pub const KATA_ANNO_CFG_HYPERVISOR_ENABLE_ROOTLESS_HYPERVISOR: &str =
"io.katacontainers.config.hypervisor.rootless";
// Hypervisor Shared File System related annotations
/// A sandbox annotation to specify the shared file system type, either virtio-9p or virtio-fs.
/// A sandbox annotation to specify the shared file system type, either inline-virtio-fs (default), virtio-9p, virtio-fs or virtio-fs-nydus.
pub const KATA_ANNO_CFG_HYPERVISOR_SHARED_FS: &str =
"io.katacontainers.config.hypervisor.shared_fs";
/// A sandbox annotations to specify virtio-fs vhost-user daemon path.
@ -376,6 +382,28 @@ impl Annotation {
self.get(CONTAINER_TYPE_KEY)
}
/// Get the annotation of cpu quota for sandbox
pub fn get_sandbox_cpu_quota(&self) -> u64 {
let value = self
.get_value::<u64>(SANDBOX_CPU_QUOTA_KEY)
.unwrap_or(Some(0));
value.unwrap_or(0)
}
/// Get the annotation of cpu period for sandbox
pub fn get_sandbox_cpu_period(&self) -> i64 {
let value = self
.get_value::<i64>(SANDBOX_CPU_PERIOD_KEY)
.unwrap_or(Some(0));
value.unwrap_or(0)
}
/// Get the annotation of memory for sandbox
pub fn get_sandbox_mem(&self) -> i64 {
let value = self.get_value::<i64>(SANDBOX_MEM_KEY).unwrap_or(Some(0));
value.unwrap_or(0)
}
/// Get the annotation to specify the Resources.Memory.Swappiness.
pub fn get_container_resource_swappiness(&self) -> Result<Option<u32>> {
match self.get_value::<u32>(KATA_ANNO_CONTAINER_RES_SWAPPINESS) {
@ -415,6 +443,18 @@ impl Annotation {
config.runtime.agent_name = ag.to_string();
}
}
// set default values for runtime.name, runtime.hypervisor_name and runtime.agent
if config.runtime.name.is_empty() {
config.runtime.name = DEFAULT_RUNTIME_NAME.to_string()
}
if config.runtime.hypervisor_name.is_empty() {
config.runtime.hypervisor_name = DEFAULT_HYPERVISOR.to_string()
}
if config.runtime.agent_name.is_empty() {
config.runtime.agent_name = DEFAULT_AGENT_TYPE_NAME.to_string()
}
let hypervisor_name = &config.runtime.hypervisor_name;
let agent_name = &config.runtime.agent_name;
@ -428,7 +468,7 @@ impl Annotation {
if hv.security_info.is_annotation_enabled(key) {
match key.as_str() {
// update hypervisor config
// Hypervisor related annotations
// Hypervisor related annotations
KATA_ANNO_CFG_HYPERVISOR_PATH => {
hv.validate_hypervisor_path(value)?;
hv.path = value.to_string();
@ -451,7 +491,7 @@ impl Annotation {
return Err(bool_err);
}
},
// Hypervisor Block Device related annotations
// Hypervisor Block Device related annotations
KATA_ANNO_CFG_HYPERVISOR_BLOCK_DEV_DRIVER => {
hv.blockdev_info.block_device_driver = value.to_string();
}
@ -547,7 +587,7 @@ impl Annotation {
hv.boot_info.validate_boot_path(value)?;
hv.boot_info.firmware = value.to_string();
}
// Hypervisor CPU related annotations
// Hypervisor CPU related annotations
KATA_ANNO_CFG_HYPERVISOR_CPU_FEATURES => {
hv.cpu_info.cpu_features = value.to_string();
}
@ -587,7 +627,7 @@ impl Annotation {
}
}
}
// Hypervisor Device related annotations
// Hypervisor Device related annotations
KATA_ANNO_CFG_HYPERVISOR_HOTPLUG_VFIO_ON_ROOT_BUS => {
match self.get_value::<bool>(key) {
Ok(r) => {
@ -622,7 +662,7 @@ impl Annotation {
return Err(bool_err);
}
},
// Hypervisor Machine related annotations
// Hypervisor Machine related annotations
KATA_ANNO_CFG_HYPERVISOR_MACHINE_TYPE => {
hv.machine_info.machine_type = value.to_string();
}
@ -633,7 +673,7 @@ impl Annotation {
hv.machine_info.validate_entropy_source(value)?;
hv.machine_info.entropy_source = value.to_string();
}
// Hypervisor Memory related annotations
// Hypervisor Memory related annotations
KATA_ANNO_CFG_HYPERVISOR_DEFAULT_MEMORY => {
match byte_unit::Byte::from_str(value) {
Ok(mem_bytes) => {
@ -722,7 +762,7 @@ impl Annotation {
return Err(bool_err);
}
},
// Hypervisor Network related annotations
// Hypervisor Network related annotations
KATA_ANNO_CFG_HYPERVISOR_DISABLE_VHOST_NET => match self.get_value::<bool>(key)
{
Ok(r) => {
@ -752,7 +792,7 @@ impl Annotation {
}
}
}
// Hypervisor Security related annotations
// Hypervisor Security related annotations
KATA_ANNO_CFG_HYPERVISOR_GUEST_HOOK_PATH => {
hv.security_info.validate_path(value)?;
hv.security_info.guest_hook_path = value.to_string();
@ -767,7 +807,7 @@ impl Annotation {
}
}
}
// Hypervisor Shared File System related annotations
// Hypervisor Shared File System related annotations
KATA_ANNO_CFG_HYPERVISOR_SHARED_FS => {
hv.shared_fs.shared_fs = self.get(key);
}
@ -815,7 +855,7 @@ impl Annotation {
}
} else {
match key.as_str() {
//update agent config
// update agent config
KATA_ANNO_CFG_KERNEL_MODULES => {
let kernel_mod: Vec<String> =
value.to_string().split(';').map(str::to_string).collect();
@ -839,7 +879,7 @@ impl Annotation {
return Err(u32_err);
}
},
//update runtime config
// update runtime config
KATA_ANNO_CFG_RUNTIME_NAME => {
let runtime = vec!["virt-container", "linux-container", "wasm-container"];
if runtime.contains(&value.as_str()) {

3
src/libs/kata-types/src/config/agent.rs
View File

@ -11,6 +11,9 @@ pub use vendor::AgentVendor;
use super::default::{DEFAULT_AGENT_LOG_PORT, DEFAULT_AGENT_VSOCK_PORT};
/// agent name of Kata agent.
pub const AGENT_NAME_KATA: &str = "kata";
/// Kata agent configuration information.
#[derive(Debug, Default, Deserialize, Serialize, Clone)]
pub struct Agent {

7
src/libs/kata-types/src/config/default.rs
View File

@ -6,6 +6,9 @@
//! Default configuration values.
#![allow(missing_docs)]
use crate::config::agent::AGENT_NAME_KATA;
use crate::config::hypervisor::HYPERVISOR_NAME_DRAGONBALL;
use crate::config::runtime::RUNTIME_NAME_VIRTCONTAINER;
use lazy_static::lazy_static;
lazy_static! {
@ -18,6 +21,10 @@ lazy_static! {
pub const DEFAULT_AGENT_NAME: &str = "kata-agent";
pub const DEFAULT_AGENT_VSOCK_PORT: u32 = 1024;
pub const DEFAULT_AGENT_LOG_PORT: u32 = 1025;
pub const DEFAULT_AGENT_TYPE_NAME: &str = AGENT_NAME_KATA;
pub const DEFAULT_RUNTIME_NAME: &str = RUNTIME_NAME_VIRTCONTAINER;
pub const DEFAULT_HYPERVISOR: &str = HYPERVISOR_NAME_DRAGONBALL;
pub const DEFAULT_INTERNETWORKING_MODEL: &str = "tcfilter";

4
src/libs/kata-types/src/config/mod.rs
View File

@ -29,7 +29,9 @@ pub use self::hypervisor::{
};
mod runtime;
pub use self::runtime::{Runtime, RuntimeVendor};
pub use self::runtime::{Runtime, RuntimeVendor, RUNTIME_NAME_VIRTCONTAINER};
pub use self::agent::AGENT_NAME_KATA;
/// Trait to manipulate global Kata configuration information.
pub trait ConfigPlugin: Send + Sync {

7
src/libs/kata-types/src/config/runtime.rs
View File

@ -10,6 +10,9 @@ use super::default;
use crate::config::{ConfigOps, TomlConfig};
use crate::{eother, resolve_path, validate_path};
/// Type of runtime VirtContainer.
pub const RUNTIME_NAME_VIRTCONTAINER: &str = "virt_container";
/// Kata runtime configuration information.
#[derive(Debug, Default, Deserialize, Serialize)]
pub struct Runtime {
@ -99,6 +102,10 @@ pub struct Runtime {
#[serde(default)]
pub enable_pprof: bool,
/// If enabled, static resource management will calculate the vcpu and memory for the sandbox/container
#[serde(default)]
pub static_resource_mgmt: bool,
/// Determines whether container seccomp profiles are passed to the virtual machine and
/// applied by the kata agent. If set to true, seccomp is not applied within the guest.
#[serde(default)]

1
src/libs/logging/Cargo.toml
View File

@ -3,6 +3,7 @@ name = "logging"
version = "0.1.0"
authors = ["The Kata Containers community <kata-dev@lists.katacontainers.io>"]
edition = "2018"
license = "Apache-2.0"
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html

1
src/libs/oci/Cargo.toml
View File

@ -3,6 +3,7 @@ name = "oci"
version = "0.1.0"
authors = ["The Kata Containers community <kata-dev@lists.katacontainers.io>"]
edition = "2018"
license = "Apache-2.0"
[dependencies]
serde = "1.0.131"

1
src/libs/protocols/Cargo.toml
View File

@ -3,6 +3,7 @@ name = "protocols"
version = "0.1.0"
authors = ["The Kata Containers community <kata-dev@lists.katacontainers.io>"]
edition = "2018"
license = "Apache-2.0"
[features]
default = []

44
src/runtime-rs/Cargo.lock generated
View File

@ -69,6 +69,15 @@ dependencies = [
"memchr",
]
[[package]]
name = "android_system_properties"
version = "0.1.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "819e7219dbd41043ac279b19830f2efc897156490d7fd6ea916720117ee66311"
dependencies = [
"libc",
]
[[package]]
name = "anyhow"
version = "1.0.57"
@ -400,14 +409,16 @@ dependencies = [
[[package]]
name = "chrono"
version = "0.4.19"
version = "0.4.22"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "670ad68c9088c2a963aaa298cb369688cf3f9465ce5e2d4ca10e6e0098a1ce73"
checksum = "bfd4d1b31faaa3a89d7934dbded3111da0d2ef28e3ebccdb4f0179f5929d1ef1"
dependencies = [
"libc",
"iana-time-zone",
"js-sys",
"num-integer",
"num-traits",
"time 0.1.43",
"wasm-bindgen",
"winapi",
]
@ -476,6 +487,12 @@ dependencies = [
"libc",
]
[[package]]
name = "core-foundation-sys"
version = "0.8.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5827cebf4670468b8772dd191856768aedcb1b0278a04f989f7766351917b9dc"
[[package]]
name = "cpuid-bool"
version = "0.1.2"
@ -754,7 +771,7 @@ version = "0.0.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8f82432ae94d42f160b6e17389d6e1c1eee29827b99ad32d35a0a96bb98bedb5"
dependencies = [
"core-foundation-sys",
"core-foundation-sys 0.2.3",
"libc",
]
@ -912,7 +929,7 @@ dependencies = [
"arc-swap 1.5.0",
"bitflags",
"caps",
"core-foundation-sys",
"core-foundation-sys 0.2.3",
"diskarbitration-sys",
"lazy_static",
"libc",
@ -1183,6 +1200,19 @@ dependencies = [
"vmm-sys-util",
]
[[package]]
name = "iana-time-zone"
version = "0.1.46"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ad2bfd338099682614d3ee3fe0cd72e0b6a41ca6a87f6a74a3bd593c91650501"
dependencies = [
"android_system_properties",
"core-foundation-sys 0.8.3",
"js-sys",
"wasm-bindgen",
"winapi",
]
[[package]]
name = "ident_case"
version = "1.0.1"
@ -1418,9 +1448,9 @@ dependencies = [
[[package]]
name = "lz4-sys"
version = "1.9.3"
version = "1.9.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d7be8908e2ed6f31c02db8a9fa962f03e36c53fbfde437363eae3306b85d7e17"
checksum = "57d27b317e207b10f69f5e75494119e391a96f48861ae870d1da6edac98ca900"
dependencies = [
"cc",
"libc",

4
src/runtime-rs/Makefile
View File

@ -122,7 +122,7 @@ DEFMSIZE9P := 8192
DEFVFIOMODE := guest-kernel
# Default cgroup model
DEFSANDBOXCGROUPONLY ?= false
DEFSTATICRESOURCEMGMT ?= false
DEFSTATICRESOURCEMGMT_DB ?= false
DEFBINDMOUNTS := []
SED = sed
CLI_DIR = cmd
@ -255,7 +255,7 @@ USER_VARS += DEFMSIZE9P
USER_VARS += DEFENTROPYSOURCE
USER_VARS += DEFVALIDENTROPYSOURCES
USER_VARS += DEFSANDBOXCGROUPONLY
USER_VARS += DEFSTATICRESOURCEMGMT
USER_VARS += DEFSTATICRESOURCEMGMT_DB
USER_VARS += DEFBINDMOUNTS
USER_VARS += DEFVFIOMODE
USER_VARS += BUILDFLAGS

3
src/runtime-rs/config/configuration-dragonball.toml.in
View File

@ -247,3 +247,6 @@ experimental=@DEFAULTEXPFEATURES@
# If enabled, user can run pprof tools with shim v2 process through kata-monitor.
# (default: false)
# enable_pprof = true
static_resource_mgmt=@DEFSTATICRESOURCEMGMT_DB@

1
src/runtime-rs/crates/agent/Cargo.toml
View File

@ -3,6 +3,7 @@ name = "agent"
version = "0.1.0"
authors = ["The Kata Containers community <kata-dev@lists.katacontainers.io>"]
edition = "2018"
license = "Apache-2.0"
[dev-dependencies]
futures = "0.1.27"

1
src/runtime-rs/crates/hypervisor/Cargo.toml
View File

@ -3,6 +3,7 @@ name = "hypervisor"
version = "0.1.0"
authors = ["The Kata Containers community <kata-dev@lists.katacontainers.io>"]
edition = "2018"
license = "Apache-2.0"
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html

1
src/runtime-rs/crates/hypervisor/src/dragonball/inner.rs
View File

@ -176,6 +176,7 @@ impl DragonballInner {
serial_path: Some(serial_path),
mem_size_mib: self.config.memory_info.default_memory as usize,
vcpu_count: self.config.cpu_info.default_vcpus as u8,
max_vcpu_count: self.config.cpu_info.default_maxvcpus as u8,
..Default::default()
};
info!(sl!(), "vm config: {:?}", vm_config);

1
src/runtime-rs/crates/persist/Cargo.toml
View File

@ -3,6 +3,7 @@ name = "persist"
version = "0.1.0"
authors = ["The Kata Containers community <kata-dev@lists.katacontainers.io>"]
edition = "2018"
license = "Apache-2.0"
[dependencies]
async-trait = "0.1.48"

1
src/runtime-rs/crates/resource/Cargo.toml
View File

@ -3,6 +3,7 @@ name = "resource"
version = "0.1.0"
authors = ["The Kata Containers community <kata-dev@lists.katacontainers.io>"]
edition = "2018"
license = "Apache-2.0"
[dependencies]
anyhow = "^1.0"

1
src/runtime-rs/crates/runtimes/Cargo.toml
View File

@ -3,6 +3,7 @@ name = "runtimes"
version = "0.1.0"
authors = ["The Kata Containers community <kata-dev@lists.katacontainers.io>"]
edition = "2018"
license = "Apache-2.0"
[dependencies]
anyhow = "^1.0"

1
src/runtime-rs/crates/runtimes/common/Cargo.toml
View File

@ -3,6 +3,7 @@ name = "common"
version = "0.1.0"
authors = ["The Kata Containers community <kata-dev@lists.katacontainers.io>"]
edition = "2018"
license = "Apache-2.0"
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html

1
src/runtime-rs/crates/runtimes/src/lib.rs
View File

@ -11,3 +11,4 @@ logging::logger_with_subsystem!(sl, "runtimes");
pub mod manager;
pub use manager::RuntimeHandlerManager;
mod static_resource;

19
src/runtime-rs/crates/runtimes/src/manager.rs
View File

@ -7,6 +7,8 @@
use std::sync::Arc;
use anyhow::{anyhow, Context, Result};
use crate::static_resource::StaticResourceManager;
use common::{
message::Message,
types::{Request, Response},
@ -310,6 +312,23 @@ fn load_config(spec: &oci::Spec) -> Result<TomlConfig> {
let (mut toml_config, _) =
TomlConfig::load_from_file(&config_path).context("load toml config")?;
annotation.update_config_by_annotation(&mut toml_config)?;
// Sandbox sizing information *may* be provided in two scenarios:
// 1. The upper layer runtime (ie, containerd or crio) provide sandbox sizing information as an annotation
// in the 'sandbox container's' spec. This would typically be a scenario where as part of a create sandbox
// request the upper layer runtime receives this information as part of a pod, and makes it available to us
// for sizing purposes.
// 2. If this is not a sandbox infrastructure container, but instead a standalone single container (analogous to "docker run..."),
// then the container spec itself will contain appropriate sizing information for the entire sandbox (since it is
// a single container.
if toml_config.runtime.static_resource_mgmt {
info!(sl!(), "static resource management enabled");
let static_resource_manager = StaticResourceManager::new(spec)
.context("failed to construct static resource manager")?;
static_resource_manager
.setup_config(&mut toml_config)
.context("failed to setup static resource mgmt config")?;
}
info!(sl!(), "get config content {:?}", &toml_config);
Ok(toml_config)
}

167
src/runtime-rs/crates/runtimes/src/static_resource.rs Normal file
View File

@ -0,0 +1,167 @@
// Copyright (c) 2019-2021 Alibaba Cloud
// Copyright (c) 2019-2021 Ant Group
//
// SPDX-License-Identifier: Apache-2.0
//
use std::convert::TryFrom;
use anyhow::{Context, Result};
use kata_types::{
annotations::Annotation, config::TomlConfig, container::ContainerType,
cpu::LinuxContainerCpuResources, k8s::container_type,
};
// static resource that StaticResourceManager needs, this is the spec for the
// sandbox/container's workload
#[derive(Clone, Copy, Debug)]
struct StaticResource {
vcpu: u32,
mem_mb: u32,
}
// generate static resource(vcpu and memory in MiB) from spec's information
// used for static resource management
impl TryFrom<&oci::Spec> for StaticResource {
type Error = anyhow::Error;
fn try_from(spec: &oci::Spec) -> Result<Self> {
let mut vcpu: u32 = 0;
let mut mem_mb: u32 = 0;
match container_type(spec) {
// podsandbox, from annotation
ContainerType::PodSandbox => {
let annotation = Annotation::new(spec.annotations.clone());
let (period, quota, memory) =
get_sizing_info(annotation).context("failed to get sizing info")?;
let cpu = oci::LinuxCpu {
period: Some(period),
quota: Some(quota),
..Default::default()
};
// although it may not be actually a linux container, we are only using the calculation inside
// LinuxContainerCpuResources::try_from to generate our vcpu number
if let Ok(cpu_resource) = LinuxContainerCpuResources::try_from(&cpu) {
vcpu = get_nr_vcpu(&cpu_resource);
}
mem_mb = convert_memory_to_mb(memory);
}
// single container, from container spec
_ => {
if let Some(linux) = &spec.linux {
if let Some(resource) = &linux.resources {
if let Some(cpu) = &resource.cpu {
if let Ok(cpu_resource) = LinuxContainerCpuResources::try_from(cpu) {
vcpu = get_nr_vcpu(&cpu_resource);
}
}
if let Some(mem) = &resource.memory {
let memory = mem.limit.unwrap_or(0);
mem_mb = convert_memory_to_mb(memory);
}
}
}
}
}
info!(
sl!(),
"static resource mgmt result: vcpu={}, mem_mb={}", vcpu, mem_mb
);
Ok(Self { vcpu, mem_mb })
}
}
// StaticResourceManager is responsible for static resource management
//
// static resource management sizing information is optionally provided, either by
// upper layer runtime (containerd / crio) or by the container spec itself (when it
// is a standalone single container such as the one started with *docker run*)
//
// the sizing information uses three values, cpu quota, cpu period and memory limit,
// and with above values it calculates the # vcpus and memory for the workload and
// add them to default value of the config
#[derive(Clone, Copy, Debug)]
pub struct StaticResourceManager {
resource: StaticResource,
}
impl StaticResourceManager {
pub fn new(spec: &oci::Spec) -> Result<Self> {
Ok(Self {
resource: StaticResource::try_from(spec)
.context("failed to construct static resource")?,
})
}
pub fn setup_config(&self, config: &mut TomlConfig) -> Result<()> {
// update this data to the hypervisor config for later use by hypervisor
let hypervisor_name = &config.runtime.hypervisor_name;
let mut hv = config
.hypervisor
.get_mut(hypervisor_name)
.context("failed to get hypervisor config")?;
hv.cpu_info.default_vcpus += self.resource.vcpu as i32;
hv.memory_info.default_memory += self.resource.mem_mb;
Ok(())
}
}
fn get_nr_vcpu(resource: &LinuxContainerCpuResources) -> u32 {
if let Some(v) = resource.get_vcpus() {
v as u32
} else {
0
}
}
fn convert_memory_to_mb(memory_in_byte: i64) -> u32 {
if memory_in_byte < 0 {
0
} else {
(memory_in_byte / 1024 / 1024) as u32
}
}
// from the upper layer runtime's annotation (e.g. crio, k8s), get the *cpu quota,
// cpu period and memory limit* for a sandbox/container
fn get_sizing_info(annotation: Annotation) -> Result<(u64, i64, i64)> {
// since we are *adding* our result to the config, a value of 0 will cause no change
// and if the annotation is not assigned (but static resource management is), we will
// log a *warning* to fill that with zero value
let period = annotation.get_sandbox_cpu_quota();
let quota = annotation.get_sandbox_cpu_period();
let memory = annotation.get_sandbox_mem();
Ok((period, quota, memory))
}
#[cfg(test)]
mod tests {
use super::*;
#[test]
fn test_static_resource_mgmt() {
// data below should result in 2200 mCPU(round up to 3 vcpus) and 512 MiB of memory
let period: u64 = 100000;
let memory: i64 = 1048576 * 512; // 512 MiB
let quota: i64 = 220000;
let cpu = oci::LinuxCpu {
period: Some(period),
quota: Some(quota),
..Default::default()
};
if let Ok(cpu_resource) = LinuxContainerCpuResources::try_from(&cpu) {
if let Some(v) = cpu_resource.get_vcpus() {
assert_eq!(v, 3);
}
}
let mem_mb = if memory < 0 {
0
} else {
(memory / 1024 / 1024) as u32
};
assert_eq!(mem_mb, 512);
}
}

1
src/runtime-rs/crates/runtimes/virt_container/Cargo.toml
View File

@ -3,6 +3,7 @@ name = "virt_container"
version = "0.1.0"
authors = ["The Kata Containers community <kata-dev@lists.katacontainers.io>"]
edition = "2018"
license = "Apache-2.0"
[dependencies]
anyhow = "^1.0"

116
src/runtime-rs/crates/runtimes/virt_container/src/container_manager/container.rs
View File

@ -80,8 +80,9 @@ impl Container {
let mut inner = self.inner.write().await;
let toml_config = self.resource_manager.config().await;
let config = &self.config;
let sandbox_pidns = amend_spec(&mut spec, toml_config.runtime.disable_guest_seccomp)
.context("load spec")?;
amend_spec(&mut spec, toml_config.runtime.disable_guest_seccomp).context("amend spec")?;
let sandbox_pidns = is_pid_namespace_enabled(&spec);
// handler rootfs
let rootfs = self
.resource_manager
@ -373,7 +374,7 @@ impl Container {
}
}
fn amend_spec(spec: &mut oci::Spec, disable_guest_seccomp: bool) -> Result<bool> {
fn amend_spec(spec: &mut oci::Spec, disable_guest_seccomp: bool) -> Result<()> {
// hook should be done on host
spec.hooks = None;
@ -401,33 +402,29 @@ fn amend_spec(spec: &mut oci::Spec, disable_guest_seccomp: bool) -> Result<bool>
}
linux.namespaces = ns;
return Ok(handle_pid_namespace(&linux.namespaces));
}
Ok(false)
Ok(())
}
// handle_pid_namespace checks if Pid namespace for a container needs to be shared with its sandbox
// is_pid_namespace_enabled checks if Pid namespace for a container needs to be shared with its sandbox
// pid namespace.
fn handle_pid_namespace(namespaces: &[oci::LinuxNamespace]) -> bool {
for n in namespaces.iter() {
match n.r#type.as_str() {
oci::PIDNAMESPACE => {
if !n.path.is_empty() {
return true;
}
fn is_pid_namespace_enabled(spec: &oci::Spec) -> bool {
if let Some(linux) = spec.linux.as_ref() {
for n in linux.namespaces.iter() {
if n.r#type.as_str() == oci::PIDNAMESPACE {
return !n.path.is_empty();
}
_ => continue,
}
}
false
}
#[cfg(test)]
mod tests {
use super::amend_spec;
use crate::container_manager::container::handle_pid_namespace;
use super::is_pid_namespace_enabled;
#[test]
fn test_amend_spec_disable_guest_seccomp() {
let mut spec = oci::Spec {
@ -448,38 +445,69 @@ mod tests {
amend_spec(&mut spec, true).unwrap();
assert!(spec.linux.as_ref().unwrap().seccomp.is_none());
}
#[test]
fn test_handle_pid_namespace() {
let namespaces = vec![
oci::LinuxNamespace {
r#type: "pid".to_string(),
path: "".to_string(),
fn test_is_pid_namespace_enabled() {
struct TestData<'a> {
desc: &'a str,
namespaces: Vec<oci::LinuxNamespace>,
result: bool,
}
let tests = &[
TestData {
desc: "no pid namespace",
namespaces: vec![oci::LinuxNamespace {
r#type: "network".to_string(),
path: "".to_string(),
}],
result: false,
},
oci::LinuxNamespace {
r#type: "network".to_string(),
path: "".to_string(),
TestData {
desc: "empty pid namespace path",
namespaces: vec![
oci::LinuxNamespace {
r#type: "pid".to_string(),
path: "".to_string(),
},
oci::LinuxNamespace {
r#type: "network".to_string(),
path: "".to_string(),
},
],
result: false,
},
oci::LinuxNamespace {
r#type: "ipc".to_string(),
path: "".to_string(),
},
oci::LinuxNamespace {
r#type: "uts".to_string(),
path: "".to_string(),
},
oci::LinuxNamespace {
r#type: "mount".to_string(),
path: "".to_string(),
},
oci::LinuxNamespace {
r#type: "user".to_string(),
path: "".to_string(),
},
oci::LinuxNamespace {
r#type: "cgroup".to_string(),
path: "".to_string(),
TestData {
desc: "pid namespace is set",
namespaces: vec![
oci::LinuxNamespace {
r#type: "pid".to_string(),
path: "/some/path".to_string(),
},
oci::LinuxNamespace {
r#type: "network".to_string(),
path: "".to_string(),
},
],
result: true,
},
];
assert!(!handle_pid_namespace(&namespaces));
let mut spec = oci::Spec::default();
for (i, d) in tests.iter().enumerate() {
spec.linux = Some(oci::Linux {
namespaces: d.namespaces.clone(),
..Default::default()
});
assert_eq!(
d.result,
is_pid_namespace_enabled(&spec),
"test[{}]: {:?}",
i,
d.desc
);
}
}
}

1
src/runtime-rs/crates/service/Cargo.toml
View File

@ -3,6 +3,7 @@ name = "service"
version = "0.1.0"
authors = ["The Kata Containers community <kata-dev@lists.katacontainers.io>"]
edition = "2018"
license = "Apache-2.0"
[dependencies]
anyhow = "^1.0"

1
src/runtime-rs/tests/utils/Cargo.toml
View File

@ -3,6 +3,7 @@ name = "tests_utils"
version = "0.1.0"
edition = "2018"
description = "This crate is used to share code among tests"
license = "Apache-2.0"
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html

4
src/runtime/virtcontainers/acrn.go
View File

@ -676,6 +676,10 @@ func (a *Acrn) GetThreadIDs(ctx context.Context) (VcpuThreadIDs, error) {
return VcpuThreadIDs{}, nil
}
func (a *Acrn) GetTotalMemoryMB(ctx context.Context) uint32 {
return a.config.MemorySize
}
func (a *Acrn) ResizeMemory(ctx context.Context, reqMemMB uint32, memoryBlockSizeMB uint32, probe bool) (uint32, MemoryDevice, error) {
return 0, MemoryDevice{}, nil
}

10
src/runtime/virtcontainers/clh.go
View File

@ -1603,6 +1603,16 @@ func (clh *cloudHypervisor) cleanupVM(force bool) error {
return nil
}
func (clh *cloudHypervisor) GetTotalMemoryMB(ctx context.Context) uint32 {
vminfo, err := clh.vmInfo()
if err != nil {
clh.Logger().WithError(err).Error("failed to get vminfo")
return 0
}
return uint32(vminfo.GetMemoryActualSize() >> utils.MibToBytesShift)
}
// vmInfo ask to hypervisor for current VM status
func (clh *cloudHypervisor) vmInfo() (chclient.VmInfo, error) {
cl := clh.client()

4
src/runtime/virtcontainers/fc.go
View File

@ -1169,6 +1169,10 @@ func (fc *firecracker) HypervisorConfig() HypervisorConfig {
return fc.config
}
func (fc *firecracker) GetTotalMemoryMB(ctx context.Context) uint32 {
return fc.config.MemorySize
}
func (fc *firecracker) ResizeMemory(ctx context.Context, reqMemMB uint32, memoryBlockSizeMB uint32, probe bool) (uint32, MemoryDevice, error) {
return 0, MemoryDevice{}, nil
}

1
src/runtime/virtcontainers/hypervisor.go
View File

@ -712,6 +712,7 @@ type Hypervisor interface {
HotplugRemoveDevice(ctx context.Context, devInfo interface{}, devType DeviceType) (interface{}, error)
ResizeMemory(ctx context.Context, memMB uint32, memoryBlockSizeMB uint32, probe bool) (uint32, MemoryDevice, error)
ResizeVCPUs(ctx context.Context, vcpus uint32) (uint32, uint32, error)
GetTotalMemoryMB(ctx context.Context) uint32
GetVMConsole(ctx context.Context, sandboxID string) (string, string, error)
Disconnect(ctx context.Context)
Capabilities(ctx context.Context) types.Capabilities

14
src/runtime/virtcontainers/mock_hypervisor.go
View File

@ -17,6 +17,7 @@ import (
var MockHybridVSockPath = "/tmp/kata-mock-hybrid-vsock.socket"
type mockHypervisor struct {
config HypervisorConfig
mockPid int
}
@ -27,10 +28,11 @@ func (m *mockHypervisor) Capabilities(ctx context.Context) types.Capabilities {
}
func (m *mockHypervisor) HypervisorConfig() HypervisorConfig {
return HypervisorConfig{}
return m.config
}
func (m *mockHypervisor) setConfig(config *HypervisorConfig) error {
m.config = *config
return nil
}
@ -38,7 +40,7 @@ func (m *mockHypervisor) CreateVM(ctx context.Context, id string, network Networ
if err := m.setConfig(hypervisorConfig); err != nil {
return err
}
m.config.MemSlots = 0
return nil
}
@ -96,12 +98,20 @@ func (m *mockHypervisor) GetVMConsole(ctx context.Context, sandboxID string) (st
}
func (m *mockHypervisor) ResizeMemory(ctx context.Context, memMB uint32, memorySectionSizeMB uint32, probe bool) (uint32, MemoryDevice, error) {
if m.config.MemorySize != memMB {
// For testing, we'll use MemSlots to track how many times we resized memory
m.config.MemSlots += 1
m.config.MemorySize = memMB
}
return 0, MemoryDevice{}, nil
}
func (m *mockHypervisor) ResizeVCPUs(ctx context.Context, cpus uint32) (uint32, uint32, error) {
return 0, 0, nil
}
func (m *mockHypervisor) GetTotalMemoryMB(ctx context.Context) uint32 {
return m.config.MemorySize
}
func (m *mockHypervisor) Disconnect(ctx context.Context) {
}

2
src/runtime/virtcontainers/mock_hypervisor_test.go
View File

@ -14,7 +14,7 @@ import (
)
func TestMockHypervisorCreateVM(t *testing.T) {
var m *mockHypervisor
m := &mockHypervisor{}
assert := assert.New(t)
sandbox := &Sandbox{

6
src/runtime/virtcontainers/qemu.go
View File

@ -2235,6 +2235,10 @@ func (q *qemu) Disconnect(ctx context.Context) {
q.qmpShutdown()
}
func (q *qemu) GetTotalMemoryMB(ctx context.Context) uint32 {
return q.config.MemorySize + uint32(q.state.HotpluggedMemory)
}
// ResizeMemory gets a request to update the VM memory to reqMemMB
// Memory update is managed with two approaches
// Add memory to VM:
@ -2248,7 +2252,7 @@ func (q *qemu) Disconnect(ctx context.Context) {
// A longer term solution is evaluate solutions like virtio-mem
func (q *qemu) ResizeMemory(ctx context.Context, reqMemMB uint32, memoryBlockSizeMB uint32, probe bool) (uint32, MemoryDevice, error) {
currentMemory := q.config.MemorySize + uint32(q.state.HotpluggedMemory)
currentMemory := q.GetTotalMemoryMB(ctx)
if err := q.qmpSetup(); err != nil {
return 0, MemoryDevice{}, err
}

64
src/runtime/virtcontainers/sandbox.go
View File

@ -78,6 +78,14 @@ const (
// Restricted permission for shared directory managed by virtiofs
sharedDirMode = os.FileMode(0700) | os.ModeDir
// hotplug factor indicates how much memory can be hotplugged relative to the amount of
// RAM provided to the guest. This is a conservative heuristic based on needing 64 bytes per
// 4KiB page of hotplugged memory.
//
// As an example: 12 GiB hotplugged -> 3 Mi pages -> 192 MiBytes overhead (3Mi x 64B).
// This is approximately what should be free in a relatively unloaded 256 MiB guest (75% of available memory). So, 256 Mi x 48 => 12 Gi
acpiMemoryHotplugFactor = 48
)
var (
@ -2004,9 +2012,60 @@ func (s *Sandbox) updateResources(ctx context.Context) error {
}
s.Logger().Debugf("Sandbox CPUs: %d", newCPUs)
// Update Memory
s.Logger().WithField("memory-sandbox-size-byte", sandboxMemoryByte).Debugf("Request to hypervisor to update memory")
// Update Memory --
// If we're using ACPI hotplug for memory, there's a limitation on the amount of memory which can be hotplugged at a single time.
// We must have enough free memory in the guest kernel to cover 64bytes per (4KiB) page of memory added for mem_map.
// See https://github.com/kata-containers/kata-containers/issues/4847 for more details.
// For a typical pod lifecycle, we expect that each container is added when we start the workloads. Based on this, we'll "assume" that majority
// of the guest memory is readily available. From experimentation, we see that we can add approximately 48 times what is already provided to
// the guest workload. For example, a 256 MiB guest should be able to accommodate hotplugging 12 GiB of memory.
//
// If virtio-mem is being used, there isn't such a limitation - we can hotplug the maximum allowed memory at a single time.
//
newMemoryMB := uint32(sandboxMemoryByte >> utils.MibToBytesShift)
finalMemoryMB := newMemoryMB
hconfig := s.hypervisor.HypervisorConfig()
for {
currentMemoryMB := s.hypervisor.GetTotalMemoryMB(ctx)
maxhotPluggableMemoryMB := currentMemoryMB * acpiMemoryHotplugFactor
// In the case of virtio-mem, we don't have a restriction on how much can be hotplugged at
// a single time. As a result, the max hotpluggable is only limited by the maximum memory size
// of the guest.
if hconfig.VirtioMem {
maxhotPluggableMemoryMB = uint32(hconfig.DefaultMaxMemorySize) - currentMemoryMB
}
deltaMB := int32(finalMemoryMB - currentMemoryMB)
if deltaMB > int32(maxhotPluggableMemoryMB) {
s.Logger().Warnf("Large hotplug. Adding %d MB of %d total memory", maxhotPluggableMemoryMB, deltaMB)
newMemoryMB = currentMemoryMB + maxhotPluggableMemoryMB
} else {
newMemoryMB = finalMemoryMB
}
// Add the memory to the guest and online the memory:
if err := s.updateMemory(ctx, newMemoryMB); err != nil {
return err
}
if newMemoryMB == finalMemoryMB {
break
}
}
return nil
}
func (s *Sandbox) updateMemory(ctx context.Context, newMemoryMB uint32) error {
// online the memory:
s.Logger().WithField("memory-sandbox-size-mb", newMemoryMB).Debugf("Request to hypervisor to update memory")
newMemory, updatedMemoryDevice, err := s.hypervisor.ResizeMemory(ctx, newMemoryMB, s.state.GuestMemoryBlockSizeMB, s.state.GuestMemoryHotplugProbe)
if err != nil {
if err == noGuestMemHotplugErr {
@ -2026,7 +2085,6 @@ func (s *Sandbox) updateResources(ctx context.Context) error {
if err := s.agent.onlineCPUMem(ctx, 0, false); err != nil {
return err
}
return nil
}

27
src/runtime/virtcontainers/sandbox_test.go
View File

@ -41,6 +41,7 @@ func newHypervisorConfig(kernelParams []Param, hParams []Param) HypervisorConfig
HypervisorPath: filepath.Join(testDir, testHypervisor),
KernelParams: kernelParams,
HypervisorParams: hParams,
MemorySize: 1,
}
}
@ -1360,7 +1361,6 @@ func TestSandboxUpdateResources(t *testing.T) {
contConfig1 := newTestContainerConfigNoop("cont-00001")
contConfig2 := newTestContainerConfigNoop("cont-00002")
hConfig := newHypervisorConfig(nil, nil)
defer cleanUp()
// create a sandbox
s, err := testCreateSandbox(t,
@ -1370,28 +1370,37 @@ func TestSandboxUpdateResources(t *testing.T) {
NetworkConfig{},
[]ContainerConfig{contConfig1, contConfig2},
nil)
assert.NoError(t, err)
err = s.updateResources(context.Background())
assert.NoError(t, err)
containerMemLimit := int64(1000)
// For mock hypervisor, we MemSlots to be 0 since the memory wasn't changed.
assert.Equal(t, s.hypervisor.HypervisorConfig().MemSlots, uint32(0))
containerMemLimit := int64(4 * 1024 * 1024 * 1024)
containerCPUPeriod := uint64(1000)
containerCPUQouta := int64(5)
for _, c := range s.config.Containers {
c.Resources.Memory = &specs.LinuxMemory{
for idx := range s.config.Containers {
s.config.Containers[idx].Resources.Memory = &specs.LinuxMemory{
Limit: new(int64),
}
c.Resources.CPU = &specs.LinuxCPU{
s.config.Containers[idx].Resources.CPU = &specs.LinuxCPU{
Period: new(uint64),
Quota: new(int64),
}
c.Resources.Memory.Limit = &containerMemLimit
c.Resources.CPU.Period = &containerCPUPeriod
c.Resources.CPU.Quota = &containerCPUQouta
s.config.Containers[idx].Resources.Memory.Limit = &containerMemLimit
s.config.Containers[idx].Resources.CPU.Period = &containerCPUPeriod
s.config.Containers[idx].Resources.CPU.Quota = &containerCPUQouta
}
err = s.updateResources(context.Background())
assert.NoError(t, err)
// Since we're starting with a memory of 1 MB, we expect it to take 3 hotplugs to add 4GiB of memory when using ACPI hotplug:
// +48MB
// +2352MB
// +the remaining
assert.Equal(t, s.hypervisor.HypervisorConfig().MemSlots, uint32(3))
}
func TestSandboxExperimentalFeature(t *testing.T) {

105
src/tools/agent-ctl/Cargo.lock generated
View File

@ -11,6 +11,15 @@ dependencies = [
"memchr",
]
[[package]]
name = "android_system_properties"
version = "0.1.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "819e7219dbd41043ac279b19830f2efc897156490d7fd6ea916720117ee66311"
dependencies = [
"libc",
]
[[package]]
name = "ansi_term"
version = "0.12.1"
@ -66,6 +75,12 @@ version = "1.2.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "cf1de2fe8c75bc145a2f577add951f8134889b4795d47466a54a5c846d691693"
[[package]]
name = "bumpalo"
version = "3.11.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c1ad822118d20d2c234f427000d5acc36eabe1e29a348c89b63dd60b13f28e5d"
[[package]]
name = "byteorder"
version = "1.4.3"
@ -131,14 +146,16 @@ dependencies = [
[[package]]
name = "chrono"
version = "0.4.19"
version = "0.4.22"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "670ad68c9088c2a963aaa298cb369688cf3f9465ce5e2d4ca10e6e0098a1ce73"
checksum = "bfd4d1b31faaa3a89d7934dbded3111da0d2ef28e3ebccdb4f0179f5929d1ef1"
dependencies = [
"libc",
"iana-time-zone",
"js-sys",
"num-integer",
"num-traits",
"time",
"wasm-bindgen",
"winapi",
]
@ -157,6 +174,12 @@ dependencies = [
"vec_map",
]
[[package]]
name = "core-foundation-sys"
version = "0.8.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5827cebf4670468b8772dd191856768aedcb1b0278a04f989f7766351917b9dc"
[[package]]
name = "crossbeam-channel"
version = "0.5.1"
@ -362,6 +385,19 @@ version = "2.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9a3a5bfb195931eeb336b2a7b4d761daec841b97f947d34394601737a7bba5e4"
[[package]]
name = "iana-time-zone"
version = "0.1.46"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ad2bfd338099682614d3ee3fe0cd72e0b6a41ca6a87f6a74a3bd593c91650501"
dependencies = [
"android_system_properties",
"core-foundation-sys",
"js-sys",
"wasm-bindgen",
"winapi",
]
[[package]]
name = "indexmap"
version = "1.7.0"
@ -409,6 +445,15 @@ version = "1.0.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1aab8fc367588b89dcee83ab0fd66b72b50b72fa1904d7095045ace2b0c81c35"
[[package]]
name = "js-sys"
version = "0.3.58"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c3fac17f7123a73ca62df411b1bf727ccc805daa070338fda671c86dac1bdc27"
dependencies = [
"wasm-bindgen",
]
[[package]]
name = "kata-agent-ctl"
version = "0.0.1"
@ -1160,6 +1205,60 @@ version = "0.10.2+wasi-snapshot-preview1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "fd6fbd9a79829dd1ad0cc20627bf1ed606756a7f77edff7b66b7064f9cb327c6"
[[package]]
name = "wasm-bindgen"
version = "0.2.81"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7c53b543413a17a202f4be280a7e5c62a1c69345f5de525ee64f8cfdbc954994"
dependencies = [
"cfg-if 1.0.0",
"wasm-bindgen-macro",
]
[[package]]
name = "wasm-bindgen-backend"
version = "0.2.81"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5491a68ab4500fa6b4d726bd67408630c3dbe9c4fe7bda16d5c82a1fd8c7340a"
dependencies = [
"bumpalo",
"lazy_static",
"log",
"proc-macro2",
"quote",
"syn",
"wasm-bindgen-shared",
]
[[package]]
name = "wasm-bindgen-macro"
version = "0.2.81"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c441e177922bc58f1e12c022624b6216378e5febc2f0533e41ba443d505b80aa"
dependencies = [
"quote",
"wasm-bindgen-macro-support",
]
[[package]]
name = "wasm-bindgen-macro-support"
version = "0.2.81"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7d94ac45fcf608c1f45ef53e748d35660f168490c10b23704c7779ab8f5c3048"
dependencies = [
"proc-macro2",
"quote",
"syn",
"wasm-bindgen-backend",
"wasm-bindgen-shared",
]
[[package]]
name = "wasm-bindgen-shared"
version = "0.2.81"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6a89911bd99e5f3659ec4acf9c4d93b0a90fe4a2a11f15328472058edc5261be"
[[package]]
name = "which"
version = "4.2.2"

1
src/tools/agent-ctl/Cargo.toml
View File

@ -8,6 +8,7 @@ name = "kata-agent-ctl"
version = "0.0.1"
authors = ["The Kata Containers community <kata-dev@lists.katacontainers.io>"]
edition = "2018"
license = "Apache-2.0"
[dependencies]
protocols = { path = "../../libs/protocols", features = ["with-serde"] }

2
src/tools/agent-ctl/README.md
View File

@ -220,7 +220,7 @@ $ sudo install -o root -g root -m 0755 ~/.cargo/bin/kata-agent-ctl /usr/local/bi
1. Start the agent, specifying a local socket for it to communicate on:
```sh
$ sudo KATA_AGENT_SERVER_ADDR=unix:///tmp/foo.socket target/x86_64-unknown-linux-musl/release/kata-agent
$ sudo KATA_AGENT_SERVER_ADDR=unix://@/tmp/foo.socket target/x86_64-unknown-linux-musl/release/kata-agent
```
> **Note:** This example assumes an Intel x86-64 system.

7
src/tools/trace-forwarder/Cargo.lock generated
View File

@ -92,14 +92,15 @@ checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd"
[[package]]
name = "chrono"
version = "0.4.19"
version = "0.4.20"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "670ad68c9088c2a963aaa298cb369688cf3f9465ce5e2d4ca10e6e0098a1ce73"
checksum = "6127248204b9aba09a362f6c930ef6a78f2c1b2215f8a7b398c06e1083f17af0"
dependencies = [
"libc",
"js-sys",
"num-integer",
"num-traits",
"time",
"wasm-bindgen",
"winapi",
]

1
src/tools/trace-forwarder/Cargo.toml
View File

@ -8,6 +8,7 @@ name = "kata-trace-forwarder"
version = "0.0.1"
authors = ["The Kata Containers community <kata-dev@lists.katacontainers.io>"]
edition = "2018"
license = "Apache-2.0"
[dependencies]
futures = "0.3.15"

2
tools/packaging/kata-deploy/action/test-kata.sh
View File

@ -75,7 +75,7 @@ function run_test() {
# our 'wait' for deployment status will fail to find the deployment at all
sleep 3
kubectl wait --timeout=5m --for=condition=Available deployment/${deployment}
kubectl wait --timeout=5m --for=condition=Available deployment/${deployment} || kubectl describe pods
kubectl expose deployment/${deployment}
# test pod connectivity:

4
versions.yaml
View File

@ -182,7 +182,7 @@ externals:
cni-plugins:
description: "CNI network plugins"
url: "https://github.com/containernetworking/plugins"
commit: "485be65581341430f9106a194a98f0f2412245fb"
version: "v1.1.1"
conmon:
description: "An OCI container runtime monitor"
@ -212,7 +212,7 @@ externals:
gperf:
description: "GNU gperf is a perfect hash function generator"
url: "https://ftp.gnu.org/gnu/gperf"
url: "https://ftpmirror.gnu.org/gnu/gperf"
version: "3.1"
kubernetes: