diff --git a/.github/cargo-deny-composite-action/cargo-deny-generator.sh b/.github/cargo-deny-composite-action/cargo-deny-generator.sh new file mode 100644 index 0000000000..3d9eba242c --- /dev/null +++ b/.github/cargo-deny-composite-action/cargo-deny-generator.sh @@ -0,0 +1,40 @@ +#!/bin/bash +# +# Copyright (c) 2022 Red Hat +# +# SPDX-License-Identifier: Apache-2.0 +# + +script_dir=$(dirname "$(readlink -f "$0")") +parent_dir=$(realpath "${script_dir}/../..") +cidir="${parent_dir}/ci" +source "${cidir}/lib.sh" + +cargo_deny_file="${script_dir}/action.yaml" + +cat cargo-deny-skeleton.yaml.in > "${cargo_deny_file}" + +changed_files_status=$(run_get_pr_changed_file_details) +changed_files_status=$(echo "$changed_files_status" | grep "Cargo\.toml$" || true) +changed_files=$(echo "$changed_files_status" | awk '{print $NF}' || true) + +if [ -z "$changed_files" ]; then + cat >> "${cargo_deny_file}" << EOF + - run: echo "No Cargo.toml files to check" + shell: bash +EOF +fi + +for path in $changed_files +do + cat >> "${cargo_deny_file}" << EOF + + - name: ${path} + continue-on-error: true + shell: bash + run: | + pushd $(dirname ${path}) + cargo deny check + popd +EOF +done diff --git a/.github/cargo-deny-composite-action/cargo-deny-skeleton.yaml.in b/.github/cargo-deny-composite-action/cargo-deny-skeleton.yaml.in new file mode 100644 index 0000000000..e48d1f6c86 --- /dev/null +++ b/.github/cargo-deny-composite-action/cargo-deny-skeleton.yaml.in @@ -0,0 +1,30 @@ +# +# Copyright (c) 2022 Red Hat +# +# SPDX-License-Identifier: Apache-2.0 +# + +name: 'Cargo Crates Check' +description: 'Checks every Cargo.toml file using cargo-deny' + +env: + CARGO_TERM_COLOR: always + +runs: + using: "composite" + steps: + - name: Install Rust + uses: actions-rs/toolchain@v1 + with: + profile: minimal + toolchain: nightly + override: true + + - name: Cache + uses: Swatinem/rust-cache@v2 + + - name: Install Cargo deny + shell: bash + run: | + which cargo + cargo install --locked cargo-deny || true diff --git a/.github/workflows/cargo-deny-runner.yaml b/.github/workflows/cargo-deny-runner.yaml new file mode 100644 index 0000000000..5d6dfeb6cf --- /dev/null +++ b/.github/workflows/cargo-deny-runner.yaml @@ -0,0 +1,19 @@ +name: Cargo Crates Check Runner +on: [pull_request] +jobs: + cargo-deny-runner: + runs-on: ubuntu-latest + + steps: + - name: Checkout Code + if: ${{ !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') }} + uses: actions/checkout@v3 + - name: Generate Action + if: ${{ !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') }} + run: bash cargo-deny-generator.sh + working-directory: ./.github/cargo-deny-composite-action/ + env: + GOPATH: ${{ runner.workspace }}/kata-containers + - name: Run Action + if: ${{ !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') }} + uses: ./.github/cargo-deny-composite-action diff --git a/VERSION b/VERSION index 6076f48d63..df7f8449cf 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -3.0.0-alpha0 +3.0.0-alpha1 diff --git a/ci/lib.sh b/ci/lib.sh index 3cb2c158f6..29b640a6ae 100644 --- a/ci/lib.sh +++ b/ci/lib.sh @@ -54,3 +54,13 @@ run_docs_url_alive_check() git fetch -a bash "$tests_repo_dir/.ci/static-checks.sh" --docs --all "github.com/kata-containers/kata-containers" } + +run_get_pr_changed_file_details() +{ + clone_tests_repo + # Make sure we have the targeting branch + git remote set-branches --add origin "${branch}" + git fetch -a + source "$tests_repo_dir/.ci/lib.sh" + get_pr_changed_file_details +} diff --git a/deny.toml b/deny.toml new file mode 100644 index 0000000000..7c97ec4c7e --- /dev/null +++ b/deny.toml @@ -0,0 +1,33 @@ +targets = [ + { triple = "x86_64-apple-darwin" }, + { triple = "x86_64-unknown-linux-gnu" }, + { triple = "x86_64-unknown-linux-musl" }, +] + +[advisories] +vulnerability = "deny" +unsound = "deny" +unmaintained = "deny" +ignore = ["RUSTSEC-2020-0071"] + +[bans] +multiple-versions = "allow" +deny = [ + { name = "cmake" }, + { name = "openssl-sys" }, +] + +[licenses] +unlicensed = "deny" +allow-osi-fsf-free = "neither" +copyleft = "allow" +# We want really high confidence when inferring licenses from text +confidence-threshold = 0.93 +allow = ["0BSD", "Apache-2.0", "BSD-2-Clause", "BSD-3-Clause", "CC0-1.0", "ISC", "MIT", "MPL-2.0"] +private = { ignore = true} + +exceptions = [] + +[sources] +unknown-registry = "allow" +unknown-git = "allow" diff --git a/docs/Developer-Guide.md b/docs/Developer-Guide.md index c1c2d62ab1..ed9bec4903 100644 --- a/docs/Developer-Guide.md +++ b/docs/Developer-Guide.md @@ -522,7 +522,7 @@ bash-4.2# exit exit ``` -`kata-runtime exec` has a command-line option `runtime-namespace`, which is used to specify under which [runtime namespace](https://github.com/containerd/containerd/blob/master/docs/namespaces.md) the particular pod was created. By default, it is set to `k8s.io` and works for containerd when configured +`kata-runtime exec` has a command-line option `runtime-namespace`, which is used to specify under which [runtime namespace](https://github.com/containerd/containerd/blob/main/docs/namespaces.md) the particular pod was created. By default, it is set to `k8s.io` and works for containerd when configured with Kubernetes. For CRI-O, the namespace should set to `default` explicitly. This should not be confused with [Kubernetes namespaces](https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/). For other CRI-runtimes and configurations, you may need to set the namespace utilizing the `runtime-namespace` option. diff --git a/docs/Unit-Test-Advice.md b/docs/Unit-Test-Advice.md index ea6caa031c..4bd4da5299 100644 --- a/docs/Unit-Test-Advice.md +++ b/docs/Unit-Test-Advice.md @@ -341,7 +341,7 @@ The main repository has the most comprehensive set of skip abilities. See: One method is to use the `nix` crate along with some custom macros: -``` +```rust #[cfg(test)] mod tests { #[allow(unused_macros)] diff --git a/src/agent/Cargo.lock b/src/agent/Cargo.lock index b1ff3cecf2..78f227570f 100644 --- a/src/agent/Cargo.lock +++ b/src/agent/Cargo.lock @@ -96,18 +96,18 @@ dependencies = [ [[package]] name = "aho-corasick" -version = "0.7.18" +version = "0.7.19" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1e37cfd5e7657ada45f742d6e99ca5788580b5c529dc78faf11ece6dc702656f" +checksum = "b4f55bd91a0978cbfd91c457a164bab8b4001c833b7f323132c0a4e1922dd44e" dependencies = [ "memchr", ] [[package]] name = "android_system_properties" -version = "0.1.4" +version = "0.1.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d7ed72e1635e121ca3e79420540282af22da58be50de153d36f81ddc6b83aa9e" +checksum = "819e7219dbd41043ac279b19830f2efc897156490d7fd6ea916720117ee66311" dependencies = [ "libc", ] @@ -123,9 +123,9 @@ dependencies = [ [[package]] name = "anyhow" -version = "1.0.62" +version = "1.0.64" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1485d4d2cc45e7b201ee3767015c96faa5904387c9d87c6efdd0fb511f12d305" +checksum = "b9a8f622bcf6ff3df478e9deba3e03e4e04b300f8e6a139e192c05fa3490afc7" [[package]] name = "arc-swap" @@ -323,9 +323,9 @@ dependencies = [ [[package]] name = "block-buffer" -version = "0.10.2" +version = "0.10.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0bf7fe51849ea569fd452f37822f606a5cabb684dc918707a0193fd4664ff324" +checksum = "69cce20737498f97b993470a6e536b8523f0af7892a4f928cceb1ac5e52ebe7e" dependencies = [ "generic-array", ] @@ -370,9 +370,9 @@ dependencies = [ [[package]] name = "bumpalo" -version = "3.10.0" +version = "3.11.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "37ccbd214614c6783386c1af30caf03192f17891059cecc394b4fb119e363de3" +checksum = "c1ad822118d20d2c234f427000d5acc36eabe1e29a348c89b63dd60b13f28e5d" [[package]] name = "byte-unit" @@ -533,9 +533,9 @@ dependencies = [ [[package]] name = "clap" -version = "3.2.17" +version = "3.2.20" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "29e724a68d9319343bb3328c9cc2dfde263f4b3142ee1059a9980580171c954b" +checksum = "23b71c3ce99b7611011217b366d923f1d0a7e07a92bb2dbf1e84508c673ca3bd" dependencies = [ "atty", "bitflags", @@ -550,9 +550,9 @@ dependencies = [ [[package]] name = "clap_derive" -version = "3.2.17" +version = "3.2.18" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "13547f7012c01ab4a0e8f8967730ada8f9fdf419e8b6c792788f39cf4e46eefa" +checksum = "ea0c8bce528c4be4da13ea6fead8965e95b6073585a2f05204bd8f4119f82a65" dependencies = [ "heck 0.4.0", "proc-macro-error", @@ -610,9 +610,9 @@ checksum = "5827cebf4670468b8772dd191856768aedcb1b0278a04f989f7766351917b9dc" [[package]] name = "cpufeatures" -version = "0.2.2" +version = "0.2.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "59a6001667ab124aebae2a495118e11d30984c3a653e99d86d58971708cf5e4b" +checksum = "28d997bd5e24a5928dd43e46dc529867e207907fe0b239c3477d924f7f2ca320" dependencies = [ "libc", ] @@ -876,7 +876,7 @@ version = "0.10.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f2fb860ca6fafa5552fb6d0e816a69c8e49f0908bf524e30a90d97c85892d506" dependencies = [ - "block-buffer 0.10.2", + "block-buffer 0.10.3", "crypto-common", "subtle", ] @@ -957,9 +957,9 @@ dependencies = [ [[package]] name = "either" -version = "1.7.0" +version = "1.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3f107b87b6afc2a64fd13cac55fe06d6c8859f12d4b14cbcdd2c67d0976781be" +checksum = "90e5c1c8368803113bf0c9584fc495a58b86dc8a29edbf8fe877d21d9507e797" [[package]] name = "elliptic-curve" @@ -1099,9 +1099,9 @@ checksum = "fed34cd105917e91daa4da6b3728c47b068749d6a62c59811f06ed2ac71d9da7" [[package]] name = "futures" -version = "0.3.23" +version = "0.3.24" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ab30e97ab6aacfe635fad58f22c2bb06c8b685f7421eb1e064a729e2a5f481fa" +checksum = "7f21eda599937fba36daeb58a22e8f5cee2d14c4a17b5b7739c7c8e5e3b8230c" dependencies = [ "futures-channel", "futures-core", @@ -1114,9 +1114,9 @@ dependencies = [ [[package]] name = "futures-channel" -version = "0.3.23" +version = "0.3.24" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2bfc52cbddcfd745bf1740338492bb0bd83d76c67b445f91c5fb29fae29ecaa1" +checksum = "30bdd20c28fadd505d0fd6712cdfcb0d4b5648baf45faef7f852afb2399bb050" dependencies = [ "futures-core", "futures-sink", @@ -1124,15 +1124,15 @@ dependencies = [ [[package]] name = "futures-core" -version = "0.3.23" +version = "0.3.24" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d2acedae88d38235936c3922476b10fced7b2b68136f5e3c03c2d5be348a1115" +checksum = "4e5aa3de05362c3fb88de6531e6296e85cde7739cccad4b9dfeeb7f6ebce56bf" [[package]] name = "futures-executor" -version = "0.3.23" +version = "0.3.24" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1d11aa21b5b587a64682c0094c2bdd4df0076c5324961a40cc3abd7f37930528" +checksum = "9ff63c23854bee61b6e9cd331d523909f238fc7636290b96826e9cfa5faa00ab" dependencies = [ "futures-core", "futures-task", @@ -1141,15 +1141,15 @@ dependencies = [ [[package]] name = "futures-io" -version = "0.3.23" +version = "0.3.24" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "93a66fc6d035a26a3ae255a6d2bca35eda63ae4c5512bef54449113f7a1228e5" +checksum = "bbf4d2a7a308fd4578637c0b17c7e1c7ba127b8f6ba00b29f717e9655d85eb68" [[package]] name = "futures-macro" -version = "0.3.23" +version = "0.3.24" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0db9cce532b0eae2ccf2766ab246f114b56b9cf6d445e00c2549fbc100ca045d" +checksum = "42cd15d1c7456c04dbdf7e88bcd69760d74f3a798d6444e16974b505b0e62f17" dependencies = [ "proc-macro2", "quote", @@ -1158,21 +1158,21 @@ dependencies = [ [[package]] name = "futures-sink" -version = "0.3.23" +version = "0.3.24" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ca0bae1fe9752cf7fd9b0064c674ae63f97b37bc714d745cbde0afb7ec4e6765" +checksum = "21b20ba5a92e727ba30e72834706623d94ac93a725410b6a6b6fbc1b07f7ba56" [[package]] name = "futures-task" -version = "0.3.23" +version = "0.3.24" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "842fc63b931f4056a24d59de13fb1272134ce261816e063e634ad0c15cdc5306" +checksum = "a6508c467c73851293f390476d4491cf4d227dbabcd4170f3bb6044959b294f1" [[package]] name = "futures-util" -version = "0.3.23" +version = "0.3.24" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f0828a5471e340229c11c77ca80017937ce3c58cb788a17e5f1c2d5c485a9577" +checksum = "44fb6cb1be61cc1d2e43b262516aafcf63b241cffdb1d3fa115f91d9c7b09c90" dependencies = [ "futures-channel", "futures-core", @@ -1378,9 +1378,9 @@ checksum = "0bfe8eed0a9285ef776bb792479ea3834e8b94e13d615c2f66d03dd50a435a29" [[package]] name = "httparse" -version = "1.7.1" +version = "1.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "496ce29bb5a52785b44e0f7ca2847ae0bb839c9bd28f69acac9b99d461c0c04c" +checksum = "d897f394bad6a705d5f4104762e116a75639e470d80901eed05a860a95cb1904" [[package]] name = "httpdate" @@ -1455,13 +1455,14 @@ dependencies = [ [[package]] name = "iana-time-zone" -version = "0.1.45" +version = "0.1.47" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ef5528d9c2817db4e10cc78f8d4c8228906e5854f389ff6b076cee3572a09d35" +checksum = "4c495f162af0bf17656d0014a0eded5f3cd2f365fdd204548c2869db89359dc7" dependencies = [ "android_system_properties", "core-foundation-sys", "js-sys", + "once_cell", "wasm-bindgen", "winapi", ] @@ -1521,7 +1522,7 @@ dependencies = [ "prost 0.8.0", "serde", "serde_json", - "sha2 0.10.2", + "sha2 0.10.5", "shadow-rs", "signature 0.1.0", "strum", @@ -1645,7 +1646,7 @@ dependencies = [ "serde", "serde_json", "thiserror", - "time 0.3.13", + "time 0.3.14", ] [[package]] @@ -1691,8 +1692,8 @@ dependencies = [ "libc", "log", "logging", - "netlink-packet-utils 0.4.1", - "netlink-sys 0.7.0", + "netlink-packet-utils", + "netlink-sys", "nix 0.24.2", "oci", "openssl", @@ -1872,9 +1873,9 @@ checksum = "0717cef1bc8b636c6e1c1bbdefc09e6322da8a9321966e8928ef80d20f7f770f" [[package]] name = "lock_api" -version = "0.4.7" +version = "0.4.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "327fa5b6a6940e4699ec49a9beae1ea4845c6bab9314e4f84ac68742139d8c53" +checksum = "9f80bf5aacaf25cbfc8210d1cfb718f2bf3b11c4c54e5afe36c236853a8ec390" dependencies = [ "autocfg 1.1.0", "scopeguard", @@ -1961,9 +1962,9 @@ checksum = "2a60c7ce501c71e03a9c9c0d35b861413ae925bd979cc7a4e30d060069aaac8d" [[package]] name = "miniz_oxide" -version = "0.5.3" +version = "0.5.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6f5c75688da582b8ffc1f1799e9db273f32133c49e048f614d22ec3256773ccc" +checksum = "96590ba8f175222643a85693f33d26e9c8a015f599c216509b1a6894af675d34" dependencies = [ "adler", ] @@ -2006,28 +2007,28 @@ dependencies = [ [[package]] name = "netlink-packet-core" -version = "0.4.2" +version = "0.2.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "345b8ab5bd4e71a2986663e88c56856699d060e78e152e6e9d7966fcd5491297" +checksum = "ac48279d5062bdf175bdbcb6b58ff1d6b0ecd54b951f7a0ff4bc0550fe903ccb" dependencies = [ "anyhow", "byteorder", "libc", - "netlink-packet-utils 0.5.1", + "netlink-packet-utils", ] [[package]] name = "netlink-packet-route" -version = "0.13.0" +version = "0.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f5dee5ed749373c298237fe694eb0a51887f4cc1a27370c8464bac4382348f1a" +checksum = "76aed5d3b6e3929713bf1e1334a11fd65180b6d9f5d7c8572664c48b122604f8" dependencies = [ "anyhow", "bitflags", "byteorder", "libc", "netlink-packet-core", - "netlink-packet-utils 0.5.1", + "netlink-packet-utils", ] [[package]] @@ -2042,31 +2043,19 @@ dependencies = [ "thiserror", ] -[[package]] -name = "netlink-packet-utils" -version = "0.5.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "25af9cf0dc55498b7bd94a1508af7a78706aa0ab715a73c5169273e03c84845e" -dependencies = [ - "anyhow", - "byteorder", - "paste", - "thiserror", -] - [[package]] name = "netlink-proto" -version = "0.10.0" +version = "0.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "65b4b14489ab424703c092062176d52ba55485a89c076b4f9db05092b7223aa6" +checksum = "ddd06e90449ae973fe3888c1ff85949604ef5189b4ac9a2ae39518da1e00762d" dependencies = [ "bytes 1.1.0", "futures", "log", "netlink-packet-core", - "netlink-sys 0.8.3", - "thiserror", + "netlink-sys", "tokio", + "tokio-util 0.6.10", ] [[package]] @@ -2081,25 +2070,25 @@ dependencies = [ "tokio", ] -[[package]] -name = "netlink-sys" -version = "0.8.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "92b654097027250401127914afb37cb1f311df6610a9891ff07a757e94199027" -dependencies = [ - "bytes 1.1.0", - "futures", - "libc", - "log", - "tokio", -] - [[package]] name = "new_debug_unreachable" version = "1.0.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e4a24736216ec316047a1fc4252e27dabb04218aa4a3f37c6e7ddbf1f9782b54" +[[package]] +name = "nix" +version = "0.22.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e4916f159ed8e5de0082076562152a76b7a1f64a01fd9d1e0fea002c37624faf" +dependencies = [ + "bitflags", + "cc", + "cfg-if 1.0.0", + "libc", + "memoffset", +] + [[package]] name = "nix" version = "0.23.1" @@ -2248,8 +2237,8 @@ dependencies = [ [[package]] name = "oci-spec" -version = "0.5.7" -source = "git+https://github.com/containers/oci-spec-rs#407ef2863c893ad80b154c784f2a6547f12333a7" +version = "0.5.8" +source = "git+https://github.com/containers/oci-spec-rs#61d684933ad06649daadebd6101bef08b586d792" dependencies = [ "derive_builder", "getset", @@ -2278,7 +2267,7 @@ dependencies = [ "rand 0.8.5", "serde", "serde_json", - "sha2 0.10.2", + "sha2 0.10.5", "tokio", "tonic 0.8.0", "tonic-build 0.8.0", @@ -2297,9 +2286,9 @@ dependencies = [ [[package]] name = "once_cell" -version = "1.13.1" +version = "1.14.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "074864da206b4973b84eb91683020dbefd6a8c3f0f38e054d93954e891935e4e" +checksum = "2f7254b99e31cad77da24b08ebf628882739a608578bb1bcdfc1f9c21260d7c0" [[package]] name = "opaque-debug" @@ -2449,9 +2438,9 @@ dependencies = [ [[package]] name = "paste" -version = "1.0.8" +version = "1.0.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9423e2b32f7a043629287a536f21951e8c6a82482d0acb1eeebfc90bc2225b22" +checksum = "b1de2e551fb905ac83f73f7aedf2f0cb4a0da7e35efa24a202a936269f1f18e1" [[package]] name = "path-absolutize" @@ -2598,9 +2587,9 @@ checksum = "925383efa346730478fb4838dbe9137d2a47675ad789c546d150a6e1dd4ab31c" [[package]] name = "prettyplease" -version = "0.1.18" +version = "0.1.19" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "697ae720ee02011f439e0701db107ffe2916d83f718342d65d7f8bf7b8a5fee9" +checksum = "a49e86d2c26a24059894a3afa13fd17d063419b05dfb83f06d9c3566060c3f5a" dependencies = [ "proc-macro2", "syn", @@ -3062,15 +3051,15 @@ dependencies = [ [[package]] name = "rtnetlink" -version = "0.11.0" +version = "0.8.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "46f1cfa18f8cebe685373a2697915d7e0db3b4554918bba118385e0f71f258a7" +checksum = "7c9a6200d18ec1acfc218ce71363dcc9b6075f399220f903fdfeacd476a876ef" dependencies = [ "futures", "log", "netlink-packet-route", "netlink-proto", - "nix 0.24.2", + "nix 0.22.3", "thiserror", "tokio", ] @@ -3149,9 +3138,9 @@ checksum = "d29ab0c6d3fc0ee92fe66e2d99f700eab17a8d57d1c1d3b748380fb20baa78cd" [[package]] name = "security-framework" -version = "2.6.1" +version = "2.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2dc14f172faf8a0194a3aded622712b0de276821addc574fa54fc0a1167e10dc" +checksum = "2bc1bb97804af6631813c55739f771071e0f2ed33ee20b68c86ec505d906356c" dependencies = [ "bitflags", "core-foundation", @@ -3224,18 +3213,18 @@ dependencies = [ [[package]] name = "serde" -version = "1.0.143" +version = "1.0.144" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "53e8e5d5b70924f74ff5c6d64d9a5acd91422117c60f48c4e07855238a254553" +checksum = "0f747710de3dcd43b88c9168773254e809d8ddbdf9653b84e2554ab219f17860" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.143" +version = "1.0.144" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d3d8e8de557aee63c26b85b947f5e59b690d0454c753f3adeb5cd7835ab88391" +checksum = "94ed3a816fb1d101812f83e789f888322c34e291f894f19590dc310963e87a00" dependencies = [ "proc-macro2", "quote", @@ -3244,9 +3233,9 @@ dependencies = [ [[package]] name = "serde_json" -version = "1.0.83" +version = "1.0.85" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "38dd04e3c8279e75b31ef29dbdceebfe5ad89f4d0937213c53f7d49d01b3d5a7" +checksum = "e55a28e3aaef9d5ce0506d0a14dbba8054ddc7e499ef522dd8b26859ec9d4a44" dependencies = [ "indexmap", "itoa", @@ -3315,9 +3304,9 @@ dependencies = [ [[package]] name = "sha1collisiondetection" -version = "0.2.5" +version = "0.2.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f31bf4e9fe5cd8cea8e0887e2e4eb1b4d736ff11b776c8537bf0912a4b381285" +checksum = "c66558a774ef5044cb4a834db5f5c7f95e139d2341d7f502fe6034afa7082461" dependencies = [ "digest 0.9.0", "generic-array", @@ -3338,9 +3327,9 @@ dependencies = [ [[package]] name = "sha2" -version = "0.10.2" +version = "0.10.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "55deaec60f81eefe3cce0dc50bda92d6d8e88f2a27df7c5033b42afeb1ed2676" +checksum = "cf9db03534dff993187064c4e0c05a5708d2a9728ace9a8959b77bedf415dac5" dependencies = [ "cfg-if 1.0.0", "cpufeatures", @@ -3461,7 +3450,7 @@ dependencies = [ "serde", "serde_json", "slog", - "time 0.3.13", + "time 0.3.14", ] [[package]] @@ -3494,9 +3483,9 @@ checksum = "2fd0db749597d91ff862fd1d55ea87f7855a744a8425a64695b6fca237d1dad1" [[package]] name = "socket2" -version = "0.4.4" +version = "0.4.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "66d72b759436ae32898a2af0a14218dbf55efde3feeb170eb623637db85ee1e0" +checksum = "02e2d2db9033d13a1567121ddd7a095ee144db4e1ca1b1bda3419bc0da294ebd" dependencies = [ "libc", "winapi", @@ -3690,18 +3679,18 @@ checksum = "b1141d4d61095b28419e22cb0bbf02755f5e54e0526f97f1e3d1d160e60885fb" [[package]] name = "thiserror" -version = "1.0.32" +version = "1.0.34" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f5f6586b7f764adc0231f4c79be7b920e766bb2f3e51b3661cdb263828f19994" +checksum = "8c1b05ca9d106ba7d2e31a9dab4a64e7be2cce415321966ea3132c49a656e252" dependencies = [ "thiserror-impl", ] [[package]] name = "thiserror-impl" -version = "1.0.32" +version = "1.0.34" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "12bafc5b54507e0149cdf1b145a5d80ab80a90bcd9275df43d4fff68460f6c21" +checksum = "e8f2591983642de85c921015f3f070c665a197ed69e417af436115e3a1407487" dependencies = [ "proc-macro2", "quote", @@ -3730,9 +3719,9 @@ dependencies = [ [[package]] name = "time" -version = "0.3.13" +version = "0.3.14" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "db76ff9fa4b1458b3c7f077f3ff9887394058460d21e634355b273aaf11eea45" +checksum = "3c3f9a28b618c3a6b9251b6908e9c99e04b9e5c02e6581ccbb67d59c34ef7f9b" dependencies = [ "itoa", "libc", @@ -3856,9 +3845,9 @@ dependencies = [ [[package]] name = "tokio-vsock" -version = "0.3.2" +version = "0.3.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5523f441d845b676d78b71dc76cf3772ee80b9f55372ccbde59e930264445466" +checksum = "3d2ad075b54bbb450ae2e3770211d7954362a488fcd386085c9fbb6d787ade8b" dependencies = [ "bytes 0.4.12", "futures", @@ -4425,13 +4414,13 @@ dependencies = [ [[package]] name = "which" -version = "4.2.5" +version = "4.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5c4fb54e6113b6a8772ee41c3404fb0301ac79604489467e0a9ce1f3e97c24ae" +checksum = "1c831fbbee9e129a8cf93e7747a82da9d95ba8e16621cae60ec2cdc849bacb7b" dependencies = [ "either", - "lazy_static", "libc", + "once_cell", ] [[package]] diff --git a/src/agent/Cargo.toml b/src/agent/Cargo.toml index 5471e14970..a97dd8846b 100644 --- a/src/agent/Cargo.toml +++ b/src/agent/Cargo.toml @@ -3,6 +3,7 @@ name = "kata-agent" version = "0.1.0" authors = ["The Kata Containers community "] edition = "2018" +license = "Apache-2.0" [dependencies] oci = { path = "../libs/oci" } @@ -35,7 +36,7 @@ tokio = { version = "1.14.0", features = ["full"] } tokio-vsock = "0.3.1" netlink-sys = { version = "0.7.0", features = ["tokio_socket",]} -rtnetlink = "0.11.0" +rtnetlink = "0.8.0" netlink-packet-utils = "0.4.1" ipnetwork = "0.17.0" diff --git a/src/agent/rustjail/Cargo.toml b/src/agent/rustjail/Cargo.toml index 9daad2e666..b8cdb90299 100644 --- a/src/agent/rustjail/Cargo.toml +++ b/src/agent/rustjail/Cargo.toml @@ -3,6 +3,7 @@ name = "rustjail" version = "0.1.0" authors = ["The Kata Containers community "] edition = "2018" +license = "Apache-2.0" [dependencies] serde = "1.0.91" diff --git a/src/agent/src/netlink.rs b/src/agent/src/netlink.rs index 4c14ff6d07..4d6a26e140 100644 --- a/src/agent/src/netlink.rs +++ b/src/agent/src/netlink.rs @@ -4,7 +4,7 @@ // use anyhow::{anyhow, Context, Result}; -use futures::{future, TryStreamExt}; +use futures::{future, StreamExt, TryStreamExt}; use ipnetwork::{IpNetwork, Ipv4Network, Ipv6Network}; use nix::errno::Errno; use protobuf::RepeatedField; @@ -164,7 +164,7 @@ impl Handle { let request = self.handle.link().get(); let filtered = match filter { - LinkFilter::Name(name) => request.match_name(name.to_owned()), + LinkFilter::Name(name) => request.set_name_filter(name.to_owned()), LinkFilter::Index(index) => request.match_index(index), _ => request, // Post filters }; @@ -516,6 +516,7 @@ impl Handle { } /// Adds an ARP neighbor. + /// TODO: `rtnetlink` has no neighbours API, remove this after https://github.com/little-dude/netlink/pull/135 async fn add_arp_neighbor(&mut self, neigh: &ARPNeighbor) -> Result<()> { let ip_address = neigh .toIPAddress @@ -527,13 +528,58 @@ impl Handle { let ip = IpAddr::from_str(ip_address) .map_err(|e| anyhow!("Failed to parse IP {}: {:?}", ip_address, e))?; + // Import rtnetlink objects that make sense only for this function + use packet::constants::{NDA_UNSPEC, NLM_F_ACK, NLM_F_CREATE, NLM_F_EXCL, NLM_F_REQUEST}; + use packet::neighbour::{NeighbourHeader, NeighbourMessage}; + use packet::nlas::neighbour::Nla; + use packet::{NetlinkMessage, NetlinkPayload, RtnlMessage}; + use rtnetlink::Error; + + const IFA_F_PERMANENT: u16 = 0x80; // See https://github.com/little-dude/netlink/blob/0185b2952505e271805902bf175fee6ea86c42b8/netlink-packet-route/src/rtnl/constants.rs#L770 + let link = self.find_link(LinkFilter::Name(&neigh.device)).await?; - self.handle - .neighbours() - .add(link.index(), ip) - .execute() - .await?; + let message = NeighbourMessage { + header: NeighbourHeader { + family: match ip { + IpAddr::V4(_) => packet::AF_INET, + IpAddr::V6(_) => packet::AF_INET6, + } as u8, + ifindex: link.index(), + state: if neigh.state != 0 { + neigh.state as u16 + } else { + IFA_F_PERMANENT + }, + flags: neigh.flags as u8, + ntype: NDA_UNSPEC as u8, + }, + nlas: { + let mut nlas = vec![Nla::Destination(match ip { + IpAddr::V4(v4) => v4.octets().to_vec(), + IpAddr::V6(v6) => v6.octets().to_vec(), + })]; + + if !neigh.lladdr.is_empty() { + nlas.push(Nla::LinkLocalAddress( + parse_mac_address(&neigh.lladdr)?.to_vec(), + )); + } + + nlas + }, + }; + + // Send request and ACK + let mut req = NetlinkMessage::from(RtnlMessage::NewNeighbour(message)); + req.header.flags = NLM_F_REQUEST | NLM_F_ACK | NLM_F_EXCL | NLM_F_CREATE; + + let mut response = self.handle.request(req)?; + while let Some(message) = response.next().await { + if let NetlinkPayload::Error(err) = message.payload { + return Err(anyhow!(Error::NetlinkError(err))); + } + } Ok(()) } @@ -909,7 +955,7 @@ mod tests { .expect("prepare: failed to delete neigh"); } - fn prepare_env_for_test_add_one_arp_neighbor(dummy_name: &str, ip: &str, mac: &str) { + fn prepare_env_for_test_add_one_arp_neighbor(dummy_name: &str, ip: &str) { clean_env_for_test_add_one_arp_neighbor(dummy_name, ip); // modprobe dummy Command::new("modprobe") @@ -923,12 +969,6 @@ mod tests { .output() .expect("failed to add dummy interface"); - // ip link set dummy address 6a:92:3a:59:70:aa - Command::new("ip") - .args(&["link", "set", dummy_name, "address", mac]) - .output() - .expect("failed to add dummy interface"); - // ip addr add 192.168.0.2/16 dev dummy Command::new("ip") .args(&["addr", "add", "192.168.0.2/16", "dev", dummy_name]) @@ -950,7 +990,7 @@ mod tests { let to_ip = "169.254.1.1"; let dummy_name = "dummy_for_arp"; - prepare_env_for_test_add_one_arp_neighbor(dummy_name, to_ip, mac); + prepare_env_for_test_add_one_arp_neighbor(dummy_name, to_ip); let mut ip_address = IPAddress::new(); ip_address.set_address(to_ip.to_string()); diff --git a/src/agent/vsock-exporter/Cargo.toml b/src/agent/vsock-exporter/Cargo.toml index f9f63b5c4b..0cdf0b91d2 100644 --- a/src/agent/vsock-exporter/Cargo.toml +++ b/src/agent/vsock-exporter/Cargo.toml @@ -3,6 +3,7 @@ name = "vsock-exporter" version = "0.1.0" authors = ["James O. D. Hunt "] edition = "2018" +license = "Apache-2.0" # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html diff --git a/src/libs/Cargo.lock b/src/libs/Cargo.lock index 043c38acb3..3822058e59 100644 --- a/src/libs/Cargo.lock +++ b/src/libs/Cargo.lock @@ -46,6 +46,12 @@ version = "1.2.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "cf1de2fe8c75bc145a2f577add951f8134889b4795d47466a54a5c846d691693" +[[package]] +name = "bumpalo" +version = "3.11.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c1ad822118d20d2c234f427000d5acc36eabe1e29a348c89b63dd60b13f28e5d" + [[package]] name = "byte-unit" version = "3.1.4" @@ -100,14 +106,15 @@ dependencies = [ [[package]] name = "chrono" -version = "0.4.19" +version = "0.4.20" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "670ad68c9088c2a963aaa298cb369688cf3f9465ce5e2d4ca10e6e0098a1ce73" +checksum = "6127248204b9aba09a362f6c930ef6a78f2c1b2215f8a7b398c06e1083f17af0" dependencies = [ - "libc", + "js-sys", "num-integer", "num-traits", "time", + "wasm-bindgen", "winapi", ] @@ -119,9 +126,9 @@ checksum = "2382f75942f4b3be3690fe4f86365e9c853c1587d6ee58212cebf6e2a9ccd101" [[package]] name = "crossbeam-channel" -version = "0.5.2" +version = "0.5.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e54ea8bc3fb1ee042f5aace6e3c6e025d3874866da222930f70ce62aceba0bfa" +checksum = "c2dd04ddaf88237dc3b8d8f9a3c1004b506b54b3313403944054d23c0870c521" dependencies = [ "cfg-if", "crossbeam-utils", @@ -364,6 +371,15 @@ version = "1.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1aab8fc367588b89dcee83ab0fd66b72b50b72fa1904d7095045ace2b0c81c35" +[[package]] +name = "js-sys" +version = "0.3.58" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c3fac17f7123a73ca62df411b1bf727ccc805daa070338fda671c86dac1bdc27" +dependencies = [ + "wasm-bindgen", +] + [[package]] name = "kata-sys-util" version = "0.1.0" @@ -1203,6 +1219,60 @@ version = "0.11.0+wasi-snapshot-preview1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" +[[package]] +name = "wasm-bindgen" +version = "0.2.81" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7c53b543413a17a202f4be280a7e5c62a1c69345f5de525ee64f8cfdbc954994" +dependencies = [ + "cfg-if", + "wasm-bindgen-macro", +] + +[[package]] +name = "wasm-bindgen-backend" +version = "0.2.81" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5491a68ab4500fa6b4d726bd67408630c3dbe9c4fe7bda16d5c82a1fd8c7340a" +dependencies = [ + "bumpalo", + "lazy_static", + "log", + "proc-macro2", + "quote", + "syn", + "wasm-bindgen-shared", +] + +[[package]] +name = "wasm-bindgen-macro" +version = "0.2.81" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c441e177922bc58f1e12c022624b6216378e5febc2f0533e41ba443d505b80aa" +dependencies = [ + "quote", + "wasm-bindgen-macro-support", +] + +[[package]] +name = "wasm-bindgen-macro-support" +version = "0.2.81" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7d94ac45fcf608c1f45ef53e748d35660f168490c10b23704c7779ab8f5c3048" +dependencies = [ + "proc-macro2", + "quote", + "syn", + "wasm-bindgen-backend", + "wasm-bindgen-shared", +] + +[[package]] +name = "wasm-bindgen-shared" +version = "0.2.81" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6a89911bd99e5f3659ec4acf9c4d93b0a90fe4a2a11f15328472058edc5261be" + [[package]] name = "which" version = "4.2.5" diff --git a/src/libs/Cargo.toml b/src/libs/Cargo.toml index b173ae7b77..62372e816a 100644 --- a/src/libs/Cargo.toml +++ b/src/libs/Cargo.toml @@ -1,11 +1,11 @@ [workspace] members = [ - "logging", - "kata-types", "kata-sys-util", - "safe-path", - "protocols", + "kata-types", + "logging", "oci", + "protocols", + "safe-path", "test-utils", ] resolver = "2" diff --git a/src/libs/kata-types/src/annotations/cri_containerd.rs b/src/libs/kata-types/src/annotations/cri_containerd.rs index db6462a8c8..8b2d63fafd 100644 --- a/src/libs/kata-types/src/annotations/cri_containerd.rs +++ b/src/libs/kata-types/src/annotations/cri_containerd.rs @@ -11,3 +11,14 @@ pub const SANDBOX: &str = "sandbox"; pub const CONTAINER: &str = "container"; pub const SANDBOX_ID_LABEL_KEY: &str = "io.kubernetes.cri.sandbox-id"; + +// Ref: https://pkg.go.dev/github.com/containerd/containerd@v1.6.7/pkg/cri/annotations +// SandboxCPU annotations are based on the initial CPU configuration for the sandbox. This is calculated as the +// sum of container CPU resources, optionally provided by Kubelet (introduced in 1.23) as part of the PodSandboxConfig +pub const SANDBOX_CPU_QUOTA_KEY: &str = "io.kubernetes.cri.sandbox-cpu-quota"; +pub const SANDBOX_CPU_PERIOD_KEY: &str = "io.kubernetes.cri.sandbox-cpu-period"; +pub const SANDBOX_CPU_SHARE_KEY: &str = "io.kubernetes.cri.sandbox-cpu-shares"; + +// SandboxMemory is the initial amount of memory associated with this sandbox. This is calculated as the sum +// of container memory, optionally provided by Kubelet (introduced in 1.23) as part of the PodSandboxConfig +pub const SANDBOX_MEM_KEY: &str = "io.kubernetes.cri.sandbox-memory"; diff --git a/src/libs/kata-types/src/annotations/mod.rs b/src/libs/kata-types/src/annotations/mod.rs index 0a517e2216..c769fa411b 100644 --- a/src/libs/kata-types/src/annotations/mod.rs +++ b/src/libs/kata-types/src/annotations/mod.rs @@ -12,10 +12,16 @@ use std::u32; use serde::Deserialize; +use crate::config::default::DEFAULT_AGENT_TYPE_NAME; +use crate::config::default::DEFAULT_HYPERVISOR; +use crate::config::default::DEFAULT_RUNTIME_NAME; use crate::config::hypervisor::get_hypervisor_plugin; + use crate::config::TomlConfig; use crate::sl; +use self::cri_containerd::{SANDBOX_CPU_PERIOD_KEY, SANDBOX_CPU_QUOTA_KEY, SANDBOX_MEM_KEY}; + /// CRI-containerd specific annotations. pub mod cri_containerd; @@ -175,7 +181,7 @@ pub const KATA_ANNO_CFG_HYPERVISOR_FIRMWARE_HASH: &str = /// A sandbox annotation to specify cpu specific features. pub const KATA_ANNO_CFG_HYPERVISOR_CPU_FEATURES: &str = "io.katacontainers.config.hypervisor.cpu_features"; -/// A sandbox annotation for passing the default vcpus assigned for a VM by the hypervisor. +/// A sandbox annotation for passing the default vCPUs assigned for a VM by the hypervisor. pub const KATA_ANNO_CFG_HYPERVISOR_DEFAULT_VCPUS: &str = "io.katacontainers.config.hypervisor.default_vcpus"; /// A sandbox annotation that specifies the maximum number of vCPUs allocated for the VM by the hypervisor. @@ -196,7 +202,7 @@ pub const KATA_ANNO_CFG_HYPERVISOR_IOMMU: &str = "io.katacontainers.config.hyper pub const KATA_ANNO_CFG_HYPERVISOR_IOMMU_PLATFORM: &str = "io.katacontainers.config.hypervisor.enable_iommu_platform"; -// Hypervisor Machine related annotations +// Hypervisor Machine related annotations /// A sandbox annotation to specify the type of machine being emulated by the hypervisor. pub const KATA_ANNO_CFG_HYPERVISOR_MACHINE_TYPE: &str = "io.katacontainers.config.hypervisor.machine_type"; @@ -254,7 +260,7 @@ pub const KATA_ANNO_CFG_HYPERVISOR_ENABLE_ROOTLESS_HYPERVISOR: &str = "io.katacontainers.config.hypervisor.rootless"; // Hypervisor Shared File System related annotations -/// A sandbox annotation to specify the shared file system type, either virtio-9p or virtio-fs. +/// A sandbox annotation to specify the shared file system type, either inline-virtio-fs (default), virtio-9p, virtio-fs or virtio-fs-nydus. pub const KATA_ANNO_CFG_HYPERVISOR_SHARED_FS: &str = "io.katacontainers.config.hypervisor.shared_fs"; /// A sandbox annotations to specify virtio-fs vhost-user daemon path. @@ -376,6 +382,28 @@ impl Annotation { self.get(CONTAINER_TYPE_KEY) } + /// Get the annotation of cpu quota for sandbox + pub fn get_sandbox_cpu_quota(&self) -> u64 { + let value = self + .get_value::(SANDBOX_CPU_QUOTA_KEY) + .unwrap_or(Some(0)); + value.unwrap_or(0) + } + + /// Get the annotation of cpu period for sandbox + pub fn get_sandbox_cpu_period(&self) -> i64 { + let value = self + .get_value::(SANDBOX_CPU_PERIOD_KEY) + .unwrap_or(Some(0)); + value.unwrap_or(0) + } + + /// Get the annotation of memory for sandbox + pub fn get_sandbox_mem(&self) -> i64 { + let value = self.get_value::(SANDBOX_MEM_KEY).unwrap_or(Some(0)); + value.unwrap_or(0) + } + /// Get the annotation to specify the Resources.Memory.Swappiness. pub fn get_container_resource_swappiness(&self) -> Result> { match self.get_value::(KATA_ANNO_CONTAINER_RES_SWAPPINESS) { @@ -415,6 +443,18 @@ impl Annotation { config.runtime.agent_name = ag.to_string(); } } + + // set default values for runtime.name, runtime.hypervisor_name and runtime.agent + if config.runtime.name.is_empty() { + config.runtime.name = DEFAULT_RUNTIME_NAME.to_string() + } + if config.runtime.hypervisor_name.is_empty() { + config.runtime.hypervisor_name = DEFAULT_HYPERVISOR.to_string() + } + if config.runtime.agent_name.is_empty() { + config.runtime.agent_name = DEFAULT_AGENT_TYPE_NAME.to_string() + } + let hypervisor_name = &config.runtime.hypervisor_name; let agent_name = &config.runtime.agent_name; @@ -428,7 +468,7 @@ impl Annotation { if hv.security_info.is_annotation_enabled(key) { match key.as_str() { // update hypervisor config - // Hypervisor related annotations + // Hypervisor related annotations KATA_ANNO_CFG_HYPERVISOR_PATH => { hv.validate_hypervisor_path(value)?; hv.path = value.to_string(); @@ -451,7 +491,7 @@ impl Annotation { return Err(bool_err); } }, - // Hypervisor Block Device related annotations + // Hypervisor Block Device related annotations KATA_ANNO_CFG_HYPERVISOR_BLOCK_DEV_DRIVER => { hv.blockdev_info.block_device_driver = value.to_string(); } @@ -547,7 +587,7 @@ impl Annotation { hv.boot_info.validate_boot_path(value)?; hv.boot_info.firmware = value.to_string(); } - // Hypervisor CPU related annotations + // Hypervisor CPU related annotations KATA_ANNO_CFG_HYPERVISOR_CPU_FEATURES => { hv.cpu_info.cpu_features = value.to_string(); } @@ -587,7 +627,7 @@ impl Annotation { } } } - // Hypervisor Device related annotations + // Hypervisor Device related annotations KATA_ANNO_CFG_HYPERVISOR_HOTPLUG_VFIO_ON_ROOT_BUS => { match self.get_value::(key) { Ok(r) => { @@ -622,7 +662,7 @@ impl Annotation { return Err(bool_err); } }, - // Hypervisor Machine related annotations + // Hypervisor Machine related annotations KATA_ANNO_CFG_HYPERVISOR_MACHINE_TYPE => { hv.machine_info.machine_type = value.to_string(); } @@ -633,7 +673,7 @@ impl Annotation { hv.machine_info.validate_entropy_source(value)?; hv.machine_info.entropy_source = value.to_string(); } - // Hypervisor Memory related annotations + // Hypervisor Memory related annotations KATA_ANNO_CFG_HYPERVISOR_DEFAULT_MEMORY => { match byte_unit::Byte::from_str(value) { Ok(mem_bytes) => { @@ -722,7 +762,7 @@ impl Annotation { return Err(bool_err); } }, - // Hypervisor Network related annotations + // Hypervisor Network related annotations KATA_ANNO_CFG_HYPERVISOR_DISABLE_VHOST_NET => match self.get_value::(key) { Ok(r) => { @@ -752,7 +792,7 @@ impl Annotation { } } } - // Hypervisor Security related annotations + // Hypervisor Security related annotations KATA_ANNO_CFG_HYPERVISOR_GUEST_HOOK_PATH => { hv.security_info.validate_path(value)?; hv.security_info.guest_hook_path = value.to_string(); @@ -767,7 +807,7 @@ impl Annotation { } } } - // Hypervisor Shared File System related annotations + // Hypervisor Shared File System related annotations KATA_ANNO_CFG_HYPERVISOR_SHARED_FS => { hv.shared_fs.shared_fs = self.get(key); } @@ -815,7 +855,7 @@ impl Annotation { } } else { match key.as_str() { - //update agent config + // update agent config KATA_ANNO_CFG_KERNEL_MODULES => { let kernel_mod: Vec = value.to_string().split(';').map(str::to_string).collect(); @@ -839,7 +879,7 @@ impl Annotation { return Err(u32_err); } }, - //update runtime config + // update runtime config KATA_ANNO_CFG_RUNTIME_NAME => { let runtime = vec!["virt-container", "linux-container", "wasm-container"]; if runtime.contains(&value.as_str()) { diff --git a/src/libs/kata-types/src/config/agent.rs b/src/libs/kata-types/src/config/agent.rs index c6d23be8ef..fb06de46ce 100644 --- a/src/libs/kata-types/src/config/agent.rs +++ b/src/libs/kata-types/src/config/agent.rs @@ -11,6 +11,9 @@ pub use vendor::AgentVendor; use super::default::{DEFAULT_AGENT_LOG_PORT, DEFAULT_AGENT_VSOCK_PORT}; +/// agent name of Kata agent. +pub const AGENT_NAME_KATA: &str = "kata"; + /// Kata agent configuration information. #[derive(Debug, Default, Deserialize, Serialize, Clone)] pub struct Agent { diff --git a/src/libs/kata-types/src/config/default.rs b/src/libs/kata-types/src/config/default.rs index 5ba7d07d1a..4bf9e6089d 100644 --- a/src/libs/kata-types/src/config/default.rs +++ b/src/libs/kata-types/src/config/default.rs @@ -6,6 +6,9 @@ //! Default configuration values. #![allow(missing_docs)] +use crate::config::agent::AGENT_NAME_KATA; +use crate::config::hypervisor::HYPERVISOR_NAME_DRAGONBALL; +use crate::config::runtime::RUNTIME_NAME_VIRTCONTAINER; use lazy_static::lazy_static; lazy_static! { @@ -18,6 +21,10 @@ lazy_static! { pub const DEFAULT_AGENT_NAME: &str = "kata-agent"; pub const DEFAULT_AGENT_VSOCK_PORT: u32 = 1024; pub const DEFAULT_AGENT_LOG_PORT: u32 = 1025; +pub const DEFAULT_AGENT_TYPE_NAME: &str = AGENT_NAME_KATA; + +pub const DEFAULT_RUNTIME_NAME: &str = RUNTIME_NAME_VIRTCONTAINER; +pub const DEFAULT_HYPERVISOR: &str = HYPERVISOR_NAME_DRAGONBALL; pub const DEFAULT_INTERNETWORKING_MODEL: &str = "tcfilter"; diff --git a/src/libs/kata-types/src/config/mod.rs b/src/libs/kata-types/src/config/mod.rs index 204adf034b..e837e59c69 100644 --- a/src/libs/kata-types/src/config/mod.rs +++ b/src/libs/kata-types/src/config/mod.rs @@ -29,7 +29,9 @@ pub use self::hypervisor::{ }; mod runtime; -pub use self::runtime::{Runtime, RuntimeVendor}; +pub use self::runtime::{Runtime, RuntimeVendor, RUNTIME_NAME_VIRTCONTAINER}; + +pub use self::agent::AGENT_NAME_KATA; /// Trait to manipulate global Kata configuration information. pub trait ConfigPlugin: Send + Sync { diff --git a/src/libs/kata-types/src/config/runtime.rs b/src/libs/kata-types/src/config/runtime.rs index ce8e9efa59..bfbde60d0d 100644 --- a/src/libs/kata-types/src/config/runtime.rs +++ b/src/libs/kata-types/src/config/runtime.rs @@ -10,6 +10,9 @@ use super::default; use crate::config::{ConfigOps, TomlConfig}; use crate::{eother, resolve_path, validate_path}; +/// Type of runtime VirtContainer. +pub const RUNTIME_NAME_VIRTCONTAINER: &str = "virt_container"; + /// Kata runtime configuration information. #[derive(Debug, Default, Deserialize, Serialize)] pub struct Runtime { @@ -99,6 +102,10 @@ pub struct Runtime { #[serde(default)] pub enable_pprof: bool, + /// If enabled, static resource management will calculate the vcpu and memory for the sandbox/container + #[serde(default)] + pub static_resource_mgmt: bool, + /// Determines whether container seccomp profiles are passed to the virtual machine and /// applied by the kata agent. If set to true, seccomp is not applied within the guest. #[serde(default)] diff --git a/src/libs/logging/Cargo.toml b/src/libs/logging/Cargo.toml index 3457072bc6..c7cac4d7b5 100644 --- a/src/libs/logging/Cargo.toml +++ b/src/libs/logging/Cargo.toml @@ -3,6 +3,7 @@ name = "logging" version = "0.1.0" authors = ["The Kata Containers community "] edition = "2018" +license = "Apache-2.0" # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html diff --git a/src/libs/oci/Cargo.toml b/src/libs/oci/Cargo.toml index dde7b9915c..8c08705a3d 100644 --- a/src/libs/oci/Cargo.toml +++ b/src/libs/oci/Cargo.toml @@ -3,6 +3,7 @@ name = "oci" version = "0.1.0" authors = ["The Kata Containers community "] edition = "2018" +license = "Apache-2.0" [dependencies] serde = "1.0.131" diff --git a/src/libs/protocols/Cargo.toml b/src/libs/protocols/Cargo.toml index 6853e9c259..03b9c8b3d5 100644 --- a/src/libs/protocols/Cargo.toml +++ b/src/libs/protocols/Cargo.toml @@ -3,6 +3,7 @@ name = "protocols" version = "0.1.0" authors = ["The Kata Containers community "] edition = "2018" +license = "Apache-2.0" [features] default = [] diff --git a/src/runtime-rs/Cargo.lock b/src/runtime-rs/Cargo.lock index 428b8047d0..a37eb41874 100644 --- a/src/runtime-rs/Cargo.lock +++ b/src/runtime-rs/Cargo.lock @@ -69,6 +69,15 @@ dependencies = [ "memchr", ] +[[package]] +name = "android_system_properties" +version = "0.1.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "819e7219dbd41043ac279b19830f2efc897156490d7fd6ea916720117ee66311" +dependencies = [ + "libc", +] + [[package]] name = "anyhow" version = "1.0.57" @@ -400,14 +409,16 @@ dependencies = [ [[package]] name = "chrono" -version = "0.4.19" +version = "0.4.22" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "670ad68c9088c2a963aaa298cb369688cf3f9465ce5e2d4ca10e6e0098a1ce73" +checksum = "bfd4d1b31faaa3a89d7934dbded3111da0d2ef28e3ebccdb4f0179f5929d1ef1" dependencies = [ - "libc", + "iana-time-zone", + "js-sys", "num-integer", "num-traits", "time 0.1.43", + "wasm-bindgen", "winapi", ] @@ -476,6 +487,12 @@ dependencies = [ "libc", ] +[[package]] +name = "core-foundation-sys" +version = "0.8.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5827cebf4670468b8772dd191856768aedcb1b0278a04f989f7766351917b9dc" + [[package]] name = "cpuid-bool" version = "0.1.2" @@ -754,7 +771,7 @@ version = "0.0.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8f82432ae94d42f160b6e17389d6e1c1eee29827b99ad32d35a0a96bb98bedb5" dependencies = [ - "core-foundation-sys", + "core-foundation-sys 0.2.3", "libc", ] @@ -912,7 +929,7 @@ dependencies = [ "arc-swap 1.5.0", "bitflags", "caps", - "core-foundation-sys", + "core-foundation-sys 0.2.3", "diskarbitration-sys", "lazy_static", "libc", @@ -1183,6 +1200,19 @@ dependencies = [ "vmm-sys-util", ] +[[package]] +name = "iana-time-zone" +version = "0.1.46" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ad2bfd338099682614d3ee3fe0cd72e0b6a41ca6a87f6a74a3bd593c91650501" +dependencies = [ + "android_system_properties", + "core-foundation-sys 0.8.3", + "js-sys", + "wasm-bindgen", + "winapi", +] + [[package]] name = "ident_case" version = "1.0.1" @@ -1418,9 +1448,9 @@ dependencies = [ [[package]] name = "lz4-sys" -version = "1.9.3" +version = "1.9.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d7be8908e2ed6f31c02db8a9fa962f03e36c53fbfde437363eae3306b85d7e17" +checksum = "57d27b317e207b10f69f5e75494119e391a96f48861ae870d1da6edac98ca900" dependencies = [ "cc", "libc", diff --git a/src/runtime-rs/Makefile b/src/runtime-rs/Makefile index 48c5703541..e8358b6760 100644 --- a/src/runtime-rs/Makefile +++ b/src/runtime-rs/Makefile @@ -122,7 +122,7 @@ DEFMSIZE9P := 8192 DEFVFIOMODE := guest-kernel # Default cgroup model DEFSANDBOXCGROUPONLY ?= false -DEFSTATICRESOURCEMGMT ?= false +DEFSTATICRESOURCEMGMT_DB ?= false DEFBINDMOUNTS := [] SED = sed CLI_DIR = cmd @@ -255,7 +255,7 @@ USER_VARS += DEFMSIZE9P USER_VARS += DEFENTROPYSOURCE USER_VARS += DEFVALIDENTROPYSOURCES USER_VARS += DEFSANDBOXCGROUPONLY -USER_VARS += DEFSTATICRESOURCEMGMT +USER_VARS += DEFSTATICRESOURCEMGMT_DB USER_VARS += DEFBINDMOUNTS USER_VARS += DEFVFIOMODE USER_VARS += BUILDFLAGS diff --git a/src/runtime-rs/config/configuration-dragonball.toml.in b/src/runtime-rs/config/configuration-dragonball.toml.in index bda6a8d3a1..6efb18ccf6 100644 --- a/src/runtime-rs/config/configuration-dragonball.toml.in +++ b/src/runtime-rs/config/configuration-dragonball.toml.in @@ -247,3 +247,6 @@ experimental=@DEFAULTEXPFEATURES@ # If enabled, user can run pprof tools with shim v2 process through kata-monitor. # (default: false) # enable_pprof = true + +static_resource_mgmt=@DEFSTATICRESOURCEMGMT_DB@ + diff --git a/src/runtime-rs/crates/agent/Cargo.toml b/src/runtime-rs/crates/agent/Cargo.toml index c5febe43d7..69dd2b753b 100644 --- a/src/runtime-rs/crates/agent/Cargo.toml +++ b/src/runtime-rs/crates/agent/Cargo.toml @@ -3,6 +3,7 @@ name = "agent" version = "0.1.0" authors = ["The Kata Containers community "] edition = "2018" +license = "Apache-2.0" [dev-dependencies] futures = "0.1.27" diff --git a/src/runtime-rs/crates/hypervisor/Cargo.toml b/src/runtime-rs/crates/hypervisor/Cargo.toml index 4227de663c..56a27ecb46 100644 --- a/src/runtime-rs/crates/hypervisor/Cargo.toml +++ b/src/runtime-rs/crates/hypervisor/Cargo.toml @@ -3,6 +3,7 @@ name = "hypervisor" version = "0.1.0" authors = ["The Kata Containers community "] edition = "2018" +license = "Apache-2.0" # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html diff --git a/src/runtime-rs/crates/hypervisor/src/dragonball/inner.rs b/src/runtime-rs/crates/hypervisor/src/dragonball/inner.rs index a98d78efcf..786088633b 100644 --- a/src/runtime-rs/crates/hypervisor/src/dragonball/inner.rs +++ b/src/runtime-rs/crates/hypervisor/src/dragonball/inner.rs @@ -176,6 +176,7 @@ impl DragonballInner { serial_path: Some(serial_path), mem_size_mib: self.config.memory_info.default_memory as usize, vcpu_count: self.config.cpu_info.default_vcpus as u8, + max_vcpu_count: self.config.cpu_info.default_maxvcpus as u8, ..Default::default() }; info!(sl!(), "vm config: {:?}", vm_config); diff --git a/src/runtime-rs/crates/persist/Cargo.toml b/src/runtime-rs/crates/persist/Cargo.toml index e0c6e5b1ff..4a5a32bfd9 100644 --- a/src/runtime-rs/crates/persist/Cargo.toml +++ b/src/runtime-rs/crates/persist/Cargo.toml @@ -3,6 +3,7 @@ name = "persist" version = "0.1.0" authors = ["The Kata Containers community "] edition = "2018" +license = "Apache-2.0" [dependencies] async-trait = "0.1.48" diff --git a/src/runtime-rs/crates/resource/Cargo.toml b/src/runtime-rs/crates/resource/Cargo.toml index 408baf522b..754ec800b2 100644 --- a/src/runtime-rs/crates/resource/Cargo.toml +++ b/src/runtime-rs/crates/resource/Cargo.toml @@ -3,6 +3,7 @@ name = "resource" version = "0.1.0" authors = ["The Kata Containers community "] edition = "2018" +license = "Apache-2.0" [dependencies] anyhow = "^1.0" diff --git a/src/runtime-rs/crates/runtimes/Cargo.toml b/src/runtime-rs/crates/runtimes/Cargo.toml index 8d7630b306..3347871fb2 100644 --- a/src/runtime-rs/crates/runtimes/Cargo.toml +++ b/src/runtime-rs/crates/runtimes/Cargo.toml @@ -3,6 +3,7 @@ name = "runtimes" version = "0.1.0" authors = ["The Kata Containers community "] edition = "2018" +license = "Apache-2.0" [dependencies] anyhow = "^1.0" diff --git a/src/runtime-rs/crates/runtimes/common/Cargo.toml b/src/runtime-rs/crates/runtimes/common/Cargo.toml index ce52f5b772..00eb64825d 100644 --- a/src/runtime-rs/crates/runtimes/common/Cargo.toml +++ b/src/runtime-rs/crates/runtimes/common/Cargo.toml @@ -3,6 +3,7 @@ name = "common" version = "0.1.0" authors = ["The Kata Containers community "] edition = "2018" +license = "Apache-2.0" # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html diff --git a/src/runtime-rs/crates/runtimes/src/lib.rs b/src/runtime-rs/crates/runtimes/src/lib.rs index 0853ee9c56..d10b38c7fd 100644 --- a/src/runtime-rs/crates/runtimes/src/lib.rs +++ b/src/runtime-rs/crates/runtimes/src/lib.rs @@ -11,3 +11,4 @@ logging::logger_with_subsystem!(sl, "runtimes"); pub mod manager; pub use manager::RuntimeHandlerManager; +mod static_resource; diff --git a/src/runtime-rs/crates/runtimes/src/manager.rs b/src/runtime-rs/crates/runtimes/src/manager.rs index c2c6c84c65..390cbac159 100644 --- a/src/runtime-rs/crates/runtimes/src/manager.rs +++ b/src/runtime-rs/crates/runtimes/src/manager.rs @@ -7,6 +7,8 @@ use std::sync::Arc; use anyhow::{anyhow, Context, Result}; + +use crate::static_resource::StaticResourceManager; use common::{ message::Message, types::{Request, Response}, @@ -310,6 +312,23 @@ fn load_config(spec: &oci::Spec) -> Result { let (mut toml_config, _) = TomlConfig::load_from_file(&config_path).context("load toml config")?; annotation.update_config_by_annotation(&mut toml_config)?; + + // Sandbox sizing information *may* be provided in two scenarios: + // 1. The upper layer runtime (ie, containerd or crio) provide sandbox sizing information as an annotation + // in the 'sandbox container's' spec. This would typically be a scenario where as part of a create sandbox + // request the upper layer runtime receives this information as part of a pod, and makes it available to us + // for sizing purposes. + // 2. If this is not a sandbox infrastructure container, but instead a standalone single container (analogous to "docker run..."), + // then the container spec itself will contain appropriate sizing information for the entire sandbox (since it is + // a single container. + if toml_config.runtime.static_resource_mgmt { + info!(sl!(), "static resource management enabled"); + let static_resource_manager = StaticResourceManager::new(spec) + .context("failed to construct static resource manager")?; + static_resource_manager + .setup_config(&mut toml_config) + .context("failed to setup static resource mgmt config")?; + } info!(sl!(), "get config content {:?}", &toml_config); Ok(toml_config) } diff --git a/src/runtime-rs/crates/runtimes/src/static_resource.rs b/src/runtime-rs/crates/runtimes/src/static_resource.rs new file mode 100644 index 0000000000..0e04d21505 --- /dev/null +++ b/src/runtime-rs/crates/runtimes/src/static_resource.rs @@ -0,0 +1,167 @@ +// Copyright (c) 2019-2021 Alibaba Cloud +// Copyright (c) 2019-2021 Ant Group +// +// SPDX-License-Identifier: Apache-2.0 +// + +use std::convert::TryFrom; + +use anyhow::{Context, Result}; + +use kata_types::{ + annotations::Annotation, config::TomlConfig, container::ContainerType, + cpu::LinuxContainerCpuResources, k8s::container_type, +}; + +// static resource that StaticResourceManager needs, this is the spec for the +// sandbox/container's workload +#[derive(Clone, Copy, Debug)] +struct StaticResource { + vcpu: u32, + mem_mb: u32, +} + +// generate static resource(vcpu and memory in MiB) from spec's information +// used for static resource management +impl TryFrom<&oci::Spec> for StaticResource { + type Error = anyhow::Error; + fn try_from(spec: &oci::Spec) -> Result { + let mut vcpu: u32 = 0; + let mut mem_mb: u32 = 0; + match container_type(spec) { + // podsandbox, from annotation + ContainerType::PodSandbox => { + let annotation = Annotation::new(spec.annotations.clone()); + let (period, quota, memory) = + get_sizing_info(annotation).context("failed to get sizing info")?; + let cpu = oci::LinuxCpu { + period: Some(period), + quota: Some(quota), + ..Default::default() + }; + // although it may not be actually a linux container, we are only using the calculation inside + // LinuxContainerCpuResources::try_from to generate our vcpu number + if let Ok(cpu_resource) = LinuxContainerCpuResources::try_from(&cpu) { + vcpu = get_nr_vcpu(&cpu_resource); + } + mem_mb = convert_memory_to_mb(memory); + } + // single container, from container spec + _ => { + if let Some(linux) = &spec.linux { + if let Some(resource) = &linux.resources { + if let Some(cpu) = &resource.cpu { + if let Ok(cpu_resource) = LinuxContainerCpuResources::try_from(cpu) { + vcpu = get_nr_vcpu(&cpu_resource); + } + } + if let Some(mem) = &resource.memory { + let memory = mem.limit.unwrap_or(0); + mem_mb = convert_memory_to_mb(memory); + } + } + } + } + } + info!( + sl!(), + "static resource mgmt result: vcpu={}, mem_mb={}", vcpu, mem_mb + ); + Ok(Self { vcpu, mem_mb }) + } +} + +// StaticResourceManager is responsible for static resource management +// +// static resource management sizing information is optionally provided, either by +// upper layer runtime (containerd / crio) or by the container spec itself (when it +// is a standalone single container such as the one started with *docker run*) +// +// the sizing information uses three values, cpu quota, cpu period and memory limit, +// and with above values it calculates the # vcpus and memory for the workload and +// add them to default value of the config +#[derive(Clone, Copy, Debug)] +pub struct StaticResourceManager { + resource: StaticResource, +} + +impl StaticResourceManager { + pub fn new(spec: &oci::Spec) -> Result { + Ok(Self { + resource: StaticResource::try_from(spec) + .context("failed to construct static resource")?, + }) + } + + pub fn setup_config(&self, config: &mut TomlConfig) -> Result<()> { + // update this data to the hypervisor config for later use by hypervisor + let hypervisor_name = &config.runtime.hypervisor_name; + let mut hv = config + .hypervisor + .get_mut(hypervisor_name) + .context("failed to get hypervisor config")?; + hv.cpu_info.default_vcpus += self.resource.vcpu as i32; + hv.memory_info.default_memory += self.resource.mem_mb; + Ok(()) + } +} + +fn get_nr_vcpu(resource: &LinuxContainerCpuResources) -> u32 { + if let Some(v) = resource.get_vcpus() { + v as u32 + } else { + 0 + } +} + +fn convert_memory_to_mb(memory_in_byte: i64) -> u32 { + if memory_in_byte < 0 { + 0 + } else { + (memory_in_byte / 1024 / 1024) as u32 + } +} + +// from the upper layer runtime's annotation (e.g. crio, k8s), get the *cpu quota, +// cpu period and memory limit* for a sandbox/container +fn get_sizing_info(annotation: Annotation) -> Result<(u64, i64, i64)> { + // since we are *adding* our result to the config, a value of 0 will cause no change + // and if the annotation is not assigned (but static resource management is), we will + // log a *warning* to fill that with zero value + let period = annotation.get_sandbox_cpu_quota(); + let quota = annotation.get_sandbox_cpu_period(); + let memory = annotation.get_sandbox_mem(); + Ok((period, quota, memory)) +} + +#[cfg(test)] +mod tests { + use super::*; + + #[test] + fn test_static_resource_mgmt() { + // data below should result in 2200 mCPU(round up to 3 vcpus) and 512 MiB of memory + let period: u64 = 100000; + let memory: i64 = 1048576 * 512; // 512 MiB + let quota: i64 = 220000; + + let cpu = oci::LinuxCpu { + period: Some(period), + quota: Some(quota), + ..Default::default() + }; + if let Ok(cpu_resource) = LinuxContainerCpuResources::try_from(&cpu) { + if let Some(v) = cpu_resource.get_vcpus() { + assert_eq!(v, 3); + } + } + + let mem_mb = if memory < 0 { + 0 + } else { + (memory / 1024 / 1024) as u32 + }; + + assert_eq!(mem_mb, 512); + } +} diff --git a/src/runtime-rs/crates/runtimes/virt_container/Cargo.toml b/src/runtime-rs/crates/runtimes/virt_container/Cargo.toml index 0abe1b61b0..0e3fbdc60a 100644 --- a/src/runtime-rs/crates/runtimes/virt_container/Cargo.toml +++ b/src/runtime-rs/crates/runtimes/virt_container/Cargo.toml @@ -3,6 +3,7 @@ name = "virt_container" version = "0.1.0" authors = ["The Kata Containers community "] edition = "2018" +license = "Apache-2.0" [dependencies] anyhow = "^1.0" diff --git a/src/runtime-rs/crates/runtimes/virt_container/src/container_manager/container.rs b/src/runtime-rs/crates/runtimes/virt_container/src/container_manager/container.rs index 2d414318bd..834c68b77c 100644 --- a/src/runtime-rs/crates/runtimes/virt_container/src/container_manager/container.rs +++ b/src/runtime-rs/crates/runtimes/virt_container/src/container_manager/container.rs @@ -80,8 +80,9 @@ impl Container { let mut inner = self.inner.write().await; let toml_config = self.resource_manager.config().await; let config = &self.config; - let sandbox_pidns = amend_spec(&mut spec, toml_config.runtime.disable_guest_seccomp) - .context("load spec")?; + amend_spec(&mut spec, toml_config.runtime.disable_guest_seccomp).context("amend spec")?; + let sandbox_pidns = is_pid_namespace_enabled(&spec); + // handler rootfs let rootfs = self .resource_manager @@ -373,7 +374,7 @@ impl Container { } } -fn amend_spec(spec: &mut oci::Spec, disable_guest_seccomp: bool) -> Result { +fn amend_spec(spec: &mut oci::Spec, disable_guest_seccomp: bool) -> Result<()> { // hook should be done on host spec.hooks = None; @@ -401,33 +402,29 @@ fn amend_spec(spec: &mut oci::Spec, disable_guest_seccomp: bool) -> Result } linux.namespaces = ns; - - return Ok(handle_pid_namespace(&linux.namespaces)); } - Ok(false) + Ok(()) } -// handle_pid_namespace checks if Pid namespace for a container needs to be shared with its sandbox +// is_pid_namespace_enabled checks if Pid namespace for a container needs to be shared with its sandbox // pid namespace. -fn handle_pid_namespace(namespaces: &[oci::LinuxNamespace]) -> bool { - for n in namespaces.iter() { - match n.r#type.as_str() { - oci::PIDNAMESPACE => { - if !n.path.is_empty() { - return true; - } +fn is_pid_namespace_enabled(spec: &oci::Spec) -> bool { + if let Some(linux) = spec.linux.as_ref() { + for n in linux.namespaces.iter() { + if n.r#type.as_str() == oci::PIDNAMESPACE { + return !n.path.is_empty(); } - _ => continue, } } + false } #[cfg(test)] mod tests { use super::amend_spec; - use crate::container_manager::container::handle_pid_namespace; + use super::is_pid_namespace_enabled; #[test] fn test_amend_spec_disable_guest_seccomp() { let mut spec = oci::Spec { @@ -448,38 +445,69 @@ mod tests { amend_spec(&mut spec, true).unwrap(); assert!(spec.linux.as_ref().unwrap().seccomp.is_none()); } + #[test] - fn test_handle_pid_namespace() { - let namespaces = vec![ - oci::LinuxNamespace { - r#type: "pid".to_string(), - path: "".to_string(), + fn test_is_pid_namespace_enabled() { + struct TestData<'a> { + desc: &'a str, + namespaces: Vec, + result: bool, + } + + let tests = &[ + TestData { + desc: "no pid namespace", + namespaces: vec![oci::LinuxNamespace { + r#type: "network".to_string(), + path: "".to_string(), + }], + result: false, }, - oci::LinuxNamespace { - r#type: "network".to_string(), - path: "".to_string(), + TestData { + desc: "empty pid namespace path", + namespaces: vec![ + oci::LinuxNamespace { + r#type: "pid".to_string(), + path: "".to_string(), + }, + oci::LinuxNamespace { + r#type: "network".to_string(), + path: "".to_string(), + }, + ], + result: false, }, - oci::LinuxNamespace { - r#type: "ipc".to_string(), - path: "".to_string(), - }, - oci::LinuxNamespace { - r#type: "uts".to_string(), - path: "".to_string(), - }, - oci::LinuxNamespace { - r#type: "mount".to_string(), - path: "".to_string(), - }, - oci::LinuxNamespace { - r#type: "user".to_string(), - path: "".to_string(), - }, - oci::LinuxNamespace { - r#type: "cgroup".to_string(), - path: "".to_string(), + TestData { + desc: "pid namespace is set", + namespaces: vec![ + oci::LinuxNamespace { + r#type: "pid".to_string(), + path: "/some/path".to_string(), + }, + oci::LinuxNamespace { + r#type: "network".to_string(), + path: "".to_string(), + }, + ], + result: true, }, ]; - assert!(!handle_pid_namespace(&namespaces)); + + let mut spec = oci::Spec::default(); + + for (i, d) in tests.iter().enumerate() { + spec.linux = Some(oci::Linux { + namespaces: d.namespaces.clone(), + ..Default::default() + }); + + assert_eq!( + d.result, + is_pid_namespace_enabled(&spec), + "test[{}]: {:?}", + i, + d.desc + ); + } } } diff --git a/src/runtime-rs/crates/service/Cargo.toml b/src/runtime-rs/crates/service/Cargo.toml index 3b361a01cf..61fc3fb03f 100644 --- a/src/runtime-rs/crates/service/Cargo.toml +++ b/src/runtime-rs/crates/service/Cargo.toml @@ -3,6 +3,7 @@ name = "service" version = "0.1.0" authors = ["The Kata Containers community "] edition = "2018" +license = "Apache-2.0" [dependencies] anyhow = "^1.0" diff --git a/src/runtime-rs/tests/utils/Cargo.toml b/src/runtime-rs/tests/utils/Cargo.toml index 7317b7f0ff..c4fc094719 100644 --- a/src/runtime-rs/tests/utils/Cargo.toml +++ b/src/runtime-rs/tests/utils/Cargo.toml @@ -3,6 +3,7 @@ name = "tests_utils" version = "0.1.0" edition = "2018" description = "This crate is used to share code among tests" +license = "Apache-2.0" # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html diff --git a/src/runtime/virtcontainers/acrn.go b/src/runtime/virtcontainers/acrn.go index c3d54a0dc7..b11cafb454 100644 --- a/src/runtime/virtcontainers/acrn.go +++ b/src/runtime/virtcontainers/acrn.go @@ -676,6 +676,10 @@ func (a *Acrn) GetThreadIDs(ctx context.Context) (VcpuThreadIDs, error) { return VcpuThreadIDs{}, nil } +func (a *Acrn) GetTotalMemoryMB(ctx context.Context) uint32 { + return a.config.MemorySize +} + func (a *Acrn) ResizeMemory(ctx context.Context, reqMemMB uint32, memoryBlockSizeMB uint32, probe bool) (uint32, MemoryDevice, error) { return 0, MemoryDevice{}, nil } diff --git a/src/runtime/virtcontainers/clh.go b/src/runtime/virtcontainers/clh.go index 21b67fa564..8aa450deb9 100644 --- a/src/runtime/virtcontainers/clh.go +++ b/src/runtime/virtcontainers/clh.go @@ -1603,6 +1603,16 @@ func (clh *cloudHypervisor) cleanupVM(force bool) error { return nil } +func (clh *cloudHypervisor) GetTotalMemoryMB(ctx context.Context) uint32 { + vminfo, err := clh.vmInfo() + if err != nil { + clh.Logger().WithError(err).Error("failed to get vminfo") + return 0 + } + + return uint32(vminfo.GetMemoryActualSize() >> utils.MibToBytesShift) +} + // vmInfo ask to hypervisor for current VM status func (clh *cloudHypervisor) vmInfo() (chclient.VmInfo, error) { cl := clh.client() diff --git a/src/runtime/virtcontainers/fc.go b/src/runtime/virtcontainers/fc.go index 51245318e1..a8b0b023e0 100644 --- a/src/runtime/virtcontainers/fc.go +++ b/src/runtime/virtcontainers/fc.go @@ -1169,6 +1169,10 @@ func (fc *firecracker) HypervisorConfig() HypervisorConfig { return fc.config } +func (fc *firecracker) GetTotalMemoryMB(ctx context.Context) uint32 { + return fc.config.MemorySize +} + func (fc *firecracker) ResizeMemory(ctx context.Context, reqMemMB uint32, memoryBlockSizeMB uint32, probe bool) (uint32, MemoryDevice, error) { return 0, MemoryDevice{}, nil } diff --git a/src/runtime/virtcontainers/hypervisor.go b/src/runtime/virtcontainers/hypervisor.go index 8d7e98e203..0fb1a49278 100644 --- a/src/runtime/virtcontainers/hypervisor.go +++ b/src/runtime/virtcontainers/hypervisor.go @@ -712,6 +712,7 @@ type Hypervisor interface { HotplugRemoveDevice(ctx context.Context, devInfo interface{}, devType DeviceType) (interface{}, error) ResizeMemory(ctx context.Context, memMB uint32, memoryBlockSizeMB uint32, probe bool) (uint32, MemoryDevice, error) ResizeVCPUs(ctx context.Context, vcpus uint32) (uint32, uint32, error) + GetTotalMemoryMB(ctx context.Context) uint32 GetVMConsole(ctx context.Context, sandboxID string) (string, string, error) Disconnect(ctx context.Context) Capabilities(ctx context.Context) types.Capabilities diff --git a/src/runtime/virtcontainers/mock_hypervisor.go b/src/runtime/virtcontainers/mock_hypervisor.go index e66ca209af..17ef44c649 100644 --- a/src/runtime/virtcontainers/mock_hypervisor.go +++ b/src/runtime/virtcontainers/mock_hypervisor.go @@ -17,6 +17,7 @@ import ( var MockHybridVSockPath = "/tmp/kata-mock-hybrid-vsock.socket" type mockHypervisor struct { + config HypervisorConfig mockPid int } @@ -27,10 +28,11 @@ func (m *mockHypervisor) Capabilities(ctx context.Context) types.Capabilities { } func (m *mockHypervisor) HypervisorConfig() HypervisorConfig { - return HypervisorConfig{} + return m.config } func (m *mockHypervisor) setConfig(config *HypervisorConfig) error { + m.config = *config return nil } @@ -38,7 +40,7 @@ func (m *mockHypervisor) CreateVM(ctx context.Context, id string, network Networ if err := m.setConfig(hypervisorConfig); err != nil { return err } - + m.config.MemSlots = 0 return nil } @@ -96,12 +98,20 @@ func (m *mockHypervisor) GetVMConsole(ctx context.Context, sandboxID string) (st } func (m *mockHypervisor) ResizeMemory(ctx context.Context, memMB uint32, memorySectionSizeMB uint32, probe bool) (uint32, MemoryDevice, error) { + if m.config.MemorySize != memMB { + // For testing, we'll use MemSlots to track how many times we resized memory + m.config.MemSlots += 1 + m.config.MemorySize = memMB + } return 0, MemoryDevice{}, nil } func (m *mockHypervisor) ResizeVCPUs(ctx context.Context, cpus uint32) (uint32, uint32, error) { return 0, 0, nil } +func (m *mockHypervisor) GetTotalMemoryMB(ctx context.Context) uint32 { + return m.config.MemorySize +} func (m *mockHypervisor) Disconnect(ctx context.Context) { } diff --git a/src/runtime/virtcontainers/mock_hypervisor_test.go b/src/runtime/virtcontainers/mock_hypervisor_test.go index 0159a993dd..ba4435f13b 100644 --- a/src/runtime/virtcontainers/mock_hypervisor_test.go +++ b/src/runtime/virtcontainers/mock_hypervisor_test.go @@ -14,7 +14,7 @@ import ( ) func TestMockHypervisorCreateVM(t *testing.T) { - var m *mockHypervisor + m := &mockHypervisor{} assert := assert.New(t) sandbox := &Sandbox{ diff --git a/src/runtime/virtcontainers/qemu.go b/src/runtime/virtcontainers/qemu.go index 6613e2c6d4..56bf94eb0b 100644 --- a/src/runtime/virtcontainers/qemu.go +++ b/src/runtime/virtcontainers/qemu.go @@ -2235,6 +2235,10 @@ func (q *qemu) Disconnect(ctx context.Context) { q.qmpShutdown() } +func (q *qemu) GetTotalMemoryMB(ctx context.Context) uint32 { + return q.config.MemorySize + uint32(q.state.HotpluggedMemory) +} + // ResizeMemory gets a request to update the VM memory to reqMemMB // Memory update is managed with two approaches // Add memory to VM: @@ -2248,7 +2252,7 @@ func (q *qemu) Disconnect(ctx context.Context) { // A longer term solution is evaluate solutions like virtio-mem func (q *qemu) ResizeMemory(ctx context.Context, reqMemMB uint32, memoryBlockSizeMB uint32, probe bool) (uint32, MemoryDevice, error) { - currentMemory := q.config.MemorySize + uint32(q.state.HotpluggedMemory) + currentMemory := q.GetTotalMemoryMB(ctx) if err := q.qmpSetup(); err != nil { return 0, MemoryDevice{}, err } diff --git a/src/runtime/virtcontainers/sandbox.go b/src/runtime/virtcontainers/sandbox.go index 76eb380ed4..cb0d57d632 100644 --- a/src/runtime/virtcontainers/sandbox.go +++ b/src/runtime/virtcontainers/sandbox.go @@ -78,6 +78,14 @@ const ( // Restricted permission for shared directory managed by virtiofs sharedDirMode = os.FileMode(0700) | os.ModeDir + + // hotplug factor indicates how much memory can be hotplugged relative to the amount of + // RAM provided to the guest. This is a conservative heuristic based on needing 64 bytes per + // 4KiB page of hotplugged memory. + // + // As an example: 12 GiB hotplugged -> 3 Mi pages -> 192 MiBytes overhead (3Mi x 64B). + // This is approximately what should be free in a relatively unloaded 256 MiB guest (75% of available memory). So, 256 Mi x 48 => 12 Gi + acpiMemoryHotplugFactor = 48 ) var ( @@ -2004,9 +2012,60 @@ func (s *Sandbox) updateResources(ctx context.Context) error { } s.Logger().Debugf("Sandbox CPUs: %d", newCPUs) - // Update Memory - s.Logger().WithField("memory-sandbox-size-byte", sandboxMemoryByte).Debugf("Request to hypervisor to update memory") + // Update Memory -- + // If we're using ACPI hotplug for memory, there's a limitation on the amount of memory which can be hotplugged at a single time. + // We must have enough free memory in the guest kernel to cover 64bytes per (4KiB) page of memory added for mem_map. + // See https://github.com/kata-containers/kata-containers/issues/4847 for more details. + // For a typical pod lifecycle, we expect that each container is added when we start the workloads. Based on this, we'll "assume" that majority + // of the guest memory is readily available. From experimentation, we see that we can add approximately 48 times what is already provided to + // the guest workload. For example, a 256 MiB guest should be able to accommodate hotplugging 12 GiB of memory. + // + // If virtio-mem is being used, there isn't such a limitation - we can hotplug the maximum allowed memory at a single time. + // newMemoryMB := uint32(sandboxMemoryByte >> utils.MibToBytesShift) + finalMemoryMB := newMemoryMB + + hconfig := s.hypervisor.HypervisorConfig() + + for { + currentMemoryMB := s.hypervisor.GetTotalMemoryMB(ctx) + + maxhotPluggableMemoryMB := currentMemoryMB * acpiMemoryHotplugFactor + + // In the case of virtio-mem, we don't have a restriction on how much can be hotplugged at + // a single time. As a result, the max hotpluggable is only limited by the maximum memory size + // of the guest. + if hconfig.VirtioMem { + maxhotPluggableMemoryMB = uint32(hconfig.DefaultMaxMemorySize) - currentMemoryMB + } + + deltaMB := int32(finalMemoryMB - currentMemoryMB) + + if deltaMB > int32(maxhotPluggableMemoryMB) { + s.Logger().Warnf("Large hotplug. Adding %d MB of %d total memory", maxhotPluggableMemoryMB, deltaMB) + newMemoryMB = currentMemoryMB + maxhotPluggableMemoryMB + } else { + newMemoryMB = finalMemoryMB + } + + // Add the memory to the guest and online the memory: + if err := s.updateMemory(ctx, newMemoryMB); err != nil { + return err + } + + if newMemoryMB == finalMemoryMB { + break + } + + } + + return nil + +} + +func (s *Sandbox) updateMemory(ctx context.Context, newMemoryMB uint32) error { + // online the memory: + s.Logger().WithField("memory-sandbox-size-mb", newMemoryMB).Debugf("Request to hypervisor to update memory") newMemory, updatedMemoryDevice, err := s.hypervisor.ResizeMemory(ctx, newMemoryMB, s.state.GuestMemoryBlockSizeMB, s.state.GuestMemoryHotplugProbe) if err != nil { if err == noGuestMemHotplugErr { @@ -2026,7 +2085,6 @@ func (s *Sandbox) updateResources(ctx context.Context) error { if err := s.agent.onlineCPUMem(ctx, 0, false); err != nil { return err } - return nil } diff --git a/src/runtime/virtcontainers/sandbox_test.go b/src/runtime/virtcontainers/sandbox_test.go index 331094ee39..59ed24c1aa 100644 --- a/src/runtime/virtcontainers/sandbox_test.go +++ b/src/runtime/virtcontainers/sandbox_test.go @@ -41,6 +41,7 @@ func newHypervisorConfig(kernelParams []Param, hParams []Param) HypervisorConfig HypervisorPath: filepath.Join(testDir, testHypervisor), KernelParams: kernelParams, HypervisorParams: hParams, + MemorySize: 1, } } @@ -1360,7 +1361,6 @@ func TestSandboxUpdateResources(t *testing.T) { contConfig1 := newTestContainerConfigNoop("cont-00001") contConfig2 := newTestContainerConfigNoop("cont-00002") hConfig := newHypervisorConfig(nil, nil) - defer cleanUp() // create a sandbox s, err := testCreateSandbox(t, @@ -1370,28 +1370,37 @@ func TestSandboxUpdateResources(t *testing.T) { NetworkConfig{}, []ContainerConfig{contConfig1, contConfig2}, nil) - assert.NoError(t, err) + err = s.updateResources(context.Background()) assert.NoError(t, err) - containerMemLimit := int64(1000) + // For mock hypervisor, we MemSlots to be 0 since the memory wasn't changed. + assert.Equal(t, s.hypervisor.HypervisorConfig().MemSlots, uint32(0)) + + containerMemLimit := int64(4 * 1024 * 1024 * 1024) containerCPUPeriod := uint64(1000) containerCPUQouta := int64(5) - for _, c := range s.config.Containers { - c.Resources.Memory = &specs.LinuxMemory{ + for idx := range s.config.Containers { + s.config.Containers[idx].Resources.Memory = &specs.LinuxMemory{ Limit: new(int64), } - c.Resources.CPU = &specs.LinuxCPU{ + s.config.Containers[idx].Resources.CPU = &specs.LinuxCPU{ Period: new(uint64), Quota: new(int64), } - c.Resources.Memory.Limit = &containerMemLimit - c.Resources.CPU.Period = &containerCPUPeriod - c.Resources.CPU.Quota = &containerCPUQouta + s.config.Containers[idx].Resources.Memory.Limit = &containerMemLimit + s.config.Containers[idx].Resources.CPU.Period = &containerCPUPeriod + s.config.Containers[idx].Resources.CPU.Quota = &containerCPUQouta } err = s.updateResources(context.Background()) assert.NoError(t, err) + + // Since we're starting with a memory of 1 MB, we expect it to take 3 hotplugs to add 4GiB of memory when using ACPI hotplug: + // +48MB + // +2352MB + // +the remaining + assert.Equal(t, s.hypervisor.HypervisorConfig().MemSlots, uint32(3)) } func TestSandboxExperimentalFeature(t *testing.T) { diff --git a/src/tools/agent-ctl/Cargo.lock b/src/tools/agent-ctl/Cargo.lock index 608c519d28..414ce3c4a6 100644 --- a/src/tools/agent-ctl/Cargo.lock +++ b/src/tools/agent-ctl/Cargo.lock @@ -11,6 +11,15 @@ dependencies = [ "memchr", ] +[[package]] +name = "android_system_properties" +version = "0.1.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "819e7219dbd41043ac279b19830f2efc897156490d7fd6ea916720117ee66311" +dependencies = [ + "libc", +] + [[package]] name = "ansi_term" version = "0.12.1" @@ -66,6 +75,12 @@ version = "1.2.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "cf1de2fe8c75bc145a2f577add951f8134889b4795d47466a54a5c846d691693" +[[package]] +name = "bumpalo" +version = "3.11.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c1ad822118d20d2c234f427000d5acc36eabe1e29a348c89b63dd60b13f28e5d" + [[package]] name = "byteorder" version = "1.4.3" @@ -131,14 +146,16 @@ dependencies = [ [[package]] name = "chrono" -version = "0.4.19" +version = "0.4.22" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "670ad68c9088c2a963aaa298cb369688cf3f9465ce5e2d4ca10e6e0098a1ce73" +checksum = "bfd4d1b31faaa3a89d7934dbded3111da0d2ef28e3ebccdb4f0179f5929d1ef1" dependencies = [ - "libc", + "iana-time-zone", + "js-sys", "num-integer", "num-traits", "time", + "wasm-bindgen", "winapi", ] @@ -157,6 +174,12 @@ dependencies = [ "vec_map", ] +[[package]] +name = "core-foundation-sys" +version = "0.8.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5827cebf4670468b8772dd191856768aedcb1b0278a04f989f7766351917b9dc" + [[package]] name = "crossbeam-channel" version = "0.5.1" @@ -362,6 +385,19 @@ version = "2.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9a3a5bfb195931eeb336b2a7b4d761daec841b97f947d34394601737a7bba5e4" +[[package]] +name = "iana-time-zone" +version = "0.1.46" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ad2bfd338099682614d3ee3fe0cd72e0b6a41ca6a87f6a74a3bd593c91650501" +dependencies = [ + "android_system_properties", + "core-foundation-sys", + "js-sys", + "wasm-bindgen", + "winapi", +] + [[package]] name = "indexmap" version = "1.7.0" @@ -409,6 +445,15 @@ version = "1.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1aab8fc367588b89dcee83ab0fd66b72b50b72fa1904d7095045ace2b0c81c35" +[[package]] +name = "js-sys" +version = "0.3.58" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c3fac17f7123a73ca62df411b1bf727ccc805daa070338fda671c86dac1bdc27" +dependencies = [ + "wasm-bindgen", +] + [[package]] name = "kata-agent-ctl" version = "0.0.1" @@ -1160,6 +1205,60 @@ version = "0.10.2+wasi-snapshot-preview1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "fd6fbd9a79829dd1ad0cc20627bf1ed606756a7f77edff7b66b7064f9cb327c6" +[[package]] +name = "wasm-bindgen" +version = "0.2.81" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7c53b543413a17a202f4be280a7e5c62a1c69345f5de525ee64f8cfdbc954994" +dependencies = [ + "cfg-if 1.0.0", + "wasm-bindgen-macro", +] + +[[package]] +name = "wasm-bindgen-backend" +version = "0.2.81" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5491a68ab4500fa6b4d726bd67408630c3dbe9c4fe7bda16d5c82a1fd8c7340a" +dependencies = [ + "bumpalo", + "lazy_static", + "log", + "proc-macro2", + "quote", + "syn", + "wasm-bindgen-shared", +] + +[[package]] +name = "wasm-bindgen-macro" +version = "0.2.81" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c441e177922bc58f1e12c022624b6216378e5febc2f0533e41ba443d505b80aa" +dependencies = [ + "quote", + "wasm-bindgen-macro-support", +] + +[[package]] +name = "wasm-bindgen-macro-support" +version = "0.2.81" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7d94ac45fcf608c1f45ef53e748d35660f168490c10b23704c7779ab8f5c3048" +dependencies = [ + "proc-macro2", + "quote", + "syn", + "wasm-bindgen-backend", + "wasm-bindgen-shared", +] + +[[package]] +name = "wasm-bindgen-shared" +version = "0.2.81" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6a89911bd99e5f3659ec4acf9c4d93b0a90fe4a2a11f15328472058edc5261be" + [[package]] name = "which" version = "4.2.2" diff --git a/src/tools/agent-ctl/Cargo.toml b/src/tools/agent-ctl/Cargo.toml index 8d2f93b847..25852d83ba 100644 --- a/src/tools/agent-ctl/Cargo.toml +++ b/src/tools/agent-ctl/Cargo.toml @@ -8,6 +8,7 @@ name = "kata-agent-ctl" version = "0.0.1" authors = ["The Kata Containers community "] edition = "2018" +license = "Apache-2.0" [dependencies] protocols = { path = "../../libs/protocols", features = ["with-serde"] } diff --git a/src/tools/agent-ctl/README.md b/src/tools/agent-ctl/README.md index d9b53ac35e..667c07b51d 100644 --- a/src/tools/agent-ctl/README.md +++ b/src/tools/agent-ctl/README.md @@ -220,7 +220,7 @@ $ sudo install -o root -g root -m 0755 ~/.cargo/bin/kata-agent-ctl /usr/local/bi 1. Start the agent, specifying a local socket for it to communicate on: ```sh - $ sudo KATA_AGENT_SERVER_ADDR=unix:///tmp/foo.socket target/x86_64-unknown-linux-musl/release/kata-agent + $ sudo KATA_AGENT_SERVER_ADDR=unix://@/tmp/foo.socket target/x86_64-unknown-linux-musl/release/kata-agent ``` > **Note:** This example assumes an Intel x86-64 system. diff --git a/src/tools/trace-forwarder/Cargo.lock b/src/tools/trace-forwarder/Cargo.lock index 68e3ec4cdf..ce1f994d26 100644 --- a/src/tools/trace-forwarder/Cargo.lock +++ b/src/tools/trace-forwarder/Cargo.lock @@ -92,14 +92,15 @@ checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" [[package]] name = "chrono" -version = "0.4.19" +version = "0.4.20" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "670ad68c9088c2a963aaa298cb369688cf3f9465ce5e2d4ca10e6e0098a1ce73" +checksum = "6127248204b9aba09a362f6c930ef6a78f2c1b2215f8a7b398c06e1083f17af0" dependencies = [ - "libc", + "js-sys", "num-integer", "num-traits", "time", + "wasm-bindgen", "winapi", ] diff --git a/src/tools/trace-forwarder/Cargo.toml b/src/tools/trace-forwarder/Cargo.toml index 2579ae5b6c..fc0b69631e 100644 --- a/src/tools/trace-forwarder/Cargo.toml +++ b/src/tools/trace-forwarder/Cargo.toml @@ -8,6 +8,7 @@ name = "kata-trace-forwarder" version = "0.0.1" authors = ["The Kata Containers community "] edition = "2018" +license = "Apache-2.0" [dependencies] futures = "0.3.15" diff --git a/tools/packaging/kata-deploy/action/test-kata.sh b/tools/packaging/kata-deploy/action/test-kata.sh index 7484ee36dd..96d41fbc61 100755 --- a/tools/packaging/kata-deploy/action/test-kata.sh +++ b/tools/packaging/kata-deploy/action/test-kata.sh @@ -75,7 +75,7 @@ function run_test() { # our 'wait' for deployment status will fail to find the deployment at all sleep 3 - kubectl wait --timeout=5m --for=condition=Available deployment/${deployment} + kubectl wait --timeout=5m --for=condition=Available deployment/${deployment} || kubectl describe pods kubectl expose deployment/${deployment} # test pod connectivity: diff --git a/versions.yaml b/versions.yaml index 8ec4145a93..0342bb18ee 100644 --- a/versions.yaml +++ b/versions.yaml @@ -182,7 +182,7 @@ externals: cni-plugins: description: "CNI network plugins" url: "https://github.com/containernetworking/plugins" - commit: "485be65581341430f9106a194a98f0f2412245fb" + version: "v1.1.1" conmon: description: "An OCI container runtime monitor" @@ -212,7 +212,7 @@ externals: gperf: description: "GNU gperf is a perfect hash function generator" - url: "https://ftp.gnu.org/gnu/gperf" + url: "https://ftpmirror.gnu.org/gnu/gperf" version: "3.1" kubernetes: