From 6237a43a8dc8a49eb2a23abb21a12d9a343a69c3 Mon Sep 17 00:00:00 2001 From: stevenhorsman Date: Mon, 27 Apr 2026 16:40:59 +0100 Subject: [PATCH] runtime-rs: Add cdh_api_timeout_ms configuration parameter Add the cdh_api_timeout_ms parameter to runtime-rs. Note the go runtime has cdh_api_timeout is seconds, but the suggestions was to move everything to ms. This parameter controls the timeout for Confidential Data Hub API timeout in the agent. Changes: - Add cdh_api_timeout_ms field to Agent config struct in kata-types - Defaults to 50,000 milliseconds internally - Add cdh_api_timeout to confidential computing configuration files: - configuration-qemu-coco-dev-runtime-rs.toml.in - configuration-qemu-se-runtime-rs.toml.in - configuration-qemu-snp-runtime-rs.toml.in - configuration-qemu-tdx-runtime-rs.toml.in The parameter is only added to confidential computing configurations where the Confidential Data Hub is used. Assisted-by: IBM Bob Signed-off-by: stevenhorsman --- src/libs/kata-types/src/config/agent.rs | 16 +++++++++++++--- ...onfiguration-qemu-coco-dev-runtime-rs.toml.in | 4 ++++ .../configuration-qemu-se-runtime-rs.toml.in | 4 ++++ .../configuration-qemu-snp-runtime-rs.toml.in | 4 ++++ .../configuration-qemu-tdx-runtime-rs.toml.in | 5 ++++- .../config/configuration-rs-fc.toml.in | 6 +++--- 6 files changed, 32 insertions(+), 7 deletions(-) diff --git a/src/libs/kata-types/src/config/agent.rs b/src/libs/kata-types/src/config/agent.rs index 8dda214585..ded2523171 100644 --- a/src/libs/kata-types/src/config/agent.rs +++ b/src/libs/kata-types/src/config/agent.rs @@ -113,6 +113,10 @@ pub struct Agent { #[serde(default = "default_reconnect_timeout")] pub reconnect_timeout_ms: u32, + /// Confidential Data Hub API timeout value in milliseconds + #[serde(default = "default_cdh_api_timeout_ms")] + pub cdh_api_timeout_ms: u32, + /// Agent request timeout value in millisecond /// This timeout value is used to set the maximum duration for the agent to process a CreateContainerRequest. /// It's also used to ensure that workloads, especially those involving large image pulls within the guest, @@ -180,9 +184,10 @@ impl std::default::Default for Agent { log_port: DEFAULT_AGENT_LOG_PORT, passfd_listener_port: DEFAULT_PASSFD_LISTENER_PORT, dial_timeout_ms: DEFAULT_AGENT_DIAL_TIMEOUT_MS, - reconnect_timeout_ms: 3_000, - request_timeout_ms: 30_000, - health_check_request_timeout_ms: 90_000, + reconnect_timeout_ms: default_reconnect_timeout(), + cdh_api_timeout_ms: default_cdh_api_timeout_ms(), + request_timeout_ms: default_request_timeout(), + health_check_request_timeout_ms: default_health_check_timeout(), kernel_modules: Default::default(), container_pipe_size: 0, launch_process_timeout: 0, @@ -218,6 +223,11 @@ fn default_reconnect_timeout() -> u32 { 3_000 } +fn default_cdh_api_timeout_ms() -> u32 { + // ms + 50_000 +} + fn default_request_timeout() -> u32 { // ms 30_000 diff --git a/src/runtime-rs/config/configuration-qemu-coco-dev-runtime-rs.toml.in b/src/runtime-rs/config/configuration-qemu-coco-dev-runtime-rs.toml.in index b14ebc57e7..f710776101 100644 --- a/src/runtime-rs/config/configuration-qemu-coco-dev-runtime-rs.toml.in +++ b/src/runtime-rs/config/configuration-qemu-coco-dev-runtime-rs.toml.in @@ -574,6 +574,10 @@ launch_process_timeout = 6 # Defaults to @DEFCREATECONTAINERTIMEOUT_COCO@ second(s) create_container_timeout = @DEFCREATECONTAINERTIMEOUT_COCO@ +# Confidential Data Hub API timeout value in milliseconds +# (default: 50000) +cdh_api_timeout_ms = 50000 + [agent.@PROJECT_TYPE@.mem_agent] # Control the mem-agent function enable or disable. # Default to false diff --git a/src/runtime-rs/config/configuration-qemu-se-runtime-rs.toml.in b/src/runtime-rs/config/configuration-qemu-se-runtime-rs.toml.in index 3edf12ba46..21d0144531 100644 --- a/src/runtime-rs/config/configuration-qemu-se-runtime-rs.toml.in +++ b/src/runtime-rs/config/configuration-qemu-se-runtime-rs.toml.in @@ -551,6 +551,10 @@ launch_process_timeout = 6 # Defaults to @DEFCREATECONTAINERTIMEOUT@ second(s) create_container_timeout = @DEFCREATECONTAINERTIMEOUT@ +# Confidential Data Hub API timeout value in milliseconds +# (default: 50000) +cdh_api_timeout_ms = 50000 + [runtime] # If enabled, the runtime will log additional debug messages to the # system log diff --git a/src/runtime-rs/config/configuration-qemu-snp-runtime-rs.toml.in b/src/runtime-rs/config/configuration-qemu-snp-runtime-rs.toml.in index 67e23550ce..239d048f69 100644 --- a/src/runtime-rs/config/configuration-qemu-snp-runtime-rs.toml.in +++ b/src/runtime-rs/config/configuration-qemu-snp-runtime-rs.toml.in @@ -593,6 +593,10 @@ launch_process_timeout = 6 # Defaults to @DEFCREATECONTAINERTIMEOUT_COCO@ second(s) create_container_timeout = @DEFCREATECONTAINERTIMEOUT_COCO@ +# Confidential Data Hub API timeout value in milliseconds +# (default: 50000) +cdh_api_timeout_ms = 50000 + [runtime] # If enabled, the runtime will log additional debug messages to the # system log diff --git a/src/runtime-rs/config/configuration-qemu-tdx-runtime-rs.toml.in b/src/runtime-rs/config/configuration-qemu-tdx-runtime-rs.toml.in index 818bf36cc0..66c5a2cf26 100644 --- a/src/runtime-rs/config/configuration-qemu-tdx-runtime-rs.toml.in +++ b/src/runtime-rs/config/configuration-qemu-tdx-runtime-rs.toml.in @@ -569,6 +569,10 @@ launch_process_timeout = 6 # Defaults to @DEFCREATECONTAINERTIMEOUT_COCO@ second(s) create_container_timeout = @DEFCREATECONTAINERTIMEOUT_COCO@ +# Confidential Data Hub API timeout value in milliseconds +# (default: 50000) +cdh_api_timeout_ms = 50000 + [runtime] # If enabled, the runtime will log additional debug messages to the # system log @@ -702,4 +706,3 @@ enable_pprof = false # to the hypervisor. # (default: /run/kata-containers/dans) dan_conf = "@DEFDANCONF@" - diff --git a/src/runtime-rs/config/configuration-rs-fc.toml.in b/src/runtime-rs/config/configuration-rs-fc.toml.in index aa44c1b636..20f99bf5cb 100644 --- a/src/runtime-rs/config/configuration-rs-fc.toml.in +++ b/src/runtime-rs/config/configuration-rs-fc.toml.in @@ -314,9 +314,9 @@ debug_console_enabled = false # (default: 45000) dial_timeout_ms = 45000 -# Confidential Data Hub API timeout value in seconds -# (default: 50) -cdh_api_timeout = 50 +# Confidential Data Hub API timeout value in milliseconds +# (default: 50000) +cdh_api_timeout_ms = 50000 # Create Container Request Timeout # This timeout value is used to set the maximum duration for the agent to process a CreateContainerRequest.