diff --git a/src/runtime/virtcontainers/pkg/agent/protocols/grpc/agent.proto b/src/runtime/virtcontainers/pkg/agent/protocols/grpc/agent.proto deleted file mode 100644 index 426268d199..0000000000 --- a/src/runtime/virtcontainers/pkg/agent/protocols/grpc/agent.proto +++ /dev/null @@ -1,496 +0,0 @@ -// -// Copyright 2017 HyperHQ Inc. -// -// SPDX-License-Identifier: Apache-2.0 -// - -syntax = "proto3"; - -package grpc; - -import "github.com/kata-containers/kata-containers/src/runtime/virtcontainers/pkg/agent/protocols/grpc/oci.proto"; -import "github.com/kata-containers/kata-containers/src/runtime/virtcontainers/pkg/agent/protocols/types.proto"; -import "google/protobuf/empty.proto"; - -// unstable -service AgentService { - // execution - rpc CreateContainer(CreateContainerRequest) returns (google.protobuf.Empty); - rpc StartContainer(StartContainerRequest) returns (google.protobuf.Empty); - - // RemoveContainer will tear down an existing container by forcibly terminating - // all processes running inside that container and releasing all internal - // resources associated with it. - // RemoveContainer will wait for all processes termination before returning. - // If any process can not be killed or if it can not be killed after - // the RemoveContainerRequest timeout, RemoveContainer will return an error. - rpc RemoveContainer(RemoveContainerRequest) returns (google.protobuf.Empty); - rpc ExecProcess(ExecProcessRequest) returns (google.protobuf.Empty); - rpc SignalProcess(SignalProcessRequest) returns (google.protobuf.Empty); - rpc WaitProcess(WaitProcessRequest) returns (WaitProcessResponse); // wait & reap like waitpid(2) - rpc ListProcesses(ListProcessesRequest) returns (ListProcessesResponse); - rpc UpdateContainer(UpdateContainerRequest) returns (google.protobuf.Empty); - rpc StatsContainer(StatsContainerRequest) returns (StatsContainerResponse); - rpc PauseContainer(PauseContainerRequest) returns (google.protobuf.Empty); - rpc ResumeContainer(ResumeContainerRequest) returns (google.protobuf.Empty); - - // stdio - rpc WriteStdin(WriteStreamRequest) returns (WriteStreamResponse); - rpc ReadStdout(ReadStreamRequest) returns (ReadStreamResponse); - rpc ReadStderr(ReadStreamRequest) returns (ReadStreamResponse); - rpc CloseStdin(CloseStdinRequest) returns (google.protobuf.Empty); - rpc TtyWinResize(TtyWinResizeRequest) returns (google.protobuf.Empty); - - // networking - rpc UpdateInterface(UpdateInterfaceRequest) returns (types.Interface); - rpc UpdateRoutes(UpdateRoutesRequest) returns (Routes); - rpc ListInterfaces(ListInterfacesRequest) returns(Interfaces); - rpc ListRoutes(ListRoutesRequest) returns (Routes); - - // tracing - rpc StartTracing(StartTracingRequest) returns (google.protobuf.Empty); - rpc StopTracing(StopTracingRequest) returns (google.protobuf.Empty); - - // misc (TODO: some rpcs can be replaced by hyperstart-exec) - rpc CreateSandbox(CreateSandboxRequest) returns (google.protobuf.Empty); - rpc DestroySandbox(DestroySandboxRequest) returns (google.protobuf.Empty); - rpc OnlineCPUMem(OnlineCPUMemRequest) returns (google.protobuf.Empty); - rpc ReseedRandomDev(ReseedRandomDevRequest) returns (google.protobuf.Empty); - rpc GetGuestDetails(GuestDetailsRequest) returns (GuestDetailsResponse); - rpc MemHotplugByProbe(MemHotplugByProbeRequest) returns (google.protobuf.Empty); - rpc SetGuestDateTime(SetGuestDateTimeRequest) returns (google.protobuf.Empty); - rpc CopyFile(CopyFileRequest) returns (google.protobuf.Empty); -} - -message CreateContainerRequest { - string container_id = 1; - string exec_id = 2; - StringUser string_user = 3; - repeated Device devices = 4; - repeated Storage storages = 5; - Spec OCI = 6; - - // This field is used to indicate if the container needs to join - // sandbox shared pid ns or create a new namespace. This field is - // meant to override the NEWPID config settings in the OCI spec. - // The agent would receive an OCI spec with PID namespace cleared - // out altogether and not just the pid ns path. - bool sandbox_pidns = 7; -} - -message StartContainerRequest { - string container_id = 1; -} - -message RemoveContainerRequest { - string container_id = 1; - - // RemoveContainer will return an error if - // it could not kill some container processes - // after timeout seconds. - // Setting timeout to 0 means RemoveContainer will - // wait for ever. - uint32 timeout = 2; -} - -message ExecProcessRequest { - string container_id = 1; - string exec_id = 2; - StringUser string_user = 3; - Process process = 4; -} - -message SignalProcessRequest { - string container_id = 1; - - // Special case for SignalProcess(): exec_id can be empty(""), - // which means to send the signal to all the processes including their descendants. - // Other APIs with exec_id should treat empty exec_id as an invalid request. - string exec_id = 2; - uint32 signal = 3; -} - -message WaitProcessRequest { - string container_id = 1; - string exec_id = 2; -} - -message WaitProcessResponse { - int32 status = 1; -} - -// ListProcessesRequest contains the options used to list running processes inside the container -message ListProcessesRequest { - string container_id = 1; - string format = 2; - repeated string args = 3; -} - -// ListProcessesResponse represents the list of running processes inside the container -message ListProcessesResponse { - bytes process_list = 1; -} - -message UpdateContainerRequest { - string container_id = 1; - LinuxResources resources = 2; -} - -message StatsContainerRequest { - string container_id = 1; -} - -message PauseContainerRequest { - string container_id = 1; -} - -message ResumeContainerRequest { - string container_id = 1; -} - -message CpuUsage { - uint64 total_usage = 1; - repeated uint64 percpu_usage = 2; - uint64 usage_in_kernelmode = 3; - uint64 usage_in_usermode = 4; -} - -message ThrottlingData { - uint64 periods = 1; - uint64 throttled_periods = 2; - uint64 throttled_time = 3; -} - -message CpuStats { - CpuUsage cpu_usage = 1; - ThrottlingData throttling_data = 2; -} - -message PidsStats { - uint64 current = 1; - uint64 limit = 2; -} - -message MemoryData { - uint64 usage = 1; - uint64 max_usage = 2; - uint64 failcnt = 3; - uint64 limit = 4; -} - -message MemoryStats { - uint64 cache = 1; - MemoryData usage = 2; - MemoryData swap_usage = 3; - MemoryData kernel_usage = 4; - bool use_hierarchy = 5; - map stats = 6; -} - - -message BlkioStatsEntry { - uint64 major = 1; - uint64 minor = 2; - string op = 3; - uint64 value = 4; -} - -message BlkioStats { - repeated BlkioStatsEntry io_service_bytes_recursive = 1; // number of bytes transferred to and from the block device - repeated BlkioStatsEntry io_serviced_recursive = 2; - repeated BlkioStatsEntry io_queued_recursive = 3; - repeated BlkioStatsEntry io_service_time_recursive = 4; - repeated BlkioStatsEntry io_wait_time_recursive = 5; - repeated BlkioStatsEntry io_merged_recursive = 6; - repeated BlkioStatsEntry io_time_recursive = 7; - repeated BlkioStatsEntry sectors_recursive = 8; -} - -message HugetlbStats { - uint64 usage = 1; - uint64 max_usage = 2; - uint64 failcnt = 3; -} - -message CgroupStats { - CpuStats cpu_stats = 1; - MemoryStats memory_stats = 2; - PidsStats pids_stats = 3; - BlkioStats blkio_stats = 4; - map hugetlb_stats = 5; // the map is in the format "size of hugepage: stats of the hugepage" - -} - -message NetworkStats { - string name = 1; - uint64 rx_bytes = 2; - uint64 rx_packets = 3; - uint64 rx_errors = 4; - uint64 rx_dropped = 5; - uint64 tx_bytes = 6; - uint64 tx_packets = 7; - uint64 tx_errors = 8; - uint64 tx_dropped = 9; -} - -message StatsContainerResponse { - CgroupStats cgroup_stats = 1; - repeated NetworkStats network_stats = 2; -} - -message WriteStreamRequest { - string container_id = 1; - string exec_id = 2; - bytes data = 3; -} - -message WriteStreamResponse { - uint32 len = 1; -} - -message ReadStreamRequest { - string container_id = 1; - string exec_id = 2; - uint32 len = 3; -} - -message ReadStreamResponse { - bytes data = 1; -} - -message CloseStdinRequest { - string container_id = 1; - string exec_id = 2; -} - -message TtyWinResizeRequest { - string container_id = 1; - string exec_id = 2; - uint32 row = 3; - uint32 column = 4; -} - -message KernelModule { - // This field is the name of the kernel module. - string name = 1; - // This field are the parameters for the kernel module which are - // whitespace-delimited key=value pairs passed to modprobe(8). - repeated string parameters = 2; -} - -message CreateSandboxRequest { - string hostname = 1; - repeated string dns = 2; - repeated Storage storages = 3; - - // This field means that a pause process needs to be created by the - // agent. This pid namespace of the pause process will be treated as - // a shared pid namespace. All containers created will join this shared - // pid namespace. - bool sandbox_pidns = 4; - // SandboxId identifies which sandbox is using the agent. We allow only - // one sandbox per agent and implicitly require that CreateSandbox is - // called before other sandbox/network calls. - string sandbox_id = 5; - // This field, if non-empty, designates an absolute path to a directory - // that the agent will search for OCI hooks to run within the guest. - string guest_hook_path = 6; - // This field is the list of kernel modules to be loaded in the guest kernel. - repeated KernelModule kernel_modules = 7; -} - -message DestroySandboxRequest { -} - -message Interfaces { - repeated types.Interface Interfaces = 1; -} - -message Routes { - repeated types.Route Routes = 1; -} - -message UpdateInterfaceRequest { - types.Interface interface = 1; -} - -message UpdateRoutesRequest { - Routes routes = 1; -} - -message ListInterfacesRequest { -} - -message ListRoutesRequest { -} - -message OnlineCPUMemRequest { - // Wait specifies if the caller waits for the agent to online all resources. - // If true the agent returns once all resources have been connected, otherwise all - // resources are connected asynchronously and the agent returns immediately. - bool wait = 1; - - // NbCpus specifies the number of CPUs that were added and the agent has to online. - uint32 nb_cpus = 2; - - // CpuOnly specifies whether only online CPU or not. - bool cpu_only = 3; -} - -message ReseedRandomDevRequest { - // Data specifies the random data used to reseed the guest crng. - bytes data = 2; -} - -// AgentDetails provides information to the client about the running agent. -message AgentDetails { - // Semantic version of agent (see https://semver.org). - string version = 1; - - // Set if the agent is running as PID 1. - bool init_daemon = 2; - - // List of available device handlers. - repeated string device_handlers = 3; - - // List of available storage handlers. - repeated string storage_handlers = 4; - - // Set only if the agent is built with seccomp support and the guest - // environment supports seccomp. - bool supports_seccomp = 5; -} - -message GuestDetailsRequest { - // MemBlockSize asks server to return the system memory block size that can be used - // for memory hotplug alignment. Typically the server returns what's in - // /sys/devices/system/memory/block_size_bytes. - bool mem_block_size = 1; - - // MemoryHotplugProbe asks server to return whether guest kernel supports memory hotplug - // via probeinterface. Typically the server will check if the path - // /sys/devices/system/memory/probe exists. - bool mem_hotplug_probe = 2; -} - -message GuestDetailsResponse { - // MemBlockSizeBytes returns the system memory block size in bytes. - uint64 mem_block_size_bytes = 1; - - AgentDetails agent_details = 2; - - bool support_mem_hotplug_probe = 3; -} - -message MemHotplugByProbeRequest { - // server needs to send the value of memHotplugProbeAddr into file /sys/devices/system/memory/probe, - // in order to notify the guest kernel about hot-add memory event - repeated uint64 memHotplugProbeAddr = 1; -} - -message SetGuestDateTimeRequest { - // Sec the second since the Epoch. - int64 Sec = 1; - // Usec the microseconds portion of time since the Epoch. - int64 Usec = 2; -} - -// Storage represents both the rootfs of the container, and any volume that -// could have been defined through the Mount list of the OCI specification. -message Storage { - // Driver is used to define the way the storage is passed through the - // virtual machine. It can be "9p", "blk", or something else, but for - // all cases, this will define if some extra steps are required before - // this storage gets mounted into the container. - string driver = 1; - // DriverOptions allows the caller to define a list of options such - // as block sizes, numbers of luns, ... which are very specific to - // every device and cannot be generalized through extra fields. - repeated string driver_options = 2; - // Source can be anything representing the source of the storage. This - // will be handled by the proper handler based on the Driver used. - // For instance, it can be a very simple path if the caller knows the - // name of device inside the VM, or it can be some sort of identifier - // to let the agent find the device inside the VM. - string source = 3; - // Fstype represents the filesystem that needs to be used to mount the - // storage inside the VM. For instance, it could be "xfs" for block - // device, "9p" for shared filesystem, or "tmpfs" for shared /dev/shm. - string fstype = 4; - // Options describes the additional options that might be needed to - // mount properly the storage filesytem. - repeated string options = 5; - // MountPoint refers to the path where the storage should be mounted - // inside the VM. - string mount_point = 6; -} - -// Device represents only the devices that could have been defined through the -// Linux Device list of the OCI specification. -message Device { - // Id can be used to identify the device inside the VM. Some devices - // might not need it to be identified on the VM, and will rely on the - // provided VmPath instead. - string id = 1; - // Type defines the type of device described. This can be "blk", - // "scsi", "vfio", ... - // Particularly, this should be used to trigger the use of the - // appropriate device handler. - string type = 2; - // VmPath can be used by the caller to provide directly the path of - // the device as it will appear inside the VM. For some devices, the - // device id or the list of options passed might not be enough to find - // the device. In those cases, the caller should predict and provide - // this vm_path. - string vm_path = 3; - // ContainerPath defines the path where the device should be found inside - // the container. This path should match the path of the device from - // the device list listed inside the OCI spec. This is used in order - // to identify the right device in the spec and update it with the - // right options such as major/minor numbers as they appear inside - // the VM for instance. Note that an empty ctr_path should be used - // to make sure the device handler inside the agent is called, but - // no spec update needs to be performed. This has to happen for the - // case of rootfs, when a device has to be waited for after it has - // been hotplugged. An equivalent Storage entry should be defined if - // any mount needs to be performed afterwards. - string container_path = 4; - // Options allows the caller to define a list of options such as block - // sizes, numbers of luns, ... which are very specific to every device - // and cannot be generalized through extra fields. - repeated string options = 5; -} - -message StringUser { - string uid = 1; - string gid = 2; - repeated string additionalGids = 3; -} - -message CopyFileRequest { - // Path is the destination file in the guest. It must be absolute, - // canonical and below /run. - string path = 1; - // FileSize is the expected file size, for security reasons write operations - // are made in a temporary file, once it has the expected size, it's moved - // to the destination path. - int64 file_size = 2; - // FileMode is the file mode. - uint32 file_mode = 3; - // DirMode is the mode for the parent directories of destination path. - uint32 dir_mode = 4; - // Uid is the numeric user id. - int32 uid = 5; - // Gid is the numeric group id. - int32 gid = 6; - // Offset for the next write operation. - int64 offset = 7; - // Data to write in the destination file. - bytes data = 8; -} - -message StartTracingRequest { -} - -message StopTracingRequest { -} diff --git a/src/runtime/virtcontainers/pkg/agent/protocols/grpc/health.proto b/src/runtime/virtcontainers/pkg/agent/protocols/grpc/health.proto deleted file mode 100644 index 4aa7514bdb..0000000000 --- a/src/runtime/virtcontainers/pkg/agent/protocols/grpc/health.proto +++ /dev/null @@ -1,39 +0,0 @@ -// -// Copyright 2017 HyperHQ Inc. -// -// SPDX-License-Identifier: Apache-2.0 -// - -syntax = "proto3"; - -package grpc; - -import "gogo/protobuf/gogoproto/gogo.proto"; - -option (gogoproto.equal_all) = true; -option (gogoproto.populate_all) = true; -option (gogoproto.testgen_all) = true; -option (gogoproto.benchgen_all) = true; - -message CheckRequest { - string service = 1; -} - -message HealthCheckResponse { - enum ServingStatus { - UNKNOWN = 0; - SERVING = 1; - NOT_SERVING = 2; - } - ServingStatus status = 1; -} - -message VersionCheckResponse { - string grpc_version = 1; - string agent_version = 2; -} - -service Health { - rpc Check(CheckRequest) returns (HealthCheckResponse); - rpc Version(CheckRequest) returns (VersionCheckResponse); -} diff --git a/src/runtime/virtcontainers/pkg/agent/protocols/grpc/oci.proto b/src/runtime/virtcontainers/pkg/agent/protocols/grpc/oci.proto deleted file mode 100644 index 9c68d1b982..0000000000 --- a/src/runtime/virtcontainers/pkg/agent/protocols/grpc/oci.proto +++ /dev/null @@ -1,462 +0,0 @@ -// -// Copyright (c) 2017 Intel Corporation -// -// SPDX-License-Identifier: Apache-2.0 -// - -syntax = "proto3"; - -package grpc; - -import "gogo/protobuf/gogoproto/gogo.proto"; -import "google/protobuf/wrappers.proto"; - -option (gogoproto.equal_all) = true; -option (gogoproto.populate_all) = true; -option (gogoproto.testgen_all) = true; -option (gogoproto.benchgen_all) = true; - -message Spec { - // Version of the Open Container Initiative Runtime Specification with which the bundle complies. - string Version = 1; - - // Process configures the container process. - Process Process = 2; - - // Root configures the container's root filesystem. - Root Root = 3; - - // Hostname configures the container's hostname. - string Hostname = 4; - - // Mounts configures additional mounts (on top of Root). - repeated Mount Mounts = 5 [(gogoproto.nullable) = false]; - - // Hooks configures callbacks for container lifecycle events. - Hooks Hooks = 6; - - // Annotations contains arbitrary metadata for the container. - map Annotations = 7; - - // Linux is platform-specific configuration for Linux based containers. - Linux Linux = 8; - - // Solaris is platform-specific configuration for Solaris based containers. - Solaris Solaris = 9; - // Windows is platform-specific configuration for Windows based containers. - Windows Windows = 10; -} - -message Process { - // Terminal creates an interactive terminal for the container. - bool Terminal = 1; - - // ConsoleSize specifies the size of the console. - Box ConsoleSize = 2; - - // User specifies user information for the process. - User User = 3 [(gogoproto.nullable) = false]; - - // Args specifies the binary and arguments for the application to execute. - repeated string Args = 4; - - // Env populates the process environment for the process. - repeated string Env = 5; - - // Cwd is the current working directory for the process and must be - // relative to the container's root. - string Cwd = 6; - - // Capabilities are Linux capabilities that are kept for the process. - LinuxCapabilities Capabilities = 7; - - // Rlimits specifies rlimit options to apply to the process. - repeated POSIXRlimit Rlimits = 8 [(gogoproto.nullable) = false]; - - // NoNewPrivileges controls whether additional privileges could be gained by processes in the container. - bool NoNewPrivileges = 9; - - // ApparmorProfile specifies the apparmor profile for the container. - string ApparmorProfile = 10; - - // Specify an oom_score_adj for the container. - int64 OOMScoreAdj = 11; - - // SelinuxLabel specifies the selinux context that the container process is run as. - string SelinuxLabel = 12; -} - -message Box { - // Height is the vertical dimension of a box. - uint32 Height = 1; - - // Width is the horizontal dimension of a box. - uint32 Width = 2; -} - -message User { - // UID is the user id. - uint32 UID = 1; - - // GID is the group id. - uint32 GID = 2; - - // AdditionalGids are additional group ids set for the container's process. - repeated uint32 AdditionalGids = 3; - - // Username is the user name. - string Username = 4; -} - -message LinuxCapabilities { - // Bounding is the set of capabilities checked by the kernel. - repeated string Bounding = 1; - - // Effective is the set of capabilities checked by the kernel. - repeated string Effective = 2; - - // Inheritable is the capabilities preserved across execve. - repeated string Inheritable = 3; - - // Permitted is the limiting superset for effective capabilities. - repeated string Permitted = 4; - - // Ambient is the ambient set of capabilities that are kept. - repeated string Ambient = 5; -} - -message POSIXRlimit { - // Type of the rlimit to set - string Type = 1; - - // Hard is the hard limit for the specified type - uint64 Hard = 2; - - // Soft is the soft limit for the specified type - uint64 Soft = 3; -} - -message Mount { - // destination is the path inside the container expect when it starts with "tmp:/" - string destination = 1; - - // source is the path inside the container expect when it starts with "vm:/dev/" or "tmp:/" - // the path which starts with "vm:/dev/" refers the guest vm's "/dev", - // especially, "vm:/dev/hostfs/" refers to the shared filesystem. - // "tmp:/" is a temporary directory which is used for temporary mounts. - string source = 2; - string type = 3; - repeated string options = 4; -} - -message Root { - // Path is the absolute path to the container's root filesystem. - string Path = 1; - - // Readonly makes the root filesystem for the container readonly before the process is executed. - bool Readonly = 2; -} - -message Hooks { - // Prestart is a list of hooks to be run before the container process is executed. - repeated Hook Prestart = 1 [(gogoproto.nullable) = false]; - - // Poststart is a list of hooks to be run after the container process is started. - repeated Hook Poststart = 2 [(gogoproto.nullable) = false]; - - // Poststop is a list of hooks to be run after the container process exits. - repeated Hook Poststop = 3 [(gogoproto.nullable) = false]; -} - -message Hook { - string Path = 1; - repeated string Args = 2; - repeated string Env = 3; - int64 Timeout = 4; -} - -message Linux { - // UIDMapping specifies user mappings for supporting user namespaces. - repeated LinuxIDMapping UIDMappings = 1 [(gogoproto.nullable) = false]; - - // GIDMapping specifies group mappings for supporting user namespaces. - repeated LinuxIDMapping GIDMappings = 2 [(gogoproto.nullable) = false]; - - // Sysctl are a set of key value pairs that are set for the container on start - map Sysctl = 3; - - // Resources contain cgroup information for handling resource constraints - // for the container - LinuxResources Resources = 4; - - // CgroupsPath specifies the path to cgroups that are created and/or joined by the container. - // The path is expected to be relative to the cgroups mountpoint. - // If resources are specified, the cgroups at CgroupsPath will be updated based on resources. - string CgroupsPath = 5; - - // Namespaces contains the namespaces that are created and/or joined by the container - repeated LinuxNamespace Namespaces = 6 [(gogoproto.nullable) = false]; - - // Devices are a list of device nodes that are created for the container - repeated LinuxDevice Devices = 7 [(gogoproto.nullable) = false]; - - // Seccomp specifies the seccomp security settings for the container. - LinuxSeccomp Seccomp = 8; - - // RootfsPropagation is the rootfs mount propagation mode for the container. - string RootfsPropagation = 9; - - // MaskedPaths masks over the provided paths inside the container. - repeated string MaskedPaths = 10; - - // ReadonlyPaths sets the provided paths as RO inside the container. - repeated string ReadonlyPaths = 11; - - // MountLabel specifies the selinux context for the mounts in the container. - string MountLabel = 12; - - // IntelRdt contains Intel Resource Director Technology (RDT) information - // for handling resource constraints (e.g., L3 cache) for the container - LinuxIntelRdt IntelRdt = 13; -} - -message Windows { - // Dummy string, never used. - string dummy = 1; -} - -message Solaris { - // Dummy string, never used. - string dummy = 1; -} - -message LinuxIDMapping { - // HostID is the starting UID/GID on the host to be mapped to 'ContainerID' - uint32 HostID = 1; - - // ContainerID is the starting UID/GID in the container - uint32 ContainerID = 2; - - // Size is the number of IDs to be mapped - uint32 Size = 3; -} - -message LinuxNamespace { - // Type is the type of namespace - string Type = 1; - - // Path is a path to an existing namespace persisted on disk that can be joined - // and is of the same type - string Path = 2; -} - -message LinuxDevice { - // Path to the device. - string Path = 1; - - // Device type, block, char, etc. - string Type = 2; - - // Major is the device's major number. - int64 Major = 3; - - // Minor is the device's minor number. - int64 Minor = 4; - - // FileMode permission bits for the device. - uint32 FileMode = 5; - - // UID of the device. - uint32 UID = 6; - - // Gid of the device. - uint32 GID = 7; -} - -message LinuxResources { - // Devices configures the device whitelist. - repeated LinuxDeviceCgroup Devices = 1 [(gogoproto.nullable) = false]; - - // Memory restriction configuration - LinuxMemory Memory = 2; - - // CPU resource restriction configuration - LinuxCPU CPU = 3; - - // Task resource restriction configuration. - LinuxPids Pids = 4; - - // BlockIO restriction configuration - LinuxBlockIO BlockIO = 5; - - // Hugetlb limit (in bytes) - repeated LinuxHugepageLimit HugepageLimits = 6 [(gogoproto.nullable) = false]; - - // Network restriction configuration - LinuxNetwork Network = 7; -} - -message LinuxMemory { - // Memory limit (in bytes). - int64 Limit = 1; - - // Memory reservation or soft_limit (in bytes). - int64 Reservation = 2; - - // Total memory limit (memory + swap). - int64 Swap = 3; - - // Kernel memory limit (in bytes). - int64 Kernel = 4; - - // Kernel memory limit for tcp (in bytes) - int64 KernelTCP = 5; - - // How aggressive the kernel will swap memory pages. - uint64 Swappiness = 6; - - // DisableOOMKiller disables the OOM killer for out of memory conditions - bool DisableOOMKiller = 7; -} - -message LinuxCPU { - // CPU shares (relative weight (ratio) vs. other cgroups with cpu shares). - uint64 Shares = 1; - - // CPU hardcap limit (in usecs). Allowed cpu time in a given period. - int64 Quota = 2; - - // CPU period to be used for hardcapping (in usecs). - uint64 Period = 3; - - // How much time realtime scheduling may use (in usecs). - int64 RealtimeRuntime = 4; - - // CPU period to be used for realtime scheduling (in usecs). - uint64 RealtimePeriod = 5; - - // CPUs to use within the cpuset. Default is to use any CPU available. - string Cpus = 6; - - // List of memory nodes in the cpuset. Default is to use any available memory node. - string Mems = 7; -} - -message LinuxWeightDevice { - // Major is the device's major number. - int64 Major = 1; - - // Minor is the device's minor number. - int64 Minor = 2; - - // Weight is the bandwidth rate for the device. - uint32 Weight = 3; - - // LeafWeight is the bandwidth rate for the device while competing with the cgroup's child cgroups, CFQ scheduler only - uint32 LeafWeight = 4; -} - -message LinuxThrottleDevice { - // Major is the device's major number. - int64 Major = 1; - - // Minor is the device's minor number. - int64 Minor = 2; - - // Rate is the IO rate limit per cgroup per device - uint64 Rate = 3; -} - -message LinuxBlockIO { - // Specifies per cgroup weight - uint32 Weight = 1; - - // Specifies tasks' weight in the given cgroup while competing with the cgroup's child cgroups, CFQ scheduler only - uint32 LeafWeight = 2; - - // Weight per cgroup per device, can override BlkioWeight - repeated LinuxWeightDevice WeightDevice = 3 [(gogoproto.nullable) = false]; - - // IO read rate limit per cgroup per device, bytes per second - repeated LinuxThrottleDevice ThrottleReadBpsDevice = 4 [(gogoproto.nullable) = false]; - - // IO write rate limit per cgroup per device, bytes per second - repeated LinuxThrottleDevice ThrottleWriteBpsDevice = 5 [(gogoproto.nullable) = false]; - - // IO read rate limit per cgroup per device, IO per second - repeated LinuxThrottleDevice ThrottleReadIOPSDevice = 6 [(gogoproto.nullable) = false]; - - // IO write rate limit per cgroup per device, IO per second - repeated LinuxThrottleDevice ThrottleWriteIOPSDevice = 7 [(gogoproto.nullable) = false]; -} - -message LinuxPids { - // Maximum number of PIDs. Default is "no limit". - int64 Limit = 1; -} - -message LinuxDeviceCgroup { - // Allow or deny - bool Allow = 1; - - // Device type, block, char, etc. - string Type = 2; - - // Major is the device's major number. - int64 Major = 3; - - // Minor is the device's minor number. - int64 Minor = 4; - - // Cgroup access permissions format, rwm. - string Access = 5; -} - -message LinuxNetwork { - // Set class identifier for container's network packets - uint32 ClassID = 1; - - // Set priority of network traffic for container - repeated LinuxInterfacePriority Priorities = 2 [(gogoproto.nullable) = false]; -} - -message LinuxHugepageLimit { - // Pagesize is the hugepage size - string Pagesize = 1; - - // Limit is the limit of "hugepagesize" hugetlb usage - uint64 Limit = 2; -} - -message LinuxInterfacePriority { - // Name is the name of the network interface - string Name = 1; - - // Priority for the interface - uint32 Priority = 2; -} - -message LinuxSeccomp { - string DefaultAction = 1; - repeated string Architectures = 2; - repeated LinuxSyscall Syscalls = 3 [(gogoproto.nullable) = false]; -} - -message LinuxSeccompArg { - uint64 Index = 1; - uint64 Value = 2; - uint64 ValueTwo = 3; - string Op = 4; -} - -message LinuxSyscall { - repeated string Names = 1; - string Action = 2; - repeated LinuxSeccompArg Args = 3 [(gogoproto.nullable) = false]; -} - -message LinuxIntelRdt { - // The schema for L3 cache id and capacity bitmask (CBM) - // Format: "L3:=;=;..." - string L3CacheSchema = 1; -} diff --git a/src/runtime/virtcontainers/pkg/agent/protocols/types.proto b/src/runtime/virtcontainers/pkg/agent/protocols/types.proto deleted file mode 100644 index f6856e1e32..0000000000 --- a/src/runtime/virtcontainers/pkg/agent/protocols/types.proto +++ /dev/null @@ -1,48 +0,0 @@ -// -// Copyright 2018 Intel Corporation. -// -// SPDX-License-Identifier: Apache-2.0 -// - -syntax = "proto3"; - -package types; - -enum IPFamily { - v4 = 0; - v6 = 1; -} - -message IPAddress { - IPFamily family = 1; - string address = 2; - string mask = 3; -} - -message Interface { - string device = 1; - string name = 2; - repeated IPAddress IPAddresses = 3; - uint64 mtu = 4; - string hwAddr = 5; - - // pciAddr is the PCI address in the format "bridgeAddr/deviceAddr". - // Here, bridgeAddr is the address at which the bridge is attached on the root bus, - // while deviceAddr is the address at which the network device is attached on the bridge. - string pciAddr = 6; - - // Type defines the type of interface described by this structure. - // The expected values are the one that are defined by the netlink - // library, regarding each type of link. Here is a non exhaustive - // list: "veth", "macvtap", "vlan", "macvlan", "tap", ... - string type = 7; - uint32 raw_flags = 8; -} - -message Route { - string dest = 1; - string gateway = 2; - string device = 3; - string source = 4; - uint32 scope = 5; -}