Merge pull request #12785 from fidencio/topic/runtime-rs-deny-config

runtime-rs: Deny config of unknown fields & change dbg_monitor_socket name

src/libs/kata-types/src/config/agent.rs

@@ -19,6 +19,7 @@ use super::default::{
 pub const AGENT_NAME_KATA: &str = "kata";
 
 #[derive(Default, Debug, Deserialize, Serialize, Clone)]
+#[serde(deny_unknown_fields)]
 pub struct MemAgent {
     #[serde(default, alias = "mem_agent_enable")]
     pub enable: bool,
@@ -58,6 +59,7 @@ pub struct MemAgent {
 
 /// Kata agent configuration information.
 #[derive(Debug, Deserialize, Serialize, Clone)]
+#[serde(deny_unknown_fields)]
 pub struct Agent {
     /// If enabled, the agent will log additional debug messages to the system log.
     #[serde(default, rename = "enable_debug")]

src/libs/kata-types/src/config/hypervisor/mod.rs

@@ -708,10 +708,10 @@ pub struct DebugInfo {
     ///
     /// Example usage in configuration:
     /// ```toml
-    /// dbg_monitor_socket = "hmp"
+    /// extra_monitor_socket = "hmp"
     /// ```
-    #[serde(default)]
-    pub dbg_monitor_socket: String,
+    #[serde(default, alias = "dbg_monitor_socket")]
+    pub extra_monitor_socket: String,
 }
 
 impl DebugInfo {
@@ -1238,6 +1238,7 @@ impl NetworkInfo {
 
 /// Configuration information for rootless user.
 #[derive(Clone, Debug, Default, Deserialize, Serialize)]
+#[serde(deny_unknown_fields)]
 pub struct RootlessUser {
     /// The UID of the rootless user.
     #[serde(default)]
@@ -1643,6 +1644,7 @@ impl VmTemplateInfo {
 
 /// Configuration information for VM factory (templating, caches, etc.).
 #[derive(Clone, Debug, Default, Deserialize, Serialize)]
+#[serde(deny_unknown_fields)]
 pub struct Factory {
     /// Enable VM templating support.
     /// When enabled, new VMs may be created from a template to speed up creation.

src/libs/kata-types/src/config/shared_mount.rs

@@ -8,6 +8,7 @@ use std::io::Result;
 use regex::Regex;
 
 #[derive(Debug, Deserialize, Serialize, Clone, Default)]
+#[serde(deny_unknown_fields)]
 pub struct SharedMount {
     /// Name is used to identify a pair of shared mount points.
     /// This field cannot be omitted.
@@ -143,7 +144,6 @@ mod tests {
                 shared_mount_annotation: r#"
                 {
                     "name": "test",
-                    "src": "sidecar",
                     "src_path": "/mnt/storage",
                     "dst_ctr": "app",
                     "dst_path": "/mnt/storage"
@@ -156,7 +156,6 @@ mod tests {
                 {
                     "name": "test",
                     "src_ctr": "sidecar",
-                    "src_dir": "/mnt/storage",
                     "dst_ctr": "app",
                     "dst_path": "/mnt/storage"
                 }"#,
@@ -169,7 +168,6 @@ mod tests {
                     "name": "test",
                     "src_ctr": "sidecar",
                     "src_path": "/mnt/storage",
-                    "dst_container": "app",
                     "dst_path": "/mnt/storage"
                 }"#,
                 result: false,
@@ -181,8 +179,7 @@ mod tests {
                     "name": "test",
                     "src_ctr": "sidecar",
                     "src_path": "/mnt/storage",
-                    "dst_ctr": "app",
-                    "path": "/mnt/storage"
+                    "dst_ctr": "app"
                 }"#,
                 result: false,
                 message: "shared_mount: field 'dst_path' couldn't be empty.",

src/libs/kata-types/tests/texture/configuration-anno-0.toml

@@ -65,8 +65,8 @@ enable_guest_swap = true
 [agent.agent0]
 enable_tracing = true
 debug_console_enabled = true
-debug = true
-dial_timeout = 1
+enable_debug = true
+dial_timeout_ms = 1000
 kernel_modules = ["e1000e InterruptThrottleRate=3000,3000,3000 EEE=1","i915_enabled_ppgtt=0"]
 container_pipe_size = 2
 [runtime]

src/libs/kata-types/tests/texture/configuration-anno-1.toml

@@ -64,8 +64,8 @@ enable_guest_swap = true
 [agent.agent0]
 enable_tracing = true
 debug_console_enabled = true
-debug = true
-dial_timeout = 1
+enable_debug = true
+dial_timeout_ms = 1000
 kernel_modules = ["e1000e InterruptThrottleRate=3000,3000,3000 EEE=1","i915_enabled_ppgtt=0"]
 container_pipe_size = 2
 [runtime]

src/runtime-rs/config/configuration-cloud-hypervisor.toml.in

@@ -311,6 +311,19 @@ dial_timeout_ms = 10
 # (default: 3000)
 reconnect_timeout_ms = 3000
 
+# Create Container Request Timeout
+# This timeout value is used to set the maximum duration for the agent to process a CreateContainerRequest.
+# It's also used to ensure that workloads, especially those involving large image pulls within the guest,
+# have sufficient time to complete.
+#
+# Effective Timeout Determination:
+# The effective timeout for a CreateContainerRequest is determined by taking the minimum of the following two values:
+# - create_container_timeout: The timeout value configured for creating containers (default: 30 seconds).
+# - runtime-request-timeout: The timeout value specified in the Kubelet configuration described as the link below:
+# (https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/#:~:text=runtime%2Drequest%2Dtimeout)
+# Defaults to @DEFCREATECONTAINERTIMEOUT@ second(s)
+create_container_timeout = @DEFCREATECONTAINERTIMEOUT@
+
 [agent.@PROJECT_TYPE@.mem_agent]
 # Control the mem-agent function enable or disable.
 # Default to false
@@ -409,19 +422,6 @@ compact_threshold = 1024
 # Using 9223372036854775807 (i64::MAX) which is effectively "never" for practical purposes
 compact_force_times = 9223372036854775807
 
-# Create Container Request Timeout
-# This timeout value is used to set the maximum duration for the agent to process a CreateContainerRequest.
-# It's also used to ensure that workloads, especially those involving large image pulls within the guest,
-# have sufficient time to complete.
-#
-# Effective Timeout Determination:
-# The effective timeout for a CreateContainerRequest is determined by taking the minimum of the following two values:
-# - create_container_timeout: The timeout value configured for creating containers (default: 30 seconds).
-# - runtime-request-timeout: The timeout value specified in the Kubelet configuration described as the link below:
-# (https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/#:~:text=runtime%2Drequest%2Dtimeout)
-# Defaults to @DEFCREATECONTAINERTIMEOUT@ second(s)
-create_container_timeout = @DEFCREATECONTAINERTIMEOUT@
-
 [runtime]
 # If enabled, the runtime will log additional debug messages to the
 # system log

src/runtime-rs/config/configuration-qemu-coco-dev-runtime-rs.toml.in

@@ -339,7 +339,7 @@ enable_debug = false
 #
 # If set to the empty string "", no extra monitor socket is added. This is
 # the default.
-dbg_monitor_socket = ""
+extra_monitor_socket = ""
 
 # Disable the customizations done in the runtime when it detects
 # that it is running on top a VMM. This will result in the runtime
@@ -552,8 +552,8 @@ reconnect_timeout_ms = 3000
 # - create_container_timeout: The timeout value configured for creating containers (default: 30 seconds).
 # - runtime-request-timeout: The timeout value specified in the Kubelet configuration described as the link below:
 # (https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/#:~:text=runtime%2Drequest%2Dtimeout)
-# Defaults to @DEFCREATECONTAINERTIMEOUT@ second(s)
-create_container_timeout = @DEFCREATECONTAINERTIMEOUT@
+# Defaults to @DEFCREATECONTAINERTIMEOUT_COCO@ second(s)
+create_container_timeout = @DEFCREATECONTAINERTIMEOUT_COCO@
 
 [agent.@PROJECT_TYPE@.mem_agent]
 # Control the mem-agent function enable or disable.
@@ -651,19 +651,6 @@ compact_threshold = 1024
 # Default to 9223372036854775807
 compact_force_times = 9223372036854775807
 
-# Create Container Request Timeout
-# This timeout value is used to set the maximum duration for the agent to process a CreateContainerRequest.
-# It's also used to ensure that workloads, especially those involving large image pulls within the guest,
-# have sufficient time to complete.
-#
-# Effective Timeout Determination:
-# The effective timeout for a CreateContainerRequest is determined by taking the minimum of the following two values:
-# - create_container_timeout: The timeout value configured for creating containers (default: @DEFCREATECONTAINERTIMEOUT_COCO@ seconds).
-# - runtime-request-timeout: The timeout value specified in the Kubelet configuration described as the link below:
-# (https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/#:~:text=runtime%2Drequest%2Dtimeout)
-# Defaults to @DEFCREATECONTAINERTIMEOUT_COCO@ second(s)
-create_container_timeout = @DEFCREATECONTAINERTIMEOUT_COCO@
-
 [runtime]
 # If enabled, the runtime will log additional debug messages to the
 # system log

src/runtime-rs/config/configuration-qemu-runtime-rs.toml.in

@@ -335,7 +335,7 @@ enable_debug = false
 #
 # If set to the empty string "", no extra monitor socket is added. This is
 # the default.
-dbg_monitor_socket = ""
+extra_monitor_socket = ""
 
 # Disable the customizations done in the runtime when it detects
 # that it is running on top a VMM. This will result in the runtime
@@ -548,6 +548,19 @@ dial_timeout_ms = 10
 # (default: 3000)
 reconnect_timeout_ms = 3000
 
+# Create Container Request Timeout
+# This timeout value is used to set the maximum duration for the agent to process a CreateContainerRequest.
+# It's also used to ensure that workloads, especially those involving large image pulls within the guest,
+# have sufficient time to complete.
+#
+# Effective Timeout Determination:
+# The effective timeout for a CreateContainerRequest is determined by taking the minimum of the following two values:
+# - create_container_timeout: The timeout value configured for creating containers (default: 30 seconds).
+# - runtime-request-timeout: The timeout value specified in the Kubelet configuration described as the link below:
+# (https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/#:~:text=runtime%2Drequest%2Dtimeout)
+# Defaults to @DEFCREATECONTAINERTIMEOUT@ second(s)
+create_container_timeout = @DEFCREATECONTAINERTIMEOUT@
+
 [agent.@PROJECT_TYPE@.mem_agent]
 # Control the mem-agent function enable or disable.
 # Default to false
@@ -646,19 +659,6 @@ compact_threshold = 1024
 # Using 9223372036854775807 (i64::MAX) which is effectively "never" for practical purposes
 compact_force_times = 9223372036854775807
 
-# Create Container Request Timeout
-# This timeout value is used to set the maximum duration for the agent to process a CreateContainerRequest.
-# It's also used to ensure that workloads, especially those involving large image pulls within the guest,
-# have sufficient time to complete.
-#
-# Effective Timeout Determination:
-# The effective timeout for a CreateContainerRequest is determined by taking the minimum of the following two values:
-# - create_container_timeout: The timeout value configured for creating containers (default: 30 seconds).
-# - runtime-request-timeout: The timeout value specified in the Kubelet configuration described as the link below:
-# (https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/#:~:text=runtime%2Drequest%2Dtimeout)
-# Defaults to @DEFCREATECONTAINERTIMEOUT@ second(s)
-create_container_timeout = @DEFCREATECONTAINERTIMEOUT@
-
 [runtime]
 # If enabled, the runtime will log additional debug messages to the
 # system log

src/runtime-rs/config/configuration-qemu-snp-runtime-rs.toml.in

@@ -392,7 +392,7 @@ disable_vhost_net = false
 #
 # If set to the empty string "", no extra monitor socket is added. This is
 # the default.
-#dbg_monitor_socket = "hmp"
+extra_monitor_socket = ""
 
 #
 # Default entropy source.

src/runtime-rs/config/configuration-qemu-tdx-runtime-rs.toml.in

@@ -349,7 +349,7 @@ enable_debug = false
 #
 # If set to the empty string "", no extra monitor socket is added. This is
 # the default.
-dbg_monitor_socket = ""
+extra_monitor_socket = ""
 
 # Disable the customizations done in the runtime when it detects
 # that it is running on top a VMM. This will result in the runtime

src/runtime-rs/config/configuration-remote.toml.in

@@ -150,9 +150,9 @@ enable_tracing = false
 
 debug_console_enabled = false
 
-# Agent connection dialing timeout value in seconds
-# (default: 30)
-dial_timeout = 30
+# Agent connection dialing timeout value in milliseconds
+# (default: 30000)
+dial_timeout_ms = 30000
 
 # Create Container Request Timeout
 # This timeout value is used to set the maximum duration for the agent to process a CreateContainerRequest.

src/runtime-rs/config/configuration-rs-fc.toml.in

@@ -310,9 +310,9 @@ kernel_modules = []
 
 debug_console_enabled = false
 
-# Agent connection dialing timeout value in seconds
-# (default: 45)
-dial_timeout = 45
+# Agent connection dialing timeout value in milliseconds
+# (default: 45000)
+dial_timeout_ms = 45000
 
 # Confidential Data Hub API timeout value in seconds
 # (default: 50)

src/runtime-rs/crates/hypervisor/src/qemu/cmdline_generator.rs

@@ -2248,8 +2248,8 @@ impl<'a> QemuCmdLine<'a> {
             qemu_cmd_line.add_iommu();
         }
 
-        if config.debug_info.enable_debug && !config.debug_info.dbg_monitor_socket.is_empty() {
-            qemu_cmd_line.add_monitor(&config.debug_info.dbg_monitor_socket)?;
+        if config.debug_info.enable_debug && !config.debug_info.extra_monitor_socket.is_empty() {
+            qemu_cmd_line.add_monitor(&config.debug_info.extra_monitor_socket)?;
         }
 
         qemu_cmd_line.add_rtc();

src/runtime-rs/tests/texture/configuration-qemu.toml

@@ -65,8 +65,8 @@ enable_guest_swap = true
 [agent.agent0]
 enable_tracing = true
 debug_console_enabled = true
-debug = true
-dial_timeout = 1
+enable_debug = true
+dial_timeout_ms = 1000
 kernel_modules = ["e1000e InterruptThrottleRate=3000,3000,3000 EEE=1","i915_enabled_ppgtt=0"]
 container_pipe_size = 2
 [runtime]