diff --git a/src/libs/kata-types/src/config/agent.rs b/src/libs/kata-types/src/config/agent.rs index 07f97f4508..dab97f1096 100644 --- a/src/libs/kata-types/src/config/agent.rs +++ b/src/libs/kata-types/src/config/agent.rs @@ -19,6 +19,7 @@ use super::default::{ pub const AGENT_NAME_KATA: &str = "kata"; #[derive(Default, Debug, Deserialize, Serialize, Clone)] +#[serde(deny_unknown_fields)] pub struct MemAgent { #[serde(default, alias = "mem_agent_enable")] pub enable: bool, @@ -58,6 +59,7 @@ pub struct MemAgent { /// Kata agent configuration information. #[derive(Debug, Deserialize, Serialize, Clone)] +#[serde(deny_unknown_fields)] pub struct Agent { /// If enabled, the agent will log additional debug messages to the system log. #[serde(default, rename = "enable_debug")] diff --git a/src/libs/kata-types/src/config/hypervisor/mod.rs b/src/libs/kata-types/src/config/hypervisor/mod.rs index 72839104bc..42d884cbe8 100644 --- a/src/libs/kata-types/src/config/hypervisor/mod.rs +++ b/src/libs/kata-types/src/config/hypervisor/mod.rs @@ -708,10 +708,10 @@ pub struct DebugInfo { /// /// Example usage in configuration: /// ```toml - /// dbg_monitor_socket = "hmp" + /// extra_monitor_socket = "hmp" /// ``` - #[serde(default)] - pub dbg_monitor_socket: String, + #[serde(default, alias = "dbg_monitor_socket")] + pub extra_monitor_socket: String, } impl DebugInfo { @@ -1238,6 +1238,7 @@ impl NetworkInfo { /// Configuration information for rootless user. #[derive(Clone, Debug, Default, Deserialize, Serialize)] +#[serde(deny_unknown_fields)] pub struct RootlessUser { /// The UID of the rootless user. #[serde(default)] @@ -1643,6 +1644,7 @@ impl VmTemplateInfo { /// Configuration information for VM factory (templating, caches, etc.). #[derive(Clone, Debug, Default, Deserialize, Serialize)] +#[serde(deny_unknown_fields)] pub struct Factory { /// Enable VM templating support. /// When enabled, new VMs may be created from a template to speed up creation. diff --git a/src/libs/kata-types/src/config/shared_mount.rs b/src/libs/kata-types/src/config/shared_mount.rs index e02342a3ec..d1f8a6c482 100644 --- a/src/libs/kata-types/src/config/shared_mount.rs +++ b/src/libs/kata-types/src/config/shared_mount.rs @@ -8,6 +8,7 @@ use std::io::Result; use regex::Regex; #[derive(Debug, Deserialize, Serialize, Clone, Default)] +#[serde(deny_unknown_fields)] pub struct SharedMount { /// Name is used to identify a pair of shared mount points. /// This field cannot be omitted. @@ -143,7 +144,6 @@ mod tests { shared_mount_annotation: r#" { "name": "test", - "src": "sidecar", "src_path": "/mnt/storage", "dst_ctr": "app", "dst_path": "/mnt/storage" @@ -156,7 +156,6 @@ mod tests { { "name": "test", "src_ctr": "sidecar", - "src_dir": "/mnt/storage", "dst_ctr": "app", "dst_path": "/mnt/storage" }"#, @@ -169,7 +168,6 @@ mod tests { "name": "test", "src_ctr": "sidecar", "src_path": "/mnt/storage", - "dst_container": "app", "dst_path": "/mnt/storage" }"#, result: false, @@ -181,8 +179,7 @@ mod tests { "name": "test", "src_ctr": "sidecar", "src_path": "/mnt/storage", - "dst_ctr": "app", - "path": "/mnt/storage" + "dst_ctr": "app" }"#, result: false, message: "shared_mount: field 'dst_path' couldn't be empty.", diff --git a/src/libs/kata-types/tests/texture/configuration-anno-0.toml b/src/libs/kata-types/tests/texture/configuration-anno-0.toml index a2f1dac02e..5d93c36b5f 100644 --- a/src/libs/kata-types/tests/texture/configuration-anno-0.toml +++ b/src/libs/kata-types/tests/texture/configuration-anno-0.toml @@ -65,8 +65,8 @@ enable_guest_swap = true [agent.agent0] enable_tracing = true debug_console_enabled = true -debug = true -dial_timeout = 1 +enable_debug = true +dial_timeout_ms = 1000 kernel_modules = ["e1000e InterruptThrottleRate=3000,3000,3000 EEE=1","i915_enabled_ppgtt=0"] container_pipe_size = 2 [runtime] diff --git a/src/libs/kata-types/tests/texture/configuration-anno-1.toml b/src/libs/kata-types/tests/texture/configuration-anno-1.toml index 12a4e85f94..dce864839f 100644 --- a/src/libs/kata-types/tests/texture/configuration-anno-1.toml +++ b/src/libs/kata-types/tests/texture/configuration-anno-1.toml @@ -64,8 +64,8 @@ enable_guest_swap = true [agent.agent0] enable_tracing = true debug_console_enabled = true -debug = true -dial_timeout = 1 +enable_debug = true +dial_timeout_ms = 1000 kernel_modules = ["e1000e InterruptThrottleRate=3000,3000,3000 EEE=1","i915_enabled_ppgtt=0"] container_pipe_size = 2 [runtime] diff --git a/src/runtime-rs/config/configuration-cloud-hypervisor.toml.in b/src/runtime-rs/config/configuration-cloud-hypervisor.toml.in index 4b981d47c0..97f890791c 100644 --- a/src/runtime-rs/config/configuration-cloud-hypervisor.toml.in +++ b/src/runtime-rs/config/configuration-cloud-hypervisor.toml.in @@ -311,6 +311,19 @@ dial_timeout_ms = 10 # (default: 3000) reconnect_timeout_ms = 3000 +# Create Container Request Timeout +# This timeout value is used to set the maximum duration for the agent to process a CreateContainerRequest. +# It's also used to ensure that workloads, especially those involving large image pulls within the guest, +# have sufficient time to complete. +# +# Effective Timeout Determination: +# The effective timeout for a CreateContainerRequest is determined by taking the minimum of the following two values: +# - create_container_timeout: The timeout value configured for creating containers (default: 30 seconds). +# - runtime-request-timeout: The timeout value specified in the Kubelet configuration described as the link below: +# (https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/#:~:text=runtime%2Drequest%2Dtimeout) +# Defaults to @DEFCREATECONTAINERTIMEOUT@ second(s) +create_container_timeout = @DEFCREATECONTAINERTIMEOUT@ + [agent.@PROJECT_TYPE@.mem_agent] # Control the mem-agent function enable or disable. # Default to false @@ -409,19 +422,6 @@ compact_threshold = 1024 # Using 9223372036854775807 (i64::MAX) which is effectively "never" for practical purposes compact_force_times = 9223372036854775807 -# Create Container Request Timeout -# This timeout value is used to set the maximum duration for the agent to process a CreateContainerRequest. -# It's also used to ensure that workloads, especially those involving large image pulls within the guest, -# have sufficient time to complete. -# -# Effective Timeout Determination: -# The effective timeout for a CreateContainerRequest is determined by taking the minimum of the following two values: -# - create_container_timeout: The timeout value configured for creating containers (default: 30 seconds). -# - runtime-request-timeout: The timeout value specified in the Kubelet configuration described as the link below: -# (https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/#:~:text=runtime%2Drequest%2Dtimeout) -# Defaults to @DEFCREATECONTAINERTIMEOUT@ second(s) -create_container_timeout = @DEFCREATECONTAINERTIMEOUT@ - [runtime] # If enabled, the runtime will log additional debug messages to the # system log diff --git a/src/runtime-rs/config/configuration-qemu-coco-dev-runtime-rs.toml.in b/src/runtime-rs/config/configuration-qemu-coco-dev-runtime-rs.toml.in index 7ed437883b..0b6c32ec8e 100644 --- a/src/runtime-rs/config/configuration-qemu-coco-dev-runtime-rs.toml.in +++ b/src/runtime-rs/config/configuration-qemu-coco-dev-runtime-rs.toml.in @@ -339,7 +339,7 @@ enable_debug = false # # If set to the empty string "", no extra monitor socket is added. This is # the default. -dbg_monitor_socket = "" +extra_monitor_socket = "" # Disable the customizations done in the runtime when it detects # that it is running on top a VMM. This will result in the runtime @@ -552,8 +552,8 @@ reconnect_timeout_ms = 3000 # - create_container_timeout: The timeout value configured for creating containers (default: 30 seconds). # - runtime-request-timeout: The timeout value specified in the Kubelet configuration described as the link below: # (https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/#:~:text=runtime%2Drequest%2Dtimeout) -# Defaults to @DEFCREATECONTAINERTIMEOUT@ second(s) -create_container_timeout = @DEFCREATECONTAINERTIMEOUT@ +# Defaults to @DEFCREATECONTAINERTIMEOUT_COCO@ second(s) +create_container_timeout = @DEFCREATECONTAINERTIMEOUT_COCO@ [agent.@PROJECT_TYPE@.mem_agent] # Control the mem-agent function enable or disable. @@ -651,19 +651,6 @@ compact_threshold = 1024 # Default to 9223372036854775807 compact_force_times = 9223372036854775807 -# Create Container Request Timeout -# This timeout value is used to set the maximum duration for the agent to process a CreateContainerRequest. -# It's also used to ensure that workloads, especially those involving large image pulls within the guest, -# have sufficient time to complete. -# -# Effective Timeout Determination: -# The effective timeout for a CreateContainerRequest is determined by taking the minimum of the following two values: -# - create_container_timeout: The timeout value configured for creating containers (default: @DEFCREATECONTAINERTIMEOUT_COCO@ seconds). -# - runtime-request-timeout: The timeout value specified in the Kubelet configuration described as the link below: -# (https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/#:~:text=runtime%2Drequest%2Dtimeout) -# Defaults to @DEFCREATECONTAINERTIMEOUT_COCO@ second(s) -create_container_timeout = @DEFCREATECONTAINERTIMEOUT_COCO@ - [runtime] # If enabled, the runtime will log additional debug messages to the # system log diff --git a/src/runtime-rs/config/configuration-qemu-runtime-rs.toml.in b/src/runtime-rs/config/configuration-qemu-runtime-rs.toml.in index f9c82cfca2..74a0a1e6c7 100644 --- a/src/runtime-rs/config/configuration-qemu-runtime-rs.toml.in +++ b/src/runtime-rs/config/configuration-qemu-runtime-rs.toml.in @@ -335,7 +335,7 @@ enable_debug = false # # If set to the empty string "", no extra monitor socket is added. This is # the default. -dbg_monitor_socket = "" +extra_monitor_socket = "" # Disable the customizations done in the runtime when it detects # that it is running on top a VMM. This will result in the runtime @@ -548,6 +548,19 @@ dial_timeout_ms = 10 # (default: 3000) reconnect_timeout_ms = 3000 +# Create Container Request Timeout +# This timeout value is used to set the maximum duration for the agent to process a CreateContainerRequest. +# It's also used to ensure that workloads, especially those involving large image pulls within the guest, +# have sufficient time to complete. +# +# Effective Timeout Determination: +# The effective timeout for a CreateContainerRequest is determined by taking the minimum of the following two values: +# - create_container_timeout: The timeout value configured for creating containers (default: 30 seconds). +# - runtime-request-timeout: The timeout value specified in the Kubelet configuration described as the link below: +# (https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/#:~:text=runtime%2Drequest%2Dtimeout) +# Defaults to @DEFCREATECONTAINERTIMEOUT@ second(s) +create_container_timeout = @DEFCREATECONTAINERTIMEOUT@ + [agent.@PROJECT_TYPE@.mem_agent] # Control the mem-agent function enable or disable. # Default to false @@ -646,19 +659,6 @@ compact_threshold = 1024 # Using 9223372036854775807 (i64::MAX) which is effectively "never" for practical purposes compact_force_times = 9223372036854775807 -# Create Container Request Timeout -# This timeout value is used to set the maximum duration for the agent to process a CreateContainerRequest. -# It's also used to ensure that workloads, especially those involving large image pulls within the guest, -# have sufficient time to complete. -# -# Effective Timeout Determination: -# The effective timeout for a CreateContainerRequest is determined by taking the minimum of the following two values: -# - create_container_timeout: The timeout value configured for creating containers (default: 30 seconds). -# - runtime-request-timeout: The timeout value specified in the Kubelet configuration described as the link below: -# (https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/#:~:text=runtime%2Drequest%2Dtimeout) -# Defaults to @DEFCREATECONTAINERTIMEOUT@ second(s) -create_container_timeout = @DEFCREATECONTAINERTIMEOUT@ - [runtime] # If enabled, the runtime will log additional debug messages to the # system log diff --git a/src/runtime-rs/config/configuration-qemu-snp-runtime-rs.toml.in b/src/runtime-rs/config/configuration-qemu-snp-runtime-rs.toml.in index 40d2894302..5488e1a873 100644 --- a/src/runtime-rs/config/configuration-qemu-snp-runtime-rs.toml.in +++ b/src/runtime-rs/config/configuration-qemu-snp-runtime-rs.toml.in @@ -392,7 +392,7 @@ disable_vhost_net = false # # If set to the empty string "", no extra monitor socket is added. This is # the default. -#dbg_monitor_socket = "hmp" +extra_monitor_socket = "" # # Default entropy source. diff --git a/src/runtime-rs/config/configuration-qemu-tdx-runtime-rs.toml.in b/src/runtime-rs/config/configuration-qemu-tdx-runtime-rs.toml.in index 74b576ffe2..222fa62ab8 100644 --- a/src/runtime-rs/config/configuration-qemu-tdx-runtime-rs.toml.in +++ b/src/runtime-rs/config/configuration-qemu-tdx-runtime-rs.toml.in @@ -349,7 +349,7 @@ enable_debug = false # # If set to the empty string "", no extra monitor socket is added. This is # the default. -dbg_monitor_socket = "" +extra_monitor_socket = "" # Disable the customizations done in the runtime when it detects # that it is running on top a VMM. This will result in the runtime diff --git a/src/runtime-rs/config/configuration-remote.toml.in b/src/runtime-rs/config/configuration-remote.toml.in index 75eda88604..04ba2628bd 100644 --- a/src/runtime-rs/config/configuration-remote.toml.in +++ b/src/runtime-rs/config/configuration-remote.toml.in @@ -150,9 +150,9 @@ enable_tracing = false debug_console_enabled = false -# Agent connection dialing timeout value in seconds -# (default: 30) -dial_timeout = 30 +# Agent connection dialing timeout value in milliseconds +# (default: 30000) +dial_timeout_ms = 30000 # Create Container Request Timeout # This timeout value is used to set the maximum duration for the agent to process a CreateContainerRequest. diff --git a/src/runtime-rs/config/configuration-rs-fc.toml.in b/src/runtime-rs/config/configuration-rs-fc.toml.in index 5edc6587f2..aa44c1b636 100644 --- a/src/runtime-rs/config/configuration-rs-fc.toml.in +++ b/src/runtime-rs/config/configuration-rs-fc.toml.in @@ -310,9 +310,9 @@ kernel_modules = [] debug_console_enabled = false -# Agent connection dialing timeout value in seconds -# (default: 45) -dial_timeout = 45 +# Agent connection dialing timeout value in milliseconds +# (default: 45000) +dial_timeout_ms = 45000 # Confidential Data Hub API timeout value in seconds # (default: 50) diff --git a/src/runtime-rs/crates/hypervisor/src/qemu/cmdline_generator.rs b/src/runtime-rs/crates/hypervisor/src/qemu/cmdline_generator.rs index 17fff5010b..ebafd353a5 100644 --- a/src/runtime-rs/crates/hypervisor/src/qemu/cmdline_generator.rs +++ b/src/runtime-rs/crates/hypervisor/src/qemu/cmdline_generator.rs @@ -2248,8 +2248,8 @@ impl<'a> QemuCmdLine<'a> { qemu_cmd_line.add_iommu(); } - if config.debug_info.enable_debug && !config.debug_info.dbg_monitor_socket.is_empty() { - qemu_cmd_line.add_monitor(&config.debug_info.dbg_monitor_socket)?; + if config.debug_info.enable_debug && !config.debug_info.extra_monitor_socket.is_empty() { + qemu_cmd_line.add_monitor(&config.debug_info.extra_monitor_socket)?; } qemu_cmd_line.add_rtc(); diff --git a/src/runtime-rs/tests/texture/configuration-qemu.toml b/src/runtime-rs/tests/texture/configuration-qemu.toml index 735de41af2..9c77eb447a 100644 --- a/src/runtime-rs/tests/texture/configuration-qemu.toml +++ b/src/runtime-rs/tests/texture/configuration-qemu.toml @@ -65,8 +65,8 @@ enable_guest_swap = true [agent.agent0] enable_tracing = true debug_console_enabled = true -debug = true -dial_timeout = 1 +enable_debug = true +dial_timeout_ms = 1000 kernel_modules = ["e1000e InterruptThrottleRate=3000,3000,3000 EEE=1","i915_enabled_ppgtt=0"] container_pipe_size = 2 [runtime]