github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-06-26 07:22:20 +00:00
Code Issues Projects Releases Wiki Activity

libs/types:fix styles and implementation details

Browse Source 
1. Some Nit problems are fixed
2. Make the code more readable
3. Modify some implementation details

Signed-off-by: Zhongtao Hu <zhongtaohu.tim@linux.alibaba.com>
This commit is contained in:
Zhongtao Hu 2022-02-11 17:10:23 +08:00 committed by Fupan Li
parent 6cffd943be
commit d96716b4d2
7 changed files with 214 additions and 233 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

312
src/libs/kata-types/src/annotations/mod.rs
View File

@ -30,11 +30,11 @@ pub mod thirdparty;
/// Prefix for Kata specific annotations
pub const KATA_ANNO_PREFIX: &str = "io.katacontainers.";
/// Prefix for Kata configuration annotations
pub const KATA_ANNO_CONF_PREFIX: &str = "io.katacontainers.config.";
pub const KATA_ANNO_CFG_PREFIX: &str = "io.katacontainers.config.";
/// Prefix for Kata container annotations
pub const KATA_ANNO_CONTAINER_PREFIX: &str = "io.katacontainers.container.";
/// The annotation key to fetch runtime configuration file.
pub const SANDBOX_CONFIG_PATH_KEY: &str = "io.katacontainers.config_path";
pub const SANDBOX_CFG_PATH_KEY: &str = "io.katacontainers.config_path";
// OCI section
/// The annotation key to fetch the OCI configuration file path.
@ -44,17 +44,17 @@ pub const CONTAINER_TYPE_KEY: &str = "io.katacontainers.pkg.oci.container_type";
// Container resource related annotations
/// Prefix for Kata container resource related annotations.
pub const KATA_ANNO_CONTAINER_RESOURCE_PREFIX: &str = "io.katacontainers.container.resource";
pub const KATA_ANNO_CONTAINER_RES_PREFIX: &str = "io.katacontainers.container.resource";
/// A container annotation to specify the Resources.Memory.Swappiness.
pub const KATA_ANNO_CONTAINER_RESOURCE_SWAPPINESS: &str =
pub const KATA_ANNO_CONTAINER_RES_SWAPPINESS: &str =
"io.katacontainers.container.resource.swappiness";
/// A container annotation to specify the Resources.Memory.Swap.
pub const KATA_ANNO_CONTAINER_RESOURCE_SWAP_IN_BYTES: &str =
pub const KATA_ANNO_CONTAINER_RES_SWAP_IN_BYTES: &str =
"io.katacontainers.container.resource.swap_in_bytes";
// Agent related annotations
/// Prefix for Agent configurations.
pub const KATA_ANNO_CONF_AGENT_PREFIX: &str = "io.katacontainers.config.agent.";
pub const KATA_ANNO_CFG_AGENT_PREFIX: &str = "io.katacontainers.config.agent.";
/// KernelModules is the annotation key for passing the list of kernel modules and their parameters
/// that will be loaded in the guest kernel.
///
@ -66,235 +66,232 @@ pub const KATA_ANNO_CONF_AGENT_PREFIX: &str = "io.katacontainers.config.agent.";
/// io.katacontainers.config.agent.kernel_modules: "e1000e InterruptThrottleRate=3000,3000,3000 EEE=1; i915 enable_ppgtt=0"
///
/// The first word is considered as the module name and the rest as its parameters.
pub const KATA_ANNO_CONF_KERNEL_MODULES: &str = "io.katacontainers.config.agent.kernel_modules";
pub const KATA_ANNO_CFG_KERNEL_MODULES: &str = "io.katacontainers.config.agent.kernel_modules";
/// A sandbox annotation to enable tracing for the agent.
pub const KATA_ANNO_CONF_AGENT_TRACE: &str = "io.katacontainers.config.agent.enable_tracing";
pub const KATA_ANNO_CFG_AGENT_TRACE: &str = "io.katacontainers.config.agent.enable_tracing";
/// An annotation to specify the size of the pipes created for containers.
pub const KATA_ANNO_CONF_AGENT_CONTAINER_PIPE_SIZE: &str =
pub const KATA_ANNO_CFG_AGENT_CONTAINER_PIPE_SIZE: &str =
"io.katacontainers.config.agent.container_pipe_size";
/// An annotation key to specify the size of the pipes created for containers.
pub const CONTAINER_PIPE_SIZE_KERNEL_PARAM: &str = "agent.container_pipe_size";
// Hypervisor related annotations
/// Prefix for Hypervisor configurations.
pub const KATA_ANNO_CONF_HYPERVISOR_PREFIX: &str = "io.katacontainers.config.hypervisor.";
pub const KATA_ANNO_CFG_HYPERVISOR_PREFIX: &str = "io.katacontainers.config.hypervisor.";
/// A sandbox annotation for passing a per container path pointing at the hypervisor that will run
/// the container VM.
pub const KATA_ANNO_CONF_HYPERVISOR_PATH: &str = "io.katacontainers.config.hypervisor.path";
pub const KATA_ANNO_CFG_HYPERVISOR_PATH: &str = "io.katacontainers.config.hypervisor.path";
/// A sandbox annotation for passing a container hypervisor binary SHA-512 hash value.
pub const KATA_ANNO_CONF_HYPERVISOR_HASH: &str = "io.katacontainers.config.hypervisor.path_hash";
pub const KATA_ANNO_CFG_HYPERVISOR_HASH: &str = "io.katacontainers.config.hypervisor.path_hash";
/// A sandbox annotation for passing a per container path pointing at the hypervisor control binary
/// that will run the container VM.
pub const KATA_ANNO_CONF_HYPERVISOR_CTLPATH: &str = "io.katacontainers.config.hypervisor.ctlpath";
pub const KATA_ANNO_CFG_HYPERVISOR_CTLPATH: &str = "io.katacontainers.config.hypervisor.ctlpath";
/// A sandbox annotation for passing a container hypervisor control binary SHA-512 hash value.
pub const KATA_ANNO_CONF_HYPERVISOR_CTLHASH: &str =
pub const KATA_ANNO_CFG_HYPERVISOR_CTLHASH: &str =
"io.katacontainers.config.hypervisor.hypervisorctl_hash";
/// A sandbox annotation for passing a per container path pointing at the jailer that will constrain
/// the container VM.
pub const KATA_ANNO_CONF_HYPERVISOR_JAILER_PATH: &str =
pub const KATA_ANNO_CFG_HYPERVISOR_JAILER_PATH: &str =
"io.katacontainers.config.hypervisor.jailer_path";
/// A sandbox annotation for passing a jailer binary SHA-512 hash value.
pub const KATA_ANNO_CONF_HYPERVISOR_JAILER_HASH: &str =
pub const KATA_ANNO_CFG_HYPERVISOR_JAILER_HASH: &str =
"io.katacontainers.config.hypervisor.jailer_hash";
/// A sandbox annotation to enable IO to be processed in a separate thread.
/// Supported currently for virtio-scsi driver.
pub const KATA_ANNO_CONF_HYPERVISOR_ENABLE_IO_THREADS: &str =
pub const KATA_ANNO_CFG_HYPERVISOR_ENABLE_IO_THREADS: &str =
"io.katacontainers.config.hypervisor.enable_iothreads";
/// The hash type used for assets verification
pub const KATA_ANNO_CONF_HYPERVISOR_ASSET_HASH_TYPE: &str =
pub const KATA_ANNO_CFG_HYPERVISOR_ASSET_HASH_TYPE: &str =
"io.katacontainers.config.hypervisor.asset_hash_type";
/// SHA512 is the SHA-512 (64) hash algorithm
pub const SHA512: &str = "sha512";
// Hypervisor Block Device related annotations
/// Specify the driver to be used for block device either VirtioSCSI or VirtioBlock
pub const KATA_ANNO_CONF_HYPERVISOR_BLOCK_DEVICE_DRIVER: &str =
pub const KATA_ANNO_CFG_HYPERVISOR_BLOCK_DEV_DRIVER: &str =
"io.katacontainers.config.hypervisor.block_device_driver";
/// A sandbox annotation that disallows a block device from being used.
pub const KATA_ANNO_CONF_HYPERVISOR_DISABLE_BLOCK_DEVICE_USE: &str =
pub const KATA_ANNO_CFG_HYPERVISOR_DISABLE_BLOCK_DEV_USE: &str =
"io.katacontainers.config.hypervisor.disable_block_device_use";
/// A sandbox annotation that specifies cache-related options will be set to block devices or not.
pub const KATA_ANNO_CONF_HYPERVISOR_BLOCK_DEVICE_CACHE_SET: &str =
pub const KATA_ANNO_CFG_HYPERVISOR_BLOCK_DEV_CACHE_SET: &str =
"io.katacontainers.config.hypervisor.block_device_cache_set";
/// A sandbox annotation that specifies cache-related options for block devices.
/// Denotes whether use of O_DIRECT (bypass the host page cache) is enabled.
pub const KATA_ANNO_CONF_HYPERVISOR_BLOCK_DEVICE_CACHE_DIRECT: &str =
pub const KATA_ANNO_CFG_HYPERVISOR_BLOCK_DEV_CACHE_DIRECT: &str =
"io.katacontainers.config.hypervisor.block_device_cache_direct";
/// A sandbox annotation that specifies cache-related options for block devices.
/// Denotes whether flush requests for the device are ignored.
pub const KATA_ANNO_CONF_HYPERVISOR_BLOCK_DEVICE_CACHE_NOFLUSH: &str =
pub const KATA_ANNO_CFG_HYPERVISOR_BLOCK_DEV_CACHE_NOFLUSH: &str =
"io.katacontainers.config.hypervisor.block_device_cache_noflush";
/// A sandbox annotation to specify use of nvdimm device for guest rootfs image.
pub const KATA_ANNO_CONF_HYPERVISOR_DISABLE_IMAGE_NVDIMM: &str =
pub const KATA_ANNO_CFG_HYPERVISOR_DISABLE_IMAGE_NVDIMM: &str =
"io.katacontainers.config.hypervisor.disable_image_nvdimm";
/// A sandbox annotation that specifies the memory space used for nvdimm device by the hypervisor.
pub const KATA_ANNO_CONF_HYPERVISOR_MEMORY_OFFSET: &str =
pub const KATA_ANNO_CFG_HYPERVISOR_MEMORY_OFFSET: &str =
"io.katacontainers.config.hypervisor.memory_offset";
/// A sandbox annotation to specify if vhost-user-blk/scsi is abailable on the host
pub const KATA_ANNO_CONF_HYPERVISOR_ENABLE_VHOSTUSER_STORE: &str =
pub const KATA_ANNO_CFG_HYPERVISOR_ENABLE_VHOSTUSER_STORE: &str =
"io.katacontainers.config.hypervisor.enable_vhost_user_store";
/// A sandbox annotation to specify the directory path where vhost-user devices related folders,
/// sockets and device nodes should be.
pub const KATA_ANNO_CONF_HYPERVISOR_VHOSTUSER_STORE_PATH: &str =
pub const KATA_ANNO_CFG_HYPERVISOR_VHOSTUSER_STORE_PATH: &str =
"io.katacontainers.config.hypervisor.vhost_user_store_path";
// Hypervisor Guest Boot related annotations
/// A sandbox annotation for passing a per container path pointing at the kernel needed to boot
/// the container VM.
pub const KATA_ANNO_CONF_HYPERVISOR_KERNEL_PATH: &str =
"io.katacontainers.config.hypervisor.kernel";
pub const KATA_ANNO_CFG_HYPERVISOR_KERNEL_PATH: &str = "io.katacontainers.config.hypervisor.kernel";
/// A sandbox annotation for passing a container kernel image SHA-512 hash value.
pub const KATA_ANNO_CONF_HYPERVISOR_KERNEL_HASH: &str =
pub const KATA_ANNO_CFG_HYPERVISOR_KERNEL_HASH: &str =
"io.katacontainers.config.hypervisor.kernel_hash";
/// A sandbox annotation for passing a per container path pointing at the guest image that will run
/// in the container VM.
/// A sandbox annotation for passing additional guest kernel parameters.
pub const KATA_ANNO_CONF_HYPERVISOR_KERNEL_PARAMS: &str =
pub const KATA_ANNO_CFG_HYPERVISOR_KERNEL_PARAMS: &str =
"io.katacontainers.config.hypervisor.kernel_params";
/// A sandbox annotation for passing a container guest image path.
pub const KATA_ANNO_CONF_HYPERVISOR_IMAGE_PATH: &str = "io.katacontainers.config.hypervisor.image";
pub const KATA_ANNO_CFG_HYPERVISOR_IMAGE_PATH: &str = "io.katacontainers.config.hypervisor.image";
/// A sandbox annotation for passing a container guest image SHA-512 hash value.
pub const KATA_ANNO_CONF_HYPERVISOR_IMAGE_HASH: &str =
pub const KATA_ANNO_CFG_HYPERVISOR_IMAGE_HASH: &str =
"io.katacontainers.config.hypervisor.image_hash";
/// A sandbox annotation for passing a per container path pointing at the initrd that will run
/// in the container VM.
pub const KATA_ANNO_CONF_HYPERVISOR_INITRD_PATH: &str =
"io.katacontainers.config.hypervisor.initrd";
pub const KATA_ANNO_CFG_HYPERVISOR_INITRD_PATH: &str = "io.katacontainers.config.hypervisor.initrd";
/// A sandbox annotation for passing a container guest initrd SHA-512 hash value.
pub const KATA_ANNO_CONF_HYPERVISOR_INITRD_HASH: &str =
pub const KATA_ANNO_CFG_HYPERVISOR_INITRD_HASH: &str =
"io.katacontainers.config.hypervisor.initrd_hash";
/// A sandbox annotation for passing a per container path pointing at the guest firmware that will
/// run the container VM.
pub const KATA_ANNO_CONF_HYPERVISOR_FIRMWARE_PATH: &str =
pub const KATA_ANNO_CFG_HYPERVISOR_FIRMWARE_PATH: &str =
"io.katacontainers.config.hypervisor.firmware";
/// A sandbox annotation for passing a container guest firmware SHA-512 hash value.
pub const KATA_ANNO_CONF_HYPERVISOR_FIRMWARE_HASH: &str =
pub const KATA_ANNO_CFG_HYPERVISOR_FIRMWARE_HASH: &str =
"io.katacontainers.config.hypervisor.firmware_hash";
// Hypervisor CPU related annotations
/// A sandbox annotation to specify cpu specific features.
pub const KATA_ANNO_CONF_HYPERVISOR_CPU_FEATURES: &str =
pub const KATA_ANNO_CFG_HYPERVISOR_CPU_FEATURES: &str =
"io.katacontainers.config.hypervisor.cpu_features";
/// A sandbox annotation for passing the default vcpus assigned for a VM by the hypervisor.
pub const KATA_ANNO_CONF_HYPERVISOR_DEFAULT_VCPUS: &str =
pub const KATA_ANNO_CFG_HYPERVISOR_DEFAULT_VCPUS: &str =
"io.katacontainers.config.hypervisor.default_vcpus";
/// A sandbox annotation that specifies the maximum number of vCPUs allocated for the VM by the hypervisor.
pub const KATA_ANNO_CONF_HYPERVISOR_DEFAULT_MAX_VCPUS: &str =
pub const KATA_ANNO_CFG_HYPERVISOR_DEFAULT_MAX_VCPUS: &str =
"io.katacontainers.config.hypervisor.default_max_vcpus";
// Hypervisor Device related annotations
/// A sandbox annotation used to indicate if devices need to be hotplugged on the root bus instead
/// of a bridge.
pub const KATA_ANNO_CONF_HYPERVISOR_HOTPLUG_VFIO_ON_ROOT_BUS: &str =
pub const KATA_ANNO_CFG_HYPERVISOR_HOTPLUG_VFIO_ON_ROOT_BUS: &str =
"io.katacontainers.config.hypervisor.hotplug_vfio_on_root_bus";
/// PCIeRootPort is used to indicate the number of PCIe Root Port devices
pub const KATA_ANNO_CONF_HYPERVISOR_PCIE_ROOT_PORT: &str =
pub const KATA_ANNO_CFG_HYPERVISOR_PCIE_ROOT_PORT: &str =
"io.katacontainers.config.hypervisor.pcie_root_port";
/// A sandbox annotation to specify if the VM should have a vIOMMU device.
pub const KATA_ANNO_CONF_HYPERVISOR_IOMMU: &str =
"io.katacontainers.config.hypervisor.enable_iommu";
pub const KATA_ANNO_CFG_HYPERVISOR_IOMMU: &str = "io.katacontainers.config.hypervisor.enable_iommu";
/// Enable Hypervisor Devices IOMMU_PLATFORM
pub const KATA_ANNO_CONF_HYPERVISOR_IOMMU_PLATFORM: &str =
pub const KATA_ANNO_CFG_HYPERVISOR_IOMMU_PLATFORM: &str =
"io.katacontainers.config.hypervisor.enable_iommu_platform";
// Hypervisor Machine related annotations
/// A sandbox annotation to specify the type of machine being emulated by the hypervisor.
pub const KATA_ANNO_CONF_HYPERVISOR_MACHINE_TYPE: &str =
pub const KATA_ANNO_CFG_HYPERVISOR_MACHINE_TYPE: &str =
"io.katacontainers.config.hypervisor.machine_type";
/// A sandbox annotation to specify machine specific accelerators for the hypervisor.
pub const KATA_ANNO_CONF_HYPERVISOR_MACHINE_ACCELERATORS: &str =
pub const KATA_ANNO_CFG_HYPERVISOR_MACHINE_ACCELERATORS: &str =
"io.katacontainers.config.hypervisor.machine_accelerators";
/// EntropySource is a sandbox annotation to specify the path to a host source of
/// entropy (/dev/random, /dev/urandom or real hardware RNG device)
pub const KATA_ANNO_CONF_HYPERVISOR_ENTROPY_SOURCE: &str =
pub const KATA_ANNO_CFG_HYPERVISOR_ENTROPY_SOURCE: &str =
"io.katacontainers.config.hypervisor.entropy_source";
// Hypervisor Memory related annotations
/// A sandbox annotation for the memory assigned for a VM by the hypervisor.
pub const KATA_ANNO_CONF_HYPERVISOR_DEFAULT_MEMORY: &str =
pub const KATA_ANNO_CFG_HYPERVISOR_DEFAULT_MEMORY: &str =
"io.katacontainers.config.hypervisor.default_memory";
/// A sandbox annotation to specify the memory slots assigned to the VM by the hypervisor.
pub const KATA_ANNO_CONF_HYPERVISOR_MEMORY_SLOTS: &str =
pub const KATA_ANNO_CFG_HYPERVISOR_MEMORY_SLOTS: &str =
"io.katacontainers.config.hypervisor.memory_slots";
/// A sandbox annotation that specifies the memory space used for nvdimm device by the hypervisor.
pub const KATA_ANNO_CONF_HYPERVISOR_MEMORY_PREALLOC: &str =
pub const KATA_ANNO_CFG_HYPERVISOR_MEMORY_PREALLOC: &str =
"io.katacontainers.config.hypervisor.enable_mem_prealloc";
/// A sandbox annotation to specify if the memory should be pre-allocated from huge pages.
pub const KATA_ANNO_CONF_HYPERVISOR_HUGE_PAGES: &str =
pub const KATA_ANNO_CFG_HYPERVISOR_HUGE_PAGES: &str =
"io.katacontainers.config.hypervisor.enable_hugepages";
/// A sandbox annotation to soecify file based memory backend root directory.
pub const KATA_ANNO_CONF_HYPERVISOR_FILE_BACKED_MEM_ROOT_DIR: &str =
pub const KATA_ANNO_CFG_HYPERVISOR_FILE_BACKED_MEM_ROOT_DIR: &str =
"io.katacontainers.config.hypervisor.file_mem_backend";
/// A sandbox annotation that is used to enable/disable virtio-mem.
pub const KATA_ANNO_CONF_HYPERVISOR_VIRTIO_MEM: &str =
pub const KATA_ANNO_CFG_HYPERVISOR_VIRTIO_MEM: &str =
"io.katacontainers.config.hypervisor.enable_virtio_mem";
/// A sandbox annotation to enable swap of vm memory.
pub const KATA_ANNO_CONF_HYPERVISOR_ENABLE_SWAP: &str =
pub const KATA_ANNO_CFG_HYPERVISOR_ENABLE_SWAP: &str =
"io.katacontainers.config.hypervisor.enable_swap";
/// A sandbox annotation to enable swap in the guest.
pub const KATA_ANNO_CONF_HYPERVISOR_ENABLE_GUEST_SWAP: &str =
pub const KATA_ANNO_CFG_HYPERVISOR_ENABLE_GUEST_SWAP: &str =
"io.katacontainers.config.hypervisor.enable_guest_swap";
// Hypervisor Network related annotations
/// A sandbox annotation to specify if vhost-net is not available on the host.
pub const KATA_ANNO_CONF_HYPERVISOR_DISABLE_VHOST_NET: &str =
pub const KATA_ANNO_CFG_HYPERVISOR_DISABLE_VHOST_NET: &str =
"io.katacontainers.config.hypervisor.disable_vhost_net";
/// A sandbox annotation that specifies max rate on network I/O inbound bandwidth.
pub const KATA_ANNO_CONF_HYPERVISOR_RX_RATE_LIMITER_MAX_RATE: &str =
pub const KATA_ANNO_CFG_HYPERVISOR_RX_RATE_LIMITER_MAX_RATE: &str =
"io.katacontainers.config.hypervisor.rx_rate_limiter_max_rate";
/// A sandbox annotation that specifies max rate on network I/O outbound bandwidth.
pub const KATA_ANNO_CONF_HYPERVISOR_TX_RATE_LIMITER_MAX_RATE: &str =
pub const KATA_ANNO_CFG_HYPERVISOR_TX_RATE_LIMITER_MAX_RATE: &str =
"io.katacontainers.config.hypervisor.tx_rate_limiter_max_rate";
// Hypervisor Security related annotations
/// A sandbox annotation to specify the path within the VM that will be used for 'drop-in' hooks.
pub const KATA_ANNO_CONF_HYPERVISOR_GUEST_HOOK_PATH: &str =
pub const KATA_ANNO_CFG_HYPERVISOR_GUEST_HOOK_PATH: &str =
"io.katacontainers.config.hypervisor.guest_hook_path";
/// A sandbox annotation to enable rootless hypervisor (only supported in QEMU currently).
pub const KATA_ANNO_CONF_HYPERVISOR_ENABLE_ROOTLESS_HYPERVISOR: &str =
pub const KATA_ANNO_CFG_HYPERVISOR_ENABLE_ROOTLESS_HYPERVISOR: &str =
"io.katacontainers.config.hypervisor.rootless";
// Hypervisor Shared File System related annotations
/// A sandbox annotation to specify the shared file system type, either virtio-9p or virtio-fs.
pub const KATA_ANNO_CONF_HYPERVISOR_SHARED_FS: &str =
pub const KATA_ANNO_CFG_HYPERVISOR_SHARED_FS: &str =
"io.katacontainers.config.hypervisor.shared_fs";
/// A sandbox annotations to specify virtio-fs vhost-user daemon path.
pub const KATA_ANNO_CONF_HYPERVISOR_VIRTIO_FS_DAEMON: &str =
pub const KATA_ANNO_CFG_HYPERVISOR_VIRTIO_FS_DAEMON: &str =
"io.katacontainers.config.hypervisor.virtio_fs_daemon";
/// A sandbox annotation to specify the cache mode for fs version cache or "none".
pub const KATA_ANNO_CONF_HYPERVISOR_VIRTIO_FS_CACHE: &str =
pub const KATA_ANNO_CFG_HYPERVISOR_VIRTIO_FS_CACHE: &str =
"io.katacontainers.config.hypervisor.virtio_fs_cache";
/// A sandbox annotation to specify the DAX cache size in MiB.
pub const KATA_ANNO_CONF_HYPERVISOR_VIRTIO_FS_CACHE_SIZE: &str =
pub const KATA_ANNO_CFG_HYPERVISOR_VIRTIO_FS_CACHE_SIZE: &str =
"io.katacontainers.config.hypervisor.virtio_fs_cache_size";
/// A sandbox annotation to pass options to virtiofsd daemon.
pub const KATA_ANNO_CONF_HYPERVISOR_VIRTIO_FS_EXTRA_ARGS: &str =
pub const KATA_ANNO_CFG_HYPERVISOR_VIRTIO_FS_EXTRA_ARGS: &str =
"io.katacontainers.config.hypervisor.virtio_fs_extra_args";
/// A sandbox annotation to specify as the msize for 9p shares.
pub const KATA_ANNO_CONF_HYPERVISOR_MSIZE_9P: &str = "io.katacontainers.config.hypervisor.msize_9p";
pub const KATA_ANNO_CFG_HYPERVISOR_MSIZE_9P: &str = "io.katacontainers.config.hypervisor.msize_9p";
// Runtime related annotations
/// Prefix for Runtime configurations.
pub const KATA_ANNO_CONF_RUNTIME_PREFIX: &str = "io.katacontainers.config.runtime.";
pub const KATA_ANNO_CFG_RUNTIME_PREFIX: &str = "io.katacontainers.config.runtime.";
/// A sandbox annotation that determines if seccomp should be applied inside guest.
pub const KATA_ANNO_CONF_DISABLE_GUEST_SECCOMP: &str =
pub const KATA_ANNO_CFG_DISABLE_GUEST_SECCOMP: &str =
"io.katacontainers.config.runtime.disable_guest_seccomp";
/// A sandbox annotation that determines if pprof enabled.
pub const KATA_ANNO_CONF_ENABLE_PPROF: &str = "io.katacontainers.config.runtime.enable_pprof";
pub const KATA_ANNO_CFG_ENABLE_PPROF: &str = "io.katacontainers.config.runtime.enable_pprof";
/// A sandbox annotation that determines if experimental features enabled.
pub const KATA_ANNO_CONF_EXPERIMENTAL: &str = "io.katacontainers.config.runtime.experimental";
pub const KATA_ANNO_CFG_EXPERIMENTAL: &str = "io.katacontainers.config.runtime.experimental";
/// A sandbox annotaion that determines how the VM should be connected to the the container network
/// interface.
pub const KATA_ANNO_CONF_INTER_NETWORK_MODEL: &str =
pub const KATA_ANNO_CFG_INTER_NETWORK_MODEL: &str =
"io.katacontainers.config.runtime.internetworking_model";
/// SandboxCgroupOnly is a sandbox annotation that determines if kata processes are managed only in sandbox cgroup.
pub const KATA_ANNO_CONF_SANDBOX_CGROUP_ONLY: &str =
pub const KATA_ANNO_CFG_SANDBOX_CGROUP_ONLY: &str =
"io.katacontainers.config.runtime.sandbox_cgroup_only";
/// A sandbox annotation that determines if create a netns for hypervisor process.
pub const KATA_ANNO_CONF_DISABLE_NEW_NETNS: &str =
pub const KATA_ANNO_CFG_DISABLE_NEW_NETNS: &str =
"io.katacontainers.config.runtime.disable_new_netns";
/// A sandbox annotation to specify how attached VFIO devices should be treated.
pub const KATA_ANNO_CONF_VFIO_MODE: &str = "io.katacontainers.config.runtime.vfio_mode";
pub const KATA_ANNO_CFG_VFIO_MODE: &str = "io.katacontainers.config.runtime.vfio_mode";
/// A helper structure to query configuration information by check annotations.
#[derive(Debug, Default, Deserialize)]
@ -407,7 +404,7 @@ impl Annotation {
impl Annotation {
/// Get the annotation of sandbox configuration file path.
pub fn get_sandbox_config_path(&self) -> Option<String> {
self.get(SANDBOX_CONFIG_PATH_KEY)
self.get(SANDBOX_CFG_PATH_KEY)
}
/// Get the annotation of bundle path.
@ -422,7 +419,7 @@ impl Annotation {
/// Get the annotation to specify the Resources.Memory.Swappiness.
pub fn get_container_resource_swappiness(&self) -> Result<Option<u32>> {
match self.get_u32(KATA_ANNO_CONTAINER_RESOURCE_SWAPPINESS) {
match self.get_u32(KATA_ANNO_CONTAINER_RES_SWAPPINESS) {
Ok(r) => {
if r.unwrap_or_default() > 100 {
return Err(io::Error::new(
@ -439,7 +436,7 @@ impl Annotation {
/// Get the annotation to specify the Resources.Memory.Swap.
pub fn get_container_resource_swap_in_bytes(&self) -> Option<String> {
self.get(KATA_ANNO_CONTAINER_RESOURCE_SWAP_IN_BYTES)
self.get(KATA_ANNO_CONTAINER_RES_SWAP_IN_BYTES)
}
}
@ -471,20 +468,20 @@ impl Annotation {
match key.as_str() {
// update hypervisor config
// Hypervisor related annotations
KATA_ANNO_CONF_HYPERVISOR_PATH => {
KATA_ANNO_CFG_HYPERVISOR_PATH => {
hv.validate_hypervisor_path(value)?;
hv.path = value.to_string();
}
KATA_ANNO_CONF_HYPERVISOR_CTLPATH => {
KATA_ANNO_CFG_HYPERVISOR_CTLPATH => {
hv.validate_hypervisor_ctlpath(value)?;
hv.ctlpath = value.to_string();
}
KATA_ANNO_CONF_HYPERVISOR_JAILER_PATH => {
KATA_ANNO_CFG_HYPERVISOR_JAILER_PATH => {
hv.validate_jailer_path(value)?;
hv.jailer_path = value.to_string();
}
KATA_ANNO_CONF_HYPERVISOR_ENABLE_IO_THREADS => match self.get_bool(key) {
KATA_ANNO_CFG_HYPERVISOR_ENABLE_IO_THREADS => match self.get_bool(key) {
Ok(r) => {
hv.enable_iothreads = r.unwrap_or_default();
}
@ -493,20 +490,18 @@ impl Annotation {
}
},
// Hypervisor Block Device related annotations
KATA_ANNO_CONF_HYPERVISOR_BLOCK_DEVICE_DRIVER => {
KATA_ANNO_CFG_HYPERVISOR_BLOCK_DEV_DRIVER => {
hv.blockdev_info.block_device_driver = value.to_string();
}
KATA_ANNO_CONF_HYPERVISOR_DISABLE_BLOCK_DEVICE_USE => {
match self.get_bool(key) {
Ok(r) => {
hv.blockdev_info.disable_block_device_use = r.unwrap_or_default();
}
Err(e) => {
return Err(e);
}
KATA_ANNO_CFG_HYPERVISOR_DISABLE_BLOCK_DEV_USE => match self.get_bool(key) {
Ok(r) => {
hv.blockdev_info.disable_block_device_use = r.unwrap_or_default();
}
}
KATA_ANNO_CONF_HYPERVISOR_BLOCK_DEVICE_CACHE_SET => match self.get_bool(key) {
Err(e) => {
return Err(e);
}
},
KATA_ANNO_CFG_HYPERVISOR_BLOCK_DEV_CACHE_SET => match self.get_bool(key) {
Ok(r) => {
hv.blockdev_info.block_device_cache_set = r.unwrap_or_default();
}
@ -514,8 +509,7 @@ impl Annotation {
return Err(e);
}
},
KATA_ANNO_CONF_HYPERVISOR_BLOCK_DEVICE_CACHE_DIRECT => match self.get_bool(key)
{
KATA_ANNO_CFG_HYPERVISOR_BLOCK_DEV_CACHE_DIRECT => match self.get_bool(key) {
Ok(r) => {
hv.blockdev_info.block_device_cache_direct = r.unwrap_or_default();
}
@ -523,17 +517,15 @@ impl Annotation {
return Err(e);
}
},
KATA_ANNO_CONF_HYPERVISOR_BLOCK_DEVICE_CACHE_NOFLUSH => {
match self.get_bool(key) {
Ok(r) => {
hv.blockdev_info.block_device_cache_noflush = r.unwrap_or_default();
}
Err(e) => {
return Err(e);
}
KATA_ANNO_CFG_HYPERVISOR_BLOCK_DEV_CACHE_NOFLUSH => match self.get_bool(key) {
Ok(r) => {
hv.blockdev_info.block_device_cache_noflush = r.unwrap_or_default();
}
}
KATA_ANNO_CONF_HYPERVISOR_DISABLE_IMAGE_NVDIMM => match self.get_bool(key) {
Err(e) => {
return Err(e);
}
},
KATA_ANNO_CFG_HYPERVISOR_DISABLE_IMAGE_NVDIMM => match self.get_bool(key) {
Ok(r) => {
hv.blockdev_info.disable_image_nvdimm = r.unwrap_or_default();
}
@ -541,7 +533,7 @@ impl Annotation {
return Err(e);
}
},
KATA_ANNO_CONF_HYPERVISOR_MEMORY_OFFSET => match self.get_u64(key) {
KATA_ANNO_CFG_HYPERVISOR_MEMORY_OFFSET => match self.get_u64(key) {
Ok(r) => {
hv.blockdev_info.memory_offset = r.unwrap_or_default();
}
@ -549,7 +541,7 @@ impl Annotation {
return Err(e);
}
},
KATA_ANNO_CONF_HYPERVISOR_ENABLE_VHOSTUSER_STORE => match self.get_bool(key) {
KATA_ANNO_CFG_HYPERVISOR_ENABLE_VHOSTUSER_STORE => match self.get_bool(key) {
Ok(r) => {
hv.blockdev_info.enable_vhost_user_store = r.unwrap_or_default();
}
@ -557,35 +549,35 @@ impl Annotation {
return Err(e);
}
},
KATA_ANNO_CONF_HYPERVISOR_VHOSTUSER_STORE_PATH => {
KATA_ANNO_CFG_HYPERVISOR_VHOSTUSER_STORE_PATH => {
hv.blockdev_info.validate_vhost_user_store_path(value)?;
hv.blockdev_info.vhost_user_store_path = value.to_string();
}
// Hypervisor Guest Boot related annotations
KATA_ANNO_CONF_HYPERVISOR_KERNEL_PATH => {
KATA_ANNO_CFG_HYPERVISOR_KERNEL_PATH => {
hv.boot_info.validate_boot_path(value)?;
hv.boot_info.kernel = value.to_string();
}
KATA_ANNO_CONF_HYPERVISOR_KERNEL_PARAMS => {
KATA_ANNO_CFG_HYPERVISOR_KERNEL_PARAMS => {
hv.boot_info.kernel_params = value.to_string();
}
KATA_ANNO_CONF_HYPERVISOR_IMAGE_PATH => {
KATA_ANNO_CFG_HYPERVISOR_IMAGE_PATH => {
hv.boot_info.validate_boot_path(value)?;
hv.boot_info.image = value.to_string();
}
KATA_ANNO_CONF_HYPERVISOR_INITRD_PATH => {
KATA_ANNO_CFG_HYPERVISOR_INITRD_PATH => {
hv.boot_info.validate_boot_path(value)?;
hv.boot_info.initrd = value.to_string();
}
KATA_ANNO_CONF_HYPERVISOR_FIRMWARE_PATH => {
KATA_ANNO_CFG_HYPERVISOR_FIRMWARE_PATH => {
hv.boot_info.validate_boot_path(value)?;
hv.boot_info.firmware = value.to_string();
}
// Hypervisor CPU related annotations
KATA_ANNO_CONF_HYPERVISOR_CPU_FEATURES => {
KATA_ANNO_CFG_HYPERVISOR_CPU_FEATURES => {
hv.cpu_info.cpu_features = value.to_string();
}
KATA_ANNO_CONF_HYPERVISOR_DEFAULT_VCPUS => match self.get_i32(key) {
KATA_ANNO_CFG_HYPERVISOR_DEFAULT_VCPUS => match self.get_i32(key) {
Ok(num_cpus) => {
let num_cpus = num_cpus.unwrap_or_default();
if num_cpus
@ -611,7 +603,7 @@ impl Annotation {
return Err(e);
}
},
KATA_ANNO_CONF_HYPERVISOR_DEFAULT_MAX_VCPUS => match self.get_u32(key) {
KATA_ANNO_CFG_HYPERVISOR_DEFAULT_MAX_VCPUS => match self.get_u32(key) {
Ok(r) => {
hv.cpu_info.default_maxvcpus = r.unwrap_or_default();
}
@ -620,17 +612,15 @@ impl Annotation {
}
},
// Hypervisor Device related annotations
KATA_ANNO_CONF_HYPERVISOR_HOTPLUG_VFIO_ON_ROOT_BUS => {
match self.get_bool(key) {
Ok(r) => {
hv.device_info.hotplug_vfio_on_root_bus = r.unwrap_or_default();
}
Err(e) => {
return Err(e);
}
KATA_ANNO_CFG_HYPERVISOR_HOTPLUG_VFIO_ON_ROOT_BUS => match self.get_bool(key) {
Ok(r) => {
hv.device_info.hotplug_vfio_on_root_bus = r.unwrap_or_default();
}
}
KATA_ANNO_CONF_HYPERVISOR_PCIE_ROOT_PORT => match self.get_u32(key) {
Err(e) => {
return Err(e);
}
},
KATA_ANNO_CFG_HYPERVISOR_PCIE_ROOT_PORT => match self.get_u32(key) {
Ok(r) => {
hv.device_info.pcie_root_port = r.unwrap_or_default();
}
@ -638,7 +628,7 @@ impl Annotation {
return Err(e);
}
},
KATA_ANNO_CONF_HYPERVISOR_IOMMU => match self.get_bool(key) {
KATA_ANNO_CFG_HYPERVISOR_IOMMU => match self.get_bool(key) {
Ok(r) => {
hv.device_info.enable_iommu = r.unwrap_or_default();
}
@ -646,7 +636,7 @@ impl Annotation {
return Err(e);
}
},
KATA_ANNO_CONF_HYPERVISOR_IOMMU_PLATFORM => match self.get_bool(key) {
KATA_ANNO_CFG_HYPERVISOR_IOMMU_PLATFORM => match self.get_bool(key) {
Ok(r) => {
hv.device_info.enable_iommu_platform = r.unwrap_or_default();
}
@ -655,18 +645,18 @@ impl Annotation {
}
},
// Hypervisor Machine related annotations
KATA_ANNO_CONF_HYPERVISOR_MACHINE_TYPE => {
KATA_ANNO_CFG_HYPERVISOR_MACHINE_TYPE => {
hv.machine_info.machine_type = value.to_string();
}
KATA_ANNO_CONF_HYPERVISOR_MACHINE_ACCELERATORS => {
KATA_ANNO_CFG_HYPERVISOR_MACHINE_ACCELERATORS => {
hv.machine_info.machine_accelerators = value.to_string();
}
KATA_ANNO_CONF_HYPERVISOR_ENTROPY_SOURCE => {
KATA_ANNO_CFG_HYPERVISOR_ENTROPY_SOURCE => {
hv.machine_info.validate_entropy_source(value)?;
hv.machine_info.entropy_source = value.to_string();
}
// Hypervisor Memory related annotations
KATA_ANNO_CONF_HYPERVISOR_DEFAULT_MEMORY => match self.get_u32(key) {
KATA_ANNO_CFG_HYPERVISOR_DEFAULT_MEMORY => match self.get_u32(key) {
Ok(r) => {
let mem = r.unwrap_or_default();
if mem
@ -692,7 +682,7 @@ impl Annotation {
return Err(e);
}
},
KATA_ANNO_CONF_HYPERVISOR_MEMORY_SLOTS => match self.get_u32(key) {
KATA_ANNO_CFG_HYPERVISOR_MEMORY_SLOTS => match self.get_u32(key) {
Ok(v) => {
hv.memory_info.memory_slots = v.unwrap_or_default();
}
@ -701,7 +691,7 @@ impl Annotation {
}
},
KATA_ANNO_CONF_HYPERVISOR_MEMORY_PREALLOC => match self.get_bool(key) {
KATA_ANNO_CFG_HYPERVISOR_MEMORY_PREALLOC => match self.get_bool(key) {
Ok(r) => {
hv.memory_info.enable_mem_prealloc = r.unwrap_or_default();
}
@ -709,7 +699,7 @@ impl Annotation {
return Err(e);
}
},
KATA_ANNO_CONF_HYPERVISOR_HUGE_PAGES => match self.get_bool(key) {
KATA_ANNO_CFG_HYPERVISOR_HUGE_PAGES => match self.get_bool(key) {
Ok(r) => {
hv.memory_info.enable_hugepages = r.unwrap_or_default();
}
@ -717,11 +707,11 @@ impl Annotation {
return Err(e);
}
},
KATA_ANNO_CONF_HYPERVISOR_FILE_BACKED_MEM_ROOT_DIR => {
KATA_ANNO_CFG_HYPERVISOR_FILE_BACKED_MEM_ROOT_DIR => {
hv.memory_info.validate_memory_backend_path(value)?;
hv.memory_info.file_mem_backend = value.to_string();
}
KATA_ANNO_CONF_HYPERVISOR_VIRTIO_MEM => match self.get_bool(key) {
KATA_ANNO_CFG_HYPERVISOR_VIRTIO_MEM => match self.get_bool(key) {
Ok(r) => {
hv.memory_info.enable_virtio_mem = r.unwrap_or_default();
}
@ -729,7 +719,7 @@ impl Annotation {
return Err(e);
}
},
KATA_ANNO_CONF_HYPERVISOR_ENABLE_SWAP => match self.get_bool(key) {
KATA_ANNO_CFG_HYPERVISOR_ENABLE_SWAP => match self.get_bool(key) {
Ok(r) => {
hv.memory_info.enable_swap = r.unwrap_or_default();
}
@ -737,7 +727,7 @@ impl Annotation {
return Err(e);
}
},
KATA_ANNO_CONF_HYPERVISOR_ENABLE_GUEST_SWAP => match self.get_bool(key) {
KATA_ANNO_CFG_HYPERVISOR_ENABLE_GUEST_SWAP => match self.get_bool(key) {
Ok(r) => {
hv.memory_info.enable_guest_swap = r.unwrap_or_default();
}
@ -746,7 +736,7 @@ impl Annotation {
}
},
// Hypervisor Network related annotations
KATA_ANNO_CONF_HYPERVISOR_DISABLE_VHOST_NET => match self.get_bool(key) {
KATA_ANNO_CFG_HYPERVISOR_DISABLE_VHOST_NET => match self.get_bool(key) {
Ok(r) => {
hv.network_info.disable_vhost_net = r.unwrap_or_default();
}
@ -754,7 +744,7 @@ impl Annotation {
return Err(e);
}
},
KATA_ANNO_CONF_HYPERVISOR_RX_RATE_LIMITER_MAX_RATE => match self.get_u64(key) {
KATA_ANNO_CFG_HYPERVISOR_RX_RATE_LIMITER_MAX_RATE => match self.get_u64(key) {
Ok(r) => {
hv.network_info.rx_rate_limiter_max_rate = r.unwrap_or_default();
}
@ -762,7 +752,7 @@ impl Annotation {
return Err(e);
}
},
KATA_ANNO_CONF_HYPERVISOR_TX_RATE_LIMITER_MAX_RATE => match self.get_u64(key) {
KATA_ANNO_CFG_HYPERVISOR_TX_RATE_LIMITER_MAX_RATE => match self.get_u64(key) {
Ok(r) => {
hv.network_info.tx_rate_limiter_max_rate = r.unwrap_or_default();
}
@ -771,11 +761,11 @@ impl Annotation {
}
},
// Hypervisor Security related annotations
KATA_ANNO_CONF_HYPERVISOR_GUEST_HOOK_PATH => {
KATA_ANNO_CFG_HYPERVISOR_GUEST_HOOK_PATH => {
hv.security_info.validate_path(value)?;
hv.security_info.guest_hook_path = value.to_string();
}
KATA_ANNO_CONF_HYPERVISOR_ENABLE_ROOTLESS_HYPERVISOR => {
KATA_ANNO_CFG_HYPERVISOR_ENABLE_ROOTLESS_HYPERVISOR => {
match self.get_bool(key) {
Ok(r) => {
hv.security_info.rootless = r.unwrap_or_default();
@ -786,19 +776,19 @@ impl Annotation {
}
}
// Hypervisor Shared File System related annotations
KATA_ANNO_CONF_HYPERVISOR_SHARED_FS => {
KATA_ANNO_CFG_HYPERVISOR_SHARED_FS => {
hv.shared_fs.shared_fs = self.get(key);
}
KATA_ANNO_CONF_HYPERVISOR_VIRTIO_FS_DAEMON => {
KATA_ANNO_CFG_HYPERVISOR_VIRTIO_FS_DAEMON => {
hv.shared_fs.validate_virtiofs_daemon_path(value)?;
hv.shared_fs.virtio_fs_daemon = value.to_string();
}
KATA_ANNO_CONF_HYPERVISOR_VIRTIO_FS_CACHE => {
KATA_ANNO_CFG_HYPERVISOR_VIRTIO_FS_CACHE => {
hv.shared_fs.virtio_fs_cache = value.to_string();
}
KATA_ANNO_CONF_HYPERVISOR_VIRTIO_FS_CACHE_SIZE => match self.get_u32(key) {
KATA_ANNO_CFG_HYPERVISOR_VIRTIO_FS_CACHE_SIZE => match self.get_u32(key) {
Ok(r) => {
hv.shared_fs.virtio_fs_cache_size = r.unwrap_or_default();
}
@ -806,14 +796,14 @@ impl Annotation {
return Err(e);
}
},
KATA_ANNO_CONF_HYPERVISOR_VIRTIO_FS_EXTRA_ARGS => {
KATA_ANNO_CFG_HYPERVISOR_VIRTIO_FS_EXTRA_ARGS => {
let args: Vec<String> =
value.to_string().split(',').map(str::to_string).collect();
for arg in args {
hv.shared_fs.virtio_fs_extra_args.push(arg.to_string());
}
}
KATA_ANNO_CONF_HYPERVISOR_MSIZE_9P => match self.get_u32(key) {
KATA_ANNO_CFG_HYPERVISOR_MSIZE_9P => match self.get_u32(key) {
Ok(v) => {
hv.shared_fs.msize_9p = v.unwrap_or_default();
}
@ -832,14 +822,14 @@ impl Annotation {
} else {
match key.as_str() {
//update agent config
KATA_ANNO_CONF_KERNEL_MODULES => {
KATA_ANNO_CFG_KERNEL_MODULES => {
let kernel_mod: Vec<String> =
value.to_string().split(';').map(str::to_string).collect();
for modules in kernel_mod {
ag.kernel_modules.push(modules.to_string());
}
}
KATA_ANNO_CONF_AGENT_TRACE => match self.get_bool(key) {
KATA_ANNO_CFG_AGENT_TRACE => match self.get_bool(key) {
Ok(r) => {
ag.enable_tracing = r.unwrap_or_default();
}
@ -847,7 +837,7 @@ impl Annotation {
return Err(e);
}
},
KATA_ANNO_CONF_AGENT_CONTAINER_PIPE_SIZE => match self.get_u32(key) {
KATA_ANNO_CFG_AGENT_CONTAINER_PIPE_SIZE => match self.get_u32(key) {
Ok(v) => {
ag.container_pipe_size = v.unwrap_or_default();
}
@ -856,7 +846,7 @@ impl Annotation {
}
},
//update runtume config
KATA_ANNO_CONF_DISABLE_GUEST_SECCOMP => match self.get_bool(key) {
KATA_ANNO_CFG_DISABLE_GUEST_SECCOMP => match self.get_bool(key) {
Ok(r) => {
config.runtime.disable_guest_seccomp = r.unwrap_or_default();
}
@ -864,7 +854,7 @@ impl Annotation {
return Err(e);
}
},
KATA_ANNO_CONF_ENABLE_PPROF => match self.get_bool(key) {
KATA_ANNO_CFG_ENABLE_PPROF => match self.get_bool(key) {
Ok(r) => {
config.runtime.enable_pprof = r.unwrap_or_default();
}
@ -872,17 +862,17 @@ impl Annotation {
return Err(e);
}
},
KATA_ANNO_CONF_EXPERIMENTAL => {
KATA_ANNO_CFG_EXPERIMENTAL => {
let args: Vec<String> =
value.to_string().split(',').map(str::to_string).collect();
for arg in args {
config.runtime.experimental.push(arg.to_string());
}
}
KATA_ANNO_CONF_INTER_NETWORK_MODEL => {
KATA_ANNO_CFG_INTER_NETWORK_MODEL => {
config.runtime.internetworking_model = value.to_string();
}
KATA_ANNO_CONF_SANDBOX_CGROUP_ONLY => match self.get_bool(key) {
KATA_ANNO_CFG_SANDBOX_CGROUP_ONLY => match self.get_bool(key) {
Ok(r) => {
config.runtime.sandbox_cgroup_only = r.unwrap_or_default();
}
@ -890,7 +880,7 @@ impl Annotation {
return Err(e);
}
},
KATA_ANNO_CONF_DISABLE_NEW_NETNS => match self.get_bool(key) {
KATA_ANNO_CFG_DISABLE_NEW_NETNS => match self.get_bool(key) {
Ok(r) => {
config.runtime.disable_new_netns = r.unwrap_or_default();
}
@ -898,7 +888,7 @@ impl Annotation {
return Err(e);
}
},
KATA_ANNO_CONF_VFIO_MODE => {
KATA_ANNO_CFG_VFIO_MODE => {
config.runtime.vfio_mode = value.to_string();
}
_ => {

2
src/libs/kata-types/src/annotations/thirdparty.rs
View File

@ -9,6 +9,4 @@
/// Annotation to enable SGX.
///
/// Hardware-based isolation and memory encryption.
// Supported suffixes are: Ki | Mi | Gi | Ti | Pi | Ei . For example: 4Mi
// For more information about supported suffixes see https://physics.nist.gov/cuu/Units/binary.html
pub const SGXEPC: &str = "sgx.intel.com/epc";

2
src/libs/kata-types/src/config/default.rs
View File

@ -23,7 +23,7 @@ pub const DEFAULT_BLOCK_DEVICE_TYPE: &str = "virtio-blk";
pub const DEFAULT_VHOST_USER_STORE_PATH: &str = "/var/run/vhost-user";
pub const DEFAULT_BLOCK_NVDIMM_MEM_OFFSET: u64 = 0;
pub const DEFAULT_SHARED_FS_TYPE: &str = "virtio-9p";
pub const DEFAULT_SHARED_FS_TYPE: &str = "virtio-fs";
pub const DEFAULT_VIRTIO_FS_CACHE_MODE: &str = "none";
pub const DEFAULT_VIRTIO_FS_DAX_SIZE_MB: u32 = 1024;
pub const DEFAULT_SHARED_9PFS_SIZE: u32 = 128 * 1024;

26
src/libs/kata-types/src/config/hypervisor/mod.rs
View File

@ -31,7 +31,7 @@ use lazy_static::lazy_static;
use regex::RegexSet;
use super::{default, ConfigOps, ConfigPlugin, TomlConfig};
use crate::annotations::KATA_ANNO_CONF_HYPERVISOR_PREFIX;
use crate::annotations::KATA_ANNO_CFG_HYPERVISOR_PREFIX;
use crate::{eother, resolve_path, validate_path};
mod dragonball;
@ -48,6 +48,7 @@ const VIRTIO_PMEM: &str = "nvdimm";
const VIRTIO_9P: &str = "virtio-9p";
const VIRTIO_FS: &str = "virtio-fs";
const VIRTIO_FS_INLINE: &str = "inline-virtio-fs";
const MAX_BRIDGE_SIZE: u32 = 5;
lazy_static! {
static ref HYPERVISOR_PLUGINS: Mutex<HashMap<String, Arc<dyn ConfigPlugin>>> =
@ -169,8 +170,8 @@ impl BlockDeviceInfo {
VIRTIO_BLK,
VIRTIO_BLK_CCW,
VIRTIO_BLK_MMIO,
VIRTIO_SCSI,
VIRTIO_PMEM,
VIRTIO_SCSI,
];
if !l.contains(&self.block_device_driver.as_str()) {
return Err(eother!(
@ -406,8 +407,8 @@ pub struct DeviceInfo {
impl DeviceInfo {
/// Adjust the configuration information after loading from configuration file.
pub fn adjust_configuration(&mut self) -> Result<()> {
if self.default_bridges > 5 {
self.default_bridges = 5;
if self.default_bridges > MAX_BRIDGE_SIZE {
self.default_bridges = MAX_BRIDGE_SIZE;
}
Ok(())
@ -415,7 +416,7 @@ impl DeviceInfo {
/// Validate the configuration information.
pub fn validate(&self) -> Result<()> {
if self.default_bridges > 5 {
if self.default_bridges > MAX_BRIDGE_SIZE {
return Err(eother!(
"The configured PCI bridges {} are too many",
self.default_bridges
@ -701,10 +702,10 @@ impl SecurityInfo {
/// Check whether annotation key is enabled or not.
pub fn is_annotation_enabled(&self, path: &str) -> bool {
if !path.starts_with(KATA_ANNO_CONF_HYPERVISOR_PREFIX) {
if !path.starts_with(KATA_ANNO_CFG_HYPERVISOR_PREFIX) {
return false;
}
let pos = KATA_ANNO_CONF_HYPERVISOR_PREFIX.len();
let pos = KATA_ANNO_CFG_HYPERVISOR_PREFIX.len();
let key = &path[pos..];
if let Ok(set) = RegexSet::new(&self.enable_annotations) {
return set.is_match(key);
@ -798,8 +799,8 @@ impl SharedFsInfo {
|| self.msize_9p > default::MAX_SHARED_9PFS_SIZE
{
return Err(eother!(
"Invalid 9p configuration msize 0x{:x}",
self.msize_9p
"Invalid 9p configuration msize 0x{:x}, min value is 0x{:x}, max value is 0x{:x}",
self.msize_9p,default::MIN_SHARED_9PFS_SIZE, default::MAX_SHARED_9PFS_SIZE
));
}
Ok(())
@ -842,10 +843,9 @@ impl SharedFsInfo {
"Virtio-fs daemon path {} is invalid: {}"
)?;
if self.virtio_fs_cache != "none"
&& self.virtio_fs_cache != "auto"
&& self.virtio_fs_cache != "always"
{
let l = ["none", "auto", "always"];
if !l.contains(&self.virtio_fs_cache.as_str()) {
return Err(eother!(
"Invalid virtio-fs cache mode: {}",
&self.virtio_fs_cache

3
src/libs/kata-types/src/config/hypervisor/qemu.rs
View File

@ -73,9 +73,6 @@ impl ConfigPlugin for QemuConfig {
if qemu.device_info.default_bridges == 0 {
qemu.device_info.default_bridges = default::DEFAULT_QEMU_PCI_BRIDGES;
if qemu.device_info.default_bridges > default::MAX_QEMU_PCI_BRIDGES {
qemu.device_info.default_bridges = default::MAX_QEMU_PCI_BRIDGES;
}
}
if qemu.machine_info.machine_type.is_empty() {

4
src/libs/kata-types/src/config/runtime_vendor.rs
View File

@ -32,10 +32,6 @@ impl ConfigOps for RuntimeVendor {
/// Validate the configuration information.
fn validate(conf: &TomlConfig) -> Result<()> {
if conf.runtime.vendor.log_level > 10 {
warn!(
sl!(),
"log level {} in configuration file is invalid", conf.runtime.vendor.log_level
);
return Err(eother!(
"log level {} in configuration file is invalid",
conf.runtime.vendor.log_level

98
src/libs/kata-types/tests/test-config.rs → src/libs/kata-types/tests/test_config.rs
View File

@ -5,19 +5,19 @@
#[cfg(test)]
mod tests {
use kata_types::annotations::{
Annotation, KATA_ANNO_CONF_AGENT_CONTAINER_PIPE_SIZE, KATA_ANNO_CONF_AGENT_TRACE,
KATA_ANNO_CONF_DISABLE_GUEST_SECCOMP, KATA_ANNO_CONF_ENABLE_PPROF,
KATA_ANNO_CONF_EXPERIMENTAL, KATA_ANNO_CONF_HYPERVISOR_BLOCK_DEVICE_CACHE_NOFLUSH,
KATA_ANNO_CONF_HYPERVISOR_BLOCK_DEVICE_DRIVER, KATA_ANNO_CONF_HYPERVISOR_CTLPATH,
KATA_ANNO_CONF_HYPERVISOR_DEFAULT_MEMORY, KATA_ANNO_CONF_HYPERVISOR_DEFAULT_VCPUS,
KATA_ANNO_CONF_HYPERVISOR_ENABLE_GUEST_SWAP, KATA_ANNO_CONF_HYPERVISOR_ENABLE_IO_THREADS,
KATA_ANNO_CONF_HYPERVISOR_ENABLE_SWAP, KATA_ANNO_CONF_HYPERVISOR_FILE_BACKED_MEM_ROOT_DIR,
KATA_ANNO_CONF_HYPERVISOR_GUEST_HOOK_PATH, KATA_ANNO_CONF_HYPERVISOR_HUGE_PAGES,
KATA_ANNO_CONF_HYPERVISOR_JAILER_PATH, KATA_ANNO_CONF_HYPERVISOR_KERNEL_PATH,
KATA_ANNO_CONF_HYPERVISOR_MEMORY_PREALLOC, KATA_ANNO_CONF_HYPERVISOR_MEMORY_SLOTS,
KATA_ANNO_CONF_HYPERVISOR_PATH, KATA_ANNO_CONF_HYPERVISOR_VHOSTUSER_STORE_PATH,
KATA_ANNO_CONF_HYPERVISOR_VIRTIO_FS_DAEMON, KATA_ANNO_CONF_HYPERVISOR_VIRTIO_FS_EXTRA_ARGS,
KATA_ANNO_CONF_HYPERVISOR_VIRTIO_MEM, KATA_ANNO_CONF_KERNEL_MODULES,
Annotation, KATA_ANNO_CFG_AGENT_CONTAINER_PIPE_SIZE, KATA_ANNO_CFG_AGENT_TRACE,
KATA_ANNO_CFG_DISABLE_GUEST_SECCOMP, KATA_ANNO_CFG_ENABLE_PPROF,
KATA_ANNO_CFG_EXPERIMENTAL, KATA_ANNO_CFG_HYPERVISOR_BLOCK_DEV_CACHE_NOFLUSH,
KATA_ANNO_CFG_HYPERVISOR_BLOCK_DEV_DRIVER, KATA_ANNO_CFG_HYPERVISOR_CTLPATH,
KATA_ANNO_CFG_HYPERVISOR_DEFAULT_MEMORY, KATA_ANNO_CFG_HYPERVISOR_DEFAULT_VCPUS,
KATA_ANNO_CFG_HYPERVISOR_ENABLE_GUEST_SWAP, KATA_ANNO_CFG_HYPERVISOR_ENABLE_IO_THREADS,
KATA_ANNO_CFG_HYPERVISOR_ENABLE_SWAP, KATA_ANNO_CFG_HYPERVISOR_FILE_BACKED_MEM_ROOT_DIR,
KATA_ANNO_CFG_HYPERVISOR_GUEST_HOOK_PATH, KATA_ANNO_CFG_HYPERVISOR_HUGE_PAGES,
KATA_ANNO_CFG_HYPERVISOR_JAILER_PATH, KATA_ANNO_CFG_HYPERVISOR_KERNEL_PATH,
KATA_ANNO_CFG_HYPERVISOR_MEMORY_PREALLOC, KATA_ANNO_CFG_HYPERVISOR_MEMORY_SLOTS,
KATA_ANNO_CFG_HYPERVISOR_PATH, KATA_ANNO_CFG_HYPERVISOR_VHOSTUSER_STORE_PATH,
KATA_ANNO_CFG_HYPERVISOR_VIRTIO_FS_DAEMON, KATA_ANNO_CFG_HYPERVISOR_VIRTIO_FS_EXTRA_ARGS,
KATA_ANNO_CFG_HYPERVISOR_VIRTIO_MEM, KATA_ANNO_CFG_KERNEL_MODULES,
};
use kata_types::config::KataConfig;
use kata_types::config::{QemuConfig, TomlConfig};
@ -67,104 +67,104 @@ mod tests {
.expect("failed to execute process");
let mut anno_hash = HashMap::new();
anno_hash.insert(
KATA_ANNO_CONF_KERNEL_MODULES.to_string(),
KATA_ANNO_CFG_KERNEL_MODULES.to_string(),
"j465 aaa=1;r33w".to_string(),
);
anno_hash.insert(KATA_ANNO_CONF_AGENT_TRACE.to_string(), "false".to_string());
anno_hash.insert(KATA_ANNO_CFG_AGENT_TRACE.to_string(), "false".to_string());
anno_hash.insert(
KATA_ANNO_CONF_AGENT_CONTAINER_PIPE_SIZE.to_string(),
KATA_ANNO_CFG_AGENT_CONTAINER_PIPE_SIZE.to_string(),
"3".to_string(),
);
anno_hash.insert(
KATA_ANNO_CONF_HYPERVISOR_PATH.to_string(),
KATA_ANNO_CFG_HYPERVISOR_PATH.to_string(),
"./hypervisor_path".to_string(),
);
anno_hash.insert(
KATA_ANNO_CONF_HYPERVISOR_BLOCK_DEVICE_DRIVER.to_string(),
KATA_ANNO_CFG_HYPERVISOR_BLOCK_DEV_DRIVER.to_string(),
"device".to_string(),
);
anno_hash.insert(
KATA_ANNO_CONF_HYPERVISOR_BLOCK_DEVICE_CACHE_NOFLUSH.to_string(),
KATA_ANNO_CFG_HYPERVISOR_BLOCK_DEV_CACHE_NOFLUSH.to_string(),
"false".to_string(),
);
anno_hash.insert(
KATA_ANNO_CONF_HYPERVISOR_VHOSTUSER_STORE_PATH.to_string(),
KATA_ANNO_CFG_HYPERVISOR_VHOSTUSER_STORE_PATH.to_string(),
"./store_path".to_string(),
);
anno_hash.insert(
KATA_ANNO_CONF_DISABLE_GUEST_SECCOMP.to_string(),
KATA_ANNO_CFG_DISABLE_GUEST_SECCOMP.to_string(),
"true".to_string(),
);
anno_hash.insert(
KATA_ANNO_CONF_HYPERVISOR_GUEST_HOOK_PATH.to_string(),
KATA_ANNO_CFG_HYPERVISOR_GUEST_HOOK_PATH.to_string(),
"./test_hypervisor_hook_path".to_string(),
);
anno_hash.insert(
KATA_ANNO_CONF_HYPERVISOR_MEMORY_PREALLOC.to_string(),
KATA_ANNO_CFG_HYPERVISOR_MEMORY_PREALLOC.to_string(),
"false".to_string(),
);
anno_hash.insert(
KATA_ANNO_CONF_HYPERVISOR_CTLPATH.to_string(),
KATA_ANNO_CFG_HYPERVISOR_CTLPATH.to_string(),
"./jvm".to_string(),
);
anno_hash.insert(
KATA_ANNO_CONF_HYPERVISOR_DEFAULT_VCPUS.to_string(),
KATA_ANNO_CFG_HYPERVISOR_DEFAULT_VCPUS.to_string(),
"12".to_string(),
);
anno_hash.insert(KATA_ANNO_CONF_ENABLE_PPROF.to_string(), "false".to_string());
anno_hash.insert(KATA_ANNO_CFG_ENABLE_PPROF.to_string(), "false".to_string());
anno_hash.insert(
KATA_ANNO_CONF_HYPERVISOR_ENABLE_GUEST_SWAP.to_string(),
KATA_ANNO_CFG_HYPERVISOR_ENABLE_GUEST_SWAP.to_string(),
"false".to_string(),
);
anno_hash.insert(
KATA_ANNO_CONF_HYPERVISOR_DEFAULT_MEMORY.to_string(),
KATA_ANNO_CFG_HYPERVISOR_DEFAULT_MEMORY.to_string(),
"100".to_string(),
);
anno_hash.insert(
KATA_ANNO_CONF_HYPERVISOR_ENABLE_IO_THREADS.to_string(),
KATA_ANNO_CFG_HYPERVISOR_ENABLE_IO_THREADS.to_string(),
"false".to_string(),
);
anno_hash.insert(
KATA_ANNO_CONF_HYPERVISOR_ENABLE_IO_THREADS.to_string(),
KATA_ANNO_CFG_HYPERVISOR_ENABLE_IO_THREADS.to_string(),
"false".to_string(),
);
anno_hash.insert(
KATA_ANNO_CONF_HYPERVISOR_ENABLE_SWAP.to_string(),
KATA_ANNO_CFG_HYPERVISOR_ENABLE_SWAP.to_string(),
"false".to_string(),
);
anno_hash.insert(
KATA_ANNO_CONF_HYPERVISOR_FILE_BACKED_MEM_ROOT_DIR.to_string(),
KATA_ANNO_CFG_HYPERVISOR_FILE_BACKED_MEM_ROOT_DIR.to_string(),
"./test_file_backend_mem_root".to_string(),
);
anno_hash.insert(
KATA_ANNO_CONF_HYPERVISOR_HUGE_PAGES.to_string(),
KATA_ANNO_CFG_HYPERVISOR_HUGE_PAGES.to_string(),
"false".to_string(),
);
anno_hash.insert(
KATA_ANNO_CONF_HYPERVISOR_JAILER_PATH.to_string(),
KATA_ANNO_CFG_HYPERVISOR_JAILER_PATH.to_string(),
"./test_jailer_path".to_string(),
);
anno_hash.insert(
KATA_ANNO_CONF_HYPERVISOR_KERNEL_PATH.to_string(),
KATA_ANNO_CFG_HYPERVISOR_KERNEL_PATH.to_string(),
"./test_kernel_path".to_string(),
);
anno_hash.insert(
KATA_ANNO_CONF_HYPERVISOR_MEMORY_SLOTS.to_string(),
KATA_ANNO_CFG_HYPERVISOR_MEMORY_SLOTS.to_string(),
"100".to_string(),
);
anno_hash.insert(
KATA_ANNO_CONF_HYPERVISOR_VIRTIO_FS_EXTRA_ARGS.to_string(),
KATA_ANNO_CFG_HYPERVISOR_VIRTIO_FS_EXTRA_ARGS.to_string(),
"rr,dg,er".to_string(),
);
anno_hash.insert(
KATA_ANNO_CONF_HYPERVISOR_VIRTIO_MEM.to_string(),
KATA_ANNO_CFG_HYPERVISOR_VIRTIO_MEM.to_string(),
"false".to_string(),
);
anno_hash.insert(
KATA_ANNO_CONF_HYPERVISOR_VIRTIO_FS_DAEMON.to_string(),
KATA_ANNO_CFG_HYPERVISOR_VIRTIO_FS_DAEMON.to_string(),
"./virtio_fs".to_string(),
);
anno_hash.insert(KATA_ANNO_CONF_EXPERIMENTAL.to_string(), "c,d,e".to_string());
anno_hash.insert(KATA_ANNO_CFG_EXPERIMENTAL.to_string(), "c,d,e".to_string());
let anno = Annotation::new(anno_hash);
let mut config = TomlConfig::load(&content).unwrap();
@ -286,7 +286,7 @@ mod tests {
let mut anno_hash = HashMap::new();
anno_hash.insert(
KATA_ANNO_CONF_HYPERVISOR_BLOCK_DEVICE_DRIVER.to_string(),
KATA_ANNO_CFG_HYPERVISOR_BLOCK_DEV_DRIVER.to_string(),
"fvfvfvfvf".to_string(),
);
let anno = Annotation::new(anno_hash);
@ -309,7 +309,7 @@ mod tests {
let mut anno_hash = HashMap::new();
anno_hash.insert(
KATA_ANNO_CONF_HYPERVISOR_ENABLE_GUEST_SWAP.to_string(),
KATA_ANNO_CFG_HYPERVISOR_ENABLE_GUEST_SWAP.to_string(),
"false".to_string(),
);
let anno = Annotation::new(anno_hash);
@ -332,7 +332,7 @@ mod tests {
let mut anno_hash = HashMap::new();
anno_hash.insert(
KATA_ANNO_CONF_HYPERVISOR_PATH.to_string(),
KATA_ANNO_CFG_HYPERVISOR_PATH.to_string(),
"/usr/bin/nle".to_string(),
);
let anno = Annotation::new(anno_hash);
@ -360,7 +360,7 @@ mod tests {
let mut anno_hash = HashMap::new();
anno_hash.insert(
KATA_ANNO_CONF_HYPERVISOR_KERNEL_PATH.to_string(),
KATA_ANNO_CFG_HYPERVISOR_KERNEL_PATH.to_string(),
"/usr/bin/cdcd".to_string(),
);
let anno = Annotation::new(anno_hash);
@ -382,7 +382,7 @@ mod tests {
let mut anno_hash = HashMap::new();
anno_hash.insert(
KATA_ANNO_CONF_HYPERVISOR_MEMORY_SLOTS.to_string(),
KATA_ANNO_CFG_HYPERVISOR_MEMORY_SLOTS.to_string(),
"-1".to_string(),
);
let anno = Annotation::new(anno_hash);
@ -405,7 +405,7 @@ mod tests {
let mut anno_hash = HashMap::new();
anno_hash.insert(
KATA_ANNO_CONF_HYPERVISOR_DEFAULT_MEMORY.to_string(),
KATA_ANNO_CFG_HYPERVISOR_DEFAULT_MEMORY.to_string(),
"10".to_string(),
);
let anno = Annotation::new(anno_hash);
@ -428,7 +428,7 @@ mod tests {
let mut anno_hash = HashMap::new();
anno_hash.insert(
KATA_ANNO_CONF_HYPERVISOR_DEFAULT_VCPUS.to_string(),
KATA_ANNO_CFG_HYPERVISOR_DEFAULT_VCPUS.to_string(),
"400".to_string(),
);
let anno = Annotation::new(anno_hash);
@ -451,7 +451,7 @@ mod tests {
let mut anno_hash = HashMap::new();
anno_hash.insert(
KATA_ANNO_CONF_HYPERVISOR_ENABLE_GUEST_SWAP.to_string(),
KATA_ANNO_CFG_HYPERVISOR_ENABLE_GUEST_SWAP.to_string(),
"false1".to_string(),
);
let anno = Annotation::new(anno_hash);
@ -474,7 +474,7 @@ mod tests {
let mut anno_hash = HashMap::new();
anno_hash.insert(
KATA_ANNO_CONF_HYPERVISOR_DEFAULT_VCPUS.to_string(),
KATA_ANNO_CFG_HYPERVISOR_DEFAULT_VCPUS.to_string(),
"ddc".to_string(),
);
let anno = Annotation::new(anno_hash);