github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-08-21 01:13:56 +00:00
Code Issues Projects Releases Wiki Activity

runtime: allow initrd AND image to be set

Browse Source 
Currently, only an image OR initrd can be set.
This commit changes that, allowing both to be set at the same time.

Signed-off-by: charludo <git@charlotteharludo.com>
This commit is contained in:
Charlotte Hartmann Paludo 2025-08-05 10:19:08 +02:00
parent c47bff6d6a
commit f058199f30
No known key found for this signature in database
6 changed files with 56 additions and 58 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
src/runtime/virtcontainers/clh.go
View File

@ -587,15 +587,14 @@ func (clh *cloudHypervisor) CreateVM(ctx context.Context, id string, network Net
clh.vmconfig.Rng.SetIommu(clh.config.IOMMU) clh.vmconfig.Rng.SetIommu(clh.config.IOMMU)
// set the initial root/boot disk of hypervisor // set the initial root/boot disk of hypervisor
assetPath, assetType, err := clh.config.ImageOrInitrdAssetPath() imagePath, err := clh.config.ImageAssetPath()
if err != nil { if err != nil {
return err return err
} }
if imagePath != "" {
if assetType == types.ImageAsset {
if clh.config.DisableImageNvdimm || clh.config.ConfidentialGuest { if clh.config.DisableImageNvdimm || clh.config.ConfidentialGuest {
disk := chclient.NewDiskConfig() disk := chclient.NewDiskConfig()
disk.Path = &assetPath disk.Path = &imagePath
disk.SetReadonly(true) disk.SetReadonly(true)
diskRateLimiterConfig := clh.getDiskRateLimiterConfig() diskRateLimiterConfig := clh.getDiskRateLimiterConfig()
@ -609,7 +608,7 @@ func (clh *cloudHypervisor) CreateVM(ctx context.Context, id string, network Net
clh.vmconfig.Disks = &[]chclient.DiskConfig{*disk} clh.vmconfig.Disks = &[]chclient.DiskConfig{*disk}
} }
} else { } else {
pmem := chclient.NewPmemConfig(assetPath) pmem := chclient.NewPmemConfig(imagePath)
*pmem.DiscardWrites = true *pmem.DiscardWrites = true
pmem.SetIommu(clh.config.IOMMU) pmem.SetIommu(clh.config.IOMMU)
@ -619,9 +618,13 @@ func (clh *cloudHypervisor) CreateVM(ctx context.Context, id string, network Net
clh.vmconfig.Pmem = &[]chclient.PmemConfig{*pmem} clh.vmconfig.Pmem = &[]chclient.PmemConfig{*pmem}
} }
} }
} else { }
// assetType == types.InitrdAsset initrdPath, err := clh.config.ImageAssetPath()
clh.vmconfig.Payload.SetInitramfs(assetPath) if err != nil {
return err
}
if initrdPath != "" {
clh.vmconfig.Payload.SetInitramfs(initrdPath)
} }
if clh.config.ConfidentialGuest { if clh.config.ConfidentialGuest {

2
src/runtime/virtcontainers/fc.go
View File

@ -721,7 +721,7 @@ func (fc *firecracker) fcInitConfiguration(ctx context.Context) error {
return err return err
} }
assetPath, _, err := fc.config.ImageOrInitrdAssetPath() assetPath, err := fc.config.ImageOrInitrdAssetPath()
if err != nil { if err != nil {
return err return err
} }

61
src/runtime/virtcontainers/hypervisor.go
View File

@ -332,7 +332,6 @@ type HypervisorConfig struct {
ImagePath string ImagePath string
// InitrdPath is the guest initrd image host path. // InitrdPath is the guest initrd image host path.
// ImagePath and InitrdPath cannot be set at the same time.
InitrdPath string InitrdPath string
// RootfsType is filesystem type of rootfs. // RootfsType is filesystem type of rootfs.
@ -760,50 +759,44 @@ func (conf *HypervisorConfig) AddCustomAsset(a *types.Asset) error {
return nil return nil
} }
// ImageOrInitrdAssetPath returns an image or an initrd path, along with the corresponding asset type func (conf *HypervisorConfig) ImageOrInitrdAssetPath() (string, error) {
// Annotation path is preferred to config path. imagePath, err := conf.ImageAssetPath()
func (conf *HypervisorConfig) ImageOrInitrdAssetPath() (string, types.AssetType, error) { if err != nil {
var image, initrd string return "", err
}
checkAndReturn := func(image string, initrd string) (string, types.AssetType, error) { initrdPath, err := conf.InitrdAssetPath()
if image != "" && initrd != "" { if err != nil {
return "", types.UnkownAsset, conflictingAssets return "", err
} }
if image != "" { if imagePath == "" && initrdPath == "" {
return image, types.ImageAsset, nil return "", fmt.Errorf("one of image and initrd must be set")
}
if imagePath != "" && initrdPath != "" {
return "", conflictingAssets
} }
if initrd != "" { if imagePath != "" {
return initrd, types.InitrdAsset, nil return imagePath, nil
} else {
return initrdPath, nil
}
}
func (conf *HypervisorConfig) UseSecureBootAssets() bool {
imagePath, _ := conf.ImageAssetPath()
initrdPath, _ := conf.InitrdAssetPath()
if imagePath != "" || initrdPath != "" {
return false
} }
// Even if neither image nor initrd are set, we still need to return // Even if neither image nor initrd are set, we still need to return
// if we are running a confidential guest on QemuCCWVirtio. (IBM Z Secure Execution) // if we are running a confidential guest on QemuCCWVirtio. (IBM Z Secure Execution)
if conf.ConfidentialGuest && conf.HypervisorMachineType == QemuCCWVirtio { if conf.ConfidentialGuest && conf.HypervisorMachineType == QemuCCWVirtio {
return "", types.SecureBootAsset, nil return true
} }
return "", types.UnkownAsset, fmt.Errorf("one of image and initrd must be set") return false
}
if a, ok := conf.customAssets[types.ImageAsset]; ok {
image = a.Path()
}
if a, ok := conf.customAssets[types.InitrdAsset]; ok {
initrd = a.Path()
}
path, assetType, err := checkAndReturn(image, initrd)
if assetType != types.UnkownAsset {
return path, assetType, nil
}
if err == conflictingAssets {
return "", types.UnkownAsset, errors.Wrapf(err, "conflicting annotations")
}
return checkAndReturn(conf.ImagePath, conf.InitrdPath)
} }
func (conf *HypervisorConfig) assetPath(t types.AssetType) (string, error) { func (conf *HypervisorConfig) assetPath(t types.AssetType) (string, error) {

2
src/runtime/virtcontainers/hypervisor_config_darwin.go
View File

@ -21,8 +21,6 @@ func validateHypervisorConfig(conf *HypervisorConfig) error {
if conf.ImagePath == "" && conf.InitrdPath == "" { if conf.ImagePath == "" && conf.InitrdPath == "" {
return fmt.Errorf("Missing image and initrd path") return fmt.Errorf("Missing image and initrd path")
} else if conf.ImagePath != "" && conf.InitrdPath != "" {
return fmt.Errorf("Image and initrd path cannot be both set")
} }
if conf.NumVCPUs == 0 { if conf.NumVCPUs == 0 {

2
src/runtime/virtcontainers/hypervisor_config_linux.go
View File

@ -28,8 +28,6 @@ func validateHypervisorConfig(conf *HypervisorConfig) error {
} }
} else if conf.ImagePath == "" && conf.InitrdPath == "" { } else if conf.ImagePath == "" && conf.InitrdPath == "" {
return fmt.Errorf("Missing image and initrd path") return fmt.Errorf("Missing image and initrd path")
} else if conf.ImagePath != "" && conf.InitrdPath != "" {
return fmt.Errorf("Image and initrd path cannot be both set")
} }
if err := conf.CheckTemplateConfig(); err != nil { if err := conf.CheckTemplateConfig(); err != nil {

20
src/runtime/virtcontainers/qemu.go
View File

@ -435,20 +435,26 @@ func (q *qemu) buildDevices(ctx context.Context, kernelPath string) ([]govmmQemu
return nil, nil, nil, err return nil, nil, nil, err
} }
assetPath, assetType, err := q.config.ImageOrInitrdAssetPath() imagePath, err := q.config.ImageAssetPath()
if err != nil { if err != nil {
return nil, nil, nil, err return nil, nil, nil, err
} }
if imagePath != "" {
devices, err = q.arch.appendImage(ctx, devices, imagePath)
if err != nil {
return nil, nil, nil, err
}
}
if assetType == types.ImageAsset { initrdPath, err := q.config.InitrdAssetPath()
devices, err = q.arch.appendImage(ctx, devices, assetPath)
if err != nil { if err != nil {
return nil, nil, nil, err return nil, nil, nil, err
} }
} else if assetType == types.InitrdAsset { if initrdPath != "" {
// InitrdAsset, need to set kernel initrd path kernel.InitrdPath = initrdPath
kernel.InitrdPath = assetPath }
} else if assetType == types.SecureBootAsset {
if q.config.UseSecureBootAssets() {
// SecureBootAsset, no need to set image or initrd path // SecureBootAsset, no need to set image or initrd path
q.Logger().Info("For IBM Z Secure Execution, initrd path should not be set") q.Logger().Info("For IBM Z Secure Execution, initrd path should not be set")
kernel.InitrdPath = "" kernel.InitrdPath = ""