agent: Launch api-server-rest

If 'rest_api' is configured, let's start the api-server-rest after the attestation-agent and the confidential-data-hub have been started. Fixes: #7555 Signed-off-by: Biao Lu <biao.lu@intel.com> Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com> Signed-off-by: Linda Yu <linda.yu@intel.com> Co-authored-by: stevenhorsman <steven@uk.ibm.com> Co-authored-by: Jakob Naucke <jakob.naucke@ibm.com> Co-authored-by: Wang, Arron <arron.wang@intel.com> Co-authored-by: zhouliang121 <liang.a.zhou@linux.alibaba.com> Co-authored-by: Alex Carter <alex.carter@ibm.com> Co-authored-by: Suraj Deshmukh <suraj.deshmukh@microsoft.com> Co-authored-by: Xynnn007 <xynnn@linux.alibaba.com>
2025-09-19 07:49:17 +00:00 · 2023-08-30 16:48:18 +08:00
parent 4d752e6350
commit f0edec84f6
2 changed files with 21 additions and 4 deletions
--- a/src/agent/src/config.rs
+++ b/src/agent/src/config.rs
@@ -27,7 +27,7 @@ const LOG_VPORT_OPTION: &str = "agent.log_vport";
 const CONTAINER_PIPE_SIZE_OPTION: &str = "agent.container_pipe_size";
 const UNIFIED_CGROUP_HIERARCHY_OPTION: &str = "systemd.unified_cgroup_hierarchy";
 const CONFIG_FILE: &str = "agent.config_file";
-const REST_API_OPTION: &str = "agent.guest_components_rest_api";
+const GUEST_COMPONENTS_REST_API_OPTION: &str = "agent.guest_components_rest_api";

 // Configure the proxy settings for HTTPS requests in the guest,
 // to solve the problem of not being able to access the specified image in some cases.
@@ -310,7 +310,7 @@ impl AgentConfig {
            parse_cmdline_param!(param, NO_PROXY, config.no_proxy, get_string_value);
            parse_cmdline_param!(
                param,
-                REST_API_OPTION,
+                GUEST_COMPONENTS_REST_API_OPTION,
                config.guest_components_rest_api,
                get_guest_components_features_value
            );
--- a/src/agent/src/main.rs
+++ b/src/agent/src/main.rs
@@ -58,6 +58,7 @@ mod util;
 mod version;
 mod watcher;

+use config::GuestComponentsFeatures;
 use mount::{cgroups_mount, general_mount};
 use sandbox::Sandbox;
 use signal::setup_signal_handler;
@@ -401,7 +402,7 @@ async fn start_sandbox(
    sandbox.lock().await.sender = Some(tx);

    if Path::new(CDH_PATH).exists() && Path::new(AA_PATH).exists() {
-        init_attestation_components(logger)?;
+        init_attestation_components(logger, config)?;
    }

    // vsock:///dev/vsock, port
@@ -415,7 +416,7 @@ async fn start_sandbox(
 }

 // Start-up attestation-agent, CDH and api-server-rest if they are packaged in the rootfs
-fn init_attestation_components(logger: &Logger) -> Result<()> {
+fn init_attestation_components(logger: &Logger, _config: &AgentConfig) -> Result<()> {
    // The Attestation Agent will run for the duration of the guest.
    launch_process(
        logger,
@@ -434,6 +435,22 @@ fn init_attestation_components(logger: &Logger) -> Result<()> {
        DEFAULT_LAUNCH_PROCESS_TIMEOUT,
    ) {
        error!(logger, "launch_process {} failed: {:?}", CDH_PATH, e);
+    } else {
+        let features = _config.guest_components_rest_api;
+        match features {
+            GuestComponentsFeatures::None => {}
+            _ => {
+                if let Err(e) = launch_process(
+                    logger,
+                    API_SERVER_PATH,
+                    &vec!["--features", &features.to_string()],
+                    "",
+                    0,
+                ) {
+                    error!(logger, "launch_process {} failed: {:?}", API_SERVER_PATH, e);
+                }
+            }
+        }
    }

    Ok(())