agent: Launch api-server-rest

If 'rest_api' is configured, let's start the  api-server-rest after
the attestation-agent and the confidential-data-hub have been started.

Fixes: #7555

Signed-off-by: Biao Lu <biao.lu@intel.com>
Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
Signed-off-by: Linda Yu <linda.yu@intel.com>
Co-authored-by: stevenhorsman <steven@uk.ibm.com>
Co-authored-by: Jakob Naucke <jakob.naucke@ibm.com>
Co-authored-by: Wang, Arron <arron.wang@intel.com>
Co-authored-by: zhouliang121 <liang.a.zhou@linux.alibaba.com>
Co-authored-by: Alex Carter <alex.carter@ibm.com>
Co-authored-by: Suraj Deshmukh <suraj.deshmukh@microsoft.com>
Co-authored-by: Xynnn007 <xynnn@linux.alibaba.com>

src/agent/src/config.rs

@@ -27,7 +27,7 @@ const LOG_VPORT_OPTION: &str = "agent.log_vport";
 const CONTAINER_PIPE_SIZE_OPTION: &str = "agent.container_pipe_size";
 const UNIFIED_CGROUP_HIERARCHY_OPTION: &str = "systemd.unified_cgroup_hierarchy";
 const CONFIG_FILE: &str = "agent.config_file";
-const REST_API_OPTION: &str = "agent.guest_components_rest_api";
+const GUEST_COMPONENTS_REST_API_OPTION: &str = "agent.guest_components_rest_api";
 
 // Configure the proxy settings for HTTPS requests in the guest,
 // to solve the problem of not being able to access the specified image in some cases.
@@ -310,7 +310,7 @@ impl AgentConfig {
             parse_cmdline_param!(param, NO_PROXY, config.no_proxy, get_string_value);
             parse_cmdline_param!(
                 param,
-                REST_API_OPTION,
+                GUEST_COMPONENTS_REST_API_OPTION,
                 config.guest_components_rest_api,
                 get_guest_components_features_value
             );

src/agent/src/main.rs

@@ -58,6 +58,7 @@ mod util;
 mod version;
 mod watcher;
 
+use config::GuestComponentsFeatures;
 use mount::{cgroups_mount, general_mount};
 use sandbox::Sandbox;
 use signal::setup_signal_handler;
@@ -401,7 +402,7 @@ async fn start_sandbox(
     sandbox.lock().await.sender = Some(tx);
 
     if Path::new(CDH_PATH).exists() && Path::new(AA_PATH).exists() {
-        init_attestation_components(logger)?;
+        init_attestation_components(logger, config)?;
     }
 
     // vsock:///dev/vsock, port
@@ -415,7 +416,7 @@ async fn start_sandbox(
 }
 
 // Start-up attestation-agent, CDH and api-server-rest if they are packaged in the rootfs
-fn init_attestation_components(logger: &Logger) -> Result<()> {
+fn init_attestation_components(logger: &Logger, _config: &AgentConfig) -> Result<()> {
     // The Attestation Agent will run for the duration of the guest.
     launch_process(
         logger,
@@ -434,6 +435,22 @@ fn init_attestation_components(logger: &Logger) -> Result<()> {
         DEFAULT_LAUNCH_PROCESS_TIMEOUT,
     ) {
         error!(logger, "launch_process {} failed: {:?}", CDH_PATH, e);
+    } else {
+        let features = _config.guest_components_rest_api;
+        match features {
+            GuestComponentsFeatures::None => {}
+            _ => {
+                if let Err(e) = launch_process(
+                    logger,
+                    API_SERVER_PATH,
+                    &vec!["--features", &features.to_string()],
+                    "",
+                    0,
+                ) {
+                    error!(logger, "launch_process {} failed: {:?}", API_SERVER_PATH, e);
+                }
+            }
+        }
     }
 
     Ok(())