From 70e4dc550a35cf9433236ac8dbb3a9b12acd4cc1 Mon Sep 17 00:00:00 2001 From: "James O. D. Hunt" Date: Thu, 29 Nov 2018 08:19:33 +0000 Subject: [PATCH 1/3] config: Move check code to end of LoadConfiguration Move the VSOCK handling code higher up so that all the checking code is gathered together at the end of `LoadConfiguration()`. Signed-off-by: James O. D. Hunt --- pkg/katautils/config.go | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/pkg/katautils/config.go b/pkg/katautils/config.go index f915fb4274..0b2c57dba6 100644 --- a/pkg/katautils/config.go +++ b/pkg/katautils/config.go @@ -651,11 +651,6 @@ func LoadConfiguration(configPath string, ignoreLogging, builtIn bool) (resolved return "", config, err } - config.DisableNewNetNs = tomlConf.Runtime.DisableNewNetNs - if err := checkNetNsConfig(config); err != nil { - return "", config, err - } - // use no proxy if HypervisorConfig.UseVSock is true if config.HypervisorConfig.UseVSock { kataUtilsLogger.Info("VSOCK supported, configure to not use proxy") @@ -663,6 +658,11 @@ func LoadConfiguration(configPath string, ignoreLogging, builtIn bool) (resolved config.ProxyConfig = vc.ProxyConfig{} } + config.DisableNewNetNs = tomlConf.Runtime.DisableNewNetNs + if err := checkNetNsConfig(config); err != nil { + return "", config, err + } + if err := checkHypervisorConfig(config.HypervisorConfig); err != nil { return "", config, err } From fe784c1e36669eb64eeeb5ae662cffb1d983b75f Mon Sep 17 00:00:00 2001 From: "James O. D. Hunt" Date: Thu, 29 Nov 2018 08:28:14 +0000 Subject: [PATCH 2/3] config: Create function to check config options Moved the checking routines in `LoadConfiguration()` to a new `checkConfig()` function for clarity. Signed-off-by: James O. D. Hunt --- pkg/katautils/config.go | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/pkg/katautils/config.go b/pkg/katautils/config.go index 0b2c57dba6..7d333caba8 100644 --- a/pkg/katautils/config.go +++ b/pkg/katautils/config.go @@ -659,17 +659,27 @@ func LoadConfiguration(configPath string, ignoreLogging, builtIn bool) (resolved } config.DisableNewNetNs = tomlConf.Runtime.DisableNewNetNs - if err := checkNetNsConfig(config); err != nil { - return "", config, err - } - if err := checkHypervisorConfig(config.HypervisorConfig); err != nil { + if err := checkConfig(config); err != nil { return "", config, err } return resolved, config, nil } +// checkConfig checks the validity of the specified config. +func checkConfig(config oci.RuntimeConfig) error { + if err := checkNetNsConfig(config); err != nil { + return err + } + + if err := checkHypervisorConfig(config.HypervisorConfig); err != nil { + return err + } + + return nil +} + func updateConfig(configPath string, tomlConf tomlConfig, config *oci.RuntimeConfig, builtIn bool) error { if err := updateRuntimeConfig(configPath, tomlConf, config); err != nil { From 0bf29c8207d6e62987f738ffc781a745dc6b9ba3 Mon Sep 17 00:00:00 2001 From: "James O. D. Hunt" Date: Thu, 29 Nov 2018 08:33:15 +0000 Subject: [PATCH 3/3] config: Check factory config If VM factory templating is enabled (`enable_template=true`), error if the configured image is not an `initrd=` one. Also add a note to the config file explaining that a normal image cannot be used - only initrd images are supported. Fixes #948. Signed-off-by: James O. D. Hunt --- cli/config/configuration.toml.in | 2 ++ pkg/katautils/config.go | 13 ++++++++++ pkg/katautils/config_test.go | 41 ++++++++++++++++++++++++++++++++ 3 files changed, 56 insertions(+) diff --git a/cli/config/configuration.toml.in b/cli/config/configuration.toml.in index f9fbda1d02..89ea3e560e 100644 --- a/cli/config/configuration.toml.in +++ b/cli/config/configuration.toml.in @@ -193,6 +193,8 @@ enable_iothreads = @DEFENABLEIOTHREADS@ # # When disabled, new VMs are created from scratch. # +# Note: Requires "initrd=" to be set ("image=" is not supported). +# # Default false #enable_template = true diff --git a/pkg/katautils/config.go b/pkg/katautils/config.go index 7d333caba8..b1703bbe83 100644 --- a/pkg/katautils/config.go +++ b/pkg/katautils/config.go @@ -677,6 +677,10 @@ func checkConfig(config oci.RuntimeConfig) error { return err } + if err := checkFactoryConfig(config); err != nil { + return err + } + return nil } @@ -710,6 +714,15 @@ func checkNetNsConfig(config oci.RuntimeConfig) error { return nil } +// checkFactoryConfig ensures the VM factory configuration is valid. +func checkFactoryConfig(config oci.RuntimeConfig) error { + if config.FactoryConfig.Template && config.HypervisorConfig.InitrdPath == "" { + return errors.New("Factory option enable_template requires an initrd image") + } + + return nil +} + // checkHypervisorConfig performs basic "sanity checks" on the hypervisor // config. func checkHypervisorConfig(config vc.HypervisorConfig) error { diff --git a/pkg/katautils/config_test.go b/pkg/katautils/config_test.go index 045b526e45..2192509e99 100644 --- a/pkg/katautils/config_test.go +++ b/pkg/katautils/config_test.go @@ -1497,3 +1497,44 @@ func TestCheckNetNsConfig(t *testing.T) { err = checkNetNsConfig(config) assert.Error(err) } + +func TestCheckFactoryConfig(t *testing.T) { + assert := assert.New(t) + + type testData struct { + factoryEnabled bool + imagePath string + initrdPath string + expectError bool + } + + data := []testData{ + {false, "", "", false}, + {false, "image", "", false}, + {false, "", "initrd", false}, + + {true, "", "initrd", false}, + {true, "image", "", true}, + } + + for i, d := range data { + config := oci.RuntimeConfig{ + HypervisorConfig: vc.HypervisorConfig{ + ImagePath: d.imagePath, + InitrdPath: d.initrdPath, + }, + + FactoryConfig: oci.FactoryConfig{ + Template: d.factoryEnabled, + }, + } + + err := checkFactoryConfig(config) + + if d.expectError { + assert.Error(err, "test %d (%+v)", i, d) + } else { + assert.NoError(err, "test %d (%+v)", i, d) + } + } +}