github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-08-22 01:43:04 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #3945 from stevenhorsman/update-logging-doc

Browse Source 
docs: Update to reflect logging changes
This commit is contained in:
Christophe de Dinechin 2022-03-30 11:50:51 +02:00 committed by GitHub
commit fd20824a00
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 16 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
docs/how-to/ccv0.sh
View File

@ -106,7 +106,6 @@ Commands:
- kubernetes_create_ssh_demo_pod: Create a Kata CC runtime pod based on the ssh demo - kubernetes_create_ssh_demo_pod: Create a Kata CC runtime pod based on the ssh demo
- kubernetes_delete_cc_pod: Delete the Kata CC runtime busybox-based pod in Kubernetes - kubernetes_delete_cc_pod: Delete the Kata CC runtime busybox-based pod in Kubernetes
- kubernetes_delete_ssh_demo_pod: Delete the Kata CC runtime pod based on the ssh demo - kubernetes_delete_ssh_demo_pod: Delete the Kata CC runtime pod based on the ssh demo
- open_kata_console: Stream the kata runtime's console
- open_kata_shell: Open a shell into the kata runtime - open_kata_shell: Open a shell into the kata runtime
- rebuild_and_install_kata: Rebuild the kata runtime and agent and build and install the image - rebuild_and_install_kata: Rebuild the kata runtime and agent and build and install the image
- shim_pull_image: Run PullImage command against the shim with ctr - shim_pull_image: Run PullImage command against the shim with ctr
@ -146,7 +145,7 @@ rebuild_and_install_kata() {
# Based on the jenkins_job_build.sh script in kata-containers/tests/.ci - checks out source code and installs dependencies # Based on the jenkins_job_build.sh script in kata-containers/tests/.ci - checks out source code and installs dependencies
initialize() { initialize() {
# We need git to checkout and bootstrap the ci scripts and some other packages used in testing # We need git to checkout and bootstrap the ci scripts and some other packages used in testing
sudo apt-get update && sudo apt-get install -y curl git socat qemu-utils sudo apt-get update && sudo apt-get install -y curl git qemu-utils
grep -qxF "export GOPATH=\${HOME}/go" "${PROFILE}" || echo "export GOPATH=\${HOME}/go" >> "${PROFILE}" grep -qxF "export GOPATH=\${HOME}/go" "${PROFILE}" || echo "export GOPATH=\${HOME}/go" >> "${PROFILE}"
grep -qxF "export GOROOT=/usr/local/go" "${PROFILE}" || echo "export GOROOT=/usr/local/go" >> "${PROFILE}" grep -qxF "export GOROOT=/usr/local/go" "${PROFILE}" || echo "export GOROOT=/usr/local/go" >> "${PROFILE}"
@ -208,8 +207,9 @@ build_and_install_kata_runtime() {
} }
configure() { configure() {
debug_function configure_kata_to_use_rootfs configure_kata_to_use_rootfs
debug_function enable_full_debug enable_full_debug
enable_agent_console
# Switch image offload to true in kata config # Switch image offload to true in kata config
switch_image_service_offload "on" switch_image_service_offload "on"
@ -470,11 +470,6 @@ get_ids() {
sandbox_id=$(ps -ef | grep qemu | egrep -o "sandbox-[^,][^,]*" | sed 's/sandbox-//g' | awk '{print $1}') sandbox_id=$(ps -ef | grep qemu | egrep -o "sandbox-[^,][^,]*" | sed 's/sandbox-//g' | awk '{print $1}')
} }
open_kata_console() {
get_ids
sudo -E sandbox_id=${sandbox_id} su -c 'cd /var/run/vc/vm/${sandbox_id} && socat "stdin,raw,echo=0,escape=0x11" "unix-connect:console.sock"'
}
open_kata_shell() { open_kata_shell() {
get_ids get_ids
sudo -E "PATH=$PATH" kata-runtime exec ${sandbox_id} sudo -E "PATH=$PATH" kata-runtime exec ${sandbox_id}

22
docs/how-to/how-to-build-and-test-ccv0.md
View File

@ -216,10 +216,6 @@ Once you have a kata pod sandbox created as described above, either using
containers architecture. This can be useful for development and debugging to isolate and test features containers architecture. This can be useful for development and debugging to isolate and test features
that aren't broadly supported end-to-end. Here are some examples: that aren't broadly supported end-to-end. Here are some examples:
- For debugging purposed you can optionally create a new terminal on the VM and connect to the Kata guest's console log:
```bash
$ ~/ccv0.sh open_kata_console
```
- In the first terminal run the pull image on guest command against the Kata agent, via the shim (`containerd-shim-kata-v2`). - In the first terminal run the pull image on guest command against the Kata agent, via the shim (`containerd-shim-kata-v2`).
This can be achieved using the [containerd](https://github.com/containerd/containerd) CLI tool, `ctr`, which can be used to This can be achieved using the [containerd](https://github.com/containerd/containerd) CLI tool, `ctr`, which can be used to
interact with the shim directly. The command takes the form interact with the shim directly. The command takes the form
@ -340,10 +336,14 @@ image by running:
$ export PULL_IMAGE="quay.io/kata-containers/confidential-containers:unsigned" $ export PULL_IMAGE="quay.io/kata-containers/confidential-containers:unsigned"
$ ~/ccv0.sh agent_pull_image $ ~/ccv0.sh agent_pull_image
``` ```
- This results in an `ERROR: API failed` message from `agent_ctl` and the Kata sandbox console log shows the correct - This results in an `ERROR: API failed` message from `agent_ctl` and the Kata log shows the correct
cause that the signature we has was not valid for the unsigned image: cause that the signature we has was not valid for the unsigned image:
```bash
$ sudo journalctl -xe -t kata --since "1 min ago" | grep "Source image rejected"
```
contains:
```text ```text
FATA[0001] Source image rejected: Signature for identity quay.io/kata-containers/confidential-containers:signed is not accepted vmconsole="\x1b[31mFATA\x1b[0m[0002] Source image rejected: Signature for identity quay.io/kata-containers/confidential-containers:signed is not accepted "
``` ```
- To test that the signed image our *protected* test container registry is accepted we can run: - To test that the signed image our *protected* test container registry is accepted we can run:
```bash ```bash
@ -359,11 +359,14 @@ want to protect with the attestation agent in future) fails we can run:
$ export PULL_IMAGE="quay.io/kata-containers/confidential-containers:other_signed" $ export PULL_IMAGE="quay.io/kata-containers/confidential-containers:other_signed"
$ ~/ccv0.sh agent_pull_image $ ~/ccv0.sh agent_pull_image
``` ```
- Again this results in an `ERROR: API failed` message from `agent_ctl` and the Kata sandbox console log shows a - Again this results in an `ERROR: API failed` message from `agent_ctl` and the Kata log shows a
slightly different error: slightly different error:
```bash
$ sudo journalctl -xe -t kata --since "1 min ago" | grep "Source image rejected"
```
contains:
```text ```text
FATA[0001] Source image rejected: Invalid GPG signature... vmconsole="\x1b[31mFATA\x1b[0m[0002] Source image rejected: Signature for identity quay.io/kata-containers/confidential-containers:signed is not accepted "
``` ```
- To confirm that the first and third tests create the image bundles correct we can open a shell into the Kata pod with: - To confirm that the first and third tests create the image bundles correct we can open a shell into the Kata pod with:
```bash ```bash
@ -497,7 +500,6 @@ Commands:
- crictl_delete_cc Use crictl to delete the kata cc pod sandbox and container in it - crictl_delete_cc Use crictl to delete the kata cc pod sandbox and container in it
- kubernetes_create_cc_pod: Create a Kata CC runtime busybox-based pod in Kubernetes - kubernetes_create_cc_pod: Create a Kata CC runtime busybox-based pod in Kubernetes
- kubernetes_delete_cc_pod: Delete the Kata CC runtime busybox-based pod in Kubernetes - kubernetes_delete_cc_pod: Delete the Kata CC runtime busybox-based pod in Kubernetes
- open_kata_console: Stream the kata runtime's console
- open_kata_shell: Open a shell into the kata runtime - open_kata_shell: Open a shell into the kata runtime
- agent_pull_image: Run PullImage command against the agent with agent-ctl - agent_pull_image: Run PullImage command against the agent with agent-ctl
- shim_pull_image: Run PullImage command against the shim with ctr - shim_pull_image: Run PullImage command against the shim with ctr