From 3f7cf7ae670ee542c56e8ec1eaa8f4dfaee97455 Mon Sep 17 00:00:00 2001 From: bin Date: Mon, 13 Dec 2021 16:10:55 +0800 Subject: [PATCH 01/11] osbuilder: show usage if no options/arguments specified Now if no options/arguments specified, the shell scripts will return an error: ERROR: Invalid rootfs directory: '' This commit will show usage if no options/arguments specified. Fixes: #3256 Signed-off-by: bin --- tools/osbuilder/image-builder/image_builder.sh | 1 + tools/osbuilder/rootfs-builder/rootfs.sh | 4 +++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/tools/osbuilder/image-builder/image_builder.sh b/tools/osbuilder/image-builder/image_builder.sh index bb0f11429..5d01b0a2d 100755 --- a/tools/osbuilder/image-builder/image_builder.sh +++ b/tools/osbuilder/image-builder/image_builder.sh @@ -474,6 +474,7 @@ set_dax_header() { main() { [ "$(id -u)" -eq 0 ] || die "$0: must be run as root" + [ "$#" -eq 0 ] && usage && return 0 # variables that can be overwritten by environment variables local agent_bin="${AGENT_BIN:-kata-agent}" diff --git a/tools/osbuilder/rootfs-builder/rootfs.sh b/tools/osbuilder/rootfs-builder/rootfs.sh index 1697e0a82..f63e8aee6 100755 --- a/tools/osbuilder/rootfs-builder/rootfs.sh +++ b/tools/osbuilder/rootfs-builder/rootfs.sh @@ -441,7 +441,7 @@ build_rootfs_distro() fi } -# Used to create a minimal directory tree where the agent can be instaleld. +# Used to create a minimal directory tree where the agent can be installed. # This is used when a distro is not specified. prepare_overlay() { @@ -624,6 +624,8 @@ EOT parse_arguments() { + [ "$#" -eq 0 ] && usage && return 0 + while getopts a:hlo:r:t: opt do case $opt in From 8457150684a8bf5920da8de62c6fd9f1035334ce Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Mon, 13 Dec 2021 11:20:22 +0100 Subject: [PATCH 02/11] kata-deploy: Deal with empty containerd conf file MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit As containerd can properly run without having a existent `/etc/containerd/config.toml` file (it'd run using the default cobnfiguration), let's explicitly create the file in those cases. This will avoid issues on ammending runtime classes to a non-existent file. Fixes: #3229 Signed-off-by: Fabiano Fidêncio Tested-by: Jakob Naucke --- tools/packaging/kata-deploy/scripts/kata-deploy.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tools/packaging/kata-deploy/scripts/kata-deploy.sh b/tools/packaging/kata-deploy/scripts/kata-deploy.sh index abdfc6777..0d0afcece 100755 --- a/tools/packaging/kata-deploy/scripts/kata-deploy.sh +++ b/tools/packaging/kata-deploy/scripts/kata-deploy.sh @@ -266,6 +266,11 @@ function main() { containerd_conf_file="${containerd_conf_tmpl_file}" containerd_conf_file_backup="${containerd_conf_file}.bak" + else + # runtime == containerd + if [ ! -f "$containerd_conf_file" ]; then + containerd config default > "$containerd_conf_file" + fi fi action=${1:-} From bbfb10e16998f3ff3273083cf60875a7e9ce6fa2 Mon Sep 17 00:00:00 2001 From: Bo Chen Date: Mon, 13 Dec 2021 09:56:03 -0800 Subject: [PATCH 03/11] versions: Upgrade to Cloud Hypervisor v20.1 This is a bug release from Cloud Hypervisor addressing the following issues: 1) Networking performance regression with virtio-net; 2) Limit file descriptors sent in vfio-user support; 3) Fully advertise PCI MMIO config regions in ACPI tables; 4) Set the TSS and KVM identity maps so they don't overlap with firmware RAM; 5) Correctly update the DeviceTree on restore. Details can be found: https://github.com/cloud-hypervisor/cloud-hypervisor/releases/tag/v20.1 Fixes: #3262 Signed-off-by: Bo Chen --- versions.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions.yaml b/versions.yaml index e1bc5f3c5..69b1d0d0d 100644 --- a/versions.yaml +++ b/versions.yaml @@ -75,7 +75,7 @@ assets: url: "https://github.com/cloud-hypervisor/cloud-hypervisor" uscan-url: >- https://github.com/cloud-hypervisor/cloud-hypervisor/tags.*/v?(\d\S+)\.tar\.gz - version: "v20.0" + version: "v20.1" firecracker: description: "Firecracker micro-VMM" From 1a34fbcdbdfde7faf6d76aa4832b91e49f8392a2 Mon Sep 17 00:00:00 2001 From: stevenhorsman Date: Mon, 13 Dec 2021 16:48:51 +0000 Subject: [PATCH 04/11] agent: Add config file option to cli - Add option to pass in config with -c/--config Fixes: #3252 Signed-off-by: stevenhorsman --- src/agent/src/config.rs | 49 +++++++++++++++++++++++++++++++++++++++-- src/agent/src/main.rs | 2 +- 2 files changed, 48 insertions(+), 3 deletions(-) diff --git a/src/agent/src/config.rs b/src/agent/src/config.rs index bec90d401..759b696c4 100644 --- a/src/agent/src/config.rs +++ b/src/agent/src/config.rs @@ -194,7 +194,17 @@ impl FromStr for AgentConfig { impl AgentConfig { #[instrument] - pub fn from_cmdline(file: &str) -> Result { + pub fn from_cmdline(file: &str, args: Vec) -> Result { + // If config file specified in the args, generate our config from it + let config_position = args.iter().position(|a| a == "--config" || a == "-c"); + if let Some(config_position) = config_position { + if let Some(config_file) = args.get(config_position + 1) { + return AgentConfig::from_config_file(config_file); + } else { + panic!("The config argument wasn't formed properly: {:?}", args); + } + } + let mut config: AgentConfig = Default::default(); let cmdline = fs::read_to_string(file)?; let params: Vec<&str> = cmdline.split_ascii_whitespace().collect(); @@ -896,7 +906,8 @@ mod tests { vars_to_unset.push(name); } - let config = AgentConfig::from_cmdline(filename).expect("Failed to parse command line"); + let config = + AgentConfig::from_cmdline(filename, vec![]).expect("Failed to parse command line"); assert_eq!(d.debug_console, config.debug_console, "{}", msg); assert_eq!(d.dev_mode, config.dev_mode, "{}", msg); @@ -917,6 +928,40 @@ mod tests { } } + #[test] + fn test_from_cmdline_with_args_overwrites() { + let expected = AgentConfig { + dev_mode: true, + server_addr: "unix://@/tmp/foo.socket".to_string(), + ..Default::default() + }; + + let example_config_file_contents = + "dev_mode = true\nserver_addr = 'unix://@/tmp/foo.socket'"; + let dir = tempdir().expect("failed to create tmpdir"); + let file_path = dir.path().join("config.toml"); + let filename = file_path.to_str().expect("failed to create filename"); + let mut file = File::create(filename).unwrap_or_else(|_| panic!("failed to create file")); + file.write_all(example_config_file_contents.as_bytes()) + .unwrap_or_else(|_| panic!("failed to write file contents")); + + let config = + AgentConfig::from_cmdline("", vec!["--config".to_string(), filename.to_string()]) + .expect("Failed to parse command line"); + + assert_eq!(expected.debug_console, config.debug_console); + assert_eq!(expected.dev_mode, config.dev_mode); + assert_eq!( + expected.unified_cgroup_hierarchy, + config.unified_cgroup_hierarchy, + ); + assert_eq!(expected.log_level, config.log_level); + assert_eq!(expected.hotplug_timeout, config.hotplug_timeout); + assert_eq!(expected.container_pipe_size, config.container_pipe_size); + assert_eq!(expected.server_addr, config.server_addr); + assert_eq!(expected.tracing, config.tracing); + } + #[test] fn test_logrus_to_slog_level() { #[derive(Debug)] diff --git a/src/agent/src/main.rs b/src/agent/src/main.rs index d1745fb01..aa7d823ef 100644 --- a/src/agent/src/main.rs +++ b/src/agent/src/main.rs @@ -80,7 +80,7 @@ const NAME: &str = "kata-agent"; lazy_static! { static ref AGENT_CONFIG: Arc> = Arc::new(RwLock::new( - AgentConfig::from_cmdline("/proc/cmdline").unwrap() + AgentConfig::from_cmdline("/proc/cmdline", env::args().collect()).unwrap() )); } From 7c4263b3e1313ef38cc2149a9f621b446ac1753a Mon Sep 17 00:00:00 2001 From: Peng Tao Date: Thu, 9 Dec 2021 17:28:35 +0800 Subject: [PATCH 05/11] src: reorg source directories MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit To make the code directory structure more clear: └── src ├── agent ├── libs │ └── logging ├── runtime ├── runtime-rs (to be added) └── tools ├── agent-ctl └── trace-forwarder Fixes: #3204 Signed-off-by: Peng Tao --- Makefile | 4 +- README.md | 4 +- docs/design/proposals/tracing-proposals.md | 2 +- docs/tracing.md | 3 +- src/agent/Cargo.toml | 2 +- src/agent/Makefile | 2 +- src/agent/README.md | 4 +- src/libs/logging/Cargo.lock | 319 ++++++++++++++++++ {pkg => src/libs}/logging/Cargo.toml | 0 {pkg => src/libs}/logging/Makefile | 0 {pkg => src/libs}/logging/src/lib.rs | 0 src/tools/agent-ctl/.gitignore | 1 + {tools => src/tools}/agent-ctl/Cargo.lock | 116 ++++--- {tools => src/tools}/agent-ctl/Cargo.toml | 8 +- {tools => src/tools}/agent-ctl/Makefile | 4 +- {tools => src/tools}/agent-ctl/README.md | 4 +- {tools => src/tools}/agent-ctl/src/client.rs | 0 {tools => src/tools}/agent-ctl/src/main.rs | 0 {tools => src/tools}/agent-ctl/src/rpc.rs | 0 {tools => src/tools}/agent-ctl/src/types.rs | 0 {tools => src/tools}/agent-ctl/src/utils.rs | 0 src/tools/trace-forwarder/.gitignore | 1 + src/{ => tools}/trace-forwarder/Cargo.lock | 0 src/{ => tools}/trace-forwarder/Cargo.toml | 2 +- src/{ => tools}/trace-forwarder/Makefile | 4 +- src/{ => tools}/trace-forwarder/README.md | 2 +- .../trace-forwarder/src/handler.rs | 0 src/{ => tools}/trace-forwarder/src/main.rs | 0 src/{ => tools}/trace-forwarder/src/server.rs | 0 src/{ => tools}/trace-forwarder/src/tracer.rs | 0 src/{ => tools}/trace-forwarder/src/utils.rs | 0 utils.mk | 2 +- 32 files changed, 420 insertions(+), 64 deletions(-) create mode 100644 src/libs/logging/Cargo.lock rename {pkg => src/libs}/logging/Cargo.toml (100%) rename {pkg => src/libs}/logging/Makefile (100%) rename {pkg => src/libs}/logging/src/lib.rs (100%) create mode 100644 src/tools/agent-ctl/.gitignore rename {tools => src/tools}/agent-ctl/Cargo.lock (94%) rename {tools => src/tools}/agent-ctl/Cargo.toml (79%) rename {tools => src/tools}/agent-ctl/Makefile (88%) rename {tools => src/tools}/agent-ctl/README.md (96%) rename {tools => src/tools}/agent-ctl/src/client.rs (100%) rename {tools => src/tools}/agent-ctl/src/main.rs (100%) rename {tools => src/tools}/agent-ctl/src/rpc.rs (100%) rename {tools => src/tools}/agent-ctl/src/types.rs (100%) rename {tools => src/tools}/agent-ctl/src/utils.rs (100%) create mode 100644 src/tools/trace-forwarder/.gitignore rename src/{ => tools}/trace-forwarder/Cargo.lock (100%) rename src/{ => tools}/trace-forwarder/Cargo.toml (95%) rename src/{ => tools}/trace-forwarder/Makefile (87%) rename src/{ => tools}/trace-forwarder/README.md (99%) rename src/{ => tools}/trace-forwarder/src/handler.rs (100%) rename src/{ => tools}/trace-forwarder/src/main.rs (100%) rename src/{ => tools}/trace-forwarder/src/server.rs (100%) rename src/{ => tools}/trace-forwarder/src/tracer.rs (100%) rename src/{ => tools}/trace-forwarder/src/utils.rs (100%) diff --git a/Makefile b/Makefile index 8afdee2f7..5e3695dd7 100644 --- a/Makefile +++ b/Makefile @@ -8,12 +8,12 @@ COMPONENTS = COMPONENTS += agent COMPONENTS += runtime -COMPONENTS += trace-forwarder # List of available tools TOOLS = TOOLS += agent-ctl +TOOLS += trace-forwarder STANDARD_TARGETS = build check clean install test vendor @@ -22,7 +22,7 @@ default: all all: logging-crate-tests build logging-crate-tests: - make -C pkg/logging + make -C src/libs/logging include utils.mk include ./tools/packaging/kata-deploy/local-build/Makefile diff --git a/README.md b/README.md index 7f5746260..e93c5f740 100644 --- a/README.md +++ b/README.md @@ -70,8 +70,8 @@ The table below lists the remaining parts of the project: | [packaging](tools/packaging) | infrastructure | Scripts and metadata for producing packaged binaries
(components, hypervisors, kernel and rootfs). | | [kernel](https://www.kernel.org) | kernel | Linux kernel used by the hypervisor to boot the guest image. Patches are stored [here](tools/packaging/kernel). | | [osbuilder](tools/osbuilder) | infrastructure | Tool to create "mini O/S" rootfs and initrd images and kernel for the hypervisor. | -| [`agent-ctl`](tools/agent-ctl) | utility | Tool that provides low-level access for testing the agent. | -| [`trace-forwarder`](src/trace-forwarder) | utility | Agent tracing helper. | +| [`agent-ctl`](src/tools/agent-ctl) | utility | Tool that provides low-level access for testing the agent. | +| [`trace-forwarder`](src/tools/trace-forwarder) | utility | Agent tracing helper. | | [`ci`](https://github.com/kata-containers/ci) | CI | Continuous Integration configuration files and scripts. | | [`katacontainers.io`](https://github.com/kata-containers/www.katacontainers.io) | Source for the [`katacontainers.io`](https://www.katacontainers.io) site. | diff --git a/docs/design/proposals/tracing-proposals.md b/docs/design/proposals/tracing-proposals.md index 0853ffa21..78acee816 100644 --- a/docs/design/proposals/tracing-proposals.md +++ b/docs/design/proposals/tracing-proposals.md @@ -209,5 +209,5 @@ network accessible to the collector. - The trace collection proposals are still being considered. [kata-1x-tracing]: https://github.com/kata-containers/agent/blob/master/TRACING.md -[trace-forwarder]: /src/trace-forwarder +[trace-forwarder]: /src/tools/trace-forwarder [tracing-doc-pr]: https://github.com/kata-containers/kata-containers/pull/1937 diff --git a/docs/tracing.md b/docs/tracing.md index 184bedfb4..5ddbf0fcb 100644 --- a/docs/tracing.md +++ b/docs/tracing.md @@ -203,12 +203,11 @@ is highly recommended. For working with the agent, you may also wish to [enable a debug console][setup-debug-console] to allow you to access the VM environment. -[agent-ctl]: https://github.com/kata-containers/kata-containers/blob/main/tools/agent-ctl [enable-full-debug]: https://github.com/kata-containers/kata-containers/blob/main/docs/Developer-Guide.md#enable-full-debug [jaeger-all-in-one]: https://www.jaegertracing.io/docs/getting-started/ [jaeger-tracing]: https://www.jaegertracing.io [opentelemetry]: https://opentelemetry.io [osbuilder]: https://github.com/kata-containers/kata-containers/blob/main/tools/osbuilder [setup-debug-console]: https://github.com/kata-containers/kata-containers/blob/main/docs/Developer-Guide.md#set-up-a-debug-console -[trace-forwarder]: https://github.com/kata-containers/kata-containers/blob/main/src/trace-forwarder +[trace-forwarder]: /src/tools/trace-forwarder [vsock]: https://wiki.qemu.org/Features/VirtioVsock diff --git a/src/agent/Cargo.toml b/src/agent/Cargo.toml index d0492012e..9957945f2 100644 --- a/src/agent/Cargo.toml +++ b/src/agent/Cargo.toml @@ -37,7 +37,7 @@ ipnetwork = "0.17.0" # Note: this crate sets the slog 'max_*' features which allows the log level # to be modified at runtime. -logging = { path = "../../pkg/logging" } +logging = { path = "../libs/logging" } slog = "2.5.2" slog-scope = "4.1.2" diff --git a/src/agent/Makefile b/src/agent/Makefile index bd647d448..d6e7047bc 100644 --- a/src/agent/Makefile +++ b/src/agent/Makefile @@ -104,7 +104,7 @@ default: $(TARGET) show-header $(TARGET): $(GENERATED_CODE) logging-crate-tests $(TARGET_PATH) logging-crate-tests: - make -C $(CWD)/../../pkg/logging + make -C $(CWD)/../libs/logging $(TARGET_PATH): $(SOURCES) | show-summary @RUSTFLAGS="$(EXTRA_RUSTFLAGS) --deny warnings" cargo build --target $(TRIPLE) --$(BUILD_TYPE) $(EXTRA_RUSTFEATURES) diff --git a/src/agent/README.md b/src/agent/README.md index 8f839370d..98ec59bbd 100644 --- a/src/agent/README.md +++ b/src/agent/README.md @@ -97,7 +97,7 @@ these custom assets to allow you to test your changes. ## Tracing For details of tracing the operation of the agent, see the -[tracing documentation](../../docs/tracing.md). +[tracing documentation](/docs/tracing.md). ## Run the agent stand alone @@ -108,4 +108,4 @@ When run in this way, the agent can be controlled using the low-level Kata agent control tool, rather than the Kata runtime. For further details, see the -[agent control tool documentation](../../tools/agent-ctl/README.md#run-the-tool-and-the-agent-in-the-same-environment). +[agent control tool documentation](../tools/agent-ctl/README.md#run-the-tool-and-the-agent-in-the-same-environment). diff --git a/src/libs/logging/Cargo.lock b/src/libs/logging/Cargo.lock new file mode 100644 index 000000000..4c7d67794 --- /dev/null +++ b/src/libs/logging/Cargo.lock @@ -0,0 +1,319 @@ +# This file is automatically @generated by Cargo. +# It is not intended for manual editing. +[[package]] +name = "arc-swap" +version = "1.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c5d78ce20460b82d3fa150275ed9d55e21064fc7951177baacf86a145c4a4b1f" + +[[package]] +name = "autocfg" +version = "1.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cdb031dd78e28731d87d56cc8ffef4a8f36ca26c38fe2de700543e627f8a464a" + +[[package]] +name = "bitflags" +version = "1.3.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a" + +[[package]] +name = "cfg-if" +version = "1.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" + +[[package]] +name = "chrono" +version = "0.4.19" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "670ad68c9088c2a963aaa298cb369688cf3f9465ce5e2d4ca10e6e0098a1ce73" +dependencies = [ + "libc", + "num-integer", + "num-traits", + "time", + "winapi", +] + +[[package]] +name = "crossbeam-channel" +version = "0.5.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "06ed27e177f16d65f0f0c22a213e17c696ace5dd64b14258b52f9417ccb52db4" +dependencies = [ + "cfg-if", + "crossbeam-utils", +] + +[[package]] +name = "crossbeam-utils" +version = "0.8.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d82cfc11ce7f2c3faef78d8a684447b40d503d9681acebed6cb728d45940c4db" +dependencies = [ + "cfg-if", + "lazy_static", +] + +[[package]] +name = "getrandom" +version = "0.2.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7fcd999463524c52659517fe2cea98493cfe485d10565e7b0fb07dbba7ad2753" +dependencies = [ + "cfg-if", + "libc", + "wasi", +] + +[[package]] +name = "itoa" +version = "0.4.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b71991ff56294aa922b450139ee08b3bfc70982c6b2c7562771375cf73542dd4" + +[[package]] +name = "lazy_static" +version = "1.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" + +[[package]] +name = "libc" +version = "0.2.109" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f98a04dce437184842841303488f70d0188c5f51437d2a834dc097eafa909a01" + +[[package]] +name = "logging" +version = "0.1.0" +dependencies = [ + "serde_json", + "slog", + "slog-async", + "slog-json", + "slog-scope", + "tempfile", +] + +[[package]] +name = "num-integer" +version = "0.1.44" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d2cc698a63b549a70bc047073d2949cce27cd1c7b0a4a862d08a8031bc2801db" +dependencies = [ + "autocfg", + "num-traits", +] + +[[package]] +name = "num-traits" +version = "0.2.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9a64b1ec5cda2586e284722486d802acf1f7dbdc623e2bfc57e65ca1cd099290" +dependencies = [ + "autocfg", +] + +[[package]] +name = "once_cell" +version = "1.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "692fcb63b64b1758029e0a96ee63e049ce8c5948587f2f7208df04625e5f6b56" + +[[package]] +name = "ppv-lite86" +version = "0.2.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ed0cfbc8191465bed66e1718596ee0b0b35d5ee1f41c5df2189d0fe8bde535ba" + +[[package]] +name = "rand" +version = "0.8.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2e7573632e6454cf6b99d7aac4ccca54be06da05aca2ef7423d22d27d4d4bcd8" +dependencies = [ + "libc", + "rand_chacha", + "rand_core", + "rand_hc", +] + +[[package]] +name = "rand_chacha" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88" +dependencies = [ + "ppv-lite86", + "rand_core", +] + +[[package]] +name = "rand_core" +version = "0.6.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d34f1408f55294453790c48b2f1ebbb1c5b4b7563eb1f418bcfcfdbb06ebb4e7" +dependencies = [ + "getrandom", +] + +[[package]] +name = "rand_hc" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d51e9f596de227fda2ea6c84607f5558e196eeaf43c986b724ba4fb8fdf497e7" +dependencies = [ + "rand_core", +] + +[[package]] +name = "redox_syscall" +version = "0.2.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8383f39639269cde97d255a32bdb68c047337295414940c68bdd30c2e13203ff" +dependencies = [ + "bitflags", +] + +[[package]] +name = "remove_dir_all" +version = "0.5.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3acd125665422973a33ac9d3dd2df85edad0f4ae9b00dafb1a05e43a9f5ef8e7" +dependencies = [ + "winapi", +] + +[[package]] +name = "ryu" +version = "1.0.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3c9613b5a66ab9ba26415184cfc41156594925a9cf3a2057e57f31ff145f6568" + +[[package]] +name = "serde" +version = "1.0.131" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b4ad69dfbd3e45369132cc64e6748c2d65cdfb001a2b1c232d128b4ad60561c1" + +[[package]] +name = "serde_json" +version = "1.0.72" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d0ffa0837f2dfa6fb90868c2b5468cad482e175f7dad97e7421951e663f2b527" +dependencies = [ + "itoa", + "ryu", + "serde", +] + +[[package]] +name = "slog" +version = "2.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8347046d4ebd943127157b94d63abb990fcf729dc4e9978927fdf4ac3c998d06" + +[[package]] +name = "slog-async" +version = "2.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "766c59b252e62a34651412870ff55d8c4e6d04df19b43eecb2703e417b097ffe" +dependencies = [ + "crossbeam-channel", + "slog", + "take_mut", + "thread_local", +] + +[[package]] +name = "slog-json" +version = "2.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "52e9b96fb6b5e80e371423b4aca6656eb537661ce8f82c2697e619f8ca85d043" +dependencies = [ + "chrono", + "serde", + "serde_json", + "slog", +] + +[[package]] +name = "slog-scope" +version = "4.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2f95a4b4c3274cd2869549da82b57ccc930859bdbf5bcea0424bc5f140b3c786" +dependencies = [ + "arc-swap", + "lazy_static", + "slog", +] + +[[package]] +name = "take_mut" +version = "0.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f764005d11ee5f36500a149ace24e00e3da98b0158b3e2d53a7495660d3f4d60" + +[[package]] +name = "tempfile" +version = "3.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dac1c663cfc93810f88aed9b8941d48cabf856a1b111c29a40439018d870eb22" +dependencies = [ + "cfg-if", + "libc", + "rand", + "redox_syscall", + "remove_dir_all", + "winapi", +] + +[[package]] +name = "thread_local" +version = "1.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8018d24e04c95ac8790716a5987d0fec4f8b27249ffa0f7d33f1369bdfb88cbd" +dependencies = [ + "once_cell", +] + +[[package]] +name = "time" +version = "0.1.43" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ca8a50ef2360fbd1eeb0ecd46795a87a19024eb4b53c5dc916ca1fd95fe62438" +dependencies = [ + "libc", + "winapi", +] + +[[package]] +name = "wasi" +version = "0.10.2+wasi-snapshot-preview1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fd6fbd9a79829dd1ad0cc20627bf1ed606756a7f77edff7b66b7064f9cb327c6" + +[[package]] +name = "winapi" +version = "0.3.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419" +dependencies = [ + "winapi-i686-pc-windows-gnu", + "winapi-x86_64-pc-windows-gnu", +] + +[[package]] +name = "winapi-i686-pc-windows-gnu" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6" + +[[package]] +name = "winapi-x86_64-pc-windows-gnu" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" diff --git a/pkg/logging/Cargo.toml b/src/libs/logging/Cargo.toml similarity index 100% rename from pkg/logging/Cargo.toml rename to src/libs/logging/Cargo.toml diff --git a/pkg/logging/Makefile b/src/libs/logging/Makefile similarity index 100% rename from pkg/logging/Makefile rename to src/libs/logging/Makefile diff --git a/pkg/logging/src/lib.rs b/src/libs/logging/src/lib.rs similarity index 100% rename from pkg/logging/src/lib.rs rename to src/libs/logging/src/lib.rs diff --git a/src/tools/agent-ctl/.gitignore b/src/tools/agent-ctl/.gitignore new file mode 100644 index 000000000..57872d0f1 --- /dev/null +++ b/src/tools/agent-ctl/.gitignore @@ -0,0 +1 @@ +/vendor/ diff --git a/tools/agent-ctl/Cargo.lock b/src/tools/agent-ctl/Cargo.lock similarity index 94% rename from tools/agent-ctl/Cargo.lock rename to src/tools/agent-ctl/Cargo.lock index 0872669aa..1c39cd18b 100644 --- a/tools/agent-ctl/Cargo.lock +++ b/src/tools/agent-ctl/Cargo.lock @@ -83,7 +83,7 @@ checksum = "321629d8ba6513061f26707241fa9bc89524ff1cd7a915a97ef0c62c666ce1b6" dependencies = [ "addr2line", "cc", - "cfg-if", + "cfg-if 1.0.0", "libc", "miniz_oxide", "object", @@ -92,9 +92,9 @@ dependencies = [ [[package]] name = "bitflags" -version = "1.2.1" +version = "1.3.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cf1de2fe8c75bc145a2f577add951f8134889b4795d47466a54a5c846d691693" +checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a" [[package]] name = "byteorder" @@ -145,6 +145,12 @@ version = "1.0.72" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "22a9137b95ea06864e018375b72adfb7db6e6f68cfc8df5a04d00288050485ee" +[[package]] +name = "cfg-if" +version = "0.1.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4785bdd1c96b2a846b2bd7cc02e86b6b3dbf14e7e53446c4f54c92a361040822" + [[package]] name = "cfg-if" version = "1.0.0" @@ -153,13 +159,13 @@ checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" [[package]] name = "cgroups-rs" -version = "0.2.7" +version = "0.2.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "31dc7b58f8b80f0e02202df9fe45fd7432572d8868bab0abcb888656833aeaba" +checksum = "5c5c9f6e5c72958dc962baa5f8bb37fb611017854b0d774b8adab4d7416ab445" dependencies = [ "libc", "log", - "nix 0.20.2", + "nix 0.20.0", "regex", ] @@ -197,7 +203,7 @@ version = "0.5.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "06ed27e177f16d65f0f0c22a213e17c696ace5dd64b14258b52f9417ccb52db4" dependencies = [ - "cfg-if", + "cfg-if 1.0.0", "crossbeam-utils", ] @@ -207,7 +213,7 @@ version = "0.8.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d82cfc11ce7f2c3faef78d8a684447b40d503d9681acebed6cb728d45940c4db" dependencies = [ - "cfg-if", + "cfg-if 1.0.0", "lazy_static", ] @@ -359,7 +365,7 @@ version = "0.1.16" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8fc3cb4d91f53b50155bdcfd23f6a4c39ae1969c2ae85982b135750cccaf5fce" dependencies = [ - "cfg-if", + "cfg-if 1.0.0", "libc", "wasi 0.9.0+wasi-snapshot-preview1", ] @@ -370,7 +376,7 @@ version = "0.2.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7fcd999463524c52659517fe2cea98493cfe485d10565e7b0fb07dbba7ad2753" dependencies = [ - "cfg-if", + "cfg-if 1.0.0", "libc", "wasi 0.10.2+wasi-snapshot-preview1", ] @@ -469,7 +475,7 @@ dependencies = [ "lazy_static", "libc", "logging", - "nix 0.21.2", + "nix 0.21.0", "oci", "protobuf", "protocols", @@ -500,7 +506,7 @@ version = "0.4.14" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "51b9bbe6c47d51fc3e1a9b945965946b4c44142ab8792c50835a980d362c2710" dependencies = [ - "cfg-if", + "cfg-if 1.0.0", ] [[package]] @@ -569,39 +575,63 @@ checksum = "2eb04b9f127583ed176e163fb9ec6f3e793b87e21deedd5734a69386a18a0151" [[package]] name = "nix" -version = "0.20.2" +version = "0.16.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f5e06129fb611568ef4e868c14b326274959aa70ff7776e9d55323531c374945" +checksum = "dd0eaf8df8bab402257e0a5c17a254e4cc1f72a93588a1ddfb5d356c801aa7cb" dependencies = [ "bitflags", "cc", - "cfg-if", + "cfg-if 0.1.10", + "libc", + "void", +] + +[[package]] +name = "nix" +version = "0.19.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b2ccba0cfe4fdf15982d1674c69b1fd80bad427d293849982668dfe454bd61f2" +dependencies = [ + "bitflags", + "cc", + "cfg-if 1.0.0", + "libc", +] + +[[package]] +name = "nix" +version = "0.20.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fa9b4819da1bc61c0ea48b63b7bc8604064dd43013e7cc325df098d49cd7c18a" +dependencies = [ + "bitflags", + "cc", + "cfg-if 1.0.0", + "libc", +] + +[[package]] +name = "nix" +version = "0.21.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5c3728fec49d363a50a8828a190b379a446cc5cf085c06259bbbeb34447e4ec7" +dependencies = [ + "bitflags", + "cc", + "cfg-if 1.0.0", "libc", "memoffset", ] [[package]] name = "nix" -version = "0.21.2" +version = "0.23.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "77d9f3521ea8e0641a153b3cddaf008dcbf26acd4ed739a2517295e0760d12c7" +checksum = "f305c2c2e4c39a82f7bf0bf65fb557f9070ce06781d4f2454295cc34b1c43188" dependencies = [ "bitflags", "cc", - "cfg-if", - "libc", - "memoffset", -] - -[[package]] -name = "nix" -version = "0.22.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d3bb9a13fa32bc5aeb64150cd3f32d6cf4c748f8f8a417cce5d2eb976a8370ba" -dependencies = [ - "bitflags", - "cc", - "cfg-if", + "cfg-if 1.0.0", "libc", "memoffset", ] @@ -978,7 +1008,7 @@ dependencies = [ "inotify", "lazy_static", "libc", - "nix 0.21.2", + "nix 0.23.0", "oci", "path-absolutize", "protobuf", @@ -1149,7 +1179,7 @@ version = "3.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "dac1c663cfc93810f88aed9b8941d48cabf856a1b111c29a40439018d870eb22" dependencies = [ - "cfg-if", + "cfg-if 1.0.0", "libc", "rand 0.8.4", "redox_syscall", @@ -1249,16 +1279,16 @@ dependencies = [ [[package]] name = "ttrpc" -version = "0.5.2" +version = "0.5.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "66a973ce6d5eaa20c173635b29ffb660dafbc7ef109172c0015ba44e47a23711" +checksum = "004604e91de38bc16cb9c7898187343075388ea414ad24896a21fc4e91a7c861" dependencies = [ "async-trait", "byteorder", "futures", "libc", "log", - "nix 0.20.2", + "nix 0.16.1", "protobuf", "protobuf-codegen-pure", "thiserror", @@ -1324,13 +1354,19 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f1bddf1187be692e79c5ffeab891132dfb0f236ed36a43c7ed39f1165ee20191" [[package]] -name = "vsock" -version = "0.2.5" +name = "void" +version = "1.0.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a10cd0a332ca79e7bbde3299ca161ef2860dc72ba0c443b20356c23d48687c99" +checksum = "6a02e4885ed3bc0f2de90ea6dd45ebcbb66dacffe03547fadbb0eeae2770887d" + +[[package]] +name = "vsock" +version = "0.2.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c932be691560e8f3f7b2be5a47df1b8f45387e1d1df40d45b2e62284b9e9150e" dependencies = [ "libc", - "nix 0.22.2", + "nix 0.19.1", ] [[package]] diff --git a/tools/agent-ctl/Cargo.toml b/src/tools/agent-ctl/Cargo.toml similarity index 79% rename from tools/agent-ctl/Cargo.toml rename to src/tools/agent-ctl/Cargo.toml index e6bd1727a..a6fdb2b1d 100644 --- a/tools/agent-ctl/Cargo.toml +++ b/src/tools/agent-ctl/Cargo.toml @@ -10,9 +10,9 @@ authors = ["The Kata Containers community "] edition = "2018" [dependencies] -protocols = { path = "../../src/agent/protocols", features = ["with-serde"] } -rustjail = { path = "../../src/agent/rustjail" } -oci = { path = "../../src/agent/oci" } +protocols = { path = "../../agent/protocols", features = ["with-serde"] } +rustjail = { path = "../../agent/rustjail" } +oci = { path = "../../agent/oci" } clap = "2.33.0" lazy_static = "1.4.0" @@ -22,7 +22,7 @@ byteorder = "1.3.4" # Note: this crate sets the slog 'max_*' features which allows the log level # to be modified at runtime. -logging = { path = "../../pkg/logging" } +logging = { path = "../../libs/logging" } slog = "2.5.2" slog-scope = "4.3.0" rand = "0.7.3" diff --git a/tools/agent-ctl/Makefile b/src/tools/agent-ctl/Makefile similarity index 88% rename from tools/agent-ctl/Makefile rename to src/tools/agent-ctl/Makefile index ff115a305..1cb20e1d7 100644 --- a/tools/agent-ctl/Makefile +++ b/src/tools/agent-ctl/Makefile @@ -3,7 +3,7 @@ # SPDX-License-Identifier: Apache-2.0 # -include ../../utils.mk +include ../../../utils.mk default: build @@ -11,7 +11,7 @@ build: logging-crate-tests @RUSTFLAGS="$(EXTRA_RUSTFLAGS) --deny warnings" cargo build --target $(TRIPLE) --$(BUILD_TYPE) logging-crate-tests: - make -C $(CWD)/../../pkg/logging + make -C $(CWD)/../../libs/logging clean: cargo clean diff --git a/tools/agent-ctl/README.md b/src/tools/agent-ctl/README.md similarity index 96% rename from tools/agent-ctl/README.md rename to src/tools/agent-ctl/README.md index fa2caf99d..a351255cf 100644 --- a/tools/agent-ctl/README.md +++ b/src/tools/agent-ctl/README.md @@ -41,9 +41,9 @@ the agent protocol and the client and server implementations. | Description | File | Example RPC or function | Example summary | |-|-|-|-| -| Protocol buffers definition of the Kata Containers Agent API protocol | [`agent.proto`](../../src/agent/protocols/protos/agent.proto) | `CreateContainer` | API to create a Kata container. | +| Protocol buffers definition of the Kata Containers Agent API protocol | [`agent.proto`](../../agent/protocols/protos/agent.proto) | `CreateContainer` | API to create a Kata container. | | Agent Control (client) API calls | [`src/client.rs`](src/client.rs) | `agent_cmd_container_create()` | Agent Control tool function that calls the `CreateContainer` API. | -| Agent (server) API implementations | [`rpc.rs`](../../src/agent/src/rpc.rs) | `create_container()` | Server function that implements the `CreateContainers` API. | +| Agent (server) API implementations | [`rpc.rs`](../../agent/src/rpc.rs) | `create_container()` | Server function that implements the `CreateContainers` API. | ## Run the tool diff --git a/tools/agent-ctl/src/client.rs b/src/tools/agent-ctl/src/client.rs similarity index 100% rename from tools/agent-ctl/src/client.rs rename to src/tools/agent-ctl/src/client.rs diff --git a/tools/agent-ctl/src/main.rs b/src/tools/agent-ctl/src/main.rs similarity index 100% rename from tools/agent-ctl/src/main.rs rename to src/tools/agent-ctl/src/main.rs diff --git a/tools/agent-ctl/src/rpc.rs b/src/tools/agent-ctl/src/rpc.rs similarity index 100% rename from tools/agent-ctl/src/rpc.rs rename to src/tools/agent-ctl/src/rpc.rs diff --git a/tools/agent-ctl/src/types.rs b/src/tools/agent-ctl/src/types.rs similarity index 100% rename from tools/agent-ctl/src/types.rs rename to src/tools/agent-ctl/src/types.rs diff --git a/tools/agent-ctl/src/utils.rs b/src/tools/agent-ctl/src/utils.rs similarity index 100% rename from tools/agent-ctl/src/utils.rs rename to src/tools/agent-ctl/src/utils.rs diff --git a/src/tools/trace-forwarder/.gitignore b/src/tools/trace-forwarder/.gitignore new file mode 100644 index 000000000..57872d0f1 --- /dev/null +++ b/src/tools/trace-forwarder/.gitignore @@ -0,0 +1 @@ +/vendor/ diff --git a/src/trace-forwarder/Cargo.lock b/src/tools/trace-forwarder/Cargo.lock similarity index 100% rename from src/trace-forwarder/Cargo.lock rename to src/tools/trace-forwarder/Cargo.lock diff --git a/src/trace-forwarder/Cargo.toml b/src/tools/trace-forwarder/Cargo.toml similarity index 95% rename from src/trace-forwarder/Cargo.toml rename to src/tools/trace-forwarder/Cargo.toml index d2cfe8af7..846acfebd 100644 --- a/src/trace-forwarder/Cargo.toml +++ b/src/tools/trace-forwarder/Cargo.toml @@ -29,7 +29,7 @@ tracing-subscriber = "0.2.18" # Note: this crate sets the slog 'max_*' features which allows the log level # to be modified at runtime. -logging = { path = "../../pkg/logging" } +logging = { path = "../../libs/logging" } slog = "2.5.2" privdrop = "0.5.1" diff --git a/src/trace-forwarder/Makefile b/src/tools/trace-forwarder/Makefile similarity index 87% rename from src/trace-forwarder/Makefile rename to src/tools/trace-forwarder/Makefile index b0e1e41f4..06530face 100644 --- a/src/trace-forwarder/Makefile +++ b/src/tools/trace-forwarder/Makefile @@ -3,7 +3,7 @@ # SPDX-License-Identifier: Apache-2.0 # -include ../../utils.mk +include ../../../utils.mk default: build @@ -11,7 +11,7 @@ build: logging-crate-tests @RUSTFLAGS="$(EXTRA_RUSTFLAGS) --deny warnings" cargo build --target $(TRIPLE) --$(BUILD_TYPE) logging-crate-tests: - make -C $(CWD)/../../pkg/logging + make -C $(CWD)/../../libs/logging clean: cargo clean diff --git a/src/trace-forwarder/README.md b/src/tools/trace-forwarder/README.md similarity index 99% rename from src/trace-forwarder/README.md rename to src/tools/trace-forwarder/README.md index 8099b7bea..e6efa2861 100644 --- a/src/trace-forwarder/README.md +++ b/src/tools/trace-forwarder/README.md @@ -152,7 +152,7 @@ For further information on how to run the trace forwarder, run: $ cargo run -- --help ``` -[agent-tracing]: ../../docs/tracing.md +[agent-tracing]: /docs/tracing.md [jaeger-tracing]: https://www.jaegertracing.io [opentelemetry]: https://opentelemetry.io [vsock]: https://wiki.qemu.org/Features/VirtioVsock diff --git a/src/trace-forwarder/src/handler.rs b/src/tools/trace-forwarder/src/handler.rs similarity index 100% rename from src/trace-forwarder/src/handler.rs rename to src/tools/trace-forwarder/src/handler.rs diff --git a/src/trace-forwarder/src/main.rs b/src/tools/trace-forwarder/src/main.rs similarity index 100% rename from src/trace-forwarder/src/main.rs rename to src/tools/trace-forwarder/src/main.rs diff --git a/src/trace-forwarder/src/server.rs b/src/tools/trace-forwarder/src/server.rs similarity index 100% rename from src/trace-forwarder/src/server.rs rename to src/tools/trace-forwarder/src/server.rs diff --git a/src/trace-forwarder/src/tracer.rs b/src/tools/trace-forwarder/src/tracer.rs similarity index 100% rename from src/trace-forwarder/src/tracer.rs rename to src/tools/trace-forwarder/src/tracer.rs diff --git a/src/trace-forwarder/src/utils.rs b/src/tools/trace-forwarder/src/utils.rs similarity index 100% rename from src/trace-forwarder/src/utils.rs rename to src/tools/trace-forwarder/src/utils.rs diff --git a/utils.mk b/utils.mk index 0b4af421b..dbfefb5a2 100644 --- a/utils.mk +++ b/utils.mk @@ -64,7 +64,7 @@ endef # $1 - name of tool define make_tool_rules -$(eval $(call make_rules,tools,$(1))) +$(eval $(call make_rules,src/tools,$(1))) endef # Create a "${target}-all" alias which will cause each component/tool From 24a530ced19b59798d4857965cea8162f3438fd5 Mon Sep 17 00:00:00 2001 From: bin Date: Tue, 14 Dec 2021 17:03:53 +0800 Subject: [PATCH 06/11] versions: bump minimum golang version to 1.16.10 According to https://endoflife.date/go golang 1.11.10 is not supported anymore, 1.16.10 is the minimum supported version. Fixes: #3265 Signed-off-by: bin --- versions.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions.yaml b/versions.yaml index 69b1d0d0d..f214d9693 100644 --- a/versions.yaml +++ b/versions.yaml @@ -250,7 +250,7 @@ languages: issue: "https://github.com/golang/go/issues/20676" uscan-url: >- https://github.com/golang/go/tags .*/go?([\d\.]+)\.tar\.gz - version: "1.11.10" + version: "1.16.10" meta: description: | 'newest-version' is the latest version known to work when From 03546f75a6a98b31aee674c9573359649b867b62 Mon Sep 17 00:00:00 2001 From: bin Date: Tue, 14 Dec 2021 17:41:01 +0800 Subject: [PATCH 07/11] runtime: change io/ioutil to io/os packages Change io/ioutil to io/os packages because io/ioutil package is deprecated from 1.16: Discard => io.Discard NopCloser => io.NopCloser ReadAll => io.ReadAll ReadDir => os.ReadDir ReadFile => os.ReadFile TempDir => os.MkdirTemp TempFile => os.CreateTemp WriteFile => os.WriteFile Details: https://go.dev/doc/go1.16#ioutil Fixes: #3265 Signed-off-by: bin --- src/runtime/cmd/kata-runtime/factory_test.go | 7 +-- .../cmd/kata-runtime/kata-check_amd64.go | 4 +- .../cmd/kata-runtime/kata-check_amd64_test.go | 11 ++-- .../cmd/kata-runtime/kata-check_arm64_test.go | 3 +- .../kata-check_data_ppc64le_test.go | 5 +- .../kata-runtime/kata-check_generic_test.go | 3 +- .../kata-runtime/kata-check_ppc64le_test.go | 3 +- .../cmd/kata-runtime/kata-check_s390x_test.go | 3 +- .../cmd/kata-runtime/kata-check_test.go | 29 +++++----- .../cmd/kata-runtime/kata-env_amd64_test.go | 3 +- .../cmd/kata-runtime/kata-env_generic_test.go | 3 +- src/runtime/cmd/kata-runtime/kata-env_test.go | 49 ++++++++--------- src/runtime/cmd/kata-runtime/kata-exec.go | 3 +- src/runtime/cmd/kata-runtime/main_test.go | 17 +++--- src/runtime/cmd/kata-runtime/release.go | 4 +- src/runtime/cmd/kata-runtime/utils_test.go | 7 +-- src/runtime/cmd/kata-runtime/version_test.go | 3 +- .../pkg/containerd-shim-v2/create_test.go | 7 +-- src/runtime/pkg/containerd-shim-v2/service.go | 4 +- .../pkg/containerd-shim-v2/stream_test.go | 9 ++- .../pkg/containerd-shim-v2/utils_test.go | 3 +- src/runtime/pkg/kata-monitor/shim_client.go | 4 +- src/runtime/pkg/katatestutils/constraints.go | 3 +- .../pkg/katatestutils/constraints_test.go | 7 +-- src/runtime/pkg/katatestutils/utils.go | 7 +-- src/runtime/pkg/katautils/config.go | 4 +- src/runtime/pkg/katautils/config_test.go | 55 +++++++++---------- src/runtime/pkg/katautils/create.go | 4 +- src/runtime/pkg/katautils/create_test.go | 9 ++- src/runtime/pkg/katautils/logger_test.go | 6 +- src/runtime/pkg/katautils/network_test.go | 7 +-- src/runtime/pkg/katautils/utils.go | 5 +- src/runtime/pkg/katautils/utils_test.go | 17 +++--- src/runtime/pkg/oci/utils_test.go | 11 ++-- src/runtime/pkg/utils/utils_test.go | 11 ++-- .../virtcontainers/acrn_arch_base_test.go | 3 +- src/runtime/virtcontainers/container_test.go | 11 ++-- .../virtcontainers/device/config/config.go | 5 +- .../device/config/config_test.go | 5 +- .../virtcontainers/device/config/pmem_test.go | 3 +- .../virtcontainers/device/drivers/utils.go | 3 +- .../virtcontainers/device/drivers/vfio.go | 3 +- .../device/manager/manager_test.go | 11 ++-- .../virtcontainers/device/manager/utils.go | 6 +- .../device/manager/utils_test.go | 3 +- src/runtime/virtcontainers/endpoint_test.go | 3 +- src/runtime/virtcontainers/fc.go | 3 +- src/runtime/virtcontainers/hook/mock/hook.go | 4 +- .../virtcontainers/hypervisor_amd64.go | 3 +- .../virtcontainers/hypervisor_amd64_test.go | 3 +- .../virtcontainers/hypervisor_arm64_test.go | 3 +- src/runtime/virtcontainers/hypervisor_test.go | 9 ++- src/runtime/virtcontainers/kata_agent.go | 5 +- src/runtime/virtcontainers/kata_agent_test.go | 15 +++-- src/runtime/virtcontainers/mount.go | 3 +- src/runtime/virtcontainers/mount_test.go | 5 +- src/runtime/virtcontainers/persist/fs/fs.go | 11 ++-- .../virtcontainers/physical_endpoint.go | 5 +- .../pkg/agent/protocols/grpc/utils_test.go | 8 +-- .../virtcontainers/pkg/cgroups/utils_test.go | 3 +- .../virtcontainers/pkg/compatoci/utils.go | 4 +- src/runtime/virtcontainers/pkg/mock/mock.go | 4 +- src/runtime/virtcontainers/qemu.go | 9 ++- src/runtime/virtcontainers/qemu_amd64_test.go | 3 +- .../virtcontainers/qemu_arch_base_test.go | 3 +- src/runtime/virtcontainers/qemu_arm64_test.go | 5 +- src/runtime/virtcontainers/qemu_test.go | 9 ++- src/runtime/virtcontainers/sandbox_test.go | 11 ++-- src/runtime/virtcontainers/types/asset.go | 4 +- .../virtcontainers/types/asset_test.go | 7 +-- .../virtcontainers/utils/proc_linux.go | 4 +- .../virtcontainers/utils/utils_test.go | 23 ++++---- .../virtcontainers/virtcontainers_test.go | 3 +- src/runtime/virtcontainers/virtiofsd_test.go | 9 ++- src/runtime/virtcontainers/vm_test.go | 9 ++- tools/packaging/cmd/kata-pkgsync/cli/utils.go | 4 +- 76 files changed, 260 insertions(+), 317 deletions(-) diff --git a/src/runtime/cmd/kata-runtime/factory_test.go b/src/runtime/cmd/kata-runtime/factory_test.go index a912b548a..10b40976a 100644 --- a/src/runtime/cmd/kata-runtime/factory_test.go +++ b/src/runtime/cmd/kata-runtime/factory_test.go @@ -8,7 +8,6 @@ package main import ( "context" "flag" - "io/ioutil" "os" "testing" @@ -44,7 +43,7 @@ func TestFactoryCLIFunctionNoRuntimeConfig(t *testing.T) { func TestFactoryCLIFunctionInit(t *testing.T) { assert := assert.New(t) - tmpdir, err := ioutil.TempDir("", "") + tmpdir, err := os.MkdirTemp("", "") assert.NoError(err) defer os.RemoveAll(tmpdir) @@ -93,7 +92,7 @@ func TestFactoryCLIFunctionInit(t *testing.T) { func TestFactoryCLIFunctionDestroy(t *testing.T) { assert := assert.New(t) - tmpdir, err := ioutil.TempDir("", "") + tmpdir, err := os.MkdirTemp("", "") assert.NoError(err) defer os.RemoveAll(tmpdir) @@ -127,7 +126,7 @@ func TestFactoryCLIFunctionDestroy(t *testing.T) { func TestFactoryCLIFunctionStatus(t *testing.T) { assert := assert.New(t) - tmpdir, err := ioutil.TempDir("", "") + tmpdir, err := os.MkdirTemp("", "") assert.NoError(err) defer os.RemoveAll(tmpdir) diff --git a/src/runtime/cmd/kata-runtime/kata-check_amd64.go b/src/runtime/cmd/kata-runtime/kata-check_amd64.go index b1bf34807..46b3a2916 100644 --- a/src/runtime/cmd/kata-runtime/kata-check_amd64.go +++ b/src/runtime/cmd/kata-runtime/kata-check_amd64.go @@ -7,7 +7,7 @@ package main import ( "fmt" - "io/ioutil" + "os" "strings" "syscall" "unsafe" @@ -212,7 +212,7 @@ func setCPUtype(hypervisorType vc.HypervisorType) error { } func getCPUtype() int { - content, err := ioutil.ReadFile("/proc/cpuinfo") + content, err := os.ReadFile("/proc/cpuinfo") if err != nil { kataLog.WithError(err).Error("failed to read file") return cpuTypeUnknown diff --git a/src/runtime/cmd/kata-runtime/kata-check_amd64_test.go b/src/runtime/cmd/kata-runtime/kata-check_amd64_test.go index c8b5a25fc..43a7019ff 100644 --- a/src/runtime/cmd/kata-runtime/kata-check_amd64_test.go +++ b/src/runtime/cmd/kata-runtime/kata-check_amd64_test.go @@ -8,7 +8,6 @@ package main import ( "bytes" "fmt" - "io/ioutil" "os" "path/filepath" "regexp" @@ -72,7 +71,7 @@ func TestCCCheckCLIFunction(t *testing.T) { func TestCheckCheckKernelModulesNoNesting(t *testing.T) { assert := assert.New(t) - dir, err := ioutil.TempDir("", "") + dir, err := os.MkdirTemp("", "") if err != nil { t.Fatal(err) } @@ -157,7 +156,7 @@ func TestCheckCheckKernelModulesNoNesting(t *testing.T) { func TestCheckCheckKernelModulesNoUnrestrictedGuest(t *testing.T) { assert := assert.New(t) - dir, err := ioutil.TempDir("", "") + dir, err := os.MkdirTemp("", "") if err != nil { t.Fatal(err) } @@ -256,7 +255,7 @@ func TestCheckHostIsVMContainerCapable(t *testing.T) { assert := assert.New(t) - dir, err := ioutil.TempDir("", "") + dir, err := os.MkdirTemp("", "") if err != nil { t.Fatal(err) } @@ -406,7 +405,7 @@ func TestArchKernelParamHandler(t *testing.T) { func TestKvmIsUsable(t *testing.T) { assert := assert.New(t) - dir, err := ioutil.TempDir("", "") + dir, err := os.MkdirTemp("", "") if err != nil { t.Fatal(err) } @@ -458,7 +457,7 @@ foo : bar func TestSetCPUtype(t *testing.T) { assert := assert.New(t) - tmpdir, err := ioutil.TempDir("", "") + tmpdir, err := os.MkdirTemp("", "") assert.NoError(err) defer os.RemoveAll(tmpdir) diff --git a/src/runtime/cmd/kata-runtime/kata-check_arm64_test.go b/src/runtime/cmd/kata-runtime/kata-check_arm64_test.go index 7ce1c9e3d..2b56dca6d 100644 --- a/src/runtime/cmd/kata-runtime/kata-check_arm64_test.go +++ b/src/runtime/cmd/kata-runtime/kata-check_arm64_test.go @@ -7,7 +7,6 @@ package main import ( "fmt" - "io/ioutil" "os" "path/filepath" "testing" @@ -68,7 +67,7 @@ foo : bar {validContents, validNormalizeVendorName, validNormalizeModelName, false}, } - tmpdir, err := ioutil.TempDir("", "") + tmpdir, err := os.MkdirTemp("", "") if err != nil { panic(err) } diff --git a/src/runtime/cmd/kata-runtime/kata-check_data_ppc64le_test.go b/src/runtime/cmd/kata-runtime/kata-check_data_ppc64le_test.go index 4368be96c..8af5eea7d 100644 --- a/src/runtime/cmd/kata-runtime/kata-check_data_ppc64le_test.go +++ b/src/runtime/cmd/kata-runtime/kata-check_data_ppc64le_test.go @@ -6,8 +6,9 @@ package main import ( + "os" + "github.com/sirupsen/logrus" - "io/ioutil" ) var testCPUInfoTemplate = setTestCPUInfoTemplate() @@ -15,7 +16,7 @@ var testCPUInfoTemplate = setTestCPUInfoTemplate() func setTestCPUInfoTemplate() string { var kataLog *logrus.Entry - content, err := ioutil.ReadFile("/proc/cpuinfo") + content, err := os.ReadFile("/proc/cpuinfo") if err != nil { kataLog.WithError(err).Error("failed to read file /proc/cpuinfo") diff --git a/src/runtime/cmd/kata-runtime/kata-check_generic_test.go b/src/runtime/cmd/kata-runtime/kata-check_generic_test.go index 645783378..2a2210b9e 100644 --- a/src/runtime/cmd/kata-runtime/kata-check_generic_test.go +++ b/src/runtime/cmd/kata-runtime/kata-check_generic_test.go @@ -9,7 +9,6 @@ package main import ( - "io/ioutil" "os" "testing" @@ -19,7 +18,7 @@ import ( func testSetCPUTypeGeneric(t *testing.T) { assert := assert.New(t) - tmpdir, err := ioutil.TempDir("", "") + tmpdir, err := os.MkdirTemp("", "") assert.NoError(err) defer os.RemoveAll(tmpdir) diff --git a/src/runtime/cmd/kata-runtime/kata-check_ppc64le_test.go b/src/runtime/cmd/kata-runtime/kata-check_ppc64le_test.go index 00463bfee..c27232252 100644 --- a/src/runtime/cmd/kata-runtime/kata-check_ppc64le_test.go +++ b/src/runtime/cmd/kata-runtime/kata-check_ppc64le_test.go @@ -7,7 +7,6 @@ package main import ( "fmt" - "io/ioutil" "os" "path/filepath" "testing" @@ -119,7 +118,7 @@ func TestArchKernelParamHandler(t *testing.T) { func TestKvmIsUsable(t *testing.T) { assert := assert.New(t) - dir, err := ioutil.TempDir("", "") + dir, err := os.MkdirTemp("", "") if err != nil { t.Fatal(err) } diff --git a/src/runtime/cmd/kata-runtime/kata-check_s390x_test.go b/src/runtime/cmd/kata-runtime/kata-check_s390x_test.go index 8117db55f..d521a456d 100644 --- a/src/runtime/cmd/kata-runtime/kata-check_s390x_test.go +++ b/src/runtime/cmd/kata-runtime/kata-check_s390x_test.go @@ -7,7 +7,6 @@ package main import ( "fmt" - "io/ioutil" "os" "path/filepath" "testing" @@ -118,7 +117,7 @@ func TestArchKernelParamHandler(t *testing.T) { func TestKvmIsUsable(t *testing.T) { assert := assert.New(t) - dir, err := ioutil.TempDir("", "") + dir, err := os.MkdirTemp("", "") if err != nil { t.Fatal(err) } diff --git a/src/runtime/cmd/kata-runtime/kata-check_test.go b/src/runtime/cmd/kata-runtime/kata-check_test.go index b31d7e96f..95f668907 100644 --- a/src/runtime/cmd/kata-runtime/kata-check_test.go +++ b/src/runtime/cmd/kata-runtime/kata-check_test.go @@ -10,7 +10,6 @@ import ( "flag" "fmt" "html/template" - "io/ioutil" "os" "path" "path/filepath" @@ -50,7 +49,7 @@ type testCPUDetail struct { var fakeCPUData = testCPUData{"", "", false} func createFile(file, contents string) error { - return ioutil.WriteFile(file, []byte(contents), testFileMode) + return os.WriteFile(file, []byte(contents), testFileMode) } func createModules(assert *assert.Assertions, cpuInfoFile string, moduleData []testModuleData) { @@ -151,12 +150,12 @@ func makeCPUInfoFile(path, vendorID, flags string) error { return err } - return ioutil.WriteFile(path, contents.Bytes(), testFileMode) + return os.WriteFile(path, contents.Bytes(), testFileMode) } // nolint: unused, deadcode func genericTestGetCPUDetails(t *testing.T, validVendor string, validModel string, validContents string, data []testCPUDetail) { - tmpdir, err := ioutil.TempDir("", "") + tmpdir, err := os.MkdirTemp("", "") if err != nil { panic(err) } @@ -198,7 +197,7 @@ func genericTestGetCPUDetails(t *testing.T, validVendor string, validModel strin func genericCheckCLIFunction(t *testing.T, cpuData []testCPUData, moduleData []testModuleData) { assert := assert.New(t) - dir, err := ioutil.TempDir("", "") + dir, err := os.MkdirTemp("", "") if err != nil { t.Fatal(err) } @@ -308,7 +307,7 @@ func TestCheckGetCPUInfo(t *testing.T) { {"foo\n\nbar\nbaz\n\n", "foo", false}, } - dir, err := ioutil.TempDir("", "") + dir, err := os.MkdirTemp("", "") if err != nil { t.Fatal(err) } @@ -320,7 +319,7 @@ func TestCheckGetCPUInfo(t *testing.T) { assert.Error(err) for _, d := range data { - err = ioutil.WriteFile(file, []byte(d.contents), testFileMode) + err = os.WriteFile(file, []byte(d.contents), testFileMode) if err != nil { t.Fatal(err) } @@ -528,7 +527,7 @@ func TestCheckHaveKernelModule(t *testing.T) { assert := assert.New(t) - dir, err := ioutil.TempDir("", "") + dir, err := os.MkdirTemp("", "") if err != nil { t.Fatal(err) } @@ -578,7 +577,7 @@ func TestCheckHaveKernelModule(t *testing.T) { func TestCheckCheckKernelModules(t *testing.T) { assert := assert.New(t) - dir, err := ioutil.TempDir("", "") + dir, err := os.MkdirTemp("", "") if err != nil { t.Fatal(err) } @@ -663,7 +662,7 @@ func TestCheckCheckKernelModulesUnreadableFile(t *testing.T) { t.Skip(ktu.TestDisabledNeedNonRoot) } - dir, err := ioutil.TempDir("", "") + dir, err := os.MkdirTemp("", "") if err != nil { t.Fatal(err) } @@ -711,7 +710,7 @@ func TestCheckCheckKernelModulesUnreadableFile(t *testing.T) { func TestCheckCheckKernelModulesInvalidFileContents(t *testing.T) { assert := assert.New(t) - dir, err := ioutil.TempDir("", "") + dir, err := os.MkdirTemp("", "") if err != nil { t.Fatal(err) } @@ -756,7 +755,7 @@ func TestCheckCheckKernelModulesInvalidFileContents(t *testing.T) { func TestCheckCLIFunctionFail(t *testing.T) { assert := assert.New(t) - dir, err := ioutil.TempDir("", "") + dir, err := os.MkdirTemp("", "") if err != nil { t.Fatal(err) } @@ -789,7 +788,7 @@ func TestCheckCLIFunctionFail(t *testing.T) { func TestCheckKernelParamHandler(t *testing.T) { assert := assert.New(t) - dir, err := ioutil.TempDir("", "") + dir, err := os.MkdirTemp("", "") if err != nil { t.Fatal(err) } @@ -871,7 +870,7 @@ func TestCheckKernelParamHandler(t *testing.T) { func TestArchRequiredKernelModules(t *testing.T) { assert := assert.New(t) - tmpdir, err := ioutil.TempDir("", "") + tmpdir, err := os.MkdirTemp("", "") assert.NoError(err) defer os.RemoveAll(tmpdir) @@ -886,7 +885,7 @@ func TestArchRequiredKernelModules(t *testing.T) { return } - dir, err := ioutil.TempDir("", "") + dir, err := os.MkdirTemp("", "") if err != nil { t.Fatal(err) } diff --git a/src/runtime/cmd/kata-runtime/kata-env_amd64_test.go b/src/runtime/cmd/kata-runtime/kata-env_amd64_test.go index 43b9e5c4b..a3951328a 100644 --- a/src/runtime/cmd/kata-runtime/kata-env_amd64_test.go +++ b/src/runtime/cmd/kata-runtime/kata-env_amd64_test.go @@ -6,7 +6,6 @@ package main import ( - "io/ioutil" "os" "testing" @@ -23,7 +22,7 @@ func getExpectedHostDetails(tmpdir string) (HostInfo, error) { func TestEnvGetEnvInfoSetsCPUType(t *testing.T) { assert := assert.New(t) - tmpdir, err := ioutil.TempDir("", "") + tmpdir, err := os.MkdirTemp("", "") assert.NoError(err) defer os.RemoveAll(tmpdir) diff --git a/src/runtime/cmd/kata-runtime/kata-env_generic_test.go b/src/runtime/cmd/kata-runtime/kata-env_generic_test.go index 0f1ef813a..1991138a4 100644 --- a/src/runtime/cmd/kata-runtime/kata-env_generic_test.go +++ b/src/runtime/cmd/kata-runtime/kata-env_generic_test.go @@ -9,7 +9,6 @@ package main import ( - "io/ioutil" "os" "testing" @@ -19,7 +18,7 @@ import ( func testEnvGetEnvInfoSetsCPUTypeGeneric(t *testing.T) { assert := assert.New(t) - tmpdir, err := ioutil.TempDir("", "") + tmpdir, err := os.MkdirTemp("", "") assert.NoError(err) defer os.RemoveAll(tmpdir) diff --git a/src/runtime/cmd/kata-runtime/kata-env_test.go b/src/runtime/cmd/kata-runtime/kata-env_test.go index 39d354427..11f0478b2 100644 --- a/src/runtime/cmd/kata-runtime/kata-env_test.go +++ b/src/runtime/cmd/kata-runtime/kata-env_test.go @@ -10,7 +10,6 @@ import ( "encoding/json" "flag" "fmt" - "io/ioutil" "os" "path" "path/filepath" @@ -65,7 +64,7 @@ func makeVersionBinary(file, version string) error { func createConfig(configPath string, fileData string) error { - err := ioutil.WriteFile(configPath, []byte(fileData), testFileMode) + err := os.WriteFile(configPath, []byte(fileData), testFileMode) if err != nil { fmt.Fprintf(os.Stderr, "Unable to create config file %s %v\n", configPath, err) return err @@ -365,7 +364,7 @@ func TestEnvGetMetaInfo(t *testing.T) { } func TestEnvGetHostInfo(t *testing.T) { - tmpdir, err := ioutil.TempDir("", "") + tmpdir, err := os.MkdirTemp("", "") if err != nil { panic(err) } @@ -390,7 +389,7 @@ func TestEnvGetHostInfo(t *testing.T) { } func TestEnvGetHostInfoNoProcCPUInfo(t *testing.T) { - tmpdir, err := ioutil.TempDir("", "") + tmpdir, err := os.MkdirTemp("", "") if err != nil { panic(err) } @@ -407,7 +406,7 @@ func TestEnvGetHostInfoNoProcCPUInfo(t *testing.T) { } func TestEnvGetHostInfoNoOSRelease(t *testing.T) { - tmpdir, err := ioutil.TempDir("", "") + tmpdir, err := os.MkdirTemp("", "") if err != nil { panic(err) } @@ -424,7 +423,7 @@ func TestEnvGetHostInfoNoOSRelease(t *testing.T) { } func TestEnvGetHostInfoNoProcVersion(t *testing.T) { - tmpdir, err := ioutil.TempDir("", "") + tmpdir, err := os.MkdirTemp("", "") if err != nil { panic(err) } @@ -441,7 +440,7 @@ func TestEnvGetHostInfoNoProcVersion(t *testing.T) { } func TestEnvGetEnvInfo(t *testing.T) { - tmpdir, err := ioutil.TempDir("", "") + tmpdir, err := os.MkdirTemp("", "") if err != nil { panic(err) } @@ -475,7 +474,7 @@ func TestEnvGetEnvInfo(t *testing.T) { func TestEnvGetEnvInfoNoHypervisorVersion(t *testing.T) { assert := assert.New(t) - tmpdir, err := ioutil.TempDir("", "") + tmpdir, err := os.MkdirTemp("", "") assert.NoError(err) defer os.RemoveAll(tmpdir) @@ -502,7 +501,7 @@ func TestEnvGetEnvInfoNoHypervisorVersion(t *testing.T) { func TestEnvGetEnvInfoAgentError(t *testing.T) { assert := assert.New(t) - tmpdir, err := ioutil.TempDir("", "") + tmpdir, err := os.MkdirTemp("", "") assert.NoError(err) defer os.RemoveAll(tmpdir) @@ -511,7 +510,7 @@ func TestEnvGetEnvInfoAgentError(t *testing.T) { } func TestEnvGetEnvInfoNoOSRelease(t *testing.T) { - tmpdir, err := ioutil.TempDir("", "") + tmpdir, err := os.MkdirTemp("", "") if err != nil { panic(err) } @@ -531,7 +530,7 @@ func TestEnvGetEnvInfoNoOSRelease(t *testing.T) { } func TestEnvGetEnvInfoNoProcCPUInfo(t *testing.T) { - tmpdir, err := ioutil.TempDir("", "") + tmpdir, err := os.MkdirTemp("", "") if err != nil { panic(err) } @@ -551,7 +550,7 @@ func TestEnvGetEnvInfoNoProcCPUInfo(t *testing.T) { } func TestEnvGetEnvInfoNoProcVersion(t *testing.T) { - tmpdir, err := ioutil.TempDir("", "") + tmpdir, err := os.MkdirTemp("", "") if err != nil { panic(err) } @@ -571,7 +570,7 @@ func TestEnvGetEnvInfoNoProcVersion(t *testing.T) { } func TestEnvGetRuntimeInfo(t *testing.T) { - tmpdir, err := ioutil.TempDir("", "") + tmpdir, err := os.MkdirTemp("", "") if err != nil { panic(err) } @@ -588,7 +587,7 @@ func TestEnvGetRuntimeInfo(t *testing.T) { } func TestEnvGetAgentInfo(t *testing.T) { - tmpdir, err := ioutil.TempDir("", "") + tmpdir, err := os.MkdirTemp("", "") if err != nil { panic(err) } @@ -727,13 +726,13 @@ func testEnvShowJSONSettings(t *testing.T, tmpdir string, tmpfile *os.File) erro } func TestEnvShowSettings(t *testing.T) { - tmpdir, err := ioutil.TempDir("", "") + tmpdir, err := os.MkdirTemp("", "") if err != nil { panic(err) } defer os.RemoveAll(tmpdir) - tmpfile, err := ioutil.TempFile("", "envShowSettings-") + tmpfile, err := os.CreateTemp("", "envShowSettings-") assert.NoError(t, err) defer os.Remove(tmpfile.Name()) @@ -748,13 +747,13 @@ func TestEnvShowSettings(t *testing.T) { } func TestEnvShowSettingsInvalidFile(t *testing.T) { - tmpdir, err := ioutil.TempDir("", "") + tmpdir, err := os.MkdirTemp("", "") if err != nil { panic(err) } defer os.RemoveAll(tmpdir) - tmpfile, err := ioutil.TempFile("", "envShowSettings-") + tmpfile, err := os.CreateTemp("", "envShowSettings-") assert.NoError(t, err) defer os.Remove(tmpfile.Name()) @@ -772,7 +771,7 @@ func TestEnvShowSettingsInvalidFile(t *testing.T) { } func TestEnvHandleSettings(t *testing.T) { - tmpdir, err := ioutil.TempDir("", "") + tmpdir, err := os.MkdirTemp("", "") if err != nil { panic(err) } @@ -790,7 +789,7 @@ func TestEnvHandleSettings(t *testing.T) { ctx.App.Metadata["configFile"] = configFile ctx.App.Metadata["runtimeConfig"] = config - tmpfile, err := ioutil.TempFile("", "") + tmpfile, err := os.CreateTemp("", "") assert.NoError(t, err) defer os.Remove(tmpfile.Name()) @@ -806,7 +805,7 @@ func TestEnvHandleSettings(t *testing.T) { func TestEnvHandleSettingsInvalidParams(t *testing.T) { assert := assert.New(t) - tmpdir, err := ioutil.TempDir("", "") + tmpdir, err := os.MkdirTemp("", "") assert.NoError(err) defer os.RemoveAll(tmpdir) @@ -860,7 +859,7 @@ func TestEnvHandleSettingsInvalidRuntimeConfigType(t *testing.T) { } func TestEnvCLIFunction(t *testing.T) { - tmpdir, err := ioutil.TempDir("", "") + tmpdir, err := os.MkdirTemp("", "") if err != nil { panic(err) } @@ -905,7 +904,7 @@ func TestEnvCLIFunction(t *testing.T) { } func TestEnvCLIFunctionFail(t *testing.T) { - tmpdir, err := ioutil.TempDir("", "") + tmpdir, err := os.MkdirTemp("", "") if err != nil { panic(err) } @@ -941,7 +940,7 @@ func TestEnvCLIFunctionFail(t *testing.T) { func TestGetHypervisorInfo(t *testing.T) { assert := assert.New(t) - tmpdir, err := ioutil.TempDir("", "") + tmpdir, err := os.MkdirTemp("", "") assert.NoError(err) defer os.RemoveAll(tmpdir) @@ -963,7 +962,7 @@ func TestGetHypervisorInfo(t *testing.T) { func TestGetHypervisorInfoSocket(t *testing.T) { assert := assert.New(t) - tmpdir, err := ioutil.TempDir("", "") + tmpdir, err := os.MkdirTemp("", "") assert.NoError(err) defer os.RemoveAll(tmpdir) diff --git a/src/runtime/cmd/kata-runtime/kata-exec.go b/src/runtime/cmd/kata-runtime/kata-exec.go index 24c6e2f5b..456134a5f 100644 --- a/src/runtime/cmd/kata-runtime/kata-exec.go +++ b/src/runtime/cmd/kata-runtime/kata-exec.go @@ -9,7 +9,6 @@ package main import ( "fmt" "io" - "io/ioutil" "net" "net/http" "net/url" @@ -170,7 +169,7 @@ func getConn(sandboxID string, port uint64) (net.Conn, error) { } defer resp.Body.Close() - data, err := ioutil.ReadAll(resp.Body) + data, err := io.ReadAll(resp.Body) if err != nil { return nil, err } diff --git a/src/runtime/cmd/kata-runtime/main_test.go b/src/runtime/cmd/kata-runtime/main_test.go index 70b6ec0a9..1ce21514d 100644 --- a/src/runtime/cmd/kata-runtime/main_test.go +++ b/src/runtime/cmd/kata-runtime/main_test.go @@ -11,7 +11,6 @@ import ( "errors" "flag" "fmt" - "io/ioutil" "os" "path" "path/filepath" @@ -100,7 +99,7 @@ func TestMain(m *testing.M) { } func createEmptyFile(path string) (err error) { - return ioutil.WriteFile(path, []byte(""), testFileMode) + return os.WriteFile(path, []byte(""), testFileMode) } func grep(pattern, file string) error { @@ -108,7 +107,7 @@ func grep(pattern, file string) error { return errors.New("need file") } - bytes, err := ioutil.ReadFile(file) + bytes, err := os.ReadFile(file) if err != nil { return err } @@ -259,7 +258,7 @@ func TestMainBeforeSubCommands(t *testing.T) { func TestMainBeforeSubCommandsInvalidLogFile(t *testing.T) { assert := assert.New(t) - tmpdir, err := ioutil.TempDir("", "katatest") + tmpdir, err := os.MkdirTemp("", "katatest") assert.NoError(err) defer os.RemoveAll(tmpdir) @@ -282,7 +281,7 @@ func TestMainBeforeSubCommandsInvalidLogFile(t *testing.T) { func TestMainBeforeSubCommandsInvalidLogFormat(t *testing.T) { assert := assert.New(t) - tmpdir, err := ioutil.TempDir("", "katatest") + tmpdir, err := os.MkdirTemp("", "katatest") assert.NoError(err) defer os.RemoveAll(tmpdir) @@ -311,7 +310,7 @@ func TestMainBeforeSubCommandsInvalidLogFormat(t *testing.T) { func TestMainBeforeSubCommandsLoadConfigurationFail(t *testing.T) { assert := assert.New(t) - tmpdir, err := ioutil.TempDir("", "katatest") + tmpdir, err := os.MkdirTemp("", "katatest") assert.NoError(err) defer os.RemoveAll(tmpdir) @@ -346,7 +345,7 @@ func TestMainBeforeSubCommandsLoadConfigurationFail(t *testing.T) { func TestMainBeforeSubCommandsShowCCConfigPaths(t *testing.T) { assert := assert.New(t) - tmpdir, err := ioutil.TempDir("", "katatest") + tmpdir, err := os.MkdirTemp("", "katatest") assert.NoError(err) defer os.RemoveAll(tmpdir) @@ -410,7 +409,7 @@ func TestMainBeforeSubCommandsShowCCConfigPaths(t *testing.T) { func TestMainFatal(t *testing.T) { assert := assert.New(t) - tmpdir, err := ioutil.TempDir("", "katatest") + tmpdir, err := os.MkdirTemp("", "katatest") assert.NoError(err) defer os.RemoveAll(tmpdir) @@ -634,7 +633,7 @@ func TestMainCreateRuntime(t *testing.T) { func TestMainVersionPrinter(t *testing.T) { assert := assert.New(t) - tmpdir, err := ioutil.TempDir("", "katatest") + tmpdir, err := os.MkdirTemp("", "katatest") assert.NoError(err) defer os.RemoveAll(tmpdir) diff --git a/src/runtime/cmd/kata-runtime/release.go b/src/runtime/cmd/kata-runtime/release.go index 3acfae71d..129d4112b 100644 --- a/src/runtime/cmd/kata-runtime/release.go +++ b/src/runtime/cmd/kata-runtime/release.go @@ -10,7 +10,7 @@ import ( "encoding/json" "errors" "fmt" - "io/ioutil" + "io" "net/http" "os" "strings" @@ -279,7 +279,7 @@ func getReleases(releaseURL string, includeAll bool) ([]semver.Version, map[stri releasesArray := []map[string]interface{}{} - body, err := ioutil.ReadAll(resp.Body) + body, err := io.ReadAll(resp.Body) if err != nil { return nil, nil, fmt.Errorf("failed to read release details: %v", err) } else if resp.StatusCode == http.StatusForbidden && bytes.Contains(body, []byte("limit exceeded")) { diff --git a/src/runtime/cmd/kata-runtime/utils_test.go b/src/runtime/cmd/kata-runtime/utils_test.go index 12bba4e2b..da1e3d5c4 100644 --- a/src/runtime/cmd/kata-runtime/utils_test.go +++ b/src/runtime/cmd/kata-runtime/utils_test.go @@ -7,7 +7,6 @@ package main import ( "fmt" - "io/ioutil" "os" "path/filepath" "testing" @@ -18,7 +17,7 @@ import ( ) func TestFileExists(t *testing.T) { - dir, err := ioutil.TempDir("", "katatest") + dir, err := os.MkdirTemp("", "katatest") if err != nil { t.Fatal(err) } @@ -55,7 +54,7 @@ func TestGetKernelVersion(t *testing.T) { {validContents, validVersion, false}, } - tmpdir, err := ioutil.TempDir("", "") + tmpdir, err := os.MkdirTemp("", "") if err != nil { panic(err) } @@ -104,7 +103,7 @@ func TestGetDistroDetails(t *testing.T) { const unknown = "<>" - tmpdir, err := ioutil.TempDir("", "") + tmpdir, err := os.MkdirTemp("", "") if err != nil { panic(err) } diff --git a/src/runtime/cmd/kata-runtime/version_test.go b/src/runtime/cmd/kata-runtime/version_test.go index 936392c29..b6977f865 100644 --- a/src/runtime/cmd/kata-runtime/version_test.go +++ b/src/runtime/cmd/kata-runtime/version_test.go @@ -7,7 +7,6 @@ package main import ( "fmt" - "io/ioutil" "os" "testing" @@ -38,7 +37,7 @@ func TestVersion(t *testing.T) { fn, ok := versionCLICommand.Action.(func(context *cli.Context) error) assert.True(t, ok) - tmpfile, err := ioutil.TempFile("", "") + tmpfile, err := os.CreateTemp("", "") assert.NoError(t, err) defer os.Remove(tmpfile.Name()) diff --git a/src/runtime/pkg/containerd-shim-v2/create_test.go b/src/runtime/pkg/containerd-shim-v2/create_test.go index 7b6f9f57a..6b00991f9 100644 --- a/src/runtime/pkg/containerd-shim-v2/create_test.go +++ b/src/runtime/pkg/containerd-shim-v2/create_test.go @@ -9,7 +9,6 @@ package containerdshim import ( "context" "fmt" - "io/ioutil" "os" "path" "testing" @@ -362,7 +361,7 @@ func createAllRuntimeConfigFiles(dir, hypervisor string) (config string, err err runtimeConfigFileData := ktu.MakeRuntimeConfigFileData(configFileOptions) configPath := path.Join(dir, "runtime.toml") - err = ioutil.WriteFile(configPath, []byte(runtimeConfigFileData), os.FileMode(0640)) + err = os.WriteFile(configPath, []byte(runtimeConfigFileData), os.FileMode(0640)) if err != nil { return "", err } @@ -371,7 +370,7 @@ func createAllRuntimeConfigFiles(dir, hypervisor string) (config string, err err for _, file := range files { // create the resource (which must be >0 bytes) - err := ioutil.WriteFile(file, []byte("foo"), os.FileMode(0640)) + err := os.WriteFile(file, []byte("foo"), os.FileMode(0640)) if err != nil { return "", err } @@ -383,7 +382,7 @@ func createAllRuntimeConfigFiles(dir, hypervisor string) (config string, err err func TestCreateLoadRuntimeConfig(t *testing.T) { assert := assert.New(t) - tmpdir, err := ioutil.TempDir("", "") + tmpdir, err := os.MkdirTemp("", "") assert.NoError(err) defer os.RemoveAll(tmpdir) diff --git a/src/runtime/pkg/containerd-shim-v2/service.go b/src/runtime/pkg/containerd-shim-v2/service.go index cafbb1907..e4f1b7855 100644 --- a/src/runtime/pkg/containerd-shim-v2/service.go +++ b/src/runtime/pkg/containerd-shim-v2/service.go @@ -7,7 +7,7 @@ package containerdshim import ( "context" - "io/ioutil" + "io" "os" sysexec "os/exec" "sync" @@ -80,7 +80,7 @@ func New(ctx context.Context, id string, publisher cdshim.Publisher, shutdown fu // Discard the log before shim init its log output. Otherwise // it will output into stdio, from which containerd would like // to get the shim's socket address. - logrus.SetOutput(ioutil.Discard) + logrus.SetOutput(io.Discard) opts := ctx.Value(cdshim.OptsKey{}).(cdshim.Opts) if !opts.Debug { logrus.SetLevel(logrus.WarnLevel) diff --git a/src/runtime/pkg/containerd-shim-v2/stream_test.go b/src/runtime/pkg/containerd-shim-v2/stream_test.go index 3112af25b..01b988b1a 100644 --- a/src/runtime/pkg/containerd-shim-v2/stream_test.go +++ b/src/runtime/pkg/containerd-shim-v2/stream_test.go @@ -8,7 +8,6 @@ package containerdshim import ( "context" "io" - "io/ioutil" "os" "path/filepath" "syscall" @@ -26,11 +25,11 @@ func TestNewTtyIOFifoReopen(t *testing.T) { assert := assert.New(t) ctx := context.TODO() - testDir, err := ioutil.TempDir("", "kata-") + testDir, err := os.MkdirTemp("", "kata-") assert.NoError(err) defer os.RemoveAll(testDir) - fifoPath, err := ioutil.TempDir(testDir, "fifo-path-") + fifoPath, err := os.MkdirTemp(testDir, "fifo-path-") assert.NoError(err) stdout := filepath.Join(fifoPath, "stdout") stderr := filepath.Join(fifoPath, "stderr") @@ -104,11 +103,11 @@ func TestIoCopy(t *testing.T) { testBytes2 := []byte("Test2") testBytes3 := []byte("Test3") - testDir, err := ioutil.TempDir("", "kata-") + testDir, err := os.MkdirTemp("", "kata-") assert.NoError(err) defer os.RemoveAll(testDir) - fifoPath, err := ioutil.TempDir(testDir, "fifo-path-") + fifoPath, err := os.MkdirTemp(testDir, "fifo-path-") assert.NoError(err) dstStdoutPath := filepath.Join(fifoPath, "dststdout") dstStderrPath := filepath.Join(fifoPath, "dststderr") diff --git a/src/runtime/pkg/containerd-shim-v2/utils_test.go b/src/runtime/pkg/containerd-shim-v2/utils_test.go index 16ade4c1a..35b489920 100644 --- a/src/runtime/pkg/containerd-shim-v2/utils_test.go +++ b/src/runtime/pkg/containerd-shim-v2/utils_test.go @@ -8,7 +8,6 @@ package containerdshim import ( "fmt" - "io/ioutil" "os" "path" "testing" @@ -60,7 +59,7 @@ func init() { } func createEmptyFile(path string) (err error) { - return ioutil.WriteFile(path, []byte(""), testFileMode) + return os.WriteFile(path, []byte(""), testFileMode) } // newTestHypervisorConfig creaets a new virtcontainers diff --git a/src/runtime/pkg/kata-monitor/shim_client.go b/src/runtime/pkg/kata-monitor/shim_client.go index c47211e52..31043c847 100644 --- a/src/runtime/pkg/kata-monitor/shim_client.go +++ b/src/runtime/pkg/kata-monitor/shim_client.go @@ -7,7 +7,7 @@ package katamonitor import ( "fmt" - "io/ioutil" + "io" "net" "net/http" "os" @@ -90,7 +90,7 @@ func doGet(sandboxID string, timeoutInSeconds time.Duration, urlPath string) ([] resp.Body.Close() }() - body, err := ioutil.ReadAll(resp.Body) + body, err := io.ReadAll(resp.Body) if err != nil { return nil, err } diff --git a/src/runtime/pkg/katatestutils/constraints.go b/src/runtime/pkg/katatestutils/constraints.go index d2f400b4b..fd73d0781 100644 --- a/src/runtime/pkg/katatestutils/constraints.go +++ b/src/runtime/pkg/katatestutils/constraints.go @@ -8,7 +8,6 @@ package katatestutils import ( "errors" "fmt" - "io/ioutil" "os" "strconv" "strings" @@ -63,7 +62,7 @@ type Result struct { // GetFileContents return the file contents as a string. func getFileContents(file string) (string, error) { - bytes, err := ioutil.ReadFile(file) + bytes, err := os.ReadFile(file) if err != nil { return "", err } diff --git a/src/runtime/pkg/katatestutils/constraints_test.go b/src/runtime/pkg/katatestutils/constraints_test.go index 5513b26fd..2a60bbe3e 100644 --- a/src/runtime/pkg/katatestutils/constraints_test.go +++ b/src/runtime/pkg/katatestutils/constraints_test.go @@ -8,7 +8,6 @@ package katatestutils import ( "errors" "fmt" - "io/ioutil" "os" "os/exec" "path/filepath" @@ -316,7 +315,7 @@ func testGetDistro() (name, version string, err error) { func testGetKernelVersion() (version string, err error) { const file = "/proc/version" - bytes, err := ioutil.ReadFile(file) + bytes, err := os.ReadFile(file) if err != nil { return "", err } @@ -416,7 +415,7 @@ func TestGetFileContents(t *testing.T) { {"foo\nbar"}, } - dir, err := ioutil.TempDir("", "") + dir, err := os.MkdirTemp("", "") assert.NoError(err) defer os.RemoveAll(dir) @@ -428,7 +427,7 @@ func TestGetFileContents(t *testing.T) { for _, d := range data { // create the file - err = ioutil.WriteFile(file, []byte(d.contents), testFileMode) + err = os.WriteFile(file, []byte(d.contents), testFileMode) assert.NoError(err) defer os.Remove(file) diff --git a/src/runtime/pkg/katatestutils/utils.go b/src/runtime/pkg/katatestutils/utils.go index c5d79e6c4..7750c23de 100644 --- a/src/runtime/pkg/katatestutils/utils.go +++ b/src/runtime/pkg/katatestutils/utils.go @@ -9,7 +9,6 @@ package katatestutils import ( "encoding/json" "errors" - "io/ioutil" "os" "path/filepath" "strconv" @@ -347,7 +346,7 @@ func IsInGitHubActions() bool { func SetupOCIConfigFile(t *testing.T) (rootPath string, bundlePath, ociConfigFile string) { assert := assert.New(t) - tmpdir, err := ioutil.TempDir("", "katatest-") + tmpdir, err := os.MkdirTemp("", "katatest-") assert.NoError(err) bundlePath = filepath.Join(tmpdir, "bundle") @@ -355,7 +354,7 @@ func SetupOCIConfigFile(t *testing.T) (rootPath string, bundlePath, ociConfigFil assert.NoError(err) ociConfigFile = filepath.Join(bundlePath, "config.json") - err = ioutil.WriteFile(ociConfigFile, []byte(busyboxConfigJson), testFileMode) + err = os.WriteFile(ociConfigFile, []byte(busyboxConfigJson), testFileMode) assert.NoError(err) return tmpdir, bundlePath, ociConfigFile @@ -372,5 +371,5 @@ func WriteOCIConfigFile(spec specs.Spec, configPath string) error { return err } - return ioutil.WriteFile(configPath, bytes, testFileMode) + return os.WriteFile(configPath, bytes, testFileMode) } diff --git a/src/runtime/pkg/katautils/config.go b/src/runtime/pkg/katautils/config.go index 5f9b7f6fb..e844bff03 100644 --- a/src/runtime/pkg/katautils/config.go +++ b/src/runtime/pkg/katautils/config.go @@ -9,7 +9,7 @@ package katautils import ( "errors" "fmt" - "io/ioutil" + "os" "path/filepath" goruntime "runtime" "strings" @@ -1199,7 +1199,7 @@ func decodeConfig(configPath string) (tomlConfig, string, error) { return tomlConf, "", fmt.Errorf("Cannot find usable config file (%v)", err) } - configData, err := ioutil.ReadFile(resolved) + configData, err := os.ReadFile(resolved) if err != nil { return tomlConf, resolved, err } diff --git a/src/runtime/pkg/katautils/config_test.go b/src/runtime/pkg/katautils/config_test.go index 0c596d84e..bfabc668c 100644 --- a/src/runtime/pkg/katautils/config_test.go +++ b/src/runtime/pkg/katautils/config_test.go @@ -9,7 +9,6 @@ package katautils import ( "bytes" "fmt" - "io/ioutil" "os" "path" "path/filepath" @@ -49,7 +48,7 @@ type testRuntimeConfig struct { func createConfig(configPath string, fileData string) error { - err := ioutil.WriteFile(configPath, []byte(fileData), testFileMode) + err := os.WriteFile(configPath, []byte(fileData), testFileMode) if err != nil { fmt.Fprintf(os.Stderr, "Unable to create config file %s %v\n", configPath, err) return err @@ -280,7 +279,7 @@ func testLoadConfiguration(t *testing.T, dir string, } func TestConfigLoadConfiguration(t *testing.T) { - tmpdir, err := ioutil.TempDir(testDir, "load-config-") + tmpdir, err := os.MkdirTemp(testDir, "load-config-") assert.NoError(t, err) defer os.RemoveAll(tmpdir) @@ -288,7 +287,7 @@ func TestConfigLoadConfiguration(t *testing.T) { } func TestConfigLoadConfigurationFailBrokenSymLink(t *testing.T) { - tmpdir, err := ioutil.TempDir(testDir, "runtime-config-") + tmpdir, err := os.MkdirTemp(testDir, "runtime-config-") assert.NoError(t, err) defer os.RemoveAll(tmpdir) @@ -311,7 +310,7 @@ func TestConfigLoadConfigurationFailBrokenSymLink(t *testing.T) { } func TestConfigLoadConfigurationFailSymLinkLoop(t *testing.T) { - tmpdir, err := ioutil.TempDir(testDir, "runtime-config-") + tmpdir, err := os.MkdirTemp(testDir, "runtime-config-") assert.NoError(t, err) defer os.RemoveAll(tmpdir) @@ -340,7 +339,7 @@ func TestConfigLoadConfigurationFailSymLinkLoop(t *testing.T) { } func TestConfigLoadConfigurationFailMissingHypervisor(t *testing.T) { - tmpdir, err := ioutil.TempDir(testDir, "runtime-config-") + tmpdir, err := os.MkdirTemp(testDir, "runtime-config-") assert.NoError(t, err) defer os.RemoveAll(tmpdir) @@ -358,7 +357,7 @@ func TestConfigLoadConfigurationFailMissingHypervisor(t *testing.T) { } func TestConfigLoadConfigurationFailMissingImage(t *testing.T) { - tmpdir, err := ioutil.TempDir(testDir, "runtime-config-") + tmpdir, err := os.MkdirTemp(testDir, "runtime-config-") assert.NoError(t, err) defer os.RemoveAll(tmpdir) @@ -376,7 +375,7 @@ func TestConfigLoadConfigurationFailMissingImage(t *testing.T) { } func TestConfigLoadConfigurationFailMissingKernel(t *testing.T) { - tmpdir, err := ioutil.TempDir(testDir, "runtime-config-") + tmpdir, err := os.MkdirTemp(testDir, "runtime-config-") assert.NoError(t, err) defer os.RemoveAll(tmpdir) @@ -398,7 +397,7 @@ func TestConfigLoadConfigurationFailUnreadableConfig(t *testing.T) { t.Skip(ktu.TestDisabledNeedNonRoot) } - tmpdir, err := ioutil.TempDir(testDir, "runtime-config-") + tmpdir, err := os.MkdirTemp(testDir, "runtime-config-") assert.NoError(t, err) defer os.RemoveAll(tmpdir) @@ -421,7 +420,7 @@ func TestConfigLoadConfigurationFailTOMLConfigFileInvalidContents(t *testing.T) t.Skip(ktu.TestDisabledNeedNonRoot) } - tmpdir, err := ioutil.TempDir(testDir, "runtime-config-") + tmpdir, err := os.MkdirTemp(testDir, "runtime-config-") assert.NoError(t, err) defer os.RemoveAll(tmpdir) @@ -447,7 +446,7 @@ func TestConfigLoadConfigurationFailTOMLConfigFileDuplicatedData(t *testing.T) { t.Skip(ktu.TestDisabledNeedNonRoot) } - tmpdir, err := ioutil.TempDir(testDir, "runtime-config-") + tmpdir, err := os.MkdirTemp(testDir, "runtime-config-") assert.NoError(t, err) defer os.RemoveAll(tmpdir) @@ -472,7 +471,7 @@ func TestConfigLoadConfigurationFailTOMLConfigFileDuplicatedData(t *testing.T) { } func TestMinimalRuntimeConfig(t *testing.T) { - dir, err := ioutil.TempDir(testDir, "minimal-runtime-config-") + dir, err := os.MkdirTemp(testDir, "minimal-runtime-config-") if err != nil { t.Fatal(err) } @@ -602,7 +601,7 @@ func TestMinimalRuntimeConfig(t *testing.T) { } func TestNewQemuHypervisorConfig(t *testing.T) { - dir, err := ioutil.TempDir(testDir, "hypervisor-config-") + dir, err := os.MkdirTemp(testDir, "hypervisor-config-") if err != nil { t.Fatal(err) } @@ -699,7 +698,7 @@ func TestNewQemuHypervisorConfig(t *testing.T) { } func TestNewFirecrackerHypervisorConfig(t *testing.T) { - dir, err := ioutil.TempDir(testDir, "hypervisor-config-") + dir, err := os.MkdirTemp(testDir, "hypervisor-config-") if err != nil { t.Fatal(err) } @@ -794,7 +793,7 @@ func TestNewFirecrackerHypervisorConfig(t *testing.T) { func TestNewQemuHypervisorConfigImageAndInitrd(t *testing.T) { assert := assert.New(t) - tmpdir, err := ioutil.TempDir(testDir, "") + tmpdir, err := os.MkdirTemp(testDir, "") assert.NoError(err) defer os.RemoveAll(tmpdir) @@ -836,7 +835,7 @@ func TestNewClhHypervisorConfig(t *testing.T) { assert := assert.New(t) - tmpdir, err := ioutil.TempDir(testDir, "") + tmpdir, err := os.MkdirTemp(testDir, "") assert.NoError(err) defer os.RemoveAll(tmpdir) @@ -931,7 +930,7 @@ func TestHypervisorDefaults(t *testing.T) { func TestHypervisorDefaultsHypervisor(t *testing.T) { assert := assert.New(t) - tmpdir, err := ioutil.TempDir(testDir, "") + tmpdir, err := os.MkdirTemp(testDir, "") assert.NoError(err) defer os.RemoveAll(tmpdir) @@ -967,7 +966,7 @@ func TestHypervisorDefaultsHypervisor(t *testing.T) { func TestHypervisorDefaultsKernel(t *testing.T) { assert := assert.New(t) - tmpdir, err := ioutil.TempDir(testDir, "") + tmpdir, err := os.MkdirTemp(testDir, "") assert.NoError(err) defer os.RemoveAll(tmpdir) @@ -1010,7 +1009,7 @@ func TestHypervisorDefaultsKernel(t *testing.T) { func TestHypervisorDefaultsInitrd(t *testing.T) { assert := assert.New(t) - tmpdir, err := ioutil.TempDir(testDir, "") + tmpdir, err := os.MkdirTemp(testDir, "") assert.NoError(err) defer os.RemoveAll(tmpdir) @@ -1047,7 +1046,7 @@ func TestHypervisorDefaultsInitrd(t *testing.T) { func TestHypervisorDefaultsImage(t *testing.T) { assert := assert.New(t) - tmpdir, err := ioutil.TempDir(testDir, "") + tmpdir, err := os.MkdirTemp(testDir, "") assert.NoError(err) defer os.RemoveAll(tmpdir) @@ -1142,7 +1141,7 @@ func TestGetDefaultConfigFilePaths(t *testing.T) { func TestGetDefaultConfigFile(t *testing.T) { assert := assert.New(t) - tmpdir, err := ioutil.TempDir(testDir, "") + tmpdir, err := os.MkdirTemp(testDir, "") assert.NoError(err) defer os.RemoveAll(tmpdir) @@ -1232,7 +1231,7 @@ func TestDefaultFirmware(t *testing.T) { // save default firmware path oldDefaultFirmwarePath := defaultFirmwarePath - f, err := ioutil.TempFile(os.TempDir(), "qboot.bin") + f, err := os.CreateTemp(os.TempDir(), "qboot.bin") assert.NoError(err) assert.NoError(f.Close()) defer os.RemoveAll(f.Name()) @@ -1420,7 +1419,7 @@ func TestUpdateRuntimeConfigurationInvalidKernelParams(t *testing.T) { func TestCheckHypervisorConfig(t *testing.T) { assert := assert.New(t) - dir, err := ioutil.TempDir(testDir, "") + dir, err := os.MkdirTemp(testDir, "") if err != nil { t.Fatal(err) } @@ -1583,11 +1582,11 @@ func TestCheckFactoryConfig(t *testing.T) { func TestValidateBindMounts(t *testing.T) { assert := assert.New(t) - tmpdir1, err := ioutil.TempDir(testDir, "tmp1-") + tmpdir1, err := os.MkdirTemp(testDir, "tmp1-") assert.NoError(err) defer os.RemoveAll(tmpdir1) - tmpdir2, err := ioutil.TempDir(testDir, "tmp2-") + tmpdir2, err := os.MkdirTemp(testDir, "tmp2-") assert.NoError(err) defer os.RemoveAll(tmpdir2) @@ -1595,13 +1594,13 @@ func TestValidateBindMounts(t *testing.T) { duplicate2 := filepath.Join(tmpdir2, "cat.txt") unique := filepath.Join(tmpdir1, "foobar.txt") - err = ioutil.WriteFile(duplicate1, []byte("kibble-monster"), 0644) + err = os.WriteFile(duplicate1, []byte("kibble-monster"), 0644) assert.NoError(err) - err = ioutil.WriteFile(duplicate2, []byte("furbag"), 0644) + err = os.WriteFile(duplicate2, []byte("furbag"), 0644) assert.NoError(err) - err = ioutil.WriteFile(unique, []byte("fuzzball"), 0644) + err = os.WriteFile(unique, []byte("fuzzball"), 0644) assert.NoError(err) type testData struct { diff --git a/src/runtime/pkg/katautils/create.go b/src/runtime/pkg/katautils/create.go index dd7056214..875c9945f 100644 --- a/src/runtime/pkg/katautils/create.go +++ b/src/runtime/pkg/katautils/create.go @@ -9,7 +9,7 @@ package katautils import ( "context" "fmt" - "io/ioutil" + "os" "strconv" "strings" @@ -183,7 +183,7 @@ func CreateSandbox(ctx context.Context, vci vc.VC, ociSpec specs.Spec, runtimeCo var procFIPS = "/proc/sys/crypto/fips_enabled" func checkForFIPS(sandboxConfig *vc.SandboxConfig) error { - content, err := ioutil.ReadFile(procFIPS) + content, err := os.ReadFile(procFIPS) if err != nil { // In case file cannot be found or read, simply return return nil diff --git a/src/runtime/pkg/katautils/create_test.go b/src/runtime/pkg/katautils/create_test.go index dd3411e6b..804b4318e 100644 --- a/src/runtime/pkg/katautils/create_test.go +++ b/src/runtime/pkg/katautils/create_test.go @@ -10,7 +10,6 @@ import ( "context" "errors" "fmt" - "io/ioutil" "os" "path" "path/filepath" @@ -124,7 +123,7 @@ func TestSetEphemeralStorageType(t *testing.T) { assert := assert.New(t) - dir, err := ioutil.TempDir(testDir, "foo") + dir, err := os.MkdirTemp(testDir, "foo") if err != nil { t.Fatal(err) } @@ -268,7 +267,7 @@ func TestCreateSandboxFail(t *testing.T) { func TestCheckForFips(t *testing.T) { assert := assert.New(t) - path, err := ioutil.TempDir("", "") + path, err := os.MkdirTemp("", "") assert.NoError(err) defer os.RemoveAll(path) @@ -278,7 +277,7 @@ func TestCheckForFips(t *testing.T) { procFIPS = val }() - err = ioutil.WriteFile(procFIPS, []byte("1"), 0644) + err = os.WriteFile(procFIPS, []byte("1"), 0644) assert.NoError(err) hconfig := vc.HypervisorConfig{ @@ -297,7 +296,7 @@ func TestCheckForFips(t *testing.T) { assert.Equal(params[1].Value, "1") config.HypervisorConfig = hconfig - err = ioutil.WriteFile(procFIPS, []byte("unexpected contents"), 0644) + err = os.WriteFile(procFIPS, []byte("unexpected contents"), 0644) assert.NoError(err) assert.NoError(checkForFIPS(&config)) assert.Equal(config.HypervisorConfig, hconfig) diff --git a/src/runtime/pkg/katautils/logger_test.go b/src/runtime/pkg/katautils/logger_test.go index ff8720fc1..729e96bcf 100644 --- a/src/runtime/pkg/katautils/logger_test.go +++ b/src/runtime/pkg/katautils/logger_test.go @@ -8,7 +8,7 @@ package katautils import ( "fmt" - "io/ioutil" + "io" "regexp" "strings" "testing" @@ -29,7 +29,7 @@ func init() { kataUtilsLogger.Logger.Level = logrus.DebugLevel // Discard log output - kataUtilsLogger.Logger.Out = ioutil.Discard + kataUtilsLogger.Logger.Out = io.Discard } func TestHandleSystemLog(t *testing.T) { @@ -71,7 +71,7 @@ func TestNewSystemLogHook(t *testing.T) { // throw away all stdout so that the Format() call // below returns the data in structured form. - logger.Out = ioutil.Discard + logger.Out = io.Discard entry := &logrus.Entry{ Logger: logger, diff --git a/src/runtime/pkg/katautils/network_test.go b/src/runtime/pkg/katautils/network_test.go index 5b661a953..8fa514d6e 100644 --- a/src/runtime/pkg/katautils/network_test.go +++ b/src/runtime/pkg/katautils/network_test.go @@ -7,7 +7,6 @@ package katautils import ( "fmt" - "io/ioutil" "os" "path/filepath" "syscall" @@ -24,7 +23,7 @@ import ( func TestGetNetNsFromBindMount(t *testing.T) { assert := assert.New(t) - tmpdir, err := ioutil.TempDir("", "") + tmpdir, err := os.MkdirTemp("", "") assert.NoError(err) defer os.RemoveAll(tmpdir) @@ -53,7 +52,7 @@ func TestGetNetNsFromBindMount(t *testing.T) { } for i, d := range data { - err := ioutil.WriteFile(mountFile, []byte(d.contents), 0640) + err := os.WriteFile(mountFile, []byte(d.contents), 0640) assert.NoError(err) path, err := getNetNsFromBindMount(tmpNSPath, mountFile) @@ -86,7 +85,7 @@ func TestHostNetworkingRequested(t *testing.T) { assert.Error(err) // Bind-mounted Netns - tmpdir, err := ioutil.TempDir("", "") + tmpdir, err := os.MkdirTemp("", "") assert.NoError(err) defer os.RemoveAll(tmpdir) diff --git a/src/runtime/pkg/katautils/utils.go b/src/runtime/pkg/katautils/utils.go index 454bb5cf6..c7a64b1f3 100644 --- a/src/runtime/pkg/katautils/utils.go +++ b/src/runtime/pkg/katautils/utils.go @@ -9,7 +9,6 @@ package katautils import ( "errors" "fmt" - "io/ioutil" "os" "path/filepath" "regexp" @@ -99,7 +98,7 @@ func WriteFile(filePath string, data string, fileMode os.FileMode) error { return fmt.Errorf("no such file for %s", filePath) } - if err := ioutil.WriteFile(filePath, []byte(data), fileMode); err != nil { + if err := os.WriteFile(filePath, []byte(data), fileMode); err != nil { return fmt.Errorf("failed to write %v to %v: %v", data, filePath, err) } @@ -108,7 +107,7 @@ func WriteFile(filePath string, data string, fileMode os.FileMode) error { // GetFileContents return the file contents as a string. func GetFileContents(file string) (string, error) { - bytes, err := ioutil.ReadFile(file) + bytes, err := os.ReadFile(file) if err != nil { return "", err } diff --git a/src/runtime/pkg/katautils/utils_test.go b/src/runtime/pkg/katautils/utils_test.go index 30ad2ccc7..6a4e51b5c 100644 --- a/src/runtime/pkg/katautils/utils_test.go +++ b/src/runtime/pkg/katautils/utils_test.go @@ -8,7 +8,6 @@ package katautils import ( "fmt" - "io/ioutil" "os" "path" "path/filepath" @@ -32,11 +31,11 @@ var ( ) func createFile(file, contents string) error { - return ioutil.WriteFile(file, []byte(contents), testFileMode) + return os.WriteFile(file, []byte(contents), testFileMode) } func createEmptyFile(path string) (err error) { - return ioutil.WriteFile(path, []byte(""), testFileMode) + return os.WriteFile(path, []byte(""), testFileMode) } func TestUtilsResolvePathEmptyPath(t *testing.T) { @@ -45,7 +44,7 @@ func TestUtilsResolvePathEmptyPath(t *testing.T) { } func TestUtilsResolvePathValidPath(t *testing.T) { - dir, err := ioutil.TempDir("", "") + dir, err := os.MkdirTemp("", "") if err != nil { t.Fatal(err) } @@ -77,7 +76,7 @@ func TestUtilsResolvePathValidPath(t *testing.T) { } func TestUtilsResolvePathENOENT(t *testing.T) { - dir, err := ioutil.TempDir("", "") + dir, err := os.MkdirTemp("", "") if err != nil { t.Fatal(err) } @@ -112,7 +111,7 @@ func TestUtilsResolvePathENOENT(t *testing.T) { func TestFileSize(t *testing.T) { assert := assert.New(t) - dir, err := ioutil.TempDir(testDir, "") + dir, err := os.MkdirTemp(testDir, "") if err != nil { t.Fatal(err) } @@ -153,7 +152,7 @@ func TestWriteFileErrWriteFail(t *testing.T) { func TestWriteFileErrNoPath(t *testing.T) { assert := assert.New(t) - dir, err := ioutil.TempDir(testDir, "") + dir, err := os.MkdirTemp(testDir, "") assert.NoError(err) defer os.RemoveAll(dir) @@ -178,7 +177,7 @@ func TestGetFileContents(t *testing.T) { {"processor : 0\nvendor_id : GenuineIntel\n"}, } - dir, err := ioutil.TempDir(testDir, "") + dir, err := os.MkdirTemp(testDir, "") if err != nil { t.Fatal(err) } @@ -192,7 +191,7 @@ func TestGetFileContents(t *testing.T) { for _, d := range data { // create the file - err = ioutil.WriteFile(file, []byte(d.contents), testFileMode) + err = os.WriteFile(file, []byte(d.contents), testFileMode) if err != nil { t.Fatal(err) } diff --git a/src/runtime/pkg/oci/utils_test.go b/src/runtime/pkg/oci/utils_test.go index 1cdb889fb..32568a517 100644 --- a/src/runtime/pkg/oci/utils_test.go +++ b/src/runtime/pkg/oci/utils_test.go @@ -7,7 +7,6 @@ package oci import ( "fmt" - "io/ioutil" "os" "path" "path/filepath" @@ -44,7 +43,7 @@ var ( func createConfig(fileName string, fileData string) (string, error) { configPath := path.Join(tempBundlePath, fileName) - err := ioutil.WriteFile(configPath, []byte(fileData), fileMode) + err := os.WriteFile(configPath, []byte(fileData), fileMode) if err != nil { fmt.Fprintf(os.Stderr, "Unable to create config file %s %v\n", configPath, err) return "", err @@ -361,7 +360,7 @@ func TestGetShmSizeBindMounted(t *testing.T) { t.Skip("Test disabled as requires root privileges") } - dir, err := ioutil.TempDir("", "") + dir, err := os.MkdirTemp("", "") assert.Nil(t, err) defer os.RemoveAll(dir) @@ -399,7 +398,7 @@ func TestGetShmSizeBindMounted(t *testing.T) { func TestMain(m *testing.M) { var err error - tempRoot, err = ioutil.TempDir("", "virtc-") + tempRoot, err = os.MkdirTemp("", "virtc-") if err != nil { panic(err) } @@ -424,7 +423,7 @@ func TestMain(m *testing.M) { func TestAddAssetAnnotations(t *testing.T) { assert := assert.New(t) - tmpdir, err := ioutil.TempDir("", "") + tmpdir, err := os.MkdirTemp("", "") assert.NoError(err) defer os.RemoveAll(tmpdir) @@ -432,7 +431,7 @@ func TestAddAssetAnnotations(t *testing.T) { // (required since the existence of binary asset annotations is verified). fakeAssetFile := filepath.Join(tmpdir, "fake-binary") - err = ioutil.WriteFile(fakeAssetFile, []byte(""), fileMode) + err = os.WriteFile(fakeAssetFile, []byte(""), fileMode) assert.NoError(err) expectedAnnotations := map[string]string{ diff --git a/src/runtime/pkg/utils/utils_test.go b/src/runtime/pkg/utils/utils_test.go index 1fda6577a..318b1af44 100644 --- a/src/runtime/pkg/utils/utils_test.go +++ b/src/runtime/pkg/utils/utils_test.go @@ -7,7 +7,6 @@ package utils import ( "fmt" - "io/ioutil" "net/http" "os" "path" @@ -52,7 +51,7 @@ func TestGzipAccepted(t *testing.T) { func TestEnsureDir(t *testing.T) { const testMode = 0755 - tmpdir, err := ioutil.TempDir("", "TestEnsureDir") + tmpdir, err := os.MkdirTemp("", "TestEnsureDir") assert := assert.New(t) assert.NoError(err) @@ -121,7 +120,7 @@ func TestEnsureDir(t *testing.T) { func TestFirstValidExecutable(t *testing.T) { assert := assert.New(t) - tmpdir, err := ioutil.TempDir("", "TestFirstValidPath") + tmpdir, err := os.MkdirTemp("", "TestFirstValidPath") assert.NoError(err) defer os.RemoveAll(tmpdir) @@ -145,7 +144,7 @@ func TestFirstValidExecutable(t *testing.T) { err := os.MkdirAll(path.Join(tmpdir, "a", "b"), 0755) assert.NoError(err) // create a non-executable file - err = ioutil.WriteFile(path.Join(tmpdir, "a", "b", "c"), []byte("test\n"), 0644) + err = os.WriteFile(path.Join(tmpdir, "a", "b", "c"), []byte("test\n"), 0644) assert.NoError(err) }, paths: []string{path.Join(tmpdir, "a", "b", "c"), "c/d"}, @@ -158,7 +157,7 @@ func TestFirstValidExecutable(t *testing.T) { err := os.MkdirAll(path.Join(tmpdir, "d", "e"), 0755) assert.NoError(err) // create an executable file - err = ioutil.WriteFile(path.Join(tmpdir, "d", "e", "f"), []byte("test\n"), 0755) + err = os.WriteFile(path.Join(tmpdir, "d", "e", "f"), []byte("test\n"), 0755) assert.NoError(err) }, paths: []string{path.Join(tmpdir, "d", "e", "f"), "c/d"}, @@ -171,7 +170,7 @@ func TestFirstValidExecutable(t *testing.T) { err := os.MkdirAll(path.Join(tmpdir, "g", "h"), 0755) assert.NoError(err) // create an executable file - err = ioutil.WriteFile(path.Join(tmpdir, "g", "h", "i"), []byte("test\n"), 0755) + err = os.WriteFile(path.Join(tmpdir, "g", "h", "i"), []byte("test\n"), 0755) assert.NoError(err) }, paths: []string{"c/d", path.Join(tmpdir, "g", "h", "i")}, diff --git a/src/runtime/virtcontainers/acrn_arch_base_test.go b/src/runtime/virtcontainers/acrn_arch_base_test.go index 02313b703..19d7858c5 100644 --- a/src/runtime/virtcontainers/acrn_arch_base_test.go +++ b/src/runtime/virtcontainers/acrn_arch_base_test.go @@ -7,7 +7,6 @@ package virtcontainers import ( "fmt" - "io/ioutil" "net" "os" "path/filepath" @@ -127,7 +126,7 @@ func TestAcrnArchBaseAppendImage(t *testing.T) { assert := assert.New(t) acrnArchBase := newAcrnArchBase() - image, err := ioutil.TempFile("", "img") + image, err := os.CreateTemp("", "img") assert.NoError(err) defer os.Remove(image.Name()) err = image.Close() diff --git a/src/runtime/virtcontainers/container_test.go b/src/runtime/virtcontainers/container_test.go index af61a20c0..05b8974a9 100644 --- a/src/runtime/virtcontainers/container_test.go +++ b/src/runtime/virtcontainers/container_test.go @@ -7,7 +7,6 @@ package virtcontainers import ( "context" - "io/ioutil" "os" "os/exec" "path/filepath" @@ -131,7 +130,7 @@ func TestUnmountHostMountsRemoveBindHostPath(t *testing.T) { } createFakeMountDir := func(t *testing.T, dir, prefix string) string { - name, err := ioutil.TempDir(dir, "test-mnt-"+prefix+"-") + name, err := os.MkdirTemp(dir, "test-mnt-"+prefix+"-") if err != nil { t.Fatal(err) } @@ -139,7 +138,7 @@ func TestUnmountHostMountsRemoveBindHostPath(t *testing.T) { } createFakeMountFile := func(t *testing.T, dir, prefix string) string { - f, err := ioutil.TempFile(dir, "test-mnt-"+prefix+"-") + f, err := os.CreateTemp(dir, "test-mnt-"+prefix+"-") if err != nil { t.Fatal(err) } @@ -245,7 +244,7 @@ func testSetupFakeRootfs(t *testing.T) (testRawFile, loopDev, mntDir string, err t.Skip(testDisabledAsNonRoot) } - tmpDir, err := ioutil.TempDir("", "") + tmpDir, err := os.MkdirTemp("", "") assert.NoError(err) testRawFile = filepath.Join(tmpDir, "raw.img") @@ -556,13 +555,13 @@ func TestMountSharedDirMounts(t *testing.T) { assert := assert.New(t) - testMountPath, err := ioutil.TempDir("", "sandbox-test") + testMountPath, err := os.MkdirTemp("", "sandbox-test") assert.NoError(err) defer os.RemoveAll(testMountPath) // create a new shared directory for our test: kataHostSharedDirSaved := kataHostSharedDir - testHostDir, err := ioutil.TempDir("", "kata-Cleanup") + testHostDir, err := os.MkdirTemp("", "kata-Cleanup") assert.NoError(err) kataHostSharedDir = func() string { return testHostDir diff --git a/src/runtime/virtcontainers/device/config/config.go b/src/runtime/virtcontainers/device/config/config.go index ca3c40d88..d320e034f 100644 --- a/src/runtime/virtcontainers/device/config/config.go +++ b/src/runtime/virtcontainers/device/config/config.go @@ -8,7 +8,6 @@ package config import ( "fmt" - "io/ioutil" "os" "path/filepath" "strconv" @@ -353,7 +352,7 @@ func GetHostPath(devInfo DeviceInfo, vhostUserStoreEnabled bool, vhostUserStoreP // getBackingFile is used to fetch the backing file for the device. func getBackingFile(devInfo DeviceInfo) (string, error) { backingFilePath := filepath.Join(getSysDevPath(devInfo), "loop", "backing_file") - data, err := ioutil.ReadFile(backingFilePath) + data, err := os.ReadFile(backingFilePath) if err != nil { return "", err } @@ -409,7 +408,7 @@ func GetVhostUserNodeStat(devNodePath string, devNodeStat *unix.Stat_t) (err err // Filter out name of the device node whose device type is Major:Minor from directory func getVhostUserDevName(dirname string, majorNum, minorNum uint32) (string, error) { - files, err := ioutil.ReadDir(dirname) + files, err := os.ReadDir(dirname) if err != nil { return "", err } diff --git a/src/runtime/virtcontainers/device/config/config_test.go b/src/runtime/virtcontainers/device/config/config_test.go index 698f52ecd..b887048e6 100644 --- a/src/runtime/virtcontainers/device/config/config_test.go +++ b/src/runtime/virtcontainers/device/config/config_test.go @@ -7,7 +7,6 @@ package config import ( "fmt" - "io/ioutil" "os" "path/filepath" "testing" @@ -18,7 +17,7 @@ import ( func TestGetBackingFile(t *testing.T) { assert := assert.New(t) - dir, err := ioutil.TempDir("", "backing") + dir, err := os.MkdirTemp("", "backing") assert.NoError(err) defer os.RemoveAll(dir) @@ -39,7 +38,7 @@ func TestGetBackingFile(t *testing.T) { backingFile := "/fake-img" - err = ioutil.WriteFile(filepath.Join(loopDir, "backing_file"), []byte(backingFile), os.FileMode(0755)) + err = os.WriteFile(filepath.Join(loopDir, "backing_file"), []byte(backingFile), os.FileMode(0755)) assert.NoError(err) path, err = getBackingFile(info) diff --git a/src/runtime/virtcontainers/device/config/pmem_test.go b/src/runtime/virtcontainers/device/config/pmem_test.go index 319adc253..502223268 100644 --- a/src/runtime/virtcontainers/device/config/pmem_test.go +++ b/src/runtime/virtcontainers/device/config/pmem_test.go @@ -6,7 +6,6 @@ package config import ( - "io/ioutil" "os" "path/filepath" "testing" @@ -33,7 +32,7 @@ func TestHasPFNSignature(t *testing.T) { b := hasPFNSignature("/abc/xyz/123/sw") assert.False(b) - f, err := ioutil.TempFile("", "pfn") + f, err := os.CreateTemp("", "pfn") assert.NoError(err) f.Close() defer os.Remove(f.Name()) diff --git a/src/runtime/virtcontainers/device/drivers/utils.go b/src/runtime/virtcontainers/device/drivers/utils.go index 72359fdbe..ecabed83d 100644 --- a/src/runtime/virtcontainers/device/drivers/utils.go +++ b/src/runtime/virtcontainers/device/drivers/utils.go @@ -8,7 +8,6 @@ package drivers import ( "fmt" - "io/ioutil" "os" "path/filepath" "strings" @@ -85,7 +84,7 @@ func readPCIProperty(propertyPath string) (string, error) { buf []byte err error ) - if buf, err = ioutil.ReadFile(propertyPath); err != nil { + if buf, err = os.ReadFile(propertyPath); err != nil { return "", fmt.Errorf("failed to read pci sysfs %v, error:%v", propertyPath, err) } return strings.Split(string(buf), "\n")[0], nil diff --git a/src/runtime/virtcontainers/device/drivers/vfio.go b/src/runtime/virtcontainers/device/drivers/vfio.go index 9a47e62b1..8507564f6 100644 --- a/src/runtime/virtcontainers/device/drivers/vfio.go +++ b/src/runtime/virtcontainers/device/drivers/vfio.go @@ -9,7 +9,6 @@ package drivers import ( "context" "fmt" - "io/ioutil" "os" "path/filepath" "strconv" @@ -75,7 +74,7 @@ func (device *VFIODevice) Attach(ctx context.Context, devReceiver api.DeviceRece vfioGroup := filepath.Base(device.DeviceInfo.HostPath) iommuDevicesPath := filepath.Join(config.SysIOMMUPath, vfioGroup, "devices") - deviceFiles, err := ioutil.ReadDir(iommuDevicesPath) + deviceFiles, err := os.ReadDir(iommuDevicesPath) if err != nil { return err } diff --git a/src/runtime/virtcontainers/device/manager/manager_test.go b/src/runtime/virtcontainers/device/manager/manager_test.go index fc0dafbd5..d6fab6d26 100644 --- a/src/runtime/virtcontainers/device/manager/manager_test.go +++ b/src/runtime/virtcontainers/device/manager/manager_test.go @@ -9,7 +9,6 @@ package manager import ( "context" "fmt" - "io/ioutil" "os" "path/filepath" "strconv" @@ -39,7 +38,7 @@ func TestNewDevice(t *testing.T) { major := int64(252) minor := int64(3) - tmpDir, err := ioutil.TempDir("", "") + tmpDir, err := os.MkdirTemp("", "") assert.Nil(t, err) config.SysDevPrefix = tmpDir @@ -75,14 +74,14 @@ func TestNewDevice(t *testing.T) { // Should return error for bad data in uevent file content := []byte("nonkeyvaluedata") - err = ioutil.WriteFile(ueventPath, content, fileMode0640) + err = os.WriteFile(ueventPath, content, fileMode0640) assert.Nil(t, err) _, err = dm.NewDevice(deviceInfo) assert.NotNil(t, err) content = []byte("MAJOR=252\nMINOR=3\nDEVNAME=vfio/2") - err = ioutil.WriteFile(ueventPath, content, fileMode0640) + err = os.WriteFile(ueventPath, content, fileMode0640) assert.Nil(t, err) device, err := dm.NewDevice(deviceInfo) @@ -104,7 +103,7 @@ func TestAttachVFIODevice(t *testing.T) { blockDriver: VirtioBlock, devices: make(map[string]api.Device), } - tmpDir, err := ioutil.TempDir("", "") + tmpDir, err := os.MkdirTemp("", "") assert.Nil(t, err) defer os.RemoveAll(tmpDir) @@ -225,7 +224,7 @@ func TestAttachVhostUserBlkDevice(t *testing.T) { rootEnabled = false } - tmpDir, err := ioutil.TempDir("", "") + tmpDir, err := os.MkdirTemp("", "") dm := &deviceManager{ blockDriver: VirtioBlock, devices: make(map[string]api.Device), diff --git a/src/runtime/virtcontainers/device/manager/utils.go b/src/runtime/virtcontainers/device/manager/utils.go index 9fed335b2..ade0b6c9d 100644 --- a/src/runtime/virtcontainers/device/manager/utils.go +++ b/src/runtime/virtcontainers/device/manager/utils.go @@ -8,7 +8,7 @@ package manager import ( "fmt" - "io/ioutil" + "os" "path/filepath" "strconv" "strings" @@ -49,7 +49,7 @@ func IsVFIOLargeBarSpaceDevice(hostPath string) (bool, error) { } iommuDevicesPath := filepath.Join(config.SysIOMMUPath, filepath.Base(hostPath), "devices") - deviceFiles, err := ioutil.ReadDir(iommuDevicesPath) + deviceFiles, err := os.ReadDir(iommuDevicesPath) if err != nil { return false, err } @@ -89,7 +89,7 @@ func IsVFIOLargeBarSpaceDevice(hostPath string) (bool, error) { } func isLargeBarSpace(resourcePath string) (bool, error) { - buf, err := ioutil.ReadFile(resourcePath) + buf, err := os.ReadFile(resourcePath) if err != nil { return false, fmt.Errorf("failed to read sysfs resource: %v", err) } diff --git a/src/runtime/virtcontainers/device/manager/utils_test.go b/src/runtime/virtcontainers/device/manager/utils_test.go index baf8aa95b..76239340f 100644 --- a/src/runtime/virtcontainers/device/manager/utils_test.go +++ b/src/runtime/virtcontainers/device/manager/utils_test.go @@ -7,7 +7,6 @@ package manager import ( - "io/ioutil" "os" "testing" @@ -114,7 +113,7 @@ func TestIsLargeBarSpace(t *testing.T) { assert.Error(err) assert.False(bs) - f, err := ioutil.TempFile("", "pci") + f, err := os.CreateTemp("", "pci") assert.NoError(err) defer f.Close() defer os.RemoveAll(f.Name()) diff --git a/src/runtime/virtcontainers/endpoint_test.go b/src/runtime/virtcontainers/endpoint_test.go index 48d5f7ff3..36d1294be 100644 --- a/src/runtime/virtcontainers/endpoint_test.go +++ b/src/runtime/virtcontainers/endpoint_test.go @@ -6,7 +6,6 @@ package virtcontainers import ( - "io/ioutil" "net" "os" "reflect" @@ -87,7 +86,7 @@ func TestIncorrectEndpointTypeString(t *testing.T) { func TestSaveLoadIfPair(t *testing.T) { macAddr := net.HardwareAddr{0x02, 0x00, 0xCA, 0xFE, 0x00, 0x04} - tmpfile, err := ioutil.TempFile("", "vc-Save-Load-net-") + tmpfile, err := os.CreateTemp("", "vc-Save-Load-net-") assert.Nil(t, err) defer os.Remove(tmpfile.Name()) diff --git a/src/runtime/virtcontainers/fc.go b/src/runtime/virtcontainers/fc.go index c6dffb337..66afb513d 100644 --- a/src/runtime/virtcontainers/fc.go +++ b/src/runtime/virtcontainers/fc.go @@ -10,7 +10,6 @@ import ( "context" "encoding/json" "fmt" - "io/ioutil" "net" "net/http" "os" @@ -778,7 +777,7 @@ func (fc *firecracker) StartVM(ctx context.Context, timeout int) error { return errJSON } - if err := ioutil.WriteFile(fc.fcConfigPath, data, 0640); err != nil { + if err := os.WriteFile(fc.fcConfigPath, data, 0640); err != nil { return err } diff --git a/src/runtime/virtcontainers/hook/mock/hook.go b/src/runtime/virtcontainers/hook/mock/hook.go index d4e730c49..2db7decc9 100644 --- a/src/runtime/virtcontainers/hook/mock/hook.go +++ b/src/runtime/virtcontainers/hook/mock/hook.go @@ -8,7 +8,7 @@ package main import ( "encoding/json" "fmt" - "io/ioutil" + "io" "os" "strconv" "time" @@ -55,7 +55,7 @@ func main() { os.Exit(1) } - stateBuf, err := ioutil.ReadAll(os.Stdin) + stateBuf, err := io.ReadAll(os.Stdin) if err != nil { fmt.Fprintf(f, "Could not read on stdin: %s\n", err) os.Exit(1) diff --git a/src/runtime/virtcontainers/hypervisor_amd64.go b/src/runtime/virtcontainers/hypervisor_amd64.go index 87cac59ec..e74183d56 100644 --- a/src/runtime/virtcontainers/hypervisor_amd64.go +++ b/src/runtime/virtcontainers/hypervisor_amd64.go @@ -6,7 +6,6 @@ package virtcontainers import "os" -import "io/ioutil" // Implementation of this function is architecture specific func availableGuestProtection() (guestProtection, error) { @@ -21,7 +20,7 @@ func availableGuestProtection() (guestProtection, error) { } // SEV is supported and enabled when the kvm module `sev` parameter is set to `1` if _, err := os.Stat(sevKvmParameterPath); err == nil { - if c, err := ioutil.ReadFile(sevKvmParameterPath); err == nil && len(c) > 0 && c[0] == '1' { + if c, err := os.ReadFile(sevKvmParameterPath); err == nil && len(c) > 0 && c[0] == '1' { return sevProtection, nil } } diff --git a/src/runtime/virtcontainers/hypervisor_amd64_test.go b/src/runtime/virtcontainers/hypervisor_amd64_test.go index 4d88f3178..b2de9ff5c 100644 --- a/src/runtime/virtcontainers/hypervisor_amd64_test.go +++ b/src/runtime/virtcontainers/hypervisor_amd64_test.go @@ -6,7 +6,6 @@ package virtcontainers import ( - "io/ioutil" "os" "testing" @@ -70,7 +69,7 @@ func TestRunningOnVMM(t *testing.T) { } func TestRunningOnVMMNotExistingCPUInfoPathFailure(t *testing.T) { - f, err := ioutil.TempFile("", "cpuinfo") + f, err := os.CreateTemp("", "cpuinfo") assert.NoError(t, err) filePath := f.Name() diff --git a/src/runtime/virtcontainers/hypervisor_arm64_test.go b/src/runtime/virtcontainers/hypervisor_arm64_test.go index 6a26b1074..9b1d94cc6 100644 --- a/src/runtime/virtcontainers/hypervisor_arm64_test.go +++ b/src/runtime/virtcontainers/hypervisor_arm64_test.go @@ -6,7 +6,6 @@ package virtcontainers import ( - "io/ioutil" "os" "testing" @@ -17,7 +16,7 @@ func TestRunningOnVMM(t *testing.T) { assert := assert.New(t) expectedOutput := false - f, err := ioutil.TempFile("", "cpuinfo") + f, err := os.CreateTemp("", "cpuinfo") assert.NoError(err) defer os.Remove(f.Name()) defer f.Close() diff --git a/src/runtime/virtcontainers/hypervisor_test.go b/src/runtime/virtcontainers/hypervisor_test.go index d8c4f6448..bdfe0c179 100644 --- a/src/runtime/virtcontainers/hypervisor_test.go +++ b/src/runtime/virtcontainers/hypervisor_test.go @@ -7,7 +7,6 @@ package virtcontainers import ( "fmt" - "io/ioutil" "os" "path/filepath" "testing" @@ -391,7 +390,7 @@ func TestGetHostMemorySizeKb(t *testing.T) { }, } - dir, err := ioutil.TempDir("", "") + dir, err := os.MkdirTemp("", "") assert.NoError(err) defer os.RemoveAll(dir) @@ -400,7 +399,7 @@ func TestGetHostMemorySizeKb(t *testing.T) { assert.Error(err) for _, d := range data { - err = ioutil.WriteFile(file, []byte(d.contents), os.FileMode(0640)) + err = os.WriteFile(file, []byte(d.contents), os.FileMode(0640)) assert.NoError(err) defer os.Remove(file) @@ -415,7 +414,7 @@ func TestGetHostMemorySizeKb(t *testing.T) { func TestCheckCmdline(t *testing.T) { assert := assert.New(t) - cmdlineFp, err := ioutil.TempFile("", "") + cmdlineFp, err := os.CreateTemp("", "") assert.NoError(err) _, err = cmdlineFp.WriteString("quiet root=/dev/sda2") assert.NoError(err) @@ -438,7 +437,7 @@ type testNestedVMMData struct { func genericTestRunningOnVMM(t *testing.T, data []testNestedVMMData) { assert := assert.New(t) for _, d := range data { - f, err := ioutil.TempFile("", "cpuinfo") + f, err := os.CreateTemp("", "cpuinfo") assert.NoError(err) defer os.Remove(f.Name()) defer f.Close() diff --git a/src/runtime/virtcontainers/kata_agent.go b/src/runtime/virtcontainers/kata_agent.go index dce79ddc7..0c3135028 100644 --- a/src/runtime/virtcontainers/kata_agent.go +++ b/src/runtime/virtcontainers/kata_agent.go @@ -9,7 +9,6 @@ import ( "encoding/json" "errors" "fmt" - "io/ioutil" "os" "path/filepath" "strconv" @@ -748,7 +747,7 @@ func (k *kataAgent) getDNS(sandbox *Sandbox) ([]string, error) { for _, m := range ociMounts { if m.Destination == GuestDNSFile { - content, err := ioutil.ReadFile(m.Source) + content, err := os.ReadFile(m.Source) if err != nil { return nil, fmt.Errorf("Could not read file %s: %s", m.Source, err) } @@ -2127,7 +2126,7 @@ func (k *kataAgent) copyFile(ctx context.Context, src, dst string) error { return fmt.Errorf("Could not get file %s information: %v", src, err) } - b, err := ioutil.ReadFile(src) + b, err := os.ReadFile(src) if err != nil { return fmt.Errorf("Could not read file %s: %v", src, err) } diff --git a/src/runtime/virtcontainers/kata_agent_test.go b/src/runtime/virtcontainers/kata_agent_test.go index 48c0f6a73..d9b43247e 100644 --- a/src/runtime/virtcontainers/kata_agent_test.go +++ b/src/runtime/virtcontainers/kata_agent_test.go @@ -9,7 +9,6 @@ import ( "bufio" "context" "fmt" - "io/ioutil" "os" "path" "path/filepath" @@ -740,7 +739,7 @@ func TestHandlePidNamespace(t *testing.T) { func TestAgentConfigure(t *testing.T) { assert := assert.New(t) - dir, err := ioutil.TempDir("", "kata-agent-test") + dir, err := os.MkdirTemp("", "kata-agent-test") assert.Nil(err) defer os.RemoveAll(dir) @@ -856,7 +855,7 @@ func TestAgentCreateContainer(t *testing.T) { }, } - dir, err := ioutil.TempDir("", "kata-agent-test") + dir, err := os.MkdirTemp("", "kata-agent-test") assert.Nil(err) defer os.RemoveAll(dir) @@ -937,7 +936,7 @@ func TestKataCopyFile(t *testing.T) { err = k.copyFile(context.Background(), "/abc/xyz/123", "/tmp") assert.Error(err) - src, err := ioutil.TempFile("", "src") + src, err := os.CreateTemp("", "src") assert.NoError(err) defer os.Remove(src.Name()) @@ -946,7 +945,7 @@ func TestKataCopyFile(t *testing.T) { assert.NoError(err) assert.NoError(src.Close()) - dst, err := ioutil.TempFile("", "dst") + dst, err := os.CreateTemp("", "dst") assert.NoError(err) assert.NoError(dst.Close()) defer os.Remove(dst.Name()) @@ -966,7 +965,7 @@ func TestKataCleanupSandbox(t *testing.T) { kataHostSharedDirSaved := kataHostSharedDir kataHostSharedDir = func() string { - td, _ := ioutil.TempDir("", "kata-Cleanup") + td, _ := os.MkdirTemp("", "kata-Cleanup") return td } defer func() { @@ -1117,13 +1116,13 @@ func TestSandboxBindMount(t *testing.T) { assert := assert.New(t) // create temporary files to mount: - testMountPath, err := ioutil.TempDir("", "sandbox-test") + testMountPath, err := os.MkdirTemp("", "sandbox-test") assert.NoError(err) defer os.RemoveAll(testMountPath) // create a new shared directory for our test: kataHostSharedDirSaved := kataHostSharedDir - testHostDir, err := ioutil.TempDir("", "kata-Cleanup") + testHostDir, err := os.MkdirTemp("", "kata-Cleanup") assert.NoError(err) kataHostSharedDir = func() string { return testHostDir diff --git a/src/runtime/virtcontainers/mount.go b/src/runtime/virtcontainers/mount.go index f12f45067..e767b4c85 100644 --- a/src/runtime/virtcontainers/mount.go +++ b/src/runtime/virtcontainers/mount.go @@ -9,7 +9,6 @@ import ( "context" "errors" "fmt" - "io/ioutil" "os" "path/filepath" "strings" @@ -490,7 +489,7 @@ func countFiles(path string, limit int) (numFiles int, err error) { return 1, nil } - files, err := ioutil.ReadDir(path) + files, err := os.ReadDir(path) if err != nil { return 0, err } diff --git a/src/runtime/virtcontainers/mount_test.go b/src/runtime/virtcontainers/mount_test.go index 80ac10036..6564a9648 100644 --- a/src/runtime/virtcontainers/mount_test.go +++ b/src/runtime/virtcontainers/mount_test.go @@ -9,7 +9,6 @@ import ( "bytes" "context" "fmt" - "io/ioutil" "os" "os/exec" "path/filepath" @@ -241,7 +240,7 @@ func TestIsEphemeralStorage(t *testing.T) { t.Skip(ktu.TestDisabledNeedRoot) } - dir, err := ioutil.TempDir(testDir, "foo") + dir, err := os.MkdirTemp(testDir, "foo") assert.NoError(err) defer os.RemoveAll(dir) @@ -319,7 +318,7 @@ func TestIsWatchable(t *testing.T) { result = isWatchableMount(path) assert.False(result) - testPath, err := ioutil.TempDir("", "") + testPath, err := os.MkdirTemp("", "") assert.NoError(err) defer os.RemoveAll(testPath) diff --git a/src/runtime/virtcontainers/persist/fs/fs.go b/src/runtime/virtcontainers/persist/fs/fs.go index 24ff5abee..630ed7636 100644 --- a/src/runtime/virtcontainers/persist/fs/fs.go +++ b/src/runtime/virtcontainers/persist/fs/fs.go @@ -9,12 +9,13 @@ package fs import ( "encoding/json" "fmt" - "github.com/kata-containers/kata-containers/src/runtime/virtcontainers/utils" - "io/ioutil" + "io" "os" "path/filepath" "syscall" + "github.com/kata-containers/kata-containers/src/runtime/virtcontainers/utils" + persistapi "github.com/kata-containers/kata-containers/src/runtime/virtcontainers/persist/api" "github.com/sirupsen/logrus" ) @@ -142,7 +143,7 @@ func (fs *FS) ToDisk(ss persistapi.SandboxState, cs map[string]persistapi.Contai } // Walk sandbox dir and find container. - files, err := ioutil.ReadDir(sandboxDir) + files, err := os.ReadDir(sandboxDir) if err != nil { return err } @@ -190,7 +191,7 @@ func (fs *FS) FromDisk(sid string) (persistapi.SandboxState, map[string]persista } // walk sandbox dir and find container - files, err := ioutil.ReadDir(sandboxDir) + files, err := os.ReadDir(sandboxDir) if err != nil { return ss, nil, err } @@ -325,7 +326,7 @@ func (fs *FS) GlobalRead(relativePath string) ([]byte, error) { } defer f.Close() - data, err := ioutil.ReadAll(f) + data, err := io.ReadAll(f) if err != nil { fs.Logger().WithError(err).WithField("file", path).Error("failed to read file") return nil, err diff --git a/src/runtime/virtcontainers/physical_endpoint.go b/src/runtime/virtcontainers/physical_endpoint.go index f213d9ccb..234705f61 100644 --- a/src/runtime/virtcontainers/physical_endpoint.go +++ b/src/runtime/virtcontainers/physical_endpoint.go @@ -8,7 +8,6 @@ package virtcontainers import ( "context" "fmt" - "io/ioutil" "os" "path/filepath" "strings" @@ -185,7 +184,7 @@ func createPhysicalEndpoint(netInfo NetworkInfo) (*PhysicalEndpoint, error) { // Get vendor and device id from pci space (sys/bus/pci/devices/$bdf) ifaceDevicePath := filepath.Join(sysPCIDevicesPath, bdf, "device") - contents, err := ioutil.ReadFile(ifaceDevicePath) + contents, err := os.ReadFile(ifaceDevicePath) if err != nil { return nil, err } @@ -194,7 +193,7 @@ func createPhysicalEndpoint(netInfo NetworkInfo) (*PhysicalEndpoint, error) { // Vendor id ifaceVendorPath := filepath.Join(sysPCIDevicesPath, bdf, "vendor") - contents, err = ioutil.ReadFile(ifaceVendorPath) + contents, err = os.ReadFile(ifaceVendorPath) if err != nil { return nil, err } diff --git a/src/runtime/virtcontainers/pkg/agent/protocols/grpc/utils_test.go b/src/runtime/virtcontainers/pkg/agent/protocols/grpc/utils_test.go index 066b58c44..6ebf75eb9 100644 --- a/src/runtime/virtcontainers/pkg/agent/protocols/grpc/utils_test.go +++ b/src/runtime/virtcontainers/pkg/agent/protocols/grpc/utils_test.go @@ -8,7 +8,7 @@ package grpc import ( "encoding/json" - "io/ioutil" + "os" "reflect" "testing" @@ -82,7 +82,7 @@ func TestOCItoGRPC(t *testing.T) { assert := assert.New(t) var ociSpec specs.Spec - configJSONBytes, err := ioutil.ReadFile(ociConfigFile) + configJSONBytes, err := os.ReadFile(ociConfigFile) assert.NoError(err, "Could not open OCI config file") err = json.Unmarshal(configJSONBytes, &ociSpec) @@ -97,7 +97,7 @@ func TestProcessOCItoGRPC(t *testing.T) { assert := assert.New(t) var ociSpec specs.Spec - configJSONBytes, err := ioutil.ReadFile(ociConfigFile) + configJSONBytes, err := os.ReadFile(ociConfigFile) assert.NoError(err, "Could not open OCI config file") err = json.Unmarshal(configJSONBytes, &ociSpec) @@ -113,7 +113,7 @@ func TestProcessGRPCtoOCI(t *testing.T) { var ociSpec specs.Spec - configJSONBytes, err := ioutil.ReadFile(ociConfigFile) + configJSONBytes, err := os.ReadFile(ociConfigFile) assert.NoError(err, "Could not open OCI config file") err = json.Unmarshal(configJSONBytes, &ociSpec) diff --git a/src/runtime/virtcontainers/pkg/cgroups/utils_test.go b/src/runtime/virtcontainers/pkg/cgroups/utils_test.go index f02623d90..381af8165 100644 --- a/src/runtime/virtcontainers/pkg/cgroups/utils_test.go +++ b/src/runtime/virtcontainers/pkg/cgroups/utils_test.go @@ -6,7 +6,6 @@ package cgroups import ( - "io/ioutil" "os" "path/filepath" "strings" @@ -110,7 +109,7 @@ func TestValidCgroupPath(t *testing.T) { func TestDeviceToCgroupDeviceRule(t *testing.T) { assert := assert.New(t) - f, err := ioutil.TempFile("", "device") + f, err := os.CreateTemp("", "device") assert.NoError(err) f.Close() diff --git a/src/runtime/virtcontainers/pkg/compatoci/utils.go b/src/runtime/virtcontainers/pkg/compatoci/utils.go index de9c72025..01568dd45 100644 --- a/src/runtime/virtcontainers/pkg/compatoci/utils.go +++ b/src/runtime/virtcontainers/pkg/compatoci/utils.go @@ -8,7 +8,7 @@ package compatoci import ( "encoding/json" "fmt" - "io/ioutil" + "os" "path/filepath" specs "github.com/opencontainers/runtime-spec/specs-go" @@ -126,7 +126,7 @@ func ParseConfigJSON(bundlePath string) (specs.Spec, error) { configPath := getConfigPath(bundlePath) ociLog.Debugf("converting %s", configPath) - configByte, err := ioutil.ReadFile(configPath) + configByte, err := os.ReadFile(configPath) if err != nil { return specs.Spec{}, err } diff --git a/src/runtime/virtcontainers/pkg/mock/mock.go b/src/runtime/virtcontainers/pkg/mock/mock.go index 263bf5beb..4efdcb0ad 100644 --- a/src/runtime/virtcontainers/pkg/mock/mock.go +++ b/src/runtime/virtcontainers/pkg/mock/mock.go @@ -8,9 +8,9 @@ package mock import ( "context" "fmt" - "io/ioutil" "net" "net/url" + "os" "github.com/containerd/ttrpc" gpb "github.com/gogo/protobuf/types" @@ -21,7 +21,7 @@ import ( var testKataMockHybridVSockURLTempl = "mock://%s/kata-mock-hybrid-vsock.sock" func GenerateKataMockHybridVSock() (string, error) { - dir, err := ioutil.TempDir("", "kata-mock-hybrid-vsock-test") + dir, err := os.MkdirTemp("", "kata-mock-hybrid-vsock-test") if err != nil { return "", err } diff --git a/src/runtime/virtcontainers/qemu.go b/src/runtime/virtcontainers/qemu.go index b5d6d4904..3c82568bd 100644 --- a/src/runtime/virtcontainers/qemu.go +++ b/src/runtime/virtcontainers/qemu.go @@ -11,7 +11,6 @@ import ( "encoding/hex" "encoding/json" "fmt" - "io/ioutil" "math" "os" "os/user" @@ -834,7 +833,7 @@ func (q *qemu) StartVM(ctx context.Context, timeout int) error { strErr, err = govmmQemu.LaunchQemu(q.qemuConfig, newQMPLogger()) if err != nil { if q.config.Debug && q.qemuConfig.LogFile != "" { - b, err := ioutil.ReadFile(q.qemuConfig.LogFile) + b, err := os.ReadFile(q.qemuConfig.LogFile) if err == nil { strErr += string(b) } @@ -1152,7 +1151,7 @@ func (q *qemu) dumpSandboxMetaInfo(dumpSavePath string) { // Save hypervisor meta information fileName := filepath.Join(dumpSavePath, "hypervisor.conf") data, _ := json.MarshalIndent(q.config, "", " ") - if err := ioutil.WriteFile(fileName, data, defaultFilePerms); err != nil { + if err := os.WriteFile(fileName, data, defaultFilePerms); err != nil { q.Logger().WithError(err).WithField("hypervisor.conf", data).Error("write to hypervisor.conf file failed") } @@ -1163,7 +1162,7 @@ func (q *qemu) dumpSandboxMetaInfo(dumpSavePath string) { } fileName = filepath.Join(dumpSavePath, "hypervisor.version") - if err := ioutil.WriteFile(fileName, []byte(hyperVisorVersion), defaultFilePerms); err != nil { + if err := os.WriteFile(fileName, []byte(hyperVisorVersion), defaultFilePerms); err != nil { q.Logger().WithError(err).WithField("hypervisor.version", data).Error("write to hypervisor.version file failed") } } @@ -2384,7 +2383,7 @@ func (q *qemu) Cleanup(ctx context.Context) error { } func (q *qemu) GetPids() []int { - data, err := ioutil.ReadFile(q.qemuConfig.PidFile) + data, err := os.ReadFile(q.qemuConfig.PidFile) if err != nil { q.Logger().WithError(err).Error("Could not read qemu pid file") return []int{0} diff --git a/src/runtime/virtcontainers/qemu_amd64_test.go b/src/runtime/virtcontainers/qemu_amd64_test.go index b3bd5da67..be3246f6f 100644 --- a/src/runtime/virtcontainers/qemu_amd64_test.go +++ b/src/runtime/virtcontainers/qemu_amd64_test.go @@ -8,7 +8,6 @@ package virtcontainers import ( "context" "fmt" - "io/ioutil" "os" "testing" @@ -111,7 +110,7 @@ func TestQemuAmd64MemoryTopology(t *testing.T) { func TestQemuAmd64AppendImage(t *testing.T) { assert := assert.New(t) - f, err := ioutil.TempFile("", "img") + f, err := os.CreateTemp("", "img") assert.NoError(err) defer func() { _ = f.Close() }() defer func() { _ = os.Remove(f.Name()) }() diff --git a/src/runtime/virtcontainers/qemu_arch_base_test.go b/src/runtime/virtcontainers/qemu_arch_base_test.go index 1989e643a..67530ba51 100644 --- a/src/runtime/virtcontainers/qemu_arch_base_test.go +++ b/src/runtime/virtcontainers/qemu_arch_base_test.go @@ -8,7 +8,6 @@ package virtcontainers import ( "context" "fmt" - "io/ioutil" "net" "os" "path/filepath" @@ -264,7 +263,7 @@ func TestQemuArchBaseAppendImage(t *testing.T) { assert := assert.New(t) qemuArchBase := newQemuArchBase() - image, err := ioutil.TempFile("", "img") + image, err := os.CreateTemp("", "img") assert.NoError(err) defer os.Remove(image.Name()) err = image.Close() diff --git a/src/runtime/virtcontainers/qemu_arm64_test.go b/src/runtime/virtcontainers/qemu_arm64_test.go index bb03204b9..925b34cdd 100644 --- a/src/runtime/virtcontainers/qemu_arm64_test.go +++ b/src/runtime/virtcontainers/qemu_arm64_test.go @@ -8,7 +8,6 @@ package virtcontainers import ( "context" "fmt" - "io/ioutil" "os" "testing" @@ -97,7 +96,7 @@ func TestQemuArm64AppendImage(t *testing.T) { var devices []govmmQemu.Device assert := assert.New(t) - f, err := ioutil.TempFile("", "img") + f, err := os.CreateTemp("", "img") assert.NoError(err) defer func() { _ = f.Close() }() defer func() { _ = os.Remove(f.Name()) }() @@ -131,7 +130,7 @@ func TestQemuArm64AppendNvdimmImage(t *testing.T) { var devices []govmmQemu.Device assert := assert.New(t) - f, err := ioutil.TempFile("", "img") + f, err := os.CreateTemp("", "img") assert.NoError(err) defer func() { _ = f.Close() }() defer func() { _ = os.Remove(f.Name()) }() diff --git a/src/runtime/virtcontainers/qemu_test.go b/src/runtime/virtcontainers/qemu_test.go index 9104a6892..b03f156de 100644 --- a/src/runtime/virtcontainers/qemu_test.go +++ b/src/runtime/virtcontainers/qemu_test.go @@ -8,7 +8,6 @@ package virtcontainers import ( "context" "fmt" - "io/ioutil" "os" "path/filepath" "testing" @@ -299,7 +298,7 @@ func TestQemuAddDeviceSerialPortDev(t *testing.T) { func TestQemuAddDeviceKataVSOCK(t *testing.T) { assert := assert.New(t) - dir, err := ioutil.TempDir("", "") + dir, err := os.MkdirTemp("", "") assert.NoError(err) defer os.RemoveAll(dir) @@ -363,7 +362,7 @@ func TestQemuCapabilities(t *testing.T) { func TestQemuQemuPath(t *testing.T) { assert := assert.New(t) - f, err := ioutil.TempFile("", "qemu") + f, err := os.CreateTemp("", "qemu") assert.NoError(err) defer func() { _ = f.Close() }() defer func() { _ = os.Remove(f.Name()) }() @@ -588,7 +587,7 @@ func TestQemuGetpids(t *testing.T) { q = &qemu{ config: qemuConfig, } - f, err := ioutil.TempFile("", "qemu-test-") + f, err := os.CreateTemp("", "qemu-test-") assert.Nil(err) tmpfile := f.Name() f.Close() @@ -599,7 +598,7 @@ func TestQemuGetpids(t *testing.T) { assert.True(len(pids) == 1) assert.True(pids[0] == 0) - err = ioutil.WriteFile(tmpfile, []byte("100"), 0) + err = os.WriteFile(tmpfile, []byte("100"), 0) assert.Nil(err) pids = q.GetPids() assert.True(len(pids) == 1) diff --git a/src/runtime/virtcontainers/sandbox_test.go b/src/runtime/virtcontainers/sandbox_test.go index 3d6f88e21..bfec3f686 100644 --- a/src/runtime/virtcontainers/sandbox_test.go +++ b/src/runtime/virtcontainers/sandbox_test.go @@ -8,7 +8,6 @@ package virtcontainers import ( "context" "fmt" - "io/ioutil" "os" "path" "path/filepath" @@ -255,7 +254,7 @@ func writeContainerConfig() (string, error) { } }` - configDir, err := ioutil.TempDir("", "vc-tmp-") + configDir, err := os.MkdirTemp("", "vc-tmp-") if err != nil { return "", err } @@ -266,7 +265,7 @@ func writeContainerConfig() (string, error) { } configFilePath := filepath.Join(configDir, "config.json") - err = ioutil.WriteFile(configFilePath, []byte(basicSpec), 0644) + err = os.WriteFile(configFilePath, []byte(basicSpec), 0644) if err != nil { return "", err } @@ -512,7 +511,7 @@ func TestContainerStateSetFstype(t *testing.T) { } func TestSandboxAttachDevicesVFIO(t *testing.T) { - tmpDir, err := ioutil.TempDir("", "") + tmpDir, err := os.MkdirTemp("", "") assert.Nil(t, err) os.RemoveAll(tmpDir) @@ -582,7 +581,7 @@ func TestSandboxAttachDevicesVhostUserBlk(t *testing.T) { rootEnabled = false } - tmpDir, err := ioutil.TempDir("", "") + tmpDir, err := os.MkdirTemp("", "") assert.Nil(t, err) os.RemoveAll(tmpDir) dm := manager.NewDeviceManager(manager.VirtioSCSI, true, tmpDir, nil) @@ -683,7 +682,7 @@ func TestSandboxCreateAssets(t *testing.T) { annotations map[string]string } - tmpfile, err := ioutil.TempFile("", "virtcontainers-test-") + tmpfile, err := os.CreateTemp("", "virtcontainers-test-") assert.Nil(err) filename := tmpfile.Name() diff --git a/src/runtime/virtcontainers/types/asset.go b/src/runtime/virtcontainers/types/asset.go index 2cbca91f2..4268e7ec9 100644 --- a/src/runtime/virtcontainers/types/asset.go +++ b/src/runtime/virtcontainers/types/asset.go @@ -9,7 +9,7 @@ import ( "crypto/sha512" "encoding/hex" "fmt" - "io/ioutil" + "os" "path/filepath" "github.com/kata-containers/kata-containers/src/runtime/virtcontainers/pkg/annotations" @@ -132,7 +132,7 @@ func (a *Asset) Hash(hashType string) (string, error) { var hash string // We read the actual asset content - bytes, err := ioutil.ReadFile(a.path) + bytes, err := os.ReadFile(a.path) if err != nil { return "", err } diff --git a/src/runtime/virtcontainers/types/asset_test.go b/src/runtime/virtcontainers/types/asset_test.go index d645173cc..c8135be2d 100644 --- a/src/runtime/virtcontainers/types/asset_test.go +++ b/src/runtime/virtcontainers/types/asset_test.go @@ -7,7 +7,6 @@ package types import ( "fmt" - "io/ioutil" "os" "testing" @@ -22,7 +21,7 @@ var assetContentWrongHash = "92549f8d2018a95a294d28a65e795ed7d1a9d150009a28cea10 func TestAssetWrongHashType(t *testing.T) { assert := assert.New(t) - tmpfile, err := ioutil.TempFile("", "virtcontainers-test-") + tmpfile, err := os.CreateTemp("", "virtcontainers-test-") assert.Nil(err) defer func() { @@ -45,7 +44,7 @@ func TestAssetWrongHashType(t *testing.T) { func TestAssetHash(t *testing.T) { assert := assert.New(t) - tmpfile, err := ioutil.TempFile("", "virtcontainers-test-") + tmpfile, err := os.CreateTemp("", "virtcontainers-test-") assert.Nil(err) defer func() { @@ -90,7 +89,7 @@ func testValid(t *testing.T, a *Asset, msg string) { func TestAssetNew(t *testing.T) { assert := assert.New(t) - tmpfile, err := ioutil.TempFile("", "virtcontainers-test-") + tmpfile, err := os.CreateTemp("", "virtcontainers-test-") assert.Nil(err) defer func() { diff --git a/src/runtime/virtcontainers/utils/proc_linux.go b/src/runtime/virtcontainers/utils/proc_linux.go index 93bd3e491..184ce5aed 100644 --- a/src/runtime/virtcontainers/utils/proc_linux.go +++ b/src/runtime/virtcontainers/utils/proc_linux.go @@ -6,7 +6,7 @@ package utils import ( - "io/ioutil" + "os" "path/filepath" "strconv" @@ -32,7 +32,7 @@ func NewProc(pid int) (*Proc, error) { // We should try to upstream this but let's keep it until upstream supports it. func (p *Proc) Children() ([]*Proc, error) { parent := strconv.Itoa(p.PID) - infos, err := ioutil.ReadDir(filepath.Join(procfs.DefaultMountPoint, parent, taskPath)) + infos, err := os.ReadDir(filepath.Join(procfs.DefaultMountPoint, parent, taskPath)) if err != nil { return nil, errors.Wrapf(err, "Fail to read pid %v proc task dir", p.PID) } diff --git a/src/runtime/virtcontainers/utils/utils_test.go b/src/runtime/virtcontainers/utils/utils_test.go index 486e3db04..f37e0f222 100644 --- a/src/runtime/virtcontainers/utils/utils_test.go +++ b/src/runtime/virtcontainers/utils/utils_test.go @@ -7,7 +7,6 @@ package utils import ( "fmt" - "io/ioutil" "os" "os/exec" "path" @@ -27,12 +26,12 @@ func TestFileCopySuccessful(t *testing.T) { assert := assert.New(t) fileContent := "testContent" - srcFile, err := ioutil.TempFile("", "test_src_copy") + srcFile, err := os.CreateTemp("", "test_src_copy") assert.NoError(err) defer os.Remove(srcFile.Name()) defer srcFile.Close() - dstFile, err := ioutil.TempFile("", "test_dst_copy") + dstFile, err := os.CreateTemp("", "test_dst_copy") assert.NoError(err) defer os.Remove(dstFile.Name()) @@ -46,7 +45,7 @@ func TestFileCopySuccessful(t *testing.T) { err = FileCopy(srcFile.Name(), dstPath) assert.NoError(err) - dstContent, err := ioutil.ReadFile(dstPath) + dstContent, err := os.ReadFile(dstPath) assert.NoError(err) assert.Equal(string(dstContent), fileContent) @@ -75,7 +74,7 @@ func TestFileCopyDestinationEmptyFailure(t *testing.T) { func TestFileCopySourceNotExistFailure(t *testing.T) { assert := assert.New(t) - srcFile, err := ioutil.TempFile("", "test_src_copy") + srcFile, err := os.CreateTemp("", "test_src_copy") assert.NoError(err) srcPath := srcFile.Name() @@ -104,7 +103,7 @@ func TestRevereString(t *testing.T) { func TestCleanupFds(t *testing.T) { assert := assert.New(t) - tmpFile, err := ioutil.TempFile("", "testFds1") + tmpFile, err := os.CreateTemp("", "testFds1") assert.NoError(err) filename := tmpFile.Name() defer os.Remove(filename) @@ -129,7 +128,7 @@ func TestWriteToFile(t *testing.T) { err := WriteToFile("/file-does-not-exist", []byte("test-data")) assert.NotNil(err) - tmpFile, err := ioutil.TempFile("", "test_append_file") + tmpFile, err := os.CreateTemp("", "test_append_file") assert.NoError(err) filename := tmpFile.Name() @@ -141,7 +140,7 @@ func TestWriteToFile(t *testing.T) { err = WriteToFile(filename, testData) assert.NoError(err) - data, err := ioutil.ReadFile(filename) + data, err := os.ReadFile(filename) assert.NoError(err) assert.True(reflect.DeepEqual(testData, data)) @@ -319,7 +318,7 @@ func TestSupportsVsocks(t *testing.T) { VHostVSockDevicePath = "/abc/xyz/123" assert.False(SupportsVsocks()) - vHostVSockFile, err := ioutil.TempFile("", "vhost-vsock") + vHostVSockFile, err := os.CreateTemp("", "vhost-vsock") assert.NoError(err) defer os.Remove(vHostVSockFile.Name()) defer vHostVSockFile.Close() @@ -459,10 +458,10 @@ func TestMkdirAllWithInheritedOwnerSuccessful(t *testing.T) { t.Skip("Test disabled as requires root user") } assert := assert.New(t) - tmpDir1, err := ioutil.TempDir("", "test") + tmpDir1, err := os.MkdirTemp("", "test") assert.NoError(err) defer os.RemoveAll(tmpDir1) - tmpDir2, err := ioutil.TempDir("", "test") + tmpDir2, err := os.MkdirTemp("", "test") assert.NoError(err) defer os.RemoveAll(tmpDir2) @@ -521,7 +520,7 @@ func TestChownToParent(t *testing.T) { t.Skip("Test disabled as requires root user") } assert := assert.New(t) - rootDir, err := ioutil.TempDir("", "root") + rootDir, err := os.MkdirTemp("", "root") assert.NoError(err) defer os.RemoveAll(rootDir) uid := 1234 diff --git a/src/runtime/virtcontainers/virtcontainers_test.go b/src/runtime/virtcontainers/virtcontainers_test.go index 5772dd60a..84f0387dd 100644 --- a/src/runtime/virtcontainers/virtcontainers_test.go +++ b/src/runtime/virtcontainers/virtcontainers_test.go @@ -9,7 +9,6 @@ import ( "context" "flag" "fmt" - "io/ioutil" "os" "os/exec" "path/filepath" @@ -121,7 +120,7 @@ func TestMain(m *testing.M) { } SetLogger(context.Background(), logger) - testDir, err = ioutil.TempDir("", "vc-tmp-") + testDir, err = os.MkdirTemp("", "vc-tmp-") if err != nil { panic(err) } diff --git a/src/runtime/virtcontainers/virtiofsd_test.go b/src/runtime/virtcontainers/virtiofsd_test.go index 596257b7d..4aa55091c 100644 --- a/src/runtime/virtcontainers/virtiofsd_test.go +++ b/src/runtime/virtcontainers/virtiofsd_test.go @@ -7,7 +7,6 @@ package virtcontainers import ( "context" - "io/ioutil" "os" "path" "strings" @@ -30,11 +29,11 @@ func TestVirtiofsdStart(t *testing.T) { ctx context.Context } - sourcePath, err := ioutil.TempDir("", "") + sourcePath, err := os.MkdirTemp("", "") assert.NoError(err) defer os.RemoveAll(sourcePath) - socketDir, err := ioutil.TempDir("", "") + socketDir, err := os.MkdirTemp("", "") assert.NoError(err) defer os.RemoveAll(socketDir) @@ -104,11 +103,11 @@ func TestVirtiofsdArgs(t *testing.T) { func TestValid(t *testing.T) { assert := assert.New(t) - sourcePath, err := ioutil.TempDir("", "") + sourcePath, err := os.MkdirTemp("", "") assert.NoError(err) defer os.RemoveAll(sourcePath) - socketDir, err := ioutil.TempDir("", "") + socketDir, err := os.MkdirTemp("", "") assert.NoError(err) defer os.RemoveAll(socketDir) diff --git a/src/runtime/virtcontainers/vm_test.go b/src/runtime/virtcontainers/vm_test.go index c37e48069..d16e17504 100644 --- a/src/runtime/virtcontainers/vm_test.go +++ b/src/runtime/virtcontainers/vm_test.go @@ -7,7 +7,6 @@ package virtcontainers import ( "context" - "io/ioutil" "os" "path/filepath" "testing" @@ -19,7 +18,7 @@ import ( func TestNewVM(t *testing.T) { assert := assert.New(t) - testDir, err := ioutil.TempDir("", "vmfactory-tmp-") + testDir, err := os.MkdirTemp("", "vmfactory-tmp-") assert.Nil(err) defer os.RemoveAll(testDir) @@ -66,12 +65,12 @@ func TestNewVM(t *testing.T) { defer func() { urandomDev = savedUrandomDev }() - tmpdir, err := ioutil.TempDir("", "") + tmpdir, err := os.MkdirTemp("", "") assert.NoError(err) defer os.RemoveAll(tmpdir) urandomDev = filepath.Join(tmpdir, "urandom") data := make([]byte, 512) - err = ioutil.WriteFile(urandomDev, data, os.FileMode(0640)) + err = os.WriteFile(urandomDev, data, os.FileMode(0640)) assert.NoError(err) err = vm.ReseedRNG(context.Background()) @@ -99,7 +98,7 @@ func TestVMConfigValid(t *testing.T) { err := config.Valid() assert.Error(err) - testDir, err := ioutil.TempDir("", "vmfactory-tmp-") + testDir, err := os.MkdirTemp("", "vmfactory-tmp-") assert.Nil(err) defer os.RemoveAll(testDir) diff --git a/tools/packaging/cmd/kata-pkgsync/cli/utils.go b/tools/packaging/cmd/kata-pkgsync/cli/utils.go index 9110e39e3..f1199a0bf 100644 --- a/tools/packaging/cmd/kata-pkgsync/cli/utils.go +++ b/tools/packaging/cmd/kata-pkgsync/cli/utils.go @@ -7,14 +7,14 @@ package main import ( "fmt" - "io/ioutil" + "os" "github.com/pkg/errors" "gopkg.in/yaml.v2" ) func yamlUnmarshal(yamlFile string, cfg interface{}) error { - source, err := ioutil.ReadFile(yamlFile) + source, err := os.ReadFile(yamlFile) if err != nil { return err } From 5b002f3c88687b4a590e742cfca8e4665e1ee354 Mon Sep 17 00:00:00 2001 From: bin Date: Wed, 15 Dec 2021 07:31:57 +0800 Subject: [PATCH 08/11] docs: change io/ioutil to io/os packages Change io/ioutil to io/os packages because io/ioutil package is deprecated from 1.16: TempDir => os.MkdirTemp Details: https://go.dev/doc/go1.16#ioutil Fixes: #3265 Signed-off-by: bin --- docs/Unit-Test-Advice.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/Unit-Test-Advice.md b/docs/Unit-Test-Advice.md index 5fe8b9caf..8cbf3163f 100644 --- a/docs/Unit-Test-Advice.md +++ b/docs/Unit-Test-Advice.md @@ -286,8 +286,8 @@ func TestSomething(t *testing.T) { assert := assert.New(t) // Create a temporary directory - tmpdir, err := ioutil.TempDir("", "") - assert.NoError(err) + tmpdir, err := os.MkdirTemp("", "") + assert.NoError(err) // Delete it at the end of the test defer os.RemoveAll(tmpdir) From 52f79aef91ccd75eb1896603933e9191f90bbb7a Mon Sep 17 00:00:00 2001 From: Eric Ernst Date: Wed, 27 Oct 2021 10:38:17 -0700 Subject: [PATCH 09/11] utils: update container type handling Today we assume that if the CRI/upper layer doesn't provide a container type annotation, it should be treated as a sandbox. Up to this point, a sandbox with a pause container in CRI context and a single container (ala ctr run) are treated the same. For VM sizing and container constraining, it'll be useful to know if this is a sandbox or if this is a single container. In updating this, we cleanup the type handling tests and we update the containerd annotations vendoring. Fixes: #2926 Signed-off-by: Eric Ernst --- src/runtime/pkg/containerd-shim-v2/create.go | 2 +- src/runtime/pkg/containerd-shim-v2/service.go | 2 +- src/runtime/pkg/oci/utils.go | 15 +- src/runtime/pkg/oci/utils_test.go | 140 ++++++++++++------ .../pkg/cri/annotations/annotations.go | 62 ++++++++ .../pkg/annotations/annotations.go | 38 ----- src/runtime/vendor/modules.txt | 2 +- src/runtime/virtcontainers/types.go | 25 +++- 8 files changed, 188 insertions(+), 98 deletions(-) create mode 100644 src/runtime/vendor/github.com/containerd/containerd/pkg/cri/annotations/annotations.go delete mode 100644 src/runtime/vendor/github.com/containerd/cri-containerd/pkg/annotations/annotations.go diff --git a/src/runtime/pkg/containerd-shim-v2/create.go b/src/runtime/pkg/containerd-shim-v2/create.go index 2e8c9db24..ae47bb249 100644 --- a/src/runtime/pkg/containerd-shim-v2/create.go +++ b/src/runtime/pkg/containerd-shim-v2/create.go @@ -70,7 +70,7 @@ func create(ctx context.Context, s *service, r *taskAPI.CreateTaskRequest) (*con rootfs := filepath.Join(r.Bundle, "rootfs") switch containerType { - case vc.PodSandbox: + case vc.PodSandbox, vc.SingleContainer: if s.sandbox != nil { return nil, fmt.Errorf("cannot create another sandbox in sandbox: %s", s.sandbox.ID()) } diff --git a/src/runtime/pkg/containerd-shim-v2/service.go b/src/runtime/pkg/containerd-shim-v2/service.go index cafbb1907..e2ba09b78 100644 --- a/src/runtime/pkg/containerd-shim-v2/service.go +++ b/src/runtime/pkg/containerd-shim-v2/service.go @@ -345,7 +345,7 @@ func (s *service) Cleanup(ctx context.Context) (_ *taskAPI.DeleteResponse, err e } switch containerType { - case vc.PodSandbox: + case vc.PodSandbox, vc.SingleContainer: err = cleanupContainer(spanCtx, s.id, s.id, path) if err != nil { return nil, err diff --git a/src/runtime/pkg/oci/utils.go b/src/runtime/pkg/oci/utils.go index ec1266854..1bec74639 100644 --- a/src/runtime/pkg/oci/utils.go +++ b/src/runtime/pkg/oci/utils.go @@ -17,7 +17,7 @@ import ( "strings" "syscall" - criContainerdAnnotations "github.com/containerd/cri-containerd/pkg/annotations" + ctrAnnotations "github.com/containerd/containerd/pkg/cri/annotations" crioAnnotations "github.com/cri-o/cri-o/pkg/annotations" specs "github.com/opencontainers/runtime-spec/specs-go" "github.com/sirupsen/logrus" @@ -42,19 +42,19 @@ var ( // CRIContainerTypeKeyList lists all the CRI keys that could define // the container type from annotations in the config.json. - CRIContainerTypeKeyList = []string{criContainerdAnnotations.ContainerType, crioAnnotations.ContainerType, dockershimAnnotations.ContainerTypeLabelKey} + CRIContainerTypeKeyList = []string{ctrAnnotations.ContainerType, crioAnnotations.ContainerType, dockershimAnnotations.ContainerTypeLabelKey} // CRISandboxNameKeyList lists all the CRI keys that could define // the sandbox ID (sandbox ID) from annotations in the config.json. - CRISandboxNameKeyList = []string{criContainerdAnnotations.SandboxID, crioAnnotations.SandboxID, dockershimAnnotations.SandboxIDLabelKey} + CRISandboxNameKeyList = []string{ctrAnnotations.SandboxID, crioAnnotations.SandboxID, dockershimAnnotations.SandboxIDLabelKey} // CRIContainerTypeList lists all the maps from CRI ContainerTypes annotations // to a virtcontainers ContainerType. CRIContainerTypeList = []annotationContainerType{ {crioAnnotations.ContainerTypeSandbox, vc.PodSandbox}, {crioAnnotations.ContainerTypeContainer, vc.PodContainer}, - {criContainerdAnnotations.ContainerTypeSandbox, vc.PodSandbox}, - {criContainerdAnnotations.ContainerTypeContainer, vc.PodContainer}, + {ctrAnnotations.ContainerTypeSandbox, vc.PodSandbox}, + {ctrAnnotations.ContainerTypeContainer, vc.PodContainer}, {dockershimAnnotations.ContainerTypeLabelSandbox, vc.PodSandbox}, {dockershimAnnotations.ContainerTypeLabelContainer, vc.PodContainer}, } @@ -317,7 +317,7 @@ func networkConfig(ocispec specs.Spec, config RuntimeConfig) (vc.NetworkConfig, } // ContainerType returns the type of container and if the container type was -// found from CRI servers annotations. +// found from CRI server's annotations in the container spec. func ContainerType(spec specs.Spec) (vc.ContainerType, error) { for _, key := range CRIContainerTypeKeyList { containerTypeVal, ok := spec.Annotations[key] @@ -331,11 +331,10 @@ func ContainerType(spec specs.Spec) (vc.ContainerType, error) { } } - return vc.UnknownContainerType, fmt.Errorf("Unknown container type %s", containerTypeVal) } - return vc.PodSandbox, nil + return vc.SingleContainer, nil } func GetSandboxConfigPath(annotations map[string]string) string { diff --git a/src/runtime/pkg/oci/utils_test.go b/src/runtime/pkg/oci/utils_test.go index 1cdb889fb..4e37f563e 100644 --- a/src/runtime/pkg/oci/utils_test.go +++ b/src/runtime/pkg/oci/utils_test.go @@ -16,7 +16,7 @@ import ( "strings" "testing" - "github.com/cri-o/cri-o/pkg/annotations" + ctrAnnotations "github.com/containerd/containerd/pkg/cri/annotations" crioAnnotations "github.com/cri-o/cri-o/pkg/annotations" specs "github.com/opencontainers/runtime-spec/specs-go" "github.com/stretchr/testify/assert" @@ -25,6 +25,7 @@ import ( vc "github.com/kata-containers/kata-containers/src/runtime/virtcontainers" "github.com/kata-containers/kata-containers/src/runtime/virtcontainers/device/config" vcAnnotations "github.com/kata-containers/kata-containers/src/runtime/virtcontainers/pkg/annotations" + dockerAnnotations "github.com/kata-containers/kata-containers/src/runtime/virtcontainers/pkg/annotations/dockershim" "github.com/kata-containers/kata-containers/src/runtime/virtcontainers/pkg/compatoci" "github.com/kata-containers/kata-containers/src/runtime/virtcontainers/types" ) @@ -152,7 +153,7 @@ func TestMinimalSandboxConfig(t *testing.T) { Cmd: expectedCmd, Annotations: map[string]string{ vcAnnotations.BundlePathKey: tempBundlePath, - vcAnnotations.ContainerTypeKey: string(vc.PodSandbox), + vcAnnotations.ContainerTypeKey: string(vc.SingleContainer), }, Mounts: expectedMounts, DeviceInfos: expectedDeviceInfo, @@ -188,51 +189,100 @@ func TestMinimalSandboxConfig(t *testing.T) { assert.NoError(os.Remove(configPath)) } -func testContainerTypeSuccessful(t *testing.T, ociSpec specs.Spec, expected vc.ContainerType) { - containerType, err := ContainerType(ociSpec) +func TestContainerType(t *testing.T) { assert := assert.New(t) - - assert.NoError(err) - assert.Equal(containerType, expected) -} - -func TestContainerTypePodSandbox(t *testing.T) { - var ociSpec specs.Spec - - ociSpec.Annotations = map[string]string{ - annotations.ContainerType: annotations.ContainerTypeSandbox, + tests := []struct { + description string + annotationKey string + annotationValue string + expectedType vc.ContainerType + expectedErr bool + }{ + { + description: "no annotation, expect single container", + annotationKey: "", + annotationValue: "", + expectedType: vc.SingleContainer, + expectedErr: false, + }, + { + description: "unexpected annotation, expect error", + annotationKey: ctrAnnotations.ContainerType, + annotationValue: "foo", + expectedType: vc.UnknownContainerType, + expectedErr: true, + }, + { + description: "containerd sandbox", + annotationKey: ctrAnnotations.ContainerType, + annotationValue: string(ctrAnnotations.ContainerTypeSandbox), + expectedType: vc.PodSandbox, + expectedErr: false, + }, + { + description: "containerd container", + annotationKey: ctrAnnotations.ContainerType, + annotationValue: string(ctrAnnotations.ContainerTypeContainer), + expectedType: vc.PodContainer, + expectedErr: false, + }, + { + description: "crio unexpected annotation, expect error", + annotationKey: crioAnnotations.ContainerType, + annotationValue: "foo", + expectedType: vc.UnknownContainerType, + expectedErr: true, + }, + { + description: "crio sandbox", + annotationKey: crioAnnotations.ContainerType, + annotationValue: string(crioAnnotations.ContainerTypeSandbox), + expectedType: vc.PodSandbox, + expectedErr: false, + }, + { + description: "crio container", + annotationKey: crioAnnotations.ContainerType, + annotationValue: string(crioAnnotations.ContainerTypeContainer), + expectedType: vc.PodContainer, + expectedErr: false, + }, + { + description: "dockershim unexpected annotation, expect error", + annotationKey: dockerAnnotations.ContainerTypeLabelKey, + annotationValue: "foo", + expectedType: vc.UnknownContainerType, + expectedErr: true, + }, + { + description: "dockershim sandbox", + annotationKey: dockerAnnotations.ContainerTypeLabelKey, + annotationValue: string(dockerAnnotations.ContainerTypeLabelSandbox), + expectedType: vc.PodSandbox, + expectedErr: false, + }, + { + description: "dockershim container", + annotationKey: dockerAnnotations.ContainerTypeLabelKey, + annotationValue: string(dockerAnnotations.ContainerTypeLabelContainer), + expectedType: vc.PodContainer, + expectedErr: false, + }, } - - testContainerTypeSuccessful(t, ociSpec, vc.PodSandbox) -} - -func TestContainerTypePodContainer(t *testing.T) { - var ociSpec specs.Spec - - ociSpec.Annotations = map[string]string{ - annotations.ContainerType: annotations.ContainerTypeContainer, + for _, tt := range tests { + ociSpec := specs.Spec{ + Annotations: map[string]string{ + tt.annotationKey: tt.annotationValue, + }, + } + containerType, err := ContainerType(ociSpec) + if tt.expectedErr { + assert.Error(err) + } else { + assert.NoError(err) + } + assert.Equal(tt.expectedType, containerType, "test fail: %v", tt.description) } - - testContainerTypeSuccessful(t, ociSpec, vc.PodContainer) -} - -func TestContainerTypePodSandboxEmptyAnnotation(t *testing.T) { - testContainerTypeSuccessful(t, specs.Spec{}, vc.PodSandbox) -} - -func TestContainerTypeFailure(t *testing.T) { - var ociSpec specs.Spec - expected := vc.UnknownContainerType - unknownType := "unknown_type" - assert := assert.New(t) - - ociSpec.Annotations = map[string]string{ - annotations.ContainerType: unknownType, - } - - containerType, err := ContainerType(ociSpec) - assert.Error(err) - assert.Equal(containerType, expected) } func TestSandboxIDSuccessful(t *testing.T) { @@ -241,7 +291,7 @@ func TestSandboxIDSuccessful(t *testing.T) { assert := assert.New(t) ociSpec.Annotations = map[string]string{ - annotations.SandboxID: testSandboxID, + crioAnnotations.SandboxID: testSandboxID, } sandboxID, err := SandboxID(ociSpec) diff --git a/src/runtime/vendor/github.com/containerd/containerd/pkg/cri/annotations/annotations.go b/src/runtime/vendor/github.com/containerd/containerd/pkg/cri/annotations/annotations.go new file mode 100644 index 000000000..68a0f4837 --- /dev/null +++ b/src/runtime/vendor/github.com/containerd/containerd/pkg/cri/annotations/annotations.go @@ -0,0 +1,62 @@ +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package annotations + +// ContainerType values +// Following OCI annotations are used by katacontainers now. +// We'll switch to standard secure pod API after it is defined in CRI. +const ( + // ContainerTypeSandbox represents a pod sandbox container + ContainerTypeSandbox = "sandbox" + + // ContainerTypeContainer represents a container running within a pod + ContainerTypeContainer = "container" + + // ContainerType is the container type (sandbox or container) annotation + ContainerType = "io.kubernetes.cri.container-type" + + // SandboxID is the sandbox ID annotation + SandboxID = "io.kubernetes.cri.sandbox-id" + + // SandboxLogDir is the pod log directory annotation. + // If the sandbox needs to generate any log, it will put it into this directory. + // Kubelet will be responsible for: + // 1) Monitoring the disk usage of the log, and including it as part of the pod + // ephemeral storage usage. + // 2) Cleaning up the logs when the pod is deleted. + // NOTE: Kubelet is not responsible for rotating the logs. + SandboxLogDir = "io.kubernetes.cri.sandbox-log-directory" + + // UntrustedWorkload is the sandbox annotation for untrusted workload. Untrusted + // workload can only run on dedicated runtime for untrusted workload. + UntrustedWorkload = "io.kubernetes.cri.untrusted-workload" + + // SandboxNamespace is the name of the namespace of the sandbox (pod) + SandboxNamespace = "io.kubernetes.cri.sandbox-namespace" + + // SandboxName is the name of the sandbox (pod) + SandboxName = "io.kubernetes.cri.sandbox-name" + + // ContainerName is the name of the container in the pod + ContainerName = "io.kubernetes.cri.container-name" + + // ImageName is the name of the image used to create the container + ImageName = "io.kubernetes.cri.image-name" + + // PodAnnotations are the annotations of the pod + PodAnnotations = "io.kubernetes.cri.pod-annotations" +) diff --git a/src/runtime/vendor/github.com/containerd/cri-containerd/pkg/annotations/annotations.go b/src/runtime/vendor/github.com/containerd/cri-containerd/pkg/annotations/annotations.go deleted file mode 100644 index be63ba27a..000000000 --- a/src/runtime/vendor/github.com/containerd/cri-containerd/pkg/annotations/annotations.go +++ /dev/null @@ -1,38 +0,0 @@ -/* -Copyright 2018 The Containerd Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package annotations - -// ContainerType values -// Following OCI annotations are used by katacontainers now. -// We'll switch to standard secure pod API after it is defined in CRI. -const ( - // ContainerTypeSandbox represents a pod sandbox container - ContainerTypeSandbox = "sandbox" - - // ContainerTypeContainer represents a container running within a pod - ContainerTypeContainer = "container" - - // ContainerType is the container type (sandbox or container) annotation - ContainerType = "io.kubernetes.cri.container-type" - - // SandboxID is the sandbox ID annotation - SandboxID = "io.kubernetes.cri.sandbox-id" - - // UntrustedWorkload is the sandbox annotation for untrusted workload. Untrusted - // workload can only run on dedicated runtime for untrusted workload. - UntrustedWorkload = "io.kubernetes.cri.untrusted-workload" -) diff --git a/src/runtime/vendor/modules.txt b/src/runtime/vendor/modules.txt index 568d55111..df7e889b0 100644 --- a/src/runtime/vendor/modules.txt +++ b/src/runtime/vendor/modules.txt @@ -71,6 +71,7 @@ github.com/containerd/containerd/identifiers github.com/containerd/containerd/log github.com/containerd/containerd/mount github.com/containerd/containerd/namespaces +github.com/containerd/containerd/pkg/cri/annotations github.com/containerd/containerd/pkg/dialer github.com/containerd/containerd/pkg/runtimeoptions/v1 github.com/containerd/containerd/pkg/ttrpcutil @@ -85,7 +86,6 @@ github.com/containerd/containerd/sys/reaper github.com/containerd/containerd/version # github.com/containerd/cri-containerd v1.11.1-0.20190125013620-4dd6735020f5 ## explicit -github.com/containerd/cri-containerd/pkg/annotations github.com/containerd/cri-containerd/pkg/api/runtimeoptions/v1 # github.com/containerd/fifo v1.0.0 ## explicit diff --git a/src/runtime/virtcontainers/types.go b/src/runtime/virtcontainers/types.go index 82cde0b51..9ddbf654c 100644 --- a/src/runtime/virtcontainers/types.go +++ b/src/runtime/virtcontainers/types.go @@ -10,13 +10,30 @@ type ContainerType string // List different types of containers const ( - PodContainer ContainerType = "pod_container" - PodSandbox ContainerType = "pod_sandbox" + // PodContainer identifies a container that should be associated with an existing pod + PodContainer ContainerType = "pod_container" + // PodSandbox identifies an infra container that will be used to create the pod + PodSandbox ContainerType = "pod_sandbox" + // SingleContainer is utilized to describe a container that didn't have a container/sandbox + // annotation applied. This is expected when dealing with non-pod container (ie, running + // from ctr, podman, etc). + SingleContainer ContainerType = "single_container" + // UnknownContainerType specifies a container that provides container type annotation, but + // it is unknown. UnknownContainerType ContainerType = "unknown_container_type" ) // IsSandbox determines if the container type can be considered as a sandbox. -// We can consider a sandbox in case we have a PodSandbox or a RegularContainer. +// We can consider a sandbox in case we have a PodSandbox or a "regular" container func (cType ContainerType) IsSandbox() bool { - return cType == PodSandbox + return cType == PodSandbox || cType == SingleContainer +} + +func (t ContainerType) IsCriSandbox() bool { + return t == PodSandbox +} + +// "Regular" Container +func (t ContainerType) IsSingleContainer() bool { + return t == SingleContainer } From 7a989a8333f4ec9ca745598f5ff269540f7d4e60 Mon Sep 17 00:00:00 2001 From: Eric Ernst Date: Tue, 14 Dec 2021 18:54:45 -0800 Subject: [PATCH 10/11] runtime: api-test: fixup not clear why this was commented out before -- ensure that we set approprate annotation on the sandbox container's annotations to indicate this is a sandbox. Signed-off-by: Eric Ernst --- src/runtime/virtcontainers/api_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/runtime/virtcontainers/api_test.go b/src/runtime/virtcontainers/api_test.go index 255314e79..3366041c6 100644 --- a/src/runtime/virtcontainers/api_test.go +++ b/src/runtime/virtcontainers/api_test.go @@ -77,7 +77,7 @@ func newBasicTestCmd() types.Cmd { func newTestSandboxConfigNoop() SandboxConfig { bundlePath := filepath.Join(testDir, testBundle) containerAnnotations[annotations.BundlePathKey] = bundlePath - // containerAnnotations["com.github.containers.virtcontainers.pkg.oci.container_type"] = "pod_sandbox" + containerAnnotations[annotations.ContainerTypeKey] = "pod_sandbox" emptySpec := newEmptySpec() From 51bf98073d0c2e7b83bf2320be827e0942b9316a Mon Sep 17 00:00:00 2001 From: "James O. D. Hunt" Date: Fri, 3 Dec 2021 10:14:36 +0000 Subject: [PATCH 11/11] docs: Update architecture document Refresh the content and formatting of the architecture document. Out of scope of these changes: - Diagram updates. - Updates to the Networking section. Fixes: #3190. Signed-off-by: James O. D. Hunt --- docs/design/architecture.md | 878 +++++++++++++++++++++++++++++------- 1 file changed, 726 insertions(+), 152 deletions(-) diff --git a/docs/design/architecture.md b/docs/design/architecture.md index 1446f5683..1281a2e36 100644 --- a/docs/design/architecture.md +++ b/docs/design/architecture.md @@ -2,128 +2,640 @@ ## Overview -This is an architectural overview of Kata Containers, based on the 2.0 release. +Kata Containers is an open source community working to build a secure +container [runtime](#runtime) with lightweight virtual machines (VM's) +that feel and perform like standard Linux containers, but provide +stronger [workload](#workload) isolation using hardware +[virtualization](#virtualization) technology as a second layer of +defence. -The primary deliverable of the Kata Containers project is a CRI friendly shim. There is also a CRI friendly library API behind them. +Kata Containers runs on [multiple architectures](../../src/runtime/README.md#platform-support) +and supports [multiple hypervisors](../hypervisors.md). -The [Kata Containers runtime](../../src/runtime) -is compatible with the [OCI](https://github.com/opencontainers) [runtime specification](https://github.com/opencontainers/runtime-spec) -and therefore works seamlessly with the [Kubernetes\* Container Runtime Interface (CRI)](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-node/container-runtime-interface.md) -through the [CRI-O\*](https://github.com/kubernetes-incubator/cri-o) and -[Containerd\*](https://github.com/containerd/containerd) implementation. - -Kata Containers creates a QEMU\*/KVM virtual machine for pod that `kubelet` (Kubernetes) creates respectively. - -The [`containerd-shim-kata-v2` (shown as `shimv2` from this point onwards)](../../src/runtime/cmd/containerd-shim-kata-v2/) -is the Kata Containers entrypoint, which -implements the [Containerd Runtime V2 (Shim API)](https://github.com/containerd/containerd/tree/master/runtime/v2) for Kata. - -Before `shimv2` (as done in [Kata Containers 1.x releases](https://github.com/kata-containers/runtime/releases)), we need to create a `containerd-shim` and a [`kata-shim`](https://github.com/kata-containers/shim) for each container and the Pod sandbox itself, plus an optional [`kata-proxy`](https://github.com/kata-containers/proxy) when VSOCK is not available. With `shimv2`, Kubernetes can launch Pod and OCI compatible containers with one shim (the `shimv2`) per Pod instead of `2N+1` shims, and no standalone `kata-proxy` process even if no VSOCK is available. - -![Kubernetes integration with shimv2](arch-images/shimv2.svg) - -The container process is then spawned by -[`kata-agent`](../../src/agent), an agent process running -as a daemon inside the virtual machine. `kata-agent` runs a [`ttRPC`](https://github.com/containerd/ttrpc-rust) server in -the guest using a VIRTIO serial or VSOCK interface which QEMU exposes as a socket -file on the host. `shimv2` uses a `ttRPC` protocol to communicate with -the agent. This protocol allows the runtime to send container management -commands to the agent. The protocol is also used to carry the I/O streams (stdout, -stderr, stdin) between the containers and the manage engines (e.g. CRI-O or containerd). - -For any given container, both the init process and all potentially executed -commands within that container, together with their related I/O streams, need -to go through the VSOCK interface exported by QEMU. - -The container workload, that is, the actual OCI bundle rootfs, is exported from the -host to the virtual machine. In the case where a block-based graph driver is -configured, `virtio-scsi` will be used. In all other cases a `virtio-fs` VIRTIO mount point -will be used. `kata-agent` uses this mount point as the root filesystem for the -container processes. +This document is a summary of the Kata Containers architecture. ## Virtualization -How Kata Containers maps container concepts to virtual machine technologies, and how this is realized in the multiple -hypervisors and VMMs that Kata supports is described within the [virtualization documentation](./virtualization.md) +For details on how Kata Containers maps container concepts to VM +technologies, and how this is realized in the multiple hypervisors and +VMMs that Kata supports see the +[virtualization documentation](./virtualization.md). + +## Compatibility + +The [Kata Containers runtime](../../src/runtime) is compatible with +the [OCI](https://github.com/opencontainers) +[runtime specification](https://github.com/opencontainers/runtime-spec) +and therefore works seamlessly with the +[Kubernetes Container Runtime Interface (CRI)](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-node/container-runtime-interface.md) +through the [CRI-O](https://github.com/kubernetes-incubator/cri-o) +and [containerd](https://github.com/containerd/containerd) +implementations. + +Kata Containers provides a ["shimv2"](#shim-v2-architecture) compatible runtime. + +## Shim v2 architecture + +The Kata Containers runtime is shim v2 ("shimv2") compatible. This +section explains what this means. + +### History + +In the old [Kata 1.x architecture](https://github.com/kata-containers/documentation/blob/master/design/architecture.md), +the Kata [runtime](#runtime) was an executable called `kata-runtime`. +The container manager called this executable multiple times when +creating each container. Each time the runtime was called a different +OCI command-line verb was provided. This architecture was simple, but +not well suited to creating VM based containers due to the issue of +handling state between calls. Additionally, the architecture suffered +from performance issues related to continually having to spawn new +instances of the runtime binary, and +[Kata shim](https://github.com/kata-containers/shim) and +[Kata proxy](https://github.com/kata-containers/proxy) processes for systems +that did not provide VSOCK. + +### An improved architecture + +The +[containerd runtime shimv2 architecture](https://github.com/containerd/containerd/tree/main/runtime/v2) +or _shim API_ architecture resolves the issues with the old +architecture by defining a set of shimv2 APIs that a compatible +runtime implementation must supply. Rather than calling the runtime +binary multiple times for each new container, the shimv2 architecture +runs a single instance of the runtime binary (for any number of +containers). This improves performance and resolves the state handling +issue. + +The shimv2 API is similar to the +[OCI runtime](https://github.com/opencontainers/runtime-spec) +API in terms of the way the container lifecycle is split into +different verbs. Rather than calling the runtime multiple times, the +container manager creates a socket and passes it to the shimv2 +runtime. The socket is a bi-directional communication channel that +uses a gRPC based protocol to allow the container manager to send API +calls to the runtime, which returns the result to the container +manager using the same channel. + +The shimv2 architecture allows running several containers per VM to +support container engines that require multiple containers running +inside a pod. + +With the new architecture [Kubernetes](#kubernetes-support) can +launch both Pod and OCI compatible containers with a single +[runtime](#runtime) shim per Pod, rather than `2N+1` shims. No stand +alone `kata-proxy` process is required, even if VSOCK is not +available. + +### Architectural comparison + +| Kata version | Kata Runtime process calls | Kata shim processes | Kata proxy processes (if no VSOCK) | +|-|-|-|-| +| 1.x | multiple per container | 1 per container connection | 1 | +| 2.x | 1 per VM (hosting any number of containers) | 0 | 0 | + +> **Notes:** +> +> - A single VM can host one or more containers. +> +> - The "Kata shim processes" column refers to the old +> [Kata shim](https://github.com/kata-containers/shim) (`kata-shim` binary), +> *not* the new shimv2 runtime instance (`containerd-shim-kata-v2` binary). + +The diagram below shows how the original architecture was simplified +with the advent of shimv2. + +![Kubernetes integration with shimv2](arch-images/shimv2.svg) + +## Root filesystem + +This document uses the term _rootfs_ to refer to a root filesystem +which is mounted as the top-level directory ("`/`") and often referred +to as _slash_. + +It is important to understand this term since the overall system uses +multiple different rootfs's (as explained in the +[Environments](#environments) section. + +## Example command + +The following containerd command creates a container. It is referred +to throughout this document to help explain various points: + +```bash +$ sudo ctr run --runtime "io.containerd.kata.v2" --rm -t "quay.io/libpod/ubuntu:latest" foo sh +``` + +This command requests that containerd: + +- Create a container (`ctr run`). +- Use the Kata [shimv2](#shim-v2-architecture) runtime (`--runtime "io.containerd.kata.v2"`). +- Delete the container when it [exits](#workload-exit) (`--rm`). +- Attach the container to the user's terminal (`-t`). +- Use the Ubuntu Linux [container image](#container-image) + to create the container [rootfs](#root-filesystem) that will become + the [container environment](#environments) + (`quay.io/libpod/ubuntu:latest`). +- Create the container with the name "`foo`". +- Run the `sh(1)` command in the Ubuntu rootfs based container + environment. + + The command specified here is referred to as the [workload](#workload). + +> **Note:** +> +> For the purposes of this document and to keep explanations +> simpler, we assume the user is running this command in the +> [host environment](#environments). + +## Container image + +In the [example command](#example-command) the user has specified the +type of container they wish to run via the container image name: +`ubuntu`. This image name corresponds to a _container image_ that can +be used to create a container with an Ubuntu Linux environment. Hence, +in our [example](#example-command), the `sh(1)` command will be run +inside a container which has an Ubuntu rootfs. + +> **Note:** +> +> The term _container image_ is confusing since the image in question +> is **not** a container: it is simply a set of files (_an image_) +> that can be used to _create_ a container. The term _container +> template_ would be more accurate but the term _container image_ is +> commonly used so this document uses the standard term. + +For the purposes of this document, the most important part of the +[example command line](#example-command) is the container image the +user has requested. Normally, the container manager will _pull_ +(download) a container image from a remote site and store a copy +locally. This local container image is used by the container manager +to create an [OCI bundle](#oci-bundle) which will form the environment +the container will run in. After creating the OCI bundle, the +container manager launches a [runtime](#runtime) which will create the +container using the provided OCI bundle. + +## OCI bundle + +To understand what follows, it is important to know at a high level +how an OCI ([Open Containers Initiative](https://opencontainers.org)) compatible container is created. + +An OCI compatible container is created by taking a +[container image](#container-image) and converting the embedded rootfs +into an +[OCI rootfs bundle](https://github.com/opencontainers/runtime-spec/blob/main/bundle.md), +or more simply, an _OCI bundle_. + +An OCI bundle is a `tar(1)` archive normally created by a container +manager which is passed to an OCI [runtime](#runtime) which converts +it into a full container rootfs. The bundle contains two assets: + +- A container image [rootfs](#root-filesystem) + + This is simply a directory of files that will be used to represent + the rootfs for the container. + + For the [example command](#example-command), the directory will + contain the files necessary to create a minimal Ubuntu root + filesystem. + +- An [OCI configuration file](https://github.com/opencontainers/runtime-spec/blob/main/config.md) + + This is a JSON file called `config.json`. + + The container manager will create this file so that: + + - The `root.path` value is set to the full path of the specified + container rootfs. + + In [the example](#example-command) this value will be `ubuntu`. + + - The `process.args` array specifies the list of commands the user + wishes to run. This is known as the [workload](#workload). + + In [the example](#example-command) the workload is `sh(1)`. + +## Workload + +The workload is the command the user requested to run in the +container and is specified in the [OCI bundle](#oci-bundle)'s +configuration file. + +In our [example](#example-command), the workload is the `sh(1)` command. + +### Workload root filesystem + +For details of how the [runtime](#runtime) makes the +[container image](#container-image) chosen by the user available to +the workload process, see the +[Container creation](#container-creation) and [storage](#storage) sections. + +Note that the workload is isolated from the [guest VM](#environments) environment by its +surrounding [container environment](#environments). The guest VM +environment where the container runs in is also isolated from the _outer_ +[host environment](#environments) where the container manager runs. + +## System overview + +### Environments + +The following terminology is used to describe the different or +environments (or contexts) various processes run in. It is necessary +to study this table closely to make sense of what follows: + +| Type | Name | Virtualized | Containerized | rootfs | Rootfs device type | Mount type | Description | +|-|-|-|-|-|-|-|-| +| Host | Host | no `[1]` | no | Host specific | Host specific | Host specific | The environment provided by a standard, physical non virtualized system. | +| VM root | Guest VM | yes | no | rootfs inside the [guest image](#guest-image) | Hypervisor specific `[2]` | `ext4` | The first (or top) level VM environment created on a host system. | +| VM container root | Container | yes | yes | rootfs type requested by user ([`ubuntu` in the example](#example-command)) | `kataShared` | [virtio FS](#virtio-fs) | The first (or top) level container environment created inside the VM. Based on the [OCI bundle](#oci-bundle). | + +**Key:** + +- `[1]`: For simplicity, this document assumes the host environment + runs on physical hardware. + +- `[2]`: See the [DAX](#dax) section. + +> **Notes:** +> +> - The word "root" is used to mean _top level_ here in a similar +> manner to the term [rootfs](#root-filesystem). +> +> - The term "first level" prefix used above is important since it implies +> that it is possible to create multi level systems. However, they do +> not form part of a standard Kata Containers environment so will not +> be considered in this document. + +The reasons for containerizing the [workload](#workload) inside the VM +are: + +- Isolates the workload entirely from the VM environment. +- Provides better isolation between containers in a [pod](#kubernetes-support). +- Allows the workload to be managed and monitored through its cgroup + confinement. + +### Container creation + +The steps below show at a high level how a Kata Containers container is +created using the containerd container manager: + +1. The user requests the creation of a container by running a command + like the [example command](#example-command). +1. The container manager daemon runs a single instance of the Kata + [runtime](#runtime). +1. The Kata runtime loads its [configuration file](#configuration). +1. The container manager calls a set of shimv2 API functions on the runtime. +1. The Kata runtime launches the configured [hypervisor](#hypervisor). +1. The hypervisor creates and starts (_boots_) a VM using the + [guest assets](#guest-assets): + + - The hypervisor [DAX](#dax) shares the [guest image](#guest-image) + into the VM to become the VM [rootfs](#root-filesystem) (mounted on a `/dev/pmem*` device), + which is known as the [VM root environment](#environments). + - The hypervisor mounts the [OCI bundle](#oci-bundle), using [virtio FS](#virtio-fs), + into a container specific directory inside the VM's rootfs. + + This container specific directory will become the + [container rootfs](#environments), known as the + [container environment](#environments). + +1. The [agent](#agent) is started as part of the VM boot. + +1. The runtime calls the agent's `CreateSandbox` API to request the + agent create a container: + + 1. The agent creates a [container environment](#environments) + in the container specific directory that contains the [container rootfs](#environments). + + The container environment hosts the [workload](#workload) in the + [container rootfs](#environments) directory. + + 1. The agent spawns the workload inside the container environment. + + > **Notes:** + > + > - The container environment created by the agent is equivalent to + > a container environment created by the + > [`runc`](https://github.com/opencontainers/runc) OCI runtime; + > Linux cgroups and namespaces are created inside the VM by the + > [guest kernel](#guest-kernel) to isolate the workload from the + > VM environment the container is created in. See the + > [Environments](#environments) section for an explanation of why + > this is done. + > + > - See the [guest image](#guest-image) section for details of + > exactly how the agent is started. + +1. The container manager returns control of the container to the + user running the `ctr` command. + +> **Note:** +> +> At this point, the container is running and: +> +> - The [workload](#workload) process ([`sh(1)` in the example](#example-command)) +> is running in the [container environment](#environments). +> - The user is now able to interact with the workload +> (using the [`ctr` command in the example](#example-command)). +> - The [agent](#agent), running inside the VM is monitoring the +> [workload](#workload) process. +> - The [runtime](#runtime) is waiting for the agent's `WaitProcess` API +> call to complete. + +Further details of these steps are provided in the sections below. + +### Container shutdown + +There are two possible ways for the container environment to be +terminated: + +- When the [workload](#workload) exits. + + This is the standard, or _graceful_ shutdown method. + +- When the container manager forces the container to be deleted. + +#### Workload exit + +The [agent](#agent) will detect when the [workload](#workload) process +exits, capture its exit status (see `wait(2)`) and return that value +to the [runtime](#runtime) by specifying it as the response to the +`WaitProcess` agent API call made by the [runtime](#runtime). + +The runtime then passes the value back to the container manager by the +`Wait` [shimv2 API](#shim-v2-architecture) call. + +Once the workload has fully exited, the VM is no longer needed and the +runtime cleans up the environment (which includes terminating the +[hypervisor](#hypervisor) process). + +> **Note:** +> +> When [agent tracing is enabled](../tracing.md#agent-shutdown-behaviour), +> the shutdown behaviour is different. + +#### Container manager requested shutdown + +If the container manager requests the container be deleted, the +[runtime](#runtime) will signal the agent by sending it a +`DestroySandbox` [ttRPC API](../../src/agent/protocols/protos/agent.proto) request. ## Guest assets -The hypervisor will launch a virtual machine which includes a minimal guest kernel -and a guest image. +Kata Containers creates a VM in which to run one or more containers. It +does this by launching a [hypervisor](#hypervisor) to create the VM. +The hypervisor needs two assets for this task: a Linux kernel and a +small root filesystem image to boot the VM. ### Guest kernel -The guest kernel is passed to the hypervisor and used to boot the virtual -machine. The default kernel provided in Kata Containers is highly optimized for -kernel boot time and minimal memory footprint, providing only those services -required by a container workload. This is based on a very current upstream Linux -kernel. +The [guest kernel](../../tools/packaging/kernel) +is passed to the hypervisor and used to boot the VM. +The default kernel provided in Kata Containers is highly optimized for +kernel boot time and minimal memory footprint, providing only those +services required by a container workload. It is based on the latest +Linux LTS (Long Term Support) [kernel](https://www.kernel.org). ### Guest image -Kata Containers supports both an `initrd` and `rootfs` based minimal guest image. +The hypervisor uses an image file which provides a minimal root +filesystem used by the guest kernel to boot the VM and host the Kata +Container. Kata Containers supports both initrd and rootfs based +minimal guest images. The [default packages](../install/) provide both +an image and an initrd, both of which are created using the +[`osbuilder`](../../tools/osbuilder) tool. + +> **Notes:** +> +> - Although initrd and rootfs based images are supported, not all +> [hypervisors](#hypervisor) support both types of image. +> +> - The guest image is *unrelated* to the image used in a container +> workload. +> +> For example, if a user creates a container that runs a shell in a +> BusyBox image, they will run that shell in a BusyBox environment. +> However, the guest image running inside the VM that is used to +> *host* that BusyBox image could be running Clear Linux, Ubuntu, +> Fedora or any other distribution potentially. +> +> The `osbuilder` tool provides +> [configurations for various common Linux distributions](../../tools/osbuilder/rootfs-builder) +> which can be built into either initrd or rootfs guest images. +> +> - If you are using a [packaged version of Kata +> Containers](../install), you can see image details by running the +> [`kata-collect-data.sh`](../../src/runtime/data/kata-collect-data.sh.in) +> script as `root` and looking at the "Image details" section of the +> output. #### Root filesystem image -The default packaged root filesystem image, sometimes referred to as the "mini O/S", is a -highly optimized container bootstrap system based on [Clear Linux](https://clearlinux.org/). It provides an extremely minimal environment and -has a highly optimized boot path. +The default packaged rootfs image, sometimes referred to as the _mini +O/S_, is a highly optimized container bootstrap system. -The only services running in the context of the mini O/S are the init daemon -(`systemd`) and the [Agent](#agent). The real workload the user wishes to run -is created using libcontainer, creating a container in the same manner that is done -by `runc`. +If this image type is [configured](#configuration), when the user runs +the [example command](#example-command): -For example, when `ctr run -ti ubuntu date` is run: +- The [runtime](#runtime) will launch the configured [hypervisor](#hypervisor). +- The hypervisor will boot the mini-OS image using the [guest kernel](#guest-kernel). +- The kernel will start the init daemon as PID 1 (`systemd`) inside the VM root environment. +- `systemd`, running inside the mini-OS context, will launch the [agent](#agent) + in the root context of the VM. +- The agent will create a new container environment, setting its root + filesystem to that requested by the user (Ubuntu in [the example](#example-command)). +- The agent will then execute the command (`sh(1)` in [the example](#example-command)) + inside the new container. -- The hypervisor will boot the mini-OS image using the guest kernel. -- `systemd`, running inside the mini-OS context, will launch the `kata-agent` in - the same context. -- The agent will create a new confined context to run the specified command in - (`date` in this example). -- The agent will then execute the command (`date` in this example) inside this - new context, first setting the root filesystem to the expected Ubuntu\* root - filesystem. +The table below summarises the default mini O/S showing the +environments that are created, the services running in those +environments (for all platforms) and the root filesystem used by +each service: + +| Process | Environment | systemd service? | rootfs | User accessible | Notes | +|-|-|-|-|-|-| +| systemd | VM root | n/a | [VM guest image](#guest-image)| [debug console][debug-console] | The init daemon, running as PID 1 | +| [Agent](#agent) | VM root | yes | [VM guest image](#guest-image)| [debug console][debug-console] | Runs as a systemd service | +| `chronyd` | VM root | yes | [VM guest image](#guest-image)| [debug console][debug-console] | Used to synchronise the time with the host | +| container workload (`sh(1)` in [the example](#example-command)) | VM container | no | User specified (Ubuntu in [the example](#example-command)) | [exec command](#exec-command) | Managed by the agent | + +See also the [process overview](#process-overview). + +> **Notes:** +> +> - The "User accessible" column shows how an administrator can access +> the environment. +> +> - The container workload is running inside a full container +> environment which itself is running within a VM environment. +> +> - See the [configuration files for the `osbuilder` tool](../../tools/osbuilder/rootfs-builder) +> for details of the default distribution for platforms other than +> Intel x86_64. #### Initrd image -A compressed `cpio(1)` archive, created from a rootfs which is loaded into memory and used as part of the Linux startup process. During startup, the kernel unpacks it into a special instance of a `tmpfs` that becomes the initial root filesystem. +The initrd image is a compressed `cpio(1)` archive, created from a +rootfs which is loaded into memory and used as part of the Linux +startup process. During startup, the kernel unpacks it into a special +instance of a `tmpfs` mount that becomes the initial root filesystem. -The only service running in the context of the initrd is the [Agent](#agent) as the init daemon. The real workload the user wishes to run is created using libcontainer, creating a container in the same manner that is done by `runc`. +If this image type is [configured](#configuration), when the user runs +the [example command](#example-command): + +- The [runtime](#runtime) will launch the configured [hypervisor](#hypervisor). +- The hypervisor will boot the mini-OS image using the [guest kernel](#guest-kernel). +- The kernel will start the init daemon as PID 1 (the [agent](#agent)) + inside the VM root environment. +- The [agent](#agent) will create a new container environment, setting its root + filesystem to that requested by the user (`ubuntu` in + [the example](#example-command)). +- The agent will then execute the command (`sh(1)` in [the example](#example-command)) + inside the new container. + +The table below summarises the default mini O/S showing the environments that are created, +the processes running in those environments (for all platforms) and +the root filesystem used by each service: + +| Process | Environment | rootfs | User accessible | Notes | +|-|-|-|-|-| +| [Agent](#agent) | VM root | [VM guest image](#guest-image) | [debug console][debug-console] | Runs as the init daemon (PID 1) | +| container workload | VM container | User specified (Ubuntu in this example) | [exec command](#exec-command) | Managed by the agent | + +> **Notes:** +> +> - The "User accessible" column shows how an administrator can access +> the environment. +> +> - It is possible to use a standard init daemon such as systemd with +> an initrd image if this is desirable. + +See also the [process overview](#process-overview). + +#### Image summary + +| Image type | Default distro | Init daemon | Reason | Notes | +|-|-|-|-|-| +| [image](#root-filesystem-image) | [Clear Linux](https://clearlinux.org) (for x86_64 systems)| systemd | Minimal and highly optimized | systemd offers flexibility | +| [initrd](#initrd-image) | [Alpine Linux](https://alpinelinux.org) | Kata [agent](#agent) (as no systemd support) | Security hardened and tiny C library | + +See also: + +- The [osbuilder](../../tools/osbuilder) tool + + This is used to build all default image types. + +- The [versions database](../../versions.yaml) + + The `default-image-name` and `default-initrd-name` options specify + the default distributions for each image type. + +## Hypervisor + +The [hypervisor](../hypervisors.md) specified in the +[configuration file](#configuration) creates a VM to host the +[agent](#agent) and the [workload](#workload) inside the +[container environment](#environments). + +> **Note:** +> +> The hypervisor process runs inside an environment slightly different +> to the host environment: +> +> - It is run in a different cgroup environment to the host. +> - It is given a separate network namespace from the host. +> - If the [OCI configuration specifies a SELinux label](https://github.com/opencontainers/runtime-spec/blob/main/config.md#linux-process), +> the hypervisor process will run with that label (*not* the workload running inside the hypervisor's VM). ## Agent -[`kata-agent`](../../src/agent) is a process running in the guest as a supervisor for managing containers and processes running within those containers. +The Kata Containers agent ([`kata-agent`](../../src/agent)), written +in the [Rust programming language](https://www.rust-lang.org), is a +long running process that runs inside the VM. It acts as the +supervisor for managing the containers and the [workload](#workload) +running within those containers. Only a single agent process is run +for each VM created. -For the 2.0 release, the `kata-agent` is rewritten in the [RUST programming language](https://www.rust-lang.org/) so that we can minimize its memory footprint while keeping the memory safety of the original GO version of [`kata-agent` used in Kata Container 1.x](https://github.com/kata-containers/agent). This memory footprint reduction is pretty impressive, from tens of megabytes down to less than 100 kilobytes, enabling Kata Containers in more use cases like functional computing and edge computing. +### Agent communications protocol -The `kata-agent` execution unit is the sandbox. A `kata-agent` sandbox is a container sandbox defined by a set of namespaces (NS, UTS, IPC and PID). `shimv2` can -run several containers per VM to support container engines that require multiple -containers running inside a pod. +The agent communicates with the other Kata components (primarily the +[runtime](#runtime)) using a +[`ttRPC`](https://github.com/containerd/ttrpc-rust) based +[protocol](../../src/agent/protocols/protos). -`kata-agent` communicates with the other Kata components over `ttRPC`. +> **Note:** +> +> If you wish to learn more about this protocol, a practical way to do +> so is to experiment with the +> [agent control tool](#agent-control-tool) on a test system. +> This tool is for test and development purposes only and can send +> arbitrary ttRPC agent API commands to the [agent](#agent). ## Runtime -`containerd-shim-kata-v2` is a [containerd runtime shimv2](https://github.com/containerd/containerd/blob/v1.4.1/runtime/v2/README.md) implementation and is responsible for handling the `runtime v2 shim APIs`, which is similar to [the OCI runtime specification](https://github.com/opencontainers/runtime-spec) but simplifies the architecture by loading the runtime once and making RPC calls to handle the various container lifecycle commands. This refinement is an improvement on the OCI specification which requires the container manager call the runtime binary multiple times, at least once for each lifecycle command. +The Kata Containers runtime (the [`containerd-shim-kata-v2`](../../src/runtime/cmd/containerd-shim-kata-v2 +) binary) is a [shimv2](#shim-v2-architecture) compatible runtime. -`containerd-shim-kata-v2` heavily utilizes the -[virtcontainers package](../../src/runtime/virtcontainers/), which provides a generic, runtime-specification agnostic, hardware-virtualized containers library. +> **Note:** +> +> The Kata Containers runtime is sometimes referred to as the Kata +> _shim_. Both terms are correct since the `containerd-shim-kata-v2` +> is a container runtime, and that runtime implements the containerd +> shim v2 API. + +The runtime makes heavy use of the [`virtcontainers` +package](../../src/runtime/virtcontainers), which provides a generic, +runtime-specification agnostic, hardware-virtualized containers +library. + +The runtime is responsible for starting the [hypervisor](#hypervisor) +and it's VM, and communicating with the [agent](#agent) using a +[ttRPC based protocol](#agent-communications-protocol) over a VSOCK +socket that provides a communications link between the VM and the +host. + +This protocol allows the runtime to send container management commands +to the agent. The protocol is also used to carry the standard I/O +streams (`stdout`, `stderr`, `stdin`) between the containers and +container managers (such as CRI-O or containerd). + +## Utility program + +The `kata-runtime` binary is a utility program that provides +administrative commands to manipulate and query a Kata Containers +installation. + +> **Note:** +> +> In Kata 1.x, this program also acted as the main +> [runtime](#runtime), but this is no longer required due to the +> improved shimv2 architecture. + +### exec command + +The `exec` command allows an administrator or developer to enter the +[VM root environment](#environments) which is not accessible by the container +[workload](#workload). + +See [the developer guide](../Developer-Guide.md#connect-to-debug-console) for further details. ### Configuration -The runtime uses a TOML format configuration file called `configuration.toml`. By default this file is installed in the `/usr/share/defaults/kata-containers` directory and contains various settings such as the paths to the hypervisor, the guest kernel and the mini-OS image. - -The actual configuration file paths can be determined by running: -``` -$ kata-runtime --show-default-config-paths -``` -Most users will not need to modify the configuration file. - -The file is well commented and provides a few "knobs" that can be used to modify the behavior of the runtime and your chosen hypervisor. +See the [configuration file details](../../src/runtime/README.md#configuration). The configuration file is also used to enable runtime [debug output](../Developer-Guide.md#enable-full-debug). +## Process overview + +The table below shows an example of the main processes running in the +different [environments](#environments) when a Kata Container is +created with containerd using our [example command](#example-command): + +| Description | Host | VM root environment | VM container environment | +|-|-|-|-| +| Container manager | `containerd` | | +| Kata Containers | [runtime](#runtime), [`virtiofsd`](#virtio-fs), [hypervisor](#hypervisor) | [agent](#agent) | +| User [workload](#workload) | | | [`ubuntu sh`](#example-command) | + ## Networking Containers will typically live in their own, possibly shared, networking namespace. @@ -135,8 +647,10 @@ In order to do so, container engines will usually add one end of a virtual ethernet (`veth`) pair into the container networking namespace. The other end of the `veth` pair is added to the host networking namespace. -This is a very namespace-centric approach as many hypervisors/VMMs cannot handle `veth` -interfaces. Typically, `TAP` interfaces are created for VM connectivity. +This is a very namespace-centric approach as many hypervisors or VM +Managers (VMMs) such as `virt-manager` cannot handle `veth` +interfaces. Typically, `TAP` interfaces are created for VM +connectivity. To overcome incompatibility between typical container engines expectations and virtual machines, Kata Containers networking transparently connects `veth` @@ -156,7 +670,7 @@ on par with MACVTAP. Kata Containers has deprecated support for bridge due to lacking performance relative to TC-filter and MACVTAP. - Kata Containers supports both +Kata Containers supports both [CNM](https://github.com/docker/libnetwork/blob/master/docs/design.md#the-container-network-model) and [CNI](https://github.com/containernetworking/cni) for networking management. @@ -170,47 +684,91 @@ The following diagram illustrates the Kata Containers network hotplug workflow. ![Network Hotplug](arch-images/kata-containers-network-hotplug.png) ## Storage -Container workloads are shared with the virtualized environment through [virtio-fs](https://virtio-fs.gitlab.io/). -The [devicemapper `snapshotter`](https://github.com/containerd/containerd/tree/master/snapshots/devmapper) is a special case. The `snapshotter` uses dedicated block devices rather than formatted filesystems, and operates at the block level rather than the file level. This knowledge is used to directly use the underlying block device instead of the overlay file system for the container root file system. The block device maps to the top read-write layer for the overlay. This approach gives much better I/O performance compared to using `virtio-fs` to share the container file system. +### virtio SCSI -Kata Containers has the ability to hotplug and remove block devices, which makes it possible to use block devices for containers started after the VM has been launched. +If a block-based graph driver is [configured](#configuration), +`virtio-scsi` is used to _share_ the workload image (such as +`busybox:latest`) into the container's environment inside the VM. -Users can check to see if the container uses the devicemapper block device as its rootfs by calling `mount(8)` within the container. If the devicemapper block device -is used, `/` will be mounted on `/dev/vda`. Users can disable direct mounting of the underlying block device through the runtime configuration. +### virtio FS + +If a block-based graph driver is _not_ [configured](#configuration), a +[`virtio-fs`](https://virtio-fs.gitlab.io) (`VIRTIO`) overlay +filesystem mount point is used to _share_ the workload image instead. The +[agent](#agent) uses this mount point as the root filesystem for the +container processes. + +For virtio-fs, the [runtime](#runtime) starts one `virtiofsd` daemon +(that runs in the host context) for each VM created. + +### Devicemapper + +The +[devicemapper `snapshotter`](https://github.com/containerd/containerd/tree/master/snapshots/devmapper) +is a special case. The `snapshotter` uses dedicated block devices +rather than formatted filesystems, and operates at the block level +rather than the file level. This knowledge is used to directly use the +underlying block device instead of the overlay file system for the +container root file system. The block device maps to the top +read-write layer for the overlay. This approach gives much better I/O +performance compared to using `virtio-fs` to share the container file +system. + +#### Hot plug and unplug + +Kata Containers has the ability to hot plug add and hot plug remove +block devices. This makes it possible to use block devices for +containers started after the VM has been launched. + +Users can check to see if the container uses the `devicemapper` block +device as its rootfs by calling `mount(8)` within the container. If +the `devicemapper` block device is used, the root filesystem (`/`) +will be mounted from `/dev/vda`. Users can disable direct mounting of +the underlying block device through the runtime +[configuration](#configuration). ## Kubernetes support -[Kubernetes\*](https://github.com/kubernetes/kubernetes/) is a popular open source +[Kubernetes](https://github.com/kubernetes/kubernetes/), or K8s, is a popular open source container orchestration engine. In Kubernetes, a set of containers sharing resources such as networking, storage, mount, PID, etc. is called a -[Pod](https://kubernetes.io/docs/user-guide/pods/). +[pod](https://kubernetes.io/docs/user-guide/pods/). + A node can have multiple pods, but at a minimum, a node within a Kubernetes cluster only needs to run a container runtime and a container agent (called a [Kubelet](https://kubernetes.io/docs/admin/kubelet/)). -A Kubernetes cluster runs a control plane where a scheduler (typically running on a -dedicated master node) calls into a compute Kubelet. This Kubelet instance is -responsible for managing the lifecycle of pods within the nodes and eventually relies -on a container runtime to handle execution. The Kubelet architecture decouples -lifecycle management from container execution through the dedicated -`gRPC` based [Container Runtime Interface (CRI)](https://github.com/kubernetes/community/blob/master/contributors/design-proposals/node/container-runtime-interface-v1.md). +Kata Containers represents a Kubelet pod as a VM. -In other words, a Kubelet is a CRI client and expects a CRI implementation to -handle the server side of the interface. -[CRI-O\*](https://github.com/kubernetes-incubator/cri-o) and [Containerd\*](https://github.com/containerd/containerd/) are CRI implementations that rely on [OCI](https://github.com/opencontainers/runtime-spec) -compatible runtimes for managing container instances. +A Kubernetes cluster runs a control plane where a scheduler (typically +running on a dedicated master node) calls into a compute Kubelet. This +Kubelet instance is responsible for managing the lifecycle of pods +within the nodes and eventually relies on a container runtime to +handle execution. The Kubelet architecture decouples lifecycle +management from container execution through a dedicated gRPC based +[Container Runtime Interface (CRI)](https://github.com/kubernetes/community/blob/master/contributors/design-proposals/node/container-runtime-interface-v1.md). -Kata Containers is an officially supported CRI-O and Containerd runtime. Refer to the following guides on how to set up Kata Containers with Kubernetes: +In other words, a Kubelet is a CRI client and expects a CRI +implementation to handle the server side of the interface. +[CRI-O](https://github.com/kubernetes-incubator/cri-o) and +[containerd](https://github.com/containerd/containerd/) are CRI +implementations that rely on +[OCI](https://github.com/opencontainers/runtime-spec) compatible +runtimes for managing container instances. -- [How to use Kata Containers and Containerd](../how-to/containerd-kata.md) +Kata Containers is an officially supported CRI-O and containerd +runtime. Refer to the following guides on how to set up Kata +Containers with Kubernetes: + +- [How to use Kata Containers and containerd](../how-to/containerd-kata.md) - [Run Kata Containers with Kubernetes](../how-to/run-kata-with-k8s.md) #### OCI annotations -In order for the Kata Containers runtime (or any virtual machine based OCI compatible -runtime) to be able to understand if it needs to create a full virtual machine or if it -has to create a new container inside an existing pod's virtual machine, CRI-O adds +In order for the Kata Containers [runtime](#runtime) (or any VM based OCI compatible +runtime) to be able to understand if it needs to create a full VM or if it +has to create a new container inside an existing pod's VM, CRI-O adds specific annotations to the OCI configuration file (`config.json`) which is passed to the OCI compatible runtime. @@ -221,70 +779,86 @@ or `container`. Kata Containers will then use this annotation to decide if it ne respectively create a virtual machine or a container inside a virtual machine associated with a Kubernetes pod: -```Go - containerType, err := ociSpec.ContainerType() - if err != nil { - return err - } - - handleFactory(ctx, runtimeConfig) - - disableOutput := noNeedForOutput(detach, ociSpec.Process.Terminal) - - var process vc.Process - switch containerType { - case vc.PodSandbox: - process, err = createSandbox(ctx, ociSpec, runtimeConfig, containerID, bundlePath, console, disableOutput, systemdCgroup) - if err != nil { - return err - } - case vc.PodContainer: - process, err = createContainer(ctx, ociSpec, containerID, bundlePath, console, disableOutput) - if err != nil { - return err - } - } - -``` +| Annotation value | Kata VM created? | Kata container created? | +|-|-|-| +| `sandbox` | yes | yes (inside new VM) | +| `container`| no | yes (in existing VM) | #### Mixing VM based and namespace based runtimes > **Note:** Since Kubernetes 1.12, the [`Kubernetes RuntimeClass`](https://kubernetes.io/docs/concepts/containers/runtime-class/) > has been supported and the user can specify runtime without the non-standardized annotations. -With `RuntimeClass`, users can define Kata Containers as a `RuntimeClass` and then explicitly specify that a pod being created as a Kata Containers pod. For details, please refer to [How to use Kata Containers and Containerd](../../docs/how-to/containerd-kata.md). +With `RuntimeClass`, users can define Kata Containers as a +`RuntimeClass` and then explicitly specify that a pod must be created +as a Kata Containers pod. For details, please refer to [How to use +Kata Containers and containerd](../../docs/how-to/containerd-kata.md). +## Tracing + +The [tracing document](../tracing.md) provides details on the tracing +architecture. # Appendices ## DAX -Kata Containers utilizes the Linux kernel DAX [(Direct Access filesystem)](https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/filesystems/dax.rst?h=v5.14) -feature to efficiently map some host-side files into the guest VM space. -In particular, Kata Containers uses the QEMU NVDIMM feature to provide a -memory-mapped virtual device that can be used to DAX map the virtual machine's -root filesystem into the guest memory address space. +Kata Containers utilizes the Linux kernel DAX +[(Direct Access filesystem)](https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/filesystems/dax.rst?h=v5.14) +feature to efficiently map the [guest image](#guest-image) in the +[host environment](#environments) into the +[guest VM environment](#environments) to become the VM's +[rootfs](#root-filesystem). -Mapping files using DAX provides a number of benefits over more traditional VM -file and device mapping mechanisms: +If the [configured](#configuration) [hypervisor](#hypervisor) is set +to either QEMU or Cloud Hypervisor, DAX is used with the feature shown +in the table below: + +| Hypervisor | Feature used | rootfs device type | +|-|-|-| +| Cloud Hypervisor (CH) | `dax` `FsConfig` configuration option | PMEM (emulated Persistent Memory device) | +| QEMU | NVDIMM memory device with a memory file backend | NVDIMM (emulated Non-Volatile Dual In-line Memory Module device) | + +The features in the table above are equivalent in that they provide a memory-mapped +virtual device which is used to DAX map the VM's +[rootfs](#root-filesystem) into the [VM guest](#environments) memory +address space. + +The VM is then booted, specifying the `root=` kernel parameter to make +the [guest kernel](#guest-kernel) use the appropriate emulated device +as its rootfs. + +### DAX advantages + +Mapping files using [DAX](#dax) provides a number of benefits over +more traditional VM file and device mapping mechanisms: + +- Mapping as a direct access device allows the guest to directly + access the host memory pages (such as via Execute In Place (XIP)), + bypassing the [guest kernel](#guest-kernel)'s page cache. This + zero copy provides both time and space optimizations. -- Mapping as a direct access devices allows the guest to directly access - the host memory pages (such as via Execute In Place (XIP)), bypassing the guest - page cache. This provides both time and space optimizations. - Mapping as a direct access device inside the VM allows pages from the host to be demand loaded using page faults, rather than having to make requests via a virtualized device (causing expensive VM exits/hypercalls), thus providing a speed optimization. -- Utilizing `MAP_SHARED` shared memory on the host allows the host to efficiently - share pages. -Kata Containers uses the following steps to set up the DAX mappings: -1. QEMU is configured with an NVDIMM memory device, with a memory file - backend to map in the host-side file into the virtual NVDIMM space. -2. The guest kernel command line mounts this NVDIMM device with the DAX - feature enabled, allowing direct page mapping and access, thus bypassing the - guest page cache. +- Utilizing `mmap(2)`'s `MAP_SHARED` shared memory option on the host + allows the host to efficiently share pages. ![DAX](arch-images/DAX.png) -Information on the use of NVDIMM via QEMU is available in the [QEMU source code](http://git.qemu-project.org/?p=qemu.git;a=blob;f=docs/nvdimm.txt;hb=HEAD) +For further details of the use of NVDIMM with QEMU, see the [QEMU +project documentation](https://www.qemu.org). + +## Agent control tool + +The [agent control tool](../../src/tools/agent-ctl) is a test and +development tool that can be used to learn more about a Kata +Containers system. + +## Terminology + +See the [project glossary](../../Glossary.md). + +[debug-console]: ../Developer-Guide.md#connect-to-debug-console