From c66b56683beb63b34f98d418f3f3e13b0aa2097e Mon Sep 17 00:00:00 2001 From: Manabu Sugimoto Date: Wed, 3 Nov 2021 21:38:15 +0900 Subject: [PATCH 01/37] agent: Ignore unknown seccomp system calls If Kata agent cannot resolve the system calls given by seccomp profiles, the agent ignores the system calls and continues to run without an error. Fixes: #2957 Signed-off-by: Manabu Sugimoto --- src/agent/rustjail/src/seccomp.rs | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/src/agent/rustjail/src/seccomp.rs b/src/agent/rustjail/src/seccomp.rs index 58e85c482..75d938f25 100644 --- a/src/agent/rustjail/src/seccomp.rs +++ b/src/agent/rustjail/src/seccomp.rs @@ -68,7 +68,14 @@ pub fn init_seccomp(scmp: &LinuxSeccomp) -> Result<()> { } for name in &syscall.names { - let syscall_num = get_syscall_from_name(name, None)?; + let syscall_num = match get_syscall_from_name(name, None) { + Ok(num) => num, + Err(_) => { + // If we cannot resolve the given system call, we assume it is not supported + // by the kernel. Hence, we skip it without generating an error. + continue; + } + }; if syscall.args.is_empty() { filter.add_rule(action, syscall_num, None)?; From 7304e52a59a29bf330d77722cb3132bfe77ea374 Mon Sep 17 00:00:00 2001 From: Binbin Zhang Date: Mon, 23 Aug 2021 16:21:14 +0800 Subject: [PATCH 02/37] Makefile: update `make go-test` call 1. use ci/go-test.sh to replace the direct call to go test 2. fix data race test 3. install hook whether it is root or not Fixes #1494 Signed-off-by: Binbin Zhang --- ci/go-test.sh | 1 + src/runtime/Makefile | 6 ++---- src/runtime/pkg/containerd-shim-v2/stream.go | 2 +- 3 files changed, 4 insertions(+), 5 deletions(-) diff --git a/ci/go-test.sh b/ci/go-test.sh index e6881f005..3ead6f7fa 100755 --- a/ci/go-test.sh +++ b/ci/go-test.sh @@ -1,3 +1,4 @@ +#!/bin/bash # # Copyright (c) 2020 Intel Corporation # diff --git a/src/runtime/Makefile b/src/runtime/Makefile index a8f7ef070..5e2e160b3 100644 --- a/src/runtime/Makefile +++ b/src/runtime/Makefile @@ -602,14 +602,12 @@ test: install-hook go-test install-hook: make -C virtcontainers hook -ifeq ($(shell id -u), 0) echo "installing mock hook" - make -C virtcontainers install -endif + sudo -E make -C virtcontainers install go-test: $(GENERATED_FILES) go clean -testcache - go test -v -mod=vendor ./... + $(QUIET_TEST)../../ci/go-test.sh fast-test: $(GENERATED_FILES) go clean -testcache diff --git a/src/runtime/pkg/containerd-shim-v2/stream.go b/src/runtime/pkg/containerd-shim-v2/stream.go index 2d4ad57e8..f976c49ef 100644 --- a/src/runtime/pkg/containerd-shim-v2/stream.go +++ b/src/runtime/pkg/containerd-shim-v2/stream.go @@ -36,6 +36,7 @@ func (tty *ttyIO) close() { if tty.Stdin != nil { tty.Stdin.Close() + tty.Stdin = nil } cf := func(w io.Writer) { if w == nil { @@ -111,7 +112,6 @@ func ioCopy(exitch, stdinCloser chan struct{}, tty *ttyIO, stdinPipe io.WriteClo if tty.Stdin != nil { // close stdin to make the other routine stop tty.Stdin.Close() - tty.Stdin = nil } }() } From 7b35615191939ea302fd7321b0f4f5f018719b70 Mon Sep 17 00:00:00 2001 From: Manabu Sugimoto Date: Fri, 5 Nov 2021 21:00:03 +0900 Subject: [PATCH 03/37] agent: Log unknown seccomp system calls Kata agent logs unknown system calls given by seccomp profiles in advance before the log file descriptor closes. Fixes: #2957 Signed-off-by: Manabu Sugimoto --- src/agent/rustjail/src/container.rs | 8 ++ src/agent/rustjail/src/seccomp.rs | 158 ++++++++++++++++------------ 2 files changed, 101 insertions(+), 65 deletions(-) diff --git a/src/agent/rustjail/src/container.rs b/src/agent/rustjail/src/container.rs index 03ad66287..62d23fe5d 100644 --- a/src/agent/rustjail/src/container.rs +++ b/src/agent/rustjail/src/container.rs @@ -600,6 +600,14 @@ fn do_init_child(cwfd: RawFd) -> Result<()> { capctl::prctl::set_no_new_privs().map_err(|_| anyhow!("cannot set no new privileges"))?; } + // Log unknown seccomp system calls in advance before the log file descriptor closes. + #[cfg(feature = "seccomp")] + if let Some(ref scmp) = linux.seccomp { + if let Some(syscalls) = seccomp::get_unknown_syscalls(scmp) { + log_child!(cfd_log, "unknown seccomp system calls: {:?}", syscalls); + } + } + // Without NoNewPrivileges, we need to set seccomp // before dropping capabilities because the calling thread // must have the CAP_SYS_ADMIN. diff --git a/src/agent/rustjail/src/seccomp.rs b/src/agent/rustjail/src/seccomp.rs index 75d938f25..3496a45d8 100644 --- a/src/agent/rustjail/src/seccomp.rs +++ b/src/agent/rustjail/src/seccomp.rs @@ -39,6 +39,24 @@ fn get_rule_conditions(args: &[LinuxSeccompArg]) -> Result> Ok(conditions) } +pub fn get_unknown_syscalls(scmp: &LinuxSeccomp) -> Option> { + let mut unknown_syscalls: Vec = Vec::new(); + + for syscall in &scmp.syscalls { + for name in &syscall.names { + if get_syscall_from_name(name, None).is_err() { + unknown_syscalls.push(name.to_string()); + } + } + } + + if unknown_syscalls.is_empty() { + None + } else { + Some(unknown_syscalls) + } +} + // init_seccomp creates a seccomp filter and loads it for the current process // including all the child processes. pub fn init_seccomp(scmp: &LinuxSeccomp) -> Result<()> { @@ -116,6 +134,72 @@ mod tests { }; } + const TEST_DATA: &str = r#"{ + "defaultAction": "SCMP_ACT_ALLOW", + "architectures": [ + ], + "flags": [ + "SECCOMP_FILTER_FLAG_LOG" + ], + "syscalls": [ + { + "names": [ + "dup3", + "invalid_syscall1", + "invalid_syscall2" + ], + "action": "SCMP_ACT_ERRNO" + }, + { + "names": [ + "process_vm_readv" + ], + "action": "SCMP_ACT_ERRNO", + "errnoRet": 111, + "args": [ + { + "index": 0, + "value": 10, + "op": "SCMP_CMP_EQ" + } + ] + }, + { + "names": [ + "process_vm_readv" + ], + "action": "SCMP_ACT_ERRNO", + "errnoRet": 111, + "args": [ + { + "index": 0, + "value": 20, + "op": "SCMP_CMP_EQ" + } + ] + }, + { + "names": [ + "process_vm_readv" + ], + "action": "SCMP_ACT_ERRNO", + "errnoRet": 222, + "args": [ + { + "index": 0, + "value": 30, + "op": "SCMP_CMP_EQ" + }, + { + "index": 2, + "value": 40, + "op": "SCMP_CMP_EQ" + } + ] + } + ] + }"#; + #[test] fn test_get_filter_attr_from_flag() { skip_if_not_root!(); @@ -128,75 +212,19 @@ mod tests { assert_eq!(get_filter_attr_from_flag("ERROR").is_err(), true); } + #[test] + fn test_get_unknown_syscalls() { + let scmp: oci::LinuxSeccomp = serde_json::from_str(TEST_DATA).unwrap(); + let syscalls = get_unknown_syscalls(&scmp).unwrap(); + + assert_eq!(syscalls, vec!["invalid_syscall1", "invalid_syscall2"]); + } + #[test] fn test_init_seccomp() { skip_if_not_root!(); - let data = r#"{ - "defaultAction": "SCMP_ACT_ALLOW", - "architectures": [ - ], - "flags": [ - "SECCOMP_FILTER_FLAG_LOG" - ], - "syscalls": [ - { - "names": [ - "dup3" - ], - "action": "SCMP_ACT_ERRNO" - }, - { - "names": [ - "process_vm_readv" - ], - "action": "SCMP_ACT_ERRNO", - "errnoRet": 111, - "args": [ - { - "index": 0, - "value": 10, - "op": "SCMP_CMP_EQ" - } - ] - }, - { - "names": [ - "process_vm_readv" - ], - "action": "SCMP_ACT_ERRNO", - "errnoRet": 111, - "args": [ - { - "index": 0, - "value": 20, - "op": "SCMP_CMP_EQ" - } - ] - }, - { - "names": [ - "process_vm_readv" - ], - "action": "SCMP_ACT_ERRNO", - "errnoRet": 222, - "args": [ - { - "index": 0, - "value": 30, - "op": "SCMP_CMP_EQ" - }, - { - "index": 2, - "value": 40, - "op": "SCMP_CMP_EQ" - } - ] - } - ] - }"#; - - let mut scmp: oci::LinuxSeccomp = serde_json::from_str(data).unwrap(); + let mut scmp: oci::LinuxSeccomp = serde_json::from_str(TEST_DATA).unwrap(); let mut arch: Vec; if cfg!(target_endian = "little") { From f3a97e94b239184698ce4b1e220ac53226f87e31 Mon Sep 17 00:00:00 2001 From: vados Date: Fri, 26 Nov 2021 23:01:55 +0900 Subject: [PATCH 04/37] docs: add how-to on Docker in Kata Add documentation on how to use Docker in Docker Fixes: #2474 Signed-off-by: vados --- docs/how-to/README.md | 1 + docs/how-to/how-to-run-docker-with-kata.md | 141 +++++++++++++++++++++ 2 files changed, 142 insertions(+) create mode 100644 docs/how-to/how-to-run-docker-with-kata.md diff --git a/docs/how-to/README.md b/docs/how-to/README.md index 44ffa21d3..5a348550e 100644 --- a/docs/how-to/README.md +++ b/docs/how-to/README.md @@ -36,3 +36,4 @@ - [How to use hotplug memory on arm64 in Kata Containers](how-to-hotplug-memory-arm64.md) - [How to setup swap devices in guest kernel](how-to-setup-swap-devices-in-guest-kernel.md) - [How to run rootless vmm](how-to-run-rootless-vmm.md) +- [How to run Docker with Kata Containers](how-to-run-docker-with-kata.md) diff --git a/docs/how-to/how-to-run-docker-with-kata.md b/docs/how-to/how-to-run-docker-with-kata.md new file mode 100644 index 000000000..d01c6f921 --- /dev/null +++ b/docs/how-to/how-to-run-docker-with-kata.md @@ -0,0 +1,141 @@ +# How to run Docker in Docker with Kata Containers + +This document describes the why and how behind running Docker in a Kata Container. + +> **Note:** While in other environments this might be described as "Docker in Docker", the new architecture of Kata 2.x means [Docker can no longer be used to create containers using a Kata Containers runtime](https://github.com/kata-containers/kata-containers/issues/722). + +## Requirements + +- A working Kata Containers installation + +## Install and configure Kata Containers + +Follow the [Kata Containers installation guide](../install/README.md) to Install Kata Containers on your Kubernetes cluster. + +## Background + +Docker in Docker ("DinD") is the colloquial name for the ability to run `docker` from inside a container. + +You can learn more about about Docker-in-Docker at the following links: + +- [The original announcement of DinD](https://www.docker.com/blog/docker-can-now-run-within-docker/) +- [`docker` image Docker Hub page](https://hub.docker.com/_/docker/) (this page lists the `-dind` releases) + +While normally DinD refers to running `docker` from inside a Docker container, +Kata Containers 2.x allows only supported runtimes (such as [`containerd`](../install/container-manager/containerd/containerd-install.md)). + +Running `docker` in a Kata Container implies creating Docker containers from inside a container managed by `containerd` (or another supported container manager), as illustrated below: + +``` +container manager -> Kata Containers shim -> Docker Daemon -> Docker container +(containerd) (containerd-shim-kata-v2) (dockerd) (busybox sh) +``` + +[OverlayFS][OverlayFS] is the preferred storage driver for most container runtimes on Linux ([including Docker](https://docs.docker.com/storage/storagedriver/select-storage-driver)). + +> **Note:** While in the past Kata Containers did not contain the [`overlay` kernel module (aka OverlayFS)][OverlayFS], the kernel modules have been included since the [Kata Containers v2.0.0 release][v2.0.0]. + +[OverlayFS]: https://www.kernel.org/doc/html/latest/filesystems/overlayfs.html +[v2.0.0]: https://github.com/kata-containers/kata-containers/releases/tag/2.0.0 +[kata-2.x-supported-runtimes]: https://github.com/kata-containers/kata-containers/blob/5737b36a3513f4da11a9dc7301b0c97ea22a51cf/docs/install/container-manager/containerd/containerd-install.md + +## Why Docker in Kata Containers 2.x requires special measures + +Running Docker containers Kata Containers requires care because `VOLUME`s specified in `Dockerfile`s run by Kata Containers are given the `kataShared` mount type by default, which applies to the root directory `/`: + +```console +/ # mount +kataShared on / type virtiofs (rw,relatime,dax) +``` + +`kataShared` mount types are powered by [`virtio-fs`][virtio-fs], a marked improvement over `virtio-9p`, thanks to [PR #1016](https://github.com/kata-containers/runtime/pull/1016). While `virtio-fs` is normally an excellent choice, in the case of DinD workloads `virtio-fs` causes an issue -- [it *cannot* be used as a "upper layer" of `overlayfs` without a custom patch](http://lists.katacontainers.io/pipermail/kata-dev/2020-January/001216.html). + +As `/var/lib/docker` is a `VOLUME` specified by DinD (i.e. the `docker` images tagged `*-dind`/`*-dind-rootless`), `docker` fill fail to start (or even worse, silently pick a worse storage driver like `vfs`) when started in a Kata Container. Special measures must be taken when running DinD-powered workloads in Kata Containers. + +## Workarounds/Solutions + +Thanks to various community contributions (see [issue references below](#references)) the following options, with various trade-offs have been uncovered: + +### Use a memory backed volume + +For small workloads (small container images, without much generated filesystem load), a memory-backed volume is sufficient. Kubernetes supports a variant of [the `EmptyDir` volume][k8s-emptydir], which allows for memdisk-backed storage -- the [the `medium: Memory` ][k8s-memory-volume-type]. An example of a `Pod` using such a setup [was contributed](https://github.com/kata-containers/runtime/issues/1429#issuecomment-477385283), and is reproduced below: + +```yaml +apiVersion: v1 +kind: Pod +metadata: + name: dind +spec: + runtimeClassName: kata + containers: + - name: dind + securityContext: + privileged: true + image: docker:20.10-dind + args: ["--storage-driver=overlay2"] + resources: + limits: + memory: "3G" + volumeMounts: + - mountPath: /var/run/ + name: dockersock + - mountPath: /var/lib/docker + name: docker + volumes: + - name: dockersock + emptyDir: {} + - name: docker + emptyDir: + medium: Memory +``` + +Inside the container you can view the mount: + +```console +/ # mount | grep lib\/docker +tmpfs on /var/lib/docker type tmpfs (rw,relatime) +``` + +As is mentioned in the comment encapsulating this code, using volatile memory for container storage backing is a risky and could be possibly wasteful on machines that do not have a lot of RAM. + +### Use a loop mounted disk + +Using a loop mounted disk that is provisioned shortly before starting of the container workload is another approach that yields good performance. + +Contributors provided [an example in issue #1888](https://github.com/kata-containers/runtime/issues/1888#issuecomment-739057384), which is reproduced in part below: + +```yaml +spec: + containers: + - name: docker + image: docker:20.10-dind + command: ["sh", "-c"] + args: + - if [[ $(df -PT /var/lib/docker | awk 'NR==2 {print $2}') == virtiofs ]]; then + apk add e2fsprogs && + truncate -s 20G /tmp/disk.img && + mkfs.ext4 /tmp/disk.img && + mount /tmp/disk.img /var/lib/docker; fi && + dockerd-entrypoint.sh; + securityContext: + privileged: true +``` + +Note that loop mounted disks are often sparse, which means they *do not* take up the full amount of space that has been provisioned. This solution seems to produce the best performance and flexibility, at the expense of increased complexity and additional required setup. + +### Build a custom kernel + +It's possible to [modify the kernel](https://github.com/kata-containers/runtime/issues/1888#issuecomment-616872558) (in addition to applying the earlier mentioned mailing list patch) to support using `virtio-fs` as an upper. Note that if you modify your kernel and use `virtio-fs` you may require [additional changes](https://github.com/kata-containers/runtime/issues/1888#issuecomment-739057384) for decent performance and to address other issues. + +> **NOTE:** A future kernel release may rectify the usability and performance issues of using `virtio-fs` as an OverlayFS upper layer. + +## References + +The solutions proposed in this document are an amalgamation of thoughtful contributions from the Kata Containers community. + +Find links to issues & related discussion and the fruits therein below: + +- [How to run Docker in Docker with Kata Containers (#2474)](https://github.com/kata-containers/kata-containers/issues/2474) +- [Does Kata-container support AUFS/OverlayFS? (#2493)](https://github.com/kata-containers/runtime/issues/2493) +- [Unable to start docker in docker with virtio-fs (#1888)](https://github.com/kata-containers/runtime/issues/1888) +- [Not using native diff for overlay2 (#1429)](https://github.com/kata-containers/runtime/issues/1429) From cb5c948a0a543a81e07ded509e22fe274104cbf0 Mon Sep 17 00:00:00 2001 From: Jakob Naucke Date: Wed, 15 Dec 2021 14:34:14 +0100 Subject: [PATCH 05/37] kata-manager: Retrieve static tarball In `utils/kata-manager.sh`, we download the first asset listed for the release, which used to be the static x86_64 tarball. If that happened to not match the system architecture, we would abort. Besides that logic being invalid for !x86_64 (despite not distributing other tarballs at the moment), the first asset listed is also not the static tarball any more, it is the vendored source tarball. Retrieve all _static_ tarballs and select the appropriate one depending on architecture. Fixes: #3254 Signed-off-by: Jakob Naucke --- utils/kata-manager.sh | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/utils/kata-manager.sh b/utils/kata-manager.sh index c168e99da..732fb16ec 100755 --- a/utils/kata-manager.sh +++ b/utils/kata-manager.sh @@ -136,17 +136,16 @@ github_get_release_file_url() local url="${1:-}" local version="${2:-}" - download_url=$(curl -sL "$url" |\ + download_urls=$(curl -sL "$url" |\ jq --arg version "$version" \ - -r '.[] | select(.tag_name == $version) | .assets[0].browser_download_url' || true) + -r '.[] | select(.tag_name == $version) | .assets[].browser_download_url' |\ + grep static) - [ "$download_url" = null ] && download_url="" - [ -z "$download_url" ] && die "Cannot determine download URL for version $version ($url)" + [ -z "$download_urls" ] && die "Cannot determine download URL for version $version ($url)" local arch=$(uname -m) - - [ "$arch" = x86_64 ] && arch="($arch|amd64)" - echo "$download_url" | egrep -q "$arch" || die "No release for '$arch architecture ($url)" + local download_url=$(grep "$arch" <<< "$download_urls") + [ -z "$download_url" ] && die "No release for architecture '$arch' ($url)" echo "$download_url" } From 02608e13ab818dc95616f7ab244f202aeb9a7b84 Mon Sep 17 00:00:00 2001 From: Zack Date: Thu, 16 Dec 2021 19:14:27 +0800 Subject: [PATCH 06/37] docs: Update code PR advice document Allow using `expect()` for `Mutex.lock()` because it is almost unrecoverable if failed in the lock acquisition Fixes: #3285 Signed-off-by: Zack --- docs/code-pr-advice.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/code-pr-advice.md b/docs/code-pr-advice.md index ac0ea76af..1b5aac068 100644 --- a/docs/code-pr-advice.md +++ b/docs/code-pr-advice.md @@ -198,6 +198,7 @@ The table below lists the small number of cases where use of | `defer!()` | Similar to golang's `defer()` but doesn't allow the use of `?`. | | `tokio::spawn(async move {})` | Cannot currently return a `Result` from an `async move` closure. | | If an explicit test is performed before the `unwrap()` / `expect()` | *"Just about acceptable"*, but not ideal `[*]` | +| `Mutex.lock()` | Almost unrecoverable if failed in the lock acquisition | `[*]` - There can lead to bad *future* code: consider what would From 6f9efb4043f38a384d4f07c5e545a3377c0759ff Mon Sep 17 00:00:00 2001 From: "James O. D. Hunt" Date: Wed, 15 Dec 2021 17:44:24 +0000 Subject: [PATCH 07/37] docs: Move arch doc to separate directory Move the architecture document into a new `docs/design/architecture/` directory in preparation for splitting it into more manageable pieces. Signed-off-by: James O. D. Hunt --- docs/README.md | 2 +- docs/Upgrading.md | 2 +- docs/design/README.md | 2 +- .../README.md} | 68 +++++++++---------- docs/design/virtualization.md | 2 +- snap/README.md | 2 +- src/agent/README.md | 4 +- src/runtime/README.md | 2 +- src/runtime/virtcontainers/README.md | 2 +- 9 files changed, 43 insertions(+), 43 deletions(-) rename docs/design/{architecture.md => architecture/README.md} (94%) diff --git a/docs/README.md b/docs/README.md index f5fd38eef..7eb65a210 100644 --- a/docs/README.md +++ b/docs/README.md @@ -41,7 +41,7 @@ Documents that help to understand and contribute to Kata Containers. ### Design and Implementations -* [Kata Containers Architecture](design/architecture.md): Architectural overview of Kata Containers +* [Kata Containers Architecture](design/architecture): Architectural overview of Kata Containers * [Kata Containers E2E Flow](design/end-to-end-flow.md): The entire end-to-end flow of Kata Containers * [Kata Containers design](./design/README.md): More Kata Containers design documents * [Kata Containers threat model](./threat-model/threat-model.md): Kata Containers threat model diff --git a/docs/Upgrading.md b/docs/Upgrading.md index ef633fe68..0403b91be 100644 --- a/docs/Upgrading.md +++ b/docs/Upgrading.md @@ -114,7 +114,7 @@ with containerd. > kernel or image. If you are using custom -[guest assets](design/architecture.md#guest-assets), +[guest assets](design/architecture/README.md#guest-assets), you must upgrade them to work with Kata Containers 2.x since Kata Containers 1.x assets will **not** work. diff --git a/docs/design/README.md b/docs/design/README.md index 1a334453e..775f4d4c9 100644 --- a/docs/design/README.md +++ b/docs/design/README.md @@ -2,7 +2,7 @@ Kata Containers design documents: -- [Kata Containers architecture](architecture.md) +- [Kata Containers architecture](architecture) - [API Design of Kata Containers](kata-api-design.md) - [Design requirements for Kata Containers](kata-design-requirements.md) - [VSocks](VSocks.md) diff --git a/docs/design/architecture.md b/docs/design/architecture/README.md similarity index 94% rename from docs/design/architecture.md rename to docs/design/architecture/README.md index 1281a2e36..296276a7b 100644 --- a/docs/design/architecture.md +++ b/docs/design/architecture/README.md @@ -9,8 +9,8 @@ stronger [workload](#workload) isolation using hardware [virtualization](#virtualization) technology as a second layer of defence. -Kata Containers runs on [multiple architectures](../../src/runtime/README.md#platform-support) -and supports [multiple hypervisors](../hypervisors.md). +Kata Containers runs on [multiple architectures](../../../src/runtime/README.md#platform-support) +and supports [multiple hypervisors](../../hypervisors.md). This document is a summary of the Kata Containers architecture. @@ -19,11 +19,11 @@ This document is a summary of the Kata Containers architecture. For details on how Kata Containers maps container concepts to VM technologies, and how this is realized in the multiple hypervisors and VMMs that Kata supports see the -[virtualization documentation](./virtualization.md). +[virtualization documentation](../virtualization.md). ## Compatibility -The [Kata Containers runtime](../../src/runtime) is compatible with +The [Kata Containers runtime](../../../src/runtime) is compatible with the [OCI](https://github.com/opencontainers) [runtime specification](https://github.com/opencontainers/runtime-spec) and therefore works seamlessly with the @@ -104,7 +104,7 @@ available. The diagram below shows how the original architecture was simplified with the advent of shimv2. -![Kubernetes integration with shimv2](arch-images/shimv2.svg) +![Kubernetes integration with shimv2](../arch-images/shimv2.svg) ## Root filesystem @@ -370,14 +370,14 @@ runtime cleans up the environment (which includes terminating the > **Note:** > -> When [agent tracing is enabled](../tracing.md#agent-shutdown-behaviour), +> When [agent tracing is enabled](../../tracing.md#agent-shutdown-behaviour), > the shutdown behaviour is different. #### Container manager requested shutdown If the container manager requests the container be deleted, the [runtime](#runtime) will signal the agent by sending it a -`DestroySandbox` [ttRPC API](../../src/agent/protocols/protos/agent.proto) request. +`DestroySandbox` [ttRPC API](../../../src/agent/protocols/protos/agent.proto) request. ## Guest assets @@ -388,7 +388,7 @@ small root filesystem image to boot the VM. ### Guest kernel -The [guest kernel](../../tools/packaging/kernel) +The [guest kernel](../../../tools/packaging/kernel) is passed to the hypervisor and used to boot the VM. The default kernel provided in Kata Containers is highly optimized for kernel boot time and minimal memory footprint, providing only those @@ -400,9 +400,9 @@ Linux LTS (Long Term Support) [kernel](https://www.kernel.org). The hypervisor uses an image file which provides a minimal root filesystem used by the guest kernel to boot the VM and host the Kata Container. Kata Containers supports both initrd and rootfs based -minimal guest images. The [default packages](../install/) provide both +minimal guest images. The [default packages](../../install/) provide both an image and an initrd, both of which are created using the -[`osbuilder`](../../tools/osbuilder) tool. +[`osbuilder`](../../../tools/osbuilder) tool. > **Notes:** > @@ -419,12 +419,12 @@ an image and an initrd, both of which are created using the > Fedora or any other distribution potentially. > > The `osbuilder` tool provides -> [configurations for various common Linux distributions](../../tools/osbuilder/rootfs-builder) +> [configurations for various common Linux distributions](../../../tools/osbuilder/rootfs-builder) > which can be built into either initrd or rootfs guest images. > > - If you are using a [packaged version of Kata -> Containers](../install), you can see image details by running the -> [`kata-collect-data.sh`](../../src/runtime/data/kata-collect-data.sh.in) +> Containers](../../install), you can see image details by running the +> [`kata-collect-data.sh`](../../../src/runtime/data/kata-collect-data.sh.in) > script as `root` and looking at the "Image details" section of the > output. @@ -468,7 +468,7 @@ See also the [process overview](#process-overview). > - The container workload is running inside a full container > environment which itself is running within a VM environment. > -> - See the [configuration files for the `osbuilder` tool](../../tools/osbuilder/rootfs-builder) +> - See the [configuration files for the `osbuilder` tool](../../../tools/osbuilder/rootfs-builder) > for details of the default distribution for platforms other than > Intel x86_64. @@ -520,18 +520,18 @@ See also the [process overview](#process-overview). See also: -- The [osbuilder](../../tools/osbuilder) tool +- The [osbuilder](../../../tools/osbuilder) tool This is used to build all default image types. -- The [versions database](../../versions.yaml) +- The [versions database](../../../versions.yaml) The `default-image-name` and `default-initrd-name` options specify the default distributions for each image type. ## Hypervisor -The [hypervisor](../hypervisors.md) specified in the +The [hypervisor](../../hypervisors.md) specified in the [configuration file](#configuration) creates a VM to host the [agent](#agent) and the [workload](#workload) inside the [container environment](#environments). @@ -548,7 +548,7 @@ The [hypervisor](../hypervisors.md) specified in the ## Agent -The Kata Containers agent ([`kata-agent`](../../src/agent)), written +The Kata Containers agent ([`kata-agent`](../../../src/agent)), written in the [Rust programming language](https://www.rust-lang.org), is a long running process that runs inside the VM. It acts as the supervisor for managing the containers and the [workload](#workload) @@ -560,7 +560,7 @@ for each VM created. The agent communicates with the other Kata components (primarily the [runtime](#runtime)) using a [`ttRPC`](https://github.com/containerd/ttrpc-rust) based -[protocol](../../src/agent/protocols/protos). +[protocol](../../../src/agent/protocols/protos). > **Note:** > @@ -572,7 +572,7 @@ The agent communicates with the other Kata components (primarily the ## Runtime -The Kata Containers runtime (the [`containerd-shim-kata-v2`](../../src/runtime/cmd/containerd-shim-kata-v2 +The Kata Containers runtime (the [`containerd-shim-kata-v2`](../../../src/runtime/cmd/containerd-shim-kata-v2 ) binary) is a [shimv2](#shim-v2-architecture) compatible runtime. > **Note:** @@ -583,7 +583,7 @@ The Kata Containers runtime (the [`containerd-shim-kata-v2`](../../src/runtime/c > shim v2 API. The runtime makes heavy use of the [`virtcontainers` -package](../../src/runtime/virtcontainers), which provides a generic, +package](../../../src/runtime/virtcontainers), which provides a generic, runtime-specification agnostic, hardware-virtualized containers library. @@ -616,13 +616,13 @@ The `exec` command allows an administrator or developer to enter the [VM root environment](#environments) which is not accessible by the container [workload](#workload). -See [the developer guide](../Developer-Guide.md#connect-to-debug-console) for further details. +See [the developer guide](../../Developer-Guide.md#connect-to-debug-console) for further details. ### Configuration -See the [configuration file details](../../src/runtime/README.md#configuration). +See the [configuration file details](../../../src/runtime/README.md#configuration). -The configuration file is also used to enable runtime [debug output](../Developer-Guide.md#enable-full-debug). +The configuration file is also used to enable runtime [debug output](../../Developer-Guide.md#enable-full-debug). ## Process overview @@ -656,7 +656,7 @@ To overcome incompatibility between typical container engines expectations and virtual machines, Kata Containers networking transparently connects `veth` interfaces with `TAP` ones using Traffic Control: -![Kata Containers networking](arch-images/network.png) +![Kata Containers networking](../arch-images/network.png) With a TC filter in place, a redirection is created between the container network and the virtual machine. As an example, the CNI may create a device, `eth0`, in the container's network @@ -681,7 +681,7 @@ remove a guest network endpoint and to manipulate the guest route table. The following diagram illustrates the Kata Containers network hotplug workflow. -![Network Hotplug](arch-images/kata-containers-network-hotplug.png) +![Network Hotplug](../arch-images/kata-containers-network-hotplug.png) ## Storage @@ -761,8 +761,8 @@ Kata Containers is an officially supported CRI-O and containerd runtime. Refer to the following guides on how to set up Kata Containers with Kubernetes: -- [How to use Kata Containers and containerd](../how-to/containerd-kata.md) -- [Run Kata Containers with Kubernetes](../how-to/run-kata-with-k8s.md) +- [How to use Kata Containers and containerd](../../how-to/containerd-kata.md) +- [Run Kata Containers with Kubernetes](../../how-to/run-kata-with-k8s.md) #### OCI annotations @@ -792,11 +792,11 @@ with a Kubernetes pod: With `RuntimeClass`, users can define Kata Containers as a `RuntimeClass` and then explicitly specify that a pod must be created as a Kata Containers pod. For details, please refer to [How to use -Kata Containers and containerd](../../docs/how-to/containerd-kata.md). +Kata Containers and containerd](../../../docs/how-to/containerd-kata.md). ## Tracing -The [tracing document](../tracing.md) provides details on the tracing +The [tracing document](../../tracing.md) provides details on the tracing architecture. # Appendices @@ -846,19 +846,19 @@ more traditional VM file and device mapping mechanisms: - Utilizing `mmap(2)`'s `MAP_SHARED` shared memory option on the host allows the host to efficiently share pages. -![DAX](arch-images/DAX.png) +![DAX](../arch-images/DAX.png) For further details of the use of NVDIMM with QEMU, see the [QEMU project documentation](https://www.qemu.org). ## Agent control tool -The [agent control tool](../../src/tools/agent-ctl) is a test and +The [agent control tool](../../../src/tools/agent-ctl) is a test and development tool that can be used to learn more about a Kata Containers system. ## Terminology -See the [project glossary](../../Glossary.md). +See the [project glossary](../../../Glossary.md). -[debug-console]: ../Developer-Guide.md#connect-to-debug-console +[debug-console]: ../../Developer-Guide.md#connect-to-debug-console diff --git a/docs/design/virtualization.md b/docs/design/virtualization.md index eab3d6602..75ec62bf4 100644 --- a/docs/design/virtualization.md +++ b/docs/design/virtualization.md @@ -41,7 +41,7 @@ Kata Containers with QEMU has complete compatibility with Kubernetes. Depending on the host architecture, Kata Containers supports various machine types, for example `pc` and `q35` on x86 systems, `virt` on ARM systems and `pseries` on IBM Power systems. The default Kata Containers machine type is `pc`. The machine type and its [`Machine accelerators`](#machine-accelerators) can -be changed by editing the runtime [`configuration`](./architecture.md/#configuration) file. +be changed by editing the runtime [`configuration`](architecture/README.md#configuration) file. Devices and features used: - virtio VSOCK or virtio serial diff --git a/snap/README.md b/snap/README.md index 1114315be..3729542ec 100644 --- a/snap/README.md +++ b/snap/README.md @@ -76,7 +76,7 @@ then a new configuration file can be [created](#configure-kata-containers) and [configured][7]. [1]: https://docs.snapcraft.io/snaps/intro -[2]: ../docs/design/architecture.md#root-filesystem-image +[2]: ../docs/design/architecture/README.md#root-filesystem-image [3]: https://docs.snapcraft.io/reference/confinement#classic [4]: https://github.com/kata-containers/runtime#configuration [5]: https://docs.docker.com/engine/reference/commandline/dockerd diff --git a/src/agent/README.md b/src/agent/README.md index 98ec59bbd..24161cebe 100644 --- a/src/agent/README.md +++ b/src/agent/README.md @@ -6,14 +6,14 @@ The Kata agent is a long running process that runs inside the Virtual Machine (VM) (also known as the "pod" or "sandbox"). The agent is packaged inside the Kata Containers -[guest image](../../docs/design/architecture.md#guest-image) +[guest image](../../docs/design/architecture/README.md#guest-image) which is used to boot the VM. Once the runtime has launched the configured [hypervisor](../../docs/hypervisors.md) to create a new VM, the agent is started. From this point on, the agent is responsible for creating and managing the life cycle of the containers inside the VM. For further details, see the -[architecture document](../../docs/design/architecture.md). +[architecture document](../../docs/design/architecture). ## Audience diff --git a/src/runtime/README.md b/src/runtime/README.md index 2a893681f..c7de96544 100644 --- a/src/runtime/README.md +++ b/src/runtime/README.md @@ -70,7 +70,7 @@ See the ## Architecture overview -See the [architecture overview](../../docs/design/architecture.md) +See the [architecture overview](../../docs/design/architecture) for details on the Kata Containers design. ## Configuration diff --git a/src/runtime/virtcontainers/README.md b/src/runtime/virtcontainers/README.md index 97f01cfb9..bd090b65d 100644 --- a/src/runtime/virtcontainers/README.md +++ b/src/runtime/virtcontainers/README.md @@ -135,7 +135,7 @@ There are three drawbacks about using CNM instead of CNI: # Storage -See [Kata Containers Architecture](../../../docs/design/architecture.md#storage). +See [Kata Containers Architecture](../../../docs/design/architecture/README.md#storage). # Devices From 283d7d52c8e52261c84ebe3d211a83ef8ecea408 Mon Sep 17 00:00:00 2001 From: "James O. D. Hunt" Date: Wed, 15 Dec 2021 18:03:55 +0000 Subject: [PATCH 08/37] docs: Split history out of arch doc Move the historical details out of the architecture doc and into a separate file. Partially fixes: #3246. Signed-off-by: James O. D. Hunt --- docs/design/architecture/README.md | 40 +++------------------------- docs/design/architecture/history.md | 41 +++++++++++++++++++++++++++++ 2 files changed, 45 insertions(+), 36 deletions(-) create mode 100644 docs/design/architecture/history.md diff --git a/docs/design/architecture/README.md b/docs/design/architecture/README.md index 296276a7b..73d1ef459 100644 --- a/docs/design/architecture/README.md +++ b/docs/design/architecture/README.md @@ -39,22 +39,10 @@ Kata Containers provides a ["shimv2"](#shim-v2-architecture) compatible runtime. The Kata Containers runtime is shim v2 ("shimv2") compatible. This section explains what this means. -### History - -In the old [Kata 1.x architecture](https://github.com/kata-containers/documentation/blob/master/design/architecture.md), -the Kata [runtime](#runtime) was an executable called `kata-runtime`. -The container manager called this executable multiple times when -creating each container. Each time the runtime was called a different -OCI command-line verb was provided. This architecture was simple, but -not well suited to creating VM based containers due to the issue of -handling state between calls. Additionally, the architecture suffered -from performance issues related to continually having to spawn new -instances of the runtime binary, and -[Kata shim](https://github.com/kata-containers/shim) and -[Kata proxy](https://github.com/kata-containers/proxy) processes for systems -that did not provide VSOCK. - -### An improved architecture +> **Note:** +> +> For a comparison with the Kata 1.x architecture, see +> [the architectural history document](history.md). The [containerd runtime shimv2 architecture](https://github.com/containerd/containerd/tree/main/runtime/v2) @@ -86,26 +74,6 @@ launch both Pod and OCI compatible containers with a single alone `kata-proxy` process is required, even if VSOCK is not available. -### Architectural comparison - -| Kata version | Kata Runtime process calls | Kata shim processes | Kata proxy processes (if no VSOCK) | -|-|-|-|-| -| 1.x | multiple per container | 1 per container connection | 1 | -| 2.x | 1 per VM (hosting any number of containers) | 0 | 0 | - -> **Notes:** -> -> - A single VM can host one or more containers. -> -> - The "Kata shim processes" column refers to the old -> [Kata shim](https://github.com/kata-containers/shim) (`kata-shim` binary), -> *not* the new shimv2 runtime instance (`containerd-shim-kata-v2` binary). - -The diagram below shows how the original architecture was simplified -with the advent of shimv2. - -![Kubernetes integration with shimv2](../arch-images/shimv2.svg) - ## Root filesystem This document uses the term _rootfs_ to refer to a root filesystem diff --git a/docs/design/architecture/history.md b/docs/design/architecture/history.md new file mode 100644 index 000000000..ca23396e5 --- /dev/null +++ b/docs/design/architecture/history.md @@ -0,0 +1,41 @@ +# History + +## Kata 1.x architecture + +In the old [Kata 1.x architecture](https://github.com/kata-containers/documentation/blob/master/design/architecture.md), +the Kata [runtime](README.md#runtime) was an executable called `kata-runtime`. +The container manager called this executable multiple times when +creating each container. Each time the runtime was called a different +OCI command-line verb was provided. This architecture was simple, but +not well suited to creating VM based containers due to the issue of +handling state between calls. Additionally, the architecture suffered +from performance issues related to continually having to spawn new +instances of the runtime binary, and +[Kata shim](https://github.com/kata-containers/shim) and +[Kata proxy](https://github.com/kata-containers/proxy) processes for systems +that did not provide VSOCK. + +## Kata 2.x architecture + +See the ["shimv2"](README.md#shim-v2-architecture) section of the +architecture document. + +## Architectural comparison + +| Kata version | Kata Runtime process calls | Kata shim processes | Kata proxy processes (if no VSOCK) | +|-|-|-|-| +| 1.x | multiple per container | 1 per container connection | 1 | +| 2.x | 1 per VM (hosting any number of containers) | 0 | 0 | + +> **Notes:** +> +> - A single VM can host one or more containers. +> +> - The "Kata shim processes" column refers to the old +> [Kata shim](https://github.com/kata-containers/shim) (`kata-shim` binary), +> *not* the new shimv2 runtime instance (`containerd-shim-kata-v2` binary). + +The diagram below shows how the original architecture was simplified +with the advent of shimv2. + +![Kubernetes integration with shimv2](../arch-images/shimv2.svg) From 7229b7a69dddc1df4b1cdb2dc99bd550df65ea65 Mon Sep 17 00:00:00 2001 From: "James O. D. Hunt" Date: Thu, 16 Dec 2021 11:07:40 +0000 Subject: [PATCH 09/37] docs: Split background and example out of arch doc Move the background and example command details out of the architecture doc and into separate files. Partially fixes: #3246. Signed-off-by: James O. D. Hunt --- docs/design/architecture/README.md | 164 ++++---------------- docs/design/architecture/background.md | 81 ++++++++++ docs/design/architecture/example-command.md | 30 ++++ 3 files changed, 145 insertions(+), 130 deletions(-) create mode 100644 docs/design/architecture/background.md create mode 100644 docs/design/architecture/example-command.md diff --git a/docs/design/architecture/README.md b/docs/design/architecture/README.md index 73d1ef459..5baaee56e 100644 --- a/docs/design/architecture/README.md +++ b/docs/design/architecture/README.md @@ -14,6 +14,18 @@ and supports [multiple hypervisors](../../hypervisors.md). This document is a summary of the Kata Containers architecture. +## Background knowledge + +This document assumes the reader understands a number of concepts +related to containers and file systems. The +[background](background.md) document explains these concepts. + +## Example command + +This document makes use of a particular [example +command](example-command.md) throughout the text to illustrate certain +concepts. + ## Virtualization For details on how Kata Containers maps container concepts to VM @@ -74,126 +86,18 @@ launch both Pod and OCI compatible containers with a single alone `kata-proxy` process is required, even if VSOCK is not available. -## Root filesystem - -This document uses the term _rootfs_ to refer to a root filesystem -which is mounted as the top-level directory ("`/`") and often referred -to as _slash_. - -It is important to understand this term since the overall system uses -multiple different rootfs's (as explained in the -[Environments](#environments) section. - -## Example command - -The following containerd command creates a container. It is referred -to throughout this document to help explain various points: - -```bash -$ sudo ctr run --runtime "io.containerd.kata.v2" --rm -t "quay.io/libpod/ubuntu:latest" foo sh -``` - -This command requests that containerd: - -- Create a container (`ctr run`). -- Use the Kata [shimv2](#shim-v2-architecture) runtime (`--runtime "io.containerd.kata.v2"`). -- Delete the container when it [exits](#workload-exit) (`--rm`). -- Attach the container to the user's terminal (`-t`). -- Use the Ubuntu Linux [container image](#container-image) - to create the container [rootfs](#root-filesystem) that will become - the [container environment](#environments) - (`quay.io/libpod/ubuntu:latest`). -- Create the container with the name "`foo`". -- Run the `sh(1)` command in the Ubuntu rootfs based container - environment. - - The command specified here is referred to as the [workload](#workload). - -> **Note:** -> -> For the purposes of this document and to keep explanations -> simpler, we assume the user is running this command in the -> [host environment](#environments). - -## Container image - -In the [example command](#example-command) the user has specified the -type of container they wish to run via the container image name: -`ubuntu`. This image name corresponds to a _container image_ that can -be used to create a container with an Ubuntu Linux environment. Hence, -in our [example](#example-command), the `sh(1)` command will be run -inside a container which has an Ubuntu rootfs. - -> **Note:** -> -> The term _container image_ is confusing since the image in question -> is **not** a container: it is simply a set of files (_an image_) -> that can be used to _create_ a container. The term _container -> template_ would be more accurate but the term _container image_ is -> commonly used so this document uses the standard term. - -For the purposes of this document, the most important part of the -[example command line](#example-command) is the container image the -user has requested. Normally, the container manager will _pull_ -(download) a container image from a remote site and store a copy -locally. This local container image is used by the container manager -to create an [OCI bundle](#oci-bundle) which will form the environment -the container will run in. After creating the OCI bundle, the -container manager launches a [runtime](#runtime) which will create the -container using the provided OCI bundle. - -## OCI bundle - -To understand what follows, it is important to know at a high level -how an OCI ([Open Containers Initiative](https://opencontainers.org)) compatible container is created. - -An OCI compatible container is created by taking a -[container image](#container-image) and converting the embedded rootfs -into an -[OCI rootfs bundle](https://github.com/opencontainers/runtime-spec/blob/main/bundle.md), -or more simply, an _OCI bundle_. - -An OCI bundle is a `tar(1)` archive normally created by a container -manager which is passed to an OCI [runtime](#runtime) which converts -it into a full container rootfs. The bundle contains two assets: - -- A container image [rootfs](#root-filesystem) - - This is simply a directory of files that will be used to represent - the rootfs for the container. - - For the [example command](#example-command), the directory will - contain the files necessary to create a minimal Ubuntu root - filesystem. - -- An [OCI configuration file](https://github.com/opencontainers/runtime-spec/blob/main/config.md) - - This is a JSON file called `config.json`. - - The container manager will create this file so that: - - - The `root.path` value is set to the full path of the specified - container rootfs. - - In [the example](#example-command) this value will be `ubuntu`. - - - The `process.args` array specifies the list of commands the user - wishes to run. This is known as the [workload](#workload). - - In [the example](#example-command) the workload is `sh(1)`. - ## Workload The workload is the command the user requested to run in the -container and is specified in the [OCI bundle](#oci-bundle)'s +container and is specified in the [OCI bundle](background.md#oci-bundle)'s configuration file. -In our [example](#example-command), the workload is the `sh(1)` command. +In our [example](example-command.md), the workload is the `sh(1)` command. ### Workload root filesystem For details of how the [runtime](#runtime) makes the -[container image](#container-image) chosen by the user available to +[container image](background.md#container-image) chosen by the user available to the workload process, see the [Container creation](#container-creation) and [storage](#storage) sections. @@ -214,7 +118,7 @@ to study this table closely to make sense of what follows: |-|-|-|-|-|-|-|-| | Host | Host | no `[1]` | no | Host specific | Host specific | Host specific | The environment provided by a standard, physical non virtualized system. | | VM root | Guest VM | yes | no | rootfs inside the [guest image](#guest-image) | Hypervisor specific `[2]` | `ext4` | The first (or top) level VM environment created on a host system. | -| VM container root | Container | yes | yes | rootfs type requested by user ([`ubuntu` in the example](#example-command)) | `kataShared` | [virtio FS](#virtio-fs) | The first (or top) level container environment created inside the VM. Based on the [OCI bundle](#oci-bundle). | +| VM container root | Container | yes | yes | rootfs type requested by user ([`ubuntu` in the example](example-command.md)) | `kataShared` | [virtio FS](#virtio-fs) | The first (or top) level container environment created inside the VM. Based on the [OCI bundle](background.md#oci-bundle). | **Key:** @@ -226,7 +130,7 @@ to study this table closely to make sense of what follows: > **Notes:** > > - The word "root" is used to mean _top level_ here in a similar -> manner to the term [rootfs](#root-filesystem). +> manner to the term [rootfs](background.md#root-filesystem). > > - The term "first level" prefix used above is important since it implies > that it is possible to create multi level systems. However, they do @@ -247,7 +151,7 @@ The steps below show at a high level how a Kata Containers container is created using the containerd container manager: 1. The user requests the creation of a container by running a command - like the [example command](#example-command). + like the [example command](example-command.md). 1. The container manager daemon runs a single instance of the Kata [runtime](#runtime). 1. The Kata runtime loads its [configuration file](#configuration). @@ -257,9 +161,9 @@ created using the containerd container manager: [guest assets](#guest-assets): - The hypervisor [DAX](#dax) shares the [guest image](#guest-image) - into the VM to become the VM [rootfs](#root-filesystem) (mounted on a `/dev/pmem*` device), + into the VM to become the VM [rootfs](background.md#root-filesystem) (mounted on a `/dev/pmem*` device), which is known as the [VM root environment](#environments). - - The hypervisor mounts the [OCI bundle](#oci-bundle), using [virtio FS](#virtio-fs), + - The hypervisor mounts the [OCI bundle](background.md#oci-bundle), using [virtio FS](#virtio-fs), into a container specific directory inside the VM's rootfs. This container specific directory will become the @@ -300,10 +204,10 @@ created using the containerd container manager: > > At this point, the container is running and: > -> - The [workload](#workload) process ([`sh(1)` in the example](#example-command)) +> - The [workload](#workload) process ([`sh(1)` in the example](example-command.md)) > is running in the [container environment](#environments). > - The user is now able to interact with the workload -> (using the [`ctr` command in the example](#example-command)). +> (using the [`ctr` command in the example](example-command.md)). > - The [agent](#agent), running inside the VM is monitoring the > [workload](#workload) process. > - The [runtime](#runtime) is waiting for the agent's `WaitProcess` API @@ -402,7 +306,7 @@ The default packaged rootfs image, sometimes referred to as the _mini O/S_, is a highly optimized container bootstrap system. If this image type is [configured](#configuration), when the user runs -the [example command](#example-command): +the [example command](example-command.md): - The [runtime](#runtime) will launch the configured [hypervisor](#hypervisor). - The hypervisor will boot the mini-OS image using the [guest kernel](#guest-kernel). @@ -410,8 +314,8 @@ the [example command](#example-command): - `systemd`, running inside the mini-OS context, will launch the [agent](#agent) in the root context of the VM. - The agent will create a new container environment, setting its root - filesystem to that requested by the user (Ubuntu in [the example](#example-command)). -- The agent will then execute the command (`sh(1)` in [the example](#example-command)) + filesystem to that requested by the user (Ubuntu in [the example](example-command.md)). +- The agent will then execute the command (`sh(1)` in [the example](example-command.md)) inside the new container. The table below summarises the default mini O/S showing the @@ -424,7 +328,7 @@ each service: | systemd | VM root | n/a | [VM guest image](#guest-image)| [debug console][debug-console] | The init daemon, running as PID 1 | | [Agent](#agent) | VM root | yes | [VM guest image](#guest-image)| [debug console][debug-console] | Runs as a systemd service | | `chronyd` | VM root | yes | [VM guest image](#guest-image)| [debug console][debug-console] | Used to synchronise the time with the host | -| container workload (`sh(1)` in [the example](#example-command)) | VM container | no | User specified (Ubuntu in [the example](#example-command)) | [exec command](#exec-command) | Managed by the agent | +| container workload (`sh(1)` in [the example](example-command.md)) | VM container | no | User specified (Ubuntu in [the example](example-command.md)) | [exec command](#exec-command) | Managed by the agent | See also the [process overview](#process-overview). @@ -448,7 +352,7 @@ startup process. During startup, the kernel unpacks it into a special instance of a `tmpfs` mount that becomes the initial root filesystem. If this image type is [configured](#configuration), when the user runs -the [example command](#example-command): +the [example command](example-command.md): - The [runtime](#runtime) will launch the configured [hypervisor](#hypervisor). - The hypervisor will boot the mini-OS image using the [guest kernel](#guest-kernel). @@ -456,8 +360,8 @@ the [example command](#example-command): inside the VM root environment. - The [agent](#agent) will create a new container environment, setting its root filesystem to that requested by the user (`ubuntu` in - [the example](#example-command)). -- The agent will then execute the command (`sh(1)` in [the example](#example-command)) + [the example](example-command.md)). +- The agent will then execute the command (`sh(1)` in [the example](example-command.md)) inside the new container. The table below summarises the default mini O/S showing the environments that are created, @@ -483,7 +387,7 @@ See also the [process overview](#process-overview). | Image type | Default distro | Init daemon | Reason | Notes | |-|-|-|-|-| -| [image](#root-filesystem-image) | [Clear Linux](https://clearlinux.org) (for x86_64 systems)| systemd | Minimal and highly optimized | systemd offers flexibility | +| [image](background.md#root-filesystem-image) | [Clear Linux](https://clearlinux.org) (for x86_64 systems)| systemd | Minimal and highly optimized | systemd offers flexibility | | [initrd](#initrd-image) | [Alpine Linux](https://alpinelinux.org) | Kata [agent](#agent) (as no systemd support) | Security hardened and tiny C library | See also: @@ -596,13 +500,13 @@ The configuration file is also used to enable runtime [debug output](../../Devel The table below shows an example of the main processes running in the different [environments](#environments) when a Kata Container is -created with containerd using our [example command](#example-command): +created with containerd using our [example command](example-command.md): | Description | Host | VM root environment | VM container environment | |-|-|-|-| | Container manager | `containerd` | | | Kata Containers | [runtime](#runtime), [`virtiofsd`](#virtio-fs), [hypervisor](#hypervisor) | [agent](#agent) | -| User [workload](#workload) | | | [`ubuntu sh`](#example-command) | +| User [workload](#workload) | | | [`ubuntu sh`](example-command.md) | ## Networking @@ -776,7 +680,7 @@ Kata Containers utilizes the Linux kernel DAX feature to efficiently map the [guest image](#guest-image) in the [host environment](#environments) into the [guest VM environment](#environments) to become the VM's -[rootfs](#root-filesystem). +[rootfs](background.md#root-filesystem). If the [configured](#configuration) [hypervisor](#hypervisor) is set to either QEMU or Cloud Hypervisor, DAX is used with the feature shown @@ -789,7 +693,7 @@ in the table below: The features in the table above are equivalent in that they provide a memory-mapped virtual device which is used to DAX map the VM's -[rootfs](#root-filesystem) into the [VM guest](#environments) memory +[rootfs](background.md#root-filesystem) into the [VM guest](#environments) memory address space. The VM is then booted, specifying the `root=` kernel parameter to make diff --git a/docs/design/architecture/background.md b/docs/design/architecture/background.md new file mode 100644 index 000000000..b052293b7 --- /dev/null +++ b/docs/design/architecture/background.md @@ -0,0 +1,81 @@ +# Kata Containers architecture background knowledge + +The following sections explain some of the background concepts +required to understand the [architecture document](README.md). + +## Root filesystem + +This document uses the term _rootfs_ to refer to a root filesystem +which is mounted as the top-level directory ("`/`") and often referred +to as _slash_. + +It is important to understand this term since the overall system uses +multiple different rootfs's (as explained in the +[Environments](README.md#environments) section. + +## Container image + +In the [example command](example-command.md) the user has specified the +type of container they wish to run via the container image name: +`ubuntu`. This image name corresponds to a _container image_ that can +be used to create a container with an Ubuntu Linux environment. Hence, +in our [example](example-command.md), the `sh(1)` command will be run +inside a container which has an Ubuntu rootfs. + +> **Note:** +> +> The term _container image_ is confusing since the image in question +> is **not** a container: it is simply a set of files (_an image_) +> that can be used to _create_ a container. The term _container +> template_ would be more accurate but the term _container image_ is +> commonly used so this document uses the standard term. + +For the purposes of this document, the most important part of the +[example command line](example-command.md) is the container image the +user has requested. Normally, the container manager will _pull_ +(download) a container image from a remote site and store a copy +locally. This local container image is used by the container manager +to create an [OCI bundle](#oci-bundle) which will form the environment +the container will run in. After creating the OCI bundle, the +container manager launches a [runtime](README.md#runtime) which will create the +container using the provided OCI bundle. + +## OCI bundle + +To understand what follows, it is important to know at a high level +how an OCI ([Open Containers Initiative](https://opencontainers.org)) compatible container is created. + +An OCI compatible container is created by taking a +[container image](#container-image) and converting the embedded rootfs +into an +[OCI rootfs bundle](https://github.com/opencontainers/runtime-spec/blob/main/bundle.md), +or more simply, an _OCI bundle_. + +An OCI bundle is a `tar(1)` archive normally created by a container +manager which is passed to an OCI [runtime](README.md#runtime) which converts +it into a full container rootfs. The bundle contains two assets: + +- A container image [rootfs](#root-filesystem) + + This is simply a directory of files that will be used to represent + the rootfs for the container. + + For the [example command](example-command.md), the directory will + contain the files necessary to create a minimal Ubuntu root + filesystem. + +- An [OCI configuration file](https://github.com/opencontainers/runtime-spec/blob/main/config.md) + + This is a JSON file called `config.json`. + + The container manager will create this file so that: + + - The `root.path` value is set to the full path of the specified + container rootfs. + + In [the example](example-command.md) this value will be `ubuntu`. + + - The `process.args` array specifies the list of commands the user + wishes to run. This is known as the [workload](README.md#workload). + + In [the example](example-command.md) the workload is `sh(1)`. diff --git a/docs/design/architecture/example-command.md b/docs/design/architecture/example-command.md new file mode 100644 index 000000000..559e5dfd0 --- /dev/null +++ b/docs/design/architecture/example-command.md @@ -0,0 +1,30 @@ +# Example command + +The following containerd command creates a container. It is referred +to throughout the architecture document to help explain various points: + +```bash +$ sudo ctr run --runtime "io.containerd.kata.v2" --rm -t "quay.io/libpod/ubuntu:latest" foo sh +``` + +This command requests that containerd: + +- Create a container (`ctr run`). +- Use the Kata [shimv2](README.md#shim-v2-architecture) runtime (`--runtime "io.containerd.kata.v2"`). +- Delete the container when it [exits](README.md#workload-exit) (`--rm`). +- Attach the container to the user's terminal (`-t`). +- Use the Ubuntu Linux [container image](background.md#container-image) + to create the container [rootfs](background.md#root-filesystem) that will become + the [container environment](README.md#environments) + (`quay.io/libpod/ubuntu:latest`). +- Create the container with the name "`foo`". +- Run the `sh(1)` command in the Ubuntu rootfs based container + environment. + + The command specified here is referred to as the [workload](README.md#workload). + +> **Note:** +> +> For the purposes of this document and to keep explanations +> simpler, we assume the user is running this command in the +> [host environment](README.md#environments). From 5df0cb642055bc4c9c485974e5dc67d5739792df Mon Sep 17 00:00:00 2001 From: "James O. D. Hunt" Date: Thu, 16 Dec 2021 12:19:10 +0000 Subject: [PATCH 10/37] docs: Split storage out of arch doc Move the storage details in the architecture doc to a separate file. Partially fixes: #3246. Signed-off-by: James O. D. Hunt --- docs/design/architecture/README.md | 49 +++-------------------------- docs/design/architecture/storage.md | 44 ++++++++++++++++++++++++++ 2 files changed, 48 insertions(+), 45 deletions(-) create mode 100644 docs/design/architecture/storage.md diff --git a/docs/design/architecture/README.md b/docs/design/architecture/README.md index 5baaee56e..1fc2275b9 100644 --- a/docs/design/architecture/README.md +++ b/docs/design/architecture/README.md @@ -118,7 +118,7 @@ to study this table closely to make sense of what follows: |-|-|-|-|-|-|-|-| | Host | Host | no `[1]` | no | Host specific | Host specific | Host specific | The environment provided by a standard, physical non virtualized system. | | VM root | Guest VM | yes | no | rootfs inside the [guest image](#guest-image) | Hypervisor specific `[2]` | `ext4` | The first (or top) level VM environment created on a host system. | -| VM container root | Container | yes | yes | rootfs type requested by user ([`ubuntu` in the example](example-command.md)) | `kataShared` | [virtio FS](#virtio-fs) | The first (or top) level container environment created inside the VM. Based on the [OCI bundle](background.md#oci-bundle). | +| VM container root | Container | yes | yes | rootfs type requested by user ([`ubuntu` in the example](example-command.md)) | `kataShared` | [virtio FS](storage.md#virtio-fs) | The first (or top) level container environment created inside the VM. Based on the [OCI bundle](background.md#oci-bundle). | **Key:** @@ -163,7 +163,7 @@ created using the containerd container manager: - The hypervisor [DAX](#dax) shares the [guest image](#guest-image) into the VM to become the VM [rootfs](background.md#root-filesystem) (mounted on a `/dev/pmem*` device), which is known as the [VM root environment](#environments). - - The hypervisor mounts the [OCI bundle](background.md#oci-bundle), using [virtio FS](#virtio-fs), + - The hypervisor mounts the [OCI bundle](background.md#oci-bundle), using [virtio FS](storage.md#virtio-fs), into a container specific directory inside the VM's rootfs. This container specific directory will become the @@ -505,7 +505,7 @@ created with containerd using our [example command](example-command.md): | Description | Host | VM root environment | VM container environment | |-|-|-|-| | Container manager | `containerd` | | -| Kata Containers | [runtime](#runtime), [`virtiofsd`](#virtio-fs), [hypervisor](#hypervisor) | [agent](#agent) | +| Kata Containers | [runtime](#runtime), [`virtiofsd`](storage.md#virtio-fs), [hypervisor](#hypervisor) | [agent](#agent) | | User [workload](#workload) | | | [`ubuntu sh`](example-command.md) | ## Networking @@ -557,48 +557,7 @@ The following diagram illustrates the Kata Containers network hotplug workflow. ## Storage -### virtio SCSI - -If a block-based graph driver is [configured](#configuration), -`virtio-scsi` is used to _share_ the workload image (such as -`busybox:latest`) into the container's environment inside the VM. - -### virtio FS - -If a block-based graph driver is _not_ [configured](#configuration), a -[`virtio-fs`](https://virtio-fs.gitlab.io) (`VIRTIO`) overlay -filesystem mount point is used to _share_ the workload image instead. The -[agent](#agent) uses this mount point as the root filesystem for the -container processes. - -For virtio-fs, the [runtime](#runtime) starts one `virtiofsd` daemon -(that runs in the host context) for each VM created. - -### Devicemapper - -The -[devicemapper `snapshotter`](https://github.com/containerd/containerd/tree/master/snapshots/devmapper) -is a special case. The `snapshotter` uses dedicated block devices -rather than formatted filesystems, and operates at the block level -rather than the file level. This knowledge is used to directly use the -underlying block device instead of the overlay file system for the -container root file system. The block device maps to the top -read-write layer for the overlay. This approach gives much better I/O -performance compared to using `virtio-fs` to share the container file -system. - -#### Hot plug and unplug - -Kata Containers has the ability to hot plug add and hot plug remove -block devices. This makes it possible to use block devices for -containers started after the VM has been launched. - -Users can check to see if the container uses the `devicemapper` block -device as its rootfs by calling `mount(8)` within the container. If -the `devicemapper` block device is used, the root filesystem (`/`) -will be mounted from `/dev/vda`. Users can disable direct mounting of -the underlying block device through the runtime -[configuration](#configuration). +See the [storage document](storage.md). ## Kubernetes support diff --git a/docs/design/architecture/storage.md b/docs/design/architecture/storage.md new file mode 100644 index 000000000..974f260c3 --- /dev/null +++ b/docs/design/architecture/storage.md @@ -0,0 +1,44 @@ +# Storage + +## virtio SCSI + +If a block-based graph driver is [configured](README.md#configuration), +`virtio-scsi` is used to _share_ the workload image (such as +`busybox:latest`) into the container's environment inside the VM. + +## virtio FS + +If a block-based graph driver is _not_ [configured](README.md#configuration), a +[`virtio-fs`](https://virtio-fs.gitlab.io) (`VIRTIO`) overlay +filesystem mount point is used to _share_ the workload image instead. The +[agent](README.md#agent) uses this mount point as the root filesystem for the +container processes. + +For virtio-fs, the [runtime](README.md#runtime) starts one `virtiofsd` daemon +(that runs in the host context) for each VM created. + +## Devicemapper + +The +[devicemapper `snapshotter`](https://github.com/containerd/containerd/tree/master/snapshots/devmapper) +is a special case. The `snapshotter` uses dedicated block devices +rather than formatted filesystems, and operates at the block level +rather than the file level. This knowledge is used to directly use the +underlying block device instead of the overlay file system for the +container root file system. The block device maps to the top +read-write layer for the overlay. This approach gives much better I/O +performance compared to using `virtio-fs` to share the container file +system. + +#### Hot plug and unplug + +Kata Containers has the ability to hot plug add and hot plug remove +block devices. This makes it possible to use block devices for +containers started after the VM has been launched. + +Users can check to see if the container uses the `devicemapper` block +device as its rootfs by calling `mount(8)` within the container. If +the `devicemapper` block device is used, the root filesystem (`/`) +will be mounted from `/dev/vda`. Users can disable direct mounting of +the underlying block device through the runtime +[configuration](README.md#configuration). From 7ac619b24efc8137ab0b75de0840deb5adddec38 Mon Sep 17 00:00:00 2001 From: "James O. D. Hunt" Date: Thu, 16 Dec 2021 12:27:41 +0000 Subject: [PATCH 11/37] docs: Split networking out of arch doc Move the networking details out of the architecture doc and into a separate file. Partially fixes: #3246. Signed-off-by: James O. D. Hunt --- docs/design/architecture/README.md | 45 +----------------------- docs/design/architecture/networking.md | 48 ++++++++++++++++++++++++++ 2 files changed, 49 insertions(+), 44 deletions(-) create mode 100644 docs/design/architecture/networking.md diff --git a/docs/design/architecture/README.md b/docs/design/architecture/README.md index 1fc2275b9..89c877b4e 100644 --- a/docs/design/architecture/README.md +++ b/docs/design/architecture/README.md @@ -510,50 +510,7 @@ created with containerd using our [example command](example-command.md): ## Networking -Containers will typically live in their own, possibly shared, networking namespace. -At some point in a container lifecycle, container engines will set up that namespace -to add the container to a network which is isolated from the host network, but -which is shared between containers - -In order to do so, container engines will usually add one end of a virtual -ethernet (`veth`) pair into the container networking namespace. The other end of -the `veth` pair is added to the host networking namespace. - -This is a very namespace-centric approach as many hypervisors or VM -Managers (VMMs) such as `virt-manager` cannot handle `veth` -interfaces. Typically, `TAP` interfaces are created for VM -connectivity. - -To overcome incompatibility between typical container engines expectations -and virtual machines, Kata Containers networking transparently connects `veth` -interfaces with `TAP` ones using Traffic Control: - -![Kata Containers networking](../arch-images/network.png) - -With a TC filter in place, a redirection is created between the container network and the -virtual machine. As an example, the CNI may create a device, `eth0`, in the container's network -namespace, which is a VETH device. Kata Containers will create a tap device for the VM, `tap0_kata`, -and setup a TC redirection filter to mirror traffic from `eth0`'s ingress to `tap0_kata`'s egress, -and a second to mirror traffic from `tap0_kata`'s ingress to `eth0`'s egress. - -Kata Containers maintains support for MACVTAP, which was an earlier implementation used in Kata. TC-filter -is the default because it allows for simpler configuration, better CNI plugin compatibility, and performance -on par with MACVTAP. - -Kata Containers has deprecated support for bridge due to lacking performance relative to TC-filter and MACVTAP. - -Kata Containers supports both -[CNM](https://github.com/docker/libnetwork/blob/master/docs/design.md#the-container-network-model) -and [CNI](https://github.com/containernetworking/cni) for networking management. - -### Network Hotplug - -Kata Containers has developed a set of network sub-commands and APIs to add, list and -remove a guest network endpoint and to manipulate the guest route table. - -The following diagram illustrates the Kata Containers network hotplug workflow. - -![Network Hotplug](../arch-images/kata-containers-network-hotplug.png) +See the [networking document](networking.md). ## Storage diff --git a/docs/design/architecture/networking.md b/docs/design/architecture/networking.md new file mode 100644 index 000000000..80a6b7d27 --- /dev/null +++ b/docs/design/architecture/networking.md @@ -0,0 +1,48 @@ +# Networking + +See the [networking document](networking.md). + +Containers will typically live in their own, possibly shared, networking namespace. +At some point in a container lifecycle, container engines will set up that namespace +to add the container to a network which is isolated from the host network, but +which is shared between containers + +In order to do so, container engines will usually add one end of a virtual +ethernet (`veth`) pair into the container networking namespace. The other end of +the `veth` pair is added to the host networking namespace. + +This is a very namespace-centric approach as many hypervisors or VM +Managers (VMMs) such as `virt-manager` cannot handle `veth` +interfaces. Typically, `TAP` interfaces are created for VM +connectivity. + +To overcome incompatibility between typical container engines expectations +and virtual machines, Kata Containers networking transparently connects `veth` +interfaces with `TAP` ones using Traffic Control: + +![Kata Containers networking](../arch-images/network.png) + +With a TC filter in place, a redirection is created between the container network and the +virtual machine. As an example, the CNI may create a device, `eth0`, in the container's network +namespace, which is a VETH device. Kata Containers will create a tap device for the VM, `tap0_kata`, +and setup a TC redirection filter to mirror traffic from `eth0`'s ingress to `tap0_kata`'s egress, +and a second to mirror traffic from `tap0_kata`'s ingress to `eth0`'s egress. + +Kata Containers maintains support for MACVTAP, which was an earlier implementation used in Kata. TC-filter +is the default because it allows for simpler configuration, better CNI plugin compatibility, and performance +on par with MACVTAP. + +Kata Containers has deprecated support for bridge due to lacking performance relative to TC-filter and MACVTAP. + +Kata Containers supports both +[CNM](https://github.com/docker/libnetwork/blob/master/docs/design.md#the-container-network-model) +and [CNI](https://github.com/containernetworking/cni) for networking management. + +## Network Hotplug + +Kata Containers has developed a set of network sub-commands and APIs to add, list and +remove a guest network endpoint and to manipulate the guest route table. + +The following diagram illustrates the Kata Containers network hotplug workflow. + +![Network Hotplug](../arch-images/kata-containers-network-hotplug.png) From db411c23e83cf2fcf2a39d6169bfbe7c9c7178ee Mon Sep 17 00:00:00 2001 From: "James O. D. Hunt" Date: Thu, 16 Dec 2021 12:53:16 +0000 Subject: [PATCH 12/37] docs: Split k8s info out of arch doc Move the Kubernetes information out of the architecture doc and into a separate file. Partially fixes: #3246. Signed-off-by: James O. D. Hunt --- docs/design/architecture/README.md | 38 ++------------------------ docs/design/architecture/kubernetes.md | 35 ++++++++++++++++++++++++ 2 files changed, 38 insertions(+), 35 deletions(-) create mode 100644 docs/design/architecture/kubernetes.md diff --git a/docs/design/architecture/README.md b/docs/design/architecture/README.md index 89c877b4e..c92750847 100644 --- a/docs/design/architecture/README.md +++ b/docs/design/architecture/README.md @@ -80,7 +80,7 @@ The shimv2 architecture allows running several containers per VM to support container engines that require multiple containers running inside a pod. -With the new architecture [Kubernetes](#kubernetes-support) can +With the new architecture [Kubernetes](kubernetes.md) can launch both Pod and OCI compatible containers with a single [runtime](#runtime) shim per Pod, rather than `2N+1` shims. No stand alone `kata-proxy` process is required, even if VSOCK is not @@ -141,7 +141,7 @@ The reasons for containerizing the [workload](#workload) inside the VM are: - Isolates the workload entirely from the VM environment. -- Provides better isolation between containers in a [pod](#kubernetes-support). +- Provides better isolation between containers in a [pod](kubernetes.md). - Allows the workload to be managed and monitored through its cgroup confinement. @@ -518,39 +518,7 @@ See the [storage document](storage.md). ## Kubernetes support -[Kubernetes](https://github.com/kubernetes/kubernetes/), or K8s, is a popular open source -container orchestration engine. In Kubernetes, a set of containers sharing resources -such as networking, storage, mount, PID, etc. is called a -[pod](https://kubernetes.io/docs/user-guide/pods/). - -A node can have multiple pods, but at a minimum, a node within a Kubernetes cluster -only needs to run a container runtime and a container agent (called a -[Kubelet](https://kubernetes.io/docs/admin/kubelet/)). - -Kata Containers represents a Kubelet pod as a VM. - -A Kubernetes cluster runs a control plane where a scheduler (typically -running on a dedicated master node) calls into a compute Kubelet. This -Kubelet instance is responsible for managing the lifecycle of pods -within the nodes and eventually relies on a container runtime to -handle execution. The Kubelet architecture decouples lifecycle -management from container execution through a dedicated gRPC based -[Container Runtime Interface (CRI)](https://github.com/kubernetes/community/blob/master/contributors/design-proposals/node/container-runtime-interface-v1.md). - -In other words, a Kubelet is a CRI client and expects a CRI -implementation to handle the server side of the interface. -[CRI-O](https://github.com/kubernetes-incubator/cri-o) and -[containerd](https://github.com/containerd/containerd/) are CRI -implementations that rely on -[OCI](https://github.com/opencontainers/runtime-spec) compatible -runtimes for managing container instances. - -Kata Containers is an officially supported CRI-O and containerd -runtime. Refer to the following guides on how to set up Kata -Containers with Kubernetes: - -- [How to use Kata Containers and containerd](../../how-to/containerd-kata.md) -- [Run Kata Containers with Kubernetes](../../how-to/run-kata-with-k8s.md) +See the [Kubernetes document](kubernetes.md). #### OCI annotations diff --git a/docs/design/architecture/kubernetes.md b/docs/design/architecture/kubernetes.md new file mode 100644 index 000000000..be7377b39 --- /dev/null +++ b/docs/design/architecture/kubernetes.md @@ -0,0 +1,35 @@ +# Kubernetes support + +[Kubernetes](https://github.com/kubernetes/kubernetes/), or K8s, is a popular open source +container orchestration engine. In Kubernetes, a set of containers sharing resources +such as networking, storage, mount, PID, etc. is called a +[pod](https://kubernetes.io/docs/user-guide/pods/). + +A node can have multiple pods, but at a minimum, a node within a Kubernetes cluster +only needs to run a container runtime and a container agent (called a +[Kubelet](https://kubernetes.io/docs/admin/kubelet/)). + +Kata Containers represents a Kubelet pod as a VM. + +A Kubernetes cluster runs a control plane where a scheduler (typically +running on a dedicated master node) calls into a compute Kubelet. This +Kubelet instance is responsible for managing the lifecycle of pods +within the nodes and eventually relies on a container runtime to +handle execution. The Kubelet architecture decouples lifecycle +management from container execution through a dedicated gRPC based +[Container Runtime Interface (CRI)](https://github.com/kubernetes/community/blob/master/contributors/design-proposals/node/container-runtime-interface-v1.md). + +In other words, a Kubelet is a CRI client and expects a CRI +implementation to handle the server side of the interface. +[CRI-O](https://github.com/kubernetes-incubator/cri-o) and +[containerd](https://github.com/containerd/containerd/) are CRI +implementations that rely on +[OCI](https://github.com/opencontainers/runtime-spec) compatible +runtimes for managing container instances. + +Kata Containers is an officially supported CRI-O and containerd +runtime. Refer to the following guides on how to set up Kata +Containers with Kubernetes: + +- [How to use Kata Containers and containerd](../../how-to/containerd-kata.md) +- [Run Kata Containers with Kubernetes](../../how-to/run-kata-with-k8s.md) From 233015a6d9e196929da11dd4692b1848c3a57671 Mon Sep 17 00:00:00 2001 From: "James O. D. Hunt" Date: Thu, 16 Dec 2021 14:09:38 +0000 Subject: [PATCH 13/37] docs: Split guest assets details out of arch doc Move the guest assets details out of the architecture doc and into a separate file. Fixes: #3246. Signed-off-by: James O. D. Hunt --- docs/design/architecture/README.md | 175 +++-------------------- docs/design/architecture/guest-assets.md | 150 +++++++++++++++++++ 2 files changed, 167 insertions(+), 158 deletions(-) create mode 100644 docs/design/architecture/guest-assets.md diff --git a/docs/design/architecture/README.md b/docs/design/architecture/README.md index c92750847..9b5ccbe54 100644 --- a/docs/design/architecture/README.md +++ b/docs/design/architecture/README.md @@ -117,7 +117,7 @@ to study this table closely to make sense of what follows: | Type | Name | Virtualized | Containerized | rootfs | Rootfs device type | Mount type | Description | |-|-|-|-|-|-|-|-| | Host | Host | no `[1]` | no | Host specific | Host specific | Host specific | The environment provided by a standard, physical non virtualized system. | -| VM root | Guest VM | yes | no | rootfs inside the [guest image](#guest-image) | Hypervisor specific `[2]` | `ext4` | The first (or top) level VM environment created on a host system. | +| VM root | Guest VM | yes | no | rootfs inside the [guest image](guest-assets.md#guest-image) | Hypervisor specific `[2]` | `ext4` | The first (or top) level VM environment created on a host system. | | VM container root | Container | yes | yes | rootfs type requested by user ([`ubuntu` in the example](example-command.md)) | `kataShared` | [virtio FS](storage.md#virtio-fs) | The first (or top) level container environment created inside the VM. Based on the [OCI bundle](background.md#oci-bundle). | **Key:** @@ -158,9 +158,10 @@ created using the containerd container manager: 1. The container manager calls a set of shimv2 API functions on the runtime. 1. The Kata runtime launches the configured [hypervisor](#hypervisor). 1. The hypervisor creates and starts (_boots_) a VM using the - [guest assets](#guest-assets): + [guest assets](guest-assets.md#guest-assets): - - The hypervisor [DAX](#dax) shares the [guest image](#guest-image) + - The hypervisor [DAX](#dax) shares the + [guest image](guest-assets.md#guest-image) into the VM to become the VM [rootfs](background.md#root-filesystem) (mounted on a `/dev/pmem*` device), which is known as the [VM root environment](#environments). - The hypervisor mounts the [OCI bundle](background.md#oci-bundle), using [virtio FS](storage.md#virtio-fs), @@ -189,13 +190,13 @@ created using the containerd container manager: > a container environment created by the > [`runc`](https://github.com/opencontainers/runc) OCI runtime; > Linux cgroups and namespaces are created inside the VM by the - > [guest kernel](#guest-kernel) to isolate the workload from the - > VM environment the container is created in. See the - > [Environments](#environments) section for an explanation of why - > this is done. + > [guest kernel](guest-assets.md#guest-kernel) to isolate the + > workload from the VM environment the container is created in. + > See the [Environments](#environments) section for an + > explanation of why this is done. > - > - See the [guest image](#guest-image) section for details of - > exactly how the agent is started. + > - See the [guest image](guest-assets.md#guest-image) section for + > details of exactly how the agent is started. 1. The container manager returns control of the container to the user running the `ctr` command. @@ -253,153 +254,11 @@ If the container manager requests the container be deleted, the ## Guest assets -Kata Containers creates a VM in which to run one or more containers. It -does this by launching a [hypervisor](#hypervisor) to create the VM. -The hypervisor needs two assets for this task: a Linux kernel and a -small root filesystem image to boot the VM. +The guest assets comprise a guest image and a guest kernel that are +used by the [hypervisor](#hypervisor). -### Guest kernel - -The [guest kernel](../../../tools/packaging/kernel) -is passed to the hypervisor and used to boot the VM. -The default kernel provided in Kata Containers is highly optimized for -kernel boot time and minimal memory footprint, providing only those -services required by a container workload. It is based on the latest -Linux LTS (Long Term Support) [kernel](https://www.kernel.org). - -### Guest image - -The hypervisor uses an image file which provides a minimal root -filesystem used by the guest kernel to boot the VM and host the Kata -Container. Kata Containers supports both initrd and rootfs based -minimal guest images. The [default packages](../../install/) provide both -an image and an initrd, both of which are created using the -[`osbuilder`](../../../tools/osbuilder) tool. - -> **Notes:** -> -> - Although initrd and rootfs based images are supported, not all -> [hypervisors](#hypervisor) support both types of image. -> -> - The guest image is *unrelated* to the image used in a container -> workload. -> -> For example, if a user creates a container that runs a shell in a -> BusyBox image, they will run that shell in a BusyBox environment. -> However, the guest image running inside the VM that is used to -> *host* that BusyBox image could be running Clear Linux, Ubuntu, -> Fedora or any other distribution potentially. -> -> The `osbuilder` tool provides -> [configurations for various common Linux distributions](../../../tools/osbuilder/rootfs-builder) -> which can be built into either initrd or rootfs guest images. -> -> - If you are using a [packaged version of Kata -> Containers](../../install), you can see image details by running the -> [`kata-collect-data.sh`](../../../src/runtime/data/kata-collect-data.sh.in) -> script as `root` and looking at the "Image details" section of the -> output. - -#### Root filesystem image - -The default packaged rootfs image, sometimes referred to as the _mini -O/S_, is a highly optimized container bootstrap system. - -If this image type is [configured](#configuration), when the user runs -the [example command](example-command.md): - -- The [runtime](#runtime) will launch the configured [hypervisor](#hypervisor). -- The hypervisor will boot the mini-OS image using the [guest kernel](#guest-kernel). -- The kernel will start the init daemon as PID 1 (`systemd`) inside the VM root environment. -- `systemd`, running inside the mini-OS context, will launch the [agent](#agent) - in the root context of the VM. -- The agent will create a new container environment, setting its root - filesystem to that requested by the user (Ubuntu in [the example](example-command.md)). -- The agent will then execute the command (`sh(1)` in [the example](example-command.md)) - inside the new container. - -The table below summarises the default mini O/S showing the -environments that are created, the services running in those -environments (for all platforms) and the root filesystem used by -each service: - -| Process | Environment | systemd service? | rootfs | User accessible | Notes | -|-|-|-|-|-|-| -| systemd | VM root | n/a | [VM guest image](#guest-image)| [debug console][debug-console] | The init daemon, running as PID 1 | -| [Agent](#agent) | VM root | yes | [VM guest image](#guest-image)| [debug console][debug-console] | Runs as a systemd service | -| `chronyd` | VM root | yes | [VM guest image](#guest-image)| [debug console][debug-console] | Used to synchronise the time with the host | -| container workload (`sh(1)` in [the example](example-command.md)) | VM container | no | User specified (Ubuntu in [the example](example-command.md)) | [exec command](#exec-command) | Managed by the agent | - -See also the [process overview](#process-overview). - -> **Notes:** -> -> - The "User accessible" column shows how an administrator can access -> the environment. -> -> - The container workload is running inside a full container -> environment which itself is running within a VM environment. -> -> - See the [configuration files for the `osbuilder` tool](../../../tools/osbuilder/rootfs-builder) -> for details of the default distribution for platforms other than -> Intel x86_64. - -#### Initrd image - -The initrd image is a compressed `cpio(1)` archive, created from a -rootfs which is loaded into memory and used as part of the Linux -startup process. During startup, the kernel unpacks it into a special -instance of a `tmpfs` mount that becomes the initial root filesystem. - -If this image type is [configured](#configuration), when the user runs -the [example command](example-command.md): - -- The [runtime](#runtime) will launch the configured [hypervisor](#hypervisor). -- The hypervisor will boot the mini-OS image using the [guest kernel](#guest-kernel). -- The kernel will start the init daemon as PID 1 (the [agent](#agent)) - inside the VM root environment. -- The [agent](#agent) will create a new container environment, setting its root - filesystem to that requested by the user (`ubuntu` in - [the example](example-command.md)). -- The agent will then execute the command (`sh(1)` in [the example](example-command.md)) - inside the new container. - -The table below summarises the default mini O/S showing the environments that are created, -the processes running in those environments (for all platforms) and -the root filesystem used by each service: - -| Process | Environment | rootfs | User accessible | Notes | -|-|-|-|-|-| -| [Agent](#agent) | VM root | [VM guest image](#guest-image) | [debug console][debug-console] | Runs as the init daemon (PID 1) | -| container workload | VM container | User specified (Ubuntu in this example) | [exec command](#exec-command) | Managed by the agent | - -> **Notes:** -> -> - The "User accessible" column shows how an administrator can access -> the environment. -> -> - It is possible to use a standard init daemon such as systemd with -> an initrd image if this is desirable. - -See also the [process overview](#process-overview). - -#### Image summary - -| Image type | Default distro | Init daemon | Reason | Notes | -|-|-|-|-|-| -| [image](background.md#root-filesystem-image) | [Clear Linux](https://clearlinux.org) (for x86_64 systems)| systemd | Minimal and highly optimized | systemd offers flexibility | -| [initrd](#initrd-image) | [Alpine Linux](https://alpinelinux.org) | Kata [agent](#agent) (as no systemd support) | Security hardened and tiny C library | - -See also: - -- The [osbuilder](../../../tools/osbuilder) tool - - This is used to build all default image types. - -- The [versions database](../../../versions.yaml) - - The `default-image-name` and `default-initrd-name` options specify - the default distributions for each image type. +See the [guest assets](guest-assets.md) document for further +information. ## Hypervisor @@ -561,7 +420,7 @@ architecture. Kata Containers utilizes the Linux kernel DAX [(Direct Access filesystem)](https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/filesystems/dax.rst?h=v5.14) -feature to efficiently map the [guest image](#guest-image) in the +feature to efficiently map the [guest image](guest-assets.md#guest-image) in the [host environment](#environments) into the [guest VM environment](#environments) to become the VM's [rootfs](background.md#root-filesystem). @@ -581,7 +440,7 @@ virtual device which is used to DAX map the VM's address space. The VM is then booted, specifying the `root=` kernel parameter to make -the [guest kernel](#guest-kernel) use the appropriate emulated device +the [guest kernel](guest-assets.md#guest-kernel) use the appropriate emulated device as its rootfs. ### DAX advantages @@ -591,7 +450,7 @@ more traditional VM file and device mapping mechanisms: - Mapping as a direct access device allows the guest to directly access the host memory pages (such as via Execute In Place (XIP)), - bypassing the [guest kernel](#guest-kernel)'s page cache. This + bypassing the [guest kernel](guest-assets.md#guest-kernel)'s page cache. This zero copy provides both time and space optimizations. - Mapping as a direct access device inside the VM allows pages from the diff --git a/docs/design/architecture/guest-assets.md b/docs/design/architecture/guest-assets.md new file mode 100644 index 000000000..9c4995268 --- /dev/null +++ b/docs/design/architecture/guest-assets.md @@ -0,0 +1,150 @@ +# Guest assets + +Kata Containers creates a VM in which to run one or more containers. +It does this by launching a [hypervisor](README.md#hypervisor) to +create the VM. The hypervisor needs two assets for this task: a Linux +kernel and a small root filesystem image to boot the VM. + +## Guest kernel + +The [guest kernel](../../../tools/packaging/kernel) +is passed to the hypervisor and used to boot the VM. +The default kernel provided in Kata Containers is highly optimized for +kernel boot time and minimal memory footprint, providing only those +services required by a container workload. It is based on the latest +Linux LTS (Long Term Support) [kernel](https://www.kernel.org). + +## Guest image + +The hypervisor uses an image file which provides a minimal root +filesystem used by the guest kernel to boot the VM and host the Kata +Container. Kata Containers supports both initrd and rootfs based +minimal guest images. The [default packages](../../install/) provide both +an image and an initrd, both of which are created using the +[`osbuilder`](../../../tools/osbuilder) tool. + +> **Notes:** +> +> - Although initrd and rootfs based images are supported, not all +> [hypervisors](README.md#hypervisor) support both types of image. +> +> - The guest image is *unrelated* to the image used in a container +> workload. +> +> For example, if a user creates a container that runs a shell in a +> BusyBox image, they will run that shell in a BusyBox environment. +> However, the guest image running inside the VM that is used to +> *host* that BusyBox image could be running Clear Linux, Ubuntu, +> Fedora or any other distribution potentially. +> +> The `osbuilder` tool provides +> [configurations for various common Linux distributions](../../../tools/osbuilder/rootfs-builder) +> which can be built into either initrd or rootfs guest images. +> +> - If you are using a [packaged version of Kata +> Containers](../../install), you can see image details by running the +> [`kata-collect-data.sh`](../../../src/runtime/data/kata-collect-data.sh.in) +> script as `root` and looking at the "Image details" section of the +> output. + +#### Root filesystem image + +The default packaged rootfs image, sometimes referred to as the _mini +O/S_, is a highly optimized container bootstrap system. + +If this image type is [configured](README.md#configuration), when the +user runs the [example command](example-command.md): + +- The [runtime](README.md#runtime) will launch the configured [hypervisor](README.md#hypervisor). +- The hypervisor will boot the mini-OS image using the [guest kernel](#guest-kernel). +- The kernel will start the init daemon as PID 1 (`systemd`) inside the VM root environment. +- `systemd`, running inside the mini-OS context, will launch the [agent](README.md#agent) + in the root context of the VM. +- The agent will create a new container environment, setting its root + filesystem to that requested by the user (Ubuntu in [the example](example-command.md)). +- The agent will then execute the command (`sh(1)` in [the example](example-command.md)) + inside the new container. + +The table below summarises the default mini O/S showing the +environments that are created, the services running in those +environments (for all platforms) and the root filesystem used by +each service: + +| Process | Environment | systemd service? | rootfs | User accessible | Notes | +|-|-|-|-|-|-| +| systemd | VM root | n/a | [VM guest image](#guest-image)| [debug console][debug-console] | The init daemon, running as PID 1 | +| [Agent](README.md#agent) | VM root | yes | [VM guest image](#guest-image)| [debug console][debug-console] | Runs as a systemd service | +| `chronyd` | VM root | yes | [VM guest image](#guest-image)| [debug console][debug-console] | Used to synchronise the time with the host | +| container workload (`sh(1)` in [the example](example-command.md)) | VM container | no | User specified (Ubuntu in [the example](example-command.md)) | [exec command](README.md#exec-command) | Managed by the agent | + +See also the [process overview](README.md#process-overview). + +> **Notes:** +> +> - The "User accessible" column shows how an administrator can access +> the environment. +> +> - The container workload is running inside a full container +> environment which itself is running within a VM environment. +> +> - See the [configuration files for the `osbuilder` tool](../../../tools/osbuilder/rootfs-builder) +> for details of the default distribution for platforms other than +> Intel x86_64. + +#### Initrd image + +The initrd image is a compressed `cpio(1)` archive, created from a +rootfs which is loaded into memory and used as part of the Linux +startup process. During startup, the kernel unpacks it into a special +instance of a `tmpfs` mount that becomes the initial root filesystem. + +If this image type is [configured](README.md#configuration), when the user runs +the [example command](example-command.md): + +- The [runtime](README.md#runtime) will launch the configured [hypervisor](README.md#hypervisor). +- The hypervisor will boot the mini-OS image using the [guest kernel](#guest-kernel). +- The kernel will start the init daemon as PID 1 (the + [agent](README.md#agent)) + inside the VM root environment. +- The [agent](README.md#agent) will create a new container environment, setting its root + filesystem to that requested by the user (`ubuntu` in + [the example](example-command.md)). +- The agent will then execute the command (`sh(1)` in [the example](example-command.md)) + inside the new container. + +The table below summarises the default mini O/S showing the environments that are created, +the processes running in those environments (for all platforms) and +the root filesystem used by each service: + +| Process | Environment | rootfs | User accessible | Notes | +|-|-|-|-|-| +| [Agent](README.md#agent) | VM root | [VM guest image](#guest-image) | [debug console][debug-console] | Runs as the init daemon (PID 1) | +| container workload | VM container | User specified (Ubuntu in this example) | [exec command](README.md#exec-command) | Managed by the agent | + +> **Notes:** +> +> - The "User accessible" column shows how an administrator can access +> the environment. +> +> - It is possible to use a standard init daemon such as systemd with +> an initrd image if this is desirable. + +See also the [process overview](README.md#process-overview). + +#### Image summary + +| Image type | Default distro | Init daemon | Reason | Notes | +|-|-|-|-|-| +| [image](background.md#root-filesystem-image) | [Clear Linux](https://clearlinux.org) (for x86_64 systems)| systemd | Minimal and highly optimized | systemd offers flexibility | +| [initrd](#initrd-image) | [Alpine Linux](https://alpinelinux.org) | Kata [agent](README.md#agent) (as no systemd support) | Security hardened and tiny C library | + +See also: + +- The [osbuilder](../../../tools/osbuilder) tool + + This is used to build all default image types. + +- The [versions database](../../../versions.yaml) + + The `default-image-name` and `default-initrd-name` options specify + the default distributions for each image type. From 12c8e41c756139f044df5439a1f8c6c5b525bc42 Mon Sep 17 00:00:00 2001 From: Greg Kurz Date: Thu, 16 Dec 2021 11:09:27 +0100 Subject: [PATCH 14/37] qemu: Disable libudev for QEMU 5.2 and newer Commit 112ea25859d6 disabled libudev for static builds because it was breaking snap. It turns out that the only users of libudev in QEMU are qemu-pr-helper and USB. Kata already disables USB and doesn't use qemu-pr-helper. Disable libudev for all builds if QEMU supports it, i.e. version 5.2 or newer. Fixes #3078 Signed-off-by: Greg Kurz --- tools/packaging/scripts/configure-hypervisor.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/tools/packaging/scripts/configure-hypervisor.sh b/tools/packaging/scripts/configure-hypervisor.sh index b038c0a5d..27d22c53f 100755 --- a/tools/packaging/scripts/configure-hypervisor.sh +++ b/tools/packaging/scripts/configure-hypervisor.sh @@ -310,9 +310,10 @@ generate_qemu_options() { qemu_options+=(size:--disable-qom-cast-debug) qemu_options+=(size:--disable-tcmalloc) - # Disable libudev for static build + # Disable libudev since it is only needed for qemu-pr-helper and USB, + # none of which are used with Kata if gt_eq "${qemu_version}" "5.2.0" ; then - [ "${static}" == "true" ] && qemu_options+=(size:--disable-libudev) + qemu_options+=(size:--disable-libudev) fi # Disallow network downloads From 1653dd4a30f6b4a6de6ba1675e70042f4f38ef5b Mon Sep 17 00:00:00 2001 From: Chelsea Mafrica Date: Thu, 16 Dec 2021 12:44:42 -0800 Subject: [PATCH 15/37] tracing: Add span name to logging error Add span name to logging error to help with debugging when the context is not set before the span is created. Fixes #3289 Signed-off-by: Chelsea Mafrica --- src/runtime/pkg/katautils/katatrace/tracing.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/runtime/pkg/katautils/katatrace/tracing.go b/src/runtime/pkg/katautils/katatrace/tracing.go index d976d8bda..cbbc68115 100644 --- a/src/runtime/pkg/katautils/katatrace/tracing.go +++ b/src/runtime/pkg/katautils/katatrace/tracing.go @@ -130,7 +130,7 @@ func Trace(parent context.Context, logger *logrus.Entry, name string, tags ...ma if logger == nil { logger = kataTraceLogger } - logger.WithField("type", "bug").Error("trace called before context set") + logger.WithField("type", "bug").WithField("name", name).Error("trace called before context set") parent = context.Background() } From d1bc409d578efca3f8b735b5fb3f3efe8cc7946c Mon Sep 17 00:00:00 2001 From: zhanghj Date: Fri, 17 Dec 2021 17:23:05 +0800 Subject: [PATCH 16/37] osbuilder: avoid to copy versions.txt which already deprecated Currently the versions.txt in rootfs-builder dir is already removed, so avoid to copy it in list of helper files. Fixes: #3267 Signed-off-by: zhanghj --- tools/osbuilder/Makefile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/tools/osbuilder/Makefile b/tools/osbuilder/Makefile index a35139c5a..7f0addf8f 100644 --- a/tools/osbuilder/Makefile +++ b/tools/osbuilder/Makefile @@ -182,7 +182,6 @@ SCRIPTS += image-builder/image_builder.sh SCRIPTS += initrd-builder/initrd_builder.sh HELPER_FILES := -HELPER_FILES += rootfs-builder/versions.txt HELPER_FILES += scripts/lib.sh HELPER_FILES += image-builder/nsdax.gpl.c @@ -202,7 +201,7 @@ install-scripts: @$(foreach f,$(SCRIPTS),$(call INSTALL_SCRIPT,$f,$(INSTALL_DIR))) @echo "Installing helper files" @$(foreach f,$(HELPER_FILES),$(call INSTALL_FILE,$f,$(INSTALL_DIR))) - @echo "Installing installing config files" + @echo "Installing config files" @$(foreach f,$(DIST_CONFIGS),$(call INSTALL_FILE,$f,$(INSTALL_DIR))) .PHONY: clean From 87a219a1c9abb0c4399f9f288d18120831746afd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Fri, 17 Dec 2021 13:48:26 +0100 Subject: [PATCH 17/37] docs: Update the stable branch strategy MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit On the last architecture committee meeting, the one held on December 14th 2021, we reached the agreement that minor releases will be cut once every 16 weeks (instead of 12), and that patch releases will be cut every 4 weeks (instead of 3) Fixes: #3298 Signed-off-by: Fabiano Fidêncio --- docs/Stable-Branch-Strategy.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/docs/Stable-Branch-Strategy.md b/docs/Stable-Branch-Strategy.md index d0e6cfb28..416bb087a 100644 --- a/docs/Stable-Branch-Strategy.md +++ b/docs/Stable-Branch-Strategy.md @@ -120,7 +120,7 @@ stable and main. While this is not in place currently, it should be considered i ### Patch releases -Releases are made every three weeks, which include a GitHub release as +Releases are made every four weeks, which include a GitHub release as well as binary packages. These patch releases are made for both stable branches, and a "release candidate" for the next `MAJOR` or `MINOR` is created from main. If there are no changes across all the repositories, no release is created and an announcement is made on the developer mailing list to highlight this. @@ -136,8 +136,7 @@ The process followed for making a release can be found at [Release Process](Rele ### Frequency Minor releases are less frequent in order to provide a more stable baseline for users. They are currently -running on a twelve week cadence. As the Kata Containers code base has reached a certain level of -maturity, we have increased the cadence from six weeks to twelve weeks. The release schedule can be seen on the +running on a sixteen weeks cadence. The release schedule can be seen on the [release rotation wiki page](https://github.com/kata-containers/community/wiki/Release-Team-Rota). ### Compatibility From 5d49ccd613c2090711a22aa7214f4b6708642ae8 Mon Sep 17 00:00:00 2001 From: Wainer dos Santos Moschetta Date: Thu, 16 Dec 2021 17:58:20 -0300 Subject: [PATCH 18/37] packaging/qemu: Use partial git clone The static build of QEMU takes a good amount of time on cloning the source tree because we do a full git clone. In order to speed up that operation this changed the Dockerfile so that it is carried out a partial clone by using --depth=1 argument. Fixes #3291 Signed-off-by: Wainer dos Santos Moschetta --- tools/packaging/static-build/qemu/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/packaging/static-build/qemu/Dockerfile b/tools/packaging/static-build/qemu/Dockerfile index cb15ddeac..a4602ec1c 100644 --- a/tools/packaging/static-build/qemu/Dockerfile +++ b/tools/packaging/static-build/qemu/Dockerfile @@ -52,12 +52,12 @@ RUN [ "$(uname -m)" != "s390x" ] && apt-get install -y libpmem-dev || true ARG QEMU_REPO -RUN cd .. && git clone "${QEMU_REPO}" qemu +RUN cd .. && git clone --depth=1 "${QEMU_REPO}" qemu # commit/tag/branch ARG QEMU_VERSION -RUN git checkout "${QEMU_VERSION}" +RUN git fetch --depth=1 origin "${QEMU_VERSION}" && git checkout FETCH_HEAD RUN git clone https://github.com/qemu/capstone.git capstone RUN git clone https://github.com/qemu/keycodemapdb.git ui/keycodemapdb RUN git clone https://github.com/qemu/meson.git meson From 2938bb7f892483f0674e16baa00a5a3702d8dbe0 Mon Sep 17 00:00:00 2001 From: Wainer dos Santos Moschetta Date: Thu, 16 Dec 2021 18:06:06 -0300 Subject: [PATCH 19/37] packaging/qemu: Use QEMU script to update submodules Currently QEMU's submodules are git cloned but there is the scripts/git-submodule.sh which is meant for that. Let's use that script. Signed-off-by: Wainer dos Santos Moschetta --- tools/packaging/static-build/qemu/Dockerfile | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/tools/packaging/static-build/qemu/Dockerfile b/tools/packaging/static-build/qemu/Dockerfile index a4602ec1c..33e7e2fc6 100644 --- a/tools/packaging/static-build/qemu/Dockerfile +++ b/tools/packaging/static-build/qemu/Dockerfile @@ -58,11 +58,7 @@ RUN cd .. && git clone --depth=1 "${QEMU_REPO}" qemu ARG QEMU_VERSION RUN git fetch --depth=1 origin "${QEMU_VERSION}" && git checkout FETCH_HEAD -RUN git clone https://github.com/qemu/capstone.git capstone -RUN git clone https://github.com/qemu/keycodemapdb.git ui/keycodemapdb -RUN git clone https://github.com/qemu/meson.git meson -RUN git clone https://github.com/qemu/berkeley-softfloat-3.git tests/fp/berkeley-softfloat-3 -RUN git clone https://github.com/qemu/berkeley-testfloat-3.git tests/fp/berkeley-testfloat-3 +RUN scripts/git-submodule.sh update meson capstone ADD scripts/configure-hypervisor.sh /root/configure-hypervisor.sh ADD qemu /root/kata_qemu From fb1989b27a40c791645c6f39c41a16f363f3b572 Mon Sep 17 00:00:00 2001 From: "James O. D. Hunt" Date: Mon, 20 Dec 2021 10:33:48 +0000 Subject: [PATCH 20/37] docs: Fix arch doc formatting PR #3298 failed to move the named link for the debug console to the `guest-assets.md` meaning the debug console cells in the "User accessible" column in the table in the "Root filesystem image" section do not work as a link. Fixes: #3311. Signed-off-by: James O. D. Hunt --- docs/design/architecture/README.md | 2 -- docs/design/architecture/guest-assets.md | 2 ++ 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/design/architecture/README.md b/docs/design/architecture/README.md index 9b5ccbe54..946b457fa 100644 --- a/docs/design/architecture/README.md +++ b/docs/design/architecture/README.md @@ -475,5 +475,3 @@ Containers system. ## Terminology See the [project glossary](../../../Glossary.md). - -[debug-console]: ../../Developer-Guide.md#connect-to-debug-console diff --git a/docs/design/architecture/guest-assets.md b/docs/design/architecture/guest-assets.md index 9c4995268..24d0d8027 100644 --- a/docs/design/architecture/guest-assets.md +++ b/docs/design/architecture/guest-assets.md @@ -148,3 +148,5 @@ See also: The `default-image-name` and `default-initrd-name` options specify the default distributions for each image type. + +[debug-console]: ../../Developer-Guide.md#connect-to-debug-console From 321995b7df787ee18e46d660ccf0d3862831d439 Mon Sep 17 00:00:00 2001 From: "James O. D. Hunt" Date: Mon, 20 Dec 2021 11:22:56 +0000 Subject: [PATCH 21/37] CI: Switch to a mirror as gnu.org is down All CI jobs are failing as www.gnu.org is down, so switch to a mirror for the time being. Fixes: #3314. Signed-off-by: James O. D. Hunt --- ci/install_libseccomp.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ci/install_libseccomp.sh b/ci/install_libseccomp.sh index c8f802ebd..a88561f2a 100755 --- a/ci/install_libseccomp.sh +++ b/ci/install_libseccomp.sh @@ -41,7 +41,8 @@ cflags="-O2" # gperf_version=$(get_version "externals.gperf.version") # gperf_url=$(get_version "externals.gperf.url") gperf_version="3.1" -gperf_url="https://ftp.gnu.org/gnu/gperf" +# XXX: gnu.org currently unavailable - see https://github.com/kata-containers/kata-containers/issues/3314 +gperf_url="https://www.mirrorservice.org/sites/ftp.gnu.org/gnu/gperf" gperf_tarball="gperf-${gperf_version}.tar.gz" gperf_tarball_url="${gperf_url}/${gperf_tarball}" From c2578cd9a17897356d7776a9704155548fad3709 Mon Sep 17 00:00:00 2001 From: "James O. D. Hunt" Date: Mon, 20 Dec 2021 15:45:36 +0000 Subject: [PATCH 22/37] docs: Clarify where to run agent API generation commands Make it clear when reading the table in the agent's "Change the agent API" documentation that the commands in the "Generation method" column should be run in the agent repo. Fixes: #3317. Signed-off-by: James O. D. Hunt --- src/agent/README.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/agent/README.md b/src/agent/README.md index 24161cebe..97b6acc07 100644 --- a/src/agent/README.md +++ b/src/agent/README.md @@ -63,11 +63,15 @@ The Kata runtime communicates with the Kata agent using a ttRPC based API protoc This ttRPC API is defined by a set of [protocol buffers files](protocols/protos). The protocol files are used to generate the bindings for the following components: -| Component | Language | Generation method | Tooling required | +| Component | Language | Generation method `[*]` | Tooling required | |-|-|-|-| | runtime | Golang | Run, `make generate-protocols` | `protoc` | | agent | Rust | Run, `make` | | +> **Key:** +> +> `[*]` - All commands must be run in the agent repository. + If you wish to change the API, these files must be regenerated. Although the rust code will be automatically generated by the [build script](protocols/build.rs), From 99ef52a35db41a3c3e693021418d2e2706c20aab Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Tue, 21 Dec 2021 13:50:57 +0100 Subject: [PATCH 23/37] osbuilder: Add protoc to the alpine container MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit It seems the lack of protoc in the alpine containers is causing issues with some of our CIs, such as the VFIO one. Fixes: #3323 Signed-off-by: Fabiano Fidêncio --- tools/osbuilder/rootfs-builder/alpine/Dockerfile.in | 1 + 1 file changed, 1 insertion(+) diff --git a/tools/osbuilder/rootfs-builder/alpine/Dockerfile.in b/tools/osbuilder/rootfs-builder/alpine/Dockerfile.in index a7b8737a1..70c339b54 100644 --- a/tools/osbuilder/rootfs-builder/alpine/Dockerfile.in +++ b/tools/osbuilder/rootfs-builder/alpine/Dockerfile.in @@ -26,4 +26,5 @@ RUN apk update && apk add \ make \ musl \ musl-dev \ + protoc \ tar From bc71dd5812dbda6f2dbb919716de1732040c9496 Mon Sep 17 00:00:00 2001 From: Wainer dos Santos Moschetta Date: Fri, 19 Nov 2021 14:09:49 -0500 Subject: [PATCH 24/37] packaging: delint static-build dockerfiles Removed all errors/warnings pointed out by hadolint version 2.7.0, except for the following ignored rules: - "DL3008 warning: Pin versions in apt get install" - "DL3041 warning: Specify version with `dnf install -y -`" - "DL3033 warning: Specify version with `yum install -y -`" - "DL3048 style: Invalid label key" - "DL3003 warning: Use WORKDIR to switch to a directory" - "DL3018 warning: Pin versions in apk add. Instead of apk add use apk add =" - "DL3037 warning: Specify version with zypper install -y [=]" Fixes #3107 Signed-off-by: Wainer dos Santos Moschetta --- .../packaging/static-build/kernel/Dockerfile | 13 ++--- tools/packaging/static-build/qemu/Dockerfile | 51 +++++++++---------- .../packaging/static-build/shim-v2/Dockerfile | 11 ++-- 3 files changed, 38 insertions(+), 37 deletions(-) diff --git a/tools/packaging/static-build/kernel/Dockerfile b/tools/packaging/static-build/kernel/Dockerfile index 40f3228f0..cd1a59f2d 100644 --- a/tools/packaging/static-build/kernel/Dockerfile +++ b/tools/packaging/static-build/kernel/Dockerfile @@ -2,19 +2,20 @@ # # SPDX-License-Identifier: Apache-2.0 -FROM ubuntu +FROM ubuntu:20.04 ENV DEBIAN_FRONTEND=noninteractive # kernel deps -RUN apt update -RUN apt install -y \ +RUN apt-get update && \ + apt-get install -y --no-install-recommends \ bc \ bison \ build-essential \ + ca-certificates \ curl \ flex \ git \ iptables \ - libelf-dev - -RUN [ "$(uname -m)" = "s390x" ] && apt-get install -y libssl-dev || true + libelf-dev && \ + if [ "$(uname -m)" = "s390x" ]; then apt-get install -y --no-install-recommends libssl-dev; fi && \ + apt-get clean && rm -rf /var/lib/lists/ diff --git a/tools/packaging/static-build/qemu/Dockerfile b/tools/packaging/static-build/qemu/Dockerfile index 33e7e2fc6..f32644fec 100644 --- a/tools/packaging/static-build/qemu/Dockerfile +++ b/tools/packaging/static-build/qemu/Dockerfile @@ -12,8 +12,8 @@ WORKDIR /root/qemu ARG CACHE_TIMEOUT RUN echo "$CACHE_TIMEOUT" -RUN apt-get update && apt-get upgrade -y -RUN apt-get --no-install-recommends install -y \ +RUN apt-get update && apt-get upgrade -y && \ + apt-get --no-install-recommends install -y \ apt-utils \ autoconf \ automake \ @@ -46,36 +46,33 @@ RUN apt-get --no-install-recommends install -y \ python \ python-dev \ rsync \ - zlib1g-dev - -RUN [ "$(uname -m)" != "s390x" ] && apt-get install -y libpmem-dev || true + zlib1g-dev && \ + if [ "$(uname -m)" != "s390x" ]; then apt-get install -y --no-install-recommends libpmem-dev; fi && \ + apt-get clean && rm -rf /var/lib/apt/lists/ ARG QEMU_REPO - -RUN cd .. && git clone --depth=1 "${QEMU_REPO}" qemu - # commit/tag/branch ARG QEMU_VERSION - -RUN git fetch --depth=1 origin "${QEMU_VERSION}" && git checkout FETCH_HEAD -RUN scripts/git-submodule.sh update meson capstone - -ADD scripts/configure-hypervisor.sh /root/configure-hypervisor.sh -ADD qemu /root/kata_qemu -ADD scripts/apply_patches.sh /root/apply_patches.sh -ADD scripts/patch_qemu.sh /root/patch_qemu.sh - -RUN /root/patch_qemu.sh "${QEMU_VERSION}" "/root/kata_qemu/patches" - ARG PREFIX ARG BUILD_SUFFIX -RUN PREFIX="${PREFIX}" /root/configure-hypervisor.sh -s "kata-qemu${BUILD_SUFFIX}" | xargs ./configure \ - --with-pkgversion="kata-static${BUILD_SUFFIX}" - -RUN make -j$(nproc) ARG QEMU_DESTDIR -RUN make install DESTDIR="${QEMU_DESTDIR}" ARG QEMU_TARBALL -ADD static-build/scripts/qemu-build-post.sh /root/static-build/scripts/qemu-build-post.sh -ADD static-build/qemu.blacklist /root/static-build/qemu.blacklist -RUN /root/static-build/scripts/qemu-build-post.sh + +COPY scripts/configure-hypervisor.sh /root/configure-hypervisor.sh +COPY qemu /root/kata_qemu +COPY scripts/apply_patches.sh /root/apply_patches.sh +COPY scripts/patch_qemu.sh /root/patch_qemu.sh +COPY static-build/scripts/qemu-build-post.sh /root/static-build/scripts/qemu-build-post.sh +COPY static-build/qemu.blacklist /root/static-build/qemu.blacklist + +SHELL ["/bin/bash", "-o", "pipefail", "-c"] +RUN git clone --depth=1 "${QEMU_REPO}" qemu && \ + cd qemu && \ + git fetch --depth=1 origin "${QEMU_VERSION}" && git checkout FETCH_HEAD && \ + scripts/git-submodule.sh update meson capstone && \ + /root/patch_qemu.sh "${QEMU_VERSION}" "/root/kata_qemu/patches" && \ + (PREFIX="${PREFIX}" /root/configure-hypervisor.sh -s "kata-qemu${BUILD_SUFFIX}" | xargs ./configure \ + --with-pkgversion="kata-static${BUILD_SUFFIX}") && \ + make -j"$(nproc)" && \ + make install DESTDIR="${QEMU_DESTDIR}" && \ + /root/static-build/scripts/qemu-build-post.sh diff --git a/tools/packaging/static-build/shim-v2/Dockerfile b/tools/packaging/static-build/shim-v2/Dockerfile index 66393694f..49d0572bf 100644 --- a/tools/packaging/static-build/shim-v2/Dockerfile +++ b/tools/packaging/static-build/shim-v2/Dockerfile @@ -2,18 +2,21 @@ # # SPDX-License-Identifier: Apache-2.0 -FROM ubuntu +FROM ubuntu:20.04 ENV DEBIAN_FRONTEND=noninteractive RUN apt-get update && \ - apt-get install -y \ + apt-get install -y --no-install-recommends \ + build-essential \ + ca-certificates \ curl \ gcc \ git \ make \ - sudo + sudo && \ + apt-get clean && rm -rf /var/lib/apt/lists/ -ADD install_go.sh /usr/bin/install_go.sh +COPY install_go.sh /usr/bin/install_go.sh ARG GO_VERSION RUN install_go.sh "${GO_VERSION}" ENV PATH=/usr/local/go/bin:${PATH} From bc120289ec9e838099e96ae2cc078e90bcc8630f Mon Sep 17 00:00:00 2001 From: Wainer dos Santos Moschetta Date: Fri, 19 Nov 2021 14:30:23 -0500 Subject: [PATCH 25/37] packaging: delint kata-monitor dockerfiles Removed all errors/warnings pointed out by hadolint version 2.7.0, except for the following ignored rules: - "DL3008 warning: Pin versions in apt get install" - "DL3041 warning: Specify version with `dnf install -y -`" - "DL3033 warning: Specify version with `yum install -y -`" - "DL3048 style: Invalid label key" - "DL3003 warning: Use WORKDIR to switch to a directory" - "DL3018 warning: Pin versions in apk add. Instead of apk add use apk add =" - "DL3037 warning: Specify version with zypper install -y [=]" Fixes #3107 Signed-off-by: Wainer dos Santos Moschetta --- tools/packaging/kata-monitor/Dockerfile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tools/packaging/kata-monitor/Dockerfile b/tools/packaging/kata-monitor/Dockerfile index 425f45572..9b964891f 100644 --- a/tools/packaging/kata-monitor/Dockerfile +++ b/tools/packaging/kata-monitor/Dockerfile @@ -1,13 +1,13 @@ # SPDX-License-Identifier: Apache-2.0 -FROM golang:1.15-alpine +FROM golang:1.15-alpine AS builder -RUN apk add bash curl git make +RUN apk add --no-cache bash curl git make WORKDIR /go/src/github.com/kata-containers/kata-containers/src/runtime COPY . /go/src/github.com/kata-containers/kata-containers RUN SKIP_GO_VERSION_CHECK=true make monitor -FROM alpine:latest -COPY --from=0 /go/src/github.com/kata-containers/kata-containers/src/runtime/kata-monitor /usr/bin/kata-monitor +FROM alpine:3.14 +COPY --from=builder /go/src/github.com/kata-containers/kata-containers/src/runtime/kata-monitor /usr/bin/kata-monitor CMD ["-h"] ENTRYPOINT ["/usr/bin/kata-monitor"] From aeb2b673b31103509d2e992ebb1f88836f54e39e Mon Sep 17 00:00:00 2001 From: Wainer dos Santos Moschetta Date: Fri, 19 Nov 2021 14:31:53 -0500 Subject: [PATCH 26/37] osbuilder: delint dockerfiles Removed all errors/warnings pointed out by hadolint version 2.7.0, except for the following ignored rules: - "DL3008 warning: Pin versions in apt get install" - "DL3041 warning: Specify version with `dnf install -y -`" - "DL3033 warning: Specify version with `yum install -y -`" - "DL3048 style: Invalid label key" - "DL3003 warning: Use WORKDIR to switch to a directory" - "DL3018 warning: Pin versions in apk add. Instead of apk add use apk add =" - "DL3037 warning: Specify version with zypper install -y [=]" Fixes #3107 Signed-off-by: Wainer dos Santos Moschetta --- tools/osbuilder/dockerfiles/QAT/Dockerfile | 3 ++- tools/osbuilder/dracut/Dockerfile.in | 5 +++++ tools/osbuilder/image-builder/Dockerfile | 14 +++++++++++--- .../osbuilder/rootfs-builder/centos/Dockerfile.in | 3 ++- .../rootfs-builder/clearlinux/Dockerfile.in | 3 ++- .../osbuilder/rootfs-builder/fedora/Dockerfile.in | 3 ++- .../osbuilder/rootfs-builder/gentoo/Dockerfile.in | 2 ++ tools/osbuilder/rootfs-builder/suse/Dockerfile.in | 2 +- .../rootfs-builder/ubuntu/Dockerfile-aarch64.in | 4 +++- 9 files changed, 30 insertions(+), 9 deletions(-) diff --git a/tools/osbuilder/dockerfiles/QAT/Dockerfile b/tools/osbuilder/dockerfiles/QAT/Dockerfile index c2e37f97d..c0113569a 100644 --- a/tools/osbuilder/dockerfiles/QAT/Dockerfile +++ b/tools/osbuilder/dockerfiles/QAT/Dockerfile @@ -42,7 +42,8 @@ RUN dnf install -y \ systemd-devel \ sudo \ xz \ - yasm + yasm && \ + dnf clean all # Add in non-privileged user RUN useradd qatbuilder -p "" && \ diff --git a/tools/osbuilder/dracut/Dockerfile.in b/tools/osbuilder/dracut/Dockerfile.in index 49702d9e9..f84838bc3 100644 --- a/tools/osbuilder/dracut/Dockerfile.in +++ b/tools/osbuilder/dracut/Dockerfile.in @@ -3,8 +3,13 @@ # # SPDX-License-Identifier: Apache-2.0 +# openSUSE Tumbleweed image has only 'latest' tag so ignore DL3006 rule. +# hadolint ignore=DL3006 from opensuse/tumbleweed +# zypper -y or --non-interactive can be used interchangeably here so ignore +# DL3034 rule. +# hadolint ignore=DL3034 RUN zypper --non-interactive refresh; \ zypper --non-interactive install --no-recommends --force-resolution \ autoconf \ diff --git a/tools/osbuilder/image-builder/Dockerfile b/tools/osbuilder/image-builder/Dockerfile index 2242807ea..02f93475f 100644 --- a/tools/osbuilder/image-builder/Dockerfile +++ b/tools/osbuilder/image-builder/Dockerfile @@ -5,6 +5,14 @@ ARG IMAGE_REGISTRY=registry.fedoraproject.org FROM ${IMAGE_REGISTRY}/fedora:34 -RUN [ -n "$http_proxy" ] && sed -i '$ a proxy='$http_proxy /etc/dnf/dnf.conf ; true - -RUN dnf install -y qemu-img parted gdisk e2fsprogs gcc xfsprogs findutils +RUN ([ -n "$http_proxy" ] && \ + sed -i '$ a proxy='$http_proxy /etc/dnf/dnf.conf ; true) && \ + dnf install -y \ + e2fsprogs \ + findutils \ + gcc \ + gdisk \ + parted \ + qemu-img \ + xfsprogs && \ + dnf clean all diff --git a/tools/osbuilder/rootfs-builder/centos/Dockerfile.in b/tools/osbuilder/rootfs-builder/centos/Dockerfile.in index 529bd7ba9..d05436e2a 100644 --- a/tools/osbuilder/rootfs-builder/centos/Dockerfile.in +++ b/tools/osbuilder/rootfs-builder/centos/Dockerfile.in @@ -32,7 +32,8 @@ RUN yum -y update && yum install -y \ sed \ tar \ vim \ - which + which && \ + yum clean all # This will install the proper packages to build Kata components @INSTALL_MUSL@ diff --git a/tools/osbuilder/rootfs-builder/clearlinux/Dockerfile.in b/tools/osbuilder/rootfs-builder/clearlinux/Dockerfile.in index abbc41347..422a12747 100644 --- a/tools/osbuilder/rootfs-builder/clearlinux/Dockerfile.in +++ b/tools/osbuilder/rootfs-builder/clearlinux/Dockerfile.in @@ -35,7 +35,8 @@ RUN dnf -y update && dnf install -y \ systemd \ tar \ vim \ - which + which && \ + dnf clean all # This will install the proper packages to build Kata components @INSTALL_MUSL@ diff --git a/tools/osbuilder/rootfs-builder/fedora/Dockerfile.in b/tools/osbuilder/rootfs-builder/fedora/Dockerfile.in index dac32f505..e566823ea 100644 --- a/tools/osbuilder/rootfs-builder/fedora/Dockerfile.in +++ b/tools/osbuilder/rootfs-builder/fedora/Dockerfile.in @@ -35,7 +35,8 @@ RUN dnf -y update && dnf install -y \ systemd \ tar \ vim \ - which + which && \ + dnf clean all # This will install the proper packages to build Kata components @INSTALL_MUSL@ diff --git a/tools/osbuilder/rootfs-builder/gentoo/Dockerfile.in b/tools/osbuilder/rootfs-builder/gentoo/Dockerfile.in index 8a06ff921..e817d2ac8 100644 --- a/tools/osbuilder/rootfs-builder/gentoo/Dockerfile.in +++ b/tools/osbuilder/rootfs-builder/gentoo/Dockerfile.in @@ -4,6 +4,8 @@ # SPDX-License-Identifier: Apache-2.0 ARG IMAGE_REGISTRY=docker.io +# stage3-amd64 image has only 'latest' tag so ignore DL3006 rule. +# hadolint ignore=DL3007 FROM ${IMAGE_REGISTRY}/gentoo/stage3-amd64:latest # This dockerfile needs to provide all the componets need to build a rootfs diff --git a/tools/osbuilder/rootfs-builder/suse/Dockerfile.in b/tools/osbuilder/rootfs-builder/suse/Dockerfile.in index 70948a4b1..b86086a7d 100644 --- a/tools/osbuilder/rootfs-builder/suse/Dockerfile.in +++ b/tools/osbuilder/rootfs-builder/suse/Dockerfile.in @@ -6,7 +6,7 @@ ARG IMAGE_REGISTRY=docker.io #suse: docker image to be used to create a rootfs #@OS_VERSION@: Docker image version to build this dockerfile -FROM ${IMAGE_REGISTRY}/opensuse/leap +FROM ${IMAGE_REGISTRY}/opensuse/leap:15.0 # This dockerfile needs to provide all the componets need to build a rootfs # Install any package need to create a rootfs (package manager, extra tools) diff --git a/tools/osbuilder/rootfs-builder/ubuntu/Dockerfile-aarch64.in b/tools/osbuilder/rootfs-builder/ubuntu/Dockerfile-aarch64.in index cc0fed019..bad700645 100644 --- a/tools/osbuilder/rootfs-builder/ubuntu/Dockerfile-aarch64.in +++ b/tools/osbuilder/rootfs-builder/ubuntu/Dockerfile-aarch64.in @@ -35,7 +35,9 @@ RUN apt-get update && apt-get install -y \ sed \ systemd \ tar \ - vim + vim && \ + apt-get clean && rm -rf /var/lib/apt/lists/ + # This will install the proper packages to build Kata components @INSTALL_MUSL@ @INSTALL_RUST@ From 3669e1b6d9879703a328587a5242ee60665d1d2e Mon Sep 17 00:00:00 2001 From: Wainer dos Santos Moschetta Date: Fri, 19 Nov 2021 14:32:16 -0500 Subject: [PATCH 27/37] ci/openshift-ci: delint dockerfiles Removed all errors/warnings pointed out by hadolint version 2.7.0, except for the following ignored rules: - "DL3008 warning: Pin versions in apt get install" - "DL3041 warning: Specify version with `dnf install -y -`" - "DL3033 warning: Specify version with `yum install -y -`" - "DL3048 style: Invalid label key" - "DL3003 warning: Use WORKDIR to switch to a directory" - "DL3018 warning: Pin versions in apk add. Instead of apk add use apk add =" - "DL3037 warning: Specify version with zypper install -y [=]" Fixes #3107 Signed-off-by: Wainer dos Santos Moschetta --- ci/openshift-ci/images/Dockerfile.buildroot | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/ci/openshift-ci/images/Dockerfile.buildroot b/ci/openshift-ci/images/Dockerfile.buildroot index 47ebbb956..712c39ad9 100644 --- a/ci/openshift-ci/images/Dockerfile.buildroot +++ b/ci/openshift-ci/images/Dockerfile.buildroot @@ -6,4 +6,9 @@ # FROM registry.centos.org/centos:8 -RUN yum -y update && yum -y install git sudo wget +RUN yum -y update && \ + yum -y install \ + git \ + sudo \ + wget && \ + yum clean all From 1ea9b703830d4f618c3f4ab628d5f371f3043058 Mon Sep 17 00:00:00 2001 From: Wainer dos Santos Moschetta Date: Fri, 19 Nov 2021 14:29:09 -0500 Subject: [PATCH 28/37] packaging: delint kata-deploy dockerfiles Removed all errors/warnings pointed out by hadolint version 2.7.0, except for the following ignored rules: - "DL3008 warning: Pin versions in apt get install" - "DL3041 warning: Specify version with `dnf install -y -`" - "DL3033 warning: Specify version with `yum install -y -`" - "DL3048 style: Invalid label key" - "DL3003 warning: Use WORKDIR to switch to a directory" - "DL3018 warning: Pin versions in apk add. Instead of apk add use apk add =" - "DL3037 warning: Specify version with zypper install -y [=]" Fixes #3107 Signed-off-by: Wainer dos Santos Moschetta --- tools/packaging/kata-deploy/Dockerfile | 6 ++-- tools/packaging/kata-deploy/action/Dockerfile | 12 +++---- .../local-build/dockerbuild/Dockerfile | 34 +++++++++++-------- 3 files changed, 28 insertions(+), 24 deletions(-) diff --git a/tools/packaging/kata-deploy/Dockerfile b/tools/packaging/kata-deploy/Dockerfile index 36d30ef3a..e89d24292 100644 --- a/tools/packaging/kata-deploy/Dockerfile +++ b/tools/packaging/kata-deploy/Dockerfile @@ -6,7 +6,7 @@ FROM registry.centos.org/centos:7 AS base ENV container docker -RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \ +RUN (cd /lib/systemd/system/sysinit.target.wants/ && for i in *; do [ "$i" = systemd-tmpfiles-setup.service ] || rm -f "$i"; done); \ rm -f /lib/systemd/system/multi-user.target.wants/*; \ rm -f /etc/systemd/system/*.wants/*; \ rm -f /lib/systemd/system/local-fs.target.wants/*; \ @@ -25,7 +25,7 @@ ARG KUBE_ARCH=amd64 ARG KATA_ARTIFACTS=./kata-static.tar.xz ARG DESTINATION=/opt/kata-artifacts -COPY ${KATA_ARTIFACTS} . +COPY ${KATA_ARTIFACTS} ${WORKDIR} RUN \ yum -y update && \ @@ -37,7 +37,7 @@ tar xvf ${KATA_ARTIFACTS} -C ${DESTINATION}/ && \ chown -R root:root ${DESTINATION}/ RUN \ -curl -Lso /bin/kubectl https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/${KUBE_ARCH}/kubectl && \ +curl -Lso /bin/kubectl "https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/${KUBE_ARCH}/kubectl" && \ chmod +x /bin/kubectl COPY scripts ${DESTINATION}/scripts diff --git a/tools/packaging/kata-deploy/action/Dockerfile b/tools/packaging/kata-deploy/action/Dockerfile index a8cb23ebe..c665a92cc 100644 --- a/tools/packaging/kata-deploy/action/Dockerfile +++ b/tools/packaging/kata-deploy/action/Dockerfile @@ -1,7 +1,7 @@ # Copyright (c) 2019 Intel Corporation # # SPDX-License-Identifier: Apache-2.0 -FROM mcr.microsoft.com/azure-cli:latest +FROM mcr.microsoft.com/azure-cli:2.9.1 LABEL com.github.actions.name="Test kata-deploy in an AKS cluster" LABEL com.github.actions.description="Test kata-deploy in an AKS cluster" @@ -16,14 +16,14 @@ ENV GITHUB_ACTION_NAME="Test kata-deploy in an AKS cluster" # PKG_SHA environment variable ENV PKG_SHA=HEAD -RUN curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/${ARCH}/kubectl \ +RUN curl -LO "https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/${ARCH}/kubectl" \ && chmod +x ./kubectl \ && mv ./kubectl /usr/local/bin/kubectl -RUN curl -LO https://github.com/Azure/aks-engine/releases/download/${AKS_ENGINE_VER}/aks-engine-${AKS_ENGINE_VER}-linux-${ARCH}.tar.gz \ - && tar xvf aks-engine-${AKS_ENGINE_VER}-linux-${ARCH}.tar.gz \ - && mv aks-engine-${AKS_ENGINE_VER}-linux-${ARCH}/aks-engine /usr/local/bin/aks-engine \ - && rm aks-engine-${AKS_ENGINE_VER}-linux-${ARCH}.tar.gz +RUN curl -LO "https://github.com/Azure/aks-engine/releases/download/${AKS_ENGINE_VER}/aks-engine-${AKS_ENGINE_VER}-linux-${ARCH}.tar.gz" \ + && tar "xvf aks-engine-${AKS_ENGINE_VER}-linux-${ARCH}.tar.gz" \ + && mv "aks-engine-${AKS_ENGINE_VER}-linux-${ARCH}/aks-engine" /usr/local/bin/aks-engine \ + && rm "aks-engine-${AKS_ENGINE_VER}-linux-${ARCH}.tar.gz" COPY kubernetes-containerd.json / COPY setup-aks.sh test-kata.sh entrypoint.sh / diff --git a/tools/packaging/kata-deploy/local-build/dockerbuild/Dockerfile b/tools/packaging/kata-deploy/local-build/dockerbuild/Dockerfile index 89b1f0447..be4c0e816 100644 --- a/tools/packaging/kata-deploy/local-build/dockerbuild/Dockerfile +++ b/tools/packaging/kata-deploy/local-build/dockerbuild/Dockerfile @@ -6,17 +6,19 @@ FROM ubuntu:20.04 ENV DEBIAN_FRONTEND=noninteractive ENV INSTALL_IN_GOPATH=false -ADD install_yq.sh /usr/bin/install_yq.sh +COPY install_yq.sh /usr/bin/install_yq.sh -# yq installer deps -RUN apt update && apt-get install -y curl sudo - -# Install yq -RUN install_yq.sh - -RUN curl -fsSL https://get.docker.com -o get-docker.sh -RUN sh get-docker.sh +# Install yq and docker +RUN apt-get update && \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + sudo && \ + apt-get clean && rm -rf /var/lib/apt/lists/ && \ + install_yq.sh && \ + curl -fsSL https://get.docker.com -o get-docker.sh && \ + sh get-docker.sh ARG IMG_USER=kata-builder ARG UID=1000 @@ -27,12 +29,14 @@ RUN sh -c "echo '${IMG_USER} ALL=NOPASSWD: ALL' >> /etc/sudoers" #FIXME: gcc is required as agent is build out of a container build. RUN apt-get update && \ - apt install --no-install-recommends -y \ - cpio \ - gcc \ - git \ - make \ - xz-utils + apt-get install --no-install-recommends -y \ + build-essential \ + cpio \ + gcc \ + git \ + make \ + xz-utils && \ + apt-get clean && rm -rf /var/lib/apt/lists ENV USER ${IMG_USER} USER ${UID}:${GID} From 428cf0a685865d53c4a65f3f69d275644bec09df Mon Sep 17 00:00:00 2001 From: Wainer dos Santos Moschetta Date: Tue, 23 Nov 2021 08:24:56 -0500 Subject: [PATCH 29/37] packaging: delint tests dockerfiles Removed all errors/warnings pointed out by hadolint version 2.7.0, except for the following ignored rules: - "DL3008 warning: Pin versions in apt get install" - "DL3041 warning: Specify version with `dnf install -y -`" - "DL3033 warning: Specify version with `yum install -y -`" - "DL3048 style: Invalid label key" - "DL3003 warning: Use WORKDIR to switch to a directory" - "DL3018 warning: Pin versions in apk add. Instead of apk add use apk add =" - "DL3037 warning: Specify version with zypper install -y [=]" Fixes #3107 Signed-off-by: Wainer dos Santos Moschetta --- .../tests/Dockerfile/FedoraDockerfile.in | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/tools/packaging/tests/Dockerfile/FedoraDockerfile.in b/tools/packaging/tests/Dockerfile/FedoraDockerfile.in index 4023f36aa..e050ca971 100644 --- a/tools/packaging/tests/Dockerfile/FedoraDockerfile.in +++ b/tools/packaging/tests/Dockerfile/FedoraDockerfile.in @@ -14,15 +14,14 @@ ENV GOPATH=/home/go ENV TESTS_REPOSITORY_PATH="${GOPATH}/src/${TESTS_REPO}" ENV AGENT_INIT=yes TEST_INITRD=yes OSBUILDER_DISTRO=alpine -# Install packages -RUN sudo dnf -y install kata-proxy kata-ksm-throttler kata-osbuilder kata-runtime kata-shim -RUN sudo mkdir "${GOPATH}" -RUN sudo dnf config-manager --add-repo https://download.docker.com/linux/fedora/docker-ce.repo -RUN sudo dnf makecache -RUN sudo dnf -y install docker-ce -RUN go get -d "${TESTS_REPO}" -RUN cd "${TESTS_REPOSITORY_PATH}" && .ci/install_kata_image.sh -RUN cd "${TESTS_REPOSITORY_PATH}" && .ci/install_kata_kernel.sh -RUN kata-runtime kata-env +# Install packages and build and install Kata Containers +RUN dnf -y install kata-proxy kata-ksm-throttler kata-osbuilder kata-runtime kata-shim && \ + mkdir "${GOPATH}" && \ + dnf config-manager --add-repo https://download.docker.com/linux/fedora/docker-ce.repo && \ + dnf makecache && dnf -y install docker-ce && dnf clean all && \ + go get -d "${TESTS_REPO}" && \ + cd "${TESTS_REPOSITORY_PATH}" && .ci/install_kata_image.sh && \ + cd "${TESTS_REPOSITORY_PATH}" && .ci/install_kata_kernel.sh && \ + kata-runtime kata-env CMD ["/bin/bash"] From d79268ac6519088b21011772a61337bcc9930699 Mon Sep 17 00:00:00 2001 From: Wainer dos Santos Moschetta Date: Tue, 21 Dec 2021 09:59:18 -0500 Subject: [PATCH 30/37] tools/packaging: add copyright to kata-monitor's Dockerfile The kata-monitor's Dockerfile was added by Eric Ernst on commit 2f1cb7995ffe8089ea3c01 but for some reason the static checker did not catch the file misses the copyright statement at the time it was added. But it is now complaining about it. So this assign the copyright to him to make the static-checker happy. Fixes #3329 Signed-off-by: Wainer dos Santos Moschetta --- tools/packaging/kata-monitor/Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/tools/packaging/kata-monitor/Dockerfile b/tools/packaging/kata-monitor/Dockerfile index 9b964891f..513f666bb 100644 --- a/tools/packaging/kata-monitor/Dockerfile +++ b/tools/packaging/kata-monitor/Dockerfile @@ -1,3 +1,4 @@ +# Copyright (c) 2020 Eric Ernst # SPDX-License-Identifier: Apache-2.0 FROM golang:1.15-alpine AS builder From b1f4e945b365f95521dbb5d9f2948023f38ec9f4 Mon Sep 17 00:00:00 2001 From: "James O. D. Hunt" Date: Thu, 16 Dec 2021 16:26:42 +0000 Subject: [PATCH 31/37] security: Update rust crate versions Update the rust dependencies that have upstream security fixes. Issues fixed by this change: - [`RUSTSEC-2020-0002`](https://rustsec.org/advisories/RUSTSEC-2020-0002) (`prost` crate) - [`RUSTSEC-2020-0036`](https://rustsec.org/advisories/RUSTSEC-2020-0036) (`failure` crate) - [`RUSTSEC-2021-0073`](https://rustsec.org/advisories/RUSTSEC-2021-0073) (`prost-types` crate) - [`RUSTSEC-2021-0119`](https://rustsec.org/advisories/RUSTSEC-2021-0119) (`nix` crate) This change also includes: - Minor code changes for the new version of `prometheus` for the agent. - A *downgrade* of the version of the `futures` crate to the (new) latest version (`0.3.17`) since version `0.3.18` was removed [1]. Fixes: #3296. [1] - See https://crates.io/crates/futures/versions Signed-off-by: James O. D. Hunt --- src/agent/Cargo.lock | 517 +++++++++++---------------- src/agent/Cargo.toml | 8 +- src/agent/oci/Cargo.toml | 8 +- src/agent/rustjail/Cargo.toml | 4 +- src/agent/src/metrics.rs | 44 +-- src/agent/src/rpc.rs | 1 + src/libs/logging/Cargo.lock | 22 +- src/libs/logging/Cargo.toml | 12 +- src/tools/agent-ctl/Cargo.lock | 501 +++++++++----------------- src/tools/agent-ctl/Cargo.toml | 18 +- src/tools/agent-ctl/src/utils.rs | 2 +- src/tools/trace-forwarder/Cargo.lock | 237 +++++------- src/tools/trace-forwarder/Cargo.toml | 8 +- 13 files changed, 532 insertions(+), 850 deletions(-) diff --git a/src/agent/Cargo.lock b/src/agent/Cargo.lock index 4fc461845..6c2215d66 100644 --- a/src/agent/Cargo.lock +++ b/src/agent/Cargo.lock @@ -2,27 +2,12 @@ # It is not intended for manual editing. version = 3 -[[package]] -name = "addr2line" -version = "0.17.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b9ecd88a8c8378ca913a680cd98f0f13ac67383d35993f86c90a70e3f137816b" -dependencies = [ - "gimli", -] - [[package]] name = "adler" version = "1.0.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f26201604c87b1e01bd3d98f8d5d9a8fcbb815e8cedb41ffccbeb4bf593a35fe" -[[package]] -name = "adler32" -version = "1.2.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "aae1277d39aeec15cb388266ecc24b11c80469deae6067e17a1a7aa9e5c1f234" - [[package]] name = "aho-corasick" version = "0.7.18" @@ -43,9 +28,9 @@ dependencies = [ [[package]] name = "anyhow" -version = "1.0.48" +version = "1.0.51" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "62e1f47f7dc0422027a4e370dd4548d4d66b26782e513e98dca1e689e058a80e" +checksum = "8b26702f315f53b6071259e15dd9d64528213b44d61de1ec926eca7715d62203" [[package]] name = "arc-swap" @@ -59,20 +44,20 @@ version = "0.3.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d7d78656ba01f1b93024b7c3a0467f1608e4be67d725749fdcd7d2c7678fd7a2" dependencies = [ - "proc-macro2 1.0.32", - "quote 1.0.10", - "syn 1.0.82", + "proc-macro2", + "quote", + "syn", ] [[package]] name = "async-trait" -version = "0.1.51" +version = "0.1.52" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "44318e776df68115a881de9a8fd1b9e53368d7a4a5ce4cc48517da3393233a5e" +checksum = "061a7acccaa286c011ddc30970520b98fa40e00c9d644633fb26b5fc63a265e3" dependencies = [ - "proc-macro2 1.0.32", - "quote 1.0.10", - "syn 1.0.82", + "proc-macro2", + "quote", + "syn", ] [[package]] @@ -81,21 +66,6 @@ version = "1.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "cdb031dd78e28731d87d56cc8ffef4a8f36ca26c38fe2de700543e627f8a464a" -[[package]] -name = "backtrace" -version = "0.3.63" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "321629d8ba6513061f26707241fa9bc89524ff1cd7a915a97ef0c62c666ce1b6" -dependencies = [ - "addr2line", - "cc", - "cfg-if 1.0.0", - "libc", - "miniz_oxide", - "object", - "rustc-demangle", -] - [[package]] name = "bincode" version = "1.3.3" @@ -107,9 +77,9 @@ dependencies = [ [[package]] name = "bitflags" -version = "1.3.2" +version = "1.2.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a" +checksum = "cf1de2fe8c75bc145a2f577add951f8134889b4795d47466a54a5c846d691693" [[package]] name = "bumpalo" @@ -180,13 +150,13 @@ checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" [[package]] name = "cgroups-rs" -version = "0.2.6" +version = "0.2.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5c5c9f6e5c72958dc962baa5f8bb37fb611017854b0d774b8adab4d7416ab445" +checksum = "1b827f9d9f6c2fff719d25f5d44cbc8d2ef6df1ef00d055c5c14d5dc25529579" dependencies = [ "libc", "log", - "nix 0.20.0", + "nix 0.23.1", "regex", ] @@ -205,9 +175,9 @@ dependencies = [ [[package]] name = "crc32fast" -version = "1.2.2" +version = "1.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3825b1e8580894917dc4468cb634a1b4e9745fddc854edad72d9c04644c0319f" +checksum = "738c290dfaea84fc1ca15ad9c168d083b05a714e1efddd8edaab678dc28d2836" dependencies = [ "cfg-if 1.0.0", ] @@ -238,9 +208,9 @@ version = "0.5.9" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3418329ca0ad70234b9735dc4ceed10af4df60eff9c8e7b06cb5e520d92c3535" dependencies = [ - "proc-macro2 1.0.32", - "quote 1.0.10", - "syn 1.0.82", + "proc-macro2", + "quote", + "syn", ] [[package]] @@ -271,19 +241,22 @@ dependencies = [ ] [[package]] -name = "failure" -version = "0.1.8" +name = "fixedbitset" +version = "0.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d32e9bd16cc02eae7db7ef620b392808b89f6a5e16bb3497d159c6b92a0f4f86" -dependencies = [ - "backtrace", -] +checksum = "37ab347416e802de484e4d03c7316c48f1ecb56574dfd4a46a80f173ce1de04d" [[package]] -name = "fixedbitset" -version = "0.1.9" +name = "flate2" +version = "1.0.22" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "86d4de0081402f5e88cdac65c8dcdcc73118c1a7a465e2a05f0da05843a8ea33" +checksum = "1e6988e897c1c9c485f43b47a529cef42fde0547f9d8d41a7062518f1d8fc53f" +dependencies = [ + "cfg-if 1.0.0", + "crc32fast", + "libc", + "miniz_oxide", +] [[package]] name = "fnv" @@ -293,9 +266,9 @@ checksum = "3f9eec918d3f24069decb9af1554cad7c880e2da24a9afd88aca000531ab82c1" [[package]] name = "futures" -version = "0.3.18" +version = "0.3.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8cd0210d8c325c245ff06fd95a3b13689a1a276ac8cfa8e8720cb840bfb84b9e" +checksum = "a12aa0eb539080d55c3f2d45a67c3b58b6b0773c1a3ca2dfec66d58c97fd66ca" dependencies = [ "futures-channel", "futures-core", @@ -308,9 +281,9 @@ dependencies = [ [[package]] name = "futures-channel" -version = "0.3.18" +version = "0.3.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7fc8cd39e3dbf865f7340dce6a2d401d24fd37c6fe6c4f0ee0de8bfca2252d27" +checksum = "5da6ba8c3bb3c165d3c7319fc1cc8304facf1fb8db99c5de877183c08a273888" dependencies = [ "futures-core", "futures-sink", @@ -318,15 +291,15 @@ dependencies = [ [[package]] name = "futures-core" -version = "0.3.18" +version = "0.3.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "629316e42fe7c2a0b9a65b47d159ceaa5453ab14e8f0a3c5eedbb8cd55b4a445" +checksum = "88d1c26957f23603395cd326b0ffe64124b818f4449552f960d815cfba83a53d" [[package]] name = "futures-executor" -version = "0.3.18" +version = "0.3.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7b808bf53348a36cab739d7e04755909b9fcaaa69b7d7e588b37b6ec62704c97" +checksum = "45025be030969d763025784f7f355043dc6bc74093e4ecc5000ca4dc50d8745c" dependencies = [ "futures-core", "futures-task", @@ -335,39 +308,42 @@ dependencies = [ [[package]] name = "futures-io" -version = "0.3.18" +version = "0.3.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e481354db6b5c353246ccf6a728b0c5511d752c08da7260546fc0933869daa11" +checksum = "522de2a0fe3e380f1bc577ba0474108faf3f6b18321dbf60b3b9c39a75073377" [[package]] name = "futures-macro" -version = "0.3.18" +version = "0.3.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a89f17b21645bc4ed773c69af9c9a0effd4a3f1a3876eadd453469f8854e7fdd" +checksum = "18e4a4b95cea4b4ccbcf1c5675ca7c4ee4e9e75eb79944d07defde18068f79bb" dependencies = [ - "proc-macro2 1.0.32", - "quote 1.0.10", - "syn 1.0.82", + "autocfg", + "proc-macro-hack", + "proc-macro2", + "quote", + "syn", ] [[package]] name = "futures-sink" -version = "0.3.18" +version = "0.3.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "996c6442437b62d21a32cd9906f9c41e7dc1e19a9579843fad948696769305af" +checksum = "36ea153c13024fe480590b3e3d4cad89a0cfacecc24577b68f86c6ced9c2bc11" [[package]] name = "futures-task" -version = "0.3.18" +version = "0.3.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dabf1872aaab32c886832f2276d2f5399887e2bd613698a02359e4ea83f8de12" +checksum = "1d3d00f4eddb73e498a54394f228cd55853bdf059259e8e7bc6e69d408892e99" [[package]] name = "futures-util" -version = "0.3.18" +version = "0.3.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "41d22213122356472061ac0f1ab2cee28d2bac8491410fd68c2af53d1cedb83e" +checksum = "36568465210a3a6ee45e1f165136d68671471a501e632e9a98d96872222b5481" dependencies = [ + "autocfg", "futures-channel", "futures-core", "futures-io", @@ -377,6 +353,8 @@ dependencies = [ "memchr", "pin-project-lite", "pin-utils", + "proc-macro-hack", + "proc-macro-nested", "slab", ] @@ -392,10 +370,10 @@ dependencies = [ ] [[package]] -name = "gimli" -version = "0.26.1" +name = "hashbrown" +version = "0.11.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "78cc372d058dcf6d5ecd98510e7fbc9e5aec4d21de70f65fea8fecebcd881bd4" +checksum = "ab5ef0d4909ef3724cc8cce6ccc8572c5c817592e9285f5464f8e86f8bd3726e" [[package]] name = "heck" @@ -421,6 +399,16 @@ version = "0.4.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70" +[[package]] +name = "indexmap" +version = "1.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bc633605454125dec4b66843673f01c7df2b89479b32e0ed634e43a91cff62a5" +dependencies = [ + "autocfg", + "hashbrown", +] + [[package]] name = "inotify" version = "0.9.6" @@ -472,18 +460,18 @@ dependencies = [ [[package]] name = "itertools" -version = "0.8.2" +version = "0.10.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f56a2d0bc861f9165be4eb3442afd3c236d8a98afd426f65d92324ae1091a484" +checksum = "a9a9d19fa1e79b6215ff29b9d6880b706147f16e9b1dbb1e4e5947b5b02bc5e3" dependencies = [ "either", ] [[package]] name = "itoa" -version = "0.4.8" +version = "1.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b71991ff56294aa922b450139ee08b3bfc70982c6b2c7562771375cf73542dd4" +checksum = "1aab8fc367588b89dcee83ab0fd66b72b50b72fa1904d7095045ace2b0c81c35" [[package]] name = "js-sys" @@ -511,10 +499,10 @@ dependencies = [ "logging", "netlink-packet-utils", "netlink-sys", - "nix 0.23.0", + "nix 0.23.1", "oci", "opentelemetry", - "procfs", + "procfs 0.12.0", "prometheus", "protobuf", "protocols", @@ -549,29 +537,9 @@ checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" [[package]] name = "libc" -version = "0.2.108" +version = "0.2.112" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8521a1b57e76b1ec69af7599e75e38e7b7fad6610f037db8c79b127201b5d119" - -[[package]] -name = "libflate" -version = "1.1.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "16364af76ebb39b5869bb32c81fa93573267cd8c62bb3474e28d78fac3fb141e" -dependencies = [ - "adler32", - "crc32fast", - "libflate_lz77", -] - -[[package]] -name = "libflate_lz77" -version = "1.1.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "39a734c0493409afcd49deee13c006a04e3586b9761a03543c6272c9c51f2f5a" -dependencies = [ - "rle-decode-fast", -] +checksum = "1b03d17f364a3a042d5e5d46b053bbbf82c92c9430c592dd4c064dc6ee997125" [[package]] name = "libseccomp" @@ -637,9 +605,9 @@ checksum = "308cc39be01b73d0d18f82a0e7b2a3df85245f84af96fdddc5d202d27e47b86a" [[package]] name = "memoffset" -version = "0.6.4" +version = "0.6.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "59accc507f1338036a0477ef61afdae33cde60840f4dfe481319ce3ad116ddf9" +checksum = "5aa361d4faea93603064a027415f07bd8e1d5c88c9fbf68bf56a285428fd79ce" dependencies = [ "autocfg", ] @@ -678,9 +646,9 @@ dependencies = [ [[package]] name = "multimap" -version = "0.4.0" +version = "0.8.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2eb04b9f127583ed176e163fb9ec6f3e793b87e21deedd5734a69386a18a0151" +checksum = "e5ce46fe64a9d73be07dcbe690a38ce1b293be448fd8ce1e6c1b8062c9f72c6a" [[package]] name = "netlink-packet-core" @@ -747,19 +715,6 @@ dependencies = [ "tokio", ] -[[package]] -name = "nix" -version = "0.16.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dd0eaf8df8bab402257e0a5c17a254e4cc1f72a93588a1ddfb5d356c801aa7cb" -dependencies = [ - "bitflags", - "cc", - "cfg-if 0.1.10", - "libc", - "void", -] - [[package]] name = "nix" version = "0.17.0" @@ -775,33 +730,9 @@ dependencies = [ [[package]] name = "nix" -version = "0.19.1" +version = "0.20.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b2ccba0cfe4fdf15982d1674c69b1fd80bad427d293849982668dfe454bd61f2" -dependencies = [ - "bitflags", - "cc", - "cfg-if 1.0.0", - "libc", -] - -[[package]] -name = "nix" -version = "0.20.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fa9b4819da1bc61c0ea48b63b7bc8604064dd43013e7cc325df098d49cd7c18a" -dependencies = [ - "bitflags", - "cc", - "cfg-if 1.0.0", - "libc", -] - -[[package]] -name = "nix" -version = "0.22.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cf1e25ee6b412c2a1e3fcb6a4499a5c1bfe7f43e014bdce9a6b6666e5aa2d187" +checksum = "f5e06129fb611568ef4e868c14b326274959aa70ff7776e9d55323531c374945" dependencies = [ "bitflags", "cc", @@ -812,9 +743,22 @@ dependencies = [ [[package]] name = "nix" -version = "0.23.0" +version = "0.22.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f305c2c2e4c39a82f7bf0bf65fb557f9070ce06781d4f2454295cc34b1c43188" +checksum = "d3bb9a13fa32bc5aeb64150cd3f32d6cf4c748f8f8a417cce5d2eb976a8370ba" +dependencies = [ + "bitflags", + "cc", + "cfg-if 1.0.0", + "libc", + "memoffset", +] + +[[package]] +name = "nix" +version = "0.23.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9f866317acbd3a240710c63f065ffb1e4fd466259045ccb504130b7f668f35c6" dependencies = [ "bitflags", "cc", @@ -861,15 +805,6 @@ dependencies = [ "libc", ] -[[package]] -name = "object" -version = "0.27.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "67ac1d3f9a1d3616fd9a60c8d74296f22406a238b6a72f5cc1e6f314df4ffbf9" -dependencies = [ - "memchr", -] - [[package]] name = "oci" version = "0.1.0" @@ -882,9 +817,9 @@ dependencies = [ [[package]] name = "once_cell" -version = "1.8.0" +version = "1.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "692fcb63b64b1758029e0a96ee63e049ce8c5948587f2f7208df04625e5f6b56" +checksum = "da32515d9f6e6e489d7bc9d84c71b060db7247dc035bbe44eac88cf87486d8d5" [[package]] name = "opentelemetry" @@ -964,11 +899,12 @@ checksum = "d4fd5641d01c8f18a23da7b6fe29298ff4b55afcccdf78973b24cf3175fee32e" [[package]] name = "petgraph" -version = "0.4.13" +version = "0.5.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9c3659d1ee90221741f65dd128d9998311b0e40c5d3c23a62445938214abce4f" +checksum = "467d164a6de56270bd7c4d070df81d07beace25012d5103ced4e9ff08d6afdb7" dependencies = [ "fixedbitset", + "indexmap", ] [[package]] @@ -986,9 +922,9 @@ version = "1.0.8" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6e8fe8163d14ce7f0cdac2e040116f22eac817edabff0be91e8aff7e9accf389" dependencies = [ - "proc-macro2 1.0.32", - "quote 1.0.10", - "syn 1.0.82", + "proc-macro2", + "quote", + "syn", ] [[package]] @@ -1005,9 +941,9 @@ checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184" [[package]] name = "pkg-config" -version = "0.3.22" +version = "0.3.24" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "12295df4f294471248581bc09bef3c38a5e46f1e36d6a37353621a0c6c357e1f" +checksum = "58893f751c9b0412871a09abd62ecd2a00298c6c83befa223ef98c52aef40cbe" [[package]] name = "ppv-lite86" @@ -1016,72 +952,89 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ed0cfbc8191465bed66e1718596ee0b0b35d5ee1f41c5df2189d0fe8bde535ba" [[package]] -name = "proc-macro2" -version = "0.4.30" +name = "proc-macro-hack" +version = "0.5.19" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cf3d2011ab5c909338f7887f4fc896d35932e29146c12c8d01da6b22a80ba759" -dependencies = [ - "unicode-xid 0.1.0", -] +checksum = "dbf0c48bc1d91375ae5c3cd81e3722dff1abcf81a30960240640d223f59fe0e5" + +[[package]] +name = "proc-macro-nested" +version = "0.1.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bc881b2c22681370c6a780e47af9840ef841837bc98118431d4e1868bd0c1086" [[package]] name = "proc-macro2" -version = "1.0.32" +version = "1.0.34" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ba508cc11742c0dc5c1659771673afbab7a0efab23aa17e854cbab0837ed0b43" +checksum = "2f84e92c0f7c9d58328b85a78557813e4bd845130db68d7184635344399423b1" dependencies = [ - "unicode-xid 0.2.2", + "unicode-xid", ] [[package]] name = "procfs" -version = "0.7.9" +version = "0.10.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c434e93ef69c216e68e4f417c927b4f31502c3560b72cfdb6827e2321c5c6b3e" +checksum = "95e344cafeaeefe487300c361654bcfc85db3ac53619eeccced29f5ea18c4c70" +dependencies = [ + "bitflags", + "byteorder", + "flate2", + "hex", + "lazy_static", + "libc", +] + +[[package]] +name = "procfs" +version = "0.12.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0941606b9934e2d98a3677759a971756eb821f75764d0e0d26946d08e74d9104" dependencies = [ "bitflags", "byteorder", "chrono", + "flate2", "hex", "lazy_static", "libc", - "libflate", ] [[package]] name = "prometheus" -version = "0.9.0" +version = "0.13.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dd0ced56dee39a6e960c15c74dc48849d614586db2eaada6497477af7c7811cd" +checksum = "b7f64969ffd5dd8f39bd57a68ac53c163a095ed9d0fb707146da1b27025a3504" dependencies = [ - "cfg-if 0.1.10", + "cfg-if 1.0.0", "fnv", "lazy_static", "libc", - "procfs", + "memchr", + "parking_lot", + "procfs 0.10.1", "protobuf", - "spin", "thiserror", ] [[package]] name = "prost" -version = "0.5.0" +version = "0.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "96d14b1c185652833d24aaad41c5832b0be5616a590227c1fbff57c616754b23" +checksum = "de5e2533f59d08fcf364fd374ebda0692a70bd6d7e66ef97f306f45c6c5d8020" dependencies = [ - "byteorder", - "bytes 0.4.12", + "bytes 1.1.0", "prost-derive", ] [[package]] name = "prost-build" -version = "0.5.0" +version = "0.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "eb788126ea840817128183f8f603dce02cb7aea25c2a0b764359d8e20010702e" +checksum = "355f634b43cdd80724ee7848f95770e7e70eefa6dcf14fea676216573b8fd603" dependencies = [ - "bytes 0.4.12", + "bytes 1.1.0", "heck", "itertools", "log", @@ -1095,24 +1048,24 @@ dependencies = [ [[package]] name = "prost-derive" -version = "0.5.0" +version = "0.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5e7dc378b94ac374644181a2247cebf59a6ec1c88b49ac77f3a94b86b79d0e11" +checksum = "600d2f334aa05acb02a755e217ef1ab6dea4d51b58b7846588b747edec04efba" dependencies = [ - "failure", + "anyhow", "itertools", - "proc-macro2 0.4.30", - "quote 0.6.13", - "syn 0.15.44", + "proc-macro2", + "quote", + "syn", ] [[package]] name = "prost-types" -version = "0.5.0" +version = "0.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1de482a366941c8d56d19b650fac09ca08508f2a696119ee7513ad590c8bac6f" +checksum = "603bbd6394701d13f3f25aada59c7de9d35a6a5887cfc156181234a44002771b" dependencies = [ - "bytes 0.4.12", + "bytes 1.1.0", "prost", ] @@ -1157,22 +1110,13 @@ dependencies = [ "ttrpc-codegen", ] -[[package]] -name = "quote" -version = "0.6.13" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6ce23b6b870e8f94f81fb0a363d65d86675884b34a09043c81e5562f11c1f8e1" -dependencies = [ - "proc-macro2 0.4.30", -] - [[package]] name = "quote" version = "1.0.10" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "38bc8cc6a5f2e3655e0899c1b848643b2562f853f114bfec7be120678e3ace05" dependencies = [ - "proc-macro2 1.0.32", + "proc-macro2", ] [[package]] @@ -1259,12 +1203,6 @@ dependencies = [ "winapi", ] -[[package]] -name = "rle-decode-fast" -version = "1.0.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cabe4fa914dec5870285fa7f71f602645da47c486e68486d2b4ceb4a343e90ac" - [[package]] name = "rlimit" version = "0.5.4" @@ -1284,17 +1222,11 @@ dependencies = [ "log", "netlink-packet-route", "netlink-proto", - "nix 0.22.0", + "nix 0.22.2", "thiserror", "tokio", ] -[[package]] -name = "rustc-demangle" -version = "0.1.21" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7ef03e0a2b150c7a90d01faf6254c9c48a41e95fb2a8c2ac1c6f0d2b9aefc342" - [[package]] name = "rustjail" version = "0.1.0" @@ -1309,7 +1241,7 @@ dependencies = [ "lazy_static", "libc", "libseccomp", - "nix 0.23.0", + "nix 0.23.1", "oci", "path-absolutize", "protobuf", @@ -1330,9 +1262,9 @@ dependencies = [ [[package]] name = "ryu" -version = "1.0.5" +version = "1.0.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "71d301d4193d031abdd79ff7e3dd721168a9572ef3fe51a1517aba235bd8f86e" +checksum = "73b4b750c782965c211b42f022f59af1fbceabdd026623714f104152f1ec149f" [[package]] name = "scan_fmt" @@ -1351,29 +1283,29 @@ checksum = "d29ab0c6d3fc0ee92fe66e2d99f700eab17a8d57d1c1d3b748380fb20baa78cd" [[package]] name = "serde" -version = "1.0.130" +version = "1.0.132" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f12d06de37cf59146fbdecab66aa99f9fe4f78722e3607577a5375d66bd0c913" +checksum = "8b9875c23cf305cd1fd7eb77234cbb705f21ea6a72c637a5c6db5fe4b8e7f008" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.130" +version = "1.0.132" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d7bc1a1ab1961464eae040d96713baa5a724a8152c1222492465b54322ec508b" +checksum = "ecc0db5cb2556c0e558887d9bbdcf6ac4471e83ff66cf696e5419024d1606276" dependencies = [ - "proc-macro2 1.0.32", - "quote 1.0.10", - "syn 1.0.82", + "proc-macro2", + "quote", + "syn", ] [[package]] name = "serde_json" -version = "1.0.72" +version = "1.0.73" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d0ffa0837f2dfa6fb90868c2b5468cad482e175f7dad97e7421951e663f2b527" +checksum = "bcbd0344bc6533bc7ec56df11d42fb70f1b912351c0825ccb7211b59d8af7cf5" dependencies = [ "itoa", "ryu", @@ -1397,9 +1329,9 @@ version = "0.5.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b2acd6defeddb41eb60bb468f8825d0cfd0c2a76bc03bfd235b6a1dc4f6a1ad5" dependencies = [ - "proc-macro2 1.0.32", - "quote 1.0.10", - "syn 1.0.82", + "proc-macro2", + "quote", + "syn", ] [[package]] @@ -1490,32 +1422,15 @@ version = "1.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1ecab6c735a6bb4139c0caafd0cc3635748bbb3acf4550e8138122099251f309" -[[package]] -name = "spin" -version = "0.5.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d" - -[[package]] -name = "syn" -version = "0.15.44" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9ca4b3b69a77cbe1ffc9e198781b7acb0c7365a883670e8f1c1bc66fba79a5c5" -dependencies = [ - "proc-macro2 0.4.30", - "quote 0.6.13", - "unicode-xid 0.1.0", -] - [[package]] name = "syn" version = "1.0.82" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8daf5dd0bb60cbd4137b1b587d2fc0ae729bc07cf01cd70b36a1ed5ade3b9d59" dependencies = [ - "proc-macro2 1.0.32", - "quote 1.0.10", - "unicode-xid 0.2.2", + "proc-macro2", + "quote", + "unicode-xid", ] [[package]] @@ -1553,9 +1468,9 @@ version = "1.0.30" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "aa32fd3f627f367fe16f893e2597ae3c05020f8bba2666a4e6ea73d377e5714b" dependencies = [ - "proc-macro2 1.0.32", - "quote 1.0.10", - "syn 1.0.82", + "proc-macro2", + "quote", + "syn", ] [[package]] @@ -1579,11 +1494,10 @@ dependencies = [ [[package]] name = "tokio" -version = "1.14.0" +version = "1.15.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "70e992e41e0d2fb9f755b37446f20900f64446ef54874f40a60c78f021ac6144" +checksum = "fbbf1c778ec206785635ce8ad57fe52b3009ae9e0c9f574a728f3049d3e55838" dependencies = [ - "autocfg", "bytes 1.1.0", "libc", "memchr", @@ -1599,13 +1513,13 @@ dependencies = [ [[package]] name = "tokio-macros" -version = "1.6.0" +version = "1.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c9efc1aba077437943f7515666aa2b882dfabfbfdf89c819ea75a8d6e9eaba5e" +checksum = "b557f72f448c511a979e2564e55d74e6c4432fc96ff4f6241bc6bded342643b7" dependencies = [ - "proc-macro2 1.0.32", - "quote 1.0.10", - "syn 1.0.82", + "proc-macro2", + "quote", + "syn", ] [[package]] @@ -1673,9 +1587,9 @@ version = "0.1.18" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f4f480b8f81512e825f337ad51e94c1eb5d3bbdf2b363dcd01e2b19a9ffe3f8e" dependencies = [ - "proc-macro2 1.0.32", - "quote 1.0.10", - "syn 1.0.82", + "proc-macro2", + "quote", + "syn", ] [[package]] @@ -1745,16 +1659,16 @@ dependencies = [ [[package]] name = "ttrpc" -version = "0.5.1" +version = "0.5.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "004604e91de38bc16cb9c7898187343075388ea414ad24896a21fc4e91a7c861" +checksum = "66a973ce6d5eaa20c173635b29ffb660dafbc7ef109172c0015ba44e47a23711" dependencies = [ "async-trait", "byteorder", "futures", "libc", "log", - "nix 0.16.1", + "nix 0.20.2", "protobuf", "protobuf-codegen-pure", "thiserror", @@ -1776,9 +1690,9 @@ dependencies = [ [[package]] name = "ttrpc-compiler" -version = "0.4.0" +version = "0.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8c2f2ce8c9a6e9422d0714bc8058b705d503fc9d028e69fae2236050c4721d75" +checksum = "2978ed3fa047d8fd55cbeb4d4a61d461fb3021a90c9618519c73ce7e5bb66c15" dependencies = [ "derive-new", "prost", @@ -1795,12 +1709,6 @@ version = "1.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8895849a949e7845e06bd6dc1aa51731a103c42707010a5b591c0038fb73385b" -[[package]] -name = "unicode-xid" -version = "0.1.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fc72304796d0818e357ead4e000d19c9c174ab23dc11093ac919054d20a6a7fc" - [[package]] name = "unicode-xid" version = "0.2.2" @@ -1815,12 +1723,12 @@ checksum = "6a02e4885ed3bc0f2de90ea6dd45ebcbb66dacffe03547fadbb0eeae2770887d" [[package]] name = "vsock" -version = "0.2.4" +version = "0.2.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c932be691560e8f3f7b2be5a47df1b8f45387e1d1df40d45b2e62284b9e9150e" +checksum = "e32675ee2b3ce5df274c0ab52d19b28789632406277ca26bffee79a8e27dc133" dependencies = [ "libc", - "nix 0.19.1", + "nix 0.23.1", ] [[package]] @@ -1831,7 +1739,7 @@ dependencies = [ "bincode", "byteorder", "libc", - "nix 0.23.0", + "nix 0.23.1", "opentelemetry", "serde", "slog", @@ -1865,9 +1773,9 @@ dependencies = [ "bumpalo", "lazy_static", "log", - "proc-macro2 1.0.32", - "quote 1.0.10", - "syn 1.0.82", + "proc-macro2", + "quote", + "syn", "wasm-bindgen-shared", ] @@ -1877,7 +1785,7 @@ version = "0.2.78" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d56146e7c495528bf6587663bea13a8eb588d39b36b679d83972e1a2dbbdacf9" dependencies = [ - "quote 1.0.10", + "quote", "wasm-bindgen-macro-support", ] @@ -1887,9 +1795,9 @@ version = "0.2.78" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7803e0eea25835f8abdc585cd3021b3deb11543c6fe226dcd30b228857c5c5ab" dependencies = [ - "proc-macro2 1.0.32", - "quote 1.0.10", - "syn 1.0.82", + "proc-macro2", + "quote", + "syn", "wasm-bindgen-backend", "wasm-bindgen-shared", ] @@ -1902,11 +1810,12 @@ checksum = "0237232789cf037d5480773fe568aac745bfe2afbc11a863e97901780a6b47cc" [[package]] name = "which" -version = "2.0.1" +version = "4.2.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b57acb10231b9493c8472b20cb57317d0679a49e0bdbee44b3b803a6473af164" +checksum = "ea187a8ef279bc014ec368c27a920da2024d2a711109bfbe3440585d5cf27ad9" dependencies = [ - "failure", + "either", + "lazy_static", "libc", ] diff --git a/src/agent/Cargo.toml b/src/agent/Cargo.toml index 9957945f2..492666023 100644 --- a/src/agent/Cargo.toml +++ b/src/agent/Cargo.toml @@ -24,7 +24,7 @@ serial_test = "0.5.1" # Async helpers async-trait = "0.1.42" async-recursion = "0.3.2" -futures = "0.3.12" +futures = "0.3.17" # Async runtime tokio = { version = "1.14.0", features = ["full"] } @@ -45,10 +45,10 @@ slog-scope = "4.1.2" slog-stdlog = "4.0.0" log = "0.4.11" -prometheus = { version = "0.9.0", features = ["process"] } -procfs = "0.7.9" +prometheus = { version = "0.13.0", features = ["process"] } +procfs = "0.12.0" anyhow = "1.0.32" -cgroups = { package = "cgroups-rs", version = "0.2.5" } +cgroups = { package = "cgroups-rs", version = "0.2.8" } # Tracing tracing = "0.1.26" diff --git a/src/agent/oci/Cargo.toml b/src/agent/oci/Cargo.toml index b54f04007..dde7b9915 100644 --- a/src/agent/oci/Cargo.toml +++ b/src/agent/oci/Cargo.toml @@ -5,7 +5,7 @@ authors = ["The Kata Containers community "] edition = "2018" [dependencies] -serde = "1.0.91" -serde_derive = "1.0.91" -serde_json = "1.0.39" -libc = "0.2.58" +serde = "1.0.131" +serde_derive = "1.0.131" +serde_json = "1.0.73" +libc = "0.2.112" diff --git a/src/agent/rustjail/Cargo.toml b/src/agent/rustjail/Cargo.toml index e6bb48a49..715152572 100644 --- a/src/agent/rustjail/Cargo.toml +++ b/src/agent/rustjail/Cargo.toml @@ -23,11 +23,11 @@ scan_fmt = "0.2.6" regex = "1.5.4" path-absolutize = "1.2.0" anyhow = "1.0.32" -cgroups = { package = "cgroups-rs", version = "0.2.5" } +cgroups = { package = "cgroups-rs", version = "0.2.8" } rlimit = "0.5.3" tokio = { version = "1.2.0", features = ["sync", "io-util", "process", "time", "macros"] } -futures = "0.3.18" +futures = "0.3.17" async-trait = "0.1.31" inotify = "0.9.2" libseccomp = { version = "0.1.3", optional = true } diff --git a/src/agent/src/metrics.rs b/src/agent/src/metrics.rs index b32dd4487..1c75fc22d 100644 --- a/src/agent/src/metrics.rs +++ b/src/agent/src/metrics.rs @@ -24,50 +24,50 @@ macro_rules! sl { lazy_static! { static ref AGENT_SCRAPE_COUNT: IntCounter = - prometheus::register_int_counter!(format!("{}_{}",NAMESPACE_KATA_AGENT,"scrape_count").as_ref(), "Metrics scrape count").unwrap(); + prometheus::register_int_counter!(format!("{}_{}",NAMESPACE_KATA_AGENT,"scrape_count"), "Metrics scrape count").unwrap(); static ref AGENT_THREADS: Gauge = - prometheus::register_gauge!(format!("{}_{}",NAMESPACE_KATA_AGENT,"threads").as_ref(), "Agent process threads").unwrap(); + prometheus::register_gauge!(format!("{}_{}",NAMESPACE_KATA_AGENT,"threads"), "Agent process threads").unwrap(); static ref AGENT_TOTAL_TIME: Gauge = - prometheus::register_gauge!(format!("{}_{}",NAMESPACE_KATA_AGENT,"total_time").as_ref(), "Agent process total time").unwrap(); + prometheus::register_gauge!(format!("{}_{}",NAMESPACE_KATA_AGENT,"total_time"), "Agent process total time").unwrap(); static ref AGENT_TOTAL_VM: Gauge = - prometheus::register_gauge!(format!("{}_{}",NAMESPACE_KATA_AGENT,"total_vm").as_ref(), "Agent process total VM size").unwrap(); + prometheus::register_gauge!(format!("{}_{}",NAMESPACE_KATA_AGENT,"total_vm"), "Agent process total VM size").unwrap(); static ref AGENT_TOTAL_RSS: Gauge = - prometheus::register_gauge!(format!("{}_{}",NAMESPACE_KATA_AGENT,"total_rss").as_ref(), "Agent process total RSS size").unwrap(); + prometheus::register_gauge!(format!("{}_{}",NAMESPACE_KATA_AGENT,"total_rss"), "Agent process total RSS size").unwrap(); static ref AGENT_PROC_STATUS: GaugeVec = - prometheus::register_gauge_vec!(format!("{}_{}",NAMESPACE_KATA_AGENT,"proc_status").as_ref(), "Agent process status.", &["item"]).unwrap(); + prometheus::register_gauge_vec!(format!("{}_{}",NAMESPACE_KATA_AGENT,"proc_status"), "Agent process status.", &["item"]).unwrap(); static ref AGENT_IO_STAT: GaugeVec = - prometheus::register_gauge_vec!(format!("{}_{}",NAMESPACE_KATA_AGENT,"io_stat").as_ref(), "Agent process IO statistics.", &["item"]).unwrap(); + prometheus::register_gauge_vec!(format!("{}_{}",NAMESPACE_KATA_AGENT,"io_stat"), "Agent process IO statistics.", &["item"]).unwrap(); static ref AGENT_PROC_STAT: GaugeVec = - prometheus::register_gauge_vec!(format!("{}_{}",NAMESPACE_KATA_AGENT,"proc_stat").as_ref(), "Agent process statistics.", &["item"]).unwrap(); + prometheus::register_gauge_vec!(format!("{}_{}",NAMESPACE_KATA_AGENT,"proc_stat"), "Agent process statistics.", &["item"]).unwrap(); // guest os metrics static ref GUEST_LOAD: GaugeVec = - prometheus::register_gauge_vec!(format!("{}_{}",NAMESPACE_KATA_GUEST,"load").as_ref() , "Guest system load.", &["item"]).unwrap(); + prometheus::register_gauge_vec!(format!("{}_{}",NAMESPACE_KATA_GUEST,"load") , "Guest system load.", &["item"]).unwrap(); static ref GUEST_TASKS: GaugeVec = - prometheus::register_gauge_vec!(format!("{}_{}",NAMESPACE_KATA_GUEST,"tasks").as_ref() , "Guest system load.", &["item"]).unwrap(); + prometheus::register_gauge_vec!(format!("{}_{}",NAMESPACE_KATA_GUEST,"tasks") , "Guest system load.", &["item"]).unwrap(); static ref GUEST_CPU_TIME: GaugeVec = - prometheus::register_gauge_vec!(format!("{}_{}",NAMESPACE_KATA_GUEST,"cpu_time").as_ref() , "Guest CPU statistics.", &["cpu","item"]).unwrap(); + prometheus::register_gauge_vec!(format!("{}_{}",NAMESPACE_KATA_GUEST,"cpu_time") , "Guest CPU statistics.", &["cpu","item"]).unwrap(); static ref GUEST_VM_STAT: GaugeVec = - prometheus::register_gauge_vec!(format!("{}_{}",NAMESPACE_KATA_GUEST,"vm_stat").as_ref() , "Guest virtual memory statistics.", &["item"]).unwrap(); + prometheus::register_gauge_vec!(format!("{}_{}",NAMESPACE_KATA_GUEST,"vm_stat") , "Guest virtual memory statistics.", &["item"]).unwrap(); static ref GUEST_NETDEV_STAT: GaugeVec = - prometheus::register_gauge_vec!(format!("{}_{}",NAMESPACE_KATA_GUEST,"netdev_stat").as_ref() , "Guest net devices statistics.", &["interface","item"]).unwrap(); + prometheus::register_gauge_vec!(format!("{}_{}",NAMESPACE_KATA_GUEST,"netdev_stat") , "Guest net devices statistics.", &["interface","item"]).unwrap(); static ref GUEST_DISKSTAT: GaugeVec = - prometheus::register_gauge_vec!(format!("{}_{}",NAMESPACE_KATA_GUEST,"diskstat").as_ref() , "Disks statistics in system.", &["disk","item"]).unwrap(); + prometheus::register_gauge_vec!(format!("{}_{}",NAMESPACE_KATA_GUEST,"diskstat") , "Disks statistics in system.", &["disk","item"]).unwrap(); static ref GUEST_MEMINFO: GaugeVec = - prometheus::register_gauge_vec!(format!("{}_{}",NAMESPACE_KATA_GUEST,"meminfo").as_ref() , "Statistics about memory usage in the system.", &["item"]).unwrap(); + prometheus::register_gauge_vec!(format!("{}_{}",NAMESPACE_KATA_GUEST,"meminfo") , "Statistics about memory usage in the system.", &["item"]).unwrap(); } #[instrument] @@ -352,17 +352,17 @@ fn set_gauge_vec_cpu_time(gv: &prometheus::GaugeVec, cpu: &str, cpu_time: &procf gv.with_label_values(&[cpu, "idle"]) .set(cpu_time.idle as f64); gv.with_label_values(&[cpu, "iowait"]) - .set(cpu_time.iowait.unwrap_or(0.0) as f64); + .set(cpu_time.iowait.unwrap_or(0) as f64); gv.with_label_values(&[cpu, "irq"]) - .set(cpu_time.irq.unwrap_or(0.0) as f64); + .set(cpu_time.irq.unwrap_or(0) as f64); gv.with_label_values(&[cpu, "softirq"]) - .set(cpu_time.softirq.unwrap_or(0.0) as f64); + .set(cpu_time.softirq.unwrap_or(0) as f64); gv.with_label_values(&[cpu, "steal"]) - .set(cpu_time.steal.unwrap_or(0.0) as f64); + .set(cpu_time.steal.unwrap_or(0) as f64); gv.with_label_values(&[cpu, "guest"]) - .set(cpu_time.guest.unwrap_or(0.0) as f64); + .set(cpu_time.guest.unwrap_or(0) as f64); gv.with_label_values(&[cpu, "guest_nice"]) - .set(cpu_time.guest_nice.unwrap_or(0.0) as f64); + .set(cpu_time.guest_nice.unwrap_or(0) as f64); } #[instrument] @@ -474,7 +474,7 @@ fn set_gauge_vec_proc_status(gv: &prometheus::GaugeVec, status: &procfs::process gv.with_label_values(&["vmswap"]) .set(status.vmswap.unwrap_or(0) as f64); gv.with_label_values(&["hugetlbpages"]) - .set(status.hugetblpages.unwrap_or(0) as f64); + .set(status.hugetlbpages.unwrap_or(0) as f64); gv.with_label_values(&["voluntary_ctxt_switches"]) .set(status.voluntary_ctxt_switches.unwrap_or(0) as f64); gv.with_label_values(&["nonvoluntary_ctxt_switches"]) diff --git a/src/agent/src/rpc.rs b/src/agent/src/rpc.rs index 052c4716c..f45ce9236 100644 --- a/src/agent/src/rpc.rs +++ b/src/agent/src/rpc.rs @@ -1714,6 +1714,7 @@ mod tests { fd: -1, mh: MessageHeader::default(), metadata: std::collections::HashMap::new(), + timeout_nano: 0, } } diff --git a/src/libs/logging/Cargo.lock b/src/libs/logging/Cargo.lock index 4c7d67794..78f8feef6 100644 --- a/src/libs/logging/Cargo.lock +++ b/src/libs/logging/Cargo.lock @@ -1,5 +1,7 @@ # This file is automatically @generated by Cargo. # It is not intended for manual editing. +version = 3 + [[package]] name = "arc-swap" version = "1.5.0" @@ -70,9 +72,9 @@ dependencies = [ [[package]] name = "itoa" -version = "0.4.8" +version = "1.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b71991ff56294aa922b450139ee08b3bfc70982c6b2c7562771375cf73542dd4" +checksum = "1aab8fc367588b89dcee83ab0fd66b72b50b72fa1904d7095045ace2b0c81c35" [[package]] name = "lazy_static" @@ -82,9 +84,9 @@ checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" [[package]] name = "libc" -version = "0.2.109" +version = "0.2.112" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f98a04dce437184842841303488f70d0188c5f51437d2a834dc097eafa909a01" +checksum = "1b03d17f364a3a042d5e5d46b053bbbf82c92c9430c592dd4c064dc6ee997125" [[package]] name = "logging" @@ -119,9 +121,9 @@ dependencies = [ [[package]] name = "once_cell" -version = "1.8.0" +version = "1.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "692fcb63b64b1758029e0a96ee63e049ce8c5948587f2f7208df04625e5f6b56" +checksum = "da32515d9f6e6e489d7bc9d84c71b060db7247dc035bbe44eac88cf87486d8d5" [[package]] name = "ppv-lite86" @@ -189,9 +191,9 @@ dependencies = [ [[package]] name = "ryu" -version = "1.0.6" +version = "1.0.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3c9613b5a66ab9ba26415184cfc41156594925a9cf3a2057e57f31ff145f6568" +checksum = "73b4b750c782965c211b42f022f59af1fbceabdd026623714f104152f1ec149f" [[package]] name = "serde" @@ -201,9 +203,9 @@ checksum = "b4ad69dfbd3e45369132cc64e6748c2d65cdfb001a2b1c232d128b4ad60561c1" [[package]] name = "serde_json" -version = "1.0.72" +version = "1.0.73" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d0ffa0837f2dfa6fb90868c2b5468cad482e175f7dad97e7421951e663f2b527" +checksum = "bcbd0344bc6533bc7ec56df11d42fb70f1b912351c0825ccb7211b59d8af7cf5" dependencies = [ "itoa", "ryu", diff --git a/src/libs/logging/Cargo.toml b/src/libs/logging/Cargo.toml index e7762298d..36685c15a 100644 --- a/src/libs/logging/Cargo.toml +++ b/src/libs/logging/Cargo.toml @@ -7,15 +7,15 @@ edition = "2018" # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html [dependencies] -serde_json = "1.0.39" +serde_json = "1.0.73" # slog: # - Dynamic keys required to allow HashMap keys to be slog::Serialized. # - The 'max_*' features allow changing the log level at runtime # (by stopping the compiler from removing log calls). -slog = { version = "2.5.2", features = ["dynamic-keys", "max_level_trace", "release_max_level_debug"] } -slog-json = "2.3.0" -slog-async = "2.3.0" -slog-scope = "4.1.2" +slog = { version = "2.7.0", features = ["dynamic-keys", "max_level_trace", "release_max_level_debug"] } +slog-json = "2.4.0" +slog-async = "2.7.0" +slog-scope = "4.4.0" [dev-dependencies] -tempfile = "3.1.0" +tempfile = "3.2.0" diff --git a/src/tools/agent-ctl/Cargo.lock b/src/tools/agent-ctl/Cargo.lock index 1c39cd18b..d82e11e6e 100644 --- a/src/tools/agent-ctl/Cargo.lock +++ b/src/tools/agent-ctl/Cargo.lock @@ -2,21 +2,6 @@ # It is not intended for manual editing. version = 3 -[[package]] -name = "addr2line" -version = "0.17.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b9ecd88a8c8378ca913a680cd98f0f13ac67383d35993f86c90a70e3f137816b" -dependencies = [ - "gimli", -] - -[[package]] -name = "adler" -version = "1.0.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f26201604c87b1e01bd3d98f8d5d9a8fcbb815e8cedb41ffccbeb4bf593a35fe" - [[package]] name = "aho-corasick" version = "0.7.18" @@ -28,18 +13,18 @@ dependencies = [ [[package]] name = "ansi_term" -version = "0.11.0" +version = "0.12.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ee49baf6cb617b853aa8d93bf420db2383fab46d314482ca2803b40d5fde979b" +checksum = "d52a9bb7ec0cf484c551830a7ce27bd20d67eac647e1befb56b0be4ee39a55d2" dependencies = [ "winapi", ] [[package]] name = "anyhow" -version = "1.0.48" +version = "1.0.51" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "62e1f47f7dc0422027a4e370dd4548d4d66b26782e513e98dca1e689e058a80e" +checksum = "8b26702f315f53b6071259e15dd9d64528213b44d61de1ec926eca7715d62203" [[package]] name = "arc-swap" @@ -49,13 +34,13 @@ checksum = "c5d78ce20460b82d3fa150275ed9d55e21064fc7951177baacf86a145c4a4b1f" [[package]] name = "async-trait" -version = "0.1.51" +version = "0.1.52" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "44318e776df68115a881de9a8fd1b9e53368d7a4a5ce4cc48517da3393233a5e" +checksum = "061a7acccaa286c011ddc30970520b98fa40e00c9d644633fb26b5fc63a265e3" dependencies = [ - "proc-macro2 1.0.32", - "quote 1.0.10", - "syn 1.0.82", + "proc-macro2", + "quote", + "syn", ] [[package]] @@ -75,26 +60,11 @@ version = "1.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "cdb031dd78e28731d87d56cc8ffef4a8f36ca26c38fe2de700543e627f8a464a" -[[package]] -name = "backtrace" -version = "0.3.63" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "321629d8ba6513061f26707241fa9bc89524ff1cd7a915a97ef0c62c666ce1b6" -dependencies = [ - "addr2line", - "cc", - "cfg-if 1.0.0", - "libc", - "miniz_oxide", - "object", - "rustc-demangle", -] - [[package]] name = "bitflags" -version = "1.3.2" +version = "1.2.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a" +checksum = "cf1de2fe8c75bc145a2f577add951f8134889b4795d47466a54a5c846d691693" [[package]] name = "byteorder" @@ -145,12 +115,6 @@ version = "1.0.72" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "22a9137b95ea06864e018375b72adfb7db6e6f68cfc8df5a04d00288050485ee" -[[package]] -name = "cfg-if" -version = "0.1.10" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4785bdd1c96b2a846b2bd7cc02e86b6b3dbf14e7e53446c4f54c92a361040822" - [[package]] name = "cfg-if" version = "1.0.0" @@ -159,13 +123,13 @@ checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" [[package]] name = "cgroups-rs" -version = "0.2.6" +version = "0.2.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5c5c9f6e5c72958dc962baa5f8bb37fb611017854b0d774b8adab4d7416ab445" +checksum = "1b827f9d9f6c2fff719d25f5d44cbc8d2ef6df1ef00d055c5c14d5dc25529579" dependencies = [ "libc", "log", - "nix 0.20.0", + "nix 0.23.1", "regex", ] @@ -184,9 +148,9 @@ dependencies = [ [[package]] name = "clap" -version = "2.33.3" +version = "2.34.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "37e58ac78573c40708d45522f0d80fa2f01cc4f9b4e2bf749807255454312002" +checksum = "a0610544180c38b88101fecf2dd634b174a62eef6946f84dfc6a7127512b381c" dependencies = [ "ansi_term", "atty", @@ -203,7 +167,7 @@ version = "0.5.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "06ed27e177f16d65f0f0c22a213e17c696ace5dd64b14258b52f9417ccb52db4" dependencies = [ - "cfg-if 1.0.0", + "cfg-if", "crossbeam-utils", ] @@ -213,7 +177,7 @@ version = "0.8.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d82cfc11ce7f2c3faef78d8a684447b40d503d9681acebed6cb728d45940c4db" dependencies = [ - "cfg-if 1.0.0", + "cfg-if", "lazy_static", ] @@ -223,9 +187,9 @@ version = "0.5.9" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3418329ca0ad70234b9735dc4ceed10af4df60eff9c8e7b06cb5e520d92c3535" dependencies = [ - "proc-macro2 1.0.32", - "quote 1.0.10", - "syn 1.0.82", + "proc-macro2", + "quote", + "syn", ] [[package]] @@ -255,26 +219,17 @@ dependencies = [ "libc", ] -[[package]] -name = "failure" -version = "0.1.8" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d32e9bd16cc02eae7db7ef620b392808b89f6a5e16bb3497d159c6b92a0f4f86" -dependencies = [ - "backtrace", -] - [[package]] name = "fixedbitset" -version = "0.1.9" +version = "0.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "86d4de0081402f5e88cdac65c8dcdcc73118c1a7a465e2a05f0da05843a8ea33" +checksum = "37ab347416e802de484e4d03c7316c48f1ecb56574dfd4a46a80f173ce1de04d" [[package]] name = "futures" -version = "0.3.18" +version = "0.3.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8cd0210d8c325c245ff06fd95a3b13689a1a276ac8cfa8e8720cb840bfb84b9e" +checksum = "a12aa0eb539080d55c3f2d45a67c3b58b6b0773c1a3ca2dfec66d58c97fd66ca" dependencies = [ "futures-channel", "futures-core", @@ -287,9 +242,9 @@ dependencies = [ [[package]] name = "futures-channel" -version = "0.3.18" +version = "0.3.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7fc8cd39e3dbf865f7340dce6a2d401d24fd37c6fe6c4f0ee0de8bfca2252d27" +checksum = "5da6ba8c3bb3c165d3c7319fc1cc8304facf1fb8db99c5de877183c08a273888" dependencies = [ "futures-core", "futures-sink", @@ -297,15 +252,15 @@ dependencies = [ [[package]] name = "futures-core" -version = "0.3.18" +version = "0.3.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "629316e42fe7c2a0b9a65b47d159ceaa5453ab14e8f0a3c5eedbb8cd55b4a445" +checksum = "88d1c26957f23603395cd326b0ffe64124b818f4449552f960d815cfba83a53d" [[package]] name = "futures-executor" -version = "0.3.18" +version = "0.3.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7b808bf53348a36cab739d7e04755909b9fcaaa69b7d7e588b37b6ec62704c97" +checksum = "45025be030969d763025784f7f355043dc6bc74093e4ecc5000ca4dc50d8745c" dependencies = [ "futures-core", "futures-task", @@ -314,39 +269,42 @@ dependencies = [ [[package]] name = "futures-io" -version = "0.3.18" +version = "0.3.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e481354db6b5c353246ccf6a728b0c5511d752c08da7260546fc0933869daa11" +checksum = "522de2a0fe3e380f1bc577ba0474108faf3f6b18321dbf60b3b9c39a75073377" [[package]] name = "futures-macro" -version = "0.3.18" +version = "0.3.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a89f17b21645bc4ed773c69af9c9a0effd4a3f1a3876eadd453469f8854e7fdd" +checksum = "18e4a4b95cea4b4ccbcf1c5675ca7c4ee4e9e75eb79944d07defde18068f79bb" dependencies = [ - "proc-macro2 1.0.32", - "quote 1.0.10", - "syn 1.0.82", + "autocfg", + "proc-macro-hack", + "proc-macro2", + "quote", + "syn", ] [[package]] name = "futures-sink" -version = "0.3.18" +version = "0.3.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "996c6442437b62d21a32cd9906f9c41e7dc1e19a9579843fad948696769305af" +checksum = "36ea153c13024fe480590b3e3d4cad89a0cfacecc24577b68f86c6ced9c2bc11" [[package]] name = "futures-task" -version = "0.3.18" +version = "0.3.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dabf1872aaab32c886832f2276d2f5399887e2bd613698a02359e4ea83f8de12" +checksum = "1d3d00f4eddb73e498a54394f228cd55853bdf059259e8e7bc6e69d408892e99" [[package]] name = "futures-util" -version = "0.3.18" +version = "0.3.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "41d22213122356472061ac0f1ab2cee28d2bac8491410fd68c2af53d1cedb83e" +checksum = "36568465210a3a6ee45e1f165136d68671471a501e632e9a98d96872222b5481" dependencies = [ + "autocfg", "futures-channel", "futures-core", "futures-io", @@ -356,36 +314,27 @@ dependencies = [ "memchr", "pin-project-lite", "pin-utils", + "proc-macro-hack", + "proc-macro-nested", "slab", ] -[[package]] -name = "getrandom" -version = "0.1.16" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8fc3cb4d91f53b50155bdcfd23f6a4c39ae1969c2ae85982b135750cccaf5fce" -dependencies = [ - "cfg-if 1.0.0", - "libc", - "wasi 0.9.0+wasi-snapshot-preview1", -] - [[package]] name = "getrandom" version = "0.2.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7fcd999463524c52659517fe2cea98493cfe485d10565e7b0fb07dbba7ad2753" dependencies = [ - "cfg-if 1.0.0", + "cfg-if", "libc", - "wasi 0.10.2+wasi-snapshot-preview1", + "wasi", ] [[package]] -name = "gimli" -version = "0.26.1" +name = "hashbrown" +version = "0.11.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "78cc372d058dcf6d5ecd98510e7fbc9e5aec4d21de70f65fea8fecebcd881bd4" +checksum = "ab5ef0d4909ef3724cc8cce6ccc8572c5c817592e9285f5464f8e86f8bd3726e" [[package]] name = "heck" @@ -417,6 +366,16 @@ version = "2.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9a3a5bfb195931eeb336b2a7b4d761daec841b97f947d34394601737a7bba5e4" +[[package]] +name = "indexmap" +version = "1.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bc633605454125dec4b66843673f01c7df2b89479b32e0ed634e43a91cff62a5" +dependencies = [ + "autocfg", + "hashbrown", +] + [[package]] name = "inotify" version = "0.9.6" @@ -450,18 +409,18 @@ dependencies = [ [[package]] name = "itertools" -version = "0.8.2" +version = "0.10.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f56a2d0bc861f9165be4eb3442afd3c236d8a98afd426f65d92324ae1091a484" +checksum = "a9a9d19fa1e79b6215ff29b9d6880b706147f16e9b1dbb1e4e5947b5b02bc5e3" dependencies = [ "either", ] [[package]] name = "itoa" -version = "0.4.8" +version = "1.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b71991ff56294aa922b450139ee08b3bfc70982c6b2c7562771375cf73542dd4" +checksum = "1aab8fc367588b89dcee83ab0fd66b72b50b72fa1904d7095045ace2b0c81c35" [[package]] name = "kata-agent-ctl" @@ -475,11 +434,11 @@ dependencies = [ "lazy_static", "libc", "logging", - "nix 0.21.0", + "nix 0.23.1", "oci", "protobuf", "protocols", - "rand 0.7.3", + "rand", "rustjail", "serde", "serde_json", @@ -496,9 +455,9 @@ checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" [[package]] name = "libc" -version = "0.2.108" +version = "0.2.112" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8521a1b57e76b1ec69af7599e75e38e7b7fad6610f037db8c79b127201b5d119" +checksum = "1b03d17f364a3a042d5e5d46b053bbbf82c92c9430c592dd4c064dc6ee997125" [[package]] name = "log" @@ -506,7 +465,7 @@ version = "0.4.14" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "51b9bbe6c47d51fc3e1a9b945965946b4c44142ab8792c50835a980d362c2710" dependencies = [ - "cfg-if 1.0.0", + "cfg-if", ] [[package]] @@ -528,23 +487,13 @@ checksum = "308cc39be01b73d0d18f82a0e7b2a3df85245f84af96fdddc5d202d27e47b86a" [[package]] name = "memoffset" -version = "0.6.4" +version = "0.6.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "59accc507f1338036a0477ef61afdae33cde60840f4dfe481319ce3ad116ddf9" +checksum = "5aa361d4faea93603064a027415f07bd8e1d5c88c9fbf68bf56a285428fd79ce" dependencies = [ "autocfg", ] -[[package]] -name = "miniz_oxide" -version = "0.4.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a92518e98c078586bc6c934028adcca4c92a53d6a958196de835170a01d84e4b" -dependencies = [ - "adler", - "autocfg", -] - [[package]] name = "mio" version = "0.7.14" @@ -569,69 +518,32 @@ dependencies = [ [[package]] name = "multimap" -version = "0.4.0" +version = "0.8.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2eb04b9f127583ed176e163fb9ec6f3e793b87e21deedd5734a69386a18a0151" +checksum = "e5ce46fe64a9d73be07dcbe690a38ce1b293be448fd8ce1e6c1b8062c9f72c6a" [[package]] name = "nix" -version = "0.16.1" +version = "0.20.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dd0eaf8df8bab402257e0a5c17a254e4cc1f72a93588a1ddfb5d356c801aa7cb" +checksum = "f5e06129fb611568ef4e868c14b326274959aa70ff7776e9d55323531c374945" dependencies = [ "bitflags", "cc", - "cfg-if 0.1.10", - "libc", - "void", -] - -[[package]] -name = "nix" -version = "0.19.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b2ccba0cfe4fdf15982d1674c69b1fd80bad427d293849982668dfe454bd61f2" -dependencies = [ - "bitflags", - "cc", - "cfg-if 1.0.0", - "libc", -] - -[[package]] -name = "nix" -version = "0.20.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fa9b4819da1bc61c0ea48b63b7bc8604064dd43013e7cc325df098d49cd7c18a" -dependencies = [ - "bitflags", - "cc", - "cfg-if 1.0.0", - "libc", -] - -[[package]] -name = "nix" -version = "0.21.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5c3728fec49d363a50a8828a190b379a446cc5cf085c06259bbbeb34447e4ec7" -dependencies = [ - "bitflags", - "cc", - "cfg-if 1.0.0", + "cfg-if", "libc", "memoffset", ] [[package]] name = "nix" -version = "0.23.0" +version = "0.23.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f305c2c2e4c39a82f7bf0bf65fb557f9070ce06781d4f2454295cc34b1c43188" +checksum = "9f866317acbd3a240710c63f065ffb1e4fd466259045ccb504130b7f668f35c6" dependencies = [ "bitflags", "cc", - "cfg-if 1.0.0", + "cfg-if", "libc", "memoffset", ] @@ -664,15 +576,6 @@ dependencies = [ "autocfg", ] -[[package]] -name = "object" -version = "0.27.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "67ac1d3f9a1d3616fd9a60c8d74296f22406a238b6a72f5cc1e6f314df4ffbf9" -dependencies = [ - "memchr", -] - [[package]] name = "oci" version = "0.1.0" @@ -685,9 +588,9 @@ dependencies = [ [[package]] name = "once_cell" -version = "1.8.0" +version = "1.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "692fcb63b64b1758029e0a96ee63e049ce8c5948587f2f7208df04625e5f6b56" +checksum = "da32515d9f6e6e489d7bc9d84c71b060db7247dc035bbe44eac88cf87486d8d5" [[package]] name = "path-absolutize" @@ -710,11 +613,12 @@ dependencies = [ [[package]] name = "petgraph" -version = "0.4.13" +version = "0.5.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9c3659d1ee90221741f65dd128d9998311b0e40c5d3c23a62445938214abce4f" +checksum = "467d164a6de56270bd7c4d070df81d07beace25012d5103ced4e9ff08d6afdb7" dependencies = [ "fixedbitset", + "indexmap", ] [[package]] @@ -736,41 +640,43 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ed0cfbc8191465bed66e1718596ee0b0b35d5ee1f41c5df2189d0fe8bde535ba" [[package]] -name = "proc-macro2" -version = "0.4.30" +name = "proc-macro-hack" +version = "0.5.19" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cf3d2011ab5c909338f7887f4fc896d35932e29146c12c8d01da6b22a80ba759" -dependencies = [ - "unicode-xid 0.1.0", -] +checksum = "dbf0c48bc1d91375ae5c3cd81e3722dff1abcf81a30960240640d223f59fe0e5" + +[[package]] +name = "proc-macro-nested" +version = "0.1.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bc881b2c22681370c6a780e47af9840ef841837bc98118431d4e1868bd0c1086" [[package]] name = "proc-macro2" -version = "1.0.32" +version = "1.0.34" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ba508cc11742c0dc5c1659771673afbab7a0efab23aa17e854cbab0837ed0b43" +checksum = "2f84e92c0f7c9d58328b85a78557813e4bd845130db68d7184635344399423b1" dependencies = [ - "unicode-xid 0.2.2", + "unicode-xid", ] [[package]] name = "prost" -version = "0.5.0" +version = "0.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "96d14b1c185652833d24aaad41c5832b0be5616a590227c1fbff57c616754b23" +checksum = "de5e2533f59d08fcf364fd374ebda0692a70bd6d7e66ef97f306f45c6c5d8020" dependencies = [ - "byteorder", - "bytes 0.4.12", + "bytes 1.1.0", "prost-derive", ] [[package]] name = "prost-build" -version = "0.5.0" +version = "0.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "eb788126ea840817128183f8f603dce02cb7aea25c2a0b764359d8e20010702e" +checksum = "355f634b43cdd80724ee7848f95770e7e70eefa6dcf14fea676216573b8fd603" dependencies = [ - "bytes 0.4.12", + "bytes 1.1.0", "heck", "itertools", "log", @@ -784,24 +690,24 @@ dependencies = [ [[package]] name = "prost-derive" -version = "0.5.0" +version = "0.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5e7dc378b94ac374644181a2247cebf59a6ec1c88b49ac77f3a94b86b79d0e11" +checksum = "600d2f334aa05acb02a755e217ef1ab6dea4d51b58b7846588b747edec04efba" dependencies = [ - "failure", + "anyhow", "itertools", - "proc-macro2 0.4.30", - "quote 0.6.13", - "syn 0.15.44", + "proc-macro2", + "quote", + "syn", ] [[package]] name = "prost-types" -version = "0.5.0" +version = "0.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1de482a366941c8d56d19b650fac09ca08508f2a696119ee7513ad590c8bac6f" +checksum = "603bbd6394701d13f3f25aada59c7de9d35a6a5887cfc156181234a44002771b" dependencies = [ - "bytes 0.4.12", + "bytes 1.1.0", "prost", ] @@ -846,35 +752,13 @@ dependencies = [ "ttrpc-codegen", ] -[[package]] -name = "quote" -version = "0.6.13" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6ce23b6b870e8f94f81fb0a363d65d86675884b34a09043c81e5562f11c1f8e1" -dependencies = [ - "proc-macro2 0.4.30", -] - [[package]] name = "quote" version = "1.0.10" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "38bc8cc6a5f2e3655e0899c1b848643b2562f853f114bfec7be120678e3ace05" dependencies = [ - "proc-macro2 1.0.32", -] - -[[package]] -name = "rand" -version = "0.7.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6a6b1679d49b24bbfe0c803429aa1874472f50d9b363131f0e89fc356b544d03" -dependencies = [ - "getrandom 0.1.16", - "libc", - "rand_chacha 0.2.2", - "rand_core 0.5.1", - "rand_hc 0.2.0", + "proc-macro2", ] [[package]] @@ -884,19 +768,9 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2e7573632e6454cf6b99d7aac4ccca54be06da05aca2ef7423d22d27d4d4bcd8" dependencies = [ "libc", - "rand_chacha 0.3.1", - "rand_core 0.6.3", - "rand_hc 0.3.1", -] - -[[package]] -name = "rand_chacha" -version = "0.2.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f4c8ed856279c9737206bf725bf36935d8666ead7aa69b52be55af369d193402" -dependencies = [ - "ppv-lite86", - "rand_core 0.5.1", + "rand_chacha", + "rand_core", + "rand_hc", ] [[package]] @@ -906,16 +780,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88" dependencies = [ "ppv-lite86", - "rand_core 0.6.3", -] - -[[package]] -name = "rand_core" -version = "0.5.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "90bde5296fc891b0cef12a6d03ddccc162ce7b2aff54160af9338f8d40df6d19" -dependencies = [ - "getrandom 0.1.16", + "rand_core", ] [[package]] @@ -924,16 +789,7 @@ version = "0.6.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d34f1408f55294453790c48b2f1ebbb1c5b4b7563eb1f418bcfcfdbb06ebb4e7" dependencies = [ - "getrandom 0.2.3", -] - -[[package]] -name = "rand_hc" -version = "0.2.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ca3129af7b92a17112d59ad498c6f81eaf463253766b90396d39ea7a39d6613c" -dependencies = [ - "rand_core 0.5.1", + "getrandom", ] [[package]] @@ -942,7 +798,7 @@ version = "0.3.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d51e9f596de227fda2ea6c84607f5558e196eeaf43c986b724ba4fb8fdf497e7" dependencies = [ - "rand_core 0.6.3", + "rand_core", ] [[package]] @@ -989,12 +845,6 @@ dependencies = [ "libc", ] -[[package]] -name = "rustc-demangle" -version = "0.1.21" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7ef03e0a2b150c7a90d01faf6254c9c48a41e95fb2a8c2ac1c6f0d2b9aefc342" - [[package]] name = "rustjail" version = "0.1.0" @@ -1008,7 +858,7 @@ dependencies = [ "inotify", "lazy_static", "libc", - "nix 0.23.0", + "nix 0.23.1", "oci", "path-absolutize", "protobuf", @@ -1027,9 +877,9 @@ dependencies = [ [[package]] name = "ryu" -version = "1.0.5" +version = "1.0.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "71d301d4193d031abdd79ff7e3dd721168a9572ef3fe51a1517aba235bd8f86e" +checksum = "73b4b750c782965c211b42f022f59af1fbceabdd026623714f104152f1ec149f" [[package]] name = "scan_fmt" @@ -1048,29 +898,29 @@ checksum = "d29ab0c6d3fc0ee92fe66e2d99f700eab17a8d57d1c1d3b748380fb20baa78cd" [[package]] name = "serde" -version = "1.0.130" +version = "1.0.132" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f12d06de37cf59146fbdecab66aa99f9fe4f78722e3607577a5375d66bd0c913" +checksum = "8b9875c23cf305cd1fd7eb77234cbb705f21ea6a72c637a5c6db5fe4b8e7f008" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.130" +version = "1.0.132" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d7bc1a1ab1961464eae040d96713baa5a724a8152c1222492465b54322ec508b" +checksum = "ecc0db5cb2556c0e558887d9bbdcf6ac4471e83ff66cf696e5419024d1606276" dependencies = [ - "proc-macro2 1.0.32", - "quote 1.0.10", - "syn 1.0.82", + "proc-macro2", + "quote", + "syn", ] [[package]] name = "serde_json" -version = "1.0.72" +version = "1.0.73" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d0ffa0837f2dfa6fb90868c2b5468cad482e175f7dad97e7421951e663f2b527" +checksum = "bcbd0344bc6533bc7ec56df11d42fb70f1b912351c0825ccb7211b59d8af7cf5" dependencies = [ "itoa", "ryu", @@ -1145,26 +995,15 @@ version = "0.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8ea5119cdb4c55b55d432abb513a0429384878c15dde60cc77b1c99de1a95a6a" -[[package]] -name = "syn" -version = "0.15.44" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9ca4b3b69a77cbe1ffc9e198781b7acb0c7365a883670e8f1c1bc66fba79a5c5" -dependencies = [ - "proc-macro2 0.4.30", - "quote 0.6.13", - "unicode-xid 0.1.0", -] - [[package]] name = "syn" version = "1.0.82" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8daf5dd0bb60cbd4137b1b587d2fc0ae729bc07cf01cd70b36a1ed5ade3b9d59" dependencies = [ - "proc-macro2 1.0.32", - "quote 1.0.10", - "unicode-xid 0.2.2", + "proc-macro2", + "quote", + "unicode-xid", ] [[package]] @@ -1179,9 +1018,9 @@ version = "3.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "dac1c663cfc93810f88aed9b8941d48cabf856a1b111c29a40439018d870eb22" dependencies = [ - "cfg-if 1.0.0", + "cfg-if", "libc", - "rand 0.8.4", + "rand", "redox_syscall", "remove_dir_all", "winapi", @@ -1211,9 +1050,9 @@ version = "1.0.30" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "aa32fd3f627f367fe16f893e2597ae3c05020f8bba2666a4e6ea73d377e5714b" dependencies = [ - "proc-macro2 1.0.32", - "quote 1.0.10", - "syn 1.0.82", + "proc-macro2", + "quote", + "syn", ] [[package]] @@ -1237,11 +1076,10 @@ dependencies = [ [[package]] name = "tokio" -version = "1.14.0" +version = "1.15.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "70e992e41e0d2fb9f755b37446f20900f64446ef54874f40a60c78f021ac6144" +checksum = "fbbf1c778ec206785635ce8ad57fe52b3009ae9e0c9f574a728f3049d3e55838" dependencies = [ - "autocfg", "bytes 1.1.0", "libc", "memchr", @@ -1255,13 +1093,13 @@ dependencies = [ [[package]] name = "tokio-macros" -version = "1.6.0" +version = "1.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c9efc1aba077437943f7515666aa2b882dfabfbfdf89c819ea75a8d6e9eaba5e" +checksum = "b557f72f448c511a979e2564e55d74e6c4432fc96ff4f6241bc6bded342643b7" dependencies = [ - "proc-macro2 1.0.32", - "quote 1.0.10", - "syn 1.0.82", + "proc-macro2", + "quote", + "syn", ] [[package]] @@ -1279,16 +1117,16 @@ dependencies = [ [[package]] name = "ttrpc" -version = "0.5.1" +version = "0.5.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "004604e91de38bc16cb9c7898187343075388ea414ad24896a21fc4e91a7c861" +checksum = "66a973ce6d5eaa20c173635b29ffb660dafbc7ef109172c0015ba44e47a23711" dependencies = [ "async-trait", "byteorder", "futures", "libc", "log", - "nix 0.16.1", + "nix 0.20.2", "protobuf", "protobuf-codegen-pure", "thiserror", @@ -1310,9 +1148,9 @@ dependencies = [ [[package]] name = "ttrpc-compiler" -version = "0.4.0" +version = "0.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8c2f2ce8c9a6e9422d0714bc8058b705d503fc9d028e69fae2236050c4721d75" +checksum = "2978ed3fa047d8fd55cbeb4d4a61d461fb3021a90c9618519c73ce7e5bb66c15" dependencies = [ "derive-new", "prost", @@ -1335,12 +1173,6 @@ version = "0.1.9" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3ed742d4ea2bd1176e236172c8429aaf54486e7ac098db29ffe6529e0ce50973" -[[package]] -name = "unicode-xid" -version = "0.1.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fc72304796d0818e357ead4e000d19c9c174ab23dc11093ac919054d20a6a7fc" - [[package]] name = "unicode-xid" version = "0.2.2" @@ -1353,28 +1185,16 @@ version = "0.8.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f1bddf1187be692e79c5ffeab891132dfb0f236ed36a43c7ed39f1165ee20191" -[[package]] -name = "void" -version = "1.0.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6a02e4885ed3bc0f2de90ea6dd45ebcbb66dacffe03547fadbb0eeae2770887d" - [[package]] name = "vsock" -version = "0.2.4" +version = "0.2.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c932be691560e8f3f7b2be5a47df1b8f45387e1d1df40d45b2e62284b9e9150e" +checksum = "e32675ee2b3ce5df274c0ab52d19b28789632406277ca26bffee79a8e27dc133" dependencies = [ "libc", - "nix 0.19.1", + "nix 0.23.1", ] -[[package]] -name = "wasi" -version = "0.9.0+wasi-snapshot-preview1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cccddf32554fecc6acb585f82a32a72e28b48f8c4c1883ddfeeeaa96f7d8e519" - [[package]] name = "wasi" version = "0.10.2+wasi-snapshot-preview1" @@ -1383,11 +1203,12 @@ checksum = "fd6fbd9a79829dd1ad0cc20627bf1ed606756a7f77edff7b66b7064f9cb327c6" [[package]] name = "which" -version = "2.0.1" +version = "4.2.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b57acb10231b9493c8472b20cb57317d0679a49e0bdbee44b3b803a6473af164" +checksum = "ea187a8ef279bc014ec368c27a920da2024d2a711109bfbe3440585d5cf27ad9" dependencies = [ - "failure", + "either", + "lazy_static", "libc", ] diff --git a/src/tools/agent-ctl/Cargo.toml b/src/tools/agent-ctl/Cargo.toml index a6fdb2b1d..8fc30dbb8 100644 --- a/src/tools/agent-ctl/Cargo.toml +++ b/src/tools/agent-ctl/Cargo.toml @@ -23,19 +23,19 @@ byteorder = "1.3.4" # Note: this crate sets the slog 'max_*' features which allows the log level # to be modified at runtime. logging = { path = "../../libs/logging" } -slog = "2.5.2" -slog-scope = "4.3.0" -rand = "0.7.3" +slog = "2.7.0" +slog-scope = "4.4.0" +rand = "0.8.4" protobuf = "2.14.0" -nix = "0.21.0" -libc = "0.2.69" +nix = "0.23.0" +libc = "0.2.112" # XXX: Must be the same as the version used by the agent -ttrpc = { version = "0.5.0" } +ttrpc = { version = "0.5.2" } # For parsing timeouts -humantime = "2.0.0" +humantime = "2.1.0" # For Options (state passing) -serde = { version = "1.0.130", features = ["derive"] } -serde_json = "1.0.68" +serde = { version = "1.0.131", features = ["derive"] } +serde_json = "1.0.73" diff --git a/src/tools/agent-ctl/src/utils.rs b/src/tools/agent-ctl/src/utils.rs index 41235494c..14359c6d9 100644 --- a/src/tools/agent-ctl/src/utils.rs +++ b/src/tools/agent-ctl/src/utils.rs @@ -229,7 +229,7 @@ pub fn generate_random_hex_string(len: u32) -> String { let str: String = (0..len) .map(|_| { - let idx = rng.gen_range(0, CHARSET.len()); + let idx = rng.gen_range(0..CHARSET.len()); CHARSET[idx] as char }) .collect(); diff --git a/src/tools/trace-forwarder/Cargo.lock b/src/tools/trace-forwarder/Cargo.lock index 62ea27e6e..e8272b7b6 100644 --- a/src/tools/trace-forwarder/Cargo.lock +++ b/src/tools/trace-forwarder/Cargo.lock @@ -2,15 +2,6 @@ # It is not intended for manual editing. version = 3 -[[package]] -name = "ansi_term" -version = "0.11.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ee49baf6cb617b853aa8d93bf420db2383fab46d314482ca2803b40d5fde979b" -dependencies = [ - "winapi", -] - [[package]] name = "ansi_term" version = "0.12.1" @@ -22,9 +13,9 @@ dependencies = [ [[package]] name = "anyhow" -version = "1.0.48" +version = "1.0.51" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "62e1f47f7dc0422027a4e370dd4548d4d66b26782e513e98dca1e689e058a80e" +checksum = "8b26702f315f53b6071259e15dd9d64528213b44d61de1ec926eca7715d62203" [[package]] name = "arc-swap" @@ -34,9 +25,9 @@ checksum = "c5d78ce20460b82d3fa150275ed9d55e21064fc7951177baacf86a145c4a4b1f" [[package]] name = "async-trait" -version = "0.1.51" +version = "0.1.52" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "44318e776df68115a881de9a8fd1b9e53368d7a4a5ce4cc48517da3393233a5e" +checksum = "061a7acccaa286c011ddc30970520b98fa40e00c9d644633fb26b5fc63a265e3" dependencies = [ "proc-macro2", "quote", @@ -114,11 +105,11 @@ dependencies = [ [[package]] name = "clap" -version = "2.33.3" +version = "2.34.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "37e58ac78573c40708d45522f0d80fa2f01cc4f9b4e2bf749807255454312002" +checksum = "a0610544180c38b88101fecf2dd634b174a62eef6946f84dfc6a7127512b381c" dependencies = [ - "ansi_term 0.11.0", + "ansi_term", "atty", "bitflags", "strsim", @@ -149,9 +140,9 @@ dependencies = [ [[package]] name = "futures" -version = "0.3.18" +version = "0.3.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8cd0210d8c325c245ff06fd95a3b13689a1a276ac8cfa8e8720cb840bfb84b9e" +checksum = "a12aa0eb539080d55c3f2d45a67c3b58b6b0773c1a3ca2dfec66d58c97fd66ca" dependencies = [ "futures-channel", "futures-core", @@ -164,9 +155,9 @@ dependencies = [ [[package]] name = "futures-channel" -version = "0.3.18" +version = "0.3.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7fc8cd39e3dbf865f7340dce6a2d401d24fd37c6fe6c4f0ee0de8bfca2252d27" +checksum = "5da6ba8c3bb3c165d3c7319fc1cc8304facf1fb8db99c5de877183c08a273888" dependencies = [ "futures-core", "futures-sink", @@ -174,15 +165,15 @@ dependencies = [ [[package]] name = "futures-core" -version = "0.3.18" +version = "0.3.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "629316e42fe7c2a0b9a65b47d159ceaa5453ab14e8f0a3c5eedbb8cd55b4a445" +checksum = "88d1c26957f23603395cd326b0ffe64124b818f4449552f960d815cfba83a53d" [[package]] name = "futures-executor" -version = "0.3.18" +version = "0.3.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7b808bf53348a36cab739d7e04755909b9fcaaa69b7d7e588b37b6ec62704c97" +checksum = "45025be030969d763025784f7f355043dc6bc74093e4ecc5000ca4dc50d8745c" dependencies = [ "futures-core", "futures-task", @@ -191,16 +182,18 @@ dependencies = [ [[package]] name = "futures-io" -version = "0.3.18" +version = "0.3.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e481354db6b5c353246ccf6a728b0c5511d752c08da7260546fc0933869daa11" +checksum = "522de2a0fe3e380f1bc577ba0474108faf3f6b18321dbf60b3b9c39a75073377" [[package]] name = "futures-macro" -version = "0.3.18" +version = "0.3.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a89f17b21645bc4ed773c69af9c9a0effd4a3f1a3876eadd453469f8854e7fdd" +checksum = "18e4a4b95cea4b4ccbcf1c5675ca7c4ee4e9e75eb79944d07defde18068f79bb" dependencies = [ + "autocfg", + "proc-macro-hack", "proc-macro2", "quote", "syn", @@ -208,22 +201,23 @@ dependencies = [ [[package]] name = "futures-sink" -version = "0.3.18" +version = "0.3.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "996c6442437b62d21a32cd9906f9c41e7dc1e19a9579843fad948696769305af" +checksum = "36ea153c13024fe480590b3e3d4cad89a0cfacecc24577b68f86c6ced9c2bc11" [[package]] name = "futures-task" -version = "0.3.18" +version = "0.3.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dabf1872aaab32c886832f2276d2f5399887e2bd613698a02359e4ea83f8de12" +checksum = "1d3d00f4eddb73e498a54394f228cd55853bdf059259e8e7bc6e69d408892e99" [[package]] name = "futures-util" -version = "0.3.18" +version = "0.3.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "41d22213122356472061ac0f1ab2cee28d2bac8491410fd68c2af53d1cedb83e" +checksum = "36568465210a3a6ee45e1f165136d68671471a501e632e9a98d96872222b5481" dependencies = [ + "autocfg", "futures-channel", "futures-core", "futures-io", @@ -233,6 +227,8 @@ dependencies = [ "memchr", "pin-project-lite", "pin-utils", + "proc-macro-hack", + "proc-macro-nested", "slab", ] @@ -264,9 +260,9 @@ checksum = "48dc51180a9b377fd75814d0cc02199c20f8e99433d6762f650d39cdbbd3b56f" [[package]] name = "itoa" -version = "0.4.8" +version = "1.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b71991ff56294aa922b450139ee08b3bfc70982c6b2c7562771375cf73542dd4" +checksum = "1aab8fc367588b89dcee83ab0fd66b72b50b72fa1904d7095045ace2b0c81c35" [[package]] name = "js-sys" @@ -288,8 +284,8 @@ dependencies = [ "futures", "libc", "logging", - "nix 0.21.0", - "opentelemetry", + "nix", + "opentelemetry 0.14.0", "opentelemetry-jaeger", "privdrop", "protobuf", @@ -311,9 +307,9 @@ checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" [[package]] name = "libc" -version = "0.2.108" +version = "0.2.112" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8521a1b57e76b1ec69af7599e75e38e7b7fad6610f037db8c79b127201b5d119" +checksum = "1b03d17f364a3a042d5e5d46b053bbbf82c92c9430c592dd4c064dc6ee997125" [[package]] name = "log" @@ -335,15 +331,6 @@ dependencies = [ "slog-scope", ] -[[package]] -name = "matchers" -version = "0.0.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f099785f7595cc4b4553a174ce30dd7589ef93391ff414dbb67f62392b9e0ce1" -dependencies = [ - "regex-automata", -] - [[package]] name = "memchr" version = "2.4.1" @@ -352,43 +339,18 @@ checksum = "308cc39be01b73d0d18f82a0e7b2a3df85245f84af96fdddc5d202d27e47b86a" [[package]] name = "memoffset" -version = "0.6.4" +version = "0.6.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "59accc507f1338036a0477ef61afdae33cde60840f4dfe481319ce3ad116ddf9" +checksum = "5aa361d4faea93603064a027415f07bd8e1d5c88c9fbf68bf56a285428fd79ce" dependencies = [ "autocfg", ] [[package]] name = "nix" -version = "0.19.1" +version = "0.23.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b2ccba0cfe4fdf15982d1674c69b1fd80bad427d293849982668dfe454bd61f2" -dependencies = [ - "bitflags", - "cc", - "cfg-if", - "libc", -] - -[[package]] -name = "nix" -version = "0.21.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5c3728fec49d363a50a8828a190b379a446cc5cf085c06259bbbeb34447e4ec7" -dependencies = [ - "bitflags", - "cc", - "cfg-if", - "libc", - "memoffset", -] - -[[package]] -name = "nix" -version = "0.23.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f305c2c2e4c39a82f7bf0bf65fb557f9070ce06781d4f2454295cc34b1c43188" +checksum = "9f866317acbd3a240710c63f065ffb1e4fd466259045ccb504130b7f668f35c6" dependencies = [ "bitflags", "cc", @@ -428,9 +390,9 @@ dependencies = [ [[package]] name = "once_cell" -version = "1.8.0" +version = "1.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "692fcb63b64b1758029e0a96ee63e049ce8c5948587f2f7208df04625e5f6b56" +checksum = "da32515d9f6e6e489d7bc9d84c71b060db7247dc035bbe44eac88cf87486d8d5" [[package]] name = "opentelemetry" @@ -450,6 +412,23 @@ dependencies = [ "thiserror", ] +[[package]] +name = "opentelemetry" +version = "0.16.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e1cf9b1c4e9a6c4de793c632496fa490bdc0e1eea73f0c91394f7b6990935d22" +dependencies = [ + "async-trait", + "crossbeam-channel", + "futures", + "js-sys", + "lazy_static", + "percent-encoding", + "pin-project", + "rand", + "thiserror", +] + [[package]] name = "opentelemetry-jaeger" version = "0.13.0" @@ -458,7 +437,7 @@ checksum = "97fd9ed34f208e0394bfb17522ba0d890925685dfd883147670ed474339d4647" dependencies = [ "async-trait", "lazy_static", - "opentelemetry", + "opentelemetry 0.14.0", "thiserror", "thrift", ] @@ -523,14 +502,26 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4c02cf257b10e4b807bccadb19630d5dea7e0369c3c5e84673ee8e58dc8da6a5" dependencies = [ "libc", - "nix 0.23.0", + "nix", ] [[package]] -name = "proc-macro2" -version = "1.0.32" +name = "proc-macro-hack" +version = "0.5.19" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ba508cc11742c0dc5c1659771673afbab7a0efab23aa17e854cbab0837ed0b43" +checksum = "dbf0c48bc1d91375ae5c3cd81e3722dff1abcf81a30960240640d223f59fe0e5" + +[[package]] +name = "proc-macro-nested" +version = "0.1.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bc881b2c22681370c6a780e47af9840ef841837bc98118431d4e1868bd0c1086" + +[[package]] +name = "proc-macro2" +version = "1.0.34" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2f84e92c0f7c9d58328b85a78557813e4bd845130db68d7184635344399423b1" dependencies = [ "unicode-xid", ] @@ -599,30 +590,6 @@ dependencies = [ "bitflags", ] -[[package]] -name = "regex" -version = "1.5.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d07a8629359eb56f1e2fb1652bb04212c072a87ba68546a04065d525673ac461" -dependencies = [ - "regex-syntax", -] - -[[package]] -name = "regex-automata" -version = "0.1.10" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6c230d73fb8d8c1b9c0b3135c5142a8acee3a0558fb8db5cf1cb65f8d7862132" -dependencies = [ - "regex-syntax", -] - -[[package]] -name = "regex-syntax" -version = "0.6.25" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f497285884f3fcff424ffc933e56d7cbca511def0c9831a7f9b5f6153e3cc89b" - [[package]] name = "remove_dir_all" version = "0.5.3" @@ -634,24 +601,24 @@ dependencies = [ [[package]] name = "ryu" -version = "1.0.5" +version = "1.0.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "71d301d4193d031abdd79ff7e3dd721168a9572ef3fe51a1517aba235bd8f86e" +checksum = "73b4b750c782965c211b42f022f59af1fbceabdd026623714f104152f1ec149f" [[package]] name = "serde" -version = "1.0.130" +version = "1.0.132" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f12d06de37cf59146fbdecab66aa99f9fe4f78722e3607577a5375d66bd0c913" +checksum = "8b9875c23cf305cd1fd7eb77234cbb705f21ea6a72c637a5c6db5fe4b8e7f008" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.130" +version = "1.0.132" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d7bc1a1ab1961464eae040d96713baa5a724a8152c1222492465b54322ec508b" +checksum = "ecc0db5cb2556c0e558887d9bbdcf6ac4471e83ff66cf696e5419024d1606276" dependencies = [ "proc-macro2", "quote", @@ -660,9 +627,9 @@ dependencies = [ [[package]] name = "serde_json" -version = "1.0.72" +version = "1.0.73" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d0ffa0837f2dfa6fb90868c2b5468cad482e175f7dad97e7421951e663f2b527" +checksum = "bcbd0344bc6533bc7ec56df11d42fb70f1b912351c0825ccb7211b59d8af7cf5" dependencies = [ "itoa", "ryu", @@ -883,47 +850,29 @@ dependencies = [ [[package]] name = "tracing-opentelemetry" -version = "0.13.0" +version = "0.16.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e2f4cb277b92a8ba1170b3b911056428ce2ef9993351baf5965bb0359a2e5963" +checksum = "3ffbf13a0f8b054a4e59df3a173b818e9c6177c02789871f2073977fd0062076" dependencies = [ - "opentelemetry", + "opentelemetry 0.16.0", "tracing", "tracing-core", "tracing-log", "tracing-subscriber", ] -[[package]] -name = "tracing-serde" -version = "0.1.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fb65ea441fbb84f9f6748fd496cf7f63ec9af5bca94dd86456978d055e8eb28b" -dependencies = [ - "serde", - "tracing-core", -] - [[package]] name = "tracing-subscriber" -version = "0.2.25" +version = "0.3.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0e0d2eaa99c3c2e41547cfa109e910a68ea03823cccad4a0525dcbc9b01e8c71" +checksum = "245da694cc7fc4729f3f418b304cb57789f1bed2a78c575407ab8a23f53cb4d3" dependencies = [ - "ansi_term 0.12.1", - "chrono", - "lazy_static", - "matchers", - "regex", - "serde", - "serde_json", + "ansi_term", "sharded-slab", "smallvec", "thread_local", - "tracing", "tracing-core", "tracing-log", - "tracing-serde", ] [[package]] @@ -946,12 +895,12 @@ checksum = "f1bddf1187be692e79c5ffeab891132dfb0f236ed36a43c7ed39f1165ee20191" [[package]] name = "vsock" -version = "0.2.4" +version = "0.2.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c932be691560e8f3f7b2be5a47df1b8f45387e1d1df40d45b2e62284b9e9150e" +checksum = "e32675ee2b3ce5df274c0ab52d19b28789632406277ca26bffee79a8e27dc133" dependencies = [ "libc", - "nix 0.19.1", + "nix", ] [[package]] diff --git a/src/tools/trace-forwarder/Cargo.toml b/src/tools/trace-forwarder/Cargo.toml index 846acfebd..8a520a26a 100644 --- a/src/tools/trace-forwarder/Cargo.toml +++ b/src/tools/trace-forwarder/Cargo.toml @@ -13,7 +13,7 @@ edition = "2018" futures = "0.3.15" clap = "2.33.0" vsock = "0.2.3" -nix = "0.21.0" +nix = "0.23.0" libc = "0.2.94" serde = { version = "1.0.126", features = ["derive"] } bincode = "1.3.3" @@ -23,9 +23,9 @@ anyhow = "1.0.31" opentelemetry = { version = "0.14.0", features=["serialize"] } opentelemetry-jaeger = "0.13.0" protobuf = "=2.14.0" -tracing-opentelemetry = "0.13.0" -tracing = "0.1.26" -tracing-subscriber = "0.2.18" +tracing-opentelemetry = "0.16.0" +tracing = "0.1.29" +tracing-subscriber = "0.3.3" # Note: this crate sets the slog 'max_*' features which allows the log level # to be modified at runtime. From 91abebf92e5842b8296d6be2e36ec8e72ca505f5 Mon Sep 17 00:00:00 2001 From: Dov Murik Date: Wed, 22 Dec 2021 09:01:59 +0200 Subject: [PATCH 32/37] agent: mount: Remove unneeded mount_point local variable We already have a `mount_path` local Path variable which holds the mount point. Use it instead of creating a new `mount_point` variable with identical type and content. Fixes: #3332 Signed-off-by: Dov Murik --- src/agent/src/mount.rs | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/agent/src/mount.rs b/src/agent/src/mount.rs index d2ab2b132..6df33c422 100644 --- a/src/agent/src/mount.rs +++ b/src/agent/src/mount.rs @@ -449,18 +449,17 @@ fn mount_storage(logger: &Logger, storage: &Storage) -> Result<()> { let (flags, options) = parse_mount_flags_and_options(options_vec); let source = Path::new(&storage.source); - let mount_point = Path::new(&storage.mount_point); info!(logger, "mounting storage"; "mount-source" => source.display(), - "mount-destination" => mount_point.display(), + "mount-destination" => mount_path.display(), "mount-fstype" => storage.fstype.as_str(), "mount-options" => options.as_str(), ); baremount( source, - mount_point, + mount_path, storage.fstype.as_str(), flags, options.as_str(), From 205420d21b20e700498eedb48880e9dbbdbb9908 Mon Sep 17 00:00:00 2001 From: Jakob Naucke Date: Wed, 22 Dec 2021 18:15:01 +0100 Subject: [PATCH 33/37] docs: Replicate branch rename on runtime-spec renamed branch `master` to `main` Fixes: #3336 Signed-off-by: Jakob Naucke --- docs/design/host-cgroups.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/design/host-cgroups.md b/docs/design/host-cgroups.md index cabdfe47a..afbc93809 100644 --- a/docs/design/host-cgroups.md +++ b/docs/design/host-cgroups.md @@ -242,8 +242,8 @@ On the other hand, running all non vCPU threads under a dedicated overhead cgrou accurate metrics on the actual Kata Container pod overhead, allowing for tuning the overhead cgroup size and constraints accordingly. -[linux-config]: https://github.com/opencontainers/runtime-spec/blob/master/config-linux.md -[cgroupspath]: https://github.com/opencontainers/runtime-spec/blob/master/config-linux.md#cgroups-path +[linux-config]: https://github.com/opencontainers/runtime-spec/blob/main/config-linux.md +[cgroupspath]: https://github.com/opencontainers/runtime-spec/blob/main/config-linux.md#cgroups-path # Supported cgroups From 55bac67ac62def1fb6e3821d14355b0221a20200 Mon Sep 17 00:00:00 2001 From: Jakob Naucke Date: Wed, 22 Dec 2021 18:57:47 +0100 Subject: [PATCH 34/37] docs: Fix kernel configs README spelling errors - `fragments` in backticks - s/perfoms/performs/ Fixes: #3338 Signed-off-by: Jakob Naucke --- tools/packaging/kernel/configs/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/packaging/kernel/configs/README.md b/tools/packaging/kernel/configs/README.md index d3e550666..61845a285 100644 --- a/tools/packaging/kernel/configs/README.md +++ b/tools/packaging/kernel/configs/README.md @@ -7,7 +7,7 @@ Containers VM kernels. This directory holds config files for the Kata Linux Kernel in two forms: -- A tree of config file 'fragments' in the `fragments` sub-folder, that are +- A tree of config file `fragments` in the `fragments` sub-folder, that are constructed into a complete config file using the kernel `scripts/kconfig/merge_config.sh` script. - As complete config files that can be used as-is. @@ -56,7 +56,7 @@ Example of valid exclusion: # !s390x !ppc64le ``` -The fragment gathering tool perfoms some basic sanity checks, and the `build-kernel.sh` will +The fragment gathering tool performs some basic sanity checks, and the `build-kernel.sh` will fail and report the error in the cases of: - A duplicate `CONFIG` symbol appearing. From 137e217b85fe3ae65168803e458115f60d48275b Mon Sep 17 00:00:00 2001 From: Jakob Naucke Date: Wed, 22 Dec 2021 19:40:25 +0100 Subject: [PATCH 35/37] docs: Fix outdated k8s link in virtcontainers readme Signed-off-by: Jakob Naucke --- src/runtime/virtcontainers/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/runtime/virtcontainers/README.md b/src/runtime/virtcontainers/README.md index bd090b65d..c9556829d 100644 --- a/src/runtime/virtcontainers/README.md +++ b/src/runtime/virtcontainers/README.md @@ -17,7 +17,7 @@ or the [Kubernetes CRI][cri]) to the `virtcontainers` API. `virtcontainers` was used as a foundational package for the [Clear Containers][cc] [runtime][cc-runtime] implementation. [oci]: https://github.com/opencontainers/runtime-spec -[cri]: https://git.k8s.io/community/contributors/devel/sig-node/container-runtime-interface.md +[cri]: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-node/container-runtime-interface.md [cc]: https://github.com/clearcontainers/ [cc-runtime]: https://github.com/clearcontainers/runtime/ From 073a345908db970add3e1087a37d51318363bd78 Mon Sep 17 00:00:00 2001 From: Ziye Yang Date: Thu, 14 Oct 2021 14:55:41 +0000 Subject: [PATCH 36/37] use-cases: clarify vhost-user-nvme status in using-spdk-vhost-user SPDK vhost-user-nvme target is removed from SPDK 21.07 release since upstreamed QEMU version does not support. Fixes this usage. Fixes #3371 Signed-off-by: Ziye Yang --- docs/use-cases/using-SPDK-vhostuser-and-kata.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/use-cases/using-SPDK-vhostuser-and-kata.md b/docs/use-cases/using-SPDK-vhostuser-and-kata.md index 4cef647ea..e7f9f7a3b 100644 --- a/docs/use-cases/using-SPDK-vhostuser-and-kata.md +++ b/docs/use-cases/using-SPDK-vhostuser-and-kata.md @@ -104,7 +104,7 @@ devices: - `vhost-user-blk` - `vhost-user-scsi` -- `vhost-user-nvme` +- `vhost-user-nvme` (deprecated from SPDK 21.07 release) For more information, visit [SPDK](https://spdk.io) and [SPDK vhost-user target](https://spdk.io/doc/vhost.html). From d85ef3f6a5ef756ea04495aefb4d068ac70f997f Mon Sep 17 00:00:00 2001 From: stevenhorsman Date: Thu, 27 Jan 2022 10:44:18 +0000 Subject: [PATCH 37/37] agent: Update ocicrypt-rs package - Update the ocicrypt-rs package after https://github.com/containers/ocicrypt-rs/issues/16 was fixed Signed-off-by: stevenhorsman --- src/agent/Cargo.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/agent/Cargo.lock b/src/agent/Cargo.lock index 5a9a7e7ec..9ff6458a4 100644 --- a/src/agent/Cargo.lock +++ b/src/agent/Cargo.lock @@ -1302,7 +1302,7 @@ dependencies = [ [[package]] name = "ocicrypt-rs" version = "0.1.0" -source = "git+https://github.com/containers/ocicrypt-rs#9af596112a64326828416806e049cf0e0ffc9320" +source = "git+https://github.com/containers/ocicrypt-rs#c4e1505a7bb2f1f556b653b180fef972fa12ae79" dependencies = [ "aes", "aes-gcm",