From 09672eb2daa4d1e48f99c58521a0bb2809a0feec Mon Sep 17 00:00:00 2001 From: Bin Liu Date: Wed, 27 Jul 2022 00:32:03 +0800 Subject: [PATCH 01/21] agent: do some rollback works if case of do_create_container failed In some cases do_create_container may return an error, mostly due to `container.start(process)` call. This commit will do some rollback works if this function failed. Fixes: #4749 Signed-off-by: Bin Liu --- src/agent/src/rpc.rs | 70 ++++++++++++++++++++++++++++---------------- 1 file changed, 45 insertions(+), 25 deletions(-) diff --git a/src/agent/src/rpc.rs b/src/agent/src/rpc.rs index bcf2096d2..4f7710fec 100644 --- a/src/agent/src/rpc.rs +++ b/src/agent/src/rpc.rs @@ -249,7 +249,20 @@ impl AgentService { info!(sl!(), "no process configurations!"); return Err(anyhow!(nix::Error::EINVAL)); }; - ctr.start(p).await?; + + // if starting container failed, we will do some rollback work + // to ensure no resources are leaked. + if let Err(err) = ctr.start(p).await { + error!(sl!(), "failed to start container: {:?}", err); + if let Err(e) = ctr.destroy().await { + error!(sl!(), "failed to destroy container: {:?}", e); + } + if let Err(e) = remove_container_resources(&mut s, &cid) { + error!(sl!(), "failed to remove container resources: {:?}", e); + } + return Err(err); + } + s.update_shared_pidns(&ctr)?; s.add_container(ctr); info!(sl!(), "created container!"); @@ -295,27 +308,6 @@ impl AgentService { req: protocols::agent::RemoveContainerRequest, ) -> Result<()> { let cid = req.container_id.clone(); - let mut cmounts: Vec = vec![]; - - let mut remove_container_resources = |sandbox: &mut Sandbox| -> Result<()> { - // Find the sandbox storage used by this container - let mounts = sandbox.container_mounts.get(&cid); - if let Some(mounts) = mounts { - for m in mounts.iter() { - if sandbox.storages.get(m).is_some() { - cmounts.push(m.to_string()); - } - } - } - - for m in cmounts.iter() { - sandbox.unset_and_remove_sandbox_storage(m)?; - } - - sandbox.container_mounts.remove(cid.as_str()); - sandbox.containers.remove(cid.as_str()); - Ok(()) - }; if req.timeout == 0 { let s = Arc::clone(&self.sandbox); @@ -329,7 +321,7 @@ impl AgentService { .destroy() .await?; - remove_container_resources(&mut sandbox)?; + remove_container_resources(&mut sandbox, &cid)?; return Ok(()); } @@ -361,8 +353,7 @@ impl AgentService { let s = self.sandbox.clone(); let mut sandbox = s.lock().await; - - remove_container_resources(&mut sandbox)?; + remove_container_resources(&mut sandbox, &cid)?; Ok(()) } @@ -1752,6 +1743,35 @@ fn update_container_namespaces( Ok(()) } +fn remove_container_resources(sandbox: &mut Sandbox, cid: &str) -> Result<()> { + let mut cmounts: Vec = vec![]; + + // Find the sandbox storage used by this container + let mounts = sandbox.container_mounts.get(cid); + if let Some(mounts) = mounts { + for m in mounts.iter() { + if sandbox.storages.get(m).is_some() { + cmounts.push(m.to_string()); + } + } + } + + for m in cmounts.iter() { + if let Err(err) = sandbox.unset_and_remove_sandbox_storage(m) { + error!( + sl!(), + "failed to unset_and_remove_sandbox_storage for container {}, error: {:?}", + cid, + err + ); + } + } + + sandbox.container_mounts.remove(cid); + sandbox.containers.remove(cid); + Ok(()) +} + fn append_guest_hooks(s: &Sandbox, oci: &mut Spec) -> Result<()> { if let Some(ref guest_hooks) = s.hooks { let mut hooks = oci.hooks.take().unwrap_or_default(); From fcc1e0c6172de5ed27c7aa69bcb632a7d8aef566 Mon Sep 17 00:00:00 2001 From: Chelsea Mafrica Date: Fri, 12 Aug 2022 10:35:10 -0700 Subject: [PATCH 02/21] runtime: tracing: End root span at end of trace The root span should exist the duration of the trace. Defer ending span until the end of the trace instead of end of function. Add the span to the service struct to do so. Fixes #4902 Signed-off-by: Chelsea Mafrica --- src/runtime/pkg/containerd-shim-v2/create.go | 3 ++- src/runtime/pkg/containerd-shim-v2/service.go | 7 +++++-- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/src/runtime/pkg/containerd-shim-v2/create.go b/src/runtime/pkg/containerd-shim-v2/create.go index 6b14a94c7..65113ac1b 100644 --- a/src/runtime/pkg/containerd-shim-v2/create.go +++ b/src/runtime/pkg/containerd-shim-v2/create.go @@ -97,9 +97,10 @@ func create(ctx context.Context, s *service, r *taskAPI.CreateTaskRequest) (*con } // create root span + // rootSpan will be ended when the entire trace is ended rootSpan, newCtx := katatrace.Trace(s.ctx, shimLog, "rootSpan", shimTracingTags) s.rootCtx = newCtx - defer rootSpan.End() + s.rootSpan = rootSpan // create span span, newCtx := katatrace.Trace(s.rootCtx, shimLog, "create", shimTracingTags) diff --git a/src/runtime/pkg/containerd-shim-v2/service.go b/src/runtime/pkg/containerd-shim-v2/service.go index 9e703c9e2..b9e8460fb 100644 --- a/src/runtime/pkg/containerd-shim-v2/service.go +++ b/src/runtime/pkg/containerd-shim-v2/service.go @@ -28,6 +28,7 @@ import ( "github.com/opencontainers/runtime-spec/specs-go" "github.com/pkg/errors" "github.com/sirupsen/logrus" + otelTrace "go.opentelemetry.io/otel/trace" "golang.org/x/sys/unix" "github.com/kata-containers/kata-containers/src/runtime/pkg/katautils" @@ -122,8 +123,9 @@ type exit struct { type service struct { sandbox vc.VCSandbox - ctx context.Context - rootCtx context.Context // root context for tracing + ctx context.Context + rootCtx context.Context // root context for tracing + rootSpan otelTrace.Span containers map[string]*container @@ -946,6 +948,7 @@ func (s *service) Shutdown(ctx context.Context, r *taskAPI.ShutdownRequest) (_ * s.mu.Unlock() span.End() + s.rootSpan.End() katatrace.StopTracing(s.rootCtx) return empty, nil From 3829ab809f29eafd8b8b2e2a1a1aa3d91c78450f Mon Sep 17 00:00:00 2001 From: Prajwal Borkar Date: Wed, 10 Aug 2022 19:41:00 +0530 Subject: [PATCH 03/21] docs: Update CRI-O target link Fixes #4767 Signed-off-by: Prajwal Borkar --- docs/install/minikube-installation-guide.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/install/minikube-installation-guide.md b/docs/install/minikube-installation-guide.md index 7bc80b4b8..299e5fa59 100644 --- a/docs/install/minikube-installation-guide.md +++ b/docs/install/minikube-installation-guide.md @@ -55,11 +55,11 @@ Here are the features to set up a CRI-O based Minikube, and why you need them: | what | why | | ---- | --- | -| `--bootstrapper=kubeadm` | As recommended for [minikube CRI-o](https://kubernetes.io/docs/setup/minikube/#cri-o) | +| `--bootstrapper=kubeadm` | As recommended for [minikube CRI-O](https://minikube.sigs.k8s.io/docs/handbook/config/#runtime-configuration) | | `--container-runtime=cri-o` | Using CRI-O for Kata | -| `--enable-default-cni` | As recommended for [minikube CRI-o](https://kubernetes.io/docs/setup/minikube/#cri-o) | +| `--enable-default-cni` | As recommended for [minikube CRI-O](https://minikube.sigs.k8s.io/docs/handbook/config/#runtime-configuration) | | `--memory 6144` | Allocate sufficient memory, as Kata Containers default to 1 or 2Gb | -| `--network-plugin=cni` | As recommended for [minikube CRI-o](https://kubernetes.io/docs/setup/minikube/#cri-o) | +| `--network-plugin=cni` | As recommended for [minikube CRI-O](https://minikube.sigs.k8s.io/docs/handbook/config/#runtime-configuration) | | `--vm-driver kvm2` | The host VM driver | To use containerd, modify the `--container-runtime` argument: From 78231a36e447469b0c9cdd842e57040e9ffe2a6b Mon Sep 17 00:00:00 2001 From: Manabu Sugimoto Date: Wed, 17 Aug 2022 15:31:17 +0900 Subject: [PATCH 04/21] ci: Update libseccomp version Updates the libseccomp version that is being used in the Kata CI. Fixes: #4858, #4939 Signed-off-by: Manabu Sugimoto --- ci/install_libseccomp.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ci/install_libseccomp.sh b/ci/install_libseccomp.sh index 4c4a42cb9..e13ede9ad 100755 --- a/ci/install_libseccomp.sh +++ b/ci/install_libseccomp.sh @@ -28,7 +28,7 @@ workdir="$(mktemp -d --tmpdir build-libseccomp.XXXXX)" # After solving the issue, replace this code by using the `versions.yaml`. # libseccomp_version=$(get_version "externals.libseccomp.version") # libseccomp_url=$(get_version "externals.libseccomp.url") -libseccomp_version="2.5.1" +libseccomp_version="2.5.4" libseccomp_url="https://github.com/seccomp/libseccomp" libseccomp_tarball="libseccomp-${libseccomp_version}.tar.gz" libseccomp_tarball_url="${libseccomp_url}/releases/download/v${libseccomp_version}/${libseccomp_tarball}" From 338c282950d091bd43e019099d72b1a4fccba9d5 Mon Sep 17 00:00:00 2001 From: Peng Tao Date: Tue, 16 Aug 2022 17:46:05 +0800 Subject: [PATCH 05/21] dep: update nix dependency To fix CVE-2021-45707 that affects nix < 0.20.2. Fixes: #4929 Signed-off-by: Peng Tao --- src/agent/Cargo.lock | 30 +- src/agent/Cargo.toml | 2 +- src/agent/rustjail/Cargo.toml | 2 +- src/agent/rustjail/src/seccomp.rs | 29 +- src/agent/vsock-exporter/Cargo.toml | 2 +- src/dragonball/Cargo.toml | 2 +- src/libs/kata-sys-util/Cargo.toml | 2 +- src/runtime-rs/Cargo.lock | 408 +++++++++++++++--- src/runtime-rs/crates/hypervisor/Cargo.toml | 2 +- src/runtime-rs/crates/resource/Cargo.toml | 2 +- .../crates/runtimes/common/Cargo.toml | 2 +- .../crates/runtimes/virt_container/Cargo.toml | 2 +- src/runtime-rs/crates/shim/Cargo.toml | 2 +- 13 files changed, 379 insertions(+), 108 deletions(-) diff --git a/src/agent/Cargo.lock b/src/agent/Cargo.lock index 69c619284..987f16ffa 100644 --- a/src/agent/Cargo.lock +++ b/src/agent/Cargo.lock @@ -718,21 +718,20 @@ checksum = "349d5a591cd28b49e1d1037471617a32ddcda5731b99419008085f72d5a53836" [[package]] name = "libseccomp" -version = "0.1.3" +version = "0.2.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "36ad71a5b66ceef3acfe6a3178b29b4da063f8bcb2c36dab666d52a7a9cfdb86" +checksum = "49bda1fbf25c42ac8942ff7df1eb6172a3bc36299e84be0dba8c888a7db68c80" dependencies = [ "libc", "libseccomp-sys", - "nix 0.17.0", "pkg-config", ] [[package]] name = "libseccomp-sys" -version = "0.1.1" +version = "0.2.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "539912de229a4fc16e507e8df12a394038a524a5b5b6c92045ad344472aac475" +checksum = "9a7cbbd4ad467251987c6e5b47d53b11a5a05add08f2447a9e2d70aef1e0d138" [[package]] name = "lock_api" @@ -905,19 +904,6 @@ dependencies = [ "tokio", ] -[[package]] -name = "nix" -version = "0.17.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "50e4785f2c3b7589a0d0c1dd60285e1188adac4006e8abd6dd578e1567027363" -dependencies = [ - "bitflags", - "cc", - "cfg-if 0.1.10", - "libc", - "void", -] - [[package]] name = "nix" version = "0.23.1" @@ -2057,12 +2043,6 @@ version = "0.9.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f" -[[package]] -name = "void" -version = "1.0.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6a02e4885ed3bc0f2de90ea6dd45ebcbb66dacffe03547fadbb0eeae2770887d" - [[package]] name = "vsock" version = "0.2.6" @@ -2081,7 +2061,7 @@ dependencies = [ "bincode", "byteorder", "libc", - "nix 0.23.1", + "nix 0.24.2", "opentelemetry", "serde", "slog", diff --git a/src/agent/Cargo.toml b/src/agent/Cargo.toml index 70358585f..bada4c4dd 100644 --- a/src/agent/Cargo.toml +++ b/src/agent/Cargo.toml @@ -12,7 +12,7 @@ lazy_static = "1.3.0" ttrpc = { version = "0.6.0", features = ["async"], default-features = false } protobuf = "2.27.0" libc = "0.2.58" -nix = "0.24.1" +nix = "0.24.2" capctl = "0.2.0" serde_json = "1.0.39" scan_fmt = "0.2.3" diff --git a/src/agent/rustjail/Cargo.toml b/src/agent/rustjail/Cargo.toml index 375591c9f..6d0a3a518 100644 --- a/src/agent/rustjail/Cargo.toml +++ b/src/agent/rustjail/Cargo.toml @@ -31,7 +31,7 @@ tokio = { version = "1.2.0", features = ["sync", "io-util", "process", "time", " futures = "0.3.17" async-trait = "0.1.31" inotify = "0.9.2" -libseccomp = { version = "0.1.3", optional = true } +libseccomp = { version = "0.2.3", optional = true } [dev-dependencies] serial_test = "0.5.0" diff --git a/src/agent/rustjail/src/seccomp.rs b/src/agent/rustjail/src/seccomp.rs index 3496a45d8..fab019787 100644 --- a/src/agent/rustjail/src/seccomp.rs +++ b/src/agent/rustjail/src/seccomp.rs @@ -26,12 +26,15 @@ fn get_rule_conditions(args: &[LinuxSeccompArg]) -> Result> return Err(anyhow!("seccomp opreator is required")); } - let cond = ScmpArgCompare::new( - arg.index, - ScmpCompareOp::from_str(&arg.op)?, - arg.value, - Some(arg.value_two), - ); + let mut op = ScmpCompareOp::from_str(&arg.op)?; + let mut value = arg.value; + // For SCMP_CMP_MASKED_EQ, arg.value is the mask and arg.value_two is the value + if op == ScmpCompareOp::MaskedEqual(u64::default()) { + op = ScmpCompareOp::MaskedEqual(arg.value); + value = arg.value_two; + } + + let cond = ScmpArgCompare::new(arg.index, op, value); conditions.push(cond); } @@ -44,7 +47,7 @@ pub fn get_unknown_syscalls(scmp: &LinuxSeccomp) -> Option> { for syscall in &scmp.syscalls { for name in &syscall.names { - if get_syscall_from_name(name, None).is_err() { + if ScmpSyscall::from_name(name).is_err() { unknown_syscalls.push(name.to_string()); } } @@ -60,7 +63,7 @@ pub fn get_unknown_syscalls(scmp: &LinuxSeccomp) -> Option> { // init_seccomp creates a seccomp filter and loads it for the current process // including all the child processes. pub fn init_seccomp(scmp: &LinuxSeccomp) -> Result<()> { - let def_action = ScmpAction::from_str(scmp.default_action.as_str(), Some(libc::EPERM as u32))?; + let def_action = ScmpAction::from_str(scmp.default_action.as_str(), Some(libc::EPERM as i32))?; // Create a new filter context let mut filter = ScmpFilterContext::new_filter(def_action)?; @@ -72,7 +75,7 @@ pub fn init_seccomp(scmp: &LinuxSeccomp) -> Result<()> { } // Unset no new privileges bit - filter.set_no_new_privs_bit(false)?; + filter.set_ctl_nnp(false)?; // Add a rule for each system call for syscall in &scmp.syscalls { @@ -80,13 +83,13 @@ pub fn init_seccomp(scmp: &LinuxSeccomp) -> Result<()> { return Err(anyhow!("syscall name is required")); } - let action = ScmpAction::from_str(&syscall.action, Some(syscall.errno_ret))?; + let action = ScmpAction::from_str(&syscall.action, Some(syscall.errno_ret as i32))?; if action == def_action { continue; } for name in &syscall.names { - let syscall_num = match get_syscall_from_name(name, None) { + let syscall_num = match ScmpSyscall::from_name(name) { Ok(num) => num, Err(_) => { // If we cannot resolve the given system call, we assume it is not supported @@ -96,10 +99,10 @@ pub fn init_seccomp(scmp: &LinuxSeccomp) -> Result<()> { }; if syscall.args.is_empty() { - filter.add_rule(action, syscall_num, None)?; + filter.add_rule(action, syscall_num)?; } else { let conditions = get_rule_conditions(&syscall.args)?; - filter.add_rule(action, syscall_num, Some(&conditions))?; + filter.add_rule_conditional(action, syscall_num, &conditions)?; } } } diff --git a/src/agent/vsock-exporter/Cargo.toml b/src/agent/vsock-exporter/Cargo.toml index 87e66ed99..f9f63b5c4 100644 --- a/src/agent/vsock-exporter/Cargo.toml +++ b/src/agent/vsock-exporter/Cargo.toml @@ -7,7 +7,7 @@ edition = "2018" # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html [dependencies] -nix = "0.23.0" +nix = "0.24.2" libc = "0.2.94" thiserror = "1.0.26" opentelemetry = { version = "0.14.0", features=["serialize"] } diff --git a/src/dragonball/Cargo.toml b/src/dragonball/Cargo.toml index 0f4aa582f..df8286bfe 100644 --- a/src/dragonball/Cargo.toml +++ b/src/dragonball/Cargo.toml @@ -28,7 +28,7 @@ lazy_static = "1.2" libc = "0.2.39" linux-loader = "0.4.0" log = "0.4.14" -nix = "0.23.1" +nix = "0.24.2" seccompiler = "0.2.0" serde = "1.0.27" serde_derive = "1.0.27" diff --git a/src/libs/kata-sys-util/Cargo.toml b/src/libs/kata-sys-util/Cargo.toml index eb8759e6f..fffaa676e 100644 --- a/src/libs/kata-sys-util/Cargo.toml +++ b/src/libs/kata-sys-util/Cargo.toml @@ -18,7 +18,7 @@ common-path = "=1.0.0" fail = "0.5.0" lazy_static = "1.4.0" libc = "0.2.100" -nix = "0.24.1" +nix = "0.24.2" once_cell = "1.9.0" serde_json = "1.0.73" slog = "2.5.2" diff --git a/src/runtime-rs/Cargo.lock b/src/runtime-rs/Cargo.lock index e0ba83826..cff1dd223 100644 --- a/src/runtime-rs/Cargo.lock +++ b/src/runtime-rs/Cargo.lock @@ -99,6 +99,52 @@ version = "0.7.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8da52d66c7071e2e3fa2a1e5c6d088fec47b593032b254f5e980de8ea54454d6" +[[package]] +name = "async-macros" +version = "1.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e421d59b24c1feea2496e409b3e0a8de23e5fc130a2ddc0b012e551f3b272bba" +dependencies = [ + "futures-core-preview", + "pin-utils", +] + +[[package]] +name = "async-std" +version = "0.99.12" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "44501a9f7961bb539b67be0c428b3694e26557046a52759ca7eaf790030a64cc" +dependencies = [ + "async-macros", + "async-task", + "crossbeam-channel 0.3.9", + "crossbeam-deque", + "crossbeam-utils 0.6.6", + "futures-core", + "futures-io", + "futures-timer 1.0.3", + "kv-log-macro", + "log", + "memchr", + "mio 0.6.23", + "mio-uds", + "num_cpus", + "once_cell", + "pin-project-lite 0.1.12", + "pin-utils", + "slab", +] + +[[package]] +name = "async-task" +version = "1.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0ac2c016b079e771204030951c366db398864f5026f84a44dafb0ff20f02085d" +dependencies = [ + "libc", + "winapi 0.3.9", +] + [[package]] name = "async-trait" version = "0.1.56" @@ -280,7 +326,7 @@ dependencies = [ "num-integer", "num-traits", "time 0.1.43", - "winapi", + "winapi 0.3.9", ] [[package]] @@ -294,8 +340,9 @@ dependencies = [ "kata-sys-util", "kata-types", "lazy_static", - "nix 0.24.1", + "nix 0.24.2", "oci", + "persist", "protobuf", "serde_json", "slog", @@ -353,6 +400,15 @@ dependencies = [ "cfg-if 1.0.0", ] +[[package]] +name = "crossbeam-channel" +version = "0.3.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c8ec7fcd21571dc78f96cc96243cab8d8f035247c3efd16c687be154c3fa9efa" +dependencies = [ + "crossbeam-utils 0.6.6", +] + [[package]] name = "crossbeam-channel" version = "0.5.4" @@ -360,7 +416,54 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5aaa7bd5fb665c6864b5f963dd9097905c54125909c7aa94c9e18507cdbe6c53" dependencies = [ "cfg-if 1.0.0", - "crossbeam-utils", + "crossbeam-utils 0.8.8", +] + +[[package]] +name = "crossbeam-deque" +version = "0.7.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c20ff29ded3204c5106278a81a38f4b482636ed4fa1e6cfbeef193291beb29ed" +dependencies = [ + "crossbeam-epoch", + "crossbeam-utils 0.7.2", + "maybe-uninit", +] + +[[package]] +name = "crossbeam-epoch" +version = "0.8.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "058ed274caafc1f60c4997b5fc07bf7dc7cca454af7c6e81edffe5f33f70dace" +dependencies = [ + "autocfg", + "cfg-if 0.1.10", + "crossbeam-utils 0.7.2", + "lazy_static", + "maybe-uninit", + "memoffset 0.5.6", + "scopeguard", +] + +[[package]] +name = "crossbeam-utils" +version = "0.6.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "04973fa96e96579258a5091af6003abde64af786b860f18622b82e026cca60e6" +dependencies = [ + "cfg-if 0.1.10", + "lazy_static", +] + +[[package]] +name = "crossbeam-utils" +version = "0.7.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c3c7c73a2d1e9fc0886a08b93e98eb643461230d5f1925e4036204d5f2e261a8" +dependencies = [ + "autocfg", + "cfg-if 0.1.10", + "lazy_static", ] [[package]] @@ -383,6 +486,16 @@ dependencies = [ "typenum", ] +[[package]] +name = "ctor" +version = "0.1.22" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f877be4f7c9f246b183111634f75baa039715e3f46ce860677d3b19a69fb229c" +dependencies = [ + "quote", + "syn", +] + [[package]] name = "darling" version = "0.13.4" @@ -460,7 +573,7 @@ dependencies = [ "kvm-bindings", "kvm-ioctls", "libc", - "memoffset", + "memoffset 0.6.5", "vm-memory", "vmm-sys-util", ] @@ -520,7 +633,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b773f7f1b9088438e9746890c7c0836b133b07935812867a33e06e81c92c0cdc" dependencies = [ "libc", - "mio", + "mio 0.8.3", ] [[package]] @@ -631,7 +744,7 @@ dependencies = [ "libc", "linux-loader", "log", - "nix 0.23.1", + "nix 0.24.2", "seccompiler", "serde", "serde_derive", @@ -668,7 +781,7 @@ checksum = "f639046355ee4f37944e44f60642c6f3a7efa3cf6b78c78a0d989a8ce6c396a1" dependencies = [ "errno-dragonfly", "libc", - "winapi", + "winapi 0.3.9", ] [[package]] @@ -749,6 +862,22 @@ version = "0.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a06f77d526c1a601b7c4cdd98f54b5eaabffc14d5f2f0296febdc7f357c6d3ba" +[[package]] +name = "fuchsia-zircon" +version = "0.3.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2e9763c69ebaae630ba35f74888db465e49e259ba1bc0eda7d06f4a067615d82" +dependencies = [ + "bitflags", + "fuchsia-zircon-sys", +] + +[[package]] +name = "fuchsia-zircon-sys" +version = "0.3.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3dcaa9ae7725d12cdb85b3ad99a434db70b468c09ded17e012d86b5c1010f7a7" + [[package]] name = "fuse-backend-rs" version = "0.9.0" @@ -763,7 +892,7 @@ dependencies = [ "lazy_static", "libc", "log", - "mio", + "mio 0.8.3", "nix 0.23.1", "virtio-queue", "vm-memory", @@ -807,6 +936,12 @@ version = "0.3.21" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0c09fd04b7e4073ac7156a9539b57a484a8ea920f79c7c675d05d289ab6110d3" +[[package]] +name = "futures-core-preview" +version = "0.3.0-alpha.19" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b35b6263fb1ef523c3056565fa67b1d16f0a8604ff12b11b08c25f28a734c60a" + [[package]] name = "futures-executor" version = "0.3.21" @@ -847,6 +982,16 @@ version = "0.3.21" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "57c66a976bf5909d801bbef33416c41372779507e7a6b3a5e25e4749c58f776a" +[[package]] +name = "futures-timer" +version = "1.0.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7946248e9429ff093345d3e8fdf4eb0f9b2d79091611c9c14f744971a6f8be45" +dependencies = [ + "futures-core-preview", + "pin-utils", +] + [[package]] name = "futures-timer" version = "3.0.2" @@ -866,7 +1011,7 @@ dependencies = [ "futures-sink", "futures-task", "memchr", - "pin-project-lite", + "pin-project-lite 0.2.9", "pin-utils", "slab", ] @@ -932,7 +1077,7 @@ checksum = "19775995ee20209163239355bc3ad2f33f83da35d9ef72dea26e5af753552c87" dependencies = [ "dashmap", "futures 0.3.21", - "futures-timer", + "futures-timer 3.0.2", "no-std-compat", "nonzero_ext", "parking_lot 0.12.1", @@ -990,8 +1135,10 @@ dependencies = [ "kata-types", "libc", "logging", - "nix 0.24.1", + "nix 0.24.2", + "persist", "seccompiler", + "serde", "serde_json", "slog", "slog-scope", @@ -1106,7 +1253,7 @@ dependencies = [ "kata-types", "lazy_static", "libc", - "nix 0.24.1", + "nix 0.24.2", "oci", "once_cell", "rand 0.7.3", @@ -1135,6 +1282,25 @@ dependencies = [ "toml 0.5.9", ] +[[package]] +name = "kernel32-sys" +version = "0.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7507624b29483431c0ba2d82aece8ca6cdba9382bff4ddd0f7490560c056098d" +dependencies = [ + "winapi 0.2.8", + "winapi-build", +] + +[[package]] +name = "kv-log-macro" +version = "1.0.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0de8b303297635ad57c9f5059fd9cee7a47f8e8daa09df0fcd07dd39fb22977f" +dependencies = [ + "log", +] + [[package]] name = "kvm-bindings" version = "0.5.0" @@ -1210,6 +1376,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "abb12e687cfb44aa40f41fc3978ef76448f9b6038cad6aef4259d3c095a2382e" dependencies = [ "cfg-if 1.0.0", + "value-bag", ] [[package]] @@ -1248,12 +1415,27 @@ version = "0.1.9" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a3e378b66a060d48947b590737b30a1be76706c8dd7b8ba0f2fe3989c68a853f" +[[package]] +name = "maybe-uninit" +version = "2.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "60302e4db3a61da70c0cb7991976248362f30319e88850c487b9b95bbf059e00" + [[package]] name = "memchr" version = "2.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2dffe52ecf27772e601905b7522cb4ef790d2cc203488bbd0e2fe85fcb74566d" +[[package]] +name = "memoffset" +version = "0.5.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "043175f069eda7b85febe4a74abbaeff828d9f8b448515d3151a14a3542811aa" +dependencies = [ + "autocfg", +] + [[package]] name = "memoffset" version = "0.6.5" @@ -1272,6 +1454,25 @@ dependencies = [ "adler", ] +[[package]] +name = "mio" +version = "0.6.23" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4afd66f5b91bf2a3bc13fad0e21caedac168ca4c707504e75585648ae80e4cc4" +dependencies = [ + "cfg-if 0.1.10", + "fuchsia-zircon", + "fuchsia-zircon-sys", + "iovec", + "kernel32-sys", + "libc", + "log", + "miow", + "net2", + "slab", + "winapi 0.2.8", +] + [[package]] name = "mio" version = "0.8.3" @@ -1284,12 +1485,46 @@ dependencies = [ "windows-sys", ] +[[package]] +name = "mio-uds" +version = "0.6.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "afcb699eb26d4332647cc848492bbc15eafb26f08d0304550d5aa1f612e066f0" +dependencies = [ + "iovec", + "libc", + "mio 0.6.23", +] + +[[package]] +name = "miow" +version = "0.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ebd808424166322d4a38da87083bfddd3ac4c131334ed55856112eb06d46944d" +dependencies = [ + "kernel32-sys", + "net2", + "winapi 0.2.8", + "ws2_32-sys", +] + [[package]] name = "multimap" version = "0.8.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e5ce46fe64a9d73be07dcbe690a38ce1b293be448fd8ce1e6c1b8062c9f72c6a" +[[package]] +name = "net2" +version = "0.2.37" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "391630d12b68002ae1e25e8f974306474966550ad82dac6886fb8910c19568ae" +dependencies = [ + "cfg-if 0.1.10", + "libc", + "winapi 0.3.9", +] + [[package]] name = "netlink-packet-core" version = "0.4.2" @@ -1356,19 +1591,6 @@ dependencies = [ "tokio", ] -[[package]] -name = "nix" -version = "0.16.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dd0eaf8df8bab402257e0a5c17a254e4cc1f72a93588a1ddfb5d356c801aa7cb" -dependencies = [ - "bitflags", - "cc", - "cfg-if 0.1.10", - "libc", - "void", -] - [[package]] name = "nix" version = "0.23.1" @@ -1379,19 +1601,19 @@ dependencies = [ "cc", "cfg-if 1.0.0", "libc", - "memoffset", + "memoffset 0.6.5", ] [[package]] name = "nix" -version = "0.24.1" +version = "0.24.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8f17df307904acd05aa8e32e97bb20f2a0df1728bbc2d771ae8f9a90463441e9" +checksum = "195cdbc1741b8134346d515b3a56a1c94b0912758009cfd53f99ea0f57b065fc" dependencies = [ "bitflags", "cfg-if 1.0.0", "libc", - "memoffset", + "memoffset 0.6.5", ] [[package]] @@ -1539,7 +1761,7 @@ dependencies = [ "libc", "redox_syscall", "smallvec", - "winapi", + "winapi 0.3.9", ] [[package]] @@ -1567,6 +1789,21 @@ version = "2.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d4fd5641d01c8f18a23da7b6fe29298ff4b55afcccdf78973b24cf3175fee32e" +[[package]] +name = "persist" +version = "0.1.0" +dependencies = [ + "anyhow", + "async-trait", + "kata-sys-util", + "kata-types", + "libc", + "rustc-serialize", + "safe-path", + "serde", + "serde_json", +] + [[package]] name = "petgraph" version = "0.5.1" @@ -1577,6 +1814,12 @@ dependencies = [ "indexmap", ] +[[package]] +name = "pin-project-lite" +version = "0.1.12" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "257b64915a082f7811703966789728173279bdebb956b143dbcd23f6f970a777" + [[package]] name = "pin-project-lite" version = "0.2.9" @@ -1701,14 +1944,14 @@ version = "0.9.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "20afe714292d5e879d8b12740aa223c6a88f118af41870e8b6196e39a02238a8" dependencies = [ - "crossbeam-utils", + "crossbeam-utils 0.8.8", "libc", "mach", "once_cell", "raw-cpuid", "wasi 0.10.2+wasi-snapshot-preview1", "web-sys", - "winapi", + "winapi 0.3.9", ] [[package]] @@ -1768,7 +2011,7 @@ dependencies = [ "libc", "rand_core 0.3.1", "rdrand", - "winapi", + "winapi 0.3.9", ] [[package]] @@ -1907,7 +2150,7 @@ version = "0.5.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3acd125665422973a33ac9d3dd2df85edad0f4ae9b00dafb1a05e43a9f5ef8e7" dependencies = [ - "winapi", + "winapi 0.3.9", ] [[package]] @@ -1929,11 +2172,13 @@ dependencies = [ "logging", "netlink-packet-route", "netlink-sys", - "nix 0.24.1", + "nix 0.24.2", "oci", + "persist", "rand 0.7.3", "rtnetlink", "scopeguard", + "serde", "slog", "slog-scope", "tokio", @@ -1959,7 +2204,7 @@ dependencies = [ "log", "netlink-packet-route", "netlink-proto", - "nix 0.24.1", + "nix 0.24.2", "thiserror", "tokio", ] @@ -1975,6 +2220,7 @@ dependencies = [ "linux_container", "logging", "oci", + "persist", "slog", "slog-scope", "tokio", @@ -1988,6 +2234,12 @@ version = "0.1.21" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7ef03e0a2b150c7a90d01faf6254c9c48a41e95fb2a8c2ac1c6f0d2b9aefc342" +[[package]] +name = "rustc-serialize" +version = "0.3.24" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dcf128d1287d2ea9d80910b5f1120d0b8eede3fbf1abe91c40d39ea7d51e6fda" + [[package]] name = "rustix" version = "0.34.8" @@ -1999,7 +2251,7 @@ dependencies = [ "io-lifetimes", "libc", "linux-raw-sys", - "winapi", + "winapi 0.3.9", ] [[package]] @@ -2014,6 +2266,13 @@ version = "1.0.10" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f3f6f92acf49d1b98f7a81226834412ada05458b7364277387724a237f062695" +[[package]] +name = "safe-path" +version = "0.1.0" +dependencies = [ + "libc", +] + [[package]] name = "scopeguard" version = "1.1.0" @@ -2031,18 +2290,18 @@ dependencies = [ [[package]] name = "serde" -version = "1.0.137" +version = "1.0.143" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "61ea8d54c77f8315140a05f4c7237403bf38b72704d031543aa1d16abbf517d1" +checksum = "53e8e5d5b70924f74ff5c6d64d9a5acd91422117c60f48c4e07855238a254553" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.137" +version = "1.0.143" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1f26faba0c3959972377d3b2d306ee9f71faee9714294e41bb777f83f88578be" +checksum = "d3d8e8de557aee63c26b85b947f5e59b690d0454c753f3adeb5cd7835ab88391" dependencies = [ "proc-macro2", "quote", @@ -2051,9 +2310,9 @@ dependencies = [ [[package]] name = "serde_json" -version = "1.0.81" +version = "1.0.83" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9b7ce2b32a1aed03c558dc61a5cd328f15aff2dbc17daad8fb8af04d2100e15c" +checksum = "38dd04e3c8279e75b31ef29dbdceebfe5ad89f4d0937213c53f7d49d01b3d5a7" dependencies = [ "itoa", "ryu", @@ -2113,6 +2372,7 @@ dependencies = [ "common", "containerd-shim-protos", "logging", + "persist", "runtimes", "slog", "slog-scope", @@ -2146,7 +2406,7 @@ dependencies = [ "libc", "log", "logging", - "nix 0.24.1", + "nix 0.24.2", "oci", "protobuf", "rand 0.8.5", @@ -2191,7 +2451,7 @@ version = "2.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "766c59b252e62a34651412870ff55d8c4e6d04df19b43eecb2703e417b097ffe" dependencies = [ - "crossbeam-channel", + "crossbeam-channel 0.5.4", "slog", "take_mut", "thread_local", @@ -2244,7 +2504,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "66d72b759436ae32898a2af0a14218dbf55efde3feeb170eb623637db85ee1e0" dependencies = [ "libc", - "winapi", + "winapi 0.3.9", ] [[package]] @@ -2316,7 +2576,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0c2e86926081dda636c546d8c5e641661049d7562a68f5488be4a1f7f66f6086" dependencies = [ "libc", - "winapi", + "winapi 0.3.9", ] [[package]] @@ -2353,7 +2613,7 @@ dependencies = [ "libc", "redox_syscall", "remove_dir_all", - "winapi", + "winapi 0.3.9", ] [[package]] @@ -2408,7 +2668,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ca8a50ef2360fbd1eeb0ecd46795a87a19024eb4b53c5dc916ca1fd95fe62438" dependencies = [ "libc", - "winapi", + "winapi 0.3.9", ] [[package]] @@ -2455,15 +2715,15 @@ dependencies = [ "bytes 1.1.0", "libc", "memchr", - "mio", + "mio 0.8.3", "num_cpus", "once_cell", "parking_lot 0.12.1", - "pin-project-lite", + "pin-project-lite 0.2.9", "signal-hook-registry", "socket2", "tokio-macros", - "winapi", + "winapi 0.3.9", ] [[package]] @@ -2617,6 +2877,16 @@ dependencies = [ "rand 0.3.23", ] +[[package]] +name = "value-bag" +version = "1.0.0-alpha.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2209b78d1249f7e6f3293657c9779fe31ced465df091bbd433a1cf88e916ec55" +dependencies = [ + "ctor", + "version_check", +] + [[package]] name = "version_check" version = "0.9.4" @@ -2629,6 +2899,7 @@ version = "0.1.0" dependencies = [ "agent", "anyhow", + "async-std", "async-trait", "awaitgroup", "common", @@ -2640,8 +2911,9 @@ dependencies = [ "lazy_static", "libc", "logging", - "nix 0.16.1", + "nix 0.24.2", "oci", + "persist", "protobuf", "resource", "serde", @@ -2685,7 +2957,7 @@ checksum = "339d4349c126fdcd87e034631d7274370cf19eb0e87b33166bcd956589fc72c5" dependencies = [ "arc-swap 1.5.0", "libc", - "winapi", + "winapi 0.3.9", ] [[package]] @@ -2704,12 +2976,6 @@ dependencies = [ "libc", ] -[[package]] -name = "void" -version = "1.0.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6a02e4885ed3bc0f2de90ea6dd45ebcbb66dacffe03547fadbb0eeae2770887d" - [[package]] name = "vsock" version = "0.2.6" @@ -2824,6 +3090,12 @@ dependencies = [ "libc", ] +[[package]] +name = "winapi" +version = "0.2.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "167dc9d6949a9b857f3451275e911c3f44255842c1f7a76f33c55103a909087a" + [[package]] name = "winapi" version = "0.3.9" @@ -2834,6 +3106,12 @@ dependencies = [ "winapi-x86_64-pc-windows-gnu", ] +[[package]] +name = "winapi-build" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2d315eee3b34aca4797b2da6b13ed88266e6d612562a0c46390af8299fc699bc" + [[package]] name = "winapi-i686-pc-windows-gnu" version = "0.4.0" @@ -2889,6 +3167,16 @@ version = "0.36.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c811ca4a8c853ef420abd8592ba53ddbbac90410fab6903b3e79972a631f7680" +[[package]] +name = "ws2_32-sys" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d59cefebd0c892fa2dd6de581e937301d8552cb44489cdff035c6187cb63fa5e" +dependencies = [ + "winapi 0.2.8", + "winapi-build", +] + [[package]] name = "zstd" version = "0.11.2+zstd.1.5.2" diff --git a/src/runtime-rs/crates/hypervisor/Cargo.toml b/src/runtime-rs/crates/hypervisor/Cargo.toml index 782f13fb8..4227de663 100644 --- a/src/runtime-rs/crates/hypervisor/Cargo.toml +++ b/src/runtime-rs/crates/hypervisor/Cargo.toml @@ -12,7 +12,7 @@ async-trait = "0.1.48" dbs-utils = "0.1.0" go-flag = "0.1.0" libc = ">=0.2.39" -nix = "0.24.1" +nix = "0.24.2" persist = { path = "../persist" } seccompiler = "0.2.0" serde = { version = "1.0.138", features = ["derive"] } diff --git a/src/runtime-rs/crates/resource/Cargo.toml b/src/runtime-rs/crates/resource/Cargo.toml index 9945873ff..408baf522 100644 --- a/src/runtime-rs/crates/resource/Cargo.toml +++ b/src/runtime-rs/crates/resource/Cargo.toml @@ -14,7 +14,7 @@ lazy_static = "1.4.0" libc = ">=0.2.39" netlink-sys = "0.8.3" netlink-packet-route = "0.13.0" -nix = "0.24.1" +nix = "0.24.2" rand = "^0.7.2" rtnetlink = "0.11.0" scopeguard = "1.0.0" diff --git a/src/runtime-rs/crates/runtimes/common/Cargo.toml b/src/runtime-rs/crates/runtimes/common/Cargo.toml index 9d541b38e..ce52f5b77 100644 --- a/src/runtime-rs/crates/runtimes/common/Cargo.toml +++ b/src/runtime-rs/crates/runtimes/common/Cargo.toml @@ -11,7 +11,7 @@ anyhow = "^1.0" async-trait = "0.1.48" containerd-shim-protos = { version = "0.2.0", features = ["async"]} lazy_static = "1.4.0" -nix = "0.24.1" +nix = "0.24.2" protobuf = "2.27.0" serde_json = "1.0.39" slog = "2.5.2" diff --git a/src/runtime-rs/crates/runtimes/virt_container/Cargo.toml b/src/runtime-rs/crates/runtimes/virt_container/Cargo.toml index ba3493279..b116ea333 100644 --- a/src/runtime-rs/crates/runtimes/virt_container/Cargo.toml +++ b/src/runtime-rs/crates/runtimes/virt_container/Cargo.toml @@ -12,7 +12,7 @@ containerd-shim-protos = { version = "0.2.0", features = ["async"]} futures = "0.3.19" lazy_static = "1.4.0" libc = ">=0.2.39" -nix = "0.16.0" +nix = "0.24.2" protobuf = "2.27.0" serde = { version = "1.0.100", features = ["derive"] } serde_derive = "1.0.27" diff --git a/src/runtime-rs/crates/shim/Cargo.toml b/src/runtime-rs/crates/shim/Cargo.toml index 71f56ac71..76abe1e9f 100644 --- a/src/runtime-rs/crates/shim/Cargo.toml +++ b/src/runtime-rs/crates/shim/Cargo.toml @@ -19,7 +19,7 @@ containerd-shim-protos = { version = "0.2.0", features = ["async"]} go-flag = "0.1.0" libc = "0.2.108" log = "0.4.14" -nix = "0.24.1" +nix = "0.24.2" protobuf = "2.27.0" sha2 = "=0.9.3" slog = {version = "2.5.2", features = ["std", "release_max_level_trace", "max_level_trace"]} From 8ff5c10ac4d0611a1a3e9b38e2be9fca5cd6a69d Mon Sep 17 00:00:00 2001 From: Hengqi Chen Date: Wed, 17 Aug 2022 11:23:35 +0800 Subject: [PATCH 06/21] network: Fix error message for setting hardware address on TAP interface Error out with the correct interface name and hardware address instead. Fixes: #4944 Signed-off-by: Hengqi Chen --- src/runtime/virtcontainers/network_linux.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/runtime/virtcontainers/network_linux.go b/src/runtime/virtcontainers/network_linux.go index f3356bb1c..cd2157ece 100644 --- a/src/runtime/virtcontainers/network_linux.go +++ b/src/runtime/virtcontainers/network_linux.go @@ -708,8 +708,8 @@ func tapNetworkPair(ctx context.Context, endpoint Endpoint, queues int, disableV } if err := netHandle.LinkSetHardwareAddr(tapLink, tapHardAddr); err != nil { - return fmt.Errorf("Could not set MAC address %s for veth interface %s: %s", - netPair.VirtIface.HardAddr, netPair.VirtIface.Name, err) + return fmt.Errorf("Could not set MAC address %s for TAP interface %s: %s", + netPair.TAPIface.HardAddr, netPair.TAPIface.Name, err) } if err := netHandle.LinkSetUp(tapLink); err != nil { From 50ea07183428e06114be95d85761311f003576fe Mon Sep 17 00:00:00 2001 From: Bo Chen Date: Wed, 17 Aug 2022 12:05:21 -0700 Subject: [PATCH 07/21] versions: Upgrade to Cloud Hypervisor v26.0 Highlights from the Cloud Hypervisor release v26.0: **SMBIOS Improvements via `--platform`** `--platform` and the appropriate API structure has gained support for supplying OEM strings (primarily used to communicate metadata to systemd in the guest) **Unified Binary MSHV and KVM Support** Support for both the MSHV and KVM hypervisors can be compiled into the same binary with the detection of the hypervisor to use made at runtime. **Notable Bug Fixes** * The prefetchable flag is preserved on BARs for VFIO devices * PCI Express capabilties for functionality we do not support are now filtered out * GDB breakpoint support is more reliable * SIGINT and SIGTERM signals are now handled before the VM has booted * Multiple API event loop handling bug fixes * Incorrect assumptions in virtio queue numbering were addressed, allowing thevirtio-fs driver in OVMF to be used * VHDX file format header fix * The same VFIO device cannot be added twice * SMBIOS tables were being incorrectly generated **Deprecations** Deprecated features will be removed in a subsequent release and users should plan to use alternatives. The top-level `kernel` and `initramfs` members on the `VmConfig` have been moved inside a `PayloadConfig` as the `payload` member. The OpenAPI document has been updated to reflect the change and the old API members continue to function and are mapped to the new version. The expectation is that these old versions will be removed in the v28.0 release. **Removals** The following functionality has been removed: The unused poll_queue parameter has been removed from --disk and equivalent. This was residual from the removal of the vhost-user-block spawning feature. Details can be found: https://github.com/cloud-hypervisor/cloud-hypervisor/releases/tag/v26.0 Fixes: #4952 Signed-off-by: Bo Chen --- versions.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions.yaml b/versions.yaml index f4e0479b2..eb6753293 100644 --- a/versions.yaml +++ b/versions.yaml @@ -75,7 +75,7 @@ assets: url: "https://github.com/cloud-hypervisor/cloud-hypervisor" uscan-url: >- https://github.com/cloud-hypervisor/cloud-hypervisor/tags.*/v?(\d\S+)\.tar\.gz - version: "v25.0" + version: "v26.0" firecracker: description: "Firecracker micro-VMM" From 16baecc5b1c11e25f919c3552183e572118f1872 Mon Sep 17 00:00:00 2001 From: Bo Chen Date: Wed, 17 Aug 2022 12:06:40 -0700 Subject: [PATCH 08/21] runtime: clh: Re-generate the client code This patch re-generates the client code for Cloud Hypervisor v26.0. Note: The client code of cloud-hypervisor's (CLH) OpenAPI is automatically generated by openapi-generator [1-2]. [1] https://github.com/OpenAPITools/openapi-generator [2] https://github.com/kata-containers/kata-containers/blob/main/src/runtime/virtcontainers/pkg/cloud-hypervisor/README.md Fixes: #4952 Signed-off-by: Bo Chen --- .../client/.openapi-generator/FILES | 8 +- .../pkg/cloud-hypervisor/client/README.md | 4 +- .../cloud-hypervisor/client/api/openapi.yaml | 98 ++++--- .../cloud-hypervisor/client/api_default.go | 138 +++++----- .../client/docs/CmdLineConfig.md | 51 ---- .../client/docs/DefaultApi.md | 2 +- .../client/docs/DiskConfig.md | 26 -- .../client/docs/InitramfsConfig.md | 51 ---- .../client/docs/KernelConfig.md | 51 ---- .../client/docs/PayloadConfig.md | 108 ++++++++ .../client/docs/PlatformConfig.md | 52 ++++ .../cloud-hypervisor/client/docs/VmConfig.md | 84 +----- .../client/model_cmd_line_config.go | 106 -------- .../client/model_disk_config.go | 40 --- .../client/model_initramfs_config.go | 106 -------- .../client/model_kernel_config.go | 106 -------- .../client/model_payload_config.go | 185 ++++++++++++++ .../client/model_platform_config.go | 78 +++++- .../client/model_vm_config.go | 149 +++-------- .../cloud-hypervisor/cloud-hypervisor.yaml | 239 ++++++++---------- 20 files changed, 696 insertions(+), 986 deletions(-) delete mode 100644 src/runtime/virtcontainers/pkg/cloud-hypervisor/client/docs/CmdLineConfig.md delete mode 100644 src/runtime/virtcontainers/pkg/cloud-hypervisor/client/docs/InitramfsConfig.md delete mode 100644 src/runtime/virtcontainers/pkg/cloud-hypervisor/client/docs/KernelConfig.md create mode 100644 src/runtime/virtcontainers/pkg/cloud-hypervisor/client/docs/PayloadConfig.md delete mode 100644 src/runtime/virtcontainers/pkg/cloud-hypervisor/client/model_cmd_line_config.go delete mode 100644 src/runtime/virtcontainers/pkg/cloud-hypervisor/client/model_initramfs_config.go delete mode 100644 src/runtime/virtcontainers/pkg/cloud-hypervisor/client/model_kernel_config.go create mode 100644 src/runtime/virtcontainers/pkg/cloud-hypervisor/client/model_payload_config.go diff --git a/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/.openapi-generator/FILES b/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/.openapi-generator/FILES index 0208bab30..7618fe3ab 100644 --- a/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/.openapi-generator/FILES +++ b/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/.openapi-generator/FILES @@ -7,7 +7,6 @@ api_default.go client.go configuration.go docs/BalloonConfig.md -docs/CmdLineConfig.md docs/ConsoleConfig.md docs/CpuAffinity.md docs/CpuFeatures.md @@ -18,13 +17,12 @@ docs/DeviceConfig.md docs/DeviceNode.md docs/DiskConfig.md docs/FsConfig.md -docs/InitramfsConfig.md -docs/KernelConfig.md docs/MemoryConfig.md docs/MemoryZoneConfig.md docs/NetConfig.md docs/NumaConfig.md docs/NumaDistance.md +docs/PayloadConfig.md docs/PciDeviceInfo.md docs/PlatformConfig.md docs/PmemConfig.md @@ -51,7 +49,6 @@ git_push.sh go.mod go.sum model_balloon_config.go -model_cmd_line_config.go model_console_config.go model_cpu_affinity.go model_cpu_features.go @@ -61,13 +58,12 @@ model_device_config.go model_device_node.go model_disk_config.go model_fs_config.go -model_initramfs_config.go -model_kernel_config.go model_memory_config.go model_memory_zone_config.go model_net_config.go model_numa_config.go model_numa_distance.go +model_payload_config.go model_pci_device_info.go model_platform_config.go model_pmem_config.go diff --git a/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/README.md b/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/README.md index ad0b5ec5c..5839299b6 100644 --- a/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/README.md +++ b/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/README.md @@ -110,7 +110,6 @@ Class | Method | HTTP request | Description ## Documentation For Models - [BalloonConfig](docs/BalloonConfig.md) - - [CmdLineConfig](docs/CmdLineConfig.md) - [ConsoleConfig](docs/ConsoleConfig.md) - [CpuAffinity](docs/CpuAffinity.md) - [CpuFeatures](docs/CpuFeatures.md) @@ -120,13 +119,12 @@ Class | Method | HTTP request | Description - [DeviceNode](docs/DeviceNode.md) - [DiskConfig](docs/DiskConfig.md) - [FsConfig](docs/FsConfig.md) - - [InitramfsConfig](docs/InitramfsConfig.md) - - [KernelConfig](docs/KernelConfig.md) - [MemoryConfig](docs/MemoryConfig.md) - [MemoryZoneConfig](docs/MemoryZoneConfig.md) - [NetConfig](docs/NetConfig.md) - [NumaConfig](docs/NumaConfig.md) - [NumaDistance](docs/NumaDistance.md) + - [PayloadConfig](docs/PayloadConfig.md) - [PciDeviceInfo](docs/PciDeviceInfo.md) - [PlatformConfig](docs/PlatformConfig.md) - [PmemConfig](docs/PmemConfig.md) diff --git a/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/api/openapi.yaml b/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/api/openapi.yaml index a99e14a74..96a0498a4 100644 --- a/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/api/openapi.yaml +++ b/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/api/openapi.yaml @@ -479,7 +479,6 @@ components: vhost_socket: vhost_socket vhost_user: false direct: false - poll_queue: true rate_limiter_config: ops: size: 0 @@ -499,7 +498,6 @@ components: vhost_socket: vhost_socket vhost_user: false direct: false - poll_queue: true rate_limiter_config: ops: size: 0 @@ -540,8 +538,6 @@ components: path: path iommu: false id: id - kernel: - path: path vdpa: - pci_segment: 3 path: path @@ -620,7 +616,11 @@ components: - 3 - 3 num_pci_segments: 7 + oem_strings: + - oem_strings + - oem_strings serial_number: serial_number + uuid: uuid pmem: - pci_segment: 5 file: file @@ -634,16 +634,16 @@ components: iommu: false id: id discard_writes: false - cmdline: - args: args watchdog: false iommu: false + payload: + cmdline: cmdline + kernel: kernel + initramfs: initramfs serial: mode: "false" file: file iommu: false - initramfs: - path: path net: - tap: tap num_queues: 9 @@ -763,6 +763,20 @@ components: - bdf - id type: object + PayloadConfig: + description: Payloads to boot in guest + example: + cmdline: cmdline + kernel: kernel + initramfs: initramfs + properties: + kernel: + type: string + cmdline: + type: string + initramfs: + type: string + type: object VmConfig: description: Virtual machine configuration example: @@ -817,7 +831,6 @@ components: vhost_socket: vhost_socket vhost_user: false direct: false - poll_queue: true rate_limiter_config: ops: size: 0 @@ -837,7 +850,6 @@ components: vhost_socket: vhost_socket vhost_user: false direct: false - poll_queue: true rate_limiter_config: ops: size: 0 @@ -878,8 +890,6 @@ components: path: path iommu: false id: id - kernel: - path: path vdpa: - pci_segment: 3 path: path @@ -958,7 +968,11 @@ components: - 3 - 3 num_pci_segments: 7 + oem_strings: + - oem_strings + - oem_strings serial_number: serial_number + uuid: uuid pmem: - pci_segment: 5 file: file @@ -972,16 +986,16 @@ components: iommu: false id: id discard_writes: false - cmdline: - args: args watchdog: false iommu: false + payload: + cmdline: cmdline + kernel: kernel + initramfs: initramfs serial: mode: "false" file: file iommu: false - initramfs: - path: path net: - tap: tap num_queues: 9 @@ -1030,12 +1044,8 @@ components: $ref: '#/components/schemas/CpusConfig' memory: $ref: '#/components/schemas/MemoryConfig' - kernel: - $ref: '#/components/schemas/KernelConfig' - initramfs: - $ref: '#/components/schemas/InitramfsConfig' - cmdline: - $ref: '#/components/schemas/CmdLineConfig' + payload: + $ref: '#/components/schemas/PayloadConfig' disks: items: $ref: '#/components/schemas/DiskConfig' @@ -1089,7 +1099,7 @@ components: platform: $ref: '#/components/schemas/PlatformConfig' required: - - kernel + - payload type: object CpuAffinity: example: @@ -1182,7 +1192,11 @@ components: - 3 - 3 num_pci_segments: 7 + oem_strings: + - oem_strings + - oem_strings serial_number: serial_number + uuid: uuid properties: num_pci_segments: format: int16 @@ -1194,6 +1208,12 @@ components: type: array serial_number: type: string + uuid: + type: string + oem_strings: + items: + type: string + type: array type: object MemoryZoneConfig: example: @@ -1313,34 +1333,6 @@ components: required: - size type: object - KernelConfig: - example: - path: path - properties: - path: - type: string - required: - - path - type: object - InitramfsConfig: - example: - path: path - nullable: true - properties: - path: - type: string - required: - - path - type: object - CmdLineConfig: - example: - args: args - properties: - args: - type: string - required: - - args - type: object TokenBucket: description: Defines a token bucket with a maximum capacity (_size_), an initial burst size (_one_time_burst_) and an interval for refilling purposes (_refill_time_). @@ -1404,7 +1396,6 @@ components: vhost_socket: vhost_socket vhost_user: false direct: false - poll_queue: true rate_limiter_config: ops: size: 0 @@ -1438,9 +1429,6 @@ components: type: boolean vhost_socket: type: string - poll_queue: - default: true - type: boolean rate_limiter_config: $ref: '#/components/schemas/RateLimiterConfig' pci_segment: diff --git a/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/api_default.go b/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/api_default.go index ad96f6b42..cf97c19dd 100644 --- a/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/api_default.go +++ b/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/api_default.go @@ -38,8 +38,8 @@ func (r ApiBootVMRequest) Execute() (*_nethttp.Response, error) { /* BootVM Boot the previously created VM instance. - @param ctx _context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - @return ApiBootVMRequest + @param ctx _context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + @return ApiBootVMRequest */ func (a *DefaultApiService) BootVM(ctx _context.Context) ApiBootVMRequest { return ApiBootVMRequest{ @@ -133,8 +133,8 @@ func (r ApiCreateVMRequest) Execute() (*_nethttp.Response, error) { /* CreateVM Create the cloud-hypervisor Virtual Machine (VM) instance. The instance is not booted, only created. - @param ctx _context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - @return ApiCreateVMRequest + @param ctx _context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + @return ApiCreateVMRequest */ func (a *DefaultApiService) CreateVM(ctx _context.Context) ApiCreateVMRequest { return ApiCreateVMRequest{ @@ -226,8 +226,8 @@ func (r ApiDeleteVMRequest) Execute() (*_nethttp.Response, error) { /* DeleteVM Delete the cloud-hypervisor Virtual Machine (VM) instance. - @param ctx _context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - @return ApiDeleteVMRequest + @param ctx _context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + @return ApiDeleteVMRequest */ func (a *DefaultApiService) DeleteVM(ctx _context.Context) ApiDeleteVMRequest { return ApiDeleteVMRequest{ @@ -314,8 +314,8 @@ func (r ApiPauseVMRequest) Execute() (*_nethttp.Response, error) { /* PauseVM Pause a previously booted VM instance. - @param ctx _context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - @return ApiPauseVMRequest + @param ctx _context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + @return ApiPauseVMRequest */ func (a *DefaultApiService) PauseVM(ctx _context.Context) ApiPauseVMRequest { return ApiPauseVMRequest{ @@ -402,8 +402,8 @@ func (r ApiPowerButtonVMRequest) Execute() (*_nethttp.Response, error) { /* PowerButtonVM Trigger a power button in the VM - @param ctx _context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - @return ApiPowerButtonVMRequest + @param ctx _context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + @return ApiPowerButtonVMRequest */ func (a *DefaultApiService) PowerButtonVM(ctx _context.Context) ApiPowerButtonVMRequest { return ApiPowerButtonVMRequest{ @@ -490,8 +490,8 @@ func (r ApiRebootVMRequest) Execute() (*_nethttp.Response, error) { /* RebootVM Reboot the VM instance. - @param ctx _context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - @return ApiRebootVMRequest + @param ctx _context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + @return ApiRebootVMRequest */ func (a *DefaultApiService) RebootVM(ctx _context.Context) ApiRebootVMRequest { return ApiRebootVMRequest{ @@ -578,8 +578,8 @@ func (r ApiResumeVMRequest) Execute() (*_nethttp.Response, error) { /* ResumeVM Resume a previously paused VM instance. - @param ctx _context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - @return ApiResumeVMRequest + @param ctx _context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + @return ApiResumeVMRequest */ func (a *DefaultApiService) ResumeVM(ctx _context.Context) ApiResumeVMRequest { return ApiResumeVMRequest{ @@ -666,8 +666,8 @@ func (r ApiShutdownVMRequest) Execute() (*_nethttp.Response, error) { /* ShutdownVM Shut the VM instance down. - @param ctx _context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - @return ApiShutdownVMRequest + @param ctx _context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + @return ApiShutdownVMRequest */ func (a *DefaultApiService) ShutdownVM(ctx _context.Context) ApiShutdownVMRequest { return ApiShutdownVMRequest{ @@ -754,8 +754,8 @@ func (r ApiShutdownVMMRequest) Execute() (*_nethttp.Response, error) { /* ShutdownVMM Shuts the cloud-hypervisor VMM. - @param ctx _context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - @return ApiShutdownVMMRequest + @param ctx _context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + @return ApiShutdownVMMRequest */ func (a *DefaultApiService) ShutdownVMM(ctx _context.Context) ApiShutdownVMMRequest { return ApiShutdownVMMRequest{ @@ -849,8 +849,8 @@ func (r ApiVmAddDevicePutRequest) Execute() (PciDeviceInfo, *_nethttp.Response, /* VmAddDevicePut Add a new device to the VM - @param ctx _context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - @return ApiVmAddDevicePutRequest + @param ctx _context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + @return ApiVmAddDevicePutRequest */ func (a *DefaultApiService) VmAddDevicePut(ctx _context.Context) ApiVmAddDevicePutRequest { return ApiVmAddDevicePutRequest{ @@ -860,7 +860,8 @@ func (a *DefaultApiService) VmAddDevicePut(ctx _context.Context) ApiVmAddDeviceP } // Execute executes the request -// @return PciDeviceInfo +// +// @return PciDeviceInfo func (a *DefaultApiService) VmAddDevicePutExecute(r ApiVmAddDevicePutRequest) (PciDeviceInfo, *_nethttp.Response, error) { var ( localVarHTTPMethod = _nethttp.MethodPut @@ -960,8 +961,8 @@ func (r ApiVmAddDiskPutRequest) Execute() (PciDeviceInfo, *_nethttp.Response, er /* VmAddDiskPut Add a new disk to the VM - @param ctx _context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - @return ApiVmAddDiskPutRequest + @param ctx _context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + @return ApiVmAddDiskPutRequest */ func (a *DefaultApiService) VmAddDiskPut(ctx _context.Context) ApiVmAddDiskPutRequest { return ApiVmAddDiskPutRequest{ @@ -971,7 +972,8 @@ func (a *DefaultApiService) VmAddDiskPut(ctx _context.Context) ApiVmAddDiskPutRe } // Execute executes the request -// @return PciDeviceInfo +// +// @return PciDeviceInfo func (a *DefaultApiService) VmAddDiskPutExecute(r ApiVmAddDiskPutRequest) (PciDeviceInfo, *_nethttp.Response, error) { var ( localVarHTTPMethod = _nethttp.MethodPut @@ -1071,8 +1073,8 @@ func (r ApiVmAddFsPutRequest) Execute() (PciDeviceInfo, *_nethttp.Response, erro /* VmAddFsPut Add a new virtio-fs device to the VM - @param ctx _context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - @return ApiVmAddFsPutRequest + @param ctx _context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + @return ApiVmAddFsPutRequest */ func (a *DefaultApiService) VmAddFsPut(ctx _context.Context) ApiVmAddFsPutRequest { return ApiVmAddFsPutRequest{ @@ -1082,7 +1084,8 @@ func (a *DefaultApiService) VmAddFsPut(ctx _context.Context) ApiVmAddFsPutReques } // Execute executes the request -// @return PciDeviceInfo +// +// @return PciDeviceInfo func (a *DefaultApiService) VmAddFsPutExecute(r ApiVmAddFsPutRequest) (PciDeviceInfo, *_nethttp.Response, error) { var ( localVarHTTPMethod = _nethttp.MethodPut @@ -1182,8 +1185,8 @@ func (r ApiVmAddNetPutRequest) Execute() (PciDeviceInfo, *_nethttp.Response, err /* VmAddNetPut Add a new network device to the VM - @param ctx _context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - @return ApiVmAddNetPutRequest + @param ctx _context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + @return ApiVmAddNetPutRequest */ func (a *DefaultApiService) VmAddNetPut(ctx _context.Context) ApiVmAddNetPutRequest { return ApiVmAddNetPutRequest{ @@ -1193,7 +1196,8 @@ func (a *DefaultApiService) VmAddNetPut(ctx _context.Context) ApiVmAddNetPutRequ } // Execute executes the request -// @return PciDeviceInfo +// +// @return PciDeviceInfo func (a *DefaultApiService) VmAddNetPutExecute(r ApiVmAddNetPutRequest) (PciDeviceInfo, *_nethttp.Response, error) { var ( localVarHTTPMethod = _nethttp.MethodPut @@ -1293,8 +1297,8 @@ func (r ApiVmAddPmemPutRequest) Execute() (PciDeviceInfo, *_nethttp.Response, er /* VmAddPmemPut Add a new pmem device to the VM - @param ctx _context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - @return ApiVmAddPmemPutRequest + @param ctx _context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + @return ApiVmAddPmemPutRequest */ func (a *DefaultApiService) VmAddPmemPut(ctx _context.Context) ApiVmAddPmemPutRequest { return ApiVmAddPmemPutRequest{ @@ -1304,7 +1308,8 @@ func (a *DefaultApiService) VmAddPmemPut(ctx _context.Context) ApiVmAddPmemPutRe } // Execute executes the request -// @return PciDeviceInfo +// +// @return PciDeviceInfo func (a *DefaultApiService) VmAddPmemPutExecute(r ApiVmAddPmemPutRequest) (PciDeviceInfo, *_nethttp.Response, error) { var ( localVarHTTPMethod = _nethttp.MethodPut @@ -1404,8 +1409,8 @@ func (r ApiVmAddVdpaPutRequest) Execute() (PciDeviceInfo, *_nethttp.Response, er /* VmAddVdpaPut Add a new vDPA device to the VM - @param ctx _context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - @return ApiVmAddVdpaPutRequest + @param ctx _context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + @return ApiVmAddVdpaPutRequest */ func (a *DefaultApiService) VmAddVdpaPut(ctx _context.Context) ApiVmAddVdpaPutRequest { return ApiVmAddVdpaPutRequest{ @@ -1415,7 +1420,8 @@ func (a *DefaultApiService) VmAddVdpaPut(ctx _context.Context) ApiVmAddVdpaPutRe } // Execute executes the request -// @return PciDeviceInfo +// +// @return PciDeviceInfo func (a *DefaultApiService) VmAddVdpaPutExecute(r ApiVmAddVdpaPutRequest) (PciDeviceInfo, *_nethttp.Response, error) { var ( localVarHTTPMethod = _nethttp.MethodPut @@ -1515,8 +1521,8 @@ func (r ApiVmAddVsockPutRequest) Execute() (PciDeviceInfo, *_nethttp.Response, e /* VmAddVsockPut Add a new vsock device to the VM - @param ctx _context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - @return ApiVmAddVsockPutRequest + @param ctx _context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + @return ApiVmAddVsockPutRequest */ func (a *DefaultApiService) VmAddVsockPut(ctx _context.Context) ApiVmAddVsockPutRequest { return ApiVmAddVsockPutRequest{ @@ -1526,7 +1532,8 @@ func (a *DefaultApiService) VmAddVsockPut(ctx _context.Context) ApiVmAddVsockPut } // Execute executes the request -// @return PciDeviceInfo +// +// @return PciDeviceInfo func (a *DefaultApiService) VmAddVsockPutExecute(r ApiVmAddVsockPutRequest) (PciDeviceInfo, *_nethttp.Response, error) { var ( localVarHTTPMethod = _nethttp.MethodPut @@ -1626,8 +1633,8 @@ func (r ApiVmCoredumpPutRequest) Execute() (*_nethttp.Response, error) { /* VmCoredumpPut Takes a VM coredump. - @param ctx _context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - @return ApiVmCoredumpPutRequest + @param ctx _context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + @return ApiVmCoredumpPutRequest */ func (a *DefaultApiService) VmCoredumpPut(ctx _context.Context) ApiVmCoredumpPutRequest { return ApiVmCoredumpPutRequest{ @@ -1719,8 +1726,8 @@ func (r ApiVmCountersGetRequest) Execute() (map[string]map[string]int64, *_netht /* VmCountersGet Get counters from the VM - @param ctx _context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - @return ApiVmCountersGetRequest + @param ctx _context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + @return ApiVmCountersGetRequest */ func (a *DefaultApiService) VmCountersGet(ctx _context.Context) ApiVmCountersGetRequest { return ApiVmCountersGetRequest{ @@ -1730,7 +1737,8 @@ func (a *DefaultApiService) VmCountersGet(ctx _context.Context) ApiVmCountersGet } // Execute executes the request -// @return map[string]map[string]int64 +// +// @return map[string]map[string]int64 func (a *DefaultApiService) VmCountersGetExecute(r ApiVmCountersGetRequest) (map[string]map[string]int64, *_nethttp.Response, error) { var ( localVarHTTPMethod = _nethttp.MethodGet @@ -1818,8 +1826,8 @@ func (r ApiVmInfoGetRequest) Execute() (VmInfo, *_nethttp.Response, error) { /* VmInfoGet Returns general information about the cloud-hypervisor Virtual Machine (VM) instance. - @param ctx _context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - @return ApiVmInfoGetRequest + @param ctx _context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + @return ApiVmInfoGetRequest */ func (a *DefaultApiService) VmInfoGet(ctx _context.Context) ApiVmInfoGetRequest { return ApiVmInfoGetRequest{ @@ -1829,7 +1837,8 @@ func (a *DefaultApiService) VmInfoGet(ctx _context.Context) ApiVmInfoGetRequest } // Execute executes the request -// @return VmInfo +// +// @return VmInfo func (a *DefaultApiService) VmInfoGetExecute(r ApiVmInfoGetRequest) (VmInfo, *_nethttp.Response, error) { var ( localVarHTTPMethod = _nethttp.MethodGet @@ -1924,8 +1933,8 @@ func (r ApiVmReceiveMigrationPutRequest) Execute() (*_nethttp.Response, error) { /* VmReceiveMigrationPut Receive a VM migration from URL - @param ctx _context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - @return ApiVmReceiveMigrationPutRequest + @param ctx _context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + @return ApiVmReceiveMigrationPutRequest */ func (a *DefaultApiService) VmReceiveMigrationPut(ctx _context.Context) ApiVmReceiveMigrationPutRequest { return ApiVmReceiveMigrationPutRequest{ @@ -2024,8 +2033,8 @@ func (r ApiVmRemoveDevicePutRequest) Execute() (*_nethttp.Response, error) { /* VmRemoveDevicePut Remove a device from the VM - @param ctx _context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - @return ApiVmRemoveDevicePutRequest + @param ctx _context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + @return ApiVmRemoveDevicePutRequest */ func (a *DefaultApiService) VmRemoveDevicePut(ctx _context.Context) ApiVmRemoveDevicePutRequest { return ApiVmRemoveDevicePutRequest{ @@ -2124,8 +2133,8 @@ func (r ApiVmResizePutRequest) Execute() (*_nethttp.Response, error) { /* VmResizePut Resize the VM - @param ctx _context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - @return ApiVmResizePutRequest + @param ctx _context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + @return ApiVmResizePutRequest */ func (a *DefaultApiService) VmResizePut(ctx _context.Context) ApiVmResizePutRequest { return ApiVmResizePutRequest{ @@ -2224,8 +2233,8 @@ func (r ApiVmResizeZonePutRequest) Execute() (*_nethttp.Response, error) { /* VmResizeZonePut Resize a memory zone - @param ctx _context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - @return ApiVmResizeZonePutRequest + @param ctx _context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + @return ApiVmResizeZonePutRequest */ func (a *DefaultApiService) VmResizeZonePut(ctx _context.Context) ApiVmResizeZonePutRequest { return ApiVmResizeZonePutRequest{ @@ -2324,8 +2333,8 @@ func (r ApiVmRestorePutRequest) Execute() (*_nethttp.Response, error) { /* VmRestorePut Restore a VM from a snapshot. - @param ctx _context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - @return ApiVmRestorePutRequest + @param ctx _context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + @return ApiVmRestorePutRequest */ func (a *DefaultApiService) VmRestorePut(ctx _context.Context) ApiVmRestorePutRequest { return ApiVmRestorePutRequest{ @@ -2424,8 +2433,8 @@ func (r ApiVmSendMigrationPutRequest) Execute() (*_nethttp.Response, error) { /* VmSendMigrationPut Send a VM migration to URL - @param ctx _context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - @return ApiVmSendMigrationPutRequest + @param ctx _context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + @return ApiVmSendMigrationPutRequest */ func (a *DefaultApiService) VmSendMigrationPut(ctx _context.Context) ApiVmSendMigrationPutRequest { return ApiVmSendMigrationPutRequest{ @@ -2524,8 +2533,8 @@ func (r ApiVmSnapshotPutRequest) Execute() (*_nethttp.Response, error) { /* VmSnapshotPut Returns a VM snapshot. - @param ctx _context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - @return ApiVmSnapshotPutRequest + @param ctx _context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + @return ApiVmSnapshotPutRequest */ func (a *DefaultApiService) VmSnapshotPut(ctx _context.Context) ApiVmSnapshotPutRequest { return ApiVmSnapshotPutRequest{ @@ -2617,8 +2626,8 @@ func (r ApiVmmPingGetRequest) Execute() (VmmPingResponse, *_nethttp.Response, er /* VmmPingGet Ping the VMM to check for API server availability - @param ctx _context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - @return ApiVmmPingGetRequest + @param ctx _context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + @return ApiVmmPingGetRequest */ func (a *DefaultApiService) VmmPingGet(ctx _context.Context) ApiVmmPingGetRequest { return ApiVmmPingGetRequest{ @@ -2628,7 +2637,8 @@ func (a *DefaultApiService) VmmPingGet(ctx _context.Context) ApiVmmPingGetReques } // Execute executes the request -// @return VmmPingResponse +// +// @return VmmPingResponse func (a *DefaultApiService) VmmPingGetExecute(r ApiVmmPingGetRequest) (VmmPingResponse, *_nethttp.Response, error) { var ( localVarHTTPMethod = _nethttp.MethodGet diff --git a/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/docs/CmdLineConfig.md b/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/docs/CmdLineConfig.md deleted file mode 100644 index 406ba1cd6..000000000 --- a/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/docs/CmdLineConfig.md +++ /dev/null @@ -1,51 +0,0 @@ -# CmdLineConfig - -## Properties - -Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- -**Args** | **string** | | - -## Methods - -### NewCmdLineConfig - -`func NewCmdLineConfig(args string, ) *CmdLineConfig` - -NewCmdLineConfig instantiates a new CmdLineConfig object -This constructor will assign default values to properties that have it defined, -and makes sure properties required by API are set, but the set of arguments -will change when the set of required properties is changed - -### NewCmdLineConfigWithDefaults - -`func NewCmdLineConfigWithDefaults() *CmdLineConfig` - -NewCmdLineConfigWithDefaults instantiates a new CmdLineConfig object -This constructor will only assign default values to properties that have it defined, -but it doesn't guarantee that properties required by API are set - -### GetArgs - -`func (o *CmdLineConfig) GetArgs() string` - -GetArgs returns the Args field if non-nil, zero value otherwise. - -### GetArgsOk - -`func (o *CmdLineConfig) GetArgsOk() (*string, bool)` - -GetArgsOk returns a tuple with the Args field if it's non-nil, zero value otherwise -and a boolean to check if the value has been set. - -### SetArgs - -`func (o *CmdLineConfig) SetArgs(v string)` - -SetArgs sets Args field to given value. - - - -[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) - - diff --git a/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/docs/DefaultApi.md b/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/docs/DefaultApi.md index 8f5b8e76d..1391a0b27 100644 --- a/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/docs/DefaultApi.md +++ b/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/docs/DefaultApi.md @@ -110,7 +110,7 @@ import ( ) func main() { - vmConfig := *openapiclient.NewVmConfig(*openapiclient.NewKernelConfig("Path_example")) // VmConfig | The VM configuration + vmConfig := *openapiclient.NewVmConfig(*openapiclient.NewPayloadConfig()) // VmConfig | The VM configuration configuration := openapiclient.NewConfiguration() api_client := openapiclient.NewAPIClient(configuration) diff --git a/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/docs/DiskConfig.md b/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/docs/DiskConfig.md index f4e4a6cbd..6c51686c7 100644 --- a/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/docs/DiskConfig.md +++ b/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/docs/DiskConfig.md @@ -12,7 +12,6 @@ Name | Type | Description | Notes **QueueSize** | Pointer to **int32** | | [optional] [default to 128] **VhostUser** | Pointer to **bool** | | [optional] [default to false] **VhostSocket** | Pointer to **string** | | [optional] -**PollQueue** | Pointer to **bool** | | [optional] [default to true] **RateLimiterConfig** | Pointer to [**RateLimiterConfig**](RateLimiterConfig.md) | | [optional] **PciSegment** | Pointer to **int32** | | [optional] **Id** | Pointer to **string** | | [optional] @@ -231,31 +230,6 @@ SetVhostSocket sets VhostSocket field to given value. HasVhostSocket returns a boolean if a field has been set. -### GetPollQueue - -`func (o *DiskConfig) GetPollQueue() bool` - -GetPollQueue returns the PollQueue field if non-nil, zero value otherwise. - -### GetPollQueueOk - -`func (o *DiskConfig) GetPollQueueOk() (*bool, bool)` - -GetPollQueueOk returns a tuple with the PollQueue field if it's non-nil, zero value otherwise -and a boolean to check if the value has been set. - -### SetPollQueue - -`func (o *DiskConfig) SetPollQueue(v bool)` - -SetPollQueue sets PollQueue field to given value. - -### HasPollQueue - -`func (o *DiskConfig) HasPollQueue() bool` - -HasPollQueue returns a boolean if a field has been set. - ### GetRateLimiterConfig `func (o *DiskConfig) GetRateLimiterConfig() RateLimiterConfig` diff --git a/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/docs/InitramfsConfig.md b/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/docs/InitramfsConfig.md deleted file mode 100644 index 7450d9bee..000000000 --- a/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/docs/InitramfsConfig.md +++ /dev/null @@ -1,51 +0,0 @@ -# InitramfsConfig - -## Properties - -Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- -**Path** | **string** | | - -## Methods - -### NewInitramfsConfig - -`func NewInitramfsConfig(path string, ) *InitramfsConfig` - -NewInitramfsConfig instantiates a new InitramfsConfig object -This constructor will assign default values to properties that have it defined, -and makes sure properties required by API are set, but the set of arguments -will change when the set of required properties is changed - -### NewInitramfsConfigWithDefaults - -`func NewInitramfsConfigWithDefaults() *InitramfsConfig` - -NewInitramfsConfigWithDefaults instantiates a new InitramfsConfig object -This constructor will only assign default values to properties that have it defined, -but it doesn't guarantee that properties required by API are set - -### GetPath - -`func (o *InitramfsConfig) GetPath() string` - -GetPath returns the Path field if non-nil, zero value otherwise. - -### GetPathOk - -`func (o *InitramfsConfig) GetPathOk() (*string, bool)` - -GetPathOk returns a tuple with the Path field if it's non-nil, zero value otherwise -and a boolean to check if the value has been set. - -### SetPath - -`func (o *InitramfsConfig) SetPath(v string)` - -SetPath sets Path field to given value. - - - -[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) - - diff --git a/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/docs/KernelConfig.md b/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/docs/KernelConfig.md deleted file mode 100644 index d9835715d..000000000 --- a/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/docs/KernelConfig.md +++ /dev/null @@ -1,51 +0,0 @@ -# KernelConfig - -## Properties - -Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- -**Path** | **string** | | - -## Methods - -### NewKernelConfig - -`func NewKernelConfig(path string, ) *KernelConfig` - -NewKernelConfig instantiates a new KernelConfig object -This constructor will assign default values to properties that have it defined, -and makes sure properties required by API are set, but the set of arguments -will change when the set of required properties is changed - -### NewKernelConfigWithDefaults - -`func NewKernelConfigWithDefaults() *KernelConfig` - -NewKernelConfigWithDefaults instantiates a new KernelConfig object -This constructor will only assign default values to properties that have it defined, -but it doesn't guarantee that properties required by API are set - -### GetPath - -`func (o *KernelConfig) GetPath() string` - -GetPath returns the Path field if non-nil, zero value otherwise. - -### GetPathOk - -`func (o *KernelConfig) GetPathOk() (*string, bool)` - -GetPathOk returns a tuple with the Path field if it's non-nil, zero value otherwise -and a boolean to check if the value has been set. - -### SetPath - -`func (o *KernelConfig) SetPath(v string)` - -SetPath sets Path field to given value. - - - -[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) - - diff --git a/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/docs/PayloadConfig.md b/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/docs/PayloadConfig.md new file mode 100644 index 000000000..8985796ea --- /dev/null +++ b/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/docs/PayloadConfig.md @@ -0,0 +1,108 @@ +# PayloadConfig + +## Properties + +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**Kernel** | Pointer to **string** | | [optional] +**Cmdline** | Pointer to **string** | | [optional] +**Initramfs** | Pointer to **string** | | [optional] + +## Methods + +### NewPayloadConfig + +`func NewPayloadConfig() *PayloadConfig` + +NewPayloadConfig instantiates a new PayloadConfig object +This constructor will assign default values to properties that have it defined, +and makes sure properties required by API are set, but the set of arguments +will change when the set of required properties is changed + +### NewPayloadConfigWithDefaults + +`func NewPayloadConfigWithDefaults() *PayloadConfig` + +NewPayloadConfigWithDefaults instantiates a new PayloadConfig object +This constructor will only assign default values to properties that have it defined, +but it doesn't guarantee that properties required by API are set + +### GetKernel + +`func (o *PayloadConfig) GetKernel() string` + +GetKernel returns the Kernel field if non-nil, zero value otherwise. + +### GetKernelOk + +`func (o *PayloadConfig) GetKernelOk() (*string, bool)` + +GetKernelOk returns a tuple with the Kernel field if it's non-nil, zero value otherwise +and a boolean to check if the value has been set. + +### SetKernel + +`func (o *PayloadConfig) SetKernel(v string)` + +SetKernel sets Kernel field to given value. + +### HasKernel + +`func (o *PayloadConfig) HasKernel() bool` + +HasKernel returns a boolean if a field has been set. + +### GetCmdline + +`func (o *PayloadConfig) GetCmdline() string` + +GetCmdline returns the Cmdline field if non-nil, zero value otherwise. + +### GetCmdlineOk + +`func (o *PayloadConfig) GetCmdlineOk() (*string, bool)` + +GetCmdlineOk returns a tuple with the Cmdline field if it's non-nil, zero value otherwise +and a boolean to check if the value has been set. + +### SetCmdline + +`func (o *PayloadConfig) SetCmdline(v string)` + +SetCmdline sets Cmdline field to given value. + +### HasCmdline + +`func (o *PayloadConfig) HasCmdline() bool` + +HasCmdline returns a boolean if a field has been set. + +### GetInitramfs + +`func (o *PayloadConfig) GetInitramfs() string` + +GetInitramfs returns the Initramfs field if non-nil, zero value otherwise. + +### GetInitramfsOk + +`func (o *PayloadConfig) GetInitramfsOk() (*string, bool)` + +GetInitramfsOk returns a tuple with the Initramfs field if it's non-nil, zero value otherwise +and a boolean to check if the value has been set. + +### SetInitramfs + +`func (o *PayloadConfig) SetInitramfs(v string)` + +SetInitramfs sets Initramfs field to given value. + +### HasInitramfs + +`func (o *PayloadConfig) HasInitramfs() bool` + +HasInitramfs returns a boolean if a field has been set. + + +[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) + + diff --git a/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/docs/PlatformConfig.md b/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/docs/PlatformConfig.md index 832444c1f..eacec0d02 100644 --- a/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/docs/PlatformConfig.md +++ b/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/docs/PlatformConfig.md @@ -7,6 +7,8 @@ Name | Type | Description | Notes **NumPciSegments** | Pointer to **int32** | | [optional] **IommuSegments** | Pointer to **[]int32** | | [optional] **SerialNumber** | Pointer to **string** | | [optional] +**Uuid** | Pointer to **string** | | [optional] +**OemStrings** | Pointer to **[]string** | | [optional] ## Methods @@ -102,6 +104,56 @@ SetSerialNumber sets SerialNumber field to given value. HasSerialNumber returns a boolean if a field has been set. +### GetUuid + +`func (o *PlatformConfig) GetUuid() string` + +GetUuid returns the Uuid field if non-nil, zero value otherwise. + +### GetUuidOk + +`func (o *PlatformConfig) GetUuidOk() (*string, bool)` + +GetUuidOk returns a tuple with the Uuid field if it's non-nil, zero value otherwise +and a boolean to check if the value has been set. + +### SetUuid + +`func (o *PlatformConfig) SetUuid(v string)` + +SetUuid sets Uuid field to given value. + +### HasUuid + +`func (o *PlatformConfig) HasUuid() bool` + +HasUuid returns a boolean if a field has been set. + +### GetOemStrings + +`func (o *PlatformConfig) GetOemStrings() []string` + +GetOemStrings returns the OemStrings field if non-nil, zero value otherwise. + +### GetOemStringsOk + +`func (o *PlatformConfig) GetOemStringsOk() (*[]string, bool)` + +GetOemStringsOk returns a tuple with the OemStrings field if it's non-nil, zero value otherwise +and a boolean to check if the value has been set. + +### SetOemStrings + +`func (o *PlatformConfig) SetOemStrings(v []string)` + +SetOemStrings sets OemStrings field to given value. + +### HasOemStrings + +`func (o *PlatformConfig) HasOemStrings() bool` + +HasOemStrings returns a boolean if a field has been set. + [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) diff --git a/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/docs/VmConfig.md b/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/docs/VmConfig.md index d6bbae421..717749be6 100644 --- a/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/docs/VmConfig.md +++ b/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/docs/VmConfig.md @@ -6,9 +6,7 @@ Name | Type | Description | Notes ------------ | ------------- | ------------- | ------------- **Cpus** | Pointer to [**CpusConfig**](CpusConfig.md) | | [optional] **Memory** | Pointer to [**MemoryConfig**](MemoryConfig.md) | | [optional] -**Kernel** | [**KernelConfig**](KernelConfig.md) | | -**Initramfs** | Pointer to [**NullableInitramfsConfig**](InitramfsConfig.md) | | [optional] -**Cmdline** | Pointer to [**CmdLineConfig**](CmdLineConfig.md) | | [optional] +**Payload** | [**PayloadConfig**](PayloadConfig.md) | | **Disks** | Pointer to [**[]DiskConfig**](DiskConfig.md) | | [optional] **Net** | Pointer to [**[]NetConfig**](NetConfig.md) | | [optional] **Rng** | Pointer to [**RngConfig**](RngConfig.md) | | [optional] @@ -31,7 +29,7 @@ Name | Type | Description | Notes ### NewVmConfig -`func NewVmConfig(kernel KernelConfig, ) *VmConfig` +`func NewVmConfig(payload PayloadConfig, ) *VmConfig` NewVmConfig instantiates a new VmConfig object This constructor will assign default values to properties that have it defined, @@ -96,86 +94,26 @@ SetMemory sets Memory field to given value. HasMemory returns a boolean if a field has been set. -### GetKernel +### GetPayload -`func (o *VmConfig) GetKernel() KernelConfig` +`func (o *VmConfig) GetPayload() PayloadConfig` -GetKernel returns the Kernel field if non-nil, zero value otherwise. +GetPayload returns the Payload field if non-nil, zero value otherwise. -### GetKernelOk +### GetPayloadOk -`func (o *VmConfig) GetKernelOk() (*KernelConfig, bool)` +`func (o *VmConfig) GetPayloadOk() (*PayloadConfig, bool)` -GetKernelOk returns a tuple with the Kernel field if it's non-nil, zero value otherwise +GetPayloadOk returns a tuple with the Payload field if it's non-nil, zero value otherwise and a boolean to check if the value has been set. -### SetKernel +### SetPayload -`func (o *VmConfig) SetKernel(v KernelConfig)` +`func (o *VmConfig) SetPayload(v PayloadConfig)` -SetKernel sets Kernel field to given value. +SetPayload sets Payload field to given value. -### GetInitramfs - -`func (o *VmConfig) GetInitramfs() InitramfsConfig` - -GetInitramfs returns the Initramfs field if non-nil, zero value otherwise. - -### GetInitramfsOk - -`func (o *VmConfig) GetInitramfsOk() (*InitramfsConfig, bool)` - -GetInitramfsOk returns a tuple with the Initramfs field if it's non-nil, zero value otherwise -and a boolean to check if the value has been set. - -### SetInitramfs - -`func (o *VmConfig) SetInitramfs(v InitramfsConfig)` - -SetInitramfs sets Initramfs field to given value. - -### HasInitramfs - -`func (o *VmConfig) HasInitramfs() bool` - -HasInitramfs returns a boolean if a field has been set. - -### SetInitramfsNil - -`func (o *VmConfig) SetInitramfsNil(b bool)` - - SetInitramfsNil sets the value for Initramfs to be an explicit nil - -### UnsetInitramfs -`func (o *VmConfig) UnsetInitramfs()` - -UnsetInitramfs ensures that no value is present for Initramfs, not even an explicit nil -### GetCmdline - -`func (o *VmConfig) GetCmdline() CmdLineConfig` - -GetCmdline returns the Cmdline field if non-nil, zero value otherwise. - -### GetCmdlineOk - -`func (o *VmConfig) GetCmdlineOk() (*CmdLineConfig, bool)` - -GetCmdlineOk returns a tuple with the Cmdline field if it's non-nil, zero value otherwise -and a boolean to check if the value has been set. - -### SetCmdline - -`func (o *VmConfig) SetCmdline(v CmdLineConfig)` - -SetCmdline sets Cmdline field to given value. - -### HasCmdline - -`func (o *VmConfig) HasCmdline() bool` - -HasCmdline returns a boolean if a field has been set. - ### GetDisks `func (o *VmConfig) GetDisks() []DiskConfig` diff --git a/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/model_cmd_line_config.go b/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/model_cmd_line_config.go deleted file mode 100644 index fb270a138..000000000 --- a/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/model_cmd_line_config.go +++ /dev/null @@ -1,106 +0,0 @@ -/* -Cloud Hypervisor API - -Local HTTP based API for managing and inspecting a cloud-hypervisor virtual machine. - -API version: 0.3.0 -*/ - -// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT. - -package openapi - -import ( - "encoding/json" -) - -// CmdLineConfig struct for CmdLineConfig -type CmdLineConfig struct { - Args string `json:"args"` -} - -// NewCmdLineConfig instantiates a new CmdLineConfig object -// This constructor will assign default values to properties that have it defined, -// and makes sure properties required by API are set, but the set of arguments -// will change when the set of required properties is changed -func NewCmdLineConfig(args string) *CmdLineConfig { - this := CmdLineConfig{} - this.Args = args - return &this -} - -// NewCmdLineConfigWithDefaults instantiates a new CmdLineConfig object -// This constructor will only assign default values to properties that have it defined, -// but it doesn't guarantee that properties required by API are set -func NewCmdLineConfigWithDefaults() *CmdLineConfig { - this := CmdLineConfig{} - return &this -} - -// GetArgs returns the Args field value -func (o *CmdLineConfig) GetArgs() string { - if o == nil { - var ret string - return ret - } - - return o.Args -} - -// GetArgsOk returns a tuple with the Args field value -// and a boolean to check if the value has been set. -func (o *CmdLineConfig) GetArgsOk() (*string, bool) { - if o == nil { - return nil, false - } - return &o.Args, true -} - -// SetArgs sets field value -func (o *CmdLineConfig) SetArgs(v string) { - o.Args = v -} - -func (o CmdLineConfig) MarshalJSON() ([]byte, error) { - toSerialize := map[string]interface{}{} - if true { - toSerialize["args"] = o.Args - } - return json.Marshal(toSerialize) -} - -type NullableCmdLineConfig struct { - value *CmdLineConfig - isSet bool -} - -func (v NullableCmdLineConfig) Get() *CmdLineConfig { - return v.value -} - -func (v *NullableCmdLineConfig) Set(val *CmdLineConfig) { - v.value = val - v.isSet = true -} - -func (v NullableCmdLineConfig) IsSet() bool { - return v.isSet -} - -func (v *NullableCmdLineConfig) Unset() { - v.value = nil - v.isSet = false -} - -func NewNullableCmdLineConfig(val *CmdLineConfig) *NullableCmdLineConfig { - return &NullableCmdLineConfig{value: val, isSet: true} -} - -func (v NullableCmdLineConfig) MarshalJSON() ([]byte, error) { - return json.Marshal(v.value) -} - -func (v *NullableCmdLineConfig) UnmarshalJSON(src []byte) error { - v.isSet = true - return json.Unmarshal(src, &v.value) -} diff --git a/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/model_disk_config.go b/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/model_disk_config.go index eb3a7245e..c8964881b 100644 --- a/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/model_disk_config.go +++ b/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/model_disk_config.go @@ -24,7 +24,6 @@ type DiskConfig struct { QueueSize *int32 `json:"queue_size,omitempty"` VhostUser *bool `json:"vhost_user,omitempty"` VhostSocket *string `json:"vhost_socket,omitempty"` - PollQueue *bool `json:"poll_queue,omitempty"` RateLimiterConfig *RateLimiterConfig `json:"rate_limiter_config,omitempty"` PciSegment *int32 `json:"pci_segment,omitempty"` Id *string `json:"id,omitempty"` @@ -49,8 +48,6 @@ func NewDiskConfig(path string) *DiskConfig { this.QueueSize = &queueSize var vhostUser bool = false this.VhostUser = &vhostUser - var pollQueue bool = true - this.PollQueue = &pollQueue return &this } @@ -71,8 +68,6 @@ func NewDiskConfigWithDefaults() *DiskConfig { this.QueueSize = &queueSize var vhostUser bool = false this.VhostUser = &vhostUser - var pollQueue bool = true - this.PollQueue = &pollQueue return &this } @@ -324,38 +319,6 @@ func (o *DiskConfig) SetVhostSocket(v string) { o.VhostSocket = &v } -// GetPollQueue returns the PollQueue field value if set, zero value otherwise. -func (o *DiskConfig) GetPollQueue() bool { - if o == nil || o.PollQueue == nil { - var ret bool - return ret - } - return *o.PollQueue -} - -// GetPollQueueOk returns a tuple with the PollQueue field value if set, nil otherwise -// and a boolean to check if the value has been set. -func (o *DiskConfig) GetPollQueueOk() (*bool, bool) { - if o == nil || o.PollQueue == nil { - return nil, false - } - return o.PollQueue, true -} - -// HasPollQueue returns a boolean if a field has been set. -func (o *DiskConfig) HasPollQueue() bool { - if o != nil && o.PollQueue != nil { - return true - } - - return false -} - -// SetPollQueue gets a reference to the given bool and assigns it to the PollQueue field. -func (o *DiskConfig) SetPollQueue(v bool) { - o.PollQueue = &v -} - // GetRateLimiterConfig returns the RateLimiterConfig field value if set, zero value otherwise. func (o *DiskConfig) GetRateLimiterConfig() RateLimiterConfig { if o == nil || o.RateLimiterConfig == nil { @@ -478,9 +441,6 @@ func (o DiskConfig) MarshalJSON() ([]byte, error) { if o.VhostSocket != nil { toSerialize["vhost_socket"] = o.VhostSocket } - if o.PollQueue != nil { - toSerialize["poll_queue"] = o.PollQueue - } if o.RateLimiterConfig != nil { toSerialize["rate_limiter_config"] = o.RateLimiterConfig } diff --git a/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/model_initramfs_config.go b/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/model_initramfs_config.go deleted file mode 100644 index ac6e2ba9a..000000000 --- a/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/model_initramfs_config.go +++ /dev/null @@ -1,106 +0,0 @@ -/* -Cloud Hypervisor API - -Local HTTP based API for managing and inspecting a cloud-hypervisor virtual machine. - -API version: 0.3.0 -*/ - -// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT. - -package openapi - -import ( - "encoding/json" -) - -// InitramfsConfig struct for InitramfsConfig -type InitramfsConfig struct { - Path string `json:"path"` -} - -// NewInitramfsConfig instantiates a new InitramfsConfig object -// This constructor will assign default values to properties that have it defined, -// and makes sure properties required by API are set, but the set of arguments -// will change when the set of required properties is changed -func NewInitramfsConfig(path string) *InitramfsConfig { - this := InitramfsConfig{} - this.Path = path - return &this -} - -// NewInitramfsConfigWithDefaults instantiates a new InitramfsConfig object -// This constructor will only assign default values to properties that have it defined, -// but it doesn't guarantee that properties required by API are set -func NewInitramfsConfigWithDefaults() *InitramfsConfig { - this := InitramfsConfig{} - return &this -} - -// GetPath returns the Path field value -func (o *InitramfsConfig) GetPath() string { - if o == nil { - var ret string - return ret - } - - return o.Path -} - -// GetPathOk returns a tuple with the Path field value -// and a boolean to check if the value has been set. -func (o *InitramfsConfig) GetPathOk() (*string, bool) { - if o == nil { - return nil, false - } - return &o.Path, true -} - -// SetPath sets field value -func (o *InitramfsConfig) SetPath(v string) { - o.Path = v -} - -func (o InitramfsConfig) MarshalJSON() ([]byte, error) { - toSerialize := map[string]interface{}{} - if true { - toSerialize["path"] = o.Path - } - return json.Marshal(toSerialize) -} - -type NullableInitramfsConfig struct { - value *InitramfsConfig - isSet bool -} - -func (v NullableInitramfsConfig) Get() *InitramfsConfig { - return v.value -} - -func (v *NullableInitramfsConfig) Set(val *InitramfsConfig) { - v.value = val - v.isSet = true -} - -func (v NullableInitramfsConfig) IsSet() bool { - return v.isSet -} - -func (v *NullableInitramfsConfig) Unset() { - v.value = nil - v.isSet = false -} - -func NewNullableInitramfsConfig(val *InitramfsConfig) *NullableInitramfsConfig { - return &NullableInitramfsConfig{value: val, isSet: true} -} - -func (v NullableInitramfsConfig) MarshalJSON() ([]byte, error) { - return json.Marshal(v.value) -} - -func (v *NullableInitramfsConfig) UnmarshalJSON(src []byte) error { - v.isSet = true - return json.Unmarshal(src, &v.value) -} diff --git a/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/model_kernel_config.go b/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/model_kernel_config.go deleted file mode 100644 index 8ef0e5fdf..000000000 --- a/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/model_kernel_config.go +++ /dev/null @@ -1,106 +0,0 @@ -/* -Cloud Hypervisor API - -Local HTTP based API for managing and inspecting a cloud-hypervisor virtual machine. - -API version: 0.3.0 -*/ - -// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT. - -package openapi - -import ( - "encoding/json" -) - -// KernelConfig struct for KernelConfig -type KernelConfig struct { - Path string `json:"path"` -} - -// NewKernelConfig instantiates a new KernelConfig object -// This constructor will assign default values to properties that have it defined, -// and makes sure properties required by API are set, but the set of arguments -// will change when the set of required properties is changed -func NewKernelConfig(path string) *KernelConfig { - this := KernelConfig{} - this.Path = path - return &this -} - -// NewKernelConfigWithDefaults instantiates a new KernelConfig object -// This constructor will only assign default values to properties that have it defined, -// but it doesn't guarantee that properties required by API are set -func NewKernelConfigWithDefaults() *KernelConfig { - this := KernelConfig{} - return &this -} - -// GetPath returns the Path field value -func (o *KernelConfig) GetPath() string { - if o == nil { - var ret string - return ret - } - - return o.Path -} - -// GetPathOk returns a tuple with the Path field value -// and a boolean to check if the value has been set. -func (o *KernelConfig) GetPathOk() (*string, bool) { - if o == nil { - return nil, false - } - return &o.Path, true -} - -// SetPath sets field value -func (o *KernelConfig) SetPath(v string) { - o.Path = v -} - -func (o KernelConfig) MarshalJSON() ([]byte, error) { - toSerialize := map[string]interface{}{} - if true { - toSerialize["path"] = o.Path - } - return json.Marshal(toSerialize) -} - -type NullableKernelConfig struct { - value *KernelConfig - isSet bool -} - -func (v NullableKernelConfig) Get() *KernelConfig { - return v.value -} - -func (v *NullableKernelConfig) Set(val *KernelConfig) { - v.value = val - v.isSet = true -} - -func (v NullableKernelConfig) IsSet() bool { - return v.isSet -} - -func (v *NullableKernelConfig) Unset() { - v.value = nil - v.isSet = false -} - -func NewNullableKernelConfig(val *KernelConfig) *NullableKernelConfig { - return &NullableKernelConfig{value: val, isSet: true} -} - -func (v NullableKernelConfig) MarshalJSON() ([]byte, error) { - return json.Marshal(v.value) -} - -func (v *NullableKernelConfig) UnmarshalJSON(src []byte) error { - v.isSet = true - return json.Unmarshal(src, &v.value) -} diff --git a/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/model_payload_config.go b/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/model_payload_config.go new file mode 100644 index 000000000..04abb6a3e --- /dev/null +++ b/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/model_payload_config.go @@ -0,0 +1,185 @@ +/* +Cloud Hypervisor API + +Local HTTP based API for managing and inspecting a cloud-hypervisor virtual machine. + +API version: 0.3.0 +*/ + +// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT. + +package openapi + +import ( + "encoding/json" +) + +// PayloadConfig Payloads to boot in guest +type PayloadConfig struct { + Kernel *string `json:"kernel,omitempty"` + Cmdline *string `json:"cmdline,omitempty"` + Initramfs *string `json:"initramfs,omitempty"` +} + +// NewPayloadConfig instantiates a new PayloadConfig object +// This constructor will assign default values to properties that have it defined, +// and makes sure properties required by API are set, but the set of arguments +// will change when the set of required properties is changed +func NewPayloadConfig() *PayloadConfig { + this := PayloadConfig{} + return &this +} + +// NewPayloadConfigWithDefaults instantiates a new PayloadConfig object +// This constructor will only assign default values to properties that have it defined, +// but it doesn't guarantee that properties required by API are set +func NewPayloadConfigWithDefaults() *PayloadConfig { + this := PayloadConfig{} + return &this +} + +// GetKernel returns the Kernel field value if set, zero value otherwise. +func (o *PayloadConfig) GetKernel() string { + if o == nil || o.Kernel == nil { + var ret string + return ret + } + return *o.Kernel +} + +// GetKernelOk returns a tuple with the Kernel field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *PayloadConfig) GetKernelOk() (*string, bool) { + if o == nil || o.Kernel == nil { + return nil, false + } + return o.Kernel, true +} + +// HasKernel returns a boolean if a field has been set. +func (o *PayloadConfig) HasKernel() bool { + if o != nil && o.Kernel != nil { + return true + } + + return false +} + +// SetKernel gets a reference to the given string and assigns it to the Kernel field. +func (o *PayloadConfig) SetKernel(v string) { + o.Kernel = &v +} + +// GetCmdline returns the Cmdline field value if set, zero value otherwise. +func (o *PayloadConfig) GetCmdline() string { + if o == nil || o.Cmdline == nil { + var ret string + return ret + } + return *o.Cmdline +} + +// GetCmdlineOk returns a tuple with the Cmdline field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *PayloadConfig) GetCmdlineOk() (*string, bool) { + if o == nil || o.Cmdline == nil { + return nil, false + } + return o.Cmdline, true +} + +// HasCmdline returns a boolean if a field has been set. +func (o *PayloadConfig) HasCmdline() bool { + if o != nil && o.Cmdline != nil { + return true + } + + return false +} + +// SetCmdline gets a reference to the given string and assigns it to the Cmdline field. +func (o *PayloadConfig) SetCmdline(v string) { + o.Cmdline = &v +} + +// GetInitramfs returns the Initramfs field value if set, zero value otherwise. +func (o *PayloadConfig) GetInitramfs() string { + if o == nil || o.Initramfs == nil { + var ret string + return ret + } + return *o.Initramfs +} + +// GetInitramfsOk returns a tuple with the Initramfs field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *PayloadConfig) GetInitramfsOk() (*string, bool) { + if o == nil || o.Initramfs == nil { + return nil, false + } + return o.Initramfs, true +} + +// HasInitramfs returns a boolean if a field has been set. +func (o *PayloadConfig) HasInitramfs() bool { + if o != nil && o.Initramfs != nil { + return true + } + + return false +} + +// SetInitramfs gets a reference to the given string and assigns it to the Initramfs field. +func (o *PayloadConfig) SetInitramfs(v string) { + o.Initramfs = &v +} + +func (o PayloadConfig) MarshalJSON() ([]byte, error) { + toSerialize := map[string]interface{}{} + if o.Kernel != nil { + toSerialize["kernel"] = o.Kernel + } + if o.Cmdline != nil { + toSerialize["cmdline"] = o.Cmdline + } + if o.Initramfs != nil { + toSerialize["initramfs"] = o.Initramfs + } + return json.Marshal(toSerialize) +} + +type NullablePayloadConfig struct { + value *PayloadConfig + isSet bool +} + +func (v NullablePayloadConfig) Get() *PayloadConfig { + return v.value +} + +func (v *NullablePayloadConfig) Set(val *PayloadConfig) { + v.value = val + v.isSet = true +} + +func (v NullablePayloadConfig) IsSet() bool { + return v.isSet +} + +func (v *NullablePayloadConfig) Unset() { + v.value = nil + v.isSet = false +} + +func NewNullablePayloadConfig(val *PayloadConfig) *NullablePayloadConfig { + return &NullablePayloadConfig{value: val, isSet: true} +} + +func (v NullablePayloadConfig) MarshalJSON() ([]byte, error) { + return json.Marshal(v.value) +} + +func (v *NullablePayloadConfig) UnmarshalJSON(src []byte) error { + v.isSet = true + return json.Unmarshal(src, &v.value) +} diff --git a/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/model_platform_config.go b/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/model_platform_config.go index 17e8827f8..250493a6b 100644 --- a/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/model_platform_config.go +++ b/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/model_platform_config.go @@ -16,9 +16,11 @@ import ( // PlatformConfig struct for PlatformConfig type PlatformConfig struct { - NumPciSegments *int32 `json:"num_pci_segments,omitempty"` - IommuSegments *[]int32 `json:"iommu_segments,omitempty"` - SerialNumber *string `json:"serial_number,omitempty"` + NumPciSegments *int32 `json:"num_pci_segments,omitempty"` + IommuSegments *[]int32 `json:"iommu_segments,omitempty"` + SerialNumber *string `json:"serial_number,omitempty"` + Uuid *string `json:"uuid,omitempty"` + OemStrings *[]string `json:"oem_strings,omitempty"` } // NewPlatformConfig instantiates a new PlatformConfig object @@ -134,6 +136,70 @@ func (o *PlatformConfig) SetSerialNumber(v string) { o.SerialNumber = &v } +// GetUuid returns the Uuid field value if set, zero value otherwise. +func (o *PlatformConfig) GetUuid() string { + if o == nil || o.Uuid == nil { + var ret string + return ret + } + return *o.Uuid +} + +// GetUuidOk returns a tuple with the Uuid field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *PlatformConfig) GetUuidOk() (*string, bool) { + if o == nil || o.Uuid == nil { + return nil, false + } + return o.Uuid, true +} + +// HasUuid returns a boolean if a field has been set. +func (o *PlatformConfig) HasUuid() bool { + if o != nil && o.Uuid != nil { + return true + } + + return false +} + +// SetUuid gets a reference to the given string and assigns it to the Uuid field. +func (o *PlatformConfig) SetUuid(v string) { + o.Uuid = &v +} + +// GetOemStrings returns the OemStrings field value if set, zero value otherwise. +func (o *PlatformConfig) GetOemStrings() []string { + if o == nil || o.OemStrings == nil { + var ret []string + return ret + } + return *o.OemStrings +} + +// GetOemStringsOk returns a tuple with the OemStrings field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *PlatformConfig) GetOemStringsOk() (*[]string, bool) { + if o == nil || o.OemStrings == nil { + return nil, false + } + return o.OemStrings, true +} + +// HasOemStrings returns a boolean if a field has been set. +func (o *PlatformConfig) HasOemStrings() bool { + if o != nil && o.OemStrings != nil { + return true + } + + return false +} + +// SetOemStrings gets a reference to the given []string and assigns it to the OemStrings field. +func (o *PlatformConfig) SetOemStrings(v []string) { + o.OemStrings = &v +} + func (o PlatformConfig) MarshalJSON() ([]byte, error) { toSerialize := map[string]interface{}{} if o.NumPciSegments != nil { @@ -145,6 +211,12 @@ func (o PlatformConfig) MarshalJSON() ([]byte, error) { if o.SerialNumber != nil { toSerialize["serial_number"] = o.SerialNumber } + if o.Uuid != nil { + toSerialize["uuid"] = o.Uuid + } + if o.OemStrings != nil { + toSerialize["oem_strings"] = o.OemStrings + } return json.Marshal(toSerialize) } diff --git a/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/model_vm_config.go b/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/model_vm_config.go index c4ad07fb0..f48f92b3c 100644 --- a/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/model_vm_config.go +++ b/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/model_vm_config.go @@ -16,37 +16,35 @@ import ( // VmConfig Virtual machine configuration type VmConfig struct { - Cpus *CpusConfig `json:"cpus,omitempty"` - Memory *MemoryConfig `json:"memory,omitempty"` - Kernel KernelConfig `json:"kernel"` - Initramfs NullableInitramfsConfig `json:"initramfs,omitempty"` - Cmdline *CmdLineConfig `json:"cmdline,omitempty"` - Disks *[]DiskConfig `json:"disks,omitempty"` - Net *[]NetConfig `json:"net,omitempty"` - Rng *RngConfig `json:"rng,omitempty"` - Balloon *BalloonConfig `json:"balloon,omitempty"` - Fs *[]FsConfig `json:"fs,omitempty"` - Pmem *[]PmemConfig `json:"pmem,omitempty"` - Serial *ConsoleConfig `json:"serial,omitempty"` - Console *ConsoleConfig `json:"console,omitempty"` - Devices *[]DeviceConfig `json:"devices,omitempty"` - Vdpa *[]VdpaConfig `json:"vdpa,omitempty"` - Vsock *VsockConfig `json:"vsock,omitempty"` - SgxEpc *[]SgxEpcConfig `json:"sgx_epc,omitempty"` - Tdx *TdxConfig `json:"tdx,omitempty"` - Numa *[]NumaConfig `json:"numa,omitempty"` - Iommu *bool `json:"iommu,omitempty"` - Watchdog *bool `json:"watchdog,omitempty"` - Platform *PlatformConfig `json:"platform,omitempty"` + Cpus *CpusConfig `json:"cpus,omitempty"` + Memory *MemoryConfig `json:"memory,omitempty"` + Payload PayloadConfig `json:"payload"` + Disks *[]DiskConfig `json:"disks,omitempty"` + Net *[]NetConfig `json:"net,omitempty"` + Rng *RngConfig `json:"rng,omitempty"` + Balloon *BalloonConfig `json:"balloon,omitempty"` + Fs *[]FsConfig `json:"fs,omitempty"` + Pmem *[]PmemConfig `json:"pmem,omitempty"` + Serial *ConsoleConfig `json:"serial,omitempty"` + Console *ConsoleConfig `json:"console,omitempty"` + Devices *[]DeviceConfig `json:"devices,omitempty"` + Vdpa *[]VdpaConfig `json:"vdpa,omitempty"` + Vsock *VsockConfig `json:"vsock,omitempty"` + SgxEpc *[]SgxEpcConfig `json:"sgx_epc,omitempty"` + Tdx *TdxConfig `json:"tdx,omitempty"` + Numa *[]NumaConfig `json:"numa,omitempty"` + Iommu *bool `json:"iommu,omitempty"` + Watchdog *bool `json:"watchdog,omitempty"` + Platform *PlatformConfig `json:"platform,omitempty"` } // NewVmConfig instantiates a new VmConfig object // This constructor will assign default values to properties that have it defined, // and makes sure properties required by API are set, but the set of arguments // will change when the set of required properties is changed -func NewVmConfig(kernel KernelConfig) *VmConfig { +func NewVmConfig(payload PayloadConfig) *VmConfig { this := VmConfig{} - this.Kernel = kernel + this.Payload = payload var iommu bool = false this.Iommu = &iommu var watchdog bool = false @@ -130,103 +128,28 @@ func (o *VmConfig) SetMemory(v MemoryConfig) { o.Memory = &v } -// GetKernel returns the Kernel field value -func (o *VmConfig) GetKernel() KernelConfig { +// GetPayload returns the Payload field value +func (o *VmConfig) GetPayload() PayloadConfig { if o == nil { - var ret KernelConfig + var ret PayloadConfig return ret } - return o.Kernel + return o.Payload } -// GetKernelOk returns a tuple with the Kernel field value +// GetPayloadOk returns a tuple with the Payload field value // and a boolean to check if the value has been set. -func (o *VmConfig) GetKernelOk() (*KernelConfig, bool) { +func (o *VmConfig) GetPayloadOk() (*PayloadConfig, bool) { if o == nil { return nil, false } - return &o.Kernel, true + return &o.Payload, true } -// SetKernel sets field value -func (o *VmConfig) SetKernel(v KernelConfig) { - o.Kernel = v -} - -// GetInitramfs returns the Initramfs field value if set, zero value otherwise (both if not set or set to explicit null). -func (o *VmConfig) GetInitramfs() InitramfsConfig { - if o == nil || o.Initramfs.Get() == nil { - var ret InitramfsConfig - return ret - } - return *o.Initramfs.Get() -} - -// GetInitramfsOk returns a tuple with the Initramfs field value if set, nil otherwise -// and a boolean to check if the value has been set. -// NOTE: If the value is an explicit nil, `nil, true` will be returned -func (o *VmConfig) GetInitramfsOk() (*InitramfsConfig, bool) { - if o == nil { - return nil, false - } - return o.Initramfs.Get(), o.Initramfs.IsSet() -} - -// HasInitramfs returns a boolean if a field has been set. -func (o *VmConfig) HasInitramfs() bool { - if o != nil && o.Initramfs.IsSet() { - return true - } - - return false -} - -// SetInitramfs gets a reference to the given NullableInitramfsConfig and assigns it to the Initramfs field. -func (o *VmConfig) SetInitramfs(v InitramfsConfig) { - o.Initramfs.Set(&v) -} - -// SetInitramfsNil sets the value for Initramfs to be an explicit nil -func (o *VmConfig) SetInitramfsNil() { - o.Initramfs.Set(nil) -} - -// UnsetInitramfs ensures that no value is present for Initramfs, not even an explicit nil -func (o *VmConfig) UnsetInitramfs() { - o.Initramfs.Unset() -} - -// GetCmdline returns the Cmdline field value if set, zero value otherwise. -func (o *VmConfig) GetCmdline() CmdLineConfig { - if o == nil || o.Cmdline == nil { - var ret CmdLineConfig - return ret - } - return *o.Cmdline -} - -// GetCmdlineOk returns a tuple with the Cmdline field value if set, nil otherwise -// and a boolean to check if the value has been set. -func (o *VmConfig) GetCmdlineOk() (*CmdLineConfig, bool) { - if o == nil || o.Cmdline == nil { - return nil, false - } - return o.Cmdline, true -} - -// HasCmdline returns a boolean if a field has been set. -func (o *VmConfig) HasCmdline() bool { - if o != nil && o.Cmdline != nil { - return true - } - - return false -} - -// SetCmdline gets a reference to the given CmdLineConfig and assigns it to the Cmdline field. -func (o *VmConfig) SetCmdline(v CmdLineConfig) { - o.Cmdline = &v +// SetPayload sets field value +func (o *VmConfig) SetPayload(v PayloadConfig) { + o.Payload = v } // GetDisks returns the Disks field value if set, zero value otherwise. @@ -782,13 +705,7 @@ func (o VmConfig) MarshalJSON() ([]byte, error) { toSerialize["memory"] = o.Memory } if true { - toSerialize["kernel"] = o.Kernel - } - if o.Initramfs.IsSet() { - toSerialize["initramfs"] = o.Initramfs.Get() - } - if o.Cmdline != nil { - toSerialize["cmdline"] = o.Cmdline + toSerialize["payload"] = o.Payload } if o.Disks != nil { toSerialize["disks"] = o.Disks diff --git a/src/runtime/virtcontainers/pkg/cloud-hypervisor/cloud-hypervisor.yaml b/src/runtime/virtcontainers/pkg/cloud-hypervisor/cloud-hypervisor.yaml index 705293f1f..029b4cf08 100644 --- a/src/runtime/virtcontainers/pkg/cloud-hypervisor/cloud-hypervisor.yaml +++ b/src/runtime/virtcontainers/pkg/cloud-hypervisor/cloud-hypervisor.yaml @@ -8,10 +8,9 @@ info: version: 0.3.0 servers: -- url: http://localhost/api/v1 + - url: http://localhost/api/v1 paths: - /vmm.ping: get: summary: Ping the VMM to check for API server availability @@ -21,7 +20,7 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/VmmPingResponse' + $ref: "#/components/schemas/VmmPingResponse" /vmm.shutdown: put: @@ -40,7 +39,7 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/VmInfo' + $ref: "#/components/schemas/VmInfo" /vm.counters: get: @@ -51,7 +50,7 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/VmCounters' + $ref: "#/components/schemas/VmCounters" /vm.create: put: @@ -62,7 +61,7 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/VmConfig' + $ref: "#/components/schemas/VmConfig" required: true responses: 204: @@ -154,7 +153,7 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/VmResize' + $ref: "#/components/schemas/VmResize" required: true responses: 204: @@ -170,7 +169,7 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/VmResizeZone' + $ref: "#/components/schemas/VmResizeZone" required: true responses: 204: @@ -186,7 +185,7 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/VmAddDevice' + $ref: "#/components/schemas/VmAddDevice" required: true responses: 200: @@ -194,7 +193,7 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/PciDeviceInfo' + $ref: "#/components/schemas/PciDeviceInfo" 204: description: The new device was successfully (cold) added to the VM instance. 404: @@ -208,7 +207,7 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/VmRemoveDevice' + $ref: "#/components/schemas/VmRemoveDevice" required: true responses: 204: @@ -224,7 +223,7 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/DiskConfig' + $ref: "#/components/schemas/DiskConfig" required: true responses: 200: @@ -232,7 +231,7 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/PciDeviceInfo' + $ref: "#/components/schemas/PciDeviceInfo" 204: description: The new disk was successfully (cold) added to the VM instance. 500: @@ -246,7 +245,7 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/FsConfig' + $ref: "#/components/schemas/FsConfig" required: true responses: 200: @@ -254,7 +253,7 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/PciDeviceInfo' + $ref: "#/components/schemas/PciDeviceInfo" 204: description: The new device was successfully (cold) added to the VM instance. 500: @@ -268,7 +267,7 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/PmemConfig' + $ref: "#/components/schemas/PmemConfig" required: true responses: 200: @@ -276,7 +275,7 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/PciDeviceInfo' + $ref: "#/components/schemas/PciDeviceInfo" 204: description: The new device was successfully (cold) added to the VM instance. 500: @@ -290,7 +289,7 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/NetConfig' + $ref: "#/components/schemas/NetConfig" required: true responses: 200: @@ -298,7 +297,7 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/PciDeviceInfo' + $ref: "#/components/schemas/PciDeviceInfo" 204: description: The new device was successfully (cold) added to the VM instance. 500: @@ -312,7 +311,7 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/VsockConfig' + $ref: "#/components/schemas/VsockConfig" required: true responses: 200: @@ -320,12 +319,12 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/PciDeviceInfo' + $ref: "#/components/schemas/PciDeviceInfo" 204: description: The new device was successfully (cold) added to the VM instance. 500: description: The new device could not be added to the VM instance. - + /vm.add-vdpa: put: summary: Add a new vDPA device to the VM @@ -334,7 +333,7 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/VdpaConfig' + $ref: "#/components/schemas/VdpaConfig" required: true responses: 200: @@ -342,7 +341,7 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/PciDeviceInfo' + $ref: "#/components/schemas/PciDeviceInfo" 204: description: The new vDPA device was successfully (cold) added to the VM instance. 500: @@ -356,7 +355,7 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/VmSnapshotConfig' + $ref: "#/components/schemas/VmSnapshotConfig" required: true responses: 204: @@ -374,7 +373,7 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/VmCoredumpData' + $ref: "#/components/schemas/VmCoredumpData" required: true responses: 204: @@ -392,7 +391,7 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/RestoreConfig' + $ref: "#/components/schemas/RestoreConfig" required: true responses: 204: @@ -408,7 +407,7 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/ReceiveMigrationData' + $ref: "#/components/schemas/ReceiveMigrationData" required: true responses: 204: @@ -424,7 +423,7 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/SendMigrationData' + $ref: "#/components/schemas/SendMigrationData" required: true responses: 204: @@ -434,10 +433,9 @@ paths: components: schemas: - VmmPingResponse: required: - - version + - version type: object properties: version: @@ -446,12 +444,12 @@ components: VmInfo: required: - - config - - state + - config + - state type: object properties: config: - $ref: '#/components/schemas/VmConfig' + $ref: "#/components/schemas/VmConfig" state: type: string enum: [Created, Running, Shutdown, Paused] @@ -461,7 +459,7 @@ components: device_tree: type: object additionalProperties: - $ref: '#/components/schemas/DeviceNode' + $ref: "#/components/schemas/DeviceNode" description: Virtual Machine information DeviceNode: @@ -491,8 +489,8 @@ components: PciDeviceInfo: required: - - id - - bdf + - id + - bdf type: object properties: id: @@ -501,65 +499,72 @@ components: type: string description: Information about a PCI device + PayloadConfig: + type: object + properties: + kernel: + type: string + cmdline: + type: string + initramfs: + type: string + description: Payloads to boot in guest + VmConfig: required: - - kernel + - payload type: object properties: cpus: - $ref: '#/components/schemas/CpusConfig' + $ref: "#/components/schemas/CpusConfig" memory: - $ref: '#/components/schemas/MemoryConfig' - kernel: - $ref: '#/components/schemas/KernelConfig' - initramfs: - $ref: '#/components/schemas/InitramfsConfig' - cmdline: - $ref: '#/components/schemas/CmdLineConfig' + $ref: "#/components/schemas/MemoryConfig" + payload: + $ref: "#/components/schemas/PayloadConfig" disks: type: array items: - $ref: '#/components/schemas/DiskConfig' + $ref: "#/components/schemas/DiskConfig" net: type: array items: - $ref: '#/components/schemas/NetConfig' + $ref: "#/components/schemas/NetConfig" rng: - $ref: '#/components/schemas/RngConfig' + $ref: "#/components/schemas/RngConfig" balloon: - $ref: '#/components/schemas/BalloonConfig' + $ref: "#/components/schemas/BalloonConfig" fs: type: array items: - $ref: '#/components/schemas/FsConfig' + $ref: "#/components/schemas/FsConfig" pmem: type: array items: - $ref: '#/components/schemas/PmemConfig' + $ref: "#/components/schemas/PmemConfig" serial: - $ref: '#/components/schemas/ConsoleConfig' + $ref: "#/components/schemas/ConsoleConfig" console: - $ref: '#/components/schemas/ConsoleConfig' + $ref: "#/components/schemas/ConsoleConfig" devices: type: array items: - $ref: '#/components/schemas/DeviceConfig' + $ref: "#/components/schemas/DeviceConfig" vdpa: type: array items: - $ref: '#/components/schemas/VdpaConfig' + $ref: "#/components/schemas/VdpaConfig" vsock: - $ref: '#/components/schemas/VsockConfig' + $ref: "#/components/schemas/VsockConfig" sgx_epc: type: array items: - $ref: '#/components/schemas/SgxEpcConfig' + $ref: "#/components/schemas/SgxEpcConfig" tdx: - $ref: '#/components/schemas/TdxConfig' + $ref: "#/components/schemas/TdxConfig" numa: type: array items: - $ref: '#/components/schemas/NumaConfig' + $ref: "#/components/schemas/NumaConfig" iommu: type: boolean default: false @@ -567,7 +572,7 @@ components: type: boolean default: false platform: - $ref: '#/components/schemas/PlatformConfig' + $ref: "#/components/schemas/PlatformConfig" description: Virtual machine configuration CpuAffinity: @@ -600,8 +605,8 @@ components: CpusConfig: required: - - boot_vcpus - - max_vcpus + - boot_vcpus + - max_vcpus type: object properties: boot_vcpus: @@ -613,7 +618,7 @@ components: default: 1 type: integer topology: - $ref: '#/components/schemas/CpuTopology' + $ref: "#/components/schemas/CpuTopology" kvm_hyperv: type: boolean default: false @@ -622,9 +627,9 @@ components: affinity: type: array items: - $ref: '#/components/schemas/CpuAffinity' + $ref: "#/components/schemas/CpuAffinity" features: - $ref: '#/components/schemas/CpuFeatures' + $ref: "#/components/schemas/CpuFeatures" PlatformConfig: type: object @@ -639,11 +644,17 @@ components: format: int16 serial_number: type: string + uuid: + type: string + oem_strings: + type: array + items: + type: string MemoryZoneConfig: required: - - id - - size + - id + - size type: object properties: id: @@ -681,7 +692,7 @@ components: MemoryConfig: required: - - size + - size type: object properties: size: @@ -715,37 +726,12 @@ components: zones: type: array items: - $ref: '#/components/schemas/MemoryZoneConfig' - - KernelConfig: - required: - - path - type: object - properties: - path: - type: string - - InitramfsConfig: - nullable: true - required: - - path - type: object - properties: - path: - type: string - - CmdLineConfig: - required: - - args - type: object - properties: - args: - type: string + $ref: "#/components/schemas/MemoryZoneConfig" TokenBucket: required: - - size - - refill_time + - size + - refill_time type: object properties: size: @@ -777,16 +763,16 @@ components: type: object properties: bandwidth: - $ref: '#/components/schemas/TokenBucket' + $ref: "#/components/schemas/TokenBucket" ops: - $ref: '#/components/schemas/TokenBucket' + $ref: "#/components/schemas/TokenBucket" description: Defines an IO rate limiter with independent bytes/s and ops/s limits. Limits are defined by configuring each of the _bandwidth_ and _ops_ token buckets. DiskConfig: required: - - path + - path type: object properties: path: @@ -811,11 +797,8 @@ components: default: false vhost_socket: type: string - poll_queue: - type: boolean - default: true rate_limiter_config: - $ref: '#/components/schemas/RateLimiterConfig' + $ref: "#/components/schemas/RateLimiterConfig" pci_segment: type: integer format: int16 @@ -858,11 +841,11 @@ components: type: integer format: int16 rate_limiter_config: - $ref: '#/components/schemas/RateLimiterConfig' + $ref: "#/components/schemas/RateLimiterConfig" RngConfig: required: - - src + - src type: object properties: src: @@ -874,7 +857,7 @@ components: BalloonConfig: required: - - size + - size type: object properties: size: @@ -891,10 +874,10 @@ components: FsConfig: required: - - num_queues - - queue_size - - socket - - tag + - num_queues + - queue_size + - socket + - tag type: object properties: tag: @@ -915,7 +898,7 @@ components: PmemConfig: required: - - file + - file type: object properties: file: @@ -937,7 +920,7 @@ components: ConsoleConfig: required: - - mode + - mode type: object properties: file: @@ -951,7 +934,7 @@ components: DeviceConfig: required: - - path + - path type: object properties: path: @@ -967,8 +950,8 @@ components: VdpaConfig: required: - - path - - num_queues + - path + - num_queues type: object properties: path: @@ -987,8 +970,8 @@ components: VsockConfig: required: - - cid - - socket + - cid + - socket type: object properties: cid: @@ -1010,8 +993,8 @@ components: SgxEpcConfig: required: - - id - - size + - id + - size type: object properties: id: @@ -1025,7 +1008,7 @@ components: TdxConfig: required: - - firmware + - firmware type: object properties: firmware: @@ -1034,8 +1017,8 @@ components: NumaDistance: required: - - destination - - distance + - destination + - distance type: object properties: destination: @@ -1047,7 +1030,7 @@ components: NumaConfig: required: - - guest_numa_id + - guest_numa_id type: object properties: guest_numa_id: @@ -1061,7 +1044,7 @@ components: distances: type: array items: - $ref: '#/components/schemas/NumaDistance' + $ref: "#/components/schemas/NumaDistance" memory_zones: type: array items: @@ -1127,7 +1110,7 @@ components: RestoreConfig: required: - - source_url + - source_url type: object properties: source_url: @@ -1137,7 +1120,7 @@ components: ReceiveMigrationData: required: - - receiver_url + - receiver_url type: object properties: receiver_url: @@ -1145,7 +1128,7 @@ components: SendMigrationData: required: - - destination_url + - destination_url type: object properties: destination_url: From 3a597c274240aae16eb4d380b37c64b21d0642e8 Mon Sep 17 00:00:00 2001 From: Bo Chen Date: Wed, 17 Aug 2022 12:15:04 -0700 Subject: [PATCH 09/21] runtime: clh: Use the new 'payload' interface The new 'payload' interface now contains the 'kernel' and 'initramfs' config. Fixes: #4952 Signed-off-by: Bo Chen --- src/runtime/virtcontainers/clh.go | 12 ++++++------ src/runtime/virtcontainers/clh_test.go | 2 +- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/src/runtime/virtcontainers/clh.go b/src/runtime/virtcontainers/clh.go index aaa8e2886..b14391b93 100644 --- a/src/runtime/virtcontainers/clh.go +++ b/src/runtime/virtcontainers/clh.go @@ -459,13 +459,15 @@ func (clh *cloudHypervisor) CreateVM(ctx context.Context, id string, network Net // to fetch if this is the first time the hypervisor is created. clh.Logger().WithField("function", "CreateVM").Info("Sandbox not found creating") + // Create the VM config via the constructor to ensure default values are properly assigned + clh.vmconfig = *chclient.NewVmConfig(*chclient.NewPayloadConfig()) + // Make sure the kernel path is valid kernelPath, err := clh.config.KernelAssetPath() if err != nil { return err } - // Create the VM config via the constructor to ensure default values are properly assigned - clh.vmconfig = *chclient.NewVmConfig(*chclient.NewKernelConfig(kernelPath)) + clh.vmconfig.Payload.SetKernel(kernelPath) if clh.config.ConfidentialGuest { if err := clh.enableProtection(); err != nil { @@ -505,7 +507,7 @@ func (clh *cloudHypervisor) CreateVM(ctx context.Context, id string, network Net // Followed by extra kernel parameters defined in the configuration file params = append(params, clh.config.KernelParams...) - clh.vmconfig.Cmdline = chclient.NewCmdLineConfig(kernelParamsToString(params)) + clh.vmconfig.Payload.SetCmdline(kernelParamsToString(params)) // set random device generator to hypervisor clh.vmconfig.Rng = chclient.NewRngConfig(clh.config.EntropySource) @@ -547,9 +549,7 @@ func (clh *cloudHypervisor) CreateVM(ctx context.Context, id string, network Net return err } - initrd := chclient.NewInitramfsConfig(initrdPath) - - clh.vmconfig.SetInitramfs(*initrd) + clh.vmconfig.Payload.SetInitramfs(initrdPath) } // Use serial port as the guest console only in debug mode, diff --git a/src/runtime/virtcontainers/clh_test.go b/src/runtime/virtcontainers/clh_test.go index bb4a04925..58b1b7fe9 100644 --- a/src/runtime/virtcontainers/clh_test.go +++ b/src/runtime/virtcontainers/clh_test.go @@ -557,7 +557,7 @@ func TestCloudHypervisorResizeMemory(t *testing.T) { clh := cloudHypervisor{} mockClient := &clhClientMock{} - mockClient.vmInfo.Config = *chclient.NewVmConfig(*chclient.NewKernelConfig("")) + mockClient.vmInfo.Config = *chclient.NewVmConfig(*chclient.NewPayloadConfig()) mockClient.vmInfo.Config.Memory = chclient.NewMemoryConfig(int64(utils.MemUnit(clhConfig.MemorySize) * utils.MiB)) mockClient.vmInfo.Config.Memory.HotplugSize = func(i int64) *int64 { return &i }(int64(40 * utils.GiB.ToBytes())) From 4f53e010b4b650ec5de51d8d8ce88787ca28cf24 Mon Sep 17 00:00:00 2001 From: Peng Tao Date: Wed, 13 Jul 2022 17:27:49 +0800 Subject: [PATCH 10/21] agent: skip test_load_kernel_module if non-root We need root privilege to load a real kernel module. Fixes: #4704 Signed-off-by: Peng Tao --- src/agent/src/rpc.rs | 1 + 1 file changed, 1 insertion(+) diff --git a/src/agent/src/rpc.rs b/src/agent/src/rpc.rs index 2a62aedf3..08950a4ca 100644 --- a/src/agent/src/rpc.rs +++ b/src/agent/src/rpc.rs @@ -2058,6 +2058,7 @@ mod tests { let result = load_kernel_module(&m); assert!(result.is_err(), "load module should failed"); + skip_if_not_root!(); // case 3: normal module. // normally this module should eixsts... m.name = "bridge".to_string(); From 326f1cc7734efca6d2096c98605fb4721e366bb3 Mon Sep 17 00:00:00 2001 From: Peng Tao Date: Wed, 6 Jul 2022 17:00:54 +0800 Subject: [PATCH 11/21] agent: enrich some error code path So that it is easier to find out why some function fails. Signed-off-by: Peng Tao --- src/agent/rustjail/src/container.rs | 7 ++++++- src/agent/src/mount.rs | 3 ++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/src/agent/rustjail/src/container.rs b/src/agent/rustjail/src/container.rs index 2c360cf16..992dd7ec4 100644 --- a/src/agent/rustjail/src/container.rs +++ b/src/agent/rustjail/src/container.rs @@ -1457,7 +1457,12 @@ impl LinuxContainer { linux.cgroups_path.clone() }; - let cgroup_manager = FsManager::new(cpath.as_str())?; + let cgroup_manager = FsManager::new(cpath.as_str()).map_err(|e| { + anyhow!(format!( + "fail to create cgroup manager with path {}: {:}", + cpath, e + )) + })?; info!(logger, "new cgroup_manager {:?}", &cgroup_manager); Ok(LinuxContainer { diff --git a/src/agent/src/mount.rs b/src/agent/src/mount.rs index a94cf9ce9..32eaeb3aa 100644 --- a/src/agent/src/mount.rs +++ b/src/agent/src/mount.rs @@ -840,7 +840,8 @@ pub fn get_mount_fs_type_from_file(mount_file: &str, mount_point: &str) -> Resul return Err(anyhow!("Invalid mount point {}", mount_point)); } - let content = fs::read_to_string(mount_file)?; + let content = fs::read_to_string(mount_file) + .map_err(|e| anyhow!("read mount file {}: {}", mount_file, e))?; let re = Regex::new(format!("device .+ mounted on {} with fstype (.+)", mount_point).as_str())?; From fa09f0ec84ebb2fa81d75d2f90bf98e94f9de833 Mon Sep 17 00:00:00 2001 From: Peng Tao Date: Thu, 7 Apr 2022 17:50:51 +0800 Subject: [PATCH 12/21] runtime: remove qemuPaths It is broken that it doesn't list QemuVirt machine type. In fact we don't need it at all. Just drop it. Signed-off-by: Peng Tao --- src/runtime/virtcontainers/qemu_amd64.go | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/src/runtime/virtcontainers/qemu_amd64.go b/src/runtime/virtcontainers/qemu_amd64.go index 61c18c68e..e6bc54b04 100644 --- a/src/runtime/virtcontainers/qemu_amd64.go +++ b/src/runtime/virtcontainers/qemu_amd64.go @@ -41,11 +41,6 @@ const ( qmpMigrationWaitTimeout = 5 * time.Second ) -var qemuPaths = map[string]string{ - QemuQ35: defaultQemuPath, - QemuMicrovm: defaultQemuPath, -} - var kernelParams = []Param{ {"tsc", "reliable"}, {"no_timer_check", ""}, @@ -114,7 +109,7 @@ func newQemuArch(config HypervisorConfig) (qemuArch, error) { q := &qemuAmd64{ qemuArchBase: qemuArchBase{ qemuMachine: *mp, - qemuExePath: qemuPaths[machineType], + qemuExePath: defaultQemuPath, memoryOffset: config.MemOffset, kernelParamsNonDebug: kernelParamsNonDebug, kernelParamsDebug: kernelParamsDebug, From 2b0587db958936472b566ba5b559b31954279688 Mon Sep 17 00:00:00 2001 From: Peng Tao Date: Thu, 7 Apr 2022 18:03:42 +0800 Subject: [PATCH 13/21] runtime: VMX is migratible in vm factory case We are not spinning up any L2 guests in vm factory, so the L1 guest migration is expected to work even with VMX. See https://www.linux-kvm.org/page/Nested_Guests Fixes: #4050 Signed-off-by: Peng Tao --- src/runtime/virtcontainers/qemu_amd64.go | 13 ------------- src/runtime/virtcontainers/qemu_amd64_test.go | 2 +- src/runtime/virtcontainers/qemu_ppc64le.go | 4 ---- 3 files changed, 1 insertion(+), 18 deletions(-) diff --git a/src/runtime/virtcontainers/qemu_amd64.go b/src/runtime/virtcontainers/qemu_amd64.go index e6bc54b04..9cc0f600e 100644 --- a/src/runtime/virtcontainers/qemu_amd64.go +++ b/src/runtime/virtcontainers/qemu_amd64.go @@ -167,19 +167,6 @@ func (q *qemuAmd64) bridges(number uint32) { q.Bridges = genericBridges(number, q.qemuMachine.Type) } -func (q *qemuAmd64) cpuModel() string { - cpuModel := defaultCPUModel - - // VMX is not migratable yet. - // issue: https://github.com/kata-containers/runtime/issues/1750 - if q.vmFactory { - hvLogger.WithField("subsystem", "qemuAmd64").Warn("VMX is not migratable yet: turning it off") - cpuModel += ",vmx=off" - } - - return cpuModel -} - func (q *qemuAmd64) memoryTopology(memoryMb, hostMemoryMb uint64, slots uint8) govmmQemu.Memory { return genericMemoryTopology(memoryMb, hostMemoryMb, slots, q.memoryOffset) } diff --git a/src/runtime/virtcontainers/qemu_amd64_test.go b/src/runtime/virtcontainers/qemu_amd64_test.go index e8cf9fcd5..740cb6460 100644 --- a/src/runtime/virtcontainers/qemu_amd64_test.go +++ b/src/runtime/virtcontainers/qemu_amd64_test.go @@ -87,7 +87,7 @@ func TestQemuAmd64CPUModel(t *testing.T) { base, ok := amd64.(*qemuAmd64) assert.True(ok) base.vmFactory = true - expectedOut = defaultCPUModel + ",vmx=off" + expectedOut = defaultCPUModel model = amd64.cpuModel() assert.Equal(expectedOut, model) } diff --git a/src/runtime/virtcontainers/qemu_ppc64le.go b/src/runtime/virtcontainers/qemu_ppc64le.go index 27bac3581..6e62551b6 100644 --- a/src/runtime/virtcontainers/qemu_ppc64le.go +++ b/src/runtime/virtcontainers/qemu_ppc64le.go @@ -114,10 +114,6 @@ func (q *qemuPPC64le) bridges(number uint32) { q.Bridges = genericBridges(number, q.qemuMachine.Type) } -func (q *qemuPPC64le) cpuModel() string { - return defaultCPUModel -} - func (q *qemuPPC64le) memoryTopology(memoryMb, hostMemoryMb uint64, slots uint8) govmmQemu.Memory { q.Logger().Debug("Aligning maxmem to multiples of 256MB. Assumption: Kernel Version >= 4.11") From f508c2909a298cbb85bc911b4a23ee923ad92459 Mon Sep 17 00:00:00 2001 From: Peng Tao Date: Thu, 7 Apr 2022 18:03:42 +0800 Subject: [PATCH 14/21] runtime: constify splitIrqChipMachineOptions A simple cleanup. Signed-off-by: Peng Tao --- src/runtime/virtcontainers/qemu_amd64.go | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/runtime/virtcontainers/qemu_amd64.go b/src/runtime/virtcontainers/qemu_amd64.go index 9cc0f600e..9e9960046 100644 --- a/src/runtime/virtcontainers/qemu_amd64.go +++ b/src/runtime/virtcontainers/qemu_amd64.go @@ -38,6 +38,8 @@ const ( defaultQemuMachineOptions = "accel=kvm,kernel_irqchip=on" + splitIrqChipMachineOptions = "accel=kvm,kernel_irqchip=split" + qmpMigrationWaitTimeout = 5 * time.Second ) @@ -96,7 +98,7 @@ func newQemuArch(config HypervisorConfig) (qemuArch, error) { // IOMMU and Guest Protection require a split IRQ controller for handling interrupts // otherwise QEMU won't be able to create the kernel irqchip if config.IOMMU || config.ConfidentialGuest { - mp.Options = "accel=kvm,kernel_irqchip=split" + mp.Options = splitIrqChipMachineOptions } if config.IOMMU { From cf785a1a23cf82fd54ff21a8e32429dd0c00fd96 Mon Sep 17 00:00:00 2001 From: Pavel Mores Date: Tue, 2 Aug 2022 11:01:51 +0200 Subject: [PATCH 15/21] runtime-rs: add core toml::Value tree merging This is the core functionality of merging config file fragments into the base config file. Our TOML parser crate doesn't seem to allow working at the level of TomlConfig instances like BurntSushi, used in the Golang runtime, does so we implement the required functionality at the level of toml::Value trees. Tests to verify basic requirements are included. Values set by a base config file and not touched by a subsequent drop-in should be preserved. Drop-in config file fragments should be able to change values set by the base config file and add settings not present in the base. Conversion of a merged tree into a mock TomlConfig-style structure is tested as well. Signed-off-by: Pavel Mores --- src/libs/kata-types/src/config/drop_in.rs | 214 ++++++++++++++++++++++ 1 file changed, 214 insertions(+) create mode 100644 src/libs/kata-types/src/config/drop_in.rs diff --git a/src/libs/kata-types/src/config/drop_in.rs b/src/libs/kata-types/src/config/drop_in.rs new file mode 100644 index 000000000..505e13150 --- /dev/null +++ b/src/libs/kata-types/src/config/drop_in.rs @@ -0,0 +1,214 @@ +// Copyright Red Hat +// +// SPDX-License-Identifier: Apache-2.0 +// + +mod toml_tree_ops { + // The following pair of functions implement toml::Value tree merging, with + // the second argument being merged into the first one and consumed in the + // process. The toml parser crate in use here doesn't support parsing into + // a pre-existing (possibly pre-filled) TomlConfig instance but can parse + // into a toml::Value tree so we use that instead. All files (base and + // drop-ins) are initially parsed into toml::Value trees which are + // subsequently merged. Only when the fully merged tree is computed it is + // converted to a TomlConfig instance. + + fn merge_tables(base_table: &mut toml::value::Table, dropin_table: toml::value::Table) { + for (key, val) in dropin_table.into_iter() { + match base_table.get_mut(&key) { + Some(base_val) => merge(base_val, val), + None => { + base_table.insert(key, val); + } + } + } + } + + pub fn merge(base: &mut toml::Value, dropin: toml::Value) { + match dropin { + toml::Value::Table(dropin_table) => { + if let toml::Value::Table(base_table) = base { + merge_tables(base_table, dropin_table); + } else { + *base = toml::Value::Table(dropin_table); + } + } + + _ => *base = dropin, + } + } + + #[cfg(test)] + mod tests { + use super::*; + + // Mock config structure to stand in for TomlConfig for low-level + // toml::Value trees merging. + #[derive(Deserialize, Debug, Default, PartialEq)] + struct SubConfig { + #[serde(default)] + another_string: String, + #[serde(default)] + yet_another_number: i32, + #[serde(default)] + sub_array: Vec, + } + + #[derive(Deserialize, Debug, Default, PartialEq)] + struct Config { + #[serde(default)] + number: i32, + #[serde(default)] + string: String, + #[serde(default)] + another_number: u8, + #[serde(default)] + array: Vec, + + #[serde(default)] + sub: SubConfig, + } + + #[test] + fn dropin_does_not_interfere_with_base() { + let mut base: toml::Value = toml::from_str( + r#" + number = 42 + "#, + ) + .unwrap(); + + let dropin: toml::Value = toml::from_str( + r#" + string = "foo" + "#, + ) + .unwrap(); + + merge(&mut base, dropin); + + assert_eq!( + base.try_into(), + Ok(Config { + number: 42, + string: "foo".into(), + sub: Default::default(), + ..Default::default() + }) + ); + } + + #[test] + fn dropin_overrides_base() { + let mut base: toml::Value = toml::from_str( + r#" + number = 42 + [sub] + another_string = "foo" + "#, + ) + .unwrap(); + + let dropin: toml::Value = toml::from_str( + r#" + number = 43 + [sub] + another_string = "bar" + "#, + ) + .unwrap(); + + merge(&mut base, dropin); + + assert_eq!( + base.try_into(), + Ok(Config { + number: 43, + sub: SubConfig { + another_string: "bar".into(), + ..Default::default() + }, + ..Default::default() + }) + ); + } + + #[test] + fn dropin_extends_base() { + let mut base: toml::Value = toml::from_str( + r#" + number = 42 + [sub] + another_string = "foo" + "#, + ) + .unwrap(); + + let dropin: toml::Value = toml::from_str( + r#" + string = "hello" + [sub] + yet_another_number = 13 + "#, + ) + .unwrap(); + + merge(&mut base, dropin); + + assert_eq!( + base.try_into(), + Ok(Config { + number: 42, + string: "hello".into(), + sub: SubConfig { + another_string: "foo".into(), + yet_another_number: 13, + ..Default::default() + }, + ..Default::default() + }) + ); + } + + // Drop-ins can change the type of a value. This might look weird but at + // this level we have no idea about semantics so we just do what the + // .toml's tell us. The final type check is only performed by try_into(). + // Also, we don't necessarily test this because it's a desired feature. + // It's just something that seems to follow from the way Value tree + // merging is implemented so why not acknowledge and verify it. + #[test] + fn dropin_overrides_base_type() { + let mut base: toml::Value = toml::from_str( + r#" + number = "foo" + [sub] + another_string = 42 + "#, + ) + .unwrap(); + + let dropin: toml::Value = toml::from_str( + r#" + number = 42 + [sub] + another_string = "foo" + "#, + ) + .unwrap(); + + merge(&mut base, dropin); + + assert_eq!( + base.try_into(), + Ok(Config { + number: 42, + sub: SubConfig { + another_string: "foo".into(), + ..Default::default() + }, + ..Default::default() + }) + ); + } + } +} From 87b97b69942a2a270c87bf7233e7705b77541e24 Mon Sep 17 00:00:00 2001 From: Pavel Mores Date: Tue, 2 Aug 2022 13:04:57 +0200 Subject: [PATCH 16/21] runtime-rs: add filesystem-related part of drop-in handling The central function being added here is load() which takes a path to a base config file and uses it to load the base config file itself, find the corresponding drop-in directory (get_dropin_dir_path()), iterate through its contents (update_from_dropins()) and load each drop-in in turn and merge its contents with the base file (update_from_dropin()). Also added is a test of load() which mirrors the corresponding test in the golang runtime (TestLoadDropInConfiguration() in config_test.go). Signed-off-by: Pavel Mores --- src/libs/Cargo.lock | 1 + src/libs/kata-types/Cargo.toml | 2 + src/libs/kata-types/src/config/drop_in.rs | 168 ++++++++++++++++++++++ 3 files changed, 171 insertions(+) diff --git a/src/libs/Cargo.lock b/src/libs/Cargo.lock index b82c108c4..c68c190ba 100644 --- a/src/libs/Cargo.lock +++ b/src/libs/Cargo.lock @@ -404,6 +404,7 @@ dependencies = [ "serde_json", "slog", "slog-scope", + "tempfile", "thiserror", "toml", ] diff --git a/src/libs/kata-types/Cargo.toml b/src/libs/kata-types/Cargo.toml index ce7dcaf06..24652d3ea 100644 --- a/src/libs/kata-types/Cargo.toml +++ b/src/libs/kata-types/Cargo.toml @@ -26,6 +26,8 @@ toml = "0.5.8" oci = { path = "../oci" } [dev-dependencies] +tempfile = "3" + [features] default = [] enable-vendor = [] diff --git a/src/libs/kata-types/src/config/drop_in.rs b/src/libs/kata-types/src/config/drop_in.rs index 505e13150..a842858b7 100644 --- a/src/libs/kata-types/src/config/drop_in.rs +++ b/src/libs/kata-types/src/config/drop_in.rs @@ -212,3 +212,171 @@ mod toml_tree_ops { } } } + +mod drop_in_directory_handling { + use crate::config::TomlConfig; + use std::fs; + use std::io::{self, Result}; + use std::path::{Path, PathBuf}; + + fn get_dropin_dir_path(base_cfg_file_path: &Path) -> Result { + let mut dropin_dir = base_cfg_file_path.to_path_buf(); + if !dropin_dir.pop() { + return Err(io::Error::new( + io::ErrorKind::InvalidInput, + "base cfg file path too short", + )); + } + dropin_dir.push("config.d"); + Ok(dropin_dir) + } + + fn update_from_dropin(base_config: &mut toml::Value, dropin_file: &fs::DirEntry) -> Result<()> { + if !dropin_file.file_type()?.is_file() { + return Err(io::Error::new( + io::ErrorKind::Other, + "drop-in cfg file can only be a regular file or a symlink", + )); + } + let dropin_contents = fs::read_to_string(&dropin_file.path())?; + let dropin_config: toml::Value = toml::from_str(&dropin_contents)?; + super::toml_tree_ops::merge(base_config, dropin_config); + Ok(()) + } + + fn update_from_dropins(base_config: &mut toml::Value, dropin_dir: &Path) -> Result<()> { + let dropin_files_iter = match fs::read_dir(dropin_dir) { + Ok(iter) => iter, + Err(err) => { + if err.kind() == io::ErrorKind::NotFound { + return Ok(()); + } else { + return Err(err); + } + } + }; + + let mut dropin_files = dropin_files_iter.collect::>>()?; + dropin_files.sort_by_key(|direntry| direntry.file_name()); + for dropin_file in &dropin_files { + update_from_dropin(base_config, dropin_file)?; + } + Ok(()) + } + + pub fn load(base_cfg_file_path: &Path) -> Result { + let base_toml_str = fs::read_to_string(&base_cfg_file_path)?; + let mut base_config: toml::Value = toml::from_str(&base_toml_str)?; + let dropin_dir = get_dropin_dir_path(base_cfg_file_path)?; + + update_from_dropins(&mut base_config, &dropin_dir)?; + + let config: TomlConfig = base_config.try_into()?; + Ok(config) + } + + #[cfg(test)] + mod tests { + use super::*; + use std::io::Write; + + const BASE_CONFIG_DATA: &str = r#" + [hypervisor.qemu] + path = "/usr/bin/qemu-kvm" + default_bridges = 3 + [runtime] + enable_debug = true + internetworking_model="tcfilter" + "#; + + fn check_base_config(config: &TomlConfig) { + assert_eq!( + config.hypervisor["qemu"].path, + "/usr/bin/qemu-kvm".to_string() + ); + assert_eq!(config.hypervisor["qemu"].device_info.default_bridges, 3); + assert!(config.runtime.debug); + assert_eq!(config.runtime.internetworking_model, "tcfilter".to_string()); + } + + fn create_file(path: &Path, contents: &[u8]) -> Result<()> { + fs::File::create(path)?.write_all(contents) + } + + #[test] + fn test_no_dropins_dir() { + let tmpdir = tempfile::tempdir().unwrap(); + + let config_path = tmpdir.path().join("runtime.toml"); + create_file(&config_path, BASE_CONFIG_DATA.as_bytes()).unwrap(); + + let config = load(&config_path).unwrap(); + check_base_config(&config); + } + + #[test] + fn test_no_dropins() { + let tmpdir = tempfile::tempdir().unwrap(); + + let config_path = tmpdir.path().join("runtime.toml"); + create_file(&config_path, BASE_CONFIG_DATA.as_bytes()).unwrap(); + + let dropin_dir = tmpdir.path().join("config.d"); + fs::create_dir(&dropin_dir).unwrap(); + + let config = load(&config_path).unwrap(); + check_base_config(&config); + } + + #[test] + fn test_dropins() { + let tmpdir = tempfile::tempdir().unwrap(); + + let dropin_data = r#" + [hypervisor.qemu] + default_vcpus = 2 + default_bridges = 4 + shared_fs = "virtio-fs" + [runtime] + sandbox_cgroup_only=true + internetworking_model="macvtap" + vfio_mode="guest-kernel" + "#; + + let dropin_override_data = r#" + [hypervisor.qemu] + shared_fs = "virtio-9p" + [runtime] + vfio_mode="vfio" + "#; + + let config_path = tmpdir.path().join("runtime.toml"); + create_file(&config_path, BASE_CONFIG_DATA.as_bytes()).unwrap(); + + let dropin_dir = tmpdir.path().join("config.d"); + fs::create_dir(&dropin_dir).unwrap(); + + let dropin_path = dropin_dir.join("10-base"); + create_file(&dropin_path, dropin_data.as_bytes()).unwrap(); + + let dropin_override_path = dropin_dir.join("20-override"); + create_file(&dropin_override_path, dropin_override_data.as_bytes()).unwrap(); + + let config = load(&config_path).unwrap(); + assert_eq!( + config.hypervisor["qemu"].path, + "/usr/bin/qemu-kvm".to_string() + ); + assert_eq!(config.hypervisor["qemu"].cpu_info.default_vcpus, 2); + assert_eq!(config.hypervisor["qemu"].device_info.default_bridges, 4); + assert_eq!( + config.hypervisor["qemu"].shared_fs.shared_fs.as_deref(), + Some("virtio-9p") + ); + assert!(config.runtime.debug); + assert!(config.runtime.sandbox_cgroup_only); + assert_eq!(config.runtime.internetworking_model, "macvtap".to_string()); + assert_eq!(config.runtime.vfio_mode, "vfio".to_string()); + } + } +} From 57bd3f42d332319027478cee6ce8870a711aece8 Mon Sep 17 00:00:00 2001 From: Pavel Mores Date: Fri, 29 Jul 2022 13:42:08 +0200 Subject: [PATCH 17/21] runtime-rs: plug drop-in decoding into config-loading code To plug drop-in support into existing config-loading code in a robust way, more specifically to create a single point where this needs to be handled, load_from_file() and load_raw_from_file() were refactored. Seeing as the original implemenations of both functions were identical apart from adjust_config() calls in load_from_file(), load_from_file() was reimplemented in terms of load_raw_from_file(). Fixes #4771 Signed-off-by: Pavel Mores --- src/libs/kata-types/src/config/drop_in.rs | 2 ++ src/libs/kata-types/src/config/mod.rs | 29 ++++++++++------------- 2 files changed, 15 insertions(+), 16 deletions(-) diff --git a/src/libs/kata-types/src/config/drop_in.rs b/src/libs/kata-types/src/config/drop_in.rs index a842858b7..015e284b6 100644 --- a/src/libs/kata-types/src/config/drop_in.rs +++ b/src/libs/kata-types/src/config/drop_in.rs @@ -3,6 +3,8 @@ // SPDX-License-Identifier: Apache-2.0 // +pub use drop_in_directory_handling::load; + mod toml_tree_ops { // The following pair of functions implement toml::Value tree merging, with // the second argument being merged into the first one and consumed in the diff --git a/src/libs/kata-types/src/config/mod.rs b/src/libs/kata-types/src/config/mod.rs index 52c9a0e3c..204adf034 100644 --- a/src/libs/kata-types/src/config/mod.rs +++ b/src/libs/kata-types/src/config/mod.rs @@ -19,6 +19,7 @@ use crate::{eother, sl}; pub mod default; mod agent; +mod drop_in; pub mod hypervisor; pub use self::agent::Agent; @@ -94,21 +95,15 @@ impl TomlConfig { /// If `config_file` is valid, it will used, otherwise a built-in default path list will be /// scanned. pub fn load_from_file>(config_file: P) -> Result<(TomlConfig, PathBuf)> { - let file_path = if !config_file.as_ref().as_os_str().is_empty() { - fs::canonicalize(config_file)? - } else { - Self::get_default_config_file()? - }; + let mut result = Self::load_raw_from_file(config_file); + if let Ok((ref mut config, _)) = result { + Hypervisor::adjust_config(config)?; + Runtime::adjust_config(config)?; + Agent::adjust_config(config)?; + info!(sl!(), "get kata config: {:?}", config); + } - info!( - sl!(), - "load configuration from: {}", - file_path.to_string_lossy() - ); - let content = fs::read_to_string(&file_path)?; - let config = Self::load(&content)?; - - Ok((config, file_path)) + result } /// Load raw Kata configuration information from configuration files. @@ -127,13 +122,15 @@ impl TomlConfig { "load configuration from: {}", file_path.to_string_lossy() ); - let content = fs::read_to_string(&file_path)?; - let config: TomlConfig = toml::from_str(&content)?; + let config = drop_in::load(&file_path)?; Ok((config, file_path)) } /// Load Kata configuration information from string. + /// + /// This function only works with `configuration.toml` and does not handle + /// drop-in config file fragments in config.d/. pub fn load(content: &str) -> Result { let mut config: TomlConfig = toml::from_str(content)?; Hypervisor::adjust_config(&mut config)?; From 0d9d8d63ead2856578a4104bd52e5e6899d1e895 Mon Sep 17 00:00:00 2001 From: Ryan Savino Date: Wed, 10 Aug 2022 13:31:41 -0500 Subject: [PATCH 18/21] kernel: upgrade guest kernel support to 5.19.2 kernel: Upgrade guest kernel support to 5.19.2 Let's update to the latest 5.19.x released kernel. CONFIG modifications necessary: fragments/common/dax.conf - CONFIG_DEV_PAGEMAP_OPS no longer configurable: https://www.kernelconfig.io/CONFIG_DEV_PAGEMAP_OPS?q=CONFIG_DEV_PAGEMAP_OPS&kernelversion=5.19.2 fragments/common/dax.conf - CONFIG_ND_BLK no longer supported: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=f8669f1d6a86a6b17104ceca9340ded280307ac1 fragments/x86_64/base.conf - CONFIG_SPECULATION_MITIGATIONS is a dependency for CONFIG_RETPOLINE: https://www.kernelconfig.io/config_retpoline?q=&kernelversion=5.19.2 fragments/s390/network.conf - removed from kernel since 5.9.9: https://www.kernelconfig.io/CONFIG_PACK_STACK?q=CONFIG_PACK_STACK&kernelversion=5.19.2 Updated vmlinux path in build-kernel.sh for arch s390 Fixes #4860 Signed-Off-By: Ryan Savino --- snap/snapcraft.yaml | 2 +- tools/packaging/kernel/build-kernel.sh | 2 +- tools/packaging/kernel/configs/fragments/common/dax.conf | 2 -- tools/packaging/kernel/configs/fragments/s390/network.conf | 2 -- tools/packaging/kernel/configs/fragments/x86_64/base.conf | 1 + tools/packaging/kernel/patches/5.19.x/no_patches.txt | 0 versions.yaml | 2 +- 7 files changed, 4 insertions(+), 7 deletions(-) delete mode 100644 tools/packaging/kernel/configs/fragments/s390/network.conf create mode 100644 tools/packaging/kernel/patches/5.19.x/no_patches.txt diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index b46275508..b6ac1338d 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -206,7 +206,7 @@ parts: # Install raw kernel vmlinux_path="vmlinux" - [ "${arch}" = "s390x" ] && vmlinux_path="arch/s390/boot/compressed/vmlinux" + [ "${arch}" = "s390x" ] && vmlinux_path="arch/s390/boot/vmlinux" vmlinux_name="vmlinux-${kernel_suffix}" cp "${vmlinux_path}" "${kata_kernel_dir}/${vmlinux_name}" ln -sf "${vmlinux_name}" "${kata_kernel_dir}/vmlinux.container" diff --git a/tools/packaging/kernel/build-kernel.sh b/tools/packaging/kernel/build-kernel.sh index 837dfd67a..81865250d 100755 --- a/tools/packaging/kernel/build-kernel.sh +++ b/tools/packaging/kernel/build-kernel.sh @@ -456,7 +456,7 @@ install_kata() { if [ "${arch_target}" = "arm64" ]; then install --mode 0644 -D "arch/${arch_target}/boot/Image" "${install_path}/${vmlinux}" elif [ "${arch_target}" = "s390" ]; then - install --mode 0644 -D "arch/${arch_target}/boot/compressed/vmlinux" "${install_path}/${vmlinux}" + install --mode 0644 -D "arch/${arch_target}/boot/vmlinux" "${install_path}/${vmlinux}" else install --mode 0644 -D "vmlinux" "${install_path}/${vmlinux}" fi diff --git a/tools/packaging/kernel/configs/fragments/common/dax.conf b/tools/packaging/kernel/configs/fragments/common/dax.conf index 6c48de444..ff747ae17 100644 --- a/tools/packaging/kernel/configs/fragments/common/dax.conf +++ b/tools/packaging/kernel/configs/fragments/common/dax.conf @@ -12,7 +12,6 @@ CONFIG_SPARSEMEM_VMEMMAP=y # Without these the pmem_should_map_pages() call in the kernel fails with new # Related to the ARCH_HAS_HMM set in the arch files. CONFIG_ZONE_DEVICE=y -CONFIG_DEV_PAGEMAP_OPS=y CONFIG_ND_PFN=y CONFIG_NVDIMM_PFN=y @@ -23,7 +22,6 @@ CONFIG_BLK_DEV=y CONFIG_BLK_DEV_PMEM=y CONFIG_BLK_DEV_RAM=y CONFIG_LIBNVDIMM=y -CONFIG_ND_BLK=y CONFIG_BTT=y # FIXME: Should check if this is really needed # https://github.com/kata-containers/packaging/issues/483 diff --git a/tools/packaging/kernel/configs/fragments/s390/network.conf b/tools/packaging/kernel/configs/fragments/s390/network.conf deleted file mode 100644 index f3f159705..000000000 --- a/tools/packaging/kernel/configs/fragments/s390/network.conf +++ /dev/null @@ -1,2 +0,0 @@ -# Options needed by HAVE_EBPF_JIT -CONFIG_PACK_STACK=y diff --git a/tools/packaging/kernel/configs/fragments/x86_64/base.conf b/tools/packaging/kernel/configs/fragments/x86_64/base.conf index 3734b51bd..b26a78831 100644 --- a/tools/packaging/kernel/configs/fragments/x86_64/base.conf +++ b/tools/packaging/kernel/configs/fragments/x86_64/base.conf @@ -15,6 +15,7 @@ CONFIG_NR_CPUS=240 # For security CONFIG_LEGACY_VSYSCALL_NONE=y +CONFIG_SPECULATION_MITIGATIONS=y CONFIG_RETPOLINE=y # Boot directly into the uncompressed kernel diff --git a/tools/packaging/kernel/patches/5.19.x/no_patches.txt b/tools/packaging/kernel/patches/5.19.x/no_patches.txt new file mode 100644 index 000000000..e69de29bb diff --git a/versions.yaml b/versions.yaml index eb6753293..53bd0ae54 100644 --- a/versions.yaml +++ b/versions.yaml @@ -153,7 +153,7 @@ assets: kernel: description: "Linux kernel optimised for virtual machines" url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/" - version: "v5.15.48" + version: "v5.19.2" tdx: description: "Linux kernel that supports TDX" url: "https://github.com/intel/linux-kernel-dcp/archive/refs/tags" From 00aadfe20abdcc81b39e7b284efde58f087ae547 Mon Sep 17 00:00:00 2001 From: Ryan Savino Date: Wed, 10 Aug 2022 13:32:54 -0500 Subject: [PATCH 19/21] kernel: SEV guest kernel upgrade to 5.19.2 kernel: Update SEV guest kernel to 5.19.2 Kernel 5.19.2 has all the needed patches for running SEV, thus let's update it and stop using the version coming from confidential-containers. Signed-Off-By: Ryan Savino --- tools/packaging/kernel/build-kernel.sh | 8 ++++++-- .../kernel/configs/fragments/x86_64/sev/sev.conf | 9 +++------ tools/packaging/kernel/kata_config_version | 2 +- versions.yaml | 8 ++++---- 4 files changed, 14 insertions(+), 13 deletions(-) diff --git a/tools/packaging/kernel/build-kernel.sh b/tools/packaging/kernel/build-kernel.sh index 81865250d..100d1b9b1 100755 --- a/tools/packaging/kernel/build-kernel.sh +++ b/tools/packaging/kernel/build-kernel.sh @@ -127,7 +127,10 @@ get_tee_kernel() { mkdir -p ${kernel_path} [ -z "${kernel_url}" ] && kernel_url=$(get_from_kata_deps "assets.kernel.${tee}.url") - kernel_tarball="${version}.tar.gz" + + kernel_tarball="linux-${version}.tar.gz" + tarball_name=$(get_from_kata_deps "assets.kernel.${tee}.tarball") + [ -z "$tarball_name" ] || kernel_tarball="$tarball_name" if [ ! -f "${kernel_tarball}" ]; then curl --fail -OL "${kernel_url}/${kernel_tarball}" @@ -553,7 +556,8 @@ main() { esac elif [[ "${conf_guest}" != "" ]]; then #If specifying a tag for kernel_version, must be formatted version-like to avoid unintended parsing issues - kernel_version=$(get_from_kata_deps "assets.kernel.${conf_guest}.tag") + kernel_version=$(get_from_kata_deps "assets.kernel.${conf_guest}.version" 2>/dev/null || true) + [ -n "${kernel_version}" ] || kernel_version=$(get_from_kata_deps "assets.kernel.${conf_guest}.tag") else kernel_version=$(get_from_kata_deps "assets.kernel.version") fi diff --git a/tools/packaging/kernel/configs/fragments/x86_64/sev/sev.conf b/tools/packaging/kernel/configs/fragments/x86_64/sev/sev.conf index 32a43f2bb..baa44878a 100644 --- a/tools/packaging/kernel/configs/fragments/x86_64/sev/sev.conf +++ b/tools/packaging/kernel/configs/fragments/x86_64/sev/sev.conf @@ -1,12 +1,9 @@ # AMD Secure Encrypted Virtualization (SEV) CONFIG_AMD_MEM_ENCRYPT=y -CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT=y -CONFIG_CRYPTO_DEV_SP_PSP=y -CONFIG_CRYPTO_DEV_CCP=y -CONFIG_SECURITYFS=y -CONFIG_VIRT_DRIVERS=y CONFIG_EFI=y CONFIG_EFI_SECRET=m +CONFIG_EFI_STUB=y CONFIG_MODULE_SIG=y -CONFIG_MODULES=y \ No newline at end of file +CONFIG_MODULES=y +CONFIG_VIRT_DRIVERS=y \ No newline at end of file diff --git a/tools/packaging/kernel/kata_config_version b/tools/packaging/kernel/kata_config_version index 49541f721..5595fa46c 100644 --- a/tools/packaging/kernel/kata_config_version +++ b/tools/packaging/kernel/kata_config_version @@ -1 +1 @@ -94 +95 diff --git a/versions.yaml b/versions.yaml index 53bd0ae54..164969397 100644 --- a/versions.yaml +++ b/versions.yaml @@ -158,11 +158,11 @@ assets: description: "Linux kernel that supports TDX" url: "https://github.com/intel/linux-kernel-dcp/archive/refs/tags" tag: "SPR-BKC-PC-v9.6" + tarball: "SPR-BKC-PC-v9.6.tar.gz" sev: - description: "Linux kernel with efi_secret support" - url: "https://github.com/confidential-containers-demo/\ - linux/archive/refs/tags/" - tag: "efi-secret-v5.17-rc6" + description: "Linux kernel that supports SEV" + url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/" + version: "v5.19.2" kernel-experimental: description: "Linux kernel with virtio-fs support" From 8e201501ef94f66fce473fe3e7c526237ec83afe Mon Sep 17 00:00:00 2001 From: Ryan Savino Date: Thu, 18 Aug 2022 07:57:12 -0500 Subject: [PATCH 20/21] kernel: fix for set_kmem_limit error Fixes: #4390 Fix in cargo cgroups-rs crate - Updated crate version to 0.2.10 Signed-Off-By: Ryan Savino --- src/agent/Cargo.lock | 6 +++--- src/agent/Cargo.toml | 2 +- src/agent/rustjail/Cargo.toml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/agent/Cargo.lock b/src/agent/Cargo.lock index 987f16ffa..d8f09218c 100644 --- a/src/agent/Cargo.lock +++ b/src/agent/Cargo.lock @@ -168,13 +168,13 @@ checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" [[package]] name = "cgroups-rs" -version = "0.2.9" +version = "0.2.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cdae996d9638ba03253ffa1c93345a585974a97abbdeab9176c77922f3efc1e8" +checksum = "cf5525f2cf84d5113ab26bfb6474180eb63224b4b1e4be31ee87be4098f11399" dependencies = [ "libc", "log", - "nix 0.23.1", + "nix 0.24.2", "regex", ] diff --git a/src/agent/Cargo.toml b/src/agent/Cargo.toml index bada4c4dd..bdc02df90 100644 --- a/src/agent/Cargo.toml +++ b/src/agent/Cargo.toml @@ -50,7 +50,7 @@ log = "0.4.11" prometheus = { version = "0.13.0", features = ["process"] } procfs = "0.12.0" anyhow = "1.0.32" -cgroups = { package = "cgroups-rs", version = "0.2.8" } +cgroups = { package = "cgroups-rs", version = "0.2.10" } # Tracing tracing = "0.1.26" diff --git a/src/agent/rustjail/Cargo.toml b/src/agent/rustjail/Cargo.toml index 6d0a3a518..b2f700c9b 100644 --- a/src/agent/rustjail/Cargo.toml +++ b/src/agent/rustjail/Cargo.toml @@ -23,7 +23,7 @@ scan_fmt = "0.2.6" regex = "1.5.5" path-absolutize = "1.2.0" anyhow = "1.0.32" -cgroups = { package = "cgroups-rs", version = "0.2.8" } +cgroups = { package = "cgroups-rs", version = "0.2.10" } rlimit = "0.5.3" cfg-if = "0.1.0" From a6fbaac1bdc001ee88b4e0d11e1eb0435e8722d6 Mon Sep 17 00:00:00 2001 From: Chen Yiyang Date: Thu, 11 Aug 2022 03:00:15 +0800 Subject: [PATCH 21/21] runk: add pause/resume commands To make cgroup v1 and v2 works well, I use `cgroups::cgroup` in `Container` to manager cgroup now. `CgroupManager` in rustjail has some drawbacks. Frist, methods in Manager traits are not visiable. So we need to modify rustjail and make them public. Second, CgrupManager.cgroup is private too, and it can't be serialized. We can't load/save it in status file. One solution is adding getter/setter in rustjail, then create `cgroup` and set it when loading status. In order to keep the modifications to a minimum in rustjail, I use `cgroups::cgroup` directly. Now it can work on cgroup v1 or v2, since cgroup-rs do this stuff. Fixes: #4364 #4821 Signed-off-by: Chen Yiyang --- src/agent/Cargo.lock | 1 + src/agent/rustjail/Cargo.toml | 1 + src/agent/rustjail/src/container.rs | 2 +- src/agent/rustjail/src/lib.rs | 9 - src/agent/rustjail/src/mount.rs | 2 +- src/agent/rustjail/src/seccomp.rs | 2 +- src/tools/runk/Cargo.lock | 176 +++++++++++++++++-- src/tools/runk/libcontainer/Cargo.toml | 3 + src/tools/runk/libcontainer/src/builder.rs | 72 +++++--- src/tools/runk/libcontainer/src/cgroup.rs | 71 ++++++-- src/tools/runk/libcontainer/src/container.rs | 90 +++++++++- src/tools/runk/libcontainer/src/status.rs | 88 ++++------ src/tools/runk/libcontainer/src/utils.rs | 16 +- src/tools/runk/src/commands/delete.rs | 31 +--- src/tools/runk/src/commands/list.rs | 19 +- src/tools/runk/src/commands/mod.rs | 2 + src/tools/runk/src/commands/pause.rs | 18 ++ src/tools/runk/src/commands/resume.rs | 18 ++ src/tools/runk/src/commands/start.rs | 22 +-- src/tools/runk/src/commands/state.rs | 7 +- src/tools/runk/src/main.rs | 2 + 21 files changed, 473 insertions(+), 179 deletions(-) create mode 100644 src/tools/runk/src/commands/pause.rs create mode 100644 src/tools/runk/src/commands/resume.rs diff --git a/src/agent/Cargo.lock b/src/agent/Cargo.lock index 987f16ffa..6caa298b5 100644 --- a/src/agent/Cargo.lock +++ b/src/agent/Cargo.lock @@ -1510,6 +1510,7 @@ dependencies = [ "slog", "slog-scope", "tempfile", + "test-utils", "tokio", ] diff --git a/src/agent/rustjail/Cargo.toml b/src/agent/rustjail/Cargo.toml index 6d0a3a518..69de9016a 100644 --- a/src/agent/rustjail/Cargo.toml +++ b/src/agent/rustjail/Cargo.toml @@ -36,6 +36,7 @@ libseccomp = { version = "0.2.3", optional = true } [dev-dependencies] serial_test = "0.5.0" tempfile = "3.1.0" +test-utils = { path = "../../libs/test-utils" } [features] seccomp = ["libseccomp"] diff --git a/src/agent/rustjail/src/container.rs b/src/agent/rustjail/src/container.rs index 2c360cf16..8f8c14847 100644 --- a/src/agent/rustjail/src/container.rs +++ b/src/agent/rustjail/src/container.rs @@ -1656,12 +1656,12 @@ fn valid_env(e: &str) -> Option<(&str, &str)> { mod tests { use super::*; use crate::process::Process; - use crate::skip_if_not_root; use nix::unistd::Uid; use std::fs; use std::os::unix::fs::MetadataExt; use std::os::unix::io::AsRawFd; use tempfile::tempdir; + use test_utils::skip_if_not_root; use tokio::process::Command; macro_rules! sl { diff --git a/src/agent/rustjail/src/lib.rs b/src/agent/rustjail/src/lib.rs index dafac6381..fb51d9f39 100644 --- a/src/agent/rustjail/src/lib.rs +++ b/src/agent/rustjail/src/lib.rs @@ -514,15 +514,6 @@ pub fn grpc_to_oci(grpc: &grpc::Spec) -> oci::Spec { #[cfg(test)] mod tests { use super::*; - #[macro_export] - macro_rules! skip_if_not_root { - () => { - if !nix::unistd::Uid::effective().is_root() { - println!("INFO: skipping {} which needs root", module_path!()); - return; - } - }; - } // Parameters: // diff --git a/src/agent/rustjail/src/mount.rs b/src/agent/rustjail/src/mount.rs index dd980530d..4670301b2 100644 --- a/src/agent/rustjail/src/mount.rs +++ b/src/agent/rustjail/src/mount.rs @@ -1072,7 +1072,6 @@ fn readonly_path(path: &str) -> Result<()> { mod tests { use super::*; use crate::assert_result; - use crate::skip_if_not_root; use std::fs::create_dir; use std::fs::create_dir_all; use std::fs::remove_dir_all; @@ -1080,6 +1079,7 @@ mod tests { use std::os::unix::fs; use std::os::unix::io::AsRawFd; use tempfile::tempdir; + use test_utils::skip_if_not_root; #[test] #[serial(chdir)] diff --git a/src/agent/rustjail/src/seccomp.rs b/src/agent/rustjail/src/seccomp.rs index fab019787..d8edbcd00 100644 --- a/src/agent/rustjail/src/seccomp.rs +++ b/src/agent/rustjail/src/seccomp.rs @@ -122,10 +122,10 @@ pub fn init_seccomp(scmp: &LinuxSeccomp) -> Result<()> { #[cfg(test)] mod tests { use super::*; - use crate::skip_if_not_root; use libc::{dup3, process_vm_readv, EPERM, O_CLOEXEC}; use std::io::Error; use std::ptr::null; + use test_utils::skip_if_not_root; macro_rules! syscall_assert { ($e1: expr, $e2: expr) => { diff --git a/src/tools/runk/Cargo.lock b/src/tools/runk/Cargo.lock index 9a9ed7bc4..e78e58058 100644 --- a/src/tools/runk/Cargo.lock +++ b/src/tools/runk/Cargo.lock @@ -2,6 +2,12 @@ # It is not intended for manual editing. version = 3 +[[package]] +name = "adler" +version = "1.0.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f26201604c87b1e01bd3d98f8d5d9a8fcbb815e8cedb41ffccbeb4bf593a35fe" + [[package]] name = "aho-corasick" version = "0.7.18" @@ -111,13 +117,13 @@ checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" [[package]] name = "cgroups-rs" -version = "0.2.9" +version = "0.2.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cdae996d9638ba03253ffa1c93345a585974a97abbdeab9176c77922f3efc1e8" +checksum = "cf5525f2cf84d5113ab26bfb6474180eb63224b4b1e4be31ee87be4098f11399" dependencies = [ "libc", "log", - "nix", + "nix 0.24.2", "regex", ] @@ -174,6 +180,15 @@ dependencies = [ "os_str_bytes", ] +[[package]] +name = "crc32fast" +version = "1.3.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b540bd8bc810d3885c6ea91e2018302f68baba2129ab3e88f32389ee9370880d" +dependencies = [ + "cfg-if 1.0.0", +] + [[package]] name = "crossbeam-channel" version = "0.5.4" @@ -313,6 +328,16 @@ version = "0.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "37ab347416e802de484e4d03c7316c48f1ecb56574dfd4a46a80f173ce1de04d" +[[package]] +name = "flate2" +version = "1.0.24" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f82b0f4c27ad9f8bfd1f3208d882da2b09c301bc1c828fd3a00d0216d2fbbff6" +dependencies = [ + "crc32fast", + "miniz_oxide", +] + [[package]] name = "fnv" version = "1.0.7" @@ -438,6 +463,12 @@ dependencies = [ "libc", ] +[[package]] +name = "hex" +version = "0.4.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70" + [[package]] name = "ident_case" version = "1.0.1" @@ -485,6 +516,12 @@ dependencies = [ "cfg-if 1.0.0", ] +[[package]] +name = "io-lifetimes" +version = "0.7.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "24c3f4eff5495aee4c0399d7b6a0dc2b6e81be84242ffbfcf253ebacccc1d0cb" + [[package]] name = "itertools" version = "0.10.3" @@ -508,27 +545,30 @@ checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" [[package]] name = "libc" -version = "0.2.124" +version = "0.2.127" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "21a41fed9d98f27ab1c6d161da622a4fa35e8a54a8adc24bbf3ddd0ef70b0e50" +checksum = "505e71a4706fa491e9b1b55f51b95d4037d0821ee40131190475f692b35b009b" [[package]] name = "libcontainer" version = "0.0.1" dependencies = [ "anyhow", + "cgroups-rs", "chrono", "derive_builder", "libc", "logging", - "nix", + "nix 0.23.1", "oci", + "procfs", "rustjail", "scopeguard", "serde", "serde_json", "slog", "tempfile", + "test-utils", ] [[package]] @@ -540,6 +580,12 @@ dependencies = [ "clap", ] +[[package]] +name = "linux-raw-sys" +version = "0.0.46" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d4d2456c373231a208ad294c33dc5bff30051eafd954cd4caae83a712b12854d" + [[package]] name = "lock_api" version = "0.4.7" @@ -585,6 +631,15 @@ dependencies = [ "autocfg", ] +[[package]] +name = "miniz_oxide" +version = "0.5.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6f5c75688da582b8ffc1f1799e9db273f32133c49e048f614d22ec3256773ccc" +dependencies = [ + "adler", +] + [[package]] name = "mio" version = "0.8.2" @@ -627,6 +682,18 @@ dependencies = [ "memoffset", ] +[[package]] +name = "nix" +version = "0.24.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "195cdbc1741b8134346d515b3a56a1c94b0912758009cfd53f99ea0f57b065fc" +dependencies = [ + "bitflags", + "cfg-if 1.0.0", + "libc", + "memoffset", +] + [[package]] name = "ntapi" version = "0.3.7" @@ -716,7 +783,7 @@ dependencies = [ "libc", "redox_syscall", "smallvec", - "windows-sys", + "windows-sys 0.34.0", ] [[package]] @@ -793,6 +860,21 @@ dependencies = [ "unicode-xid", ] +[[package]] +name = "procfs" +version = "0.14.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c1391b61957e3b6f25a59ca2e057d22a44415917d87893986f6627fef109d32f" +dependencies = [ + "bitflags", + "byteorder", + "chrono", + "flate2", + "hex", + "lazy_static", + "rustix", +] + [[package]] name = "prost" version = "0.8.0" @@ -947,7 +1029,7 @@ dependencies = [ "libcontainer", "liboci-cli", "logging", - "nix", + "nix 0.23.1", "oci", "rustjail", "serde", @@ -960,6 +1042,20 @@ dependencies = [ "users", ] +[[package]] +name = "rustix" +version = "0.35.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d51cc38aa10f6bbb377ed28197aa052aa4e2b762c22be9d3153d01822587e787" +dependencies = [ + "bitflags", + "errno", + "io-lifetimes", + "libc", + "linux-raw-sys", + "windows-sys 0.36.1", +] + [[package]] name = "rustjail" version = "0.1.0" @@ -974,7 +1070,7 @@ dependencies = [ "inotify", "lazy_static", "libc", - "nix", + "nix 0.23.1", "oci", "path-absolutize", "protobuf", @@ -1176,6 +1272,13 @@ dependencies = [ "winapi-util", ] +[[package]] +name = "test-utils" +version = "0.1.0" +dependencies = [ + "nix 0.24.2", +] + [[package]] name = "textwrap" version = "0.15.0" @@ -1273,7 +1376,7 @@ dependencies = [ "byteorder", "libc", "log", - "nix", + "nix 0.23.1", "protobuf", "protobuf-codegen-pure", "thiserror", @@ -1400,11 +1503,24 @@ version = "0.34.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5acdd78cb4ba54c0045ac14f62d8f94a03d10047904ae2a40afa1e99d8f70825" dependencies = [ - "windows_aarch64_msvc", - "windows_i686_gnu", - "windows_i686_msvc", - "windows_x86_64_gnu", - "windows_x86_64_msvc", + "windows_aarch64_msvc 0.34.0", + "windows_i686_gnu 0.34.0", + "windows_i686_msvc 0.34.0", + "windows_x86_64_gnu 0.34.0", + "windows_x86_64_msvc 0.34.0", +] + +[[package]] +name = "windows-sys" +version = "0.36.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ea04155a16a59f9eab786fe12a4a450e75cdb175f9e0d80da1e17db09f55b8d2" +dependencies = [ + "windows_aarch64_msvc 0.36.1", + "windows_i686_gnu 0.36.1", + "windows_i686_msvc 0.36.1", + "windows_x86_64_gnu 0.36.1", + "windows_x86_64_msvc 0.36.1", ] [[package]] @@ -1413,26 +1529,56 @@ version = "0.34.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "17cffbe740121affb56fad0fc0e421804adf0ae00891205213b5cecd30db881d" +[[package]] +name = "windows_aarch64_msvc" +version = "0.36.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9bb8c3fd39ade2d67e9874ac4f3db21f0d710bee00fe7cab16949ec184eeaa47" + [[package]] name = "windows_i686_gnu" version = "0.34.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2564fde759adb79129d9b4f54be42b32c89970c18ebf93124ca8870a498688ed" +[[package]] +name = "windows_i686_gnu" +version = "0.36.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "180e6ccf01daf4c426b846dfc66db1fc518f074baa793aa7d9b9aaeffad6a3b6" + [[package]] name = "windows_i686_msvc" version = "0.34.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9cd9d32ba70453522332c14d38814bceeb747d80b3958676007acadd7e166956" +[[package]] +name = "windows_i686_msvc" +version = "0.36.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e2e7917148b2812d1eeafaeb22a97e4813dfa60a3f8f78ebe204bcc88f12f024" + [[package]] name = "windows_x86_64_gnu" version = "0.34.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "cfce6deae227ee8d356d19effc141a509cc503dfd1f850622ec4b0f84428e1f4" +[[package]] +name = "windows_x86_64_gnu" +version = "0.36.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4dcd171b8776c41b97521e5da127a2d86ad280114807d0b2ab1e462bc764d9e1" + [[package]] name = "windows_x86_64_msvc" version = "0.34.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d19538ccc21819d01deaf88d6a17eae6596a12e9aafdbb97916fb49896d89de9" + +[[package]] +name = "windows_x86_64_msvc" +version = "0.36.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c811ca4a8c853ef420abd8592ba53ddbbac90410fab6903b3e79972a631f7680" diff --git a/src/tools/runk/libcontainer/Cargo.toml b/src/tools/runk/libcontainer/Cargo.toml index ed96a4bff..0db70d3d1 100644 --- a/src/tools/runk/libcontainer/Cargo.toml +++ b/src/tools/runk/libcontainer/Cargo.toml @@ -19,6 +19,9 @@ chrono = { version = "0.4.19", features = ["serde"] } serde = { version = "1.0.133", features = ["derive"] } serde_json = "1.0.74" scopeguard = "1.1.0" +cgroups = { package = "cgroups-rs", version = "0.2.10" } +procfs = "0.14.0" [dev-dependencies] tempfile = "3.3.0" +test-utils = { path = "../../../libs/test-utils" } diff --git a/src/tools/runk/libcontainer/src/builder.rs b/src/tools/runk/libcontainer/src/builder.rs index afb02b356..c175c77c4 100644 --- a/src/tools/runk/libcontainer/src/builder.rs +++ b/src/tools/runk/libcontainer/src/builder.rs @@ -3,11 +3,8 @@ // SPDX-License-Identifier: Apache-2.0 // -use crate::container::{get_config_path, ContainerLauncher}; -use crate::{ - status::{get_current_container_state, Status}, - utils::validate_process_spec, -}; +use crate::container::{get_config_path, Container, ContainerLauncher}; +use crate::utils::validate_process_spec; use anyhow::{anyhow, Result}; use derive_builder::Builder; use oci::{ContainerState, Process as OCIProcess, Spec}; @@ -138,32 +135,35 @@ impl ActivatedContainer { logger, "enter ActivatedContainer::create_launcher {:?}", self ); - let status = Status::load(&self.root, &self.id)?; - let state = get_current_container_state(&status)?; + let container = Container::load(&self.root, &self.id)?; // If state is Created or Running, we can execute the process. - if state != ContainerState::Created && state != ContainerState::Running { - return Err(anyhow!("cannot exec in a stopped or paused container")); + if container.state != ContainerState::Created && container.state != ContainerState::Running + { + return Err(anyhow!( + "cannot exec in a stopped or paused container, state: {:?}", + container.state + )); } - let mut config = status.config; + let mut config = container.status.config; let spec = config.spec.as_mut().unwrap(); - self.adapt_exec_spec(spec, status.pid, logger)?; + self.adapt_exec_spec(spec, container.status.pid, logger)?; debug!(logger, "adapted spec: {:?}", spec); validate_spec(spec, &self.console_socket)?; debug!(logger, "create LinuxContainer with config: {:?}", config); // Maybe we should move some properties from status into LinuxContainer, // like pid, process_start_time, created, cgroup_manager, etc. But it works now. - let container = + let runner = create_linux_container(&self.id, &self.root, config, self.console_socket, logger)?; Ok(ContainerLauncher::new( &self.id, - &status.bundle, + &container.status.bundle, &self.root, false, - container, + runner, self.pid_file, )) } @@ -264,13 +264,14 @@ pub fn validate_spec(spec: &Spec, console_socket: &Option) -> Result<() mod tests { use super::*; use crate::container::CONFIG_FILE_NAME; - use crate::utils::test_utils::TEST_ROOTFS_PATH; + use crate::status::Status; + use crate::utils::test_utils::*; use chrono::DateTime; use nix::unistd::getpid; use oci::{self, Root, Spec}; use oci::{Linux, LinuxNamespace, User}; - use rustjail::cgroups::fs::Manager; use rustjail::container::TYPETONAME; + use scopeguard::defer; use slog::o; use std::fs::create_dir; use std::time::SystemTime; @@ -279,6 +280,7 @@ mod tests { path::PathBuf, }; use tempfile::tempdir; + use test_utils::skip_if_not_root; #[derive(Debug)] struct TestData { @@ -323,7 +325,9 @@ mod tests { .to_string_lossy() .to_string(); let test_data = TestData { - id: String::from("test"), + // Since tests are executed concurrently, container_id must be unique in tests with cgroup. + // Or the cgroup directory may be removed by other tests in advance. + id: String::from("test_init_container_create_launcher"), bundle: bundle_dir.path().to_path_buf(), root: root_dir.into_path(), console_socket: Some(PathBuf::from("test")), @@ -356,6 +360,10 @@ mod tests { Some(launcher.runner.console_socket), test_data.console_socket ); + // If it is run by root, create_launcher will create cgroup dirs successfully. So we need to do some cleanup stuff. + if nix::unistd::Uid::effective().is_root() { + clean_up_cgroup(Path::new(&test_data.id)); + } } #[test] @@ -454,6 +462,11 @@ mod tests { } fn create_dummy_status(id: &str, pid: i32, root: &Path, spec: &Spec) -> Status { + let start_time = procfs::process::Process::new(pid) + .unwrap() + .stat() + .unwrap() + .starttime; Status { oci_version: spec.version.clone(), id: id.to_string(), @@ -461,9 +474,9 @@ mod tests { root: root.to_path_buf(), bundle: PathBuf::from("/tmp"), rootfs: TEST_ROOTFS_PATH.to_string(), - process_start_time: 0, + process_start_time: start_time, created: DateTime::from(SystemTime::now()), - cgroup_manager: Manager::new("test").unwrap(), + cgroup_manager: serde_json::from_str(TEST_CGM_DATA).unwrap(), config: CreateOpts { spec: Some(spec.clone()), ..Default::default() @@ -498,11 +511,14 @@ mod tests { #[test] fn test_activated_container_create() { + // create cgroup directory needs root permission + skip_if_not_root!(); let logger = slog::Logger::root(slog::Discard, o!()); let bundle_dir = tempdir().unwrap(); let root = tempdir().unwrap(); - // let bundle = temp - let id = "test".to_string(); + // Since tests are executed concurrently, container_id must be unique in tests with cgroup. + // Or the cgroup directory may be removed by other tests in advance. + let id = "test_activated_container_create".to_string(); create_activated_dirs(root.path(), &id, bundle_dir.path()); let pid = getpid().as_raw(); @@ -516,6 +532,10 @@ mod tests { let status = create_dummy_status(&id, pid, root.path(), &spec); status.save().unwrap(); + // create empty cgroup directory to avoid is_pause failing + let cgroup = create_dummy_cgroup(Path::new(id.as_str())); + defer!(cgroup.delete().unwrap()); + let result = ActivatedContainerBuilder::default() .id(id) .root(root.into_path()) @@ -575,6 +595,8 @@ mod tests { #[test] fn test_activated_container_create_with_process() { + // create cgroup directory needs root permission + skip_if_not_root!(); const PROCESS_FILE_NAME: &str = "process.json"; let bundle_dir = tempdir().unwrap(); let process_file = bundle_dir.path().join(PROCESS_FILE_NAME); @@ -588,7 +610,9 @@ mod tests { let logger = slog::Logger::root(slog::Discard, o!()); let root = tempdir().unwrap(); - let id = "test".to_string(); + // Since tests are executed concurrently, container_id must be unique in tests with cgroup. + // Or the cgroup directory may be removed by other tests in advance. + let id = "test_activated_container_create_with_process".to_string(); let pid = getpid().as_raw(); let mut spec = create_dummy_spec(); spec.root.as_mut().unwrap().path = bundle_dir @@ -600,6 +624,10 @@ mod tests { let status = create_dummy_status(&id, pid, root.path(), &spec); status.save().unwrap(); + // create empty cgroup directory to avoid is_pause failing + let cgroup = create_dummy_cgroup(Path::new(id.as_str())); + defer!(cgroup.delete().unwrap()); + let launcher = ActivatedContainerBuilder::default() .id(id) .root(root.into_path()) diff --git a/src/tools/runk/libcontainer/src/cgroup.rs b/src/tools/runk/libcontainer/src/cgroup.rs index 9b53bb368..586c6e894 100644 --- a/src/tools/runk/libcontainer/src/cgroup.rs +++ b/src/tools/runk/libcontainer/src/cgroup.rs @@ -3,24 +3,15 @@ // SPDX-License-Identifier: Apache-2.0 // -use anyhow::{anyhow, Result}; -use rustjail::cgroups::fs::Manager as CgroupManager; -use std::{ - path::Path, - {fs, thread, time}, -}; - -pub fn destroy_cgroup(cgroup_mg: &CgroupManager) -> Result<()> { - for path in cgroup_mg.paths.values() { - remove_cgroup_dir(Path::new(path))?; - } - - Ok(()) -} +use anyhow::anyhow; +use anyhow::Result; +use cgroups; +use cgroups::freezer::{FreezerController, FreezerState}; +use std::{thread, time}; // Try to remove the provided cgroups path five times with increasing delay between tries. // If after all there are not removed cgroups, an appropriate error will be returned. -fn remove_cgroup_dir(path: &Path) -> Result<()> { +pub fn remove_cgroup_dir(cgroup: &cgroups::Cgroup) -> Result<()> { let mut retries = 5; let mut delay = time::Duration::from_millis(10); while retries != 0 { @@ -29,12 +20,58 @@ fn remove_cgroup_dir(path: &Path) -> Result<()> { thread::sleep(delay); } - if !path.exists() || fs::remove_dir(path).is_ok() { + if cgroup.delete().is_ok() { return Ok(()); } retries -= 1; } - return Err(anyhow!("failed to remove cgroups paths: {:?}", path)); + return Err(anyhow!("failed to remove cgroups paths")); +} + +// Make sure we get a stable freezer state, so retry if the cgroup is still undergoing freezing. +pub fn get_freezer_state(freezer: &FreezerController) -> Result { + let mut retries = 10; + while retries != 0 { + let state = freezer.state()?; + match state { + FreezerState::Thawed => return Ok(FreezerState::Thawed), + FreezerState::Frozen => return Ok(FreezerState::Frozen), + FreezerState::Freezing => { + // sleep for 10 ms, wait for the cgroup to finish freezing + thread::sleep(time::Duration::from_millis(10)); + retries -= 1; + } + } + } + Ok(FreezerState::Freezing) +} + +// check whether freezer state is frozen +pub fn is_paused(cgroup: &cgroups::Cgroup) -> Result { + let freezer_controller: &FreezerController = cgroup + .controller_of() + .ok_or_else(|| anyhow!("failed to get freezer controller"))?; + let freezer_state = get_freezer_state(freezer_controller)?; + match freezer_state { + FreezerState::Frozen => Ok(true), + _ => Ok(false), + } +} + +pub fn freeze(cgroup: &cgroups::Cgroup, state: FreezerState) -> Result<()> { + let freezer_controller: &FreezerController = cgroup + .controller_of() + .ok_or_else(|| anyhow!("failed to get freezer controller"))?; + match state { + FreezerState::Frozen => { + freezer_controller.freeze()?; + } + FreezerState::Thawed => { + freezer_controller.thaw()?; + } + _ => return Err(anyhow!("invalid freezer state")), + } + Ok(()) } diff --git a/src/tools/runk/libcontainer/src/container.rs b/src/tools/runk/libcontainer/src/container.rs index abc40fbba..9a3c0fa61 100644 --- a/src/tools/runk/libcontainer/src/container.rs +++ b/src/tools/runk/libcontainer/src/container.rs @@ -3,14 +3,20 @@ // SPDX-License-Identifier: Apache-2.0 // -use crate::status::{self, get_all_pid, get_current_container_state, Status}; +use crate::cgroup::{freeze, remove_cgroup_dir}; +use crate::status::{self, get_current_container_state, Status}; use anyhow::{anyhow, Result}; +use cgroups; +use cgroups::freezer::FreezerState; +use cgroups::hierarchies::is_cgroup2_unified_mode; use nix::sys::signal::kill; use nix::{ sys::signal::Signal, + sys::signal::SIGKILL, unistd::{chdir, unlink, Pid}, }; use oci::ContainerState; +use procfs; use rustjail::{ container::{BaseContainer, LinuxContainer, EXEC_FIFO_FILENAME}, process::{Process, ProcessOperations}, @@ -35,20 +41,55 @@ pub enum ContainerAction { pub struct Container { pub status: Status, pub state: ContainerState, + pub cgroup: cgroups::Cgroup, } +// Container represents a container that is created by the container runtime. impl Container { pub fn load(state_root: &Path, id: &str) -> Result { let status = Status::load(state_root, id)?; - let state = get_current_container_state(&status)?; - Ok(Self { status, state }) + let spec = status + .config + .spec + .as_ref() + .ok_or_else(|| anyhow!("spec config was not present"))?; + let linux = spec + .linux + .as_ref() + .ok_or_else(|| anyhow!("linux config was not present"))?; + let cpath = if linux.cgroups_path.is_empty() { + id.to_string() + } else { + linux + .cgroups_path + .clone() + .trim_start_matches('/') + .to_string() + }; + let cgroup = cgroups::Cgroup::load(cgroups::hierarchies::auto(), cpath); + let state = get_current_container_state(&status, &cgroup)?; + Ok(Self { + status, + state, + cgroup, + }) } pub fn processes(&self) -> Result> { - get_all_pid(&self.status.cgroup_manager) + let pids = self.cgroup.tasks(); + let result = pids.iter().map(|x| Pid::from_raw(x.pid as i32)).collect(); + Ok(result) } pub fn kill(&self, signal: Signal, all: bool) -> Result<()> { + if self.state == ContainerState::Stopped { + return Err(anyhow!( + "container {} can't be killed because it is {:?}", + self.status.id, + self.state + )); + } + if all { let pids = self.processes()?; for pid in pids { @@ -58,18 +99,46 @@ impl Container { kill(pid, signal)?; } } else { - if self.state == ContainerState::Stopped { - return Err(anyhow!("container {} not running", self.status.id)); - } let pid = Pid::from_raw(self.status.pid); if status::is_process_running(pid)? { kill(pid, signal)?; } } + // For cgroup v1, killing a process in a frozen cgroup does nothing until it's thawed. + // Only thaw the cgroup for SIGKILL. + // Ref: https://github.com/opencontainers/runc/pull/3217 + if !is_cgroup2_unified_mode() && self.state == ContainerState::Paused && signal == SIGKILL { + freeze(&self.cgroup, FreezerState::Thawed)?; + } Ok(()) } - // TODO: add pause and resume + pub fn pause(&self) -> Result<()> { + if self.state != ContainerState::Running && self.state != ContainerState::Created { + return Err(anyhow!( + "failed to pause container: current status is: {:?}", + self.state + )); + } + freeze(&self.cgroup, FreezerState::Frozen)?; + Ok(()) + } + + pub fn resume(&self) -> Result<()> { + if self.state != ContainerState::Paused { + return Err(anyhow!( + "failed to resume container: current status is: {:?}", + self.state + )); + } + freeze(&self.cgroup, FreezerState::Thawed)?; + Ok(()) + } + + pub fn destroy(&self) -> Result<()> { + remove_cgroup_dir(&self.cgroup)?; + self.status.remove_dir() + } } /// Used to run a process. If init is set, it will create a container and run the process in it. @@ -190,11 +259,14 @@ impl ContainerLauncher { /// Generate runk specified Status fn get_status(&self) -> Result { let oci_state = self.runner.oci_state()?; + // read start time from /proc//stat + let proc = procfs::process::Process::new(self.runner.init_process_pid)?; + let process_start_time = proc.stat()?.starttime; Status::new( &self.state_root, &self.bundle, oci_state, - self.runner.init_process_start_time, + process_start_time, self.runner.created, self.runner .cgroup_manager diff --git a/src/tools/runk/libcontainer/src/status.rs b/src/tools/runk/libcontainer/src/status.rs index 3cd9768b1..6a3480c59 100644 --- a/src/tools/runk/libcontainer/src/status.rs +++ b/src/tools/runk/libcontainer/src/status.rs @@ -3,6 +3,7 @@ // SPDX-License-Identifier: Apache-2.0 // +use crate::cgroup::is_paused; use crate::container::get_fifo_path; use crate::utils::*; use anyhow::{anyhow, Result}; @@ -14,6 +15,7 @@ use nix::{ unistd::Pid, }; use oci::{ContainerState, State as OCIState}; +use procfs::process::ProcState; use rustjail::{cgroups::fs::Manager as CgroupManager, specconv::CreateOpts}; use serde::{Deserialize, Serialize}; use std::{ @@ -35,6 +37,10 @@ pub struct Status { pub rootfs: String, pub process_start_time: u64, pub created: DateTime, + // Methods of Manager traits in rustjail are invisible, and CgroupManager.cgroup can't be serialized. + // So it is cumbersome to manage cgroups by this field. Instead, we use cgroups-rs::cgroup directly in Container to manager cgroups. + // Another solution is making some methods public outside rustjail and adding getter/setter for CgroupManager.cgroup. + // Temporarily keep this field for compatibility. pub cgroup_manager: CgroupManager, pub config: CreateOpts, } @@ -143,53 +149,34 @@ pub fn is_process_running(pid: Pid) -> Result { } } -pub fn get_current_container_state(status: &Status) -> Result { - let running = is_process_running(Pid::from_raw(status.pid))?; - let mut has_fifo = false; - - if running { - let fifo = get_fifo_path(status); - if fifo.exists() { - has_fifo = true - } +// Returns the current state of a container. It will read cgroupfs and procfs to determine the state. +// https://github.com/opencontainers/runc/blob/86d6898f3052acba1ebcf83aa2eae3f6cc5fb471/libcontainer/container_linux.go#L1953 +pub fn get_current_container_state( + status: &Status, + cgroup: &cgroups::Cgroup, +) -> Result { + if is_paused(cgroup)? { + return Ok(ContainerState::Paused); } - - if running && !has_fifo { - // TODO: Check paused status. - // runk does not support pause command currently. + let proc = procfs::process::Process::new(status.pid); + // if reading /proc/ occurs error, then the process is not running + if proc.is_err() { + return Ok(ContainerState::Stopped); } - - if !running { - Ok(ContainerState::Stopped) - } else if has_fifo { - Ok(ContainerState::Created) - } else { - Ok(ContainerState::Running) + let proc_stat = proc.unwrap().stat()?; + // if start time is not equal, then the pid is reused, and the process is not running + if proc_stat.starttime != status.process_start_time { + return Ok(ContainerState::Stopped); } -} - -pub fn get_all_pid(cgm: &CgroupManager) -> Result> { - let cgroup_path = cgm.paths.get("devices"); - match cgroup_path { - Some(v) => { - let path = Path::new(v); - if !path.exists() { - return Err(anyhow!("cgroup devices file does not exist")); + match proc_stat.state()? { + ProcState::Zombie | ProcState::Dead => Ok(ContainerState::Stopped), + _ => { + let fifo = get_fifo_path(status); + if fifo.exists() { + return Ok(ContainerState::Created); } - - let procs_path = path.join("cgroup.procs"); - let pids: Vec = lines_from_file(&procs_path)? - .into_iter() - .map(|v| { - Pid::from_raw( - v.parse::() - .expect("failed to parse string into pid_t"), - ) - }) - .collect(); - Ok(pids) + Ok(ContainerState::Running) } - None => Err(anyhow!("cgroup devices file dose not exist")), } } @@ -197,10 +184,12 @@ pub fn get_all_pid(cgm: &CgroupManager) -> Result> { mod tests { use super::*; use crate::utils::test_utils::*; + use ::test_utils::skip_if_not_root; use chrono::{DateTime, Utc}; use nix::unistd::getpid; use oci::ContainerState; use rustjail::cgroups::fs::Manager as CgroupManager; + use scopeguard::defer; use std::path::Path; use std::time::SystemTime; @@ -235,14 +224,13 @@ mod tests { #[test] fn test_get_current_container_state() { - let status = create_dummy_status(); - let state = get_current_container_state(&status).unwrap(); + skip_if_not_root!(); + let mut status = create_dummy_status(); + status.id = "test_get_current_container_state".to_string(); + // crete a dummy cgroup to make sure is_pause doesn't return error + let cgroup = create_dummy_cgroup(Path::new(&status.id)); + defer!(cgroup.delete().unwrap()); + let state = get_current_container_state(&status, &cgroup).unwrap(); assert_eq!(state, ContainerState::Running); } - - #[test] - fn test_get_all_pid() { - let cgm: CgroupManager = serde_json::from_str(TEST_CGM_DATA).unwrap(); - assert!(get_all_pid(&cgm).is_ok()); - } } diff --git a/src/tools/runk/libcontainer/src/utils.rs b/src/tools/runk/libcontainer/src/utils.rs index bcb8b9748..a65a3568d 100644 --- a/src/tools/runk/libcontainer/src/utils.rs +++ b/src/tools/runk/libcontainer/src/utils.rs @@ -114,11 +114,16 @@ pub(crate) mod test_utils { let cgm: CgroupManager = serde_json::from_str(TEST_CGM_DATA).unwrap(); let oci_state = create_dummy_oci_state(); let created = SystemTime::now(); + let start_time = procfs::process::Process::new(oci_state.pid) + .unwrap() + .stat() + .unwrap() + .starttime; let status = Status::new( Path::new(TEST_STATE_ROOT_PATH), Path::new(TEST_BUNDLE_PATH), oci_state, - 1, + start_time, created, cgm, create_dummy_opts(), @@ -128,6 +133,15 @@ pub(crate) mod test_utils { status } + pub fn create_dummy_cgroup(cpath: &Path) -> cgroups::Cgroup { + cgroups::Cgroup::new(cgroups::hierarchies::auto(), cpath) + } + + pub fn clean_up_cgroup(cpath: &Path) { + let cgroup = cgroups::Cgroup::load(cgroups::hierarchies::auto(), cpath); + cgroup.delete().unwrap(); + } + #[test] pub fn test_validate_process_spec() { let valid_process = Process { diff --git a/src/tools/runk/src/commands/delete.rs b/src/tools/runk/src/commands/delete.rs index 4884c0291..ead8aa47e 100644 --- a/src/tools/runk/src/commands/delete.rs +++ b/src/tools/runk/src/commands/delete.rs @@ -4,13 +4,10 @@ // use anyhow::{anyhow, Result}; -use libcontainer::{ - cgroup, - status::{get_current_container_state, Status}, -}; +use libcontainer::{container::Container, status::Status}; use liboci_cli::Delete; use nix::{ - errno::Errno, + sys::signal::SIGKILL, sys::signal::{kill, Signal}, unistd::Pid, }; @@ -26,13 +23,14 @@ pub async fn run(opts: Delete, root: &Path, logger: &Logger) -> Result<()> { return Err(anyhow!("container {} does not exist", container_id)); } - let status = if let Ok(value) = Status::load(root, container_id) { + let container = if let Ok(value) = Container::load(root, container_id) { value } else { fs::remove_dir_all(status_dir)?; return Ok(()); }; + let status = &container.status; let spec = status .config .spec @@ -42,7 +40,7 @@ pub async fn run(opts: Delete, root: &Path, logger: &Logger) -> Result<()> { let oci_state = OCIState { version: status.oci_version.clone(), id: status.id.clone(), - status: get_current_container_state(&status)?, + status: container.state, pid: status.pid, bundle: status .bundle @@ -64,20 +62,16 @@ pub async fn run(opts: Delete, root: &Path, logger: &Logger) -> Result<()> { match oci_state.status { ContainerState::Stopped => { - destroy_container(&status)?; + container.destroy()?; } ContainerState::Created => { kill(Pid::from_raw(status.pid), Some(Signal::SIGKILL))?; - destroy_container(&status)?; + container.destroy()?; } _ => { if opts.force { - if let Err(errno) = kill(Pid::from_raw(status.pid), Some(Signal::SIGKILL)) { - if errno != Errno::ESRCH { - return Err(anyhow!("{}", errno)); - } - } - destroy_container(&status)?; + container.kill(SIGKILL, true)?; + container.destroy()?; } else { return Err(anyhow!( "cannot delete container {} that is not stopped", @@ -91,10 +85,3 @@ pub async fn run(opts: Delete, root: &Path, logger: &Logger) -> Result<()> { Ok(()) } - -fn destroy_container(status: &Status) -> Result<()> { - cgroup::destroy_cgroup(&status.cgroup_manager)?; - status.remove_dir()?; - - Ok(()) -} diff --git a/src/tools/runk/src/commands/list.rs b/src/tools/runk/src/commands/list.rs index ef3904204..e3020cb5a 100644 --- a/src/tools/runk/src/commands/list.rs +++ b/src/tools/runk/src/commands/list.rs @@ -5,7 +5,7 @@ use super::state::get_container_state_name; use anyhow::Result; -use libcontainer::status::{get_current_container_state, Status}; +use libcontainer::container::Container; use liboci_cli::List; use oci::ContainerState; use slog::{info, Logger}; @@ -19,7 +19,7 @@ pub fn run(_: List, root: &Path, logger: &Logger) -> Result<()> { let mut content = String::new(); for entry in fs::read_dir(root)? { let entry = entry?; - // Possibly race with runk delete, so continue loop when any error occurs below + // Possibly race with other command of runk, so continue loop when any error occurs below let metadata = match entry.metadata() { Ok(metadata) => metadata, Err(_) => continue, @@ -31,18 +31,15 @@ pub fn run(_: List, root: &Path, logger: &Logger) -> Result<()> { Ok(id) => id, Err(_) => continue, }; - let status = match Status::load(root, &container_id) { - Ok(status) => status, - Err(_) => continue, - }; - let state = match get_current_container_state(&status) { - Ok(state) => state, + let container = match Container::load(root, &container_id) { + Ok(container) => container, Err(_) => continue, }; + let state = container.state; // Just like runc, pid of stopped container is 0 let pid = match state { ContainerState::Stopped => 0, - _ => status.pid, + _ => container.status.pid, }; // May replace get_user_by_uid with getpwuid(3) let owner = match get_user_by_uid(metadata.uid()) { @@ -55,8 +52,8 @@ pub fn run(_: List, root: &Path, logger: &Logger) -> Result<()> { container_id, pid, get_container_state_name(state), - status.bundle.display(), - status.created, + container.status.bundle.display(), + container.status.created, owner ); } diff --git a/src/tools/runk/src/commands/mod.rs b/src/tools/runk/src/commands/mod.rs index 424303521..249b1440a 100644 --- a/src/tools/runk/src/commands/mod.rs +++ b/src/tools/runk/src/commands/mod.rs @@ -8,7 +8,9 @@ pub mod delete; pub mod exec; pub mod kill; pub mod list; +pub mod pause; pub mod ps; +pub mod resume; pub mod run; pub mod spec; pub mod start; diff --git a/src/tools/runk/src/commands/pause.rs b/src/tools/runk/src/commands/pause.rs new file mode 100644 index 000000000..fee9498a0 --- /dev/null +++ b/src/tools/runk/src/commands/pause.rs @@ -0,0 +1,18 @@ +// Copyright 2021-2022 Kata Contributors +// +// SPDX-License-Identifier: Apache-2.0 +// + +use anyhow::Result; +use libcontainer::container::Container; +use liboci_cli::Pause; +use slog::{info, Logger}; +use std::path::Path; + +pub fn run(opts: Pause, root: &Path, logger: &Logger) -> Result<()> { + let container = Container::load(root, &opts.container_id)?; + container.pause()?; + + info!(&logger, "pause command finished successfully"); + Ok(()) +} diff --git a/src/tools/runk/src/commands/resume.rs b/src/tools/runk/src/commands/resume.rs new file mode 100644 index 000000000..7d8b9d39d --- /dev/null +++ b/src/tools/runk/src/commands/resume.rs @@ -0,0 +1,18 @@ +// Copyright 2021-2022 Kata Contributors +// +// SPDX-License-Identifier: Apache-2.0 +// + +use anyhow::Result; +use libcontainer::container::Container; +use liboci_cli::Resume; +use slog::{info, Logger}; +use std::path::Path; + +pub fn run(opts: Resume, root: &Path, logger: &Logger) -> Result<()> { + let container = Container::load(root, &opts.container_id)?; + container.resume()?; + + info!(&logger, "pause command finished successfully"); + Ok(()) +} diff --git a/src/tools/runk/src/commands/start.rs b/src/tools/runk/src/commands/start.rs index 750493688..8176aa0fa 100644 --- a/src/tools/runk/src/commands/start.rs +++ b/src/tools/runk/src/commands/start.rs @@ -5,39 +5,29 @@ use crate::commands::state::get_container_state_name; use anyhow::{anyhow, Result}; -use libcontainer::{ - container::get_fifo_path, - status::{get_current_container_state, Status}, -}; +use libcontainer::container::{get_fifo_path, Container}; use liboci_cli::Start; use nix::unistd::unlink; use oci::ContainerState; use slog::{info, Logger}; -use std::{fs::OpenOptions, io::prelude::*, path::Path, time::SystemTime}; +use std::{fs::OpenOptions, io::prelude::*, path::Path}; pub fn run(opts: Start, state_root: &Path, logger: &Logger) -> Result<()> { - let mut status = Status::load(state_root, &opts.container_id)?; - let state = get_current_container_state(&status)?; - if state != ContainerState::Created { + let container = Container::load(state_root, &opts.container_id)?; + if container.state != ContainerState::Created { return Err(anyhow!( "cannot start a container in the {} state", - get_container_state_name(state) + get_container_state_name(container.state) )); }; - let fifo_path = get_fifo_path(&status); + let fifo_path = get_fifo_path(&container.status); let mut file = OpenOptions::new().write(true).open(&fifo_path)?; file.write_all("0".as_bytes())?; info!(&logger, "container started"); - status.process_start_time = SystemTime::now() - .duration_since(SystemTime::UNIX_EPOCH)? - .as_secs(); - - status.save()?; - if fifo_path.exists() { unlink(&fifo_path)?; } diff --git a/src/tools/runk/src/commands/state.rs b/src/tools/runk/src/commands/state.rs index eb6b87d49..4e3bf6f33 100644 --- a/src/tools/runk/src/commands/state.rs +++ b/src/tools/runk/src/commands/state.rs @@ -5,7 +5,7 @@ use anyhow::Result; use chrono::{DateTime, Utc}; -use libcontainer::status::{get_current_container_state, Status}; +use libcontainer::{container::Container, status::Status}; use liboci_cli::State; use oci::ContainerState; use serde::{Deserialize, Serialize}; @@ -37,9 +37,8 @@ impl RuntimeState { } pub fn run(opts: State, state_root: &Path, logger: &Logger) -> Result<()> { - let status = Status::load(state_root, &opts.container_id)?; - let state = get_current_container_state(&status)?; - let oci_state = RuntimeState::new(status, state); + let container = Container::load(state_root, &opts.container_id)?; + let oci_state = RuntimeState::new(container.status, container.state); let json_state = &serde_json::to_string_pretty(&oci_state)?; println!("{}", json_state); diff --git a/src/tools/runk/src/main.rs b/src/tools/runk/src/main.rs index 4565e6a36..9f338ec40 100644 --- a/src/tools/runk/src/main.rs +++ b/src/tools/runk/src/main.rs @@ -81,6 +81,8 @@ async fn cmd_run(subcmd: SubCommand, root_path: &Path, logger: &Logger) -> Resul CommonCmd::List(list) => commands::list::run(list, root_path, logger), CommonCmd::Exec(exec) => commands::exec::run(exec, root_path, logger).await, CommonCmd::Ps(ps) => commands::ps::run(ps, root_path, logger), + CommonCmd::Pause(pause) => commands::pause::run(pause, root_path, logger), + CommonCmd::Resume(resume) => commands::resume::run(resume, root_path, logger), _ => { return Err(anyhow!("command is not implemented yet")); }