Weekly merge of main branch into CCv0 26th November
Fixes: #3132
Depends-on: github.com/kata-containers/tests#4226
Signed-off-by: stevenhorsman <steven@uk.ibm.com>
Since the `utils::get_option` interface is modified,
PullImage needs to adapt to this modification in CCv0 branch.
Fixes#3044
Signed-off-by: wllenyj <wllenyj@linux.alibaba.com>
Update the `agent-ctl` tool to allow API fields to be specified in JSON
format, either directly on the command-line, or via a file URI.
This feature is made possible by enabling `serde` support in the agent
`protocols` crate. Careful use of the `serde` macros allows the
`agent-ctl` tool to accept _partially_ specified API objects in JSON
format; fields that are not specified are set to the default value for
their respective types.
`build.rs` changes based on work by Fupan.
Fixes: #2978.
Contributions-by: Fupan Li <lifupan@gmail.com>
Contributions-by: Bin Liu <bin@hyper.sh>
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Add source credentials field to pull_image endpoint
If field is not blank, send to skopeo in image pull command
Add source_creds to agentl-ctl pull command
Fixes: #2653
Signed-off-by: stevenhorsman <steven@uk.ibm.com>
This commit adds the PullImge endpoint to the agent
and the agent-ctl command to test it.
Fixes: #2509
Signed-off-by: Georgina Kinge <georgina.kinge@ibm.com>
Co-authored-by: stevenhorsman <steven@uk.ibm.com>
Ensure the tests in the local `logging` crate are run for all consumers
of it.
Additionally, add a new test which checks that output is generated by a
range of different log level `slog` macros. This is designed to ensure
debug level output is always available for the consumers of the
`logging` crate.
Fixes: #2969.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Allow the `agent-ctl` tool to connect to a Hybrid VSOCK hypervisor such
as Cloud Hypervisor or Firecracker.
Fixes: #2914.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Update the trace forwarder README to remove the quotes around the socket
path, which makes manipulating that path easier.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
- convert linux field from oci spec to grpc spec
- include all the fields below linux oci spec
Fixes: #2715
Signed-off-by: Da Li Liu <liudali@cn.ibm.com>
The oci_to_grpc function just handles part of oci fields,
and others are not copied from oci spec to grpc spec,
such as process.env, process.capabilities, mounts and so on.
Try to implement more handlings to convert thoses fields.
Fixes#2686
Signed-off-by: Lei Li <cdlleili@cn.ibm.com>
Removed all TOCs now that GitHub auto-generates them.
Also updated the documentation requirements doc removing the requirement
to add a TOC.
Fixes: #2022.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
This has a similar intent as the go code, but not totally equal. For
the go code we want to ensure that the vendored code is up-to-date,
while here we want to ensure that `cargo vendor` actually works.
We happened to release a few tarballs where `cargo vendor` didn't work
and it causes some pain for downstream maintainers.
Related: #2159
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Fix the incorrect regular expression to fetch the guest context ID.
In " [^,][^,]* ", [^,]* will match to the next ",",
which is after "socket", so finally got incorrect result.
Use egrep -o "guest-cid=[0-9]*" instead.
Fixes: #2124
Signed-off-by: Liang Zhou <zhoul110@chinatelecom.cn>
Our dependencies already bring several versions of nix, we should avoid
adding even more fragementation.
Fixes#2114
Signed-off-by: Samuel Ortiz <samuel.e.ortiz@protonmail.com>
Add support for watchable-bind storage driver. When watchable-bind storage
is present, the agent will create a watchable path in a tmpfs, and poll the
watchable-bind source to keep this new mount-point up to date.
This poll will allow the agent to present the mount-point to the
container, allowing for inotify usage by the container workload.
If a mount becomes too large, either in file count or in overall size,
we want to stop treating it as watchable, and instead just treat as a
bindmount. This'll help avoid DoS by growing tmpfs too large, as well
as limiting time spent scanning files. If a watchable-bind grows beyond
8 files (arbitrary sane number for certs/secrets) or 1MB (limit on ConfigMap size),
we treat it as a normal bind.
Fixes: #1879
Signed-off-by: Eric Ernst <eric_ernst@apple.com>
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
Signed-off-by: Samuel Ortiz <samuel.e.ortiz@protonmail.com>
agent: watcher: SandboxStorages check loop cleanup
While evaluating the possibility of having kata-agent statically linked
to the GNU libc, we've ended up facing some issues with prctl.
When debugging the issues, we figured out that the crate hasn't been
maintained since 2015 and that the capctl one is a good 1:1 replacement
for what we need.
Fixes: #1844
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Return a guard variable from `create_logger()` which the caller can
implicitly drop to guarantee that all threads started by the async log
drain are stopped.
This fixes a long-standing bug [1] whereby the agent could panic with
the following error, generated by the `slog` logging crate:
```
slog::Fuse Drain: Custom { kind: Other, error: "serde serialization error: Bad file descriptor (os error 9)" }
```
[1] - See https://github.com/kata-containers/kata-containers/issues/171.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Remove unused function parameters from the following types:
- `AgentCmdFp`: Removed the config parameter and made
the context parameter the first (à la golang).
- `BuiltinCmdFp`: Removed the config and options parameters.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
The recent switch to an async rust agent broke the `agent-ctl` tool.
However, we didn't notice because that isn't being built by the CI.
Fix the breakage by passing a ttRPC context to all ttRPC API calls and
also build the tool as part of the static checks CI.
Fixes: #1471.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Otherwise `make install` run from the top directory would just fail as
the target is not defined.
Fixes: #1149
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Added new `agent-ctl` commands to allow the following agent API calls to
be made:
- `AddARPNeighborsRequest`
- `CloseStdinRequest`
- `CopyFileRequest`
- `GetMetricsRequest`
- `GetOOMEventRequest`
- `MemHotplugByProbeRequest`
- `OnlineCPUMemRequest`
- `ReadStreamRequest`
- `ReseedRandomDevRequest`
- `SetGuestDateTimeRequest`
- `TtyWinResizeRequest`
- `UpdateContainerRequest`
- `WriteStreamRequest`
Fixes: #969.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Simply running `make` would generate some cargo lock updates for
agent-ctl. Let's include them so that we have fixed dependencies.
Fixes: #883
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
