db9cd1078f
We noticed s390x test failures on several of the watcher unit tests. Discovered that on s390 in particular, if we update a file in quick sucecssion, the time stampe on the file would not be unique between the writes. Through testing, we observe that a 20 millisecond delay is very reliable for being able to observe the timestamp update. Let's ensure we have this delay between writes for our tests so our tests are more reliable. In "the real world" we'll be polling for changes every 2 seconds, and frequency of filesystem updates will be on order of minutes and days, rather that microseconds. Fixes: #2946 Signed-off-by: Eric Ernst <eric_ernst@apple.com>
Kata Agent in Rust
This is a rust version of the kata-agent.
In Denver PTG, we discussed about re-writing agent in rust:
In general, we all think about re-write agent in rust to reduce the footprint of agent. Moreover, Eric mentioned the possibility to stop using gRPC, which may have some impact on footprint. We may begin to do some POC to show how much we could save by re-writing agent in rust.
After that, we drafted the initial code here, and any contributions are welcome.
Features
| Feature | Status |
|---|---|
| OCI Behaviors | |
| create/start containers | ✅ |
| signal/wait process | ✅ |
| exec/list process | ✅ |
| I/O stream | ✅ |
| Cgroups | ✅ |
Capabilities, rlimit, readonly path, masked path, users |
✅ |
| Seccomp | ✅ |
container stats (stats_container) |
✅ |
| Hooks | ✅ |
| Agent Features & APIs | |
run agent as init (mount fs, udev, setup lo) |
✅ |
| block device as root device | ✅ |
| Health API | ✅ |
network, interface/routes (update_container) |
✅ |
File transfer API (copy_file) |
✅ |
Device APIs (reseed_random_device, , online_cpu_memory, mem_hotplug_probe, set_guet_data_time) |
✅ |
| VSOCK support | ✅ |
| virtio-serial support | ✖️ |
| OCI Spec validator | ✅ |
| Infrastructures | |
| Debug Console | ✅ |
| Command line | ✅ |
| Tracing | ✖️ |
Getting Started
Build from Source
The rust-agent needs to be built statically and linked with musl
Note: skip this step for ppc64le, the build scripts explicitly use gnu for ppc64le.
$ arch=$(uname -m)
$ rustup target add "${arch}-unknown-linux-musl"
$ sudo ln -s /usr/bin/g++ /bin/musl-g++
ppc64le-only: Manually install protoc, e.g.
$ sudo dnf install protobuf-compiler
Download the source files in the Kata containers repository and build the agent:
$ GOPATH="${GOPATH:-$HOME/go}"
$ dir="$GOPATH/src/github.com/kata-containers"
$ git -C ${dir} clone --depth 1 https://github.com/kata-containers/kata-containers
$ make -C ${dir}/kata-containers/src/agent
Run Kata CI with rust-agent
- Firstly, install Kata as noted by "how to install Kata"
- Secondly, build your own Kata initrd/image following the steps in "how to build your own initrd/image". notes: Please use your rust agent instead of the go agent when building your initrd/image.
- Clone the Kata CI test cases from: https://github.com/kata-containers/tests.git, and then run the CRI test with:
$sudo -E PATH=$PATH -E GOPATH=$GOPATH integration/containerd/shimv2/shimv2-tests.sh
Mini Benchmark
The memory of RssAnon consumed by the go-agent and rust-agent as below:
go-agent: about 11M
rust-agent: about 1.1M