runtime-rs: device manager for runtime-rs #5441
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
katacontainersbot
added
the
size/huge
Tim-0731-Hzt
force-pushed
the
device_manager_dev
branch
4 times, most recently
from
3072b84 to
cfd3d10
Compare
quanweiZhou
reviewed
Oct 17, 2022
Tim-0731-Hzt
force-pushed
the
device_manager_dev
branch
2 times, most recently
from
0fffa47 to
6f504b9
Compare
liubin
reviewed
Oct 18, 2022
liubin
reviewed
Oct 18, 2022
| pub struct GenericDevice { | ||
| id: String, | ||
| device_info: GenericConfig, | ||
| ref_count: u64, |
There was a problem hiding this comment.
What's the defferent between ref_count and attach_count.
There was a problem hiding this comment.
I think just use one of them would be enough to handle the device attach number.
Tim-0731-Hzt
force-pushed
the
device_manager_dev
branch
from
6f504b9 to
2a3a513
Compare
quanweiZhou
reviewed
Oct 20, 2022
Tim-0731-Hzt
force-pushed
the
device_manager_dev
branch
from
2a3a513 to
6fc3a9b
Compare
Tim-0731-Hzt
force-pushed
the
device_manager_dev
branch
from
6fc3a9b to
0268d3e
Compare
|
/test |
Tim-0731-Hzt
force-pushed
the
device_manager_dev
branch
from
0268d3e to
9dda6e6
Compare
tzY15368
added a commit
to tzY15368/kata-containers
that referenced
this pull request
Oct 25, 2022
Implements get-volume-stats trait for sandbox and add RPC calls to agent. Also added type conversions in trans.rs Fixes kata-containers#5441 Signed-off-by: Tingzhou Yuan <tzyuan15@bu.edu>
tzY15368
added a commit
to tzY15368/kata-containers
that referenced
this pull request
Oct 25, 2022
Implements resize-volume trait for sandbox and add RPC calls to agent. Also added type conversions in trans.rs and replaced `ResizeRequest` in shim-mgmt handler with the agent version to reduce redundancy. The actual handler for the resize request is also added, and will be implemented in the next commit. Fixes kata-containers#5441 Signed-off-by: Tingzhou Yuan <tzyuan15@bu.edu>
jodh-intel
reviewed
Oct 28, 2022
Comment on lines
47
to
56
| let mut i = 0usize; | ||
| while i < suff_len && index >= 0 { | ||
| let letter: u8 = b'a' + (index % base) as u8; | ||
| disk_letters[i] = letter; | ||
| index = (index / base) - 1; | ||
| i += 1; | ||
| } | ||
| if index >= 0 { | ||
| return Err(anyhow!("Index not supported")); | ||
| } |
There was a problem hiding this comment.
This chunk looks like it could be a separate function. That would allow it to be unit-tested with various values.
Comment on lines
48
to
59
| &mut GenericConfig { | ||
| host_path: m.source.clone(), | ||
| container_path: m.destination.clone(), | ||
| dev_type: "b".to_string(), | ||
| major: stat::major(fstat.st_rdev) as i64, | ||
| minor: stat::minor(fstat.st_rdev) as i64, | ||
| file_mode: 0, | ||
| uid: 0, | ||
| gid: 0, | ||
| id: "".to_string(), | ||
| bdf: None, | ||
| driver_options: options, | ||
| io_limits: None, | ||
| ..Default::default() |
There was a problem hiding this comment.
Some of these specified values are already included in ..Default::default() so I think this (and other instances) could be simplified?
There was a problem hiding this comment.
Some variables in the struct is not specified here, this pr just support the basic functionality, so we still need them.
src/runtime-rs/crates/runtimes/virt_container/src/container_manager/container.rs
Outdated
Show resolved
Hide resolved
Comment on lines
+426
to
+469
| devpath: &str, | ||
| ) -> Result<()> { | ||
| let devname = devpath | ||
| .strip_prefix("/dev/") |
There was a problem hiding this comment.
Is devpath guaranteed to be the fully expanded (canonical) value for the path? If not, what if something like /dev/foo/bar/../../../sbin/init was specified?
There was a problem hiding this comment.
Yes, it is passed as the source in the storage, and the source path is set on the runtime side, we get this by get_virt_drive_name function. So it can't be like /dev/foo/bar/../../../sbin/init.
| @@ -401,6 +401,48 @@ async fn get_vfio_device_name(sandbox: &Arc<Mutex<Sandbox>>, grp: IommuGroup) -> | |||
| Ok(format!("{}/{}", SYSTEM_DEV_PATH, &uev.devname)) | |||
| } | |||
|
|
|||
| #[derive(Debug)] | |||
| struct MmioBlockMatcher { | |||
| suffix: String, | |||
There was a problem hiding this comment.
- ooi, why can't we match on the entire udev path?
- Could you add some unit tests using fake
Ueventevents? That would help understanding and also clarify the point above.
There was a problem hiding this comment.
Normally, there are two path for a device, it could be sys/block/vda, and sys/devices/ ......./virtio0/block/vda, the first one will point to the second one, so match the suffix would be enough.
Tim-0731-Hzt
force-pushed
the
device_manager_dev
branch
from
9dda6e6 to
fc9008e
Compare
|
/test |
1 similar comment
|
/test |
Tim-0731-Hzt
force-pushed
the
device_manager_dev
branch
from
97e8dcc to
8ceae41
Compare
katacontainersbot
added
size/huge
Tim-0731-Hzt
force-pushed
the
device_manager_dev
branch
from
8ceae41 to
65034e3
Compare
|
/test |
|
/test-s390x |
|
/retest-s390x |
ananos
added a commit
to nubificus/kata-containers
that referenced
this pull request
May 22, 2023
This is an initial, WiP port of FC on the rust runtime of kata containers. It is built on top of the `device_manager_dev` branch [kata-containers#5441], since block device support for the container rootfs is a prerequisite for FC sandboxes (FC does not support virtio-fs). Current issues: - network namespaces are being deleted (probably some threading mixup), hence, although there's a network device present, there's no network support (the namespace in the host is deleted, so no tap0_kata, tc etc.) - we do not kill the FC process leaving instances running even after container shutdown. This leaves running firecracker instances, keeps the devmapper snapshot active etc. - no jailer support yet Assumes FC binaries are in `$INSTALL_PREFIX/bin` Signed-off-by: George Pyrros <gpyrros@nubificus.co.uk> Signed-off-by: Anastassios Nanos <ananos@nubificus.co.uk>
Support device manager for runtime-rs, add block device handler for device manager Fixes:kata-containers#5375 Signed-off-by: Zhongtao Hu <zhongtaohu.tim@linux.alibaba.com> Signed-off-by: alex.lyn <alex.lyn@antgroup.com>
add the trait implementation for vfio device, Fixes:kata-containers#5375 Signed-off-by: Zhongtao Hu <zhongtaohu.tim@linux.alibaba.com> Signed-off-by: alex.lyn <alex.lyn@antgroup.com>
add the trait implementation for vhost-user device Fixes:kata-containers#5375 Signed-off-by: Zhongtao Hu <zhongtaohu.tim@linux.alibaba.com>
As dragonball support hotplug virtio-mmio device, we should handle it in agent Fixes:kata-containers#5375 Signed-off-by: Zhongtao Hu <zhongtaohu.tim@linux.alibaba.com> Signed-off-by: alex.lyn <alex.lyn@antgroup.com>
support devmapper for block rootfs Fixes: kata-containers#5375 Signed-off-by: Zhongtao Hu <zhongtaohu.tim@linux.alibaba.com> Signed-off-by: alex.lyn <alex.lyn@antgroup.com>
support block volume in runtime-rs Fixes: kata-containers#5375 Signed-off-by: Zhongtao Hu <zhongtaohu.tim@linux.alibaba.com> Signed-off-by: alex.lyn <alex.lyn@antgroup.com>
support linux device in runtime-rs Fixes:kata-containers#5375 Signed-off-by: Zhongtao Hu <zhongtaohu.tim@linux.alibaba.com> Signed-off-by: alex.lyn <alex.lyn@antgroup.com>
Support remove device after container stop Fixes:kata-containers#5375 Signed-off-by: Zhongtao Hu <zhongtaohu.tim@linux.alibaba.com> Signed-off-by: alex.lyn <alex.lyn@antgroup.com>
use device type to store the config information for different kind of devices Fixes:kata-containers#5375 Signed-off-by: Zhongtao Hu <zhongtaohu.tim@linux.alibaba.com> Signed-off-by: alex.lyn <alex.lyn@antgroup.com>
add virtio-blk-mmio option for dragonball Fixes:kata-containers#5375 Signed-off-by: Zhongtao Hu <zhongtaohu.tim@linux.alibaba.com> Signed-off-by: alex.lyn <alex.lyn@antgroup.com>
Tim-0731-Hzt
force-pushed
the
device_manager_dev
branch
from
65034e3 to
4719802
Compare
|
/test |
katacontainersbot
added
size/tiny
|
/test-fc |
|
/test |
ananos
added a commit
to nubificus/kata-containers
that referenced
this pull request
May 23, 2023
This is an initial, WiP port of FC on the rust runtime of kata containers. It is built on top of the `device_manager_dev` branch [kata-containers#5441], since block device support for the container rootfs is a prerequisite for FC sandboxes (FC does not support virtio-fs). Current issues: - network namespaces are being deleted (probably some threading mixup), hence, although there's a network device present, there's no network support (the namespace in the host is deleted, so no tap0_kata, tc etc.) - no jailer support yet Assumes FC binaries are in `$INSTALL_PREFIX/bin` Signed-off-by: George Pyrros <gpyrros@nubificus.co.uk> Signed-off-by: Anastassios Nanos <ananos@nubificus.co.uk>
ananos
added a commit
to nubificus/kata-containers
that referenced
this pull request
May 23, 2023
This is an initial, WiP port of FC on the rust runtime of kata containers. It is built on top of the `device_manager_dev` branch [kata-containers#5441], since block device support for the container rootfs is a prerequisite for FC sandboxes (FC does not support virtio-fs). Current issues: - network namespaces are being deleted (probably some threading mixup), hence, although there's a network device present, there's no network support (the namespace in the host is deleted, so no tap0_kata, tc etc.) - no jailer support yet Assumes FC binaries are in `$INSTALL_PREFIX/bin` Signed-off-by: George Pyrros <gpyrros@nubificus.co.uk> Signed-off-by: Anastassios Nanos <ananos@nubificus.co.uk>
ananos
added a commit
to nubificus/kata-containers
that referenced
this pull request
May 23, 2023
This is an initial, WiP port of FC on the rust runtime of kata containers. It is built on top of the `device_manager_dev` branch [kata-containers#5441], since block device support for the container rootfs is a prerequisite for FC sandboxes (FC does not support virtio-fs). Current issues: - We should enter the network namespace in the forked process. For now, we use the pre_exec method to run a closure just before the exec of the external hypervisor. This way, the hypervisor belongs to the new namespace, whereas the runtime does not. There's an issue with nerdctl (not present in k8s deployments) where the netns file is left dangling in the host. Useful read: https://serverfault.com/a/961592 - no jailer support yet Assumes FC binaries are in `$INSTALL_PREFIX/bin` Signed-off-by: George Pyrros <gpyrros@nubificus.co.uk> Signed-off-by: Anastassios Nanos <ananos@nubificus.co.uk>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
support device manager for runtime-rs
Fixes:#5375
Signed-off-by: Zhongtao Hu zhongtaohu.tim@linux.alibaba.com