-
Notifications
You must be signed in to change notification settings - Fork 1k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
runtime-rs: add binary to exercise shim proper w/o containerd depende…
…ncies After building the binary as usual with `cargo build` run it as follows. It needs a configuration.toml in which only qemu keys `path`, `kernel` and `initrd` will initially need to be set. Point them to respective files e.g. from a kata distribution tarball. It also needs to be launched from an exported container bundle directory. One can be created by running mkdir rootfs podman export $(podman create busybox) | tar -C ./rootfs -xvf - runc spec -b . in a suitable directory. Then launch the program like this: KATA_CONF_FILE=/path/to/configuration-qemu.toml /path/to/shim-ctl Fixes: #5817 Signed-off-by: Pavel Mores <pmores@redhat.com>
- Loading branch information
Showing
6 changed files
with
123 additions
and
0 deletions.
There are no files selected for viewing
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,5 @@ | ||
[workspace] | ||
members = [ | ||
"crates/shim", | ||
"crates/shim-ctl", | ||
] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
[package] | ||
name = "shim-ctl" | ||
version = "0.1.0" | ||
edition = "2021" | ||
|
||
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html | ||
|
||
[dependencies] | ||
anyhow = "^1.0" | ||
common = { path = "../runtimes/common" } | ||
logging = { path = "../../../libs/logging"} | ||
runtimes = { path = "../runtimes" } | ||
tokio = { version = "1.8.0", features = [ "rt", "rt-multi-thread" ] } | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,51 @@ | ||
### Purpose | ||
`shim-ctl` is a binary to exercise the shim proper without containerd | ||
dependencies. | ||
|
||
The actual Kata shim is hard to execute outside of deployment environments due | ||
to its dependency on containerd's shim v2 protocol. Among others, the | ||
dependency requires having a socket with a remote end that's capable of driving | ||
the shim using the shim v2 `ttrpc` protocol, and a binary for shim to publish | ||
events to. | ||
|
||
Since at least some of the shim v2 protocol dependencies are fairly hard to | ||
mock up, this presents a significant obstacle to development. | ||
|
||
`shim-ctl` takes advantage of the fact that due to the shim implementation | ||
architecture, only the outermost couple of shim layers are | ||
containerd-dependent and all of the inner layers that do the actual heavy | ||
lifting don't depend on containerd. This allows `shim-ctl` to replace the | ||
containerd-dependent layers with something that's easier to use on a | ||
developer's machine. | ||
|
||
### Usage | ||
|
||
After building the binary as usual with `cargo build` run `shim-ctl` as follows. | ||
|
||
Even though `shim-ctl` does away with containerd dependencies it still has | ||
some requirements of its execution environment. In particular, it needs a | ||
Kata `configuration.toml` file, some Kata distribution files to point a bunch | ||
of `configuration.toml` keys to (like hypervisor keys `path`, `kernel` or | ||
`initrd`) and a container bundle. These are however much easier to fulfill | ||
than the original containerd dependencies, and doing so is a one-off task - | ||
once done they can be reused for an unlimited number of modify-build-run | ||
development cycles. | ||
|
||
`shim-ctl` also needs to be launched from an exported container bundle | ||
directory. One can be created by running | ||
|
||
``` | ||
mkdir rootfs | ||
podman export $(podman create busybox) | tar -C ./rootfs -xvf - | ||
runc spec -b . | ||
``` | ||
|
||
in a suitable directory. | ||
|
||
The program can then be launched like this: | ||
|
||
``` | ||
cd /the/bundle/directory | ||
KATA_CONF_FILE=/path/to/configuration-qemu.toml /path/to/shim-ctl | ||
``` | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,45 @@ | ||
// Copyright (c) 2022 Red Hat | ||
// | ||
// SPDX-License-Identifier: Apache-2.0 | ||
// | ||
|
||
use anyhow::{Context, Result}; | ||
use common::{ | ||
message::Message, | ||
types::{ContainerConfig, Request}, | ||
}; | ||
use runtimes::RuntimeHandlerManager; | ||
use tokio::sync::mpsc::channel; | ||
|
||
const MESSAGE_BUFFER_SIZE: usize = 8; | ||
const WORKER_THREADS: usize = 2; | ||
|
||
async fn real_main() { | ||
let (sender, _receiver) = channel::<Message>(MESSAGE_BUFFER_SIZE); | ||
let manager = RuntimeHandlerManager::new("xxx", sender).await.unwrap(); | ||
|
||
let req = Request::CreateContainer(ContainerConfig { | ||
container_id: "xxx".to_owned(), | ||
bundle: ".".to_owned(), | ||
rootfs_mounts: Vec::new(), | ||
terminal: false, | ||
options: None, | ||
stdin: None, | ||
stdout: None, | ||
stderr: None, | ||
}); | ||
|
||
manager.handler_message(req).await.ok(); | ||
} | ||
|
||
fn main() -> Result<(), Box<dyn std::error::Error>> { | ||
let runtime = tokio::runtime::Builder::new_multi_thread() | ||
.worker_threads(WORKER_THREADS) | ||
.enable_all() | ||
.build() | ||
.context("prepare tokio runtime")?; | ||
|
||
runtime.block_on(real_main()); | ||
|
||
Ok(()) | ||
} |