Skip to content

Commit

Permalink
Add support for CDI device configuration
Browse files Browse the repository at this point in the history
- Persist CDIDevices in container config
- Add e2e test
- Log HasDevice error and add additional condition for safety

Signed-off-by: Sebastian Jug <[email protected]>
  • Loading branch information
sjug committed Apr 20, 2021
1 parent cf2c3a1 commit db7cff8
Show file tree
Hide file tree
Showing 13 changed files with 628 additions and 0 deletions.
1 change: 1 addition & 0 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ require (
github.com/buger/goterm v0.0.0-20181115115552-c206103e1f37
github.com/checkpoint-restore/checkpointctl v0.0.0-20210301084134-a2024f5584e7
github.com/checkpoint-restore/go-criu v0.0.0-20190109184317-bdb7599cd87b
github.com/container-orchestrated-devices/container-device-interface v0.0.0-20210325223243-f99e8b6c10b9
github.com/containernetworking/cni v0.8.1
github.com/containernetworking/plugins v0.9.1
github.com/containers/buildah v1.20.1-0.20210402144408-36a37402d0c8
Expand Down
2 changes: 2 additions & 0 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -120,6 +120,8 @@ github.com/cilium/ebpf v0.2.0/go.mod h1:To2CFviqOWL/M0gIMsvSMlqe7em/l1ALkX1PyjrX
github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8=
github.com/container-orchestrated-devices/container-device-interface v0.0.0-20210325223243-f99e8b6c10b9 h1:Kn0s9/APRtr5dk/83aXj97WX0+PYnJK9BO8g0Xclm0I=
github.com/container-orchestrated-devices/container-device-interface v0.0.0-20210325223243-f99e8b6c10b9/go.mod h1:eQt66kIaJpUhCrjCtBFQGQxGLbAUl0OuuwjTH16ON4s=
github.com/containerd/aufs v0.0.0-20200908144142-dab0cbea06f4/go.mod h1:nukgQABAEopAHvB6j7cnP5zJ+/3aVcE7hCYqvIwAHyE=
github.com/containerd/aufs v0.0.0-20201003224125-76a6863f2989/go.mod h1:AkGGQs9NM2vtYHaUen+NljV0/baGCAPELGm2q9ZXpWU=
github.com/containerd/aufs v0.0.0-20210316121734-20793ff83c97/go.mod h1:kL5kd6KM5TzQjR79jljyi4olc1Vrx6XBlcyj3gNv2PU=
Expand Down
2 changes: 2 additions & 0 deletions libpod/container_config.go
Original file line number Diff line number Diff line change
Expand Up @@ -366,4 +366,6 @@ type ContainerMiscConfig struct {
Umask string `json:"umask,omitempty"`
// PidFile is the file that saves the pid of the container process
PidFile string `json:"pid_file,omitempty"`
// CDIDevices contains devices that use the CDI
CDIDevices []string `json:"cdiDevices,omitempty"`
}
8 changes: 8 additions & 0 deletions libpod/container_internal_linux.go
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ import (
"time"

metadata "github.com/checkpoint-restore/checkpointctl/lib"
cdi "github.com/container-orchestrated-devices/container-device-interface/pkg"
cnitypes "github.com/containernetworking/cni/pkg/types/current"
"github.com/containernetworking/plugins/pkg/ns"
"github.com/containers/buildah/pkg/chrootuser"
Expand Down Expand Up @@ -704,6 +705,13 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) {
}
g.SetLinuxCgroupsPath(cgroupPath)

// Warning: CDI may alter g.Config in place.
if len(c.config.CDIDevices) > 0 {
if err = cdi.UpdateOCISpecForDevices(g.Config, c.config.CDIDevices); err != nil {
return nil, errors.Wrapf(err, "error setting up CDI devices")
}
}

// Mounts need to be sorted so paths will not cover other paths
mounts := sortMounts(g.Mounts())
g.ClearMounts()
Expand Down
11 changes: 11 additions & 0 deletions libpod/options.go
Original file line number Diff line number Diff line change
Expand Up @@ -293,6 +293,17 @@ func WithHooksDir(hooksDirs ...string) RuntimeOption {
}
}

// WithCDI sets the devices to check for for CDI configuration.
func WithCDI(devices []string) CtrCreateOption {
return func(ctr *Container) error {
if ctr.valid {
return define.ErrCtrFinalized
}
ctr.config.CDIDevices = devices
return nil
}
}

// WithDefaultMountsFile sets the file to look at for default mounts (mainly
// secrets).
// Note we are not saving this in the database as it is for testing purposes
Expand Down
33 changes: 33 additions & 0 deletions pkg/specgen/generate/container_create.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,12 +6,14 @@ import (
"path/filepath"
"strings"

cdi "github.com/container-orchestrated-devices/container-device-interface/pkg"
"github.com/containers/common/pkg/config"
"github.com/containers/podman/v3/libpod"
"github.com/containers/podman/v3/libpod/image"
"github.com/containers/podman/v3/pkg/specgen"
"github.com/containers/podman/v3/pkg/util"
"github.com/containers/storage/types"
spec "github.com/opencontainers/runtime-spec/specs-go"
"github.com/opencontainers/selinux/go-selinux/label"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
Expand Down Expand Up @@ -136,13 +138,44 @@ func MakeContainer(ctx context.Context, rt *libpod.Runtime, s *specgen.SpecGener
options = append(options, libpod.WithNetworkAliases(s.Aliases))
}

if len(s.Devices) > 0 {
opts = extractCDIDevices(s)
options = append(options, opts...)
}

runtimeSpec, err := SpecGenToOCI(ctx, s, rt, rtc, newImage, finalMounts, pod, command)
if err != nil {
return nil, err
}
return rt.NewContainer(ctx, runtimeSpec, options...)
}

func extractCDIDevices(s *specgen.SpecGenerator) []libpod.CtrCreateOption {
devs := make([]spec.LinuxDevice, 0, len(s.Devices))
var cdiDevs []string
var options []libpod.CtrCreateOption

for _, device := range s.Devices {
isCDIDevice, err := cdi.HasDevice(device.Path)
if err != nil {
logrus.Debugf("CDI HasDevice Error: %v", err)
}
if err == nil && isCDIDevice {
cdiDevs = append(cdiDevs, device.Path)
continue
}

devs = append(devs, device)
}

s.Devices = devs
if len(cdiDevs) > 0 {
options = append(options, libpod.WithCDI(cdiDevs))
}

return options
}

func createContainerOptions(ctx context.Context, rt *libpod.Runtime, s *specgen.SpecGenerator, pod *libpod.Pod, volumes []*specgen.NamedVolume, overlays []*specgen.OverlayVolume, img *image.Image, command []string) ([]libpod.CtrCreateOption, error) {
var options []libpod.CtrCreateOption
var err error
Expand Down
14 changes: 14 additions & 0 deletions test/e2e/cdi/device.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
{
"cdiVersion": "0.2.0",
"kind": "vendor.com/device",
"devices": [
{
"name": "myKmsg",
"containerEdits": {
"mounts": [
{"hostPath": "/dev/kmsg", "containerPath": "/dev/kmsg1", "options": ["rw", "rprivate", "rbind"]}
]
}
}
]
}
19 changes: 19 additions & 0 deletions test/e2e/run_device_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ package integration

import (
"os"
"os/exec"

. "github.com/containers/podman/v3/test/utils"
. "github.com/onsi/ginkgo"
Expand Down Expand Up @@ -94,4 +95,22 @@ var _ = Describe("Podman run device", func() {
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
})

It("podman run CDI device test", func() {
SkipIfRootless("Rootless will not be able to create files/folders in /etc")
cdiDir := "/etc/cdi"
if _, err := os.Stat(cdiDir); os.IsNotExist(err) {
Expect(os.MkdirAll(cdiDir, os.ModePerm)).To(BeNil())
}
defer os.RemoveAll(cdiDir)

cmd := exec.Command("cp", "cdi/device.json", cdiDir)
err = cmd.Run()
Expect(err).To(BeNil())

session := podmanTest.Podman([]string{"run", "-q", "--security-opt", "label=disable", "--device", "myKmsg", ALPINE, "ls", "--color=never", "/dev/kmsg1"})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
Expect(session.OutputToString()).To(Equal("/dev/kmsg1"))
})
})

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading

0 comments on commit db7cff8

Please sign in to comment.