Documentation
¶
Index ¶
- Constants
- type AgentState
- type ContainerConfig
- type ContainerState
- type DeviceMap
- type HypervisorConfig
- type IPVlanEndpoint
- type KataAgentConfig
- type MacvlanEndpoint
- type MacvtapEndpoint
- type Mount
- type NetworkConfig
- type NetworkEndpoint
- type NetworkInfo
- type NetworkInterface
- type NetworkInterfacePair
- type PersistDriver
- type PhysicalEndpoint
- type Process
- type RootfsState
- type SandboxConfig
- type SandboxState
- type ShimConfig
- type TapEndpoint
- type TapInterface
- type TuntapEndpoint
- type TuntapInterface
- type VethEndpoint
- type VhostUserEndpoint
Constants ¶
View Source
const ( // CurPersistVersion is current persist data version. // This can help keep backward compatibility, if you make // some changes in persistapi package which needs different // handling process between different runtime versions, you // should modify `CurPersistVersion` and handle persist data // according to it. // If you can't be sure if the change in persistapi package // requires a bump of CurPersistVersion or not, do it for peace! // --@WeiZhang555 CurPersistVersion uint = 2 )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AgentState ¶
type AgentState struct {
// URL to connect to agent
URL string
}
AgentState save agent state data
type ContainerConfig ¶
type ContainerState ¶
type ContainerState struct {
// State is container running status
State string
// CgroupPath is the cgroup hierarchy where sandbox's processes
// including the hypervisor are placed.
CgroupPath string
// BundlePath saves container OCI config.json, which can be unmarshaled
// and translated to "CompatOCISpec"
BundlePath string
// Rootfs contains information of container rootfs
Rootfs RootfsState
// Process on host representing container process
Process Process
// DeviceMaps is mapping between sandbox device to dest in container
DeviceMaps []DeviceMap
// Mounts is mount info from OCI spec
Mounts []Mount
}
ContainerState represents container state
type DeviceMap ¶
type DeviceMap struct {
// ID reference to VM device
ID string
// ContainerPath is device path displayed in container
ContainerPath string
// FileMode permission bits for the device.
FileMode os.FileMode
// UID is user ID in the container namespace
UID uint32
// GID is group ID in the container namespace
GID uint32
}
DeviceMap saves how host device maps to container device one hypervisor device can be Refs: virtcontainers/container.go:ContainerDevice
type HypervisorConfig ¶
type HypervisorConfig struct {
// KernelPath is the guest kernel host path.
KernelPath string
// ImagePath is the guest image host path.
ImagePath string
// InitrdPath is the guest initrd image host path.
// ImagePath and InitrdPath cannot be set at the same time.
InitrdPath string
// FirmwarePath is the bios host path
FirmwarePath string
// MachineAccelerators are machine specific accelerators
MachineAccelerators string
// CPUFeatures are cpu specific features
CPUFeatures string
// HypervisorPath is the hypervisor executable host path.
HypervisorPath string
// HypervisorCtlPath is the hypervisor ctl executable host path.
HypervisorCtlPath string
// HypervisorCtlPath is the hypervisor ctl executable host path.
// JailerPath is the jailer executable host path.
JailerPath string
// BlockDeviceDriver specifies the driver to be used for block device
// either VirtioSCSI or VirtioBlock with the default driver being defaultBlockDriver
BlockDeviceDriver string
// HypervisorMachineType specifies the type of machine being
// emulated.
HypervisorMachineType string
// MemoryPath is the memory file path of VM memory. Used when either BootToBeTemplate or
// BootFromTemplate is true.
MemoryPath string
// DevicesStatePath is the VM device state file path. Used when either BootToBeTemplate or
// BootFromTemplate is true.
DevicesStatePath string
// EntropySource is the path to a host source of
// entropy (/dev/random, /dev/urandom or real hardware RNG device)
EntropySource string
// - virtio-9p (default)
// - virtio-fs
SharedFS string
// VirtioFSDaemon is the virtio-fs vhost-user daemon path
VirtioFSDaemon string
// VirtioFSCache cache mode for fs version cache
VirtioFSCache string
// File based memory backend root directory
FileBackedMemRootDir string
// VhostUserStorePath is the directory path where vhost-user devices
// related folders, sockets and device nodes should be.
VhostUserStorePath string
// SeccompSandbox is the qemu function which enables the seccomp feature
SeccompSandbox string
// GuestHookPath is the path within the VM that will be used for 'drop-in' hooks
GuestHookPath string
// VMid is the id of the VM that create the hypervisor if the VM is created by the factory.
// VMid is "" if the hypervisor is not created by the factory.
VMid string
// HypervisorPathList is the list of hypervisor paths names allowed in annotations
HypervisorPathList []string
// HypervisorCtlPathList is the list of hypervisor control paths names allowed in annotations
HypervisorCtlPathList []string
// JailerPathList is the list of jailer paths names allowed in annotations
JailerPathList []string
// EntropySourceList is the list of valid entropy sources
EntropySourceList []string
// VirtioFSDaemonList is the list of valid virtiofs names for annotations
VirtioFSDaemonList []string
// VirtioFSExtraArgs passes options to virtiofsd daemon
VirtioFSExtraArgs []string
// FileBackedMemRootList is the list of valid root directories values for annotations
FileBackedMemRootList []string
// VhostUserStorePathList is the list of valid values for vhost-user paths
VhostUserStorePathList []string
// Enable annotations by name
EnableAnnotations []string
// MemOffset specifies memory space for nvdimm device
MemOffset uint64
// RxRateLimiterMaxRate is used to control network I/O inbound bandwidth on VM level.
RxRateLimiterMaxRate uint64
// TxRateLimiterMaxRate is used to control network I/O outbound bandwidth on VM level.
TxRateLimiterMaxRate uint64
// SGXEPCSize specifies the size in bytes for the EPC Section.
// Enable SGX. Hardware-based isolation and memory encryption.
SGXEPCSize int64
// NumVCPUs specifies default number of vCPUs for the VM.
NumVCPUsF float32
//DefaultMaxVCPUs specifies the maximum number of vCPUs for the VM.
DefaultMaxVCPUs uint32
// DefaultMem specifies default memory size in MiB for the VM.
MemorySize uint32
// DefaultBridges specifies default number of bridges for the VM.
// Bridges can be used to hot plug devices
DefaultBridges uint32
// Msize9p is used as the msize for 9p shares
Msize9p uint32
// MemSlots specifies default memory slots the VM.
MemSlots uint32
// VirtioFSCacheSize is the DAX cache size in MiB
VirtioFSCacheSize uint32
// BlockDeviceCacheSet specifies cache-related options will be set to block devices or not.
BlockDeviceCacheSet bool
// BlockDeviceCacheDirect specifies cache-related options for block devices.
// Denotes whether use of O_DIRECT (bypass the host page cache) is enabled.
BlockDeviceCacheDirect bool
// BlockDeviceCacheNoflush specifies cache-related options for block devices.
// Denotes whether flush requests for the device are ignored.
BlockDeviceCacheNoflush bool
// DisableBlockDeviceUse disallows a block device from being used.
DisableBlockDeviceUse bool
// EnableIOThreads enables IO to be processed in a separate thread.
// Supported currently for virtio-scsi driver.
EnableIOThreads bool
// Debug changes the default hypervisor and kernel parameters to
// enable debug output where available.
Debug bool
// MemPrealloc specifies if the memory should be pre-allocated
MemPrealloc bool
// HugePages specifies if the memory should be pre-allocated from huge pages
HugePages bool
// VirtioMem is used to enable/disable virtio-mem
VirtioMem bool
// DisableNestingChecks is used to override customizations performed
// when running on top of another VMM.
DisableNestingChecks bool
// DisableImageNvdimm disables nvdimm for guest rootfs image
DisableImageNvdimm bool
// HotPlugVFIO is used to indicate if devices need to be hotplugged on the
// root, switch, bridge or no-port
HotPlugVFIO config.PCIePort
// ColdPlugVFIO is used to indicate if devices need to be coldplugged on the
// root, bridge, switch or no-port
ColdPlugVFIO config.PCIePort
// BootToBeTemplate used to indicate if the VM is created to be a template VM
BootToBeTemplate bool
// BootFromTemplate used to indicate if the VM should be created from a template VM
BootFromTemplate bool
// DisableVhostNet is used to indicate if host supports vhost_net
DisableVhostNet bool
// EnableVhostUserStore is used to indicate if host supports vhost-user-blk/scsi
EnableVhostUserStore bool
}
HypervisorConfig saves configurations of sandbox hypervisor
type IPVlanEndpoint ¶
type IPVlanEndpoint struct {
NetPair NetworkInterfacePair
}
type KataAgentConfig ¶
type KataAgentConfig struct {
LongLiveConn bool
}
KataAgentConfig is a structure storing information needed to reach the Kata Containers agent.
type MacvlanEndpoint ¶
type MacvlanEndpoint struct {
NetPair NetworkInterfacePair
}
type MacvtapEndpoint ¶
type Mount ¶
type Mount struct {
Source string
Destination string
// Type specifies the type of filesystem to mount.
Type string
// HostPath used to store host side bind mount path
HostPath string
// BlockDeviceID represents block device that is attached to the
// VM in case this mount is a block device file or a directory
// backed by a block device.
BlockDeviceID string
// Options list all the mount options of the filesystem.
Options []string
// ReadOnly specifies if the mount should be read only or not
ReadOnly bool
}
Mount describes a container mount.
type NetworkConfig ¶
type NetworkConfig struct {
NetworkID string
NetworkCreated bool
DisableNewNetwork bool
InterworkingModel int
}
NetworkConfig is the network configuration related to a network.
type NetworkEndpoint ¶
type NetworkEndpoint struct {
// One and only one of these below are not nil according to Type.
Physical *PhysicalEndpoint `json:",omitempty"`
Veth *VethEndpoint `json:",omitempty"`
VhostUser *VhostUserEndpoint `json:",omitempty"`
Macvlan *MacvlanEndpoint `json:",omitempty"`
Macvtap *MacvtapEndpoint `json:",omitempty"`
Tap *TapEndpoint `json:",omitempty"`
IPVlan *IPVlanEndpoint `json:",omitempty"`
Tuntap *TuntapEndpoint `json:",omitempty"`
Type string
}
NetworkEndpoint contains network interface information
type NetworkInfo ¶
type NetworkInfo struct {
NetworkID string
Endpoints []NetworkEndpoint
NetworkCreated bool
}
NetworkInfo contains network information of sandbox
type NetworkInterface ¶
type NetworkInterfacePair ¶
type NetworkInterfacePair struct {
TapInterface
VirtIface NetworkInterface
NetInterworkingModel int
}
NetworkInterfacePair defines a pair between VM and virtual network interfaces.
type PersistDriver ¶
type PersistDriver interface {
// ToDisk flushes data to disk(or other storage media such as a remote db)
ToDisk(SandboxState, map[string]ContainerState) error
// FromDisk will restore all data for sandbox with `sid` from storage.
// We only support get data for one whole sandbox
FromDisk(sid string) (SandboxState, map[string]ContainerState, error)
// Destroy will remove everything from storage
Destroy(sid string) error
// Lock locks the persist driver, "exclusive" decides whether the lock is exclusive or shared.
// It returns Unlock Function and errors
Lock(sid string, exclusive bool) (func() error, error)
// GlobalWrite writes "data" to "StorageRootPath"/"relativePath";
// GlobalRead reads "data" from "StorageRootPath"/"relativePath";
// these functions are used for writing/reading some global data,
// they are specially designed for ACRN so far.
// Don't use them too much unless you have no other choice! @weizhang555
GlobalWrite(relativePath string, data []byte) error
GlobalRead(relativePath string) ([]byte, error)
// RunStoragePath is the sandbox runtime directory.
// It will contain one state.json and one lock file for each created sandbox.
RunStoragePath() string
// RunVMStoragePath is the vm directory.
// It will contain all guest vm sockets and shared mountpoints.
RunVMStoragePath() string
}
PersistDriver is interface describing operations to save/restore persist data
type PhysicalEndpoint ¶
type Process ¶
type Process struct {
StartTime time.Time
// Token is the process execution context ID. It must be
// unique per sandbox.
// Token is used to manipulate processes for containers
// that have not started yet, and later identify them
// uniquely within a sandbox.
Token string
// Pid is the process ID as seen by the host software
// stack, e.g. CRI-O, containerd. This is typically the
// shim PID.
Pid int
}
Process gathers data related to a container process. Refs: virtcontainers/container.go:Process
type RootfsState ¶
type RootfsState struct {
// BlockDeviceID represents container rootfs block device ID
// when backed by devicemapper
BlockDeviceID string
// RootFStype is file system of the rootfs incase it is block device
FsType string
}
RootfsState saves state of container rootfs
type SandboxConfig ¶
type SandboxConfig struct {
// Cgroups specifies specific cgroup settings for the various subsystems that the container is
// placed into to limit the resources the container has available
Cgroups *configs.Cgroup `json:"cgroups"`
// only one agent config can be non-nil according to agent type
KataAgentConfig *KataAgentConfig `json:",omitempty"`
KataShimConfig *ShimConfig
// Custom SELinux security policy to the container process inside the VM
GuestSeLinuxLabel string
HypervisorType string
// SandboxBindMounts - list of paths to mount into guest
SandboxBindMounts []string
// Experimental enables experimental features
Experimental []string
// Information for fields not saved:
// * Annotation: this is kind of casual data, we don't need casual data in persist file,
// if you know this data needs to persist, please gives it a specific field
ContainerConfigs []ContainerConfig
NetworkConfig NetworkConfig
HypervisorConfig HypervisorConfig
ShmSize uint64
SharePidNs bool
// Stateful keeps sandbox resources in memory across APIs. Users will be responsible
// for calling Release() to release the memory resources.
Stateful bool
// SystemdCgroup enables systemd cgroup support
SystemdCgroup bool
// SandboxCgroupOnly enables cgroup only at podlevel in the host
SandboxCgroupOnly bool
DisableGuestSeccomp bool
// EnableVCPUsPinning controls whether each vCPU thread should be scheduled to a fixed CPU
EnableVCPUsPinning bool
}
SandboxConfig is a sandbox configuration. Refs: virtcontainers/sandbox.go:SandboxConfig
type SandboxState ¶
type SandboxState struct {
// CgroupPath is the cgroup hierarchy where sandbox's processes
// including the hypervisor are placed.
CgroupPaths map[string]string
// Devices plugged to sandbox(hypervisor)
Devices []dev.DeviceState
// State is sandbox running status
State string
// SandboxContainer specifies which container is used to start the sandbox/vm
SandboxContainer string
// SandboxCgroupPath is the sandbox cgroup path
SandboxCgroupPath string
// OverheadCgroupPath is the sandbox overhead cgroup path.
// It can be an empty string if sandbox_cgroup_only is set.
OverheadCgroupPath string
// HypervisorState saves hypervisor specific data
HypervisorState hv.HypervisorState
// AgentState saves state data of agent
AgentState AgentState
// Network saves network configuration of sandbox
Network NetworkInfo
// Config saves config information of sandbox
Config SandboxConfig
// PersistVersion of persist data format, can be used for keeping compatibility later
PersistVersion uint
// GuestMemoryBlockSizeMB is the size of memory block of guestos
GuestMemoryBlockSizeMB uint32
// GuestMemoryHotplugProbe determines whether guest kernel supports memory hotplug probe interface
GuestMemoryHotplugProbe bool
}
SandboxState contains state information of sandbox nolint: maligned
type ShimConfig ¶
ShimConfig is the structure providing specific configuration for shim implementation.
type TapEndpoint ¶
type TapEndpoint struct {
TapInterface TapInterface
}
type TapInterface ¶
type TapInterface struct {
ID string
Name string
TAPIface NetworkInterface
}
TapInterface defines a tap interface
type TuntapEndpoint ¶
type TuntapEndpoint struct {
TuntapInterface TuntapInterface
}
type TuntapInterface ¶
type TuntapInterface struct {
Name string
TAPIface NetworkInterface
}
TuntapInterface defines a tap interface
type VethEndpoint ¶
type VethEndpoint struct {
NetPair NetworkInterfacePair
}
type VhostUserEndpoint ¶
Source Files
Click to show internal directories.
Click to hide internal directories.