-
Notifications
You must be signed in to change notification settings - Fork 90
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bug: fix the aa-kbc-params error in fedora #1853
Conversation
Fixes: confidential-containers#1852 Signed-off-by: Qi Feng Huo <huoqif@cn.ibm.com>
The problem is on fedora, the failure in |
Fixes: confidential-containers#1852 Signed-off-by: Qi Feng Huo <huoqif@cn.ibm.com>
src/cloud-api-adaptor/podvm/files/etc/systemd/system/process-user-data-provision.service
Outdated
Show resolved
Hide resolved
@huoqifeng how was the libvirt provider working all this while with the packer created image? |
@@ -19,7 +19,7 @@ const ( | |||
providerAzure = "azure" | |||
providerAws = "aws" | |||
|
|||
defaultAgentConfigPath = "/etc/agent-config.toml" | |||
defaultAgentConfigPath = "/run/peerpod/agent-config.toml" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the defaultAgentConfigPath is changed here but
src/cloud-api-adaptor/podvm/files/etc/systemd/system/kata-agent.service
didn't use the new changed path.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@liudalibj thanks for finding it, I think that's another reason why it works on ubuntu but not on fedora, fedora altered the path to /run/peerpod/agent-config.toml
here https://github.com/confidential-containers/cloud-api-adaptor/blob/main/src/cloud-api-adaptor/podvm-mkosi/mkosi.skeleton/usr/lib/systemd/system/kata-agent.service.d/10-override.conf
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I guess we should change to use /run/peerpod/agent-config.toml
on ubuntu also.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'll give a try after update the path...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Agree, so for ubuntu this file need be updated in this pr,
Fixes: confidential-containers#1852 Signed-off-by: Qi Feng Huo <huoqif@cn.ibm.com>
I'm not 100% sure, but I guess |
Fixes: confidential-containers#1852 Signed-off-by: Qi Feng Huo <huoqif@cn.ibm.com>
Fixes: confidential-containers#1852 Signed-off-by: Qi Feng Huo <huoqif@cn.ibm.com>
@@ -3,7 +3,7 @@ Distribution=fedora | |||
|
|||
[Distribution] | |||
Distribution=fedora | |||
Release=38 | |||
Release=39 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
if we want to bump fedora, can we do this in a separate PR?
Wants=process-user-data.service | ||
After=netns@podns.service process-user-data.service | ||
Wants=process-user-data-update.service | ||
After=netns@podns.service process-user-data-update.service |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
regarding the idea discussed in #1852 (comment), could we instead change the logic to provision the agent-config.file
via cloud-config entry, so we don't have to perform any "updates"?
Close it as it has been fixed in #1868 |
Fixes: #1852