agent: pass correct mount type to agent for ephemeral volumes #1439
Conversation
The "ephemeral" is just used to indicate ephemeral volumes in runtime. We should not pass it to agent. Instead, "bind" should be the correct mount type to be passed. Fixes: kata-containers#1438 Signed-off-by: Xie Yongji <xieyongji@baidu.com>
| @@ -1119,6 +1119,8 @@ func (k *kataAgent) handleEphemeralStorage(mounts []specs.Mount) []*grpc.Storage | |||
| if mnt.Type == kataEphemeralDevType { | |||
| // Set the mount source path to a path that resides inside the VM | |||
| mounts[idx].Source = filepath.Join(ephemeralPath, filepath.Base(mnt.Source)) | |||
| // Set the mount type to "bind" | |||
| mounts[idx].Type = "bind" | |||
There was a problem hiding this comment.
I guess the original code works only because k8s would set the mount type to bind as well to tell runc to bindmount the host tmpfs mountpoint to container's ephemeral volume. But it does feel safer to explicitly set it. Thanks!
There was a problem hiding this comment.
@bergwolf yes, that is the case today, which is why it works. k8s already sets this to "bind".
@YongjiXie This change is not absolutely required, I guess its good to have it set explicitly for clarity.
There was a problem hiding this comment.
@bergwolf @amshinde Actually what I did in this patch is changing the mount type from “ephemeral” to "bind". Without this patch, we will pass something like: Mounts:<destination:"/mnt" source:"/run/kata-containers/sandbox/ephemeral/cache" type:"ephemeral" options:"rbind" options:"rprivate" options:"rw" > to kata agent.
And I guess the original code works only because we have "rbind" option. And libcontainer will still do mounting although it doesn't know the mount type in kata agent.
Thanks,
Yongji
There was a problem hiding this comment.
@YongjiXie I see. The problem is that instead of exposing a proper sandbox level storage structure, we modified oci spec to indicate an ephemeral mount. Thanks for the explanation!
|
/retest |
1 similar comment
|
/retest |
|
@jcvenegas no, the opensuse issue is still there kata-containers/ci#136 |
|
@jcvenegas @GabyCT Are the opensuse and nemy CIs supposed to pass? |
|
@amshinde opensuse is not but nemu yes |
|
Ok. I am getting a 404 on the nemu one.Restarting all |
The "ephemeral" is just used to indicate ephemeral volumes in
runtime. We should not pass it to agent. Instead, "bind" should be
the correct mount type to be passed.
Fixes: #1438
Signed-off-by: Xie Yongji xieyongji@baidu.com