Closed mcastelino closed 5 years ago
We need this fix to support https://github.com/kata-containers/runtime/issues/1303
This should also fix https://github.com/kata-containers/runtime/issues/1248
@mcastelino we definitely need to solve this. Is the fix you're showing here the solution to both problems (with and without rootfs
extension)? Or do we need to find a generic fix?
/cc @ganeshmaharaj @egernst @amshinde @sboeuf @bergwolf
With this change we can support all variants of graph drivers and snapshotters.
We should also make one more change longer term
https://github.com/kata-containers/runtime/blob/master/containerd-shim-v2/service.go#L327
This always mounts the block device on the host even though in the case of Kata this is no longer desired. In the case of block based snapshotters we should skip mounting on the hostside. This will be safer even though we may break some docker functionality.
@mcastelino yes we should check the type of device that needs to be mounted, and if it's a block device, we should ignore this. /cc @lifupan
@mcastelino we definitely need to solve this. Is the fix you're showing here the solution to both problems (with and without
rootfs
extension)? Or do we need to find a generic fix?
@sboeuf this is a completely generic fix and should work for all use cases.
@mcastelino
@sboeuf this is a completely generic fix and should work for all use cases.
Why don't we have a PR submitted yet then? :smile:
@mcastelino yes we should check the type of device that needs to be mounted, and if it's a block device, we should ignore this. /cc @lifupan
Hi @sboeuf @mcastelino , Yes, I agree it. But before we do that, we need to figure out how to pass this block device as a container root to virtcontainer pkg, by container spec of any other method?
@lifupan
But before we do that, we need to figure out how to pass this block device as a container root to virtcontainer pkg, by container spec of any other method?
Could you elaborate on the reasons for this need?
@lifupan
But before we do that, we need to figure out how to pass this block device as a container root to virtcontainer pkg, by container spec of any other method?
Could you elaborate on the reasons for this need?
@lifupan we already pass the rootfs as a block device today. The only optimization we need to do is not mount it on the host in the case of shim-v2
Kata does not support block based containerd snapshotters
Kata does not support block based containerd snapshotters. This is due to an incorrect assumption in Kata that there will be a directory called "rootfs" within the block device that holds the snapshot.
However with containerd block based snapshotters this no longer true.
e..g In the past the built in devicemapper would report the rootfs at
The backing device is at
and the rootfs is a directory under the backing device.
The Kata logic always assumed that this was the case.
However with the current container snapshotter implementation the rootfs is reported as follows
the rootfs directory is the backing device.
i.e. the volume/block device is mounted directly at
rootfs
which breaks Kata logicKata Logic
Kata today has multiple paths and options in handling the rootfs
Hypervisor does not support block device hotplug
Kata bind mounts the rootfs location to the shared directory at location
c.id/rootfs
a. For overlay based snapshotters b. For block based snapshottersHypervisor supports block device hotplug a. overlay based snapshotters Kata bind mounts the rootfs location to the shared directory at location
c.id/rootfs
b. block based graph drivers (e.g devicemapper) where the rootfs is a directory within the device c. block based snapshotters (e.g firecracker devicemapper, kata lvm) where the rootfs is the deviceHypervisor supports block device hotplug but user chooses to not use block hotplug Kata bind mounts the rootfs location to the shared directory at location
c.id/rootfs
a. For overlay based snapshotters b. For block based snapshottersWe need to handle all of these cases
Fix
Test Matrix
with Kata configured to A. Disable block device hotplug B. Enable block device hotplug