From 909d3739d42e44ff3ccbde6eafd50313a7f347a9 Mon Sep 17 00:00:00 2001 From: "James O. D. Hunt" Date: Mon, 19 Nov 2018 15:23:16 +0000 Subject: [PATCH] rootfs: Support agent tracing Add `AGENT_TRACE=yes` option to build a rootfs with agent tracing support. Fixes #199. Signed-off-by: James O. D. Hunt --- Makefile | 1 + rootfs-builder/README.md | 14 ++++++++++++++ rootfs-builder/alpine/config.sh | 1 + rootfs-builder/centos/config.sh | 1 + rootfs-builder/clearlinux/config.sh | 1 + rootfs-builder/debian/config.sh | 1 + rootfs-builder/euleros/config.sh | 1 + rootfs-builder/fedora/config.sh | 1 + rootfs-builder/rootfs.sh | 27 +++++++++++++++++++++++++-- rootfs-builder/suse/config.sh | 1 + rootfs-builder/ubuntu/config.sh | 1 + 11 files changed, 48 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index ec23eb65..4c6c3344 100644 --- a/Makefile +++ b/Makefile @@ -11,6 +11,7 @@ IMAGE_BUILDER := $(MK_DIR)/image-builder/image_builder.sh IMG_SIZE = 500 AGENT_INIT ?= no +AGENT_TRACE ?= no DISTRO ?= centos ROOTFS_BUILD_DEST := $(PWD) IMAGES_BUILD_DEST := $(PWD) diff --git a/rootfs-builder/README.md b/rootfs-builder/README.md index 56604fbc..3b9b24ac 100644 --- a/rootfs-builder/README.md +++ b/rootfs-builder/README.md @@ -52,6 +52,20 @@ To build a rootfs for your chosen distribution, run: $ sudo ./rootfs.sh ``` +### Enabling tracing + +To build a rootfs with agent tracing support, specify the `AGENT_TRACE=yes` +option: + +``` +$ sudo AGENT_TRACE="yes" AGENT_INIT="no" ./rootfs.sh +``` + +> **NOTE:**: +> +> Tracing only works for non-initrd images. +> See https://github.com/kata-containers/agent/blob/master/TRACING.md for further details. + ## Creating a rootfs with kernel modules To build a rootfs with additional kernel modules, run: diff --git a/rootfs-builder/alpine/config.sh b/rootfs-builder/alpine/config.sh index b002ba07..0916a2cd 100644 --- a/rootfs-builder/alpine/config.sh +++ b/rootfs-builder/alpine/config.sh @@ -24,3 +24,4 @@ INIT_PROCESS=kata-agent ARCH_EXCLUDE_LIST=() [ "$SECCOMP" = "yes" ] && PACKAGES+=" libseccomp" +[ "$AGENT_TRACE" = "yes" ] && PACKAGES+=" socat" diff --git a/rootfs-builder/centos/config.sh b/rootfs-builder/centos/config.sh index f1bd1486..a93e4f0d 100644 --- a/rootfs-builder/centos/config.sh +++ b/rootfs-builder/centos/config.sh @@ -36,3 +36,4 @@ INIT_PROCESS=systemd ARCH_EXCLUDE_LIST=() [ "$SECCOMP" = "yes" ] && PACKAGES+=" libseccomp" +[ "$AGENT_TRACE" = "yes" ] && PACKAGES+=" socat" diff --git a/rootfs-builder/clearlinux/config.sh b/rootfs-builder/clearlinux/config.sh index fe4c93a2..b59e5ed8 100644 --- a/rootfs-builder/clearlinux/config.sh +++ b/rootfs-builder/clearlinux/config.sh @@ -29,3 +29,4 @@ INIT_PROCESS=systemd ARCH_EXCLUDE_LIST=(ppc64le) [ "$SECCOMP" = "yes" ] && PACKAGES+=" libseccomp" +[ "$AGENT_TRACE" = "yes" ] && PACKAGES+=" socat" diff --git a/rootfs-builder/debian/config.sh b/rootfs-builder/debian/config.sh index a9a18484..aefd043d 100644 --- a/rootfs-builder/debian/config.sh +++ b/rootfs-builder/debian/config.sh @@ -18,3 +18,4 @@ INIT_PROCESS=systemd ARCH_EXCLUDE_LIST=() [ "$SECCOMP" = "yes" ] && PACKAGES+=" libseccomp2" +[ "$AGENT_TRACE" = "yes" ] && PACKAGES+=" socat" diff --git a/rootfs-builder/euleros/config.sh b/rootfs-builder/euleros/config.sh index 3e26de5f..bfdadf83 100644 --- a/rootfs-builder/euleros/config.sh +++ b/rootfs-builder/euleros/config.sh @@ -27,3 +27,4 @@ ARCH_EXCLUDE_LIST=() BUILD_CAN_FAIL=1 [ "$SECCOMP" = "yes" ] && PACKAGES+=" libseccomp" +[ "$AGENT_TRACE" = "yes" ] && PACKAGES+=" socat" diff --git a/rootfs-builder/fedora/config.sh b/rootfs-builder/fedora/config.sh index 1dd5c57e..ae5c8b8f 100644 --- a/rootfs-builder/fedora/config.sh +++ b/rootfs-builder/fedora/config.sh @@ -21,3 +21,4 @@ INIT_PROCESS=systemd ARCH_EXCLUDE_LIST=() [ "$SECCOMP" = "yes" ] && PACKAGES+=" libseccomp" +[ "$AGENT_TRACE" = "yes" ] && PACKAGES+=" socat" diff --git a/rootfs-builder/rootfs.sh b/rootfs-builder/rootfs.sh index 04def902..8bb96d5e 100755 --- a/rootfs-builder/rootfs.sh +++ b/rootfs-builder/rootfs.sh @@ -14,6 +14,7 @@ AGENT_VERSION=${AGENT_VERSION:-} GO_AGENT_PKG=${GO_AGENT_PKG:-github.com/kata-containers/agent} AGENT_BIN=${AGENT_BIN:-kata-agent} AGENT_INIT=${AGENT_INIT:-no} +AGENT_TRACE=${AGENT_TRACE:-no} KERNEL_MODULES_DIR=${KERNEL_MODULES_DIR:-""} OSBUILDER_VERSION="unknown" @@ -71,6 +72,11 @@ AGENT_INIT When set to "yes", use ${AGENT_BIN} as init process in place of systemd. Default value: no +AGENT_TRACE When set to "yes", create a rootfs containing additional + elements to support tracing the agent using https://jaegertracing.io. + Incompatible with AGENT_INIT="yes". + Default value: no + AGENT_VERSION Version of the agent to include in the rootfs. Default value: ${AGENT_VERSION:-} @@ -336,6 +342,7 @@ if [ -n "${USE_DOCKER}" ] ; then --env ROOTFS_DIR="/rootfs" \ --env AGENT_BIN="${AGENT_BIN}" \ --env AGENT_INIT="${AGENT_INIT}" \ + --env AGENT_TRACE="${AGENT_TRACE}" \ --env GOPATH="${GOPATH_LOCAL}" \ --env KERNEL_MODULES_DIR="${KERNEL_MODULES_DIR}" \ --env EXTRA_PKGS="${EXTRA_PKGS}" \ @@ -362,6 +369,10 @@ build_rootfs ${ROOTFS_DIR} AGENT_DIR="${ROOTFS_DIR}/usr/bin" AGENT_DEST="${AGENT_DIR}/${AGENT_BIN}" +# Assume that if the user wants trace, they want the ability to see the guest +# OS journal messages for debug purposes +TRACE_DEV_MODE=${AGENT_TRACE} + if [ -z "${AGENT_SOURCE_BIN}" ] ; then info "Pull Agent source code" go get -d "${GO_AGENT_PKG}" || true @@ -371,8 +382,20 @@ if [ -z "${AGENT_SOURCE_BIN}" ] ; then pushd "${GOPATH_LOCAL}/src/${GO_AGENT_PKG}" [ -n "${AGENT_VERSION}" ] && git checkout "${AGENT_VERSION}" && OK "git checkout successful" make clean - make INIT=${AGENT_INIT} - make install DESTDIR="${ROOTFS_DIR}" INIT=${AGENT_INIT} SECCOMP=${SECCOMP} + make INIT=${AGENT_INIT} TRACE=${AGENT_TRACE} TRACE_DEV_MODE=${TRACE_DEV_MODE} + make install DESTDIR="${ROOTFS_DIR}" INIT=${AGENT_INIT} TRACE=${AGENT_TRACE} SECCOMP=${SECCOMP} TRACE_DEV_MODE=${TRACE_DEV_MODE} + + # List of additional agent systemd services (from the agent repository) + services=() + + [ "${AGENT_TRACE}" = "yes" ] && services+=("jaeger-client-socat-redirector.service") + [ "${TRACE_DEV_MODE}" = "yes" ] && services+=("kata-journald-host-redirect.service") + + for service in "${services[@]}" + do + chroot "${ROOTFS_DIR}" systemctl enable "$service" + done + popd else cp ${AGENT_SOURCE_BIN} ${AGENT_DEST} diff --git a/rootfs-builder/suse/config.sh b/rootfs-builder/suse/config.sh index 5e970e24..8e070ed5 100644 --- a/rootfs-builder/suse/config.sh +++ b/rootfs-builder/suse/config.sh @@ -54,3 +54,4 @@ if [ -z "${REPO_URL:-}" ]; then fi [ "$SECCOMP" = "yes" ] && PACKAGES+=" libseccomp2" +[ "$AGENT_TRACE" = "yes" ] && PACKAGES+=" socat" diff --git a/rootfs-builder/ubuntu/config.sh b/rootfs-builder/ubuntu/config.sh index 11b0f99a..5b06e910 100644 --- a/rootfs-builder/ubuntu/config.sh +++ b/rootfs-builder/ubuntu/config.sh @@ -31,3 +31,4 @@ INIT_PROCESS=systemd ARCH_EXCLUDE_LIST=() [ "$SECCOMP" = "yes" ] && PACKAGES+=" libseccomp2" +[ "$AGENT_TRACE" = "yes" ] && PACKAGES+=" socat"