kata-containers · jodh-intel · Nov 19, 2018 · Nov 19, 2018 · Feb 25, 2019 · amshinde
diff --git a/Makefile b/Makefile
@@ -10,6 +10,7 @@ INITRD_BUILDER := $(MK_DIR)/initrd-builder/initrd_builder.sh
 IMAGE_BUILDER  := $(MK_DIR)/image-builder/image_builder.sh
 
 AGENT_INIT            ?= no
+AGENT_TRACE           ?= no
 DISTRO                ?= centos
 ROOTFS_BUILD_DEST     := $(PWD)
 IMAGES_BUILD_DEST     := $(PWD)

diff --git a/rootfs-builder/README.md b/rootfs-builder/README.md
@@ -52,6 +52,20 @@ To build a rootfs for your chosen distribution, run:
 $ sudo ./rootfs.sh <distro>
 ```
 
+### Enabling tracing
+
+To build a rootfs with agent tracing support, specify the `AGENT_TRACE=yes`
+option:
+
+```
+$ sudo AGENT_TRACE="yes" AGENT_INIT="no" ./rootfs.sh <distro>
+```
+
+> **NOTE:**:
+>
+> Tracing only works for non-initrd images.
+> See https://github.com/kata-containers/agent/blob/master/TRACING.md for further details.
+
 ## Creating a rootfs with kernel modules
 
 To build a rootfs with additional kernel modules, run:

diff --git a/rootfs-builder/alpine/config.sh b/rootfs-builder/alpine/config.sh
@@ -23,4 +23,8 @@ INIT_PROCESS=kata-agent
 # as reported by  `uname -m`
 ARCH_EXCLUDE_LIST=()
 
-[ "$SECCOMP" = "yes" ] && PACKAGES+=" libseccomp" || true
+[ "$SECCOMP" = "yes" ] && PACKAGES+=" libseccomp"
+[ "$AGENT_TRACE" = "yes" ] && PACKAGES+=" socat"
+
+# Ensure script succeeds when sourced
+true
diff --git a/rootfs-builder/centos/config.sh b/rootfs-builder/centos/config.sh
@@ -27,12 +27,16 @@ PACKAGES="iptables chrony"
 #Optional packages:
 # systemd: An init system that will start kata-agent if kata-agent
 #          itself is not configured as init process.
-[ "$AGENT_INIT" == "no" ] && PACKAGES+=" systemd" || true
+[ "$AGENT_INIT" = "no" ] && PACKAGES+=" systemd"
 
 # Init process must be one of {systemd,kata-agent}
 INIT_PROCESS=systemd
 # List of zero or more architectures to exclude from build,
 # as reported by  `uname -m`
 ARCH_EXCLUDE_LIST=()
 
-[ "$SECCOMP" = "yes" ] && PACKAGES+=" libseccomp" || true
+[ "$SECCOMP" = "yes" ] && PACKAGES+=" libseccomp"
+[ "$AGENT_TRACE" = "yes" ] && PACKAGES+=" socat"
+
+# Ensure script succeeds when sourced
+true
diff --git a/rootfs-builder/clearlinux/config.sh b/rootfs-builder/clearlinux/config.sh
@@ -20,12 +20,16 @@ PACKAGES="iptables-bin libudev0-shim chrony"
 #Optional packages:
 # systemd: An init system that will start kata-agent if kata-agent
 #          itself is not configured as init process.
-[ "$AGENT_INIT" == "no" ] && PACKAGES+=" systemd" || true
+[ "$AGENT_INIT" = "no" ] && PACKAGES+=" systemd"
 
 # Init process must be one of {systemd,kata-agent}
 INIT_PROCESS=systemd
 # List of zero or more architectures to exclude from build,
 # as reported by  `uname -m`
 ARCH_EXCLUDE_LIST=(ppc64le)
 
-[ "$SECCOMP" = "yes" ] && PACKAGES+=" libseccomp" || true
+[ "$SECCOMP" = "yes" ] && PACKAGES+=" libseccomp"
+[ "$AGENT_TRACE" = "yes" ] && PACKAGES+=" socat"
+
+# Ensure script succeeds when sourced
+true
diff --git a/rootfs-builder/debian/config.sh b/rootfs-builder/debian/config.sh
@@ -18,3 +18,9 @@ INIT_PROCESS=systemd
 # List of zero or more architectures to exclude from build,
 # as reported by  `uname -m`
 ARCH_EXCLUDE_LIST=()
+
+[ "$SECCOMP" = "yes" ] && PACKAGES+=" libseccomp2"
+[ "$AGENT_TRACE" = "yes" ] && PACKAGES+=" socat"
+
+# Ensure script succeeds when sourced
+true
diff --git a/rootfs-builder/euleros/config.sh b/rootfs-builder/euleros/config.sh
@@ -15,7 +15,7 @@ PACKAGES="iptables chrony"
 #Optional packages:
 # systemd: An init system that will start kata-agent if kata-agent
 #          itself is not configured as init process.
-[ "$AGENT_INIT" == "no" ] && PACKAGES+=" systemd" || true
+[ "$AGENT_INIT" = "no" ] && PACKAGES+=" systemd"
 
 # Init process must be one of {systemd,kata-agent}
 INIT_PROCESS=systemd
@@ -26,4 +26,8 @@ ARCH_EXCLUDE_LIST=()
 # For more info see: https://github.com/kata-containers/osbuilder/issues/190
 BUILD_CAN_FAIL=1
 
-[ "$SECCOMP" = "yes" ] && PACKAGES+=" libseccomp" || true
+[ "$SECCOMP" = "yes" ] && PACKAGES+=" libseccomp"
+[ "$AGENT_TRACE" = "yes" ] && PACKAGES+=" socat"
+
+# Ensure script succeeds when sourced
+true
diff --git a/rootfs-builder/fedora/config.sh b/rootfs-builder/fedora/config.sh
@@ -14,10 +14,14 @@ PACKAGES="iptables chrony"
 #Optional packages:
 # systemd: An init system that will start kata-agent if kata-agent
 #          itself is not configured as init process.
-[ "$AGENT_INIT" == "no" ] && PACKAGES+=" systemd" || true
+[ "$AGENT_INIT" = "no" ] && PACKAGES+=" systemd"
 
 # Init process must be one of {systemd,kata-agent}
 INIT_PROCESS=systemd
 ARCH_EXCLUDE_LIST=()
 
-[ "$SECCOMP" = "yes" ] && PACKAGES+=" libseccomp" || true
+[ "$SECCOMP" = "yes" ] && PACKAGES+=" libseccomp"
+[ "$AGENT_TRACE" = "yes" ] && PACKAGES+=" socat"
+
+# Ensure script succeeds when sourced
+true
diff --git a/rootfs-builder/rootfs.sh b/rootfs-builder/rootfs.sh
@@ -14,6 +14,8 @@ AGENT_VERSION=${AGENT_VERSION:-}
 GO_AGENT_PKG=${GO_AGENT_PKG:-github.com/kata-containers/agent}
 AGENT_BIN=${AGENT_BIN:-kata-agent}
 AGENT_INIT=${AGENT_INIT:-no}
+AGENT_TRACE=${AGENT_TRACE:-no}
+TRACE_DEV_MODE=${TRACE_DEV_MODE:-no}
 KERNEL_MODULES_DIR=${KERNEL_MODULES_DIR:-""}
 OSBUILDER_VERSION="unknown"
 DOCKER_RUNTIME=${DOCKER_RUNTIME:-runc}
@@ -73,6 +75,11 @@ AGENT_INIT          When set to "yes", use ${AGENT_BIN} as init process in place
                     of systemd.
                     Default value: no
 
+AGENT_TRACE         When set to "yes", create a rootfs containing additional
+                    elements to support tracing the agent using https://jaegertracing.io.
+                    Incompatible with AGENT_INIT="yes".
+                    Default value: no
+
 AGENT_VERSION       Version of the agent to include in the rootfs.
                     Default value: ${AGENT_VERSION:-<not set>}
 
@@ -100,6 +107,9 @@ KERNEL_MODULES_DIR  Path to a directory containing kernel modules to include in
 ROOTFS_DIR          Path to the directory that is populated with the rootfs.
                     Default value: <${script_name} path>/rootfs-<distro-name>
 
+TRACE_DEV_MODE      Redirect agent output to journal if set to "yes".
+                    Default value: no
+
 USE_DOCKER          If set, build the rootfs inside a container (requires
                     Docker).
                     Default value: <not set>
@@ -357,12 +367,14 @@ if [ -n "${USE_DOCKER}" ] ; then
 		--env ROOTFS_DIR="/rootfs" \
 		--env AGENT_BIN="${AGENT_BIN}" \
 		--env AGENT_INIT="${AGENT_INIT}" \
+		--env AGENT_TRACE="${AGENT_TRACE}" \
 		--env GOPATH="${GOPATH_LOCAL}" \
 		--env KERNEL_MODULES_DIR="${KERNEL_MODULES_DIR}" \
 		--env EXTRA_PKGS="${EXTRA_PKGS}" \
 		--env OSBUILDER_VERSION="${OSBUILDER_VERSION}" \
 		--env INSIDE_CONTAINER=1 \
 		--env SECCOMP="${SECCOMP}" \
+		--env TRACE_DEV_MODE="${TRACE_DEV_MODE}" \
 		--env DEBUG="${DEBUG}" \
 		-v "${script_dir}":"/osbuilder" \
 		-v "${ROOTFS_DIR}":"/rootfs" \
@@ -401,6 +413,8 @@ sed -i 's/^\(server \|pool \|peer \)/# &/g'  ${chrony_conf_file}
 # See issue: https://github.com/kata-containers/osbuilder/issues/217
 [ "$distro" == fedora ] && [ "$ARCH" == "s390x" ] && export CC=gcc
 
+[ "${AGENT_TRACE}" = "yes" ] && [ "${AGENT_INIT}" = "yes" ] && die "AGENT_TRACE not supported with AGENT_INIT"
+
 AGENT_DIR="${ROOTFS_DIR}/usr/bin"
 AGENT_DEST="${AGENT_DIR}/${AGENT_BIN}"
 
@@ -414,7 +428,30 @@ if [ -z "${AGENT_SOURCE_BIN}" ] ; then
 	[ -n "${AGENT_VERSION}" ] && git checkout "${AGENT_VERSION}" && OK "git checkout successful"
 	make clean
 	make INIT=${AGENT_INIT}
-	make install DESTDIR="${ROOTFS_DIR}" INIT=${AGENT_INIT} SECCOMP=${SECCOMP}
+	make install DESTDIR="${ROOTFS_DIR}" INIT=${AGENT_INIT} SECCOMP=${SECCOMP} \
+		TRACE="${AGENT_TRACE}" TRACE_DEV_MODE="${TRACE_DEV_MODE}"
+
+	# List of additional agent systemd services (from the agent repository)
+	services=()
+
+	[ "${AGENT_TRACE}" = "yes" ] && services+=("jaeger-client-socat-redirector.service")
+	[ "${TRACE_DEV_MODE}" = "yes" ] && services+=("kata-journald-host-redirect.service")
+
+	# Redirect agent output to journal
+	if [ "${TRACE_DEV_MODE}" = "yes" ]
+	then
+		file="./kata-redirect-agent-output-to-journal.conf"
+		dir="${ROOTFS_DIR}/etc/systemd/system/kata-agent.service.d/"
+		mkdir -p "$dir"
+		install -o root -g root -m 0440 "$file" "$dir"
+	fi
+
+	# Enable services
+	for service in "${services[@]}"
+	do
+		chroot "${ROOTFS_DIR}" systemctl enable "$service"
+	done
+
 	popd
 else
 	cp ${AGENT_SOURCE_BIN} ${AGENT_DEST}

diff --git a/rootfs-builder/suse/config.sh b/rootfs-builder/suse/config.sh
@@ -56,3 +56,9 @@ SUSE_FULLURL_UPDATE="${SUSE_URL_BASE}${SUSE_PATH_UPDATE}"
 if [ -z "${REPO_URL:-}" ]; then
 	REPO_URL="$SUSE_FULLURL_OSS"
 fi
+
+[ "$SECCOMP" = "yes" ] && PACKAGES+=" libseccomp2"
+[ "$AGENT_TRACE" = "yes" ] && PACKAGES+=" socat"
+
+# Ensure script succeeds when sourced
+true
diff --git a/rootfs-builder/template/config_template.sh b/rootfs-builder/template/config_template.sh
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2018 Intel Corporation
+# Copyright (c) 2018-2019 Intel Corporation
 #
 # SPDX-License-Identifier: Apache-2.0
 
@@ -20,3 +20,6 @@ ARCH_EXCLUDE_LIST=()
 # [When uncommented,] Allow the build to fail without generating an error
 # For more info see: https://github.com/kata-containers/osbuilder/issues/190
 #BUILD_CAN_FAIL=1
+
+# Ensure script succeeds when sourced
+true
diff --git a/rootfs-builder/ubuntu/config.sh b/rootfs-builder/ubuntu/config.sh
@@ -30,4 +30,8 @@ INIT_PROCESS=systemd
 # as reported by  `uname -m`
 ARCH_EXCLUDE_LIST=()
 
-[ "$SECCOMP" = "yes" ] && PACKAGES+=" libseccomp2" || true
+[ "$SECCOMP" = "yes" ] && PACKAGES+=" libseccomp2"
+[ "$AGENT_TRACE" = "yes" ] && PACKAGES+=" socat"
+
+# Ensure script succeeds when sourced
+true