Skip to content

Commit 167af9e

Browse files
committed
agent: add agent.image_pull_timeout parameter
This new parameter for kata-agent is used to control the timeout for a guest pull request. Note that sometimes an image can be really big, so we set default timeout to 1200 seconds (20 minutes). Signed-off-by: Xynnn007 <[email protected]>
1 parent 8e95882 commit 167af9e

File tree

3 files changed

+25
-5
lines changed

3 files changed

+25
-5
lines changed

src/agent/README.md

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -129,6 +129,7 @@ The kata agent has the ability to configure agent options in guest kernel comman
129129
| `agent.guest_components_procs` | guest-components processes | Attestation-related processes that should be spawned as children of the guest. Valid values are `none`, `attestation-agent`, `confidential-data-hub` (implies `attestation-agent`), `api-server-rest` (implies `attestation-agent` and `confidential-data-hub`) | string | `api-server-rest` |
130130
| `agent.hotplug_timeout` | Hotplug timeout | Allow to configure hotplug timeout(seconds) of block devices | integer | `3` |
131131
| `agent.cdh_api_timeout` | Confidential Data Hub (CDH) API timeout | Allow to configure CDH API timeout(seconds) | integer | `50` |
132+
| `agent.image_pull_timeout` | Confidential Data Hub (CDH) Image Pull API timeout | Allow to configure CDH API image pull timeout(seconds) | integer | `1200` |
132133
| `agent.https_proxy` | HTTPS proxy | Allow to configure `https_proxy` in the guest | string | `""` |
133134
| `agent.image_registry_auth` | Image registry credential URI | The URI to where image-rs can find the credentials for pulling images from private registries e.g. `file:///root/.docker/config.json` to read from a file in the guest image, or `kbs:///default/credentials/test` to get the file from the KBS| string | `""` |
134135
| `agent.enable_signature_verification` | Image security policy flag | Whether enable image security policy enforcement. If `true`, the resource indexed by URI `agent.image_policy_file` will be got to work as image pulling policy. | string | `""` |
@@ -148,7 +149,7 @@ The kata agent has the ability to configure agent options in guest kernel comman
148149
> The agent will fail to start if the configuration file is not present,
149150
> or if it can't be parsed properly.
150151
> - `agent.devmode`: true | false
151-
> - `agent.hotplug_timeout` and `agent.cdh_api_timeout`: a whole number of seconds
152+
> - `agent.hotplug_timeout`, `agent.image_pull_timeout` and `agent.cdh_api_timeout`: a whole number of seconds
152153
> - `agent.log`: "critical"("fatal" | "panic") | "error" | "warn"("warning") | "info" | "debug"
153154
> - `agent.server_addr`: "{VSOCK_ADDR}:{VSOCK_PORT}"
154155
> - `agent.trace`: true | false

src/agent/src/confidential_data_hub/mod.rs

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -131,7 +131,7 @@ impl CDHClient {
131131
let _ = self
132132
.image_pull_client
133133
.pull_image(
134-
ttrpc::context::with_timeout(AGENT_CONFIG.cdh_api_timeout.as_nanos() as i64),
134+
ttrpc::context::with_timeout(AGENT_CONFIG.image_pull_timeout.as_nanos() as i64),
135135
&req,
136136
)
137137
.await?;
@@ -174,7 +174,7 @@ pub async fn unseal_env(env: &str) -> Result<String> {
174174
/// pull_image is used for call confidential data hub to pull image in the guest.
175175
/// Image layers will store at [`image::KATA_IMAGE_WORK_DIR`]`,
176176
/// rootfs and config.json will store under given `bundle_path`.
177-
///
177+
///
178178
/// # Parameters
179179
/// - `image`: Image name (exp: quay.io/prometheus/busybox:latest)
180180
/// - `bundle_path`: The path to store the image bundle (exp. /run/kata-containers/cb0b47276ea66ee9f44cc53afa94d7980b57a52c3f306f68cb034e58d9fbd3c6/rootfs)
@@ -189,7 +189,7 @@ pub async fn pull_image(image: &str, bundle_path: PathBuf) -> Result<String> {
189189
cdh_client
190190
.pull_image(image, bundle_path.to_string_lossy().as_ref())
191191
.await?;
192-
192+
193193
let image_bundle_path = scoped_join(&bundle_path, "rootfs")?;
194194
Ok(image_bundle_path.as_path().display().to_string())
195195
}

src/agent/src/config.rs

Lines changed: 20 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -23,6 +23,7 @@ const SERVER_ADDR_OPTION: &str = "agent.server_addr";
2323
const PASSFD_LISTENER_PORT: &str = "agent.passfd_listener_port";
2424
const HOTPLUG_TIMOUT_OPTION: &str = "agent.hotplug_timeout";
2525
const CDH_API_TIMOUT_OPTION: &str = "agent.cdh_api_timeout";
26+
const CDH_IMAGE_PULL_TIMEOUT_OPTION: &str = "agent.image_pull_timeout";
2627
const CDI_TIMEOUT_OPTION: &str = "agent.cdi_timeout";
2728
const DEBUG_CONSOLE_VPORT_OPTION: &str = "agent.debug_console_vport";
2829
const LOG_VPORT_OPTION: &str = "agent.log_vport";
@@ -63,6 +64,7 @@ const MEM_AGENT_COMPACT_FORCE_TIMES: &str = "agent.mem_agent_compact_force_times
6364
const DEFAULT_LOG_LEVEL: slog::Level = slog::Level::Info;
6465
const DEFAULT_HOTPLUG_TIMEOUT: time::Duration = time::Duration::from_secs(3);
6566
const DEFAULT_CDH_API_TIMEOUT: time::Duration = time::Duration::from_secs(50);
67+
const DEFAULT_IMAGE_PULL_TIMEOUT: time::Duration = time::Duration::from_secs(1200);
6668
const DEFAULT_CDI_TIMEOUT: time::Duration = time::Duration::from_secs(100);
6769
const DEFAULT_CONTAINER_PIPE_SIZE: i32 = 0;
6870
const VSOCK_ADDR: &str = "vsock://-1";
@@ -126,6 +128,7 @@ pub struct AgentConfig {
126128
pub log_level: slog::Level,
127129
pub hotplug_timeout: time::Duration,
128130
pub cdh_api_timeout: time::Duration,
131+
pub image_pull_timeout: time::Duration,
129132
pub cdi_timeout: time::Duration,
130133
pub debug_console_vport: i32,
131134
pub log_vport: i32,
@@ -158,6 +161,7 @@ pub struct AgentConfigBuilder {
158161
pub log_level: Option<String>,
159162
pub hotplug_timeout: Option<time::Duration>,
160163
pub cdh_api_timeout: Option<time::Duration>,
164+
pub image_pull_timeout: Option<time::Duration>,
161165
pub cdi_timeout: Option<time::Duration>,
162166
pub debug_console_vport: Option<i32>,
163167
pub log_vport: Option<i32>,
@@ -251,6 +255,7 @@ impl Default for AgentConfig {
251255
log_level: DEFAULT_LOG_LEVEL,
252256
hotplug_timeout: DEFAULT_HOTPLUG_TIMEOUT,
253257
cdh_api_timeout: DEFAULT_CDH_API_TIMEOUT,
258+
image_pull_timeout: DEFAULT_IMAGE_PULL_TIMEOUT,
254259
cdi_timeout: DEFAULT_CDI_TIMEOUT,
255260
debug_console_vport: 0,
256261
log_vport: 0,
@@ -291,6 +296,7 @@ impl FromStr for AgentConfig {
291296
);
292297
config_override!(agent_config_builder, agent_config, hotplug_timeout);
293298
config_override!(agent_config_builder, agent_config, cdh_api_timeout);
299+
config_override!(agent_config_builder, agent_config, image_pull_timeout);
294300
config_override!(agent_config_builder, agent_config, cdi_timeout);
295301
config_override!(agent_config_builder, agent_config, debug_console_vport);
296302
config_override!(agent_config_builder, agent_config, log_vport);
@@ -457,6 +463,15 @@ impl AgentConfig {
457463
|cdh_api_timeout: &time::Duration| cdh_api_timeout.as_secs() > 0
458464
);
459465

466+
// ensure the timeout is a positive value
467+
parse_cmdline_param!(
468+
param,
469+
CDH_IMAGE_PULL_TIMEOUT_OPTION,
470+
config.image_pull_timeout,
471+
get_timeout,
472+
|image_pull_timeout: &time::Duration| image_pull_timeout.as_secs() > 0
473+
);
474+
460475
// ensure the timeout is a positive value
461476
parse_cmdline_param!(
462477
param,
@@ -723,7 +738,10 @@ fn get_timeout(param: &str) -> Result<time::Duration> {
723738
ensure!(
724739
matches!(
725740
fields[0],
726-
HOTPLUG_TIMOUT_OPTION | CDH_API_TIMOUT_OPTION | CDI_TIMEOUT_OPTION
741+
HOTPLUG_TIMOUT_OPTION
742+
| CDH_API_TIMOUT_OPTION
743+
| CDH_IMAGE_PULL_TIMEOUT_OPTION
744+
| CDI_TIMEOUT_OPTION
727745
),
728746
ERR_INVALID_TIMEOUT_KEY
729747
);
@@ -1608,6 +1626,7 @@ Caused by:
16081626
)))]
16091627
#[case("agent.chd_api_timeout=1", Err(anyhow!(ERR_INVALID_TIMEOUT_KEY)))]
16101628
#[case("agent.cdh_api_timeout=600", Ok(time::Duration::from_secs(600)))]
1629+
#[case("agent.image_pull_timeout=1200", Ok(time::Duration::from_secs(1200)))]
16111630
#[case("agent.cdi_timeout=320", Ok(time::Duration::from_secs(320)))]
16121631
fn test_timeout(#[case] param: &str, #[case] expected: Result<time::Duration>) {
16131632
let result = get_timeout(param);

0 commit comments

Comments
 (0)