Skip to content

Instantly share code, notes, and snippets.

@devimc

devimc/debugging-kata-agent.md

Last active November 4, 2022 23:35
Show Gist options
  • Star 4 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save devimc/f8e3373d8d8e6b3b5b56441d04875f2a to your computer and use it in GitHub Desktop.
Save devimc/f8e3373d8d8e6b3b5b56441d04875f2a to your computer and use it in GitHub Desktop.
Download ZIP
Debugging kata-agent
Raw
debugging-kata-agent.md

Create a functional Clear Container image using osbuilder

sudo -E FS_TYPE="ext4" USE_DOCKER=1 DISTRO=clearlinux AGENT_INIT=no EXTRA_PKGS="dbus-bin dbus-autostart util-linux-bin p11-kit-bin bash shadow ca-certs dist-pam-configs xz-bin tar-bin grep-bin sed-bin pigz-bin iproute2-bin procps-ng-bin psstop-bin htop-bin curl nano make-bin coreutils-bin pciutils strace-bin e2fsprogs-extras" make -e rootfs
sudo -E FS_TYPE="ext4" USE_DOCKER=1 DISTRO=clearlinux make -e image

WARNING: Comment "The list of systemd units and files that are not needed in Kata Containers" in image-builder/image_builder.sh

Start a new VM (QEMU)

/usr/bin/qemu-system-x86_64 -machine pc,accel=kvm,kernel_irqchip,nvdimm -cpu host -device nvdimm,id=nv0,memdev=mem0 \
-object memory-backend-file,id=mem0,mem-path=/home/fedora/container.img,size=419430400 -m 2048M,slots=2,maxmem=16998M \
-smp 4,cores=4,threads=1,sockets=1 -vga none -nographic -no-user-config -nodefaults -kernel \
/home/fedora/vmlinuz-4.9.35-76.container -append "root=/dev/pmem0p1 rootflags=dax,data=ordered,errors=remount-ro rw \
rootfstype=ext4 tsc=reliable no_timer_check rcupdate.rcu_expedited=1 i8042.direct=1 i8042.dumbkbd=1 i8042.nopnp=1 \
i8042.noaux=1 noreplace-smp reboot=k panic=1 console=hvc0 console=hvc1 initcall_debug iommu=off cryptomgr.notests net.ifnames=0 \
console=ttyS0" -device virtio-serial-pci,id=virtio-serial0 -chardev stdio,id=charconsole0,signal=off -device \
virtconsole,chardev=charconsole0,id=console0 -net nic,model=virtio -net user,id=net0,net=192.168.76.0/24 -device \
virtserialport,chardev=charch0,id=channel0,name=sh.hyper.channel.0 -chardev socket,id=charch0,path=hyper.sock,server,nowait \
-device virtserialport,chardev=charch1,id=channel1,name=sh.hyper.channel.1 -chardev \
socket,id=charch1,path=tty.sock,server,nowait

Start a new VM (Cloud Hypervisor)

kernel=vmlinux-kata-v5.6-virtiofs
kernel_params="root=/dev/pmem0p1 rootflags=dax,data=ordered,errors=remount-ro rw rootfstype=ext4 tsc=reliable \
no_timer_check rcupdate.rcu_expedited=1 i8042.direct=1 i8042.dumbkbd=1 i8042.nopnp=1 i8042.noaux=1 noreplace-smp \
reboot=k panic=1 console=hvc0 console=hvc1 initcall_debug iommu=off cryptomgr.notests net.ifnames=0 console=ttyS0"
image=kata-containers.img
img_size=$(stat -c "%s" $image)

cloud-hypervisor --cmdline "$kernel_params" \
--cpus max=2,topology=1:1:1:2 \
--kernel $kernel \
--console off \
--log-file /tmp/clh.log \
--memory size=1024M \
--pmem file=$image,size=$img_size,mergeable=on,discard_writes=on,id=pmem0 \
--serial tty

To debug systemd and unit files append next options to the kernel command line

systemd.journald.forward_to_console=1 systemd.log_level=debug systemd.log_target=console

To fix failed to load system roots and no roots provided

Error response from daemon: Get https://registry-1.docker.io/v2/: x509: failed to load system roots and no roots provided

systemctl start p11-kit-trigger.service
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment