runtime: hard-code Firecracker API socket path

samuelkarp · samuelkarp · commit 25b61de9ab98 · 2019-03-19T14:45:04.000-07:00
The Firecracker API socket is important for the runtime, as it uses the socket to communicate with Firecracker. Allowing the runtime to fully control the API socket (including its path) removes a potential failure condition from misconfiguration. The API socket is hard-coded to exist within the current working directory. Part of the contract that containerd exposes for runtimes is that they are started with the current working directory changed to be that of the OCI bundle. Using an API socket in the OCI bundle makes its location well-known and predictable to the runtime. Related: #59 Related: firecracker-microvm/firecracker-go-sdk#88 Signed-off-by: Samuel Karp <skarp@amazon.com>
diff --git a/docs/getting-started.md b/docs/getting-started.md
@@ -212,10 +212,6 @@ configuration file has the following fields:
   `firecracker` located in its working directory.  A fully-qualified path to the
   `firecracker` binary is recommended, as the working directory typically
   changes every execution when run by containerd.
-* `socket_path` (required) - A path where a socket file should be created for
-  communicating with the Firecracker API.  A relative path like
-  `./firecracker.sock` is recommended so that the socket is created in the
-  temporary working directory allocated by containerd.
 * `kernel_image_path` (required) - A path where the kernel image file is
   located.  A fully-qualified path is recommended.
 * `kernel_args` (required) - Arguments for the kernel command line.
@@ -241,7 +237,6 @@ configuration file has the following fields:
 ```json
 {
   "firecracker_binary_path": "/usr/local/bin/firecracker",
-  "socket_path": "./firecracker.sock",
   "kernel_image_path": "/var/lib/firecracker-containerd/runtime/hello-vmlinux.bin",
   "kernel_args": "console=ttyS0 noapic reboot=k panic=1 pci=off nomodules rw",
   "root_drive": "/var/lib/firecracker-containerd/runtime/hello-rootfs.ext4",
diff --git a/docs/quickstart.md b/docs/quickstart.md
@@ -138,7 +138,6 @@ sudo mkdir -p /etc/containerd
 sudo tee -a /etc/containerd/firecracker-runtime.json <<EOF
 {
   "firecracker_binary_path": "/usr/local/bin/firecracker",
-  "socket_path": "./firecracker.sock",
   "kernel_image_path": "/var/lib/firecracker-containerd/runtime/hello-vmlinux.bin",
   "kernel_args": "console=ttyS0 noapic reboot=k panic=1 pci=off nomodules rw",
   "root_drive": "/var/lib/firecracker-containerd/runtime/hello-rootfs.ext4",
diff --git a/runtime/README.md b/runtime/README.md
@@ -38,10 +38,6 @@ configuration file has the following fields:
   `firecracker` located in its working directory.  A fully-qualified path to the
   `firecracker` binary is recommended, as the working directory typically
   changes every execution when run by containerd.
-* `socket_path` (required) - A path where a socket file should be created for
-  communicating with the Firecracker API.  A relative path like
-  `./firecracker.sock` is recommended so that the socket is created in the
-  temporary working directory allocated by containerd.
 * `kernel_image_path` (required) - A path where the kernel image file is
   located.  A fully-qualified path is recommended.
 * `kernel_args` (required) - Arguments for the kernel command line.
diff --git a/runtime/config.go b/runtime/config.go
@@ -24,12 +24,12 @@ import (
 const (
 	configPathEnvName = "FIRECRACKER_CONTAINERD_RUNTIME_CONFIG_PATH"
 	defaultConfigPath = "/etc/containerd/firecracker-runtime.json"
+	defaultSocketPath = "./firecracker.sock"
 )
 
 // Config represents runtime configuration parameters
 type Config struct {
 	FirecrackerBinaryPath string            `json:"firecracker_binary_path"`
-	SocketPath            string            `json:"socket_path"`
 	KernelImagePath       string            `json:"kernel_image_path"`
 	KernelArgs            string            `json:"kernel_args"`
 	RootDrive             string            `json:"root_drive"`
diff --git a/runtime/config.json.example b/runtime/config.json.example
@@ -1,6 +1,5 @@
 {
   "firecracker_binary_path": "./firecracker",
-  "socket_path": "./firecracker.sock",
   "kernel_image_path": "vmlinux",
   "kernel_args": "console=ttyS0 noapic reboot=k panic=1 pci=off nomodules rw",
   "root_drive": "./vsock.img",
diff --git a/runtime/service.go b/runtime/service.go
@@ -637,7 +637,7 @@ func (s *service) startVM(ctx context.Context,
 	}
 
 	cfg := firecracker.Config{
-		SocketPath:      s.config.SocketPath,
+		SocketPath:      defaultSocketPath,
 		VsockDevices:    []firecracker.VsockDevice{{Path: "root", CID: cid}},
 		KernelImagePath: s.config.KernelImagePath,
 		KernelArgs:      s.config.KernelArgs,
@@ -673,7 +673,7 @@ func (s *service) startVM(ctx context.Context,
 	cfg.Drives = driveBuilder.Build()
 	cmd := firecracker.VMCommandBuilder{}.
 		WithBin(s.config.FirecrackerBinaryPath).
-		WithSocketPath(s.config.SocketPath).
+		WithSocketPath(defaultSocketPath).
 		Build(ctx)
 	machineOpts := []firecracker.Opt{
 		firecracker.WithProcessRunner(cmd),

Original file line number	Diff line number	Diff line change
`@@ -138,7 +138,6 @@ sudo mkdir -p /etc/containerd`
`138`	`138`	`sudo tee -a /etc/containerd/firecracker-runtime.json <<EOF`
`139`	`139`	`{`
`140`	`140`	`"firecracker_binary_path": "/usr/local/bin/firecracker",`
`141`		`- "socket_path": "./firecracker.sock",`
`142`	`141`	`"kernel_image_path": "/var/lib/firecracker-containerd/runtime/hello-vmlinux.bin",`
`143`	`142`	`"kernel_args": "console=ttyS0 noapic reboot=k panic=1 pci=off nomodules rw",`
`144`	`143`	`"root_drive": "/var/lib/firecracker-containerd/runtime/hello-rootfs.ext4",`
Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,5 @@`
`1`	`1`	`{`
`2`	`2`	`"firecracker_binary_path": "./firecracker",`
`3`		`- "socket_path": "./firecracker.sock",`
`4`	`3`	`"kernel_image_path": "vmlinux",`
`5`	`4`	`"kernel_args": "console=ttyS0 noapic reboot=k panic=1 pci=off nomodules rw",`
`6`	`5`	`"root_drive": "./vsock.img",`