Expose firecracker sockets #132
Conversation
This enables us to easily find the API Socket from within the host
There was a problem hiding this comment.
Hi @patrobinson 👋!
Thanks for this PR, very valid use-case IMO :)
Just one comment, let's not make a new subdirectory, but just keep it in /var/lib/firecracker/vm/$uid/
Does this sound good to you?
pkg/constants/constants.go
Outdated
| @@ -29,13 +29,14 @@ const ( | |||
| IGNITE_TIMEOUT = 10 | |||
|
|
|||
| // In-container path for the firecracker socket | |||
| SOCKET_PATH = "/tmp/firecracker.sock" | |||
| FIRECRACKER_SOCKET_PATH = "firecracker" | |||
There was a problem hiding this comment.
Can we please avoid creating an extra directory for now to keep the code a bit simpler?
Please attach these sockets at the /var/lib/firecracker/vm/$id/firecracker.sock etc. path directly
pkg/metadata/metadata.go
Outdated
| @@ -97,6 +97,10 @@ func processUID(obj meta.Object, c *client.Client) error { | |||
| if err := os.MkdirAll(dir, constants.DATA_DIR_PERM); err != nil { | |||
| return fmt.Errorf("failed to create directory for ID %q: %v", uid, err) | |||
| } | |||
|
|
|||
| if err := os.MkdirAll(paths.Join(dir, FIRECRACKER_SOCKET_PATH), constants.DATA_DIR_PERM); err != nil { | |||
There was a problem hiding this comment.
this can be removed with the above design
|
I realised I'm not cleaning up |
We do not officially (yet) claim we support restarting VMs, but we will (#196). |
This exposes the Firecracker socket files (API, Metrics and Logs) to the host by mapping them into the (already mounted)
/var/lib/firecracker/vm/$id/firecrackerdirectory.This is useful for our use case because we want to use the Firecracker metadata service to expose AWS Credentials. These credentials need to be refreshed so cannot be set statically.