-
Notifications
You must be signed in to change notification settings - Fork 225
Conversation
This enables us to easily find the API Socket from within the host
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi @patrobinson 👋!
Thanks for this PR, very valid use-case IMO :)
Just one comment, let's not make a new subdirectory, but just keep it in /var/lib/firecracker/vm/$uid/
Does this sound good to you?
pkg/constants/constants.go
Outdated
@@ -29,13 +29,14 @@ const ( | |||
IGNITE_TIMEOUT = 10 | |||
|
|||
// In-container path for the firecracker socket | |||
SOCKET_PATH = "/tmp/firecracker.sock" | |||
FIRECRACKER_SOCKET_PATH = "firecracker" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we please avoid creating an extra directory for now to keep the code a bit simpler?
Please attach these sockets at the /var/lib/firecracker/vm/$id/firecracker.sock
etc. path directly
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sure thing
pkg/metadata/metadata.go
Outdated
@@ -97,6 +97,10 @@ func processUID(obj meta.Object, c *client.Client) error { | |||
if err := os.MkdirAll(dir, constants.DATA_DIR_PERM); err != nil { | |||
return fmt.Errorf("failed to create directory for ID %q: %v", uid, err) | |||
} | |||
|
|||
if err := os.MkdirAll(paths.Join(dir, FIRECRACKER_SOCKET_PATH), constants.DATA_DIR_PERM); err != nil { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this can be removed with the above design
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Very well 👍
LGTM
I realised I'm not cleaning up |
We do not officially (yet) claim we support restarting VMs, but we will (#196). |
This exposes the Firecracker socket files (API, Metrics and Logs) to the host by mapping them into the (already mounted)
/var/lib/firecracker/vm/$id/firecracker
directory.This is useful for our use case because we want to use the Firecracker metadata service to expose AWS Credentials. These credentials need to be refreshed so cannot be set statically.