- Debug mode
- Developer mode
- Enable trace support
- Enable debug console
cpuset
cgroup details- Hotplug Timeout
This project implements an agent called kata-agent
that runs inside a virtual machine (VM).
The agent manages container processes inside the VM, on behalf of the runtime running on the host.
To enable agent debug output, add the agent.log=debug
option to the guest kernel command line.
See the developer guide for further details.
Add agent.devmode
to the guest kernel command line to allow the agent
process to coredump (disabled by default). Specifying this option implicitly
enables debug mode.
See the tracing guide.
Add agent.debug_console
to the guest kernel command line to
allow the agent process to start a debug console. Debug console is only available if bash
or sh
is installed in the rootfs or initrd image. Developers can connect to the virtual
machine using the debug console
Firecracker doesn't have a UNIX socket connected to /dev/console
, hence the
kernel command line option agent.debug_console
will not work for firecracker.
Fortunately, firecracker supports hybrid vsocks
, and they can be used to
communicate processes in the guest with processes in the host.
The kernel command line option agent.debug_console_vport
was added to allow
developers specify on which vsock
port the debugging console should be connected.
In firecracker, the UNIX socket that is connected to the vsock
end is created at
/var/lib/vc/firecracker/$CID/root/kata.hvsock
, where $CID
is the container ID.
Run the following commands to have a debugging console in firecracker.
$ conf="/usr/share/defaults/kata-containers/configuration.toml"
$ sudo sed -i 's/^kernel_params.*/kernel_params="agent.debug_console_vport=1026"/g' "${conf}"
$ sudo su -c 'cd /var/lib/vc/firecracker/08facf/root/ && socat stdin unix-connect:kata.hvsock'
CONNECT 1026
NOTE: Ports 1024 and 1025 are reserved for communication with the agent and gathering of agent logs respectively
See the cpuset cgroup documentation.
When hot plugging devices into the Kata VM, the agent will wait by default for 3 seconds for the device to be plugged in and the corresponding add uevent for the device. If the timeout is reached without the above happening, the hot plug action will fail.
The length of the timeout can be increased by specifying the agent.hotplug_timeout
to the guest
kernel command line. For example, agent.hotplug_timeout=10s
will increase the timeout to 10 seconds.
The value of the option is in the Go duration format.
Any invalid values used for agent.hotplug_timeout
will fall back to the default of 3 seconds.