Skip to content

Commit

Permalink
packages/kata-debug-shell: init
Browse files Browse the repository at this point in the history
This adds a little helper script to get a shell into a bare-metal Kata pod VM with a single command.
  • Loading branch information
msanft committed Nov 21, 2024
1 parent 187ea01 commit 280c136
Show file tree
Hide file tree
Showing 2 changed files with 42 additions and 3 deletions.
20 changes: 17 additions & 3 deletions dev-docs/aks/serial-console.md → dev-docs/serial-console.md
Original file line number Diff line number Diff line change
@@ -1,10 +1,14 @@
# Obtain a serial console inside the podvm

Set `debug ? true` in `packages/{kata,microsoft}/runtime-class-files/package.nix` and run `just`.
Set `debugRuntime ? true` in `packages/{kata,microsoft}/contrast-node-installer-image/package.nix` and `debug ? true` in `packages/kata/kata-image/package.nix`, if on bare-metal.

Get a shell on the AKS node. If in doubt, use [nsenter-node.sh](https://github.com/alexei-led/nsenter/blob/master/nsenter-node.sh).
Then, run `just`.

Use the following commands to print the sandbox ids of Kata VMs.
Get a shell on the Kubernetes node. If in doubt, use [nsenter-node.sh](https://github.com/alexei-led/nsenter/blob/master/nsenter-node.sh).

## AKS

Use the following commands to print the sandbox IDs of Kata VMs.
Please note that only the pause container of every pod has the `clh.sock`. Other containers are part of the same VM.

Set the name of the pod you want to access:
Expand Down Expand Up @@ -39,3 +43,13 @@ Alternatively, you can attach to the serial console using `socat`. You need to t
(cd /var/run/vc/vm/${sandbox_id}/ && socat stdin unix-connect:clh.sock)
CONNECT 1026
```

## Bare-Metal

Copy `packages/kata-debug-shell.sh` to the host and run it, specifying the container ID as the only argument.

If the container with ID `containerd://34f1d6a9be40aa5e2d92d6ff9876ab71e06758780a238521c9fca6816c2f28dd` should be debugged, run:

```sh
./kata-debug-shell.sh 34f1d6a9be40aa5e2d92d6ff9876ab71e06758780a238521c9fca6816c2f28dd
```
25 changes: 25 additions & 0 deletions packages/kata-debug-shell.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
#!/usr/bin/env bash
# Copyright 2024 Edgeless Systems GmbH
# SPDX-License-Identifier: AGPL-3.0-only

set -euo pipefail

if [ "$(id -u)" -ne 0 ]; then
echo "Please run as root"
exit 1
fi

if [ -z "${1:-}" ]; then
echo "Usage: $0 <container_id>"
exit 1
fi

container_info=$(k3s ctr c info "$1")

sbx_id=$(echo "$container_info" | jq -r '.Spec.annotations."io.kubernetes.cri.sandbox-id"')
runtime_class_name=$(echo "$container_info" | jq -r '.Snapshotter' | cut -c7-)

kata_runtime="/opt/edgeless/${runtime_class_name}/bin/kata-runtime"
config_file=$(ls -1 "/opt/edgeless/${runtime_class_name}/etc")

${kata_runtime} --config "/opt/edgeless/${runtime_class_name}/etc/${config_file}" exec ${sbx_id}

0 comments on commit 280c136

Please sign in to comment.