fetch current container runtime config through the command line

Signed-off-by: Tariq Ibrahim <[email protected]>
NVIDIA · Sep 10, 2024 · 56b7927 · 56b7927
1 parent f1791c9
commit 56b7927
Show file tree

Hide file tree

Showing 7 changed files with 49 additions and 35 deletions.
diff --git a/.golangci.yml b/.golangci.yml
@@ -18,6 +18,10 @@ linters:
 linters-settings:
   goimports:
     local-prefixes: github.com/NVIDIA/nvidia-container-toolkit
+  gosec:
+    excludes:
+    # TODO: Consider hardening security of command line invocations
+    - G204
 
 issues:
   exclude:

diff --git a/cmd/nvidia-ctk/runtime/configure/configure.go b/cmd/nvidia-ctk/runtime/configure/configure.go
@@ -24,6 +24,7 @@ import (
 	"github.com/urfave/cli/v2"
 
 	"github.com/NVIDIA/nvidia-container-toolkit/internal/logger"
+	pkgconfig "github.com/NVIDIA/nvidia-container-toolkit/pkg/config"
 	"github.com/NVIDIA/nvidia-container-toolkit/pkg/config/engine"
 	"github.com/NVIDIA/nvidia-container-toolkit/pkg/config/engine/containerd"
 	"github.com/NVIDIA/nvidia-container-toolkit/pkg/config/engine/crio"
@@ -234,11 +235,13 @@ func (m command) configureConfigFile(c *cli.Context, config *config) error {
 		cfg, err = containerd.New(
 			containerd.WithLogger(m.logger),
 			containerd.WithPath(configFilePath),
+			containerd.WithReference(pkgconfig.FromCLI([]string{"containerd", "config", "dump"})),
 		)
 	case "crio":
 		cfg, err = crio.New(
 			crio.WithLogger(m.logger),
 			crio.WithPath(configFilePath),
+			crio.WithReference(pkgconfig.FromCLI([]string{"crio", "status", "config"})),
 		)
 	case "docker":
 		cfg, err = docker.New(

diff --git a/pkg/config/engine/crio/crio.go b/pkg/config/engine/crio/crio.go
@@ -68,10 +68,11 @@ func (c *Config) AddRuntime(name string, path string, setAsDefault bool, _ ...ma
 	config := *c.Tree
 
 	// By default we extract the runtime options from the runc settings; if this does not exist we get the options from the default runtime specified in the config.
-	runtimeNamesForConfig := []string{"runc"}
+	var runtimeNamesForConfig []string
 	if name, ok := config.GetPath([]string{"crio", "runtime", "default_runtime"}).(string); ok && name != "" {
 		runtimeNamesForConfig = append(runtimeNamesForConfig, name)
 	}
+	runtimeNamesForConfig = append(runtimeNamesForConfig, "runc")
 	for _, r := range runtimeNamesForConfig {
 		if options, ok := config.GetPath([]string{"crio", "runtime", "runtimes", r}).(*toml.Tree); ok {
 			c.Logger.Debugf("using options from runtime %v: %v", r, options.String())

diff --git a/pkg/config/engine/crio/crio_test.go b/pkg/config/engine/crio/crio_test.go
@@ -91,39 +91,6 @@ func TestAddRuntime(t *testing.T) {
 			default_option = "option"
 			`,
 		},
-		{
-			description: "options from runc take precedence over default runtime",
-			config: `
-			[crio]
-			[crio.runtime]
-			default_runtime = "default"
-			[crio.runtime.runtimes.default]
-			runtime_path = "/usr/bin/default"
-			runtime_type = "defaultoci"
-			default_option = "option"
-			[crio.runtime.runtimes.runc]
-			runtime_path = "/usr/bin/runc"
-			runtime_type = "runcoci"
-			runc_option = "option"
-			`,
-			expectedConfig: `
-			[crio]
-			[crio.runtime]
-			default_runtime = "default"
-			[crio.runtime.runtimes.default]
-			runtime_path = "/usr/bin/default"
-			runtime_type = "defaultoci"
-			default_option = "option"
-			[crio.runtime.runtimes.runc]
-			runtime_path = "/usr/bin/runc"
-			runtime_type = "runcoci"
-			runc_option = "option"
-			[crio.runtime.runtimes.test]
-			runtime_path = "/usr/bin/test"
-			runtime_type = "oci"
-			runc_option = "option"
-			`,
-		},
 	}
 
 	for _, tc := range testCases {

diff --git a/pkg/config/source.go b/pkg/config/source.go
@@ -64,6 +64,18 @@ func FromFile(path string) Loader {
 	return tomlFile(path)
 }
 
+// FromCLI creates a TOML source from a CLI output.
+// If an empty slice is passed as input, an empty toml config is used.
+func FromCLI(command []string) Loader {
+	if len(command) == 0 {
+		return Empty
+	}
+	return &tomlFromCommandOutput{
+		command: command[0],
+		args:    command[1:],
+	}
+}
+
 // Load loads the contents of the specified TOML file as a map.
 func (f tomlFile) Load() (*Toml, error) {
 	info, err := os.Stat(string(f))

diff --git a/tools/container/containerd/containerd.go b/tools/container/containerd/containerd.go
@@ -188,9 +188,14 @@ func main() {
 // Setup updates a containerd configuration to include the nvidia-containerd-runtime and reloads it
 func Setup(c *cli.Context, o *options) error {
 	log.Infof("Starting 'setup' for %v", c.App.Name)
+	var cliArgs []string
+	if o.HostRootMount != "" {
+		cliArgs = append(cliArgs, "chroot", o.HostRootMount)
+	}
+	cliArgs = append(cliArgs, "containerd", "config", "dump")
 
 	cfg, err := containerd.New(
-		containerd.WithReference(config.FromFile(o.Config)),
+		containerd.WithReference(config.FromCLI(cliArgs)),
 		containerd.WithPath(o.Config),
 		containerd.WithRuntimeType(o.runtimeType),
 		containerd.WithUseLegacyConfig(o.useLegacyConfig),
@@ -223,8 +228,15 @@ func Setup(c *cli.Context, o *options) error {
 func Cleanup(c *cli.Context, o *options) error {
 	log.Infof("Starting 'cleanup' for %v", c.App.Name)
 
+	var cliArgs []string
+	if o.HostRootMount != "" {
+		cliArgs = append(cliArgs, "chroot", o.HostRootMount)
+	}
+	cliArgs = append(cliArgs, "containerd", "config", "dump")
+
 	cfg, err := containerd.New(
 		containerd.WithPath(o.Config),
+		containerd.WithReference(config.FromCLI(cliArgs)),
 		containerd.WithRuntimeType(o.runtimeType),
 		containerd.WithUseLegacyConfig(o.useLegacyConfig),
 		containerd.WithContainerAnnotations(o.containerAnnotationsFromCDIPrefixes()...),

diff --git a/tools/container/crio/crio.go b/tools/container/crio/crio.go
@@ -26,6 +26,7 @@ import (
 
 	"github.com/NVIDIA/nvidia-container-toolkit/internal/config"
 	"github.com/NVIDIA/nvidia-container-toolkit/internal/info"
+	pkgconfig "github.com/NVIDIA/nvidia-container-toolkit/pkg/config"
 	"github.com/NVIDIA/nvidia-container-toolkit/pkg/config/engine/crio"
 	"github.com/NVIDIA/nvidia-container-toolkit/pkg/config/ocihook"
 	"github.com/NVIDIA/nvidia-container-toolkit/tools/container"
@@ -220,8 +221,15 @@ func setupHook(o *options) error {
 func setupConfig(o *options) error {
 	log.Infof("Updating config file")
 
+	var cliArgs []string
+	if o.HostRootMount != "" {
+		cliArgs = append(cliArgs, "chroot", o.HostRootMount)
+	}
+	cliArgs = append(cliArgs, "crio", "status", "config")
+
 	cfg, err := crio.New(
 		crio.WithPath(o.Config),
+		crio.WithReference(pkgconfig.FromCLI(cliArgs)),
 	)
 	if err != nil {
 		return fmt.Errorf("unable to load config: %v", err)
@@ -271,8 +279,15 @@ func cleanupHook(o *options) error {
 func cleanupConfig(o *options) error {
 	log.Infof("Reverting config file modifications")
 
+	var cliArgs []string
+	if o.HostRootMount != "" {
+		cliArgs = append(cliArgs, "chroot", o.HostRootMount)
+	}
+	cliArgs = append(cliArgs, "crio", "status", "config")
+
 	cfg, err := crio.New(
 		crio.WithPath(o.Config),
+		crio.WithReference(pkgconfig.FromCLI(cliArgs)),
 	)
 	if err != nil {
 		return fmt.Errorf("unable to load config: %v", err)