diagnostics/init/wilco_dtc.conf - mirrors/cros/chromiumos/platform2 - Git at Google

 # Copyright 2018 The Chromium OS Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.

 description    "Start the wilco_dtc daemon"
 author         "chromium-os-dev@chromium.org"

 # Start the wilco_dtc daemon (diagnostics and telemetry collector), which is
 # responsible for processing and analyzing telemetry and diagnostics information
 # obtained from wilco_dtc_supportd. `wilco_dtc_dispatcher` will manage the
 # lifecycle of both this process and wilco_dtc_supportd.
 start on starting wilco_dtc_dispatcher
 stop on stopped wilco_dtc_dispatcher

 respawn
 # If the job respawns 3 times in 10 seconds, stop trying.
 respawn limit 3 10

 # Allow STARTUP_PROCESSES env variable to be sent to the job. If
 # STARTUP_PROCESSES is true (default), the VM will start the DTC binaries. If it
 # is false, the kernel parameter -p maitred.no_startup_processes will be added
 # preventing the DTC binaries from starting.
 import STARTUP_PROCESSES

 # Allow TEST_DBUS_CONFIG env variable to be sent to the job. If
 # TEST_DBUS_CONFIG is true, the VM will start dbus with a test
 # configuration. If it is false (default) the production config is used.
 # TODO(tbegin): remove this parameter when the wilco_dtc VM can be built in a
 # test configuration.
 import TEST_DBUS_CONFIG

 env STARTUP_PROCESSES=true
 env TEST_DBUS_CONFIG=false
 env MAITRED_LISTEN_PORT=7788
 env MAITRED_PORT=8888
 env VM_CPUS=1
 env VM_MEM=128
 env VM_CID=512
 env VM_PATH=/opt/wilco/dtc-vm
 env RUNTIME_PATH=/run/wilco-vm
 env STORAGE_PATH=/var/lib/wilco
 env STORAGE_FILE=/var/lib/wilco/storage.img
 env STORAGE_SIZE=64M

 pre-start script
   # Sanitize the STARTUP_PROCESSES and TEST_DBUS_CONFIG environment variables
   # to ensure they are boolean values.
   case "${STARTUP_PROCESSES}" in
     true|false) ;;
     *)
       logger -t "${UPSTART_JOB}" \
         "STARTUP_PROCESSES env variable is not a boolean"
       exit 1
       ;;
   esac

   case "${TEST_DBUS_CONFIG}" in
     true|false) ;;
     *)
       logger -t "${UPSTART_JOB}" \
         "TEST_DBUS_CONFIG env variable is not a boolean"
       exit 1
       ;;
   esac

   # Make sure the vsock module is loaded.
   modprobe -q vhost-vsock

   # Create the runtime directory.
   if [ -d "${RUNTIME_PATH}" ]; then
     rm -r "${RUNTIME_PATH}"
   fi
   mkdir "${RUNTIME_PATH}"
   chown -R wilco_dtc:wilco_dtc "${RUNTIME_PATH}"

   # Create persistent VM storage if it does not exist.
   if [ ! -d "${STORAGE_PATH}" ]; then
     mkdir -p "${STORAGE_PATH}"
   fi

   if [ ! -f "${STORAGE_FILE}" ]; then
     truncate  --size "${STORAGE_SIZE}" "${STORAGE_FILE}"
     mkfs.ext4 "${STORAGE_FILE}"
     chown wilco_dtc:wilco_dtc "${STORAGE_FILE}"

   # If the VM storage exists but is not the correct size, attempt to resize it.
   elif [ "$(du -h --apparent-size "${STORAGE_FILE}" | cut -f1)" != \
          "${STORAGE_SIZE}" ]; then

     # Used jailing parameters:
     #   -e: new network namespace;
     #   -l: new IPC namespace;
     #   -n: the no_new_privs bit;
     #   -p: new PID namespace;
     #   -r: remount /proc readonly;
     #   -v: new VFS namespace;
     #   -u, -g: user account and group;
     #   --profile: Set up a minimalistic mount namespace;
     #   -k /var: a new tmpfs filesystem for /var;
     #   -b ${STORAGE_PATH}: give read/write access to persistent storage;
     minijail0 -e -l -n -p -r -v \
       -u wilco_dtc -g wilco_dtc \
       --profile=minimalistic-mountns \
       -k 'var,/var,tmpfs,MS_NODEV|MS_NOSUID|MS_NOEXEC' \
       -b "${STORAGE_PATH}",,1 \
       -S /usr/share/policy/wilco-dtc-e2fsck-seccomp.policy \
       -- /sbin/e2fsck -fp "${STORAGE_FILE}"

     minijail0 -e -l -n -p -r -v \
       -u wilco_dtc -g wilco_dtc \
       --profile=minimalistic-mountns \
       -k 'var,/var,tmpfs,MS_NODEV|MS_NOSUID|MS_NOEXEC' \
       -b "${STORAGE_PATH}",,1 \
       -S /usr/share/policy/wilco-dtc-resize2fs-seccomp.policy \
       -- /sbin/resize2fs "${STORAGE_FILE}" "${STORAGE_SIZE}"
   fi

 end script

 # Used jailing parameters:
 #   -e: new network namespace;
 #   -i: exit after forking;
 #   -l: new IPC namespace;
 #   -n: the no_new_privs bit;
 #   -p: new PID namespace;
 #   -r: remount /proc readonly;
 #   -t: a new tmpfs filesystem for /tmp;
 #   -v: new VFS namespace;
 #   --uts: new UTS/hostname namespace;
 #   -u, -g: user account and group;
 #   -G: inherit supplementary groups;
 #   --mount-dev: a new /dev mount;
 #   --profile: minimalistic mount namespace;
 #   -k /run: a new tmpfs filesystem for /run, with the subsequent parameters
 #       mounting specific files into this directory;
 #   -k /var: a new tmpfs filesystem for /var
 #   -b /dev/chromeos-low-mem: crosvm can alert system of low memory;
 #   -b /dev/log: provide minijail log access;
 #   -b /dev/kvm: give access to crosvm to start VMs;
 #   -b /dev/vhost-vsock: give access for VM communication;
 #   -b ${STORAGE_PATH}: give access to persistent storage;
 #   -b ${DIAGNOSTICS_PARTITION}: give read only access to diagnostics partition;
 #   -b ${RUNTIME_PATH}: temporary directories to create VM sock
 script

   # Give wilco_dtc permission to read the diagnostics partition.
   DIAGNOSTICS_PARTITION="$(cgpt find -l DIAGNOSTICS $(rootdev -d -s) | head -1)"
   setfacl -m u:wilco_dtc:r "${DIAGNOSTICS_PARTITION}"

   # Parse the environment variables.
   set --
   if [ "${STARTUP_PROCESSES}" = false ]; then
     set -- "$@" -p maitred.no_startup_processes
   fi

   if [ "${TEST_DBUS_CONFIG}" = true ]; then
     set -- "$@" -p dtc.use_test_dbus_config
   fi

   exec minijail0 -e -l -n -p -r -t -v --uts \
     -u wilco_dtc -g wilco_dtc \
     -G \
     --mount-dev \
     --profile=minimalistic-mountns \
     -k 'tmpfs,/run,tmpfs,MS_NODEV|MS_NOSUID|MS_NOEXEC,mode=755,size=10M' \
     -k 'var,/var,tmpfs,MS_NODEV|MS_NOSUID|MS_NOEXEC,mode=755,size=32M' \
     -b /dev/chromeos-low-mem \
     -b /dev/log \
     -b /dev/kvm,,1 \
     -b /dev/vhost-vsock,,1 \
     -b "${STORAGE_PATH}",,1 \
     -b "${DIAGNOSTICS_PARTITION}" \
     -b "${RUNTIME_PATH}",,1 \
     -- /usr/bin/crosvm run \
          -r "${VM_PATH}"/vm_rootfs.img \
          -p maitred.listen_port="${MAITRED_LISTEN_PORT}" \
          -p printk.devkmsg=on \
          --serial num=1,type=syslog,console=false \
          --syslog-tag wilco_dtc \
          -c "${VM_CPUS}" \
          -m "${VM_MEM}" \
          -s "${RUNTIME_PATH}" \
          --cid "${VM_CID}" \
          -d "${DIAGNOSTICS_PARTITION}" \
          --rwdisk "${STORAGE_FILE}" \
          "$@" \
          "${VM_PATH}"/vm_kernel
 end script

 post-start script
   # Default cpu.shares is 1024. Limit the Wilco VM to 1/8th of that.
   cgroup_dir="/sys/fs/cgroup/cpu/wilco-dtc"
   mkdir -p "${cgroup_dir}"
   echo $(status | cut -f 4 -d ' ') > "${cgroup_dir}/tasks"
   echo 128 > "${cgroup_dir}/cpu.shares"
 end script

 pre-stop script
   maitred_client --cid=512 --port=8888 --shutdown
 end script
	# Copyright 2018 The Chromium OS Authors. All rights reserved.
	# Use of this source code is governed by a BSD-style license that can be
	# found in the LICENSE file.

	description "Start the wilco_dtc daemon"
	author "chromium-os-dev@chromium.org"

	# Start the wilco_dtc daemon (diagnostics and telemetry collector), which is
	# responsible for processing and analyzing telemetry and diagnostics information
	# obtained from wilco_dtc_supportd. `wilco_dtc_dispatcher` will manage the
	# lifecycle of both this process and wilco_dtc_supportd.
	start on starting wilco_dtc_dispatcher
	stop on stopped wilco_dtc_dispatcher

	respawn
	# If the job respawns 3 times in 10 seconds, stop trying.
	respawn limit 3 10

	# Allow STARTUP_PROCESSES env variable to be sent to the job. If
	# STARTUP_PROCESSES is true (default), the VM will start the DTC binaries. If it
	# is false, the kernel parameter -p maitred.no_startup_processes will be added
	# preventing the DTC binaries from starting.
	import STARTUP_PROCESSES

	# Allow TEST_DBUS_CONFIG env variable to be sent to the job. If
	# TEST_DBUS_CONFIG is true, the VM will start dbus with a test
	# configuration. If it is false (default) the production config is used.
	# TODO(tbegin): remove this parameter when the wilco_dtc VM can be built in a
	# test configuration.
	import TEST_DBUS_CONFIG

	env STARTUP_PROCESSES=true
	env TEST_DBUS_CONFIG=false
	env MAITRED_LISTEN_PORT=7788
	env MAITRED_PORT=8888
	env VM_CPUS=1
	env VM_MEM=128
	env VM_CID=512
	env VM_PATH=/opt/wilco/dtc-vm
	env RUNTIME_PATH=/run/wilco-vm
	env STORAGE_PATH=/var/lib/wilco
	env STORAGE_FILE=/var/lib/wilco/storage.img
	env STORAGE_SIZE=64M

	pre-start script
	# Sanitize the STARTUP_PROCESSES and TEST_DBUS_CONFIG environment variables
	# to ensure they are boolean values.
	case "${STARTUP_PROCESSES}" in
	true\|false) ;;
	*)
	logger -t "${UPSTART_JOB}" \
	"STARTUP_PROCESSES env variable is not a boolean"
	exit 1
	;;
	esac

	case "${TEST_DBUS_CONFIG}" in
	true\|false) ;;
	*)
	logger -t "${UPSTART_JOB}" \
	"TEST_DBUS_CONFIG env variable is not a boolean"
	exit 1
	;;
	esac

	# Make sure the vsock module is loaded.
	modprobe -q vhost-vsock

	# Create the runtime directory.
	if [ -d "${RUNTIME_PATH}" ]; then
	rm -r "${RUNTIME_PATH}"
	fi
	mkdir "${RUNTIME_PATH}"
	chown -R wilco_dtc:wilco_dtc "${RUNTIME_PATH}"

	# Create persistent VM storage if it does not exist.
	if [ ! -d "${STORAGE_PATH}" ]; then
	mkdir -p "${STORAGE_PATH}"
	fi

	if [ ! -f "${STORAGE_FILE}" ]; then
	truncate --size "${STORAGE_SIZE}" "${STORAGE_FILE}"
	mkfs.ext4 "${STORAGE_FILE}"
	chown wilco_dtc:wilco_dtc "${STORAGE_FILE}"

	# If the VM storage exists but is not the correct size, attempt to resize it.
	elif [ "$(du -h --apparent-size "${STORAGE_FILE}" \| cut -f1)" != \
	"${STORAGE_SIZE}" ]; then

	# Used jailing parameters:
	# -e: new network namespace;
	# -l: new IPC namespace;
	# -n: the no_new_privs bit;
	# -p: new PID namespace;
	# -r: remount /proc readonly;
	# -v: new VFS namespace;
	# -u, -g: user account and group;
	# --profile: Set up a minimalistic mount namespace;
	# -k /var: a new tmpfs filesystem for /var;
	# -b ${STORAGE_PATH}: give read/write access to persistent storage;
	minijail0 -e -l -n -p -r -v \
	-u wilco_dtc -g wilco_dtc \
	--profile=minimalistic-mountns \
	-k 'var,/var,tmpfs,MS_NODEV\|MS_NOSUID\|MS_NOEXEC' \
	-b "${STORAGE_PATH}",,1 \
	-S /usr/share/policy/wilco-dtc-e2fsck-seccomp.policy \
	-- /sbin/e2fsck -fp "${STORAGE_FILE}"

	minijail0 -e -l -n -p -r -v \
	-u wilco_dtc -g wilco_dtc \
	--profile=minimalistic-mountns \
	-k 'var,/var,tmpfs,MS_NODEV\|MS_NOSUID\|MS_NOEXEC' \
	-b "${STORAGE_PATH}",,1 \
	-S /usr/share/policy/wilco-dtc-resize2fs-seccomp.policy \
	-- /sbin/resize2fs "${STORAGE_FILE}" "${STORAGE_SIZE}"
	fi

	end script

	# Used jailing parameters:
	# -e: new network namespace;
	# -i: exit after forking;
	# -l: new IPC namespace;
	# -n: the no_new_privs bit;
	# -p: new PID namespace;
	# -r: remount /proc readonly;
	# -t: a new tmpfs filesystem for /tmp;
	# -v: new VFS namespace;
	# --uts: new UTS/hostname namespace;
	# -u, -g: user account and group;
	# -G: inherit supplementary groups;
	# --mount-dev: a new /dev mount;
	# --profile: minimalistic mount namespace;
	# -k /run: a new tmpfs filesystem for /run, with the subsequent parameters
	# mounting specific files into this directory;
	# -k /var: a new tmpfs filesystem for /var
	# -b /dev/chromeos-low-mem: crosvm can alert system of low memory;
	# -b /dev/log: provide minijail log access;
	# -b /dev/kvm: give access to crosvm to start VMs;
	# -b /dev/vhost-vsock: give access for VM communication;
	# -b ${STORAGE_PATH}: give access to persistent storage;
	# -b ${DIAGNOSTICS_PARTITION}: give read only access to diagnostics partition;
	# -b ${RUNTIME_PATH}: temporary directories to create VM sock
	script

	# Give wilco_dtc permission to read the diagnostics partition.
	DIAGNOSTICS_PARTITION="$(cgpt find -l DIAGNOSTICS $(rootdev -d -s) \| head -1)"
	setfacl -m u:wilco_dtc:r "${DIAGNOSTICS_PARTITION}"

	# Parse the environment variables.
	set --
	if [ "${STARTUP_PROCESSES}" = false ]; then
	set -- "$@" -p maitred.no_startup_processes
	fi

	if [ "${TEST_DBUS_CONFIG}" = true ]; then
	set -- "$@" -p dtc.use_test_dbus_config
	fi

	exec minijail0 -e -l -n -p -r -t -v --uts \
	-u wilco_dtc -g wilco_dtc \
	-G \
	--mount-dev \
	--profile=minimalistic-mountns \
	-k 'tmpfs,/run,tmpfs,MS_NODEV\|MS_NOSUID\|MS_NOEXEC,mode=755,size=10M' \
	-k 'var,/var,tmpfs,MS_NODEV\|MS_NOSUID\|MS_NOEXEC,mode=755,size=32M' \
	-b /dev/chromeos-low-mem \
	-b /dev/log \
	-b /dev/kvm,,1 \
	-b /dev/vhost-vsock,,1 \
	-b "${STORAGE_PATH}",,1 \
	-b "${DIAGNOSTICS_PARTITION}" \
	-b "${RUNTIME_PATH}",,1 \
	-- /usr/bin/crosvm run \
	-r "${VM_PATH}"/vm_rootfs.img \
	-p maitred.listen_port="${MAITRED_LISTEN_PORT}" \
	-p printk.devkmsg=on \
	--serial num=1,type=syslog,console=false \
	--syslog-tag wilco_dtc \
	-c "${VM_CPUS}" \
	-m "${VM_MEM}" \
	-s "${RUNTIME_PATH}" \
	--cid "${VM_CID}" \
	-d "${DIAGNOSTICS_PARTITION}" \
	--rwdisk "${STORAGE_FILE}" \
	"$@" \
	"${VM_PATH}"/vm_kernel
	end script

	post-start script
	# Default cpu.shares is 1024. Limit the Wilco VM to 1/8th of that.
	cgroup_dir="/sys/fs/cgroup/cpu/wilco-dtc"
	mkdir -p "${cgroup_dir}"
	echo $(status \| cut -f 4 -d ' ') > "${cgroup_dir}/tasks"
	echo 128 > "${cgroup_dir}/cpu.shares"
	end script

	pre-stop script
	maitred_client --cid=512 --port=8888 --shutdown
	end script