Add support for an agent drive (ISO) #446
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Stéphane Graber <stgraber@stgraber.org>
Signed-off-by: Stéphane Graber <stgraber@stgraber.org>
Signed-off-by: Stéphane Graber <stgraber@stgraber.org>
Signed-off-by: Stéphane Graber <stgraber@stgraber.org>
Signed-off-by: Stéphane Graber <stgraber@stgraber.org>
Signed-off-by: Stéphane Graber <stgraber@stgraber.org>
Signed-off-by: Stéphane Graber <stgraber@stgraber.org>
Signed-off-by: Stéphane Graber <stgraber@stgraber.org>
github-actions
bot
added
Documentation
|
As that extra drive contains sensitive material (TLS keys to talk to the host), the loader is designed to always eject the drive if found. That's combined with us now having logic to actually handle eject requests. That way, the VM boots, copies the data from the drive and then immediately ejects it so there's no risk of that drive getting accidentally exposed to an unprivileged user down the line. (The whole thing also requires the user to have manually asked Incus to add such a drive in the first place, so it's pretty much limited to the few Linux distros that don't offer 9p) |
Signed-off-by: Stéphane Graber <stgraber@stgraber.org>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
With this, a new
agent:configdisk source can be used to attach a custom ISO to a VM.This ISO then contains roughly the same data as the normal
9pconfig drive.The goal behind this is to provide a way for VMs that don't support 9p but do support virtio-serial and virtio-vsock to still run a functional incus-agent.