Add a cluster level configuration option

Signed-off-by: Simone Tiraboschi <[email protected]>

api/openapi-spec/swagger.json

@@ -16511,7 +16511,7 @@
       }
      },
      "logSerialConsole": {
-      "description": "Whether to log the auto-attached default serial console or not. Serial console logs will be collect to a file and then streamed from a named `guest-console-log`. Not relevant if autoattachSerialConsole is disabled. Defaults to false.",
+      "description": "Whether to log the auto-attached default serial console or not. Serial console logs will be collect to a file and then streamed from a named `guest-console-log`. Not relevant if autoattachSerialConsole is disabled. Defaults to cluster wide setting on VirtualMachineOptions.",
       "type": "boolean"
      },
      "networkInterfaceMultiqueue": {
@@ -16543,6 +16543,9 @@
    "v1.DisableFreePageReporting": {
     "type": "object"
    },
+   "v1.DisableSerialConsoleLog": {
+    "type": "object"
+   },
    "v1.Disk": {
     "type": "object",
     "required": [
@@ -20571,6 +20574,10 @@
      "disableFreePageReporting": {
       "description": "DisableFreePageReporting disable the free page reporting of memory balloon device https://libvirt.org/formatdomain.html#memory-balloon-device. This will have effect only if AutoattachMemBalloon is not false and the vmi is not requesting any high performance feature (dedicatedCPU/realtime/hugePages), in which free page reporting is always disabled.",
       "$ref": "#/definitions/v1.DisableFreePageReporting"
+     },
+     "disableSerialConsoleLog": {
+      "description": "DisableSerialConsoleLog disables logging the auto-attached default serial console. If not set, serial console logs will be written to a file and then streamed from a container named `guest-console-log`. The value can be individually overridden for each VM, not relevant if AutoattachSerialConsole is disabled.",
+      "$ref": "#/definitions/v1.DisableSerialConsoleLog"
      }
     }
    },

manifests/generated/kv-resource.yaml

@@ -864,6 +864,14 @@ spec:
                           feature (dedicatedCPU/realtime/hugePages), in which free
                           page reporting is always disabled.
                         type: object
+                      disableSerialConsoleLog:
+                        description: DisableSerialConsoleLog disables logging the
+                          auto-attached default serial console. If not set, serial
+                          console logs will be written to a file and then streamed
+                          from a container named 'guest-console-log'. The value can
+                          be individually overridden for each VM, not relevant if
+                          AutoattachSerialConsole is disabled.
+                        type: object
                     type: object
                   vmStateStorageClass:
                     description: VMStateStorageClass is the name of the storage class
@@ -3914,6 +3922,14 @@ spec:
                           feature (dedicatedCPU/realtime/hugePages), in which free
                           page reporting is always disabled.
                         type: object
+                      disableSerialConsoleLog:
+                        description: DisableSerialConsoleLog disables logging the
+                          auto-attached default serial console. If not set, serial
+                          console logs will be written to a file and then streamed
+                          from a container named 'guest-console-log'. The value can
+                          be individually overridden for each VM, not relevant if
+                          AutoattachSerialConsole is disabled.
+                        type: object
                     type: object
                   vmStateStorageClass:
                     description: VMStateStorageClass is the name of the storage class

pkg/handler-launcher-com/cmd/v1/cmd.proto

@@ -97,6 +97,7 @@ message ClusterConfig{
   bool ExpandDisksEnabled = 1;
   bool FreePageReportingDisabled = 2;
   bool BochsDisplayForEFIGuests = 3;
+  bool SerialConsoleLogDisabled = 4;
 }
 
 message VirtualMachineOptions {

pkg/virt-config/virt-config.go

@@ -434,6 +434,10 @@ func (c *ClusterConfig) IsFreePageReportingDisabled() bool {
 	return c.GetConfig().VirtualMachineOptions != nil && c.GetConfig().VirtualMachineOptions.DisableFreePageReporting != nil
 }
 
+func (c *ClusterConfig) IsSerialConsoleLogDisabled() bool {
+	return c.GetConfig().VirtualMachineOptions != nil && c.GetConfig().VirtualMachineOptions.DisableSerialConsoleLog != nil
+}
+
 func (c *ClusterConfig) GetKSMConfiguration() *v1.KSMConfiguration {
 	return c.GetConfig().KSMConfiguration
 }

pkg/virt-controller/services/serialconsolelog.go

@@ -3,6 +3,8 @@ package services
 import (
 	"fmt"
 
+	"k8s.io/utils/pointer"
+
 	k8sv1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/resource"
 	v1 "kubevirt.io/api/core/v1"
@@ -12,20 +14,16 @@ import (
 )
 
 func generateSerialConsoleLogContainer(vmi *v1.VirtualMachineInstance, image string, config *virtconfig.ClusterConfig) *k8sv1.Container {
-	// TODO: eventually add a cluster-wide default
-	if (vmi.Spec.Domain.Devices.AutoattachSerialConsole == nil || *vmi.Spec.Domain.Devices.AutoattachSerialConsole == true) && vmi.Spec.Domain.Devices.LogSerialConsole != nil && *vmi.Spec.Domain.Devices.LogSerialConsole == true {
+	if isSerialConsoleLogEnabled(vmi, config) {
 		var serialPort uint = 0
 
-		followretry := "-F"
-		quiet := "--quiet"
-		nodup := "-n+1"
+		const followretry = "-F"
+		const quiet = "--quiet"
+		const nodup = "-n+1"
 		logFile := fmt.Sprintf("%s/%s/virt-serial%d-log", util.VirtPrivateDir, vmi.ObjectMeta.UID, serialPort)
 		args := []string{quiet, nodup, followretry, logFile}
 
 		resources := resourcesForSerialConsoleLogContainer(false, false, config)
-		noPrivilegeEscalation := false
-		nonRoot := true
-		var userId int64 = util.NonRootUID
 
 		return &k8sv1.Container{
 			Name:            "guest-console-log",
@@ -42,9 +40,9 @@ func generateSerialConsoleLogContainer(vmi *v1.VirtualMachineInstance, image str
 			},
 			Resources: resources,
 			SecurityContext: &k8sv1.SecurityContext{
-				RunAsUser:                &userId,
-				RunAsNonRoot:             &nonRoot,
-				AllowPrivilegeEscalation: &noPrivilegeEscalation,
+				RunAsUser:                pointer.Int64(util.NonRootUID),
+				RunAsNonRoot:             pointer.Bool(true),
+				AllowPrivilegeEscalation: pointer.Bool(false),
 				Capabilities: &k8sv1.Capabilities{
 					Drop: []k8sv1.Capability{"ALL"},
 				},
@@ -55,6 +53,16 @@ func generateSerialConsoleLogContainer(vmi *v1.VirtualMachineInstance, image str
 	return nil
 }
 
+func isSerialConsoleLogEnabled(vmi *v1.VirtualMachineInstance, config *virtconfig.ClusterConfig) bool {
+	if vmi.Spec.Domain.Devices.AutoattachSerialConsole != nil && *vmi.Spec.Domain.Devices.AutoattachSerialConsole == false {
+		return false
+	}
+	if vmi.Spec.Domain.Devices.LogSerialConsole != nil {
+		return *vmi.Spec.Domain.Devices.LogSerialConsole
+	}
+	return !config.IsSerialConsoleLogDisabled()
+}
+
 func resourcesForSerialConsoleLogContainer(dedicatedCPUs bool, guaranteedQOS bool, config *virtconfig.ClusterConfig) k8sv1.ResourceRequirements {
 	// TODO: tune this
 

pkg/virt-controller/services/template_test.go

@@ -84,6 +84,9 @@ var _ = Describe("Template", func() {
 		Spec: v1.KubeVirtSpec{
 			Configuration: v1.KubeVirtConfiguration{
 				DeveloperConfiguration: &v1.DeveloperConfiguration{},
+				VirtualMachineOptions: &v1.VirtualMachineOptions{
+					DisableSerialConsoleLog: &v1.DisableSerialConsoleLog{},
+				},
 			},
 		},
 		Status: v1.KubeVirtStatus{

pkg/virt-handler/options.go

@@ -40,6 +40,7 @@ func virtualMachineOptions(
 			ExpandDisksEnabled:        clusterConfig.ExpandDisksEnabled(),
 			FreePageReportingDisabled: clusterConfig.IsFreePageReportingDisabled(),
 			BochsDisplayForEFIGuests:  clusterConfig.BochsDisplayForEFIGuestsEnabled(),
+			SerialConsoleLogDisabled:  clusterConfig.IsSerialConsoleLogDisabled(),
 		}
 	}
 

pkg/virt-launcher/virtwrap/converter/converter.go

@@ -132,6 +132,7 @@ type ConverterContext struct {
 	UseLaunchSecurity     bool
 	FreePageReporting     bool
 	BochsForEFIGuests     bool
+	SerialConsoleLog      bool
 }
 
 func contains(volumes []string, name string) bool {
@@ -1860,8 +1861,8 @@ func Convert_v1_VirtualMachineInstance_To_api_Domain(vmi *v1.VirtualMachineInsta
 				},
 			},
 		}
-		// TODO: eventually add a cluster-wide default for all the VMs if not explicitly set
-		if vmi.Spec.Domain.Devices.LogSerialConsole != nil && *vmi.Spec.Domain.Devices.LogSerialConsole == true {
+
+		if c.SerialConsoleLog {
 			domain.Spec.Devices.Serials[0].Log = &api.SerialLog{
 				File:   fmt.Sprintf("%s/%s/virt-serial%d-log", util.VirtPrivateDir, vmi.ObjectMeta.UID, serialPort),
 				Append: "on",

pkg/virt-launcher/virtwrap/converter/converter_test.go

@@ -621,6 +621,7 @@ var _ = Describe("Converter", func() {
 				MemBalloonStatsPeriod: 10,
 				EphemeraldiskCreator:  EphemeralDiskImageCreator,
 				FreePageReporting:     true,
+				SerialConsoleLog:      true,
 			}
 		})
 

pkg/virt-launcher/virtwrap/converter/testdata/domain_arm64.xml.tmpl

@@ -131,6 +131,7 @@
     <serial type="unix">
       <target port="0"></target>
       <source mode="bind" path="/var/run/kubevirt-private/f4686d2c-6e8d-4335-b8fd-81bee22f4814/virt-serial0"></source>
+      <log file="/var/run/kubevirt-private/f4686d2c-6e8d-4335-b8fd-81bee22f4814/virt-serial0-log" append="on"></log>
     </serial>
     <console type="pty">
       <target type="serial" port="0"></target>

pkg/virt-launcher/virtwrap/converter/testdata/domain_ppc64le.xml.tmpl

@@ -128,6 +128,7 @@
     <serial type="unix">
       <target port="0"></target>
       <source mode="bind" path="/var/run/kubevirt-private/f4686d2c-6e8d-4335-b8fd-81bee22f4814/virt-serial0"></source>
+      <log file="/var/run/kubevirt-private/f4686d2c-6e8d-4335-b8fd-81bee22f4814/virt-serial0-log" append="on"></log>
     </serial>
     <console type="pty">
       <target type="serial" port="0"></target>

pkg/virt-launcher/virtwrap/converter/testdata/domain_x86_64.xml.tmpl

@@ -129,6 +129,7 @@
     <serial type="unix">
       <target port="0"></target>
       <source mode="bind" path="/var/run/kubevirt-private/f4686d2c-6e8d-4335-b8fd-81bee22f4814/virt-serial0"></source>
+      <log file="/var/run/kubevirt-private/f4686d2c-6e8d-4335-b8fd-81bee22f4814/virt-serial0-log" append="on"></log>
     </serial>
     <console type="pty">
       <target type="serial" port="0"></target>

pkg/virt-launcher/virtwrap/converter/testdata/domain_x86_64_root.xml.tmpl

@@ -140,6 +140,7 @@
     <serial type="unix">
       <target port="0"></target>
       <source mode="bind" path="/var/run/kubevirt-private/f4686d2c-6e8d-4335-b8fd-81bee22f4814/virt-serial0"></source>
+      <log file="/var/run/kubevirt-private/f4686d2c-6e8d-4335-b8fd-81bee22f4814/virt-serial0-log" append="on"></log>
     </serial>
     <console type="pty">
       <target type="serial" port="0"></target>

pkg/virt-launcher/virtwrap/manager.go

@@ -940,6 +940,7 @@ func (l *LibvirtDomainManager) generateConverterContext(vmi *v1.VirtualMachineIn
 		EphemeraldiskCreator:  l.ephemeralDiskCreator,
 		UseLaunchSecurity:     kutil.IsSEVVMI(vmi),
 		FreePageReporting:     isFreePageReportingEnabled(false, vmi),
+		SerialConsoleLog:      isSerialConsoleLogEnabled(false, vmi),
 	}
 
 	if options != nil {
@@ -962,6 +963,7 @@ func (l *LibvirtDomainManager) generateConverterContext(vmi *v1.VirtualMachineIn
 			c.ExpandDisksEnabled = options.GetClusterConfig().GetExpandDisksEnabled()
 			c.FreePageReporting = isFreePageReportingEnabled(options.GetClusterConfig().GetFreePageReportingDisabled(), vmi)
 			c.BochsForEFIGuests = options.GetClusterConfig().GetBochsDisplayForEFIGuests()
+			c.SerialConsoleLog = isSerialConsoleLogEnabled(options.GetClusterConfig().GetSerialConsoleLogDisabled(), vmi)
 		}
 	}
 	c.DisksInfo = l.disksInfo
@@ -1002,6 +1004,10 @@ func isFreePageReportingEnabled(clusterFreePageReportingDisabled bool, vmi *v1.V
 	return true
 }
 
+func isSerialConsoleLogEnabled(clusterSerialConsoleLogDisabled bool, vmi *v1.VirtualMachineInstance) bool {
+	return (vmi.Spec.Domain.Devices.LogSerialConsole != nil && *vmi.Spec.Domain.Devices.LogSerialConsole) || (vmi.Spec.Domain.Devices.LogSerialConsole == nil && !clusterSerialConsoleLogDisabled)
+}
+
 func (l *LibvirtDomainManager) SyncVMI(vmi *v1.VirtualMachineInstance, allowEmulation bool, options *cmdv1.VirtualMachineOptions) (*api.DomainSpec, error) {
 	l.domainModifyLock.Lock()
 	defer l.domainModifyLock.Unlock()

pkg/virt-launcher/virtwrap/manager_test.go

@@ -405,6 +405,7 @@ var _ = Describe("Manager", func() {
 		}
 
 		freePageReportingDisabled := clusterConfig.IsFreePageReportingDisabled()
+		serialConsoleLogDisabled := clusterConfig.IsSerialConsoleLogDisabled()
 
 		c := &converter.ConverterContext{
 			Architecture:      runtime.GOARCH,
@@ -414,6 +415,7 @@ var _ = Describe("Manager", func() {
 			HotplugVolumes:    hotplugVolumes,
 			PermanentVolumes:  permanentVolumes,
 			FreePageReporting: isFreePageReportingEnabled(freePageReportingDisabled, vmi),
+			SerialConsoleLog:  isSerialConsoleLogEnabled(serialConsoleLogDisabled, vmi),
 			CPUSet:            []int{0, 1, 2, 3, 4, 5},
 			Topology:          topology,
 		}

pkg/virt-operator/resource/generate/components/validations_generated.go

@@ -1458,6 +1458,13 @@ var CRDsValidation map[string]string = map[string]string{
                     and the vmi is not requesting any high performance feature (dedicatedCPU/realtime/hugePages),
                     in which free page reporting is always disabled.
                   type: object
+                disableSerialConsoleLog:
+                  description: DisableSerialConsoleLog disables logging the auto-attached
+                    default serial console. If not set, serial console logs will be
+                    written to a file and then streamed from a container named 'guest-console-log'.
+                    The value can be individually overridden for each VM, not relevant
+                    if AutoattachSerialConsole is disabled.
+                  type: object
               type: object
             vmStateStorageClass:
               description: VMStateStorageClass is the name of the storage class to
@@ -6006,7 +6013,7 @@ var CRDsValidation map[string]string = map[string]string{
                             console or not. Serial console logs will be collect to
                             a file and then streamed from a named 'guest-console-log'.
                             Not relevant if autoattachSerialConsole is disabled. Defaults
-                            to false.
+                            to cluster wide setting on VirtualMachineOptions.
                           type: boolean
                         networkInterfaceMultiqueue:
                           description: If specified, virtual network interfaces configured
@@ -10536,7 +10543,7 @@ var CRDsValidation map[string]string = map[string]string{
                   description: Whether to log the auto-attached default serial console
                     or not. Serial console logs will be collect to a file and then
                     streamed from a named 'guest-console-log'. Not relevant if autoattachSerialConsole
-                    is disabled. Defaults to false.
+                    is disabled. Defaults to cluster wide setting on VirtualMachineOptions.
                   type: boolean
                 networkInterfaceMultiqueue:
                   description: If specified, virtual network interfaces configured
@@ -13265,7 +13272,7 @@ var CRDsValidation map[string]string = map[string]string{
                   description: Whether to log the auto-attached default serial console
                     or not. Serial console logs will be collect to a file and then
                     streamed from a named 'guest-console-log'. Not relevant if autoattachSerialConsole
-                    is disabled. Defaults to false.
+                    is disabled. Defaults to cluster wide setting on VirtualMachineOptions.
                   type: boolean
                 networkInterfaceMultiqueue:
                   description: If specified, virtual network interfaces configured
@@ -15454,7 +15461,7 @@ var CRDsValidation map[string]string = map[string]string{
                             console or not. Serial console logs will be collect to
                             a file and then streamed from a named 'guest-console-log'.
                             Not relevant if autoattachSerialConsole is disabled. Defaults
-                            to false.
+                            to cluster wide setting on VirtualMachineOptions.
                           type: boolean
                         networkInterfaceMultiqueue:
                           description: If specified, virtual network interfaces configured
@@ -19832,7 +19839,8 @@ var CRDsValidation map[string]string = map[string]string{
                                     serial console or not. Serial console logs will
                                     be collect to a file and then streamed from a
                                     named 'guest-console-log'. Not relevant if autoattachSerialConsole
-                                    is disabled. Defaults to false.
+                                    is disabled. Defaults to cluster wide setting
+                                    on VirtualMachineOptions.
                                   type: boolean
                                 networkInterfaceMultiqueue:
                                   description: If specified, virtual network interfaces
@@ -24995,7 +25003,7 @@ var CRDsValidation map[string]string = map[string]string{
                                         logs will be collect to a file and then streamed
                                         from a named 'guest-console-log'. Not relevant
                                         if autoattachSerialConsole is disabled. Defaults
-                                        to false.
+                                        to cluster wide setting on VirtualMachineOptions.
                                       type: boolean
                                     networkInterfaceMultiqueue:
                                       description: If specified, virtual network interfaces

staging/src/kubevirt.io/api/core/v1/schema.go

@@ -455,7 +455,7 @@ type Devices struct {
 	// Whether to log the auto-attached default serial console or not.
 	// Serial console logs will be collect to a file and then streamed from a named `guest-console-log`.
 	// Not relevant if autoattachSerialConsole is disabled.
-	// Defaults to false.
+	// Defaults to cluster wide setting on VirtualMachineOptions.
 	LogSerialConsole *bool `json:"logSerialConsole,omitempty"`
 	// Whether to attach the Memory balloon device with default period.
 	// Period can be adjusted in virt-config.