Configuring communication between QM and ASIL containers¶
Cross-environment communication works similar to communication within the QM partition. In addition to mounting a volume, or storage area, that contains a UNIX domain socket inside the quality-managed (QM) container, you must create another UNIX domain socket in the Automotive Safety Integrity Level (ASIL) partition to enable inter-process communication (IPC) between the QM and ASIL partitions.
Prerequisites
- A custom manifest file, such as the manifest file that you created in Configuring communication between QM containers
- An ASIL container and a QM container that you want to communicate with each other
Procedure
-
To configure IPC between the two containers, update the Quadlet configuration to mount the volumes that contain the UNIX domain sockets in
/var/run/<another-dir>. In the example code,<your-dir>isasil-ipc-demo, but you can name the directory according to your own conventions.-
To connect the
engineapplication in the ASIL layer withmy-client-appin the QM layer, add this line to theengine.containerfile to mount the volume where the ASIL socket resides in the container, and set the correct SELinux label:[Container] Volume=/run/ipc/asil:/run/ipc/asil SecurityLabelType=ipc_t -
Add this line to the
my-client-app.containerfile to mount the volume where the ASIL socket resides in the container:[Container] Volume=/run/ipc/asil:/run/ipc/asil SecurityLabelType=qm_container_ipc_t
-
-
Create a Quadlet drop-in configuration for the QM container in the
files/root_fs/qm.container.d/10-extra-volume.conffile:[Unit] Requires=ipc.socket [Container] Volume=/run/ipc/asil:/run/ipc/asilNote
QM configuration is built in to the partition and should not be changed. Using drop-in files allows you to make additional modifications to the QM partition without overwriting the inherent configuration settings.
-
Copy the drop-in Quadlet QM configuration file to the image:
-
Add a new
org.osbuild.mkdirstage in therootfspipeline of your manifest file:- type: org.osbuild.mkdir options: paths: - path: /etc/containers/systemd/qm.container.d exist_ok: true parents: true -
Add a new input item to the
org.osbuild.copystage in therootfspipeline of your manifest file:- type: org.osbuild.copy inputs: [...] inlinefile4: type: org.osbuild.files origin: org.osbuild.source mpp-embed: id: qm_extra_volume path: ../files/root_fs/qm.container.d/10-extra-volume.conf options: paths: [...] - from: mpp-format-string: input://inlinefile4/{embedded['qm_extra_volume']} to: tree:///etc/containers/systemd/qm.container.d/10-extra-volume.conf
-
-
Optional: To use
systemdto create a UNIX socket file, create a*.socketfile with the same name as the service with which the socket is associated, such asengine.socketfor the engine service.-
Create the
systemdsocket file infiles/root_fs/engine.socket:[Unit] Description=An example systemd unix socket [Socket] ListenStream=%t/ipc/asil/ipc.socket RuntimeDirectory=ipc/asil [Install] WantedBy=sockets.targetNote
This step is optional because server application that binds and activates the UNIX socket can manage socket creation. However,
systemdmanages socket creation natively, which ultimately helps service synchronization. -
To enable the application to start after you create the socket, add these lines to the
engine.containerfile to create a dependency with thesystemdsocket service:[Unit] Requires=engine.socket After=engine.socket -
To copy the
systemdsocket file for the QM container into the image, add a new input item to theorg.osbuild.copystage in therootfspipeline of your manifest file:- type: org.osbuild.copy inputs: [...] inlinefile5: type: org.osbuild.files origin: org.osbuild.source mpp-embed: id: engine_socket path: ../files/root_fs/engine.socket options: paths: [...] - from: mpp-format-string: input://inlinefile5/{embedded['engine_socket']} to: tree:///etc/systemd/system/engine.socket
-
-
Optional: Set the
SELinuxconfiguration topermissivein the OSBuild manifest:- type: org.osbuild.selinux.config options: state: permissive
Additional resources