github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-06-27 15:57:09 +00:00
Code Issues Projects Releases Wiki Activity

gpu: Update config files

Browse Source 
With the recent changed to cgroupsv1 and AGENT_INIT=no we
need update to the config files.

Signed-off-by: Zvonko Kaiser <zkaiser@nvidia.com>
This commit is contained in:
Zvonko Kaiser 2025-01-24 02:55:45 +00:00
parent d28410ed75
commit d4dd87a974
4 changed files with 18 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
src/runtime/Makefile
View File

@ -439,17 +439,24 @@ ifneq (,$(QEMUCMD))
KERNELNAME_CONFIDENTIAL_NV = $(call MAKE_KERNEL_CONFIDENTIAL_NAME_NV,$(KERNELCONFIDENTIALTYPE)) KERNELNAME_CONFIDENTIAL_NV = $(call MAKE_KERNEL_CONFIDENTIAL_NAME_NV,$(KERNELCONFIDENTIALTYPE))
KERNELPATH_CONFIDENTIAL_NV = $(KERNELDIR)/$(KERNELNAME_CONFIDENTIAL_NV) KERNELPATH_CONFIDENTIAL_NV = $(KERNELDIR)/$(KERNELNAME_CONFIDENTIAL_NV)
DEFAULTVCPUS_NV = 16 DEFAULTVCPUS_NV = 1
DEFAULTMEMORY_NV = 65536 DEFAULTMEMORY_NV = 2048
DEFAULTTIMEOUT_NV = 320 DEFAULTTIMEOUT_NV = 320
DEFAULTVFIOPORT_NV = root-port DEFAULTVFIOPORT_NV = root-port
DEFAULTPCIEROOTPORT_NV = 8 DEFAULTPCIEROOTPORT_NV = 8
KERNELPARAMS_NV = "agent.hotplug_timeout=20" KERNELPARAMS_NV = "agent.hotplug_timeout=20"
KERNELPARAMS_NV += $(KERNELPARAMS) KERNELPARAMS_NV += "cgroup_no_v1=all"
KERNELTDXPARAMS_NV = "authorize_allow_devs=pci:ALL" KERNELTDXPARAMS_NV = $(KERNELPARAMS_NV)
KERNELTDXPARAMS_NV += $(KERNELTDXPARAMS) KERNELTDXPARAMS_NV += "clearcpuid=mtrr"
KERNELTDXPARAMS_NV += "authorize_allow_devs=pci:ALL"
KERNELSNPPARAMS_NV = $(KERNELPARAMS_NV)
# Setting this to false can lead to cgroup leakages in the host
# Best practice for production is to set this to true
DEFSANDBOXCGROUPONLY_NV = true
endif endif
ifneq (,$(CLHCMD)) ifneq (,$(CLHCMD))
@ -617,7 +624,9 @@ USER_VARS += DEFAULTVFIOPORT_NV
USER_VARS += DEFAULTPCIEROOTPORT_NV USER_VARS += DEFAULTPCIEROOTPORT_NV
USER_VARS += KERNELPARAMS_NV USER_VARS += KERNELPARAMS_NV
USER_VARS += KERNELTDXPARAMS_NV USER_VARS += KERNELTDXPARAMS_NV
USER_VARS += KERNELSNPPARAMS_NV
USER_VARS += DEFAULTTIMEOUT_NV USER_VARS += DEFAULTTIMEOUT_NV
USER_VARS += DEFSANDBOXCGROUPONLY_NV
USER_VARS += DEFROOTFSTYPE USER_VARS += DEFROOTFSTYPE
USER_VARS += MACHINETYPE USER_VARS += MACHINETYPE
USER_VARS += KERNELDIR USER_VARS += KERNELDIR

4
src/runtime/config/configuration-qemu-nvidia-gpu-snp.toml.in
View File

@ -70,7 +70,7 @@ valid_hypervisor_paths = @QEMUSNPVALIDHYPERVISORPATHS@
# may stop the virtual machine from booting. # may stop the virtual machine from booting.
# To see the list of default parameters, enable hypervisor debug, create a # To see the list of default parameters, enable hypervisor debug, create a
# container and look for 'default-kernel-parameters' log entries. # container and look for 'default-kernel-parameters' log entries.
kernel_params = "@KERNELPARAMS@" kernel_params = "@KERNELSNPPARAMS_NV@"
# Path to the firmware. # Path to the firmware.
# If you want that qemu uses the default firmware leave this option empty # If you want that qemu uses the default firmware leave this option empty
@ -617,7 +617,7 @@ disable_guest_seccomp=@DEFDISABLEGUESTSECCOMP@
# The sandbox cgroup path is the parent cgroup of a container with the PodSandbox annotation. # The sandbox cgroup path is the parent cgroup of a container with the PodSandbox annotation.
# The sandbox cgroup is constrained if there is no container type annotation. # The sandbox cgroup is constrained if there is no container type annotation.
# See: https://pkg.go.dev/github.com/kata-containers/kata-containers/src/runtime/virtcontainers#ContainerType # See: https://pkg.go.dev/github.com/kata-containers/kata-containers/src/runtime/virtcontainers#ContainerType
sandbox_cgroup_only=@DEFSANDBOXCGROUPONLY@ sandbox_cgroup_only=@DEFSANDBOXCGROUPONLY_NV@
# If enabled, the runtime will attempt to determine appropriate sandbox size (memory, CPU) before booting the virtual machine. In # If enabled, the runtime will attempt to determine appropriate sandbox size (memory, CPU) before booting the virtual machine. In
# this case, the runtime will not dynamically update the amount of memory and CPU in the virtual machine. This is generally helpful # this case, the runtime will not dynamically update the amount of memory and CPU in the virtual machine. This is generally helpful

2
src/runtime/config/configuration-qemu-nvidia-gpu-tdx.toml.in
View File

@ -613,7 +613,7 @@ disable_guest_seccomp=@DEFDISABLEGUESTSECCOMP@
# The sandbox cgroup path is the parent cgroup of a container with the PodSandbox annotation. # The sandbox cgroup path is the parent cgroup of a container with the PodSandbox annotation.
# The sandbox cgroup is constrained if there is no container type annotation. # The sandbox cgroup is constrained if there is no container type annotation.
# See: https://pkg.go.dev/github.com/kata-containers/kata-containers/src/runtime/virtcontainers#ContainerType # See: https://pkg.go.dev/github.com/kata-containers/kata-containers/src/runtime/virtcontainers#ContainerType
sandbox_cgroup_only=@DEFSANDBOXCGROUPONLY@ sandbox_cgroup_only=@DEFSANDBOXCGROUPONLY_NV@
# If enabled, the runtime will attempt to determine appropriate sandbox size (memory, CPU) before booting the virtual machine. In # If enabled, the runtime will attempt to determine appropriate sandbox size (memory, CPU) before booting the virtual machine. In
# this case, the runtime will not dynamically update the amount of memory and CPU in the virtual machine. This is generally helpful # this case, the runtime will not dynamically update the amount of memory and CPU in the virtual machine. This is generally helpful

2
src/runtime/config/configuration-qemu-nvidia-gpu.toml.in
View File

@ -638,7 +638,7 @@ disable_guest_seccomp=@DEFDISABLEGUESTSECCOMP@
# The sandbox cgroup path is the parent cgroup of a container with the PodSandbox annotation. # The sandbox cgroup path is the parent cgroup of a container with the PodSandbox annotation.
# The sandbox cgroup is constrained if there is no container type annotation. # The sandbox cgroup is constrained if there is no container type annotation.
# See: https://pkg.go.dev/github.com/kata-containers/kata-containers/src/runtime/virtcontainers#ContainerType # See: https://pkg.go.dev/github.com/kata-containers/kata-containers/src/runtime/virtcontainers#ContainerType
sandbox_cgroup_only=@DEFSANDBOXCGROUPONLY@ sandbox_cgroup_only=@DEFSANDBOXCGROUPONLY_NV@
# If enabled, the runtime will attempt to determine appropriate sandbox size (memory, CPU) before booting the virtual machine. In # If enabled, the runtime will attempt to determine appropriate sandbox size (memory, CPU) before booting the virtual machine. In
# this case, the runtime will not dynamically update the amount of memory and CPU in the virtual machine. This is generally helpful # this case, the runtime will not dynamically update the amount of memory and CPU in the virtual machine. This is generally helpful