From 5010c643c44371584c13918fcb543b19ed9d1e1b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Tue, 5 Jul 2022 22:23:49 +0200 Subject: [PATCH 01/15] release: Revert kata-deploy changes after 2.5.0-rc0 release MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit As 2.5.0-rc0 has been released, let's switch the kata-deploy / kata-cleanup tags back to "latest", and re-add the kata-deploy-stable and the kata-cleanup-stable files. Signed-off-by: Fabiano Fidêncio --- .../base/kata-cleanup-stable.yaml | 46 +++++++++++++ .../kata-deploy/base/kata-deploy-stable.yaml | 69 +++++++++++++++++++ 2 files changed, 115 insertions(+) create mode 100644 tools/packaging/kata-deploy/kata-cleanup/base/kata-cleanup-stable.yaml create mode 100644 tools/packaging/kata-deploy/kata-deploy/base/kata-deploy-stable.yaml diff --git a/tools/packaging/kata-deploy/kata-cleanup/base/kata-cleanup-stable.yaml b/tools/packaging/kata-deploy/kata-cleanup/base/kata-cleanup-stable.yaml new file mode 100644 index 0000000000..f1d9d0a2f9 --- /dev/null +++ b/tools/packaging/kata-deploy/kata-cleanup/base/kata-cleanup-stable.yaml @@ -0,0 +1,46 @@ +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: kubelet-kata-cleanup + namespace: kube-system +spec: + selector: + matchLabels: + name: kubelet-kata-cleanup + template: + metadata: + labels: + name: kubelet-kata-cleanup + spec: + serviceAccountName: kata-label-node + nodeSelector: + katacontainers.io/kata-runtime: cleanup + containers: + - name: kube-kata-cleanup + image: quay.io/kata-containers/kata-deploy:stable + imagePullPolicy: Always + command: [ "bash", "-c", "/opt/kata-artifacts/scripts/kata-deploy.sh reset" ] + env: + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + securityContext: + privileged: false + volumeMounts: + - name: dbus + mountPath: /var/run/dbus + - name: systemd + mountPath: /run/systemd + volumes: + - name: dbus + hostPath: + path: /var/run/dbus + - name: systemd + hostPath: + path: /run/systemd + updateStrategy: + rollingUpdate: + maxUnavailable: 1 + type: RollingUpdate diff --git a/tools/packaging/kata-deploy/kata-deploy/base/kata-deploy-stable.yaml b/tools/packaging/kata-deploy/kata-deploy/base/kata-deploy-stable.yaml new file mode 100644 index 0000000000..346e4c0ee2 --- /dev/null +++ b/tools/packaging/kata-deploy/kata-deploy/base/kata-deploy-stable.yaml @@ -0,0 +1,69 @@ +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: kata-deploy + namespace: kube-system +spec: + selector: + matchLabels: + name: kata-deploy + template: + metadata: + labels: + name: kata-deploy + spec: + serviceAccountName: kata-label-node + containers: + - name: kube-kata + image: quay.io/kata-containers/kata-deploy:stable + imagePullPolicy: Always + lifecycle: + preStop: + exec: + command: ["bash", "-c", "/opt/kata-artifacts/scripts/kata-deploy.sh cleanup"] + command: [ "bash", "-c", "/opt/kata-artifacts/scripts/kata-deploy.sh install" ] + env: + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + securityContext: + privileged: false + volumeMounts: + - name: crio-conf + mountPath: /etc/crio/ + - name: containerd-conf + mountPath: /etc/containerd/ + - name: kata-artifacts + mountPath: /opt/kata/ + - name: dbus + mountPath: /var/run/dbus + - name: systemd + mountPath: /run/systemd + - name: local-bin + mountPath: /usr/local/bin/ + volumes: + - name: crio-conf + hostPath: + path: /etc/crio/ + - name: containerd-conf + hostPath: + path: /etc/containerd/ + - name: kata-artifacts + hostPath: + path: /opt/kata/ + type: DirectoryOrCreate + - name: dbus + hostPath: + path: /var/run/dbus + - name: systemd + hostPath: + path: /run/systemd + - name: local-bin + hostPath: + path: /usr/local/bin/ + updateStrategy: + rollingUpdate: + maxUnavailable: 1 + type: RollingUpdate From 4d89476c916b062a0b614f781763ae9d020fd303 Mon Sep 17 00:00:00 2001 From: Manabu Sugimoto Date: Wed, 6 Jul 2022 15:35:24 +0900 Subject: [PATCH 02/15] runtime: Fix DisableSelinux config Enable Kata runtime to handle `disable_selinux` flag properly in order to be able to change the status by the runtime configuration whether the runtime applies the SELinux label to VMM process. Fixes: #4599 Signed-off-by: Manabu Sugimoto --- src/runtime/config/configuration-acrn.toml.in | 6 +++--- src/runtime/config/configuration-clh.toml.in | 6 +++--- src/runtime/config/configuration-fc.toml.in | 6 +++--- src/runtime/config/configuration-qemu.toml.in | 6 +++--- src/runtime/pkg/katautils/config.go | 3 +++ 5 files changed, 15 insertions(+), 12 deletions(-) diff --git a/src/runtime/config/configuration-acrn.toml.in b/src/runtime/config/configuration-acrn.toml.in index f0be92ad08..5f1368ce82 100644 --- a/src/runtime/config/configuration-acrn.toml.in +++ b/src/runtime/config/configuration-acrn.toml.in @@ -118,6 +118,9 @@ block_device_driver = "@DEFBLOCKSTORAGEDRIVER_ACRN@" # but it will not abort container execution. #guest_hook_path = "/usr/share/oci/hooks" +# disable applying SELinux on the VMM process (default false) +disable_selinux=@DEFDISABLESELINUX@ + [agent.@PROJECT_TYPE@] # If enabled, make the agent display debug-level messages. # (default: disabled) @@ -186,9 +189,6 @@ internetworking_model="@DEFNETWORKMODEL_ACRN@" # (default: true) disable_guest_seccomp=@DEFDISABLEGUESTSECCOMP@ -# disable applying SELinux on the VMM process (default false) -disable_selinux=@DEFDISABLESELINUX@ - # If enabled, the runtime will create opentracing.io traces and spans. # (See https://www.jaegertracing.io/docs/getting-started). # (default: disabled) diff --git a/src/runtime/config/configuration-clh.toml.in b/src/runtime/config/configuration-clh.toml.in index 5d2d9c2f10..f09c095f0e 100644 --- a/src/runtime/config/configuration-clh.toml.in +++ b/src/runtime/config/configuration-clh.toml.in @@ -39,6 +39,9 @@ image = "@IMAGEPATH@" # Default false # confidential_guest = true +# disable applying SELinux on the VMM process (default false) +disable_selinux=@DEFDISABLESELINUX@ + # Path to the firmware. # If you want Cloud Hypervisor to use a specific firmware, set its path below. # This is option is only used when confidential_guest is enabled. @@ -319,9 +322,6 @@ internetworking_model="@DEFNETWORKMODEL_CLH@" # (default: true) disable_guest_seccomp=@DEFDISABLEGUESTSECCOMP@ -# disable applying SELinux on the VMM process (default false) -disable_selinux=@DEFDISABLESELINUX@ - # If enabled, the runtime will create opentracing.io traces and spans. # (See https://www.jaegertracing.io/docs/getting-started). # (default: disabled) diff --git a/src/runtime/config/configuration-fc.toml.in b/src/runtime/config/configuration-fc.toml.in index 8761d8a02e..b7f349c0dd 100644 --- a/src/runtime/config/configuration-fc.toml.in +++ b/src/runtime/config/configuration-fc.toml.in @@ -221,6 +221,9 @@ valid_entropy_sources = @DEFVALIDENTROPYSOURCES@ # Default 0-sized value means unlimited rate. #tx_rate_limiter_max_rate = 0 +# disable applying SELinux on the VMM process (default false) +disable_selinux=@DEFDISABLESELINUX@ + [factory] # VM templating support. Once enabled, new VMs are created from template # using vm cloning. They will share the same initial kernel, initramfs and @@ -309,9 +312,6 @@ internetworking_model="@DEFNETWORKMODEL_FC@" # (default: true) disable_guest_seccomp=@DEFDISABLEGUESTSECCOMP@ -# disable applying SELinux on the VMM process (default false) -disable_selinux=@DEFDISABLESELINUX@ - # If enabled, the runtime will create opentracing.io traces and spans. # (See https://www.jaegertracing.io/docs/getting-started). # (default: disabled) diff --git a/src/runtime/config/configuration-qemu.toml.in b/src/runtime/config/configuration-qemu.toml.in index 115cd19ccd..3ec44c8b6e 100644 --- a/src/runtime/config/configuration-qemu.toml.in +++ b/src/runtime/config/configuration-qemu.toml.in @@ -406,6 +406,9 @@ valid_entropy_sources = @DEFVALIDENTROPYSOURCES@ # use legacy serial for guest console if available and implemented for architecture. Default false #use_legacy_serial = true +# disable applying SELinux on the VMM process (default false) +disable_selinux=@DEFDISABLESELINUX@ + [factory] # VM templating support. Once enabled, new VMs are created from template # using vm cloning. They will share the same initial kernel, initramfs and @@ -523,9 +526,6 @@ internetworking_model="@DEFNETWORKMODEL_QEMU@" # (default: true) disable_guest_seccomp=@DEFDISABLEGUESTSECCOMP@ -# disable applying SELinux on the VMM process (default false) -disable_selinux=@DEFDISABLESELINUX@ - # If enabled, the runtime will create opentracing.io traces and spans. # (See https://www.jaegertracing.io/docs/getting-started). # (default: disabled) diff --git a/src/runtime/pkg/katautils/config.go b/src/runtime/pkg/katautils/config.go index 4edc0c1108..0903c8ea9e 100644 --- a/src/runtime/pkg/katautils/config.go +++ b/src/runtime/pkg/katautils/config.go @@ -669,6 +669,7 @@ func newFirecrackerHypervisorConfig(h hypervisor) (vc.HypervisorConfig, error) { RxRateLimiterMaxRate: rxRateLimiterMaxRate, TxRateLimiterMaxRate: txRateLimiterMaxRate, EnableAnnotations: h.EnableAnnotations, + DisableSeLinux: h.DisableSeLinux, }, nil } @@ -805,6 +806,7 @@ func newQemuHypervisorConfig(h hypervisor) (vc.HypervisorConfig, error) { GuestSwap: h.GuestSwap, Rootless: h.Rootless, LegacySerial: h.LegacySerial, + DisableSeLinux: h.DisableSeLinux, }, nil } @@ -869,6 +871,7 @@ func newAcrnHypervisorConfig(h hypervisor) (vc.HypervisorConfig, error) { BlockDeviceDriver: blockDriver, DisableVhostNet: h.DisableVhostNet, GuestHookPath: h.guestHookPath(), + DisableSeLinux: h.DisableSeLinux, EnableAnnotations: h.EnableAnnotations, }, nil } From 0e40ecf383850c6eeb23ac2e80702f0f13a76d7a Mon Sep 17 00:00:00 2001 From: Derek Lee Date: Fri, 24 Jun 2022 10:08:41 -0700 Subject: [PATCH 03/15] tools/snap: simplify nproc Replaces calls of nproc with nproc with nproc ${CI:+--ignore 1} to run nproc with one less processing unit than the maximum to prevent DOS-ing the local machine. If process is being run in a container (determined via whether $CI is null), all processing units avaliable will be used. Fixes #3967 Signed-off-by: Derek Lee --- docs/Developer-Guide.md | 2 +- docs/use-cases/using-Intel-QAT-and-kata.md | 4 ++-- snap/snapcraft.yaml | 4 ++-- tools/osbuilder/dockerfiles/QAT/run.sh | 4 ++-- tools/packaging/kata-deploy/local-build/Makefile | 2 +- tools/packaging/kernel/build-kernel.sh | 4 ++-- tools/packaging/static-build/qemu/Dockerfile | 2 +- 7 files changed, 11 insertions(+), 11 deletions(-) diff --git a/docs/Developer-Guide.md b/docs/Developer-Guide.md index 05664b7248..c1c2d62ab1 100644 --- a/docs/Developer-Guide.md +++ b/docs/Developer-Guide.md @@ -425,7 +425,7 @@ To build utilizing the same options as Kata, you should make use of the `configu $ cd $your_qemu_directory $ $packaging_dir/scripts/configure-hypervisor.sh kata-qemu > kata.cfg $ eval ./configure "$(cat kata.cfg)" -$ make -j $(nproc) +$ make -j $(nproc --ignore=1) $ sudo -E make install ``` diff --git a/docs/use-cases/using-Intel-QAT-and-kata.md b/docs/use-cases/using-Intel-QAT-and-kata.md index 0bcd2e3bbd..d029de3672 100644 --- a/docs/use-cases/using-Intel-QAT-and-kata.md +++ b/docs/use-cases/using-Intel-QAT-and-kata.md @@ -279,8 +279,8 @@ $ export KERNEL_EXTRAVERSION=$(awk '/^EXTRAVERSION =/{print $NF}' $GOPATH/$LINUX $ export KERNEL_ROOTFS_DIR=${KERNEL_MAJOR_VERSION}.${KERNEL_PATHLEVEL}.${KERNEL_SUBLEVEL}${KERNEL_EXTRAVERSION} $ cd $QAT_SRC $ KERNEL_SOURCE_ROOT=$GOPATH/$LINUX_VER ./configure --enable-icp-sriov=guest -$ sudo -E make all -j$(nproc) -$ sudo -E make INSTALL_MOD_PATH=$ROOTFS_DIR qat-driver-install -j$(nproc) +$ sudo -E make all -j $($(nproc ${CI:+--ignore 1})) +$ sudo -E make INSTALL_MOD_PATH=$ROOTFS_DIR qat-driver-install -j $($(nproc ${CI:+--ignore 1})) ``` The `usdm_drv` module also needs to be copied into the rootfs modules path and diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 77f27b15f9..b462755080 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -193,7 +193,7 @@ parts: # Setup and build kernel ./build-kernel.sh -v "${kernel_version}" -d setup cd ${kernel_dir_prefix}* - make -j $(($(nproc)-1)) EXTRAVERSION=".container" + make -j $(nproc ${CI:+--ignore 1}) EXTRAVERSION=".container" kernel_suffix="${kernel_version}.container" kata_kernel_dir="${SNAPCRAFT_PART_INSTALL}/usr/share/kata-containers" @@ -282,7 +282,7 @@ parts: esac # build and install - make -j $(($(nproc)-1)) + make -j $(nproc ${CI:+--ignore 1}) make install DESTDIR="${SNAPCRAFT_PART_INSTALL}" prime: - -snap/ diff --git a/tools/osbuilder/dockerfiles/QAT/run.sh b/tools/osbuilder/dockerfiles/QAT/run.sh index b30c34c8b0..59194a2bcb 100755 --- a/tools/osbuilder/dockerfiles/QAT/run.sh +++ b/tools/osbuilder/dockerfiles/QAT/run.sh @@ -90,14 +90,14 @@ build_qat_drivers() KERNEL_ROOTFS_DIR=${KERNEL_MAJOR_VERSION}.${KERNEL_PATHLEVEL}.${KERNEL_SUBLEVEL}${KERNEL_EXTRAVERSION} cd $QAT_SRC KERNEL_SOURCE_ROOT=${linux_kernel_path} ./configure ${QAT_CONFIGURE_OPTIONS} - make all -j$(nproc) + make all -j $($(nproc ${CI:+--ignore 1})) } add_qat_to_rootfs() { /bin/echo -e "\n\e[1;42mCopy driver modules to rootfs\e[0m" cd $QAT_SRC - sudo -E make INSTALL_MOD_PATH=${ROOTFS_DIR} qat-driver-install -j$(nproc) + sudo -E make INSTALL_MOD_PATH=${ROOTFS_DIR} qat-driver-install -j$(nproc --ignore=1) sudo cp $QAT_SRC/build/usdm_drv.ko ${ROOTFS_DIR}/lib/modules/${KERNEL_ROOTFS_DIR}/updates/drivers sudo depmod -a -b ${ROOTFS_DIR} ${KERNEL_ROOTFS_DIR} cd ${kata_repo_path}/tools/osbuilder/image-builder diff --git a/tools/packaging/kata-deploy/local-build/Makefile b/tools/packaging/kata-deploy/local-build/Makefile index 9d09db049c..9f9bdcd6c5 100644 --- a/tools/packaging/kata-deploy/local-build/Makefile +++ b/tools/packaging/kata-deploy/local-build/Makefile @@ -19,7 +19,7 @@ $(MK_DIR)/dockerbuild/install_yq.sh: $(MK_DIR)/kata-deploy-copy-yq-installer.sh all-parallel: $(MK_DIR)/dockerbuild/install_yq.sh - ${MAKE} -f $(MK_PATH) all -j$$(( $$(nproc) - 1 )) V= + ${MAKE} -f $(MK_PATH) all -j $(shell nproc ${CI:+--ignore 1}) V= all: cloud-hypervisor-tarball \ firecracker-tarball \ diff --git a/tools/packaging/kernel/build-kernel.sh b/tools/packaging/kernel/build-kernel.sh index 4e58a45ef1..9b9a008d8f 100755 --- a/tools/packaging/kernel/build-kernel.sh +++ b/tools/packaging/kernel/build-kernel.sh @@ -418,9 +418,9 @@ build_kernel() { [ -n "${arch_target}" ] || arch_target="$(uname -m)" arch_target=$(arch_to_kernel "${arch_target}") pushd "${kernel_path}" >>/dev/null - make -j $(nproc) ARCH="${arch_target}" + make -j $(nproc ${CI:+--ignore 1}) ARCH="${arch_target}" if [ "${conf_guest}" == "sev" ]; then - make -j $(nproc --ignore=1) INSTALL_MOD_STRIP=1 INSTALL_MOD_PATH=${kernel_path} modules_install + make -j $(nproc ${CI:+--ignore 1}) INSTALL_MOD_STRIP=1 INSTALL_MOD_PATH=${kernel_path} modules_install fi [ "$arch_target" != "powerpc" ] && ([ -e "arch/${arch_target}/boot/bzImage" ] || [ -e "arch/${arch_target}/boot/Image.gz" ]) [ -e "vmlinux" ] diff --git a/tools/packaging/static-build/qemu/Dockerfile b/tools/packaging/static-build/qemu/Dockerfile index 61cc6ce951..27d088303e 100644 --- a/tools/packaging/static-build/qemu/Dockerfile +++ b/tools/packaging/static-build/qemu/Dockerfile @@ -74,6 +74,6 @@ RUN git clone --depth=1 "${QEMU_REPO}" qemu && \ /root/patch_qemu.sh "${QEMU_VERSION}" "/root/kata_qemu/patches" && \ (PREFIX="${PREFIX}" /root/configure-hypervisor.sh -s "kata-qemu${BUILD_SUFFIX}" | xargs ./configure \ --with-pkgversion="kata-static${BUILD_SUFFIX}") && \ - make -j"$(nproc)" && \ + make -j"$(nproc ${CI:+--ignore 1})" && \ make install DESTDIR="${QEMU_DESTDIR}" && \ /root/static-build/scripts/qemu-build-post.sh From efdb92366b633f8ca573f31df7ff2ca1ac067980 Mon Sep 17 00:00:00 2001 From: Archana Shinde Date: Tue, 5 Jul 2022 14:46:43 -0700 Subject: [PATCH 04/15] build: Fix clh source build as normal user While running make as non-privileged user, the make errors out with the following message: "INFO: Build cloud-hypervisor enabling the following features: tdx Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post "http://%2Fvar%2Frun%2Fdocker.sock/v1.24/images/create?fromImage=cloudhypervisor%2Fdev&tag=20220524-0": dial unix /var/run/docker.sock: connect: permission denied" Even though the user may be part of docker group, the clh build from source does a docker in docker build. It is necessary for the user of the nested container to be part of docker build for the build to succeed. Fixes #4594 Signed-off-by: Archana Shinde --- .../kata-deploy/local-build/dockerbuild/Dockerfile | 7 ++++++- .../local-build/kata-deploy-binaries-in-docker.sh | 14 ++++++++++++-- 2 files changed, 18 insertions(+), 3 deletions(-) diff --git a/tools/packaging/kata-deploy/local-build/dockerbuild/Dockerfile b/tools/packaging/kata-deploy/local-build/dockerbuild/Dockerfile index 5514d9a640..06a4a93ac9 100644 --- a/tools/packaging/kata-deploy/local-build/dockerbuild/Dockerfile +++ b/tools/packaging/kata-deploy/local-build/dockerbuild/Dockerfile @@ -23,8 +23,13 @@ RUN apt-get update && \ ARG IMG_USER=kata-builder ARG UID=1000 ARG GID=1000 +# gid of the docker group on the host, required for running docker in docker builds. +ARG HOST_DOCKER_GID + RUN if [ ${IMG_USER} != "root" ]; then groupadd --gid=${GID} ${IMG_USER};fi RUN if [ ${IMG_USER} != "root" ]; then adduser ${IMG_USER} --uid=${UID} --gid=${GID};fi +RUN if [ ${IMG_USER} != "root" ] && [ ! -z ${HOST_DOCKER_GID} ]; then groupadd --gid=${HOST_DOCKER_GID} docker_on_host;fi +RUN if [ ${IMG_USER} != "root" ] && [ ! -z ${HOST_DOCKER_GID} ]; then usermod -a -G docker_on_host ${IMG_USER};fi RUN sh -c "echo '${IMG_USER} ALL=NOPASSWD: ALL' >> /etc/sudoers" #FIXME: gcc is required as agent is build out of a container build. @@ -40,4 +45,4 @@ RUN apt-get update && \ apt-get clean && rm -rf /var/lib/apt/lists ENV USER ${IMG_USER} -USER ${UID}:${GID} +USER ${IMG_USER} diff --git a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries-in-docker.sh b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries-in-docker.sh index 4035ff9cbd..24d19c936f 100755 --- a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries-in-docker.sh +++ b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries-in-docker.sh @@ -20,17 +20,27 @@ if [ "${script_dir}" != "${PWD}" ]; then ln -sf "${script_dir}/build" "${PWD}/build" fi +# This is the gid of the "docker" group on host. In case of docker in docker builds +# for some of the targets (clh builds from source), the nested container user needs to +# be part of this group. +docker_gid=$(getent group docker | cut -d: -f3 || { echo >&2 "Missing docker group, docker needs to be installed" && false; }) + +# If docker gid is the effective group id of the user, do not pass it as +# an additional group. +if [ ${docker_gid} == ${gid} ]; then + docker_gid="" +fi + docker build -q -t build-kata-deploy \ --build-arg IMG_USER="${USER}" \ --build-arg UID=${uid} \ --build-arg GID=${gid} \ + --build-arg HOST_DOCKER_GID=${docker_gid} \ "${script_dir}/dockerbuild/" docker run \ -v /var/run/docker.sock:/var/run/docker.sock \ - --user ${uid}:${gid} \ --env USER=${USER} -v "${kata_dir}:${kata_dir}" \ --rm \ -w ${script_dir} \ build-kata-deploy "${kata_deploy_create}" $@ - From 2551924bda926ec9f2ee210323f6b034f5a77acf Mon Sep 17 00:00:00 2001 From: liubin Date: Thu, 7 Jul 2022 11:34:04 +0800 Subject: [PATCH 05/15] docs: delete CRI containerd plugin statement There is no independent CRI containerd plugin for new containerd, the related documentation should be updated too. Fixes: #4605 Signed-off-by: liubin --- docs/how-to/README.md | 2 +- docs/how-to/how-to-set-prometheus-in-k8s.md | 2 +- ...md => how-to-use-k8s-with-containerd-and-kata.md} | 12 ++++++------ docs/how-to/privileged.md | 2 +- docs/how-to/run-kata-with-k8s.md | 6 +++--- 5 files changed, 12 insertions(+), 12 deletions(-) rename docs/how-to/{how-to-use-k8s-with-cri-containerd-and-kata.md => how-to-use-k8s-with-containerd-and-kata.md} (93%) diff --git a/docs/how-to/README.md b/docs/how-to/README.md index 6dd163ce73..aa09b49c73 100644 --- a/docs/how-to/README.md +++ b/docs/how-to/README.md @@ -5,7 +5,7 @@ - [Run Kata containers with `crictl`](run-kata-with-crictl.md) - [Run Kata Containers with Kubernetes](run-kata-with-k8s.md) - [How to use Kata Containers and Containerd](containerd-kata.md) -- [How to use Kata Containers and CRI (containerd) with Kubernetes](how-to-use-k8s-with-cri-containerd-and-kata.md) +- [How to use Kata Containers and containerd with Kubernetes](how-to-use-k8s-with-containerd-and-kata.md) - [Kata Containers and service mesh for Kubernetes](service-mesh.md) - [How to import Kata Containers logs into Fluentd](how-to-import-kata-logs-with-fluentd.md) diff --git a/docs/how-to/how-to-set-prometheus-in-k8s.md b/docs/how-to/how-to-set-prometheus-in-k8s.md index 2090c3bd51..e61db2d1ca 100644 --- a/docs/how-to/how-to-set-prometheus-in-k8s.md +++ b/docs/how-to/how-to-set-prometheus-in-k8s.md @@ -19,7 +19,7 @@ Also you should ensure that `kubectl` working correctly. > **Note**: More information about Kubernetes integrations: > - [Run Kata Containers with Kubernetes](run-kata-with-k8s.md) > - [How to use Kata Containers and Containerd](containerd-kata.md) -> - [How to use Kata Containers and CRI (containerd plugin) with Kubernetes](how-to-use-k8s-with-cri-containerd-and-kata.md) +> - [How to use Kata Containers and containerd with Kubernetes](how-to-use-k8s-with-containerd-and-kata.md) ## Configure Prometheus diff --git a/docs/how-to/how-to-use-k8s-with-cri-containerd-and-kata.md b/docs/how-to/how-to-use-k8s-with-containerd-and-kata.md similarity index 93% rename from docs/how-to/how-to-use-k8s-with-cri-containerd-and-kata.md rename to docs/how-to/how-to-use-k8s-with-containerd-and-kata.md index bacfdccc86..de7a34ef61 100644 --- a/docs/how-to/how-to-use-k8s-with-cri-containerd-and-kata.md +++ b/docs/how-to/how-to-use-k8s-with-containerd-and-kata.md @@ -1,15 +1,15 @@ -# How to use Kata Containers and CRI (containerd plugin) with Kubernetes +# How to use Kata Containers and containerd with Kubernetes This document describes how to set up a single-machine Kubernetes (k8s) cluster. The Kubernetes cluster will use the -[CRI containerd](https://github.com/containerd/containerd/) and -[Kata Containers](https://katacontainers.io) to launch untrusted workloads. +[containerd](https://github.com/containerd/containerd/) and +[Kata Containers](https://katacontainers.io) to launch workloads. ## Requirements - Kubernetes, Kubelet, `kubeadm` -- containerd with `cri` plug-in +- containerd - Kata Containers > **Note:** For information about the supported versions of these components, @@ -149,7 +149,7 @@ $ sudo -E kubectl taint nodes --all node-role.kubernetes.io/master- ## Create runtime class for Kata Containers -By default, all pods are created with the default runtime configured in CRI containerd plugin. +By default, all pods are created with the default runtime configured in containerd. From Kubernetes v1.12, users can use [`RuntimeClass`](https://kubernetes.io/docs/concepts/containers/runtime-class/#runtime-class) to specify a different runtime for Pods. ```bash @@ -166,7 +166,7 @@ $ sudo -E kubectl apply -f runtime.yaml ## Run pod in Kata Containers -If a pod has the `runtimeClassName` set to `kata`, the CRI plugin runs the pod with the +If a pod has the `runtimeClassName` set to `kata`, the CRI runs the pod with the [Kata Containers runtime](../../src/runtime/README.md). - Create an pod configuration that using Kata Containers runtime diff --git a/docs/how-to/privileged.md b/docs/how-to/privileged.md index 10868f9a31..048509ff17 100644 --- a/docs/how-to/privileged.md +++ b/docs/how-to/privileged.md @@ -40,7 +40,7 @@ See below example config: ConfigPath = "/opt/kata/share/defaults/kata-containers/configuration.toml" ``` - - [Kata Containers with Containerd and CRI documentation](how-to-use-k8s-with-cri-containerd-and-kata.md) + - [How to use Kata Containers and containerd with Kubernetes](how-to-use-k8s-with-containerd-and-kata.md) - [Containerd CRI config documentation](https://github.com/containerd/containerd/blob/main/docs/cri/config.md) #### CRI-O diff --git a/docs/how-to/run-kata-with-k8s.md b/docs/how-to/run-kata-with-k8s.md index baee63bffe..4e5c58d5a2 100644 --- a/docs/how-to/run-kata-with-k8s.md +++ b/docs/how-to/run-kata-with-k8s.md @@ -15,7 +15,7 @@ After choosing one CRI implementation, you must make the appropriate configurati to ensure it integrates with Kata Containers. Kata Containers 1.5 introduced the `shimv2` for containerd 1.2.0, reducing the components -required to spawn pods and containers, and this is the preferred way to run Kata Containers with Kubernetes ([as documented here](../how-to/how-to-use-k8s-with-cri-containerd-and-kata.md#configure-containerd-to-use-kata-containers)). +required to spawn pods and containers, and this is the preferred way to run Kata Containers with Kubernetes ([as documented here](../how-to/how-to-use-k8s-with-containerd-and-kata.md#configure-containerd-to-use-kata-containers)). An equivalent shim implementation for CRI-O is planned. @@ -57,7 +57,7 @@ content shown below: To customize containerd to select Kata Containers runtime, follow our "Configure containerd to use Kata Containers" internal documentation -[here](../how-to/how-to-use-k8s-with-cri-containerd-and-kata.md#configure-containerd-to-use-kata-containers). +[here](../how-to/how-to-use-k8s-with-containerd-and-kata.md#configure-containerd-to-use-kata-containers). ## Install Kubernetes @@ -85,7 +85,7 @@ Environment="KUBELET_EXTRA_ARGS=--container-runtime=remote --runtime-request-tim Environment="KUBELET_EXTRA_ARGS=--container-runtime=remote --runtime-request-timeout=15m --container-runtime-endpoint=unix:///run/containerd/containerd.sock" ``` For more information about containerd see the "Configure Kubelet to use containerd" -documentation [here](../how-to/how-to-use-k8s-with-cri-containerd-and-kata.md#configure-kubelet-to-use-containerd). +documentation [here](../how-to/how-to-use-k8s-with-containerd-and-kata.md#configure-kubelet-to-use-containerd). ## Run a Kubernetes pod with Kata Containers From e57a1c831ebc087ffdaaecdfe742a0133a7595b8 Mon Sep 17 00:00:00 2001 From: Archana Shinde Date: Tue, 5 Jul 2022 14:58:10 -0700 Subject: [PATCH 06/15] build: Mark git repos as safe for build This is not an issue when the build is run as non-privilged user. Marking these as safe in case where the build may be run as root or some other user. Signed-off-by: Archana Shinde --- .../packaging/static-build/cloud-hypervisor/build-static-clh.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/tools/packaging/static-build/cloud-hypervisor/build-static-clh.sh b/tools/packaging/static-build/cloud-hypervisor/build-static-clh.sh index 82ad3b42b9..8cb1a6e79f 100755 --- a/tools/packaging/static-build/cloud-hypervisor/build-static-clh.sh +++ b/tools/packaging/static-build/cloud-hypervisor/build-static-clh.sh @@ -56,6 +56,7 @@ build_clh_from_source() { repo_dir="${repo_dir//.git}" rm -rf "${repo_dir}" git clone "${cloud_hypervisor_repo}" + git config --global --add safe.directory "$PWD/repo_dir" pushd "${repo_dir}" if [ -n "${cloud_hypervisor_pr}" ]; then From 57c2d8b749796646f2dd5a6752e5af656b435630 Mon Sep 17 00:00:00 2001 From: Gabriela Cervantes Date: Thu, 7 Jul 2022 21:48:18 +0000 Subject: [PATCH 07/15] docs: Update URL links for containerd documentation This PR updates some url links related with containerd documentation. Fixes #4615 Signed-off-by: Gabriela Cervantes --- docs/how-to/containerd-kata.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/how-to/containerd-kata.md b/docs/how-to/containerd-kata.md index ffb7614a09..2ac0613c6d 100644 --- a/docs/how-to/containerd-kata.md +++ b/docs/how-to/containerd-kata.md @@ -132,9 +132,9 @@ The `RuntimeClass` is suggested. The following configuration includes two runtime classes: - `plugins.cri.containerd.runtimes.runc`: the runc, and it is the default runtime. -- `plugins.cri.containerd.runtimes.kata`: The function in containerd (reference [the document here](https://github.com/containerd/containerd/tree/master/runtime/v2#binary-naming)) +- `plugins.cri.containerd.runtimes.kata`: The function in containerd (reference [the document here](https://github.com/containerd/containerd/tree/main/runtime/v2#binary-naming)) where the dot-connected string `io.containerd.kata.v2` is translated to `containerd-shim-kata-v2` (i.e. the - binary name of the Kata implementation of [Containerd Runtime V2 (Shim API)](https://github.com/containerd/containerd/tree/master/runtime/v2)). + binary name of the Kata implementation of [Containerd Runtime V2 (Shim API)](https://github.com/containerd/containerd/tree/main/runtime/v2)). ```toml [plugins.cri.containerd] From 13df57c393cb2cd5ee71a334392140be05a380b3 Mon Sep 17 00:00:00 2001 From: Yuan-Zhuo Date: Fri, 8 Jul 2022 10:40:30 +0800 Subject: [PATCH 08/15] build: save lines for repository_owner check repository_owner check in docs-url-alive-check.yaml now is specified for each step, it can be in job level to save lines. Fixes: #4611 Signed-off-by: Yuan-Zhuo --- .github/workflows/docs-url-alive-check.yaml | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/.github/workflows/docs-url-alive-check.yaml b/.github/workflows/docs-url-alive-check.yaml index 0100b308a4..0ef3e47d13 100644 --- a/.github/workflows/docs-url-alive-check.yaml +++ b/.github/workflows/docs-url-alive-check.yaml @@ -10,35 +10,32 @@ jobs: go-version: [1.17.x] os: [ubuntu-20.04] runs-on: ${{ matrix.os }} + # don't run this action on forks + if: github.repository_owner == 'kata-containers' env: target_branch: ${{ github.base_ref }} steps: - name: Install Go - if: github.repository_owner == 'kata-containers' uses: actions/setup-go@v2 with: go-version: ${{ matrix.go-version }} env: GOPATH: ${{ runner.workspace }}/kata-containers - name: Set env - if: github.repository_owner == 'kata-containers' run: | echo "GOPATH=${{ github.workspace }}" >> $GITHUB_ENV echo "${{ github.workspace }}/bin" >> $GITHUB_PATH - name: Checkout code - if: github.repository_owner == 'kata-containers' uses: actions/checkout@v2 with: fetch-depth: 0 path: ./src/github.com/${{ github.repository }} - name: Setup - if: github.repository_owner == 'kata-containers' run: | cd ${GOPATH}/src/github.com/${{ github.repository }} && ./ci/setup.sh env: GOPATH: ${{ runner.workspace }}/kata-containers # docs url alive check - name: Docs URL Alive Check - if: github.repository_owner == 'kata-containers' run: | cd ${GOPATH}/src/github.com/${{ github.repository }} && make docs-url-alive-check From 386a523a05b3baeaedaa2815e2bb6badcc0967a7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Fri, 8 Jul 2022 12:33:30 +0200 Subject: [PATCH 09/15] kata-deploy: Pass the config path to CRI-O MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit As we're already doing for containerd, let's also pass the configuration path to CRI-O, as all the supported CRI-O versions do support this configuration option. Signed-off-by: Fabiano Fidêncio --- tools/packaging/kata-deploy/scripts/kata-deploy.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tools/packaging/kata-deploy/scripts/kata-deploy.sh b/tools/packaging/kata-deploy/scripts/kata-deploy.sh index 1bd51f4e28..9bb0275f96 100755 --- a/tools/packaging/kata-deploy/scripts/kata-deploy.sh +++ b/tools/packaging/kata-deploy/scripts/kata-deploy.sh @@ -129,12 +129,15 @@ function cleanup_different_shims_base() { function configure_crio_runtime() { local runtime="kata" + local configuration="configuration" if [ -n "${1-}" ]; then runtime+="-$1" + configuration+="-$1" fi local kata_path="/usr/local/bin/containerd-shim-${runtime}-v2" local kata_conf="crio.runtime.runtimes.${runtime}" + local kata_config_path="/opt/kata/share/defaults/kata-containers/$configuration.toml" cat < Date: Fri, 8 Jul 2022 12:44:43 +0200 Subject: [PATCH 10/15] kata-deploy: Rely on the configured config path MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Instead of passing a `KATA_CONF_FILE` environament variable, let's rely on the configured (in the container engine) config path, as both containerd and CRI-O support it, and we're using this for both of them. Fixes: #4608 Signed-off-by: Fabiano Fidêncio --- tools/packaging/kata-deploy/scripts/kata-deploy.sh | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/tools/packaging/kata-deploy/scripts/kata-deploy.sh b/tools/packaging/kata-deploy/scripts/kata-deploy.sh index 9bb0275f96..4345f24035 100755 --- a/tools/packaging/kata-deploy/scripts/kata-deploy.sh +++ b/tools/packaging/kata-deploy/scripts/kata-deploy.sh @@ -98,10 +98,7 @@ function configure_different_shims_base() { fi fi - cat << EOF | tee "$shim_file" -#!/usr/bin/env bash -KATA_CONF_FILE=/opt/kata/share/defaults/kata-containers/configuration-${shim}.toml /opt/kata/bin/containerd-shim-kata-v2 "\$@" -EOF + ln -sf /opt/kata/bin/containerd-shim-kata-v2 "${shim_file}" chmod +x "$shim_file" if [ "${shim}" == "${default_shim}" ]; then From 80c68b80a81a04c632190ef5d87e620feccb9897 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Mon, 11 Jul 2022 10:52:36 +0200 Subject: [PATCH 11/15] kernel: Deduplicate code used for building TEE kernels MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit There's no need to have the entire function for building SEV / TDX duplicated. Let's remove those functions and create a `get_tee_kernel()` which takes the TEE as the argument. Fixes: #4627 Signed-off-by: Fabiano Fidêncio --- tools/packaging/kernel/build-kernel.sh | 36 ++++++-------------------- 1 file changed, 8 insertions(+), 28 deletions(-) diff --git a/tools/packaging/kernel/build-kernel.sh b/tools/packaging/kernel/build-kernel.sh index 9b9a008d8f..d3a3be9ea8 100755 --- a/tools/packaging/kernel/build-kernel.sh +++ b/tools/packaging/kernel/build-kernel.sh @@ -116,34 +116,19 @@ arch_to_kernel() { esac } -get_tdx_kernel() { +get_tee_kernel() { local version="${1}" - local kernel_path=${2} + local kernel_path="${2}" + local tee="${3}" mkdir -p ${kernel_path} - kernel_url=$(get_from_kata_deps "assets.kernel.tdx.url") + kernel_url=$(get_from_kata_deps "assets.kernel.${tee}.url") kernel_tarball="${version}.tar.gz" if [ ! -f "${kernel_tarball}" ]; then curl --fail -OL "${kernel_url}/${kernel_tarball}" fi - - tar --strip-components=1 -xf ${kernel_tarball} -C ${kernel_path} -} - -get_sev_kernel() { - local version="${1}" - local kernel_path=${2} - - mkdir -p ${kernel_path} - - kernel_url=$(get_from_kata_deps "assets.kernel.sev.url") - kernel_tarball="${version}.tar.gz" - - if [ ! -f "${kernel_tarball}" ]; then - curl --fail -OL "${kernel_url}${kernel_tarball}" - fi mkdir -p ${kernel_path} tar --strip-components=1 -xf ${kernel_tarball} -C ${kernel_path} @@ -156,11 +141,8 @@ get_kernel() { [ -n "${kernel_path}" ] || die "kernel_path not provided" [ ! -d "${kernel_path}" ] || die "kernel_path already exist" - if [ "${conf_guest}" == "tdx" ]; then - get_tdx_kernel ${version} ${kernel_path} - return - elif [ "${conf_guest}" == "sev" ]; then - get_sev_kernel ${version} ${kernel_path} + if [ "${conf_guest}" != "" ]; then + get_tee_kernel ${version} ${kernel_path} ${conf_guest} return fi @@ -563,11 +545,9 @@ main() { kernel_version=$(get_from_kata_deps "assets.kernel-experimental.tag") ;; esac - elif [[ "${conf_guest}" == "tdx" ]]; then - kernel_version=$(get_from_kata_deps "assets.kernel.tdx.tag") - elif [[ "${conf_guest}" == "sev" ]]; then + elif [[ "${conf_guest}" != "" ]]; then #If specifying a tag for kernel_version, must be formatted version-like to avoid unintended parsing issues - kernel_version=$(get_from_kata_deps "assets.kernel.sev.tag") + kernel_version=$(get_from_kata_deps "assets.kernel.${conf_guest}.tag") else kernel_version=$(get_from_kata_deps "assets.kernel.version") fi From 1a25afcdf5d9f84ec2081d4a64a1862d9a6eb13f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Mon, 11 Jul 2022 14:20:08 +0200 Subject: [PATCH 12/15] kernel: Allow passing the URL to download the tarball MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Passing the URL to be used to download the kernel tarball is useful in various scenarios, mainly when doing a downstream build, thus let's add this new option. This new option also works around a known issue of the Dockerfile used to build the kernel not having `yq` installed. Fixes: #4629 Signed-off-by: Fabiano Fidêncio --- tools/packaging/kernel/build-kernel.sh | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/tools/packaging/kernel/build-kernel.sh b/tools/packaging/kernel/build-kernel.sh index d3a3be9ea8..837dfd67a6 100755 --- a/tools/packaging/kernel/build-kernel.sh +++ b/tools/packaging/kernel/build-kernel.sh @@ -59,6 +59,8 @@ skip_config_checks="false" DESTDIR="${DESTDIR:-/}" #PREFIX= PREFIX="${PREFIX:-/usr}" +#Kernel URL +kernel_url="" packaging_scripts_dir="${script_dir}/../scripts" source "${packaging_scripts_dir}/lib.sh" @@ -97,6 +99,7 @@ Options: -p : Path to a directory with patches to apply to kernel. -s : Skip .config checks -t : Hypervisor_target. + -u : Kernel URL to be used to download the kernel tarball. -v : Kernel version to use if kernel path not provided. -x : Confidential guest protection type, such as sev and tdx EOF @@ -123,7 +126,7 @@ get_tee_kernel() { mkdir -p ${kernel_path} - kernel_url=$(get_from_kata_deps "assets.kernel.${tee}.url") + [ -z "${kernel_url}" ] && kernel_url=$(get_from_kata_deps "assets.kernel.${tee}.url") kernel_tarball="${version}.tar.gz" if [ ! -f "${kernel_tarball}" ]; then @@ -468,7 +471,7 @@ install_kata() { } main() { - while getopts "a:b:c:deEfg:hk:p:t:v:x:" opt; do + while getopts "a:b:c:deEfg:hk:p:t:u:v:x:" opt; do case "$opt" in a) arch_target="${OPTARG}" @@ -511,6 +514,9 @@ main() { t) hypervisor_target="${OPTARG}" ;; + u) + kernel_url="${OPTARG}" + ;; v) kernel_version="${OPTARG}" ;; From 201ff223f6d59f84157972c467579f11a83b2472 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Tue, 12 Jul 2022 14:12:34 +0200 Subject: [PATCH 13/15] packaging: Use the $BUILD_SUFFIX when renaming the qemu binary MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Instead of always naming the binary as "-experimental", let's take advantage of the $BUILD_SUFFIX that's already passed and correctly name the binary according to it. Fixes: #4638 Signed-off-by: Fabiano Fidêncio --- tools/packaging/static-build/scripts/qemu-build-post.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/packaging/static-build/scripts/qemu-build-post.sh b/tools/packaging/static-build/scripts/qemu-build-post.sh index 1b10b2aa0a..4ce4e046c5 100755 --- a/tools/packaging/static-build/scripts/qemu-build-post.sh +++ b/tools/packaging/static-build/scripts/qemu-build-post.sh @@ -25,9 +25,9 @@ done if [[ -n "${BUILD_SUFFIX}" ]]; then echo "Rename binaries using $BUILD_SUFFIX" - find -name 'qemu-system-*' -exec mv {} {}-experimental \; + find -name 'qemu-system-*' -exec mv {} {}-$BUILD_SUFFIX \; if [[ ${ARCH} != "x86_64" ]]; then - find -name 'virtiofsd' -exec mv {} {}-experimental \; + find -name 'virtiofsd' -exec mv {} {}-$BUILD_SUFFIX \; fi fi From dc3b6f6592c0d1e9e498a1bb87b2e13e5dde80bb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Tue, 12 Jul 2022 14:33:57 +0000 Subject: [PATCH 14/15] versions: Update Cloud Hypervisor to v25.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cloud Hypervisor v25.0 has been released on July 7th, 2022, and brings the following changes: **ch-remote Improvements** The ch-remote command has gained support for creating the VM from a JSON config and support for booting and deleting the VM from the VMM. **VM "Coredump" Support** Under the guest_debug feature flag it is now possible to extract the memory of the guest for use in debugging with e.g. the crash utility. (https://github.com/cloud-hypervisor/cloud-hypervisor/issues/4012) **Notable Bug Fixes** * Always restore console mode on exit (https://github.com/cloud-hypervisor/cloud-hypervisor/issues/4249, https://github.com/cloud-hypervisor/cloud-hypervisor/issues/4248) * Restore vCPUs in numerical order which fixes aarch64 snapshot/restore (https://github.com/cloud-hypervisor/cloud-hypervisor/issues/4244) * Don't try and configure IFF_RUNNING on TAP devices (https://github.com/cloud-hypervisor/cloud-hypervisor/issues/4279) * Propagate configured queue size through to vhost-user backend (https://github.com/cloud-hypervisor/cloud-hypervisor/issues/4286) * Always Program vCPU CPUID before running the vCPU to fix running on Linux 5.16 (https://github.com/cloud-hypervisor/cloud-hypervisor/issues/4156) * Enable ACPI MADT "Online Capable" flag for hotpluggable vCPUs to fix newer Linux guest **Removals** The following functionality has been removed: * The mergeable option from the virtio-pmem support has been removed (https://github.com/cloud-hypervisor/cloud-hypervisor/issues/3968) * The dax option from the virtio-fs support has been removed (https://github.com/cloud-hypervisor/cloud-hypervisor/issues/3889) Fixes: #4641 Signed-off-by: Fabiano Fidêncio --- src/runtime/virtcontainers/clh.go | 5 +- .../client/.openapi-generator/FILES | 2 + .../pkg/cloud-hypervisor/client/README.md | 2 + .../cloud-hypervisor/client/api/openapi.yaml | 194 +++++++++--------- .../cloud-hypervisor/client/api_default.go | 100 +++++++++ .../client/docs/CpusConfig.md | 26 +++ .../client/docs/DefaultApi.md | 65 +++++- .../cloud-hypervisor/client/docs/FsConfig.md | 44 +--- .../client/docs/PmemConfig.md | 26 --- .../client/docs/VmCoredumpData.md | 56 +++++ .../client/model_cpus_config.go | 40 ++++ .../client/model_fs_config.go | 62 +----- .../client/model_pmem_config.go | 40 ---- .../client/model_vm_coredump_data.go | 113 ++++++++++ .../cloud-hypervisor/cloud-hypervisor.yaml | 39 ++-- versions.yaml | 2 +- 16 files changed, 533 insertions(+), 283 deletions(-) create mode 100644 src/runtime/virtcontainers/pkg/cloud-hypervisor/client/docs/VmCoredumpData.md create mode 100644 src/runtime/virtcontainers/pkg/cloud-hypervisor/client/model_vm_coredump_data.go diff --git a/src/runtime/virtcontainers/clh.go b/src/runtime/virtcontainers/clh.go index 73e09cfe69..82c03fa02a 100644 --- a/src/runtime/virtcontainers/clh.go +++ b/src/runtime/virtcontainers/clh.go @@ -1499,15 +1499,12 @@ func (clh *cloudHypervisor) addVolume(volume types.Volume) error { return err } - // disable DAX if VirtioFSCacheSize is 0 - dax := clh.config.VirtioFSCacheSize != 0 - // numQueues and queueSize are required, let's use the // default values defined by cloud-hypervisor numQueues := int32(1) queueSize := int32(1024) - fs := chclient.NewFsConfig(volume.MountTag, vfsdSockPath, numQueues, queueSize, dax, int64(clh.config.VirtioFSCacheSize<<20)) + fs := chclient.NewFsConfig(volume.MountTag, vfsdSockPath, numQueues, queueSize) clh.vmconfig.Fs = &[]chclient.FsConfig{*fs} clh.Logger().Debug("Adding share volume to hypervisor: ", volume.MountTag) diff --git a/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/.openapi-generator/FILES b/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/.openapi-generator/FILES index 7eb679fb27..0208bab30a 100644 --- a/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/.openapi-generator/FILES +++ b/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/.openapi-generator/FILES @@ -39,6 +39,7 @@ docs/TokenBucket.md docs/VdpaConfig.md docs/VmAddDevice.md docs/VmConfig.md +docs/VmCoredumpData.md docs/VmInfo.md docs/VmRemoveDevice.md docs/VmResize.md @@ -81,6 +82,7 @@ model_token_bucket.go model_vdpa_config.go model_vm_add_device.go model_vm_config.go +model_vm_coredump_data.go model_vm_info.go model_vm_remove_device.go model_vm_resize.go diff --git a/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/README.md b/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/README.md index 2e12b424c5..ad0b5ec5c6 100644 --- a/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/README.md +++ b/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/README.md @@ -94,6 +94,7 @@ Class | Method | HTTP request | Description *DefaultApi* | [**VmAddPmemPut**](docs/DefaultApi.md#vmaddpmemput) | **Put** /vm.add-pmem | Add a new pmem device to the VM *DefaultApi* | [**VmAddVdpaPut**](docs/DefaultApi.md#vmaddvdpaput) | **Put** /vm.add-vdpa | Add a new vDPA device to the VM *DefaultApi* | [**VmAddVsockPut**](docs/DefaultApi.md#vmaddvsockput) | **Put** /vm.add-vsock | Add a new vsock device to the VM +*DefaultApi* | [**VmCoredumpPut**](docs/DefaultApi.md#vmcoredumpput) | **Put** /vm.coredump | Takes a VM coredump. *DefaultApi* | [**VmCountersGet**](docs/DefaultApi.md#vmcountersget) | **Get** /vm.counters | Get counters from the VM *DefaultApi* | [**VmInfoGet**](docs/DefaultApi.md#vminfoget) | **Get** /vm.info | Returns general information about the cloud-hypervisor Virtual Machine (VM) instance. *DefaultApi* | [**VmReceiveMigrationPut**](docs/DefaultApi.md#vmreceivemigrationput) | **Put** /vm.receive-migration | Receive a VM migration from URL @@ -140,6 +141,7 @@ Class | Method | HTTP request | Description - [VdpaConfig](docs/VdpaConfig.md) - [VmAddDevice](docs/VmAddDevice.md) - [VmConfig](docs/VmConfig.md) + - [VmCoredumpData](docs/VmCoredumpData.md) - [VmInfo](docs/VmInfo.md) - [VmRemoveDevice](docs/VmRemoveDevice.md) - [VmResize](docs/VmResize.md) diff --git a/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/api/openapi.yaml b/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/api/openapi.yaml index 4687c425e8..a99e14a745 100644 --- a/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/api/openapi.yaml +++ b/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/api/openapi.yaml @@ -347,6 +347,23 @@ paths: description: The VM instance could not be snapshotted because it is not booted. summary: Returns a VM snapshot. + /vm.coredump: + put: + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/VmCoredumpData' + description: The coredump configuration + required: true + responses: + "204": + description: The VM instance was successfully coredumped. + "404": + description: The VM instance could not be coredumped because it is not created. + "405": + description: The VM instance could not be coredumped because it is not booted. + summary: Takes a VM coredump. /vm.restore: put: requestBody: @@ -408,7 +425,7 @@ components: VmInfo: description: Virtual Machine information example: - memory_actual_size: 7 + memory_actual_size: 3 state: Created config: console: @@ -496,6 +513,7 @@ components: cpus: features: amx: true + kvm_hyperv: false topology: dies_per_package: 5 threads_per_core: 1 @@ -514,58 +532,58 @@ components: - 3 - 3 devices: - - pci_segment: 3 + - pci_segment: 6 path: path iommu: false id: id - - pci_segment: 3 + - pci_segment: 6 path: path iommu: false id: id kernel: path: path vdpa: - - pci_segment: 7 + - pci_segment: 3 path: path num_queues: 3 iommu: false id: id - - pci_segment: 7 + - pci_segment: 3 path: path num_queues: 3 iommu: false id: id numa: - distances: - - distance: 7 - destination: 8 - - distance: 7 - destination: 8 + - distance: 8 + destination: 4 + - distance: 8 + destination: 4 cpus: - - 4 - - 4 + - 0 + - 0 sgx_epc_sections: - sgx_epc_sections - sgx_epc_sections memory_zones: - memory_zones - memory_zones - guest_numa_id: 0 + guest_numa_id: 6 - distances: - - distance: 7 - destination: 8 - - distance: 7 - destination: 8 + - distance: 8 + destination: 4 + - distance: 8 + destination: 4 cpus: - - 4 - - 4 + - 0 + - 0 sgx_epc_sections: - sgx_epc_sections - sgx_epc_sections memory_zones: - memory_zones - memory_zones - guest_numa_id: 0 + guest_numa_id: 6 tdx: firmware: firmware rng: @@ -573,30 +591,26 @@ components: src: /dev/urandom sgx_epc: - prefault: false - size: 6 + size: 7 id: id - prefault: false - size: 6 + size: 7 id: id fs: - pci_segment: 6 num_queues: 1 queue_size: 2 - cache_size: 6 - dax: true tag: tag socket: socket id: id - pci_segment: 6 num_queues: 1 queue_size: 2 - cache_size: 6 - dax: true tag: tag socket: socket id: id vsock: - pci_segment: 7 + pci_segment: 0 iommu: false socket: socket id: id @@ -605,20 +619,18 @@ components: iommu_segments: - 3 - 3 - num_pci_segments: 3 + num_pci_segments: 7 serial_number: serial_number pmem: - - pci_segment: 6 - mergeable: false + - pci_segment: 5 file: file - size: 5 + size: 6 iommu: false id: id discard_writes: false - - pci_segment: 6 - mergeable: false + - pci_segment: 5 file: file - size: 5 + size: 6 iommu: false id: id discard_writes: false @@ -839,6 +851,7 @@ components: cpus: features: amx: true + kvm_hyperv: false topology: dies_per_package: 5 threads_per_core: 1 @@ -857,58 +870,58 @@ components: - 3 - 3 devices: - - pci_segment: 3 + - pci_segment: 6 path: path iommu: false id: id - - pci_segment: 3 + - pci_segment: 6 path: path iommu: false id: id kernel: path: path vdpa: - - pci_segment: 7 + - pci_segment: 3 path: path num_queues: 3 iommu: false id: id - - pci_segment: 7 + - pci_segment: 3 path: path num_queues: 3 iommu: false id: id numa: - distances: - - distance: 7 - destination: 8 - - distance: 7 - destination: 8 + - distance: 8 + destination: 4 + - distance: 8 + destination: 4 cpus: - - 4 - - 4 + - 0 + - 0 sgx_epc_sections: - sgx_epc_sections - sgx_epc_sections memory_zones: - memory_zones - memory_zones - guest_numa_id: 0 + guest_numa_id: 6 - distances: - - distance: 7 - destination: 8 - - distance: 7 - destination: 8 + - distance: 8 + destination: 4 + - distance: 8 + destination: 4 cpus: - - 4 - - 4 + - 0 + - 0 sgx_epc_sections: - sgx_epc_sections - sgx_epc_sections memory_zones: - memory_zones - memory_zones - guest_numa_id: 0 + guest_numa_id: 6 tdx: firmware: firmware rng: @@ -916,30 +929,26 @@ components: src: /dev/urandom sgx_epc: - prefault: false - size: 6 + size: 7 id: id - prefault: false - size: 6 + size: 7 id: id fs: - pci_segment: 6 num_queues: 1 queue_size: 2 - cache_size: 6 - dax: true tag: tag socket: socket id: id - pci_segment: 6 num_queues: 1 queue_size: 2 - cache_size: 6 - dax: true tag: tag socket: socket id: id vsock: - pci_segment: 7 + pci_segment: 0 iommu: false socket: socket id: id @@ -948,20 +957,18 @@ components: iommu_segments: - 3 - 3 - num_pci_segments: 3 + num_pci_segments: 7 serial_number: serial_number pmem: - - pci_segment: 6 - mergeable: false + - pci_segment: 5 file: file - size: 5 + size: 6 iommu: false id: id discard_writes: false - - pci_segment: 6 - mergeable: false + - pci_segment: 5 file: file - size: 5 + size: 6 iommu: false id: id discard_writes: false @@ -1125,6 +1132,7 @@ components: example: features: amx: true + kvm_hyperv: false topology: dies_per_package: 5 threads_per_core: 1 @@ -1153,6 +1161,9 @@ components: type: integer topology: $ref: '#/components/schemas/CpuTopology' + kvm_hyperv: + default: false + type: boolean max_phys_bits: type: integer affinity: @@ -1170,7 +1181,7 @@ components: iommu_segments: - 3 - 3 - num_pci_segments: 3 + num_pci_segments: 7 serial_number: serial_number properties: num_pci_segments: @@ -1538,8 +1549,6 @@ components: pci_segment: 6 num_queues: 1 queue_size: 2 - cache_size: 6 - dax: true tag: tag socket: socket id: id @@ -1554,20 +1563,12 @@ components: queue_size: default: 1024 type: integer - dax: - default: true - type: boolean - cache_size: - format: int64 - type: integer pci_segment: format: int16 type: integer id: type: string required: - - cache_size - - dax - num_queues - queue_size - socket @@ -1575,10 +1576,9 @@ components: type: object PmemConfig: example: - pci_segment: 6 - mergeable: false + pci_segment: 5 file: file - size: 5 + size: 6 iommu: false id: id discard_writes: false @@ -1591,9 +1591,6 @@ components: iommu: default: false type: boolean - mergeable: - default: false - type: boolean discard_writes: default: false type: boolean @@ -1629,7 +1626,7 @@ components: type: object DeviceConfig: example: - pci_segment: 3 + pci_segment: 6 path: path iommu: false id: id @@ -1649,7 +1646,7 @@ components: type: object VdpaConfig: example: - pci_segment: 7 + pci_segment: 3 path: path num_queues: 3 iommu: false @@ -1674,7 +1671,7 @@ components: type: object VsockConfig: example: - pci_segment: 7 + pci_segment: 0 iommu: false socket: socket id: id @@ -1703,7 +1700,7 @@ components: SgxEpcConfig: example: prefault: false - size: 6 + size: 7 id: id properties: id: @@ -1731,8 +1728,8 @@ components: type: object NumaDistance: example: - distance: 7 - destination: 8 + distance: 8 + destination: 4 properties: destination: format: int32 @@ -1747,20 +1744,20 @@ components: NumaConfig: example: distances: - - distance: 7 - destination: 8 - - distance: 7 - destination: 8 + - distance: 8 + destination: 4 + - distance: 8 + destination: 4 cpus: - - 4 - - 4 + - 0 + - 0 sgx_epc_sections: - sgx_epc_sections - sgx_epc_sections memory_zones: - memory_zones - memory_zones - guest_numa_id: 0 + guest_numa_id: 6 properties: guest_numa_id: format: int32 @@ -1843,6 +1840,13 @@ components: destination_url: type: string type: object + VmCoredumpData: + example: + destination_url: destination_url + properties: + destination_url: + type: string + type: object RestoreConfig: example: prefault: true diff --git a/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/api_default.go b/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/api_default.go index 183bac46b9..ad96f6b420 100644 --- a/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/api_default.go +++ b/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/api_default.go @@ -1607,6 +1607,106 @@ func (a *DefaultApiService) VmAddVsockPutExecute(r ApiVmAddVsockPutRequest) (Pci return localVarReturnValue, localVarHTTPResponse, nil } +type ApiVmCoredumpPutRequest struct { + ctx _context.Context + ApiService *DefaultApiService + vmCoredumpData *VmCoredumpData +} + +// The coredump configuration +func (r ApiVmCoredumpPutRequest) VmCoredumpData(vmCoredumpData VmCoredumpData) ApiVmCoredumpPutRequest { + r.vmCoredumpData = &vmCoredumpData + return r +} + +func (r ApiVmCoredumpPutRequest) Execute() (*_nethttp.Response, error) { + return r.ApiService.VmCoredumpPutExecute(r) +} + +/* +VmCoredumpPut Takes a VM coredump. + + @param ctx _context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + @return ApiVmCoredumpPutRequest +*/ +func (a *DefaultApiService) VmCoredumpPut(ctx _context.Context) ApiVmCoredumpPutRequest { + return ApiVmCoredumpPutRequest{ + ApiService: a, + ctx: ctx, + } +} + +// Execute executes the request +func (a *DefaultApiService) VmCoredumpPutExecute(r ApiVmCoredumpPutRequest) (*_nethttp.Response, error) { + var ( + localVarHTTPMethod = _nethttp.MethodPut + localVarPostBody interface{} + localVarFormFileName string + localVarFileName string + localVarFileBytes []byte + ) + + localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "DefaultApiService.VmCoredumpPut") + if err != nil { + return nil, GenericOpenAPIError{error: err.Error()} + } + + localVarPath := localBasePath + "/vm.coredump" + + localVarHeaderParams := make(map[string]string) + localVarQueryParams := _neturl.Values{} + localVarFormParams := _neturl.Values{} + if r.vmCoredumpData == nil { + return nil, reportError("vmCoredumpData is required and must be specified") + } + + // to determine the Content-Type header + localVarHTTPContentTypes := []string{"application/json"} + + // set Content-Type header + localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes) + if localVarHTTPContentType != "" { + localVarHeaderParams["Content-Type"] = localVarHTTPContentType + } + + // to determine the Accept header + localVarHTTPHeaderAccepts := []string{} + + // set Accept header + localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts) + if localVarHTTPHeaderAccept != "" { + localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept + } + // body params + localVarPostBody = r.vmCoredumpData + req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, localVarFormFileName, localVarFileName, localVarFileBytes) + if err != nil { + return nil, err + } + + localVarHTTPResponse, err := a.client.callAPI(req) + if err != nil || localVarHTTPResponse == nil { + return localVarHTTPResponse, err + } + + localVarBody, err := _ioutil.ReadAll(localVarHTTPResponse.Body) + localVarHTTPResponse.Body.Close() + localVarHTTPResponse.Body = _ioutil.NopCloser(bytes.NewBuffer(localVarBody)) + if err != nil { + return localVarHTTPResponse, err + } + + if localVarHTTPResponse.StatusCode >= 300 { + newErr := GenericOpenAPIError{ + body: localVarBody, + error: localVarHTTPResponse.Status, + } + return localVarHTTPResponse, newErr + } + + return localVarHTTPResponse, nil +} + type ApiVmCountersGetRequest struct { ctx _context.Context ApiService *DefaultApiService diff --git a/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/docs/CpusConfig.md b/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/docs/CpusConfig.md index 8514e696fc..ca5571d95c 100644 --- a/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/docs/CpusConfig.md +++ b/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/docs/CpusConfig.md @@ -7,6 +7,7 @@ Name | Type | Description | Notes **BootVcpus** | **int32** | | [default to 1] **MaxVcpus** | **int32** | | [default to 1] **Topology** | Pointer to [**CpuTopology**](CpuTopology.md) | | [optional] +**KvmHyperv** | Pointer to **bool** | | [optional] [default to false] **MaxPhysBits** | Pointer to **int32** | | [optional] **Affinity** | Pointer to [**[]CpuAffinity**](CpuAffinity.md) | | [optional] **Features** | Pointer to [**CpuFeatures**](CpuFeatures.md) | | [optional] @@ -95,6 +96,31 @@ SetTopology sets Topology field to given value. HasTopology returns a boolean if a field has been set. +### GetKvmHyperv + +`func (o *CpusConfig) GetKvmHyperv() bool` + +GetKvmHyperv returns the KvmHyperv field if non-nil, zero value otherwise. + +### GetKvmHypervOk + +`func (o *CpusConfig) GetKvmHypervOk() (*bool, bool)` + +GetKvmHypervOk returns a tuple with the KvmHyperv field if it's non-nil, zero value otherwise +and a boolean to check if the value has been set. + +### SetKvmHyperv + +`func (o *CpusConfig) SetKvmHyperv(v bool)` + +SetKvmHyperv sets KvmHyperv field to given value. + +### HasKvmHyperv + +`func (o *CpusConfig) HasKvmHyperv() bool` + +HasKvmHyperv returns a boolean if a field has been set. + ### GetMaxPhysBits `func (o *CpusConfig) GetMaxPhysBits() int32` diff --git a/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/docs/DefaultApi.md b/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/docs/DefaultApi.md index b6e339559d..8f5b8e76d3 100644 --- a/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/docs/DefaultApi.md +++ b/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/docs/DefaultApi.md @@ -20,6 +20,7 @@ Method | HTTP request | Description [**VmAddPmemPut**](DefaultApi.md#VmAddPmemPut) | **Put** /vm.add-pmem | Add a new pmem device to the VM [**VmAddVdpaPut**](DefaultApi.md#VmAddVdpaPut) | **Put** /vm.add-vdpa | Add a new vDPA device to the VM [**VmAddVsockPut**](DefaultApi.md#VmAddVsockPut) | **Put** /vm.add-vsock | Add a new vsock device to the VM +[**VmCoredumpPut**](DefaultApi.md#VmCoredumpPut) | **Put** /vm.coredump | Takes a VM coredump. [**VmCountersGet**](DefaultApi.md#VmCountersGet) | **Get** /vm.counters | Get counters from the VM [**VmInfoGet**](DefaultApi.md#VmInfoGet) | **Get** /vm.info | Returns general information about the cloud-hypervisor Virtual Machine (VM) instance. [**VmReceiveMigrationPut**](DefaultApi.md#VmReceiveMigrationPut) | **Put** /vm.receive-migration | Receive a VM migration from URL @@ -698,7 +699,7 @@ import ( ) func main() { - fsConfig := *openapiclient.NewFsConfig("Tag_example", "Socket_example", int32(123), int32(123), false, int64(123)) // FsConfig | The details of the new virtio-fs + fsConfig := *openapiclient.NewFsConfig("Tag_example", "Socket_example", int32(123), int32(123)) // FsConfig | The details of the new virtio-fs configuration := openapiclient.NewConfiguration() api_client := openapiclient.NewAPIClient(configuration) @@ -999,6 +1000,68 @@ No authorization required [[Back to README]](../README.md) +## VmCoredumpPut + +> VmCoredumpPut(ctx).VmCoredumpData(vmCoredumpData).Execute() + +Takes a VM coredump. + +### Example + +```go +package main + +import ( + "context" + "fmt" + "os" + openapiclient "./openapi" +) + +func main() { + vmCoredumpData := *openapiclient.NewVmCoredumpData() // VmCoredumpData | The coredump configuration + + configuration := openapiclient.NewConfiguration() + api_client := openapiclient.NewAPIClient(configuration) + resp, r, err := api_client.DefaultApi.VmCoredumpPut(context.Background()).VmCoredumpData(vmCoredumpData).Execute() + if err != nil { + fmt.Fprintf(os.Stderr, "Error when calling `DefaultApi.VmCoredumpPut``: %v\n", err) + fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r) + } +} +``` + +### Path Parameters + + + +### Other Parameters + +Other parameters are passed through a pointer to a apiVmCoredumpPutRequest struct via the builder pattern + + +Name | Type | Description | Notes +------------- | ------------- | ------------- | ------------- + **vmCoredumpData** | [**VmCoredumpData**](VmCoredumpData.md) | The coredump configuration | + +### Return type + + (empty response body) + +### Authorization + +No authorization required + +### HTTP request headers + +- **Content-Type**: application/json +- **Accept**: Not defined + +[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) +[[Back to Model list]](../README.md#documentation-for-models) +[[Back to README]](../README.md) + + ## VmCountersGet > map[string]map[string]int64 VmCountersGet(ctx).Execute() diff --git a/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/docs/FsConfig.md b/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/docs/FsConfig.md index daf24d2bc0..6979bf128e 100644 --- a/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/docs/FsConfig.md +++ b/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/docs/FsConfig.md @@ -8,8 +8,6 @@ Name | Type | Description | Notes **Socket** | **string** | | **NumQueues** | **int32** | | [default to 1] **QueueSize** | **int32** | | [default to 1024] -**Dax** | **bool** | | [default to true] -**CacheSize** | **int64** | | **PciSegment** | Pointer to **int32** | | [optional] **Id** | Pointer to **string** | | [optional] @@ -17,7 +15,7 @@ Name | Type | Description | Notes ### NewFsConfig -`func NewFsConfig(tag string, socket string, numQueues int32, queueSize int32, dax bool, cacheSize int64, ) *FsConfig` +`func NewFsConfig(tag string, socket string, numQueues int32, queueSize int32, ) *FsConfig` NewFsConfig instantiates a new FsConfig object This constructor will assign default values to properties that have it defined, @@ -112,46 +110,6 @@ and a boolean to check if the value has been set. SetQueueSize sets QueueSize field to given value. -### GetDax - -`func (o *FsConfig) GetDax() bool` - -GetDax returns the Dax field if non-nil, zero value otherwise. - -### GetDaxOk - -`func (o *FsConfig) GetDaxOk() (*bool, bool)` - -GetDaxOk returns a tuple with the Dax field if it's non-nil, zero value otherwise -and a boolean to check if the value has been set. - -### SetDax - -`func (o *FsConfig) SetDax(v bool)` - -SetDax sets Dax field to given value. - - -### GetCacheSize - -`func (o *FsConfig) GetCacheSize() int64` - -GetCacheSize returns the CacheSize field if non-nil, zero value otherwise. - -### GetCacheSizeOk - -`func (o *FsConfig) GetCacheSizeOk() (*int64, bool)` - -GetCacheSizeOk returns a tuple with the CacheSize field if it's non-nil, zero value otherwise -and a boolean to check if the value has been set. - -### SetCacheSize - -`func (o *FsConfig) SetCacheSize(v int64)` - -SetCacheSize sets CacheSize field to given value. - - ### GetPciSegment `func (o *FsConfig) GetPciSegment() int32` diff --git a/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/docs/PmemConfig.md b/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/docs/PmemConfig.md index 82f206551c..f15170cfb1 100644 --- a/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/docs/PmemConfig.md +++ b/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/docs/PmemConfig.md @@ -7,7 +7,6 @@ Name | Type | Description | Notes **File** | **string** | | **Size** | Pointer to **int64** | | [optional] **Iommu** | Pointer to **bool** | | [optional] [default to false] -**Mergeable** | Pointer to **bool** | | [optional] [default to false] **DiscardWrites** | Pointer to **bool** | | [optional] [default to false] **PciSegment** | Pointer to **int32** | | [optional] **Id** | Pointer to **string** | | [optional] @@ -101,31 +100,6 @@ SetIommu sets Iommu field to given value. HasIommu returns a boolean if a field has been set. -### GetMergeable - -`func (o *PmemConfig) GetMergeable() bool` - -GetMergeable returns the Mergeable field if non-nil, zero value otherwise. - -### GetMergeableOk - -`func (o *PmemConfig) GetMergeableOk() (*bool, bool)` - -GetMergeableOk returns a tuple with the Mergeable field if it's non-nil, zero value otherwise -and a boolean to check if the value has been set. - -### SetMergeable - -`func (o *PmemConfig) SetMergeable(v bool)` - -SetMergeable sets Mergeable field to given value. - -### HasMergeable - -`func (o *PmemConfig) HasMergeable() bool` - -HasMergeable returns a boolean if a field has been set. - ### GetDiscardWrites `func (o *PmemConfig) GetDiscardWrites() bool` diff --git a/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/docs/VmCoredumpData.md b/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/docs/VmCoredumpData.md new file mode 100644 index 0000000000..581874940b --- /dev/null +++ b/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/docs/VmCoredumpData.md @@ -0,0 +1,56 @@ +# VmCoredumpData + +## Properties + +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**DestinationUrl** | Pointer to **string** | | [optional] + +## Methods + +### NewVmCoredumpData + +`func NewVmCoredumpData() *VmCoredumpData` + +NewVmCoredumpData instantiates a new VmCoredumpData object +This constructor will assign default values to properties that have it defined, +and makes sure properties required by API are set, but the set of arguments +will change when the set of required properties is changed + +### NewVmCoredumpDataWithDefaults + +`func NewVmCoredumpDataWithDefaults() *VmCoredumpData` + +NewVmCoredumpDataWithDefaults instantiates a new VmCoredumpData object +This constructor will only assign default values to properties that have it defined, +but it doesn't guarantee that properties required by API are set + +### GetDestinationUrl + +`func (o *VmCoredumpData) GetDestinationUrl() string` + +GetDestinationUrl returns the DestinationUrl field if non-nil, zero value otherwise. + +### GetDestinationUrlOk + +`func (o *VmCoredumpData) GetDestinationUrlOk() (*string, bool)` + +GetDestinationUrlOk returns a tuple with the DestinationUrl field if it's non-nil, zero value otherwise +and a boolean to check if the value has been set. + +### SetDestinationUrl + +`func (o *VmCoredumpData) SetDestinationUrl(v string)` + +SetDestinationUrl sets DestinationUrl field to given value. + +### HasDestinationUrl + +`func (o *VmCoredumpData) HasDestinationUrl() bool` + +HasDestinationUrl returns a boolean if a field has been set. + + +[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) + + diff --git a/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/model_cpus_config.go b/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/model_cpus_config.go index cbcd4e034d..9578f2db19 100644 --- a/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/model_cpus_config.go +++ b/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/model_cpus_config.go @@ -19,6 +19,7 @@ type CpusConfig struct { BootVcpus int32 `json:"boot_vcpus"` MaxVcpus int32 `json:"max_vcpus"` Topology *CpuTopology `json:"topology,omitempty"` + KvmHyperv *bool `json:"kvm_hyperv,omitempty"` MaxPhysBits *int32 `json:"max_phys_bits,omitempty"` Affinity *[]CpuAffinity `json:"affinity,omitempty"` Features *CpuFeatures `json:"features,omitempty"` @@ -32,6 +33,8 @@ func NewCpusConfig(bootVcpus int32, maxVcpus int32) *CpusConfig { this := CpusConfig{} this.BootVcpus = bootVcpus this.MaxVcpus = maxVcpus + var kvmHyperv bool = false + this.KvmHyperv = &kvmHyperv return &this } @@ -44,6 +47,8 @@ func NewCpusConfigWithDefaults() *CpusConfig { this.BootVcpus = bootVcpus var maxVcpus int32 = 1 this.MaxVcpus = maxVcpus + var kvmHyperv bool = false + this.KvmHyperv = &kvmHyperv return &this } @@ -127,6 +132,38 @@ func (o *CpusConfig) SetTopology(v CpuTopology) { o.Topology = &v } +// GetKvmHyperv returns the KvmHyperv field value if set, zero value otherwise. +func (o *CpusConfig) GetKvmHyperv() bool { + if o == nil || o.KvmHyperv == nil { + var ret bool + return ret + } + return *o.KvmHyperv +} + +// GetKvmHypervOk returns a tuple with the KvmHyperv field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *CpusConfig) GetKvmHypervOk() (*bool, bool) { + if o == nil || o.KvmHyperv == nil { + return nil, false + } + return o.KvmHyperv, true +} + +// HasKvmHyperv returns a boolean if a field has been set. +func (o *CpusConfig) HasKvmHyperv() bool { + if o != nil && o.KvmHyperv != nil { + return true + } + + return false +} + +// SetKvmHyperv gets a reference to the given bool and assigns it to the KvmHyperv field. +func (o *CpusConfig) SetKvmHyperv(v bool) { + o.KvmHyperv = &v +} + // GetMaxPhysBits returns the MaxPhysBits field value if set, zero value otherwise. func (o *CpusConfig) GetMaxPhysBits() int32 { if o == nil || o.MaxPhysBits == nil { @@ -234,6 +271,9 @@ func (o CpusConfig) MarshalJSON() ([]byte, error) { if o.Topology != nil { toSerialize["topology"] = o.Topology } + if o.KvmHyperv != nil { + toSerialize["kvm_hyperv"] = o.KvmHyperv + } if o.MaxPhysBits != nil { toSerialize["max_phys_bits"] = o.MaxPhysBits } diff --git a/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/model_fs_config.go b/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/model_fs_config.go index 7e43990770..0b1bd40c81 100644 --- a/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/model_fs_config.go +++ b/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/model_fs_config.go @@ -20,8 +20,6 @@ type FsConfig struct { Socket string `json:"socket"` NumQueues int32 `json:"num_queues"` QueueSize int32 `json:"queue_size"` - Dax bool `json:"dax"` - CacheSize int64 `json:"cache_size"` PciSegment *int32 `json:"pci_segment,omitempty"` Id *string `json:"id,omitempty"` } @@ -30,14 +28,12 @@ type FsConfig struct { // This constructor will assign default values to properties that have it defined, // and makes sure properties required by API are set, but the set of arguments // will change when the set of required properties is changed -func NewFsConfig(tag string, socket string, numQueues int32, queueSize int32, dax bool, cacheSize int64) *FsConfig { +func NewFsConfig(tag string, socket string, numQueues int32, queueSize int32) *FsConfig { this := FsConfig{} this.Tag = tag this.Socket = socket this.NumQueues = numQueues this.QueueSize = queueSize - this.Dax = dax - this.CacheSize = cacheSize return &this } @@ -50,8 +46,6 @@ func NewFsConfigWithDefaults() *FsConfig { this.NumQueues = numQueues var queueSize int32 = 1024 this.QueueSize = queueSize - var dax bool = true - this.Dax = dax return &this } @@ -151,54 +145,6 @@ func (o *FsConfig) SetQueueSize(v int32) { o.QueueSize = v } -// GetDax returns the Dax field value -func (o *FsConfig) GetDax() bool { - if o == nil { - var ret bool - return ret - } - - return o.Dax -} - -// GetDaxOk returns a tuple with the Dax field value -// and a boolean to check if the value has been set. -func (o *FsConfig) GetDaxOk() (*bool, bool) { - if o == nil { - return nil, false - } - return &o.Dax, true -} - -// SetDax sets field value -func (o *FsConfig) SetDax(v bool) { - o.Dax = v -} - -// GetCacheSize returns the CacheSize field value -func (o *FsConfig) GetCacheSize() int64 { - if o == nil { - var ret int64 - return ret - } - - return o.CacheSize -} - -// GetCacheSizeOk returns a tuple with the CacheSize field value -// and a boolean to check if the value has been set. -func (o *FsConfig) GetCacheSizeOk() (*int64, bool) { - if o == nil { - return nil, false - } - return &o.CacheSize, true -} - -// SetCacheSize sets field value -func (o *FsConfig) SetCacheSize(v int64) { - o.CacheSize = v -} - // GetPciSegment returns the PciSegment field value if set, zero value otherwise. func (o *FsConfig) GetPciSegment() int32 { if o == nil || o.PciSegment == nil { @@ -277,12 +223,6 @@ func (o FsConfig) MarshalJSON() ([]byte, error) { if true { toSerialize["queue_size"] = o.QueueSize } - if true { - toSerialize["dax"] = o.Dax - } - if true { - toSerialize["cache_size"] = o.CacheSize - } if o.PciSegment != nil { toSerialize["pci_segment"] = o.PciSegment } diff --git a/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/model_pmem_config.go b/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/model_pmem_config.go index 69f45732f9..5a4d77653f 100644 --- a/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/model_pmem_config.go +++ b/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/model_pmem_config.go @@ -19,7 +19,6 @@ type PmemConfig struct { File string `json:"file"` Size *int64 `json:"size,omitempty"` Iommu *bool `json:"iommu,omitempty"` - Mergeable *bool `json:"mergeable,omitempty"` DiscardWrites *bool `json:"discard_writes,omitempty"` PciSegment *int32 `json:"pci_segment,omitempty"` Id *string `json:"id,omitempty"` @@ -34,8 +33,6 @@ func NewPmemConfig(file string) *PmemConfig { this.File = file var iommu bool = false this.Iommu = &iommu - var mergeable bool = false - this.Mergeable = &mergeable var discardWrites bool = false this.DiscardWrites = &discardWrites return &this @@ -48,8 +45,6 @@ func NewPmemConfigWithDefaults() *PmemConfig { this := PmemConfig{} var iommu bool = false this.Iommu = &iommu - var mergeable bool = false - this.Mergeable = &mergeable var discardWrites bool = false this.DiscardWrites = &discardWrites return &this @@ -143,38 +138,6 @@ func (o *PmemConfig) SetIommu(v bool) { o.Iommu = &v } -// GetMergeable returns the Mergeable field value if set, zero value otherwise. -func (o *PmemConfig) GetMergeable() bool { - if o == nil || o.Mergeable == nil { - var ret bool - return ret - } - return *o.Mergeable -} - -// GetMergeableOk returns a tuple with the Mergeable field value if set, nil otherwise -// and a boolean to check if the value has been set. -func (o *PmemConfig) GetMergeableOk() (*bool, bool) { - if o == nil || o.Mergeable == nil { - return nil, false - } - return o.Mergeable, true -} - -// HasMergeable returns a boolean if a field has been set. -func (o *PmemConfig) HasMergeable() bool { - if o != nil && o.Mergeable != nil { - return true - } - - return false -} - -// SetMergeable gets a reference to the given bool and assigns it to the Mergeable field. -func (o *PmemConfig) SetMergeable(v bool) { - o.Mergeable = &v -} - // GetDiscardWrites returns the DiscardWrites field value if set, zero value otherwise. func (o *PmemConfig) GetDiscardWrites() bool { if o == nil || o.DiscardWrites == nil { @@ -282,9 +245,6 @@ func (o PmemConfig) MarshalJSON() ([]byte, error) { if o.Iommu != nil { toSerialize["iommu"] = o.Iommu } - if o.Mergeable != nil { - toSerialize["mergeable"] = o.Mergeable - } if o.DiscardWrites != nil { toSerialize["discard_writes"] = o.DiscardWrites } diff --git a/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/model_vm_coredump_data.go b/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/model_vm_coredump_data.go new file mode 100644 index 0000000000..cdde565854 --- /dev/null +++ b/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/model_vm_coredump_data.go @@ -0,0 +1,113 @@ +/* +Cloud Hypervisor API + +Local HTTP based API for managing and inspecting a cloud-hypervisor virtual machine. + +API version: 0.3.0 +*/ + +// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT. + +package openapi + +import ( + "encoding/json" +) + +// VmCoredumpData struct for VmCoredumpData +type VmCoredumpData struct { + DestinationUrl *string `json:"destination_url,omitempty"` +} + +// NewVmCoredumpData instantiates a new VmCoredumpData object +// This constructor will assign default values to properties that have it defined, +// and makes sure properties required by API are set, but the set of arguments +// will change when the set of required properties is changed +func NewVmCoredumpData() *VmCoredumpData { + this := VmCoredumpData{} + return &this +} + +// NewVmCoredumpDataWithDefaults instantiates a new VmCoredumpData object +// This constructor will only assign default values to properties that have it defined, +// but it doesn't guarantee that properties required by API are set +func NewVmCoredumpDataWithDefaults() *VmCoredumpData { + this := VmCoredumpData{} + return &this +} + +// GetDestinationUrl returns the DestinationUrl field value if set, zero value otherwise. +func (o *VmCoredumpData) GetDestinationUrl() string { + if o == nil || o.DestinationUrl == nil { + var ret string + return ret + } + return *o.DestinationUrl +} + +// GetDestinationUrlOk returns a tuple with the DestinationUrl field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *VmCoredumpData) GetDestinationUrlOk() (*string, bool) { + if o == nil || o.DestinationUrl == nil { + return nil, false + } + return o.DestinationUrl, true +} + +// HasDestinationUrl returns a boolean if a field has been set. +func (o *VmCoredumpData) HasDestinationUrl() bool { + if o != nil && o.DestinationUrl != nil { + return true + } + + return false +} + +// SetDestinationUrl gets a reference to the given string and assigns it to the DestinationUrl field. +func (o *VmCoredumpData) SetDestinationUrl(v string) { + o.DestinationUrl = &v +} + +func (o VmCoredumpData) MarshalJSON() ([]byte, error) { + toSerialize := map[string]interface{}{} + if o.DestinationUrl != nil { + toSerialize["destination_url"] = o.DestinationUrl + } + return json.Marshal(toSerialize) +} + +type NullableVmCoredumpData struct { + value *VmCoredumpData + isSet bool +} + +func (v NullableVmCoredumpData) Get() *VmCoredumpData { + return v.value +} + +func (v *NullableVmCoredumpData) Set(val *VmCoredumpData) { + v.value = val + v.isSet = true +} + +func (v NullableVmCoredumpData) IsSet() bool { + return v.isSet +} + +func (v *NullableVmCoredumpData) Unset() { + v.value = nil + v.isSet = false +} + +func NewNullableVmCoredumpData(val *VmCoredumpData) *NullableVmCoredumpData { + return &NullableVmCoredumpData{value: val, isSet: true} +} + +func (v NullableVmCoredumpData) MarshalJSON() ([]byte, error) { + return json.Marshal(v.value) +} + +func (v *NullableVmCoredumpData) UnmarshalJSON(src []byte) error { + v.isSet = true + return json.Unmarshal(src, &v.value) +} diff --git a/src/runtime/virtcontainers/pkg/cloud-hypervisor/cloud-hypervisor.yaml b/src/runtime/virtcontainers/pkg/cloud-hypervisor/cloud-hypervisor.yaml index 4c0cff139a..705293f1f3 100644 --- a/src/runtime/virtcontainers/pkg/cloud-hypervisor/cloud-hypervisor.yaml +++ b/src/runtime/virtcontainers/pkg/cloud-hypervisor/cloud-hypervisor.yaml @@ -366,6 +366,24 @@ paths: 405: description: The VM instance could not be snapshotted because it is not booted. + /vm.coredump: + put: + summary: Takes a VM coredump. + requestBody: + description: The coredump configuration + content: + application/json: + schema: + $ref: '#/components/schemas/VmCoredumpData' + required: true + responses: + 204: + description: The VM instance was successfully coredumped. + 404: + description: The VM instance could not be coredumped because it is not created. + 405: + description: The VM instance could not be coredumped because it is not booted. + /vm.restore: put: summary: Restore a VM from a snapshot. @@ -596,6 +614,9 @@ components: type: integer topology: $ref: '#/components/schemas/CpuTopology' + kvm_hyperv: + type: boolean + default: false max_phys_bits: type: integer affinity: @@ -870,8 +891,6 @@ components: FsConfig: required: - - cache_size - - dax - num_queues - queue_size - socket @@ -888,13 +907,6 @@ components: queue_size: type: integer default: 1024 - dax: - type: boolean - default: true - cache_size: - type: integer - format: int64 - default: 8589934592 pci_segment: type: integer format: int16 @@ -914,9 +926,6 @@ components: iommu: type: boolean default: false - mergeable: - type: boolean - default: false discard_writes: type: boolean default: false @@ -1110,6 +1119,12 @@ components: destination_url: type: string + VmCoredumpData: + type: object + properties: + destination_url: + type: string + RestoreConfig: required: - source_url diff --git a/versions.yaml b/versions.yaml index 2c12d1ee40..b8ffaca129 100644 --- a/versions.yaml +++ b/versions.yaml @@ -75,7 +75,7 @@ assets: url: "https://github.com/cloud-hypervisor/cloud-hypervisor" uscan-url: >- https://github.com/cloud-hypervisor/cloud-hypervisor/tags.*/v?(\d\S+)\.tar\.gz - version: "v24.0" + version: "v25.0" firecracker: description: "Firecracker micro-VMM" From 051181249ccc3845e2015ae1e97daf43eba68fee Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Tue, 12 Jul 2022 14:32:17 +0200 Subject: [PATCH 15/15] packaging: Add a "-" in the dir name if $BUILD_DIR is available MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Currently $BUILD_DIR will be used to create a directory as: /opt/kata/share/kata-qemu${BUILD_DIR} It means that when passing a BUILD_DIR, like "foo", a name would be built like /opt/kata/share/kata-qemufoo We should, instead, be building it as /opt/kata/share/kata-qemu-foo. Fixes: #4638 Signed-off-by: Fabiano Fidêncio --- tools/packaging/static-build/qemu/Dockerfile | 6 ++++-- .../static-build/qemu/build-static-qemu-experimental.sh | 2 +- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/tools/packaging/static-build/qemu/Dockerfile b/tools/packaging/static-build/qemu/Dockerfile index 27d088303e..24d98fd0bb 100644 --- a/tools/packaging/static-build/qemu/Dockerfile +++ b/tools/packaging/static-build/qemu/Dockerfile @@ -72,8 +72,10 @@ RUN git clone --depth=1 "${QEMU_REPO}" qemu && \ git fetch --depth=1 origin "${QEMU_VERSION}" && git checkout FETCH_HEAD && \ scripts/git-submodule.sh update meson capstone && \ /root/patch_qemu.sh "${QEMU_VERSION}" "/root/kata_qemu/patches" && \ - (PREFIX="${PREFIX}" /root/configure-hypervisor.sh -s "kata-qemu${BUILD_SUFFIX}" | xargs ./configure \ - --with-pkgversion="kata-static${BUILD_SUFFIX}") && \ + [ -n "${BUILD_SUFFIX}" ] && HYPERVISOR_NAME="kata-qemu-${BUILD_SUFFIX}" || HYPERVISOR_NAME="kata-qemu" && \ + [ -n "${BUILD_SUFFIX}" ] && PKGVERSION="kata-static-${BUILD_SUFFIX}" || PKGVERSION="kata-static" && \ + (PREFIX="${PREFIX}" /root/configure-hypervisor.sh -s "${HYPERVISOR_NAME}" | xargs ./configure \ + --with-pkgversion="${PKGVERSION}") && \ make -j"$(nproc ${CI:+--ignore 1})" && \ make install DESTDIR="${QEMU_DESTDIR}" && \ /root/static-build/scripts/qemu-build-post.sh diff --git a/tools/packaging/static-build/qemu/build-static-qemu-experimental.sh b/tools/packaging/static-build/qemu/build-static-qemu-experimental.sh index 12cc57f5aa..be50fb9770 100755 --- a/tools/packaging/static-build/qemu/build-static-qemu-experimental.sh +++ b/tools/packaging/static-build/qemu/build-static-qemu-experimental.sh @@ -26,4 +26,4 @@ fi [ -n "$qemu_version" ] || qemu_version=$(get_from_kata_deps "assets.hypervisor.qemu-experimental.version") [ -n "$qemu_version" ] || die "failed to get qemu version" -"${script_dir}/build-base-qemu.sh" "${qemu_repo}" "${qemu_version}" "-experimental" "kata-static-qemu-experimental.tar.gz" +"${script_dir}/build-base-qemu.sh" "${qemu_repo}" "${qemu_version}" "experimental" "kata-static-qemu-experimental.tar.gz"