Under certain circumstances[0] Kata will attempt to use SHPC hotplug
for PCI devices on the guest. In fact we explicitly enable SHPC on
our PCI to PCI bridges, regardless of the qemu default.
SHPC was designed a long, long time ago for physical hotplugging and
works very poorly for a virtual environment. In particular it has a
mandatory 5s delay to allow a (real, human) operator to back out the
operation if they press a button by mistake. This alone makes it
unusable for a fast start up application like Kata.
Worse, the agent forces a PCI rescan during startup. That will race
with the SHPC hotplug operation causing the device to go into a bad
state where config space can't be accessed from the guest at all.
The only reason we've sort of gotten away with this is that our
default guest kernel configuration triggers what's arguably a kernel
bug effectively disabling SHPC. That makes the agent rescan the only
reason we see the new device.
Now that we require a qemu >=6.1, which includes ACPI PCI hotplug on
the q35 machine, we can explicitly disable SHPC in all cases. It's
nothing but trouble.
fixes#2174
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
This was added in the 1.x repo and is missing in the 2.x repo.
Copying over the document from 1.x.
This is a starting point and focuses on the devices / interfaces
with the virtual machine, and ultimately to the container itself.
We then discuss how these devices/interfaces vary by VMM/hypervisor.
The threat model drawing is created via gdocs, located here:
https://docs.google.com/drawings/d/1dPi9DG9bcCUXlayxrR2OUa1miEZXewtW7YCt4r_VDmA/edit?usp=sharing
For Kata 2.x, the block named as `kata-runtime` has been changed to
`kata-shim`.
Fixes: #2340
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
And use a released version instead of the master branch so that it no
longer gets invalidated.
Depends-on: github.com/kata-containers/kata-containers#2645
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
Add how-to-setup-swap-devices-in-guest-kernel.md to how-to to introduce
how to setup swap device in guest kernel.
Fixes: #2326
Signed-off-by: Hui Zhu <teawater@antfin.com>
There is no need to keep multiple copies of the license file in
different directory. We can just use the top level one for the project.
Fixes: #2553
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
Remove the `Kata Containers with Firecracker` additional configuration steps.
From kata 2.x, the config of `firecracker` is same to `qemu` and `cloud-hypervisor`.
Fixes: #2492
Signed-off-by: wangyongchao.bj <wangyongchao.bj@inspur.com>
update cri plugin source path to containerd pkg in the
how-to-use-k8s-with-cri-containerd-and-kata.md file. The cri project was moved to containerd project pkg directory.
Fixes: #2490
Signed-off-by: wangyongchao.bj <wangyongchao.bj@inspur.com>
Remove duplicated information, reduce text separation, and rewrite notes
to be more clear and concise.
Fixes: #2449
Signed-off-by: Joao Vanzuita <joaovanzuita@me.com>
changed the document project url in the using-vpp-and-kata.md and
runtime experimental README.md files.
Fixes: #2418
Signed-off-by: wangyongchao.bj <wangyongchao.bj@inspur.com>
Kata-proxy is not longer used in kata 2.x, this PR removes the
reference as well to an script that is not longer existing.
Fixes#2391
Signed-off-by: Gabriela Cervantes <gabriela.cervantes.tellez@intel.com>
All users should be running 2.x releases so remove the legacy details
since it's arguably confusing to have two sets of details.
Reworked the components listed in the main README so that rather than
being sorted alphabetically, they are now sorted in semi-order of
importance and split into two tables to make the point more clearly.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Removed all TOCs now that GitHub auto-generates them.
Also updated the documentation requirements doc removing the requirement
to add a TOC.
Fixes: #2022.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Create a document summarising the tracing design proposals
from PR #1937.
Fixes: #2061.
Signed-off-by: bin <bin@hyper.sh>
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
This PR updates the proper url for log parser for kata 2.x for
the Developer Guide document.
Fixes#2328
Signed-off-by: Gabriela Cervantes <gabriela.cervantes.tellez@intel.com>
the kata-deploy project scripts were changed, but minikube installation guide doc still use old yaml script.
fix guide doc use the new yaml script of runtimeClasses.
Fixes: #2276
Signed-off-by: wangyongchao.bj <wangyongchao.bj@inspur.com>
The kata-deploy project path has changed from kata v2. fixed kata-deploy path in the document how-to-import-kata-logs-with-fluentd.md.
The correct path is `$GOPATH/src/github.com/kata-containers/kata-containers/tools/packaging/kata-deploy`
Fixes: #2273
Signed-off-by: wangyongchao.bj <wangyongchao.bj@inspur.com>
`containerd` has adopted a new configuration style. Update the example configuration to reflect the change.
Fixes: #2180
Signed-off-by: Yujia Qiao <qiaoyujia@bytedance.com>
We're introducing a workaround for enabling users to utilize inotify on
mounts that are backed by virtiofs. Let's add some documentation on how
this work.
Signed-off-by: Eric Ernst <eric_ernst@apple.com>
The Developer Guide instructs to install the agent from
`${ARCH}-unknown-linux-${LIBC}`, where `$LIBC` is set to `gnu` for
ppc64le (because Rust has no musl target there). The same is true for
s390x. Also set this for s390x.
Fixes: #2092
Signed-off-by: Jakob Naucke <jakob.naucke@ibm.com>
Fixed 3 errors which misused the bracket to substitute parameter for initrd-img creation at the developer guide.
Fixes: #2079
Signed-off-by: focus-zhaos <zhaos@nbjl.nankai.edu.cn>
- Adding missing `$` symbols to 3 references to `sandbox_id` variable
- Adding missing `'` symbol to QEMU-related `socat` command
Fixes#2075
Signed-off-by: Dave Hay <david_hay@uk.ibm.com>
