This change the version of QEMU used in the tests and CI.
The scripts/configure-hypervisor.sh was changed so that:
- Passing the `--enable-virtiofsd` flag
- Do not compiling with -O3 to avoid the warning:
Program python3 found: YES (/usr/bin/python3)
../meson.build:104: WARNING: Consider using the built-in optimization level instead of using "-O3".
../meson.build:108: WARNING: Consider using the built-in optimization level instead of using "-O3".
The qemu.blacklist files was changed so that new and uneeded firmware files are removed from the
final tarball. Except for qboot.rom which is new but kept, since it can be used with microvm
machine type (in case we want to enable microvm in the future).
The patches which are applied on QEMU sources:
- 0001-virtiofsd-Allow-to-build-it-without-the-tools.patch
(Build fix for Meson - allows passing `--disable-tools --enable-virtiofsd`)
- 0002-virtiofsd-extract-lo_do_open-from-lo_open.patch
0003-virtiofsd-optionally-return-inode-pointer-from-lo_do.patch
0004-virtiofsd-prevent-opening-of-special-files-CVE-2020-.patch
0005-virtiofsd-Add-_llseek-to-the-seccomp-whitelist.patch
0006-virtiofsd-Add-restart_syscall-to-the-seccomp-whiteli.patch
(Security fixes for virtiofsd)
- 0007-9p-removing-coroutines-of-9p-to-increase-the-I-O-per.patch
(Performance improvement for 9p driver)
- 0008-hw-s390x-fix-build-for-virtio-9p-ccw.patch
(Build fix for virtio-9p-ccw machine type)
Fixes: #1238
Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
The scripts/configure-hypervisor.sh split the QEMU and GCC version
in major and minor versions then use those values on shell conditionals
to compare versions. This is error prone, so instead this change the script
to use the `sort -V -C ` command for version comparisons.
Fixes: #1349
Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
There's no runtime repo anymore, let's avoid making a reference to it,
which may end up confusing people reading the Release-Process file.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
All the work done on this file, apart from merging the 2.x repo, and now
removing unused lines, comes from Intel.
The reason it's being added is to silent a complaint from the static
checker.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
There's no more NEMU, for some time already. Considering this, let's
just remove any mention to it as part of our project.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
There's no reason to ship qemu & qemu-virtiofs when the former already
includes vitiofs support (and that's the default for 2.x deployments).
In case we will enable experimental qemu DAX support, we should add a
new target, a "qemu-experimental" target, as Carlos has been working on.
Fixes: #1424
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
The docker script has been removed as part of
62cbaf4de4, but references to it were left
behind in the artifact-list.sh, release/kata-deploy-binaries.sh, and
kata-deploy/Dockerfile.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
For Kata Containers 2.x, CRI-O should always be using the
`containerd-shim-kata-v2` binary, and always be configured to use the
"vm" runtime type, developed specifically for the shimv2, instead of the
default "oci" runtime type.
I've taken the liberty to try to simplify the CRI-O script and make it
less error prone. In the future, we can start dropping a configuration
file to /etc/crio/crio.conf.d and just removing it as part of the
cleanup, but that's for the future.
Fixes: #1357
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Factoring those pieces of code to their own functions allows us to
easily re-use them when creating & cleaning up the CRI-O configuration
files, as CRI-O is also affected by the issues that are still opened.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Our list was based on what we used to ship for Kata Containers 1.x, not
even taking into account the shimv2 binary.
Let's update it in order to reflect better what we currently distribute.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Update the Intel QAT Dockerfile to work with the 2.0 repos, fix some
bugs with building Debian/Ubuntu rootfs, and update the latest QAT
driver. Updated copyright.
Fixes: #1419
Signed-off-by: Adams, Eric <eric.adams@intel.com>
For building rootfs with docker, glibc based rust target should be installed on ppc64le.
Additionally, protobuf-compiler would be required on ppc64le as it is not present by default.
Fixes: #1417
Signed-off-by: Amulya Meka <amulmek1@in.ibm.com>
Give the user chance to specify their own registry in event the default
provided are not accessible, desirable.
Fixes: #1393
Signed-off-by: Eric Ernst <eric.g.ernst@gmail.com>
Update all tools/packaging scripts to prefer the new options over the
old ones (e.g. `--config` instead of `--kata-config`).
Signed-off-by: Daniel Knittl-Frank <knittl89+git@googlemail.com>
* CONFIG_OVERLAY_FS_METACOPY is needed to have reasonable performance
for chmod and similar calls;
* CONFIG_OVERLAY_FS_XINO_AUTO is recommended for POSIX compliance.
Fixes: #1075
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
- Install the required protobuf-compiler on Ubuntu
- Install correct libc Rust target (glibc on s390x)
- Do not skip Rust installation on s390x
Fixes: #1266
Signed-off-by: Jakob Naucke <jakob.naucke@ibm.com>
This directory has been automatically removed as there's no files inside
it, as part of d3c9862059
Let's improve the logic in the scripts to avoid failing in case the
"experimental" dir is not present.
Fixes: #1328
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Installing the built uncompressed vmlinux kernel will not work on s390x,
QEMU will complain:
Linux kernel boot failure: An attempt to boot a vmlinux ELF image
failed.
This image does not contain all parts necessary for starting up. Use
bzImage or arch/s390/boot/compressed/vmlinux instead.
Hence, use that kernel image on s390x.
Fixes: #1264
Signed-off-by: Jakob-Naucke <jakob.naucke@ibm.com>
Kata Containers 2.x is not supported outside of the kubernetes world.
With this in mind, let's remove leftovers from the 1.x deployments &
documentation.
Fixes: #1356
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Since there is no Rust target for musl on s390x, builds on s390x should use
glibc. This commit removes the "Cannot build Rust agent on s390x" restriction
in rootfs.sh and only installs musl in the build environment when it is
required.
Fixes: #1262
Signed-off-by: Jakob Naucke <jakob.naucke@ibm.com>
acpi is enabled for kata 1.x, port and rebase code for 2.x
including:
runtime: enable pflash;
agent: add acpi support for pci bus path;
packaging: enable CONFIG_RTC_DRV_EFI;
Fixes: #1317
Signed-off-by: Jianyong Wu <jianyong.wu@arm.com>
Include on the terms glossary some words about the agent init as
later on README its explain how the agent can be switched between
systemd and init.
Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
Changed the user-visible urls to point to the right Kata Containers
files/repositories.
Fixes#234
Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
To avoid hitting quota limit on docker.io, this changes the Fedora
and CentOS dockerfiles to pull the image from the projects registries.
Fixes#1324
Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
The osbuilder scripts include a bunch of code for installing cmake, even
though cmake is never invoked. versions.yaml claims it's needed to build
grpc-rs, but that doesn't appear to be in our dependency graph.
Presumably, we used to need this, but don't any more. So, remove all cmake
references.
Fixes#1309
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
