When the hypervisor option `use_vsock` is true the runtime will check for vsock
support. If vsock is supported, not proxy will be used and the shims
will connect to the VM using VSOCKS. This flag is true by default, so will use
VSOCK when possible and no proxy will be started.
fixes#383
Signed-off-by: Jose Carlos Venegas Munoz jose.carlos.venegas.munoz@intel.com
Signed-off-by: Julio Montes <julio.montes@intel.com>
parseVSOCKAddr function is no more needed since now agent config
contains a field to identify if vsocks should be used or not.
Signed-off-by: Julio Montes <julio.montes@intel.com>
`appendVSockPCI` function can be used to cold plug vocks, vhost file descriptor
holds the context ID and it's inherit by QEMU process, ID must be unique and
disable-modern prevents qemu from relying on fast MMIO.
Signed-off-by: Julio Montes <julio.montes@intel.com>
add extra field in KataAgentConfig structure to specify if the
kata agent have to use a vsock instead of serial port.
Signed-off-by: Julio Montes <julio.montes@intel.com>
In order to see what proxy was started or not, we should log
its type and the URL
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
Signed-off-by: Julio Montes <julio.montes@intel.com>
Add `use_vsock` option to enable or disable the use of vsocks
for communication between host and guest.
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
Signed-off-by: Julio Montes <julio.montes@intel.com>
We already save the URL used to connect to the agent in the `state.URL` this
variable is the used to connect the shim to agnet independently the socket type
(VSOCK or serial)
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
FindContextID generates a random number between 3 and max uint32
and uses it as context ID.
Using ioctl findContextID checks if the context ID is free, if
the context ID is being used by other process, this function
iterates from over all valid context IDs until one is available.
`/dev/vhost-vsock` is used to check what context IDs are free,
we need it to ensure we are using a unique context ID to
create the vsocks.
Signed-off-by: Julio Montes <julio.montes@intel.com>
Implement function to check if the system has support for vsocks.
This function looks for vsock and vhost-vsock devices returning
true if those exist, otherwise false.
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
Signed-off-by: Julio Montes <julio.montes@intel.com>
add vhostfd and disable-modern to vhost-vsock-pci
shortlog:
3830b44 qemu: add vhostfd and disable-modern to vhost-vsock-pci
f700a97 qemu/qmp: implement function to hotplug vsock-pci
Signed-off-by: Julio Montes <julio.montes@intel.com>
Ensure the entire codebase uses `"sandbox"` and `"container"` log
fields for the sandboxID and containerID respectively.
Simplify code where fields can be dropped.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Refine the changes made on #468 by adding the containerID log field as
soon as possible (before *any* virtcontainers calls). This requires
that `setExternalLoggers()` be called more times, but it's essential to
ensure the correct log fields are available as early as possible.
Partially fixes#519.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Now that the `SetLogger()` functions accept a `logrus.Entry`, they can
access the fields that have already been set for the logger and
re-apply them if `SetLogger()` is called multiple times.
This fixes a bug whereby the logger functions -- which are necessarily
called multiple times [1] -- previously ended up applying any new fields
the specified logger contained, but erroneously removing any additional
fields added since `SetLogger()` was last called.
Partially fixes#519.
--
[1] - https://github.com/kata-containers/runtime/pull/468
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Rather than accepting a `logrus.FieldLogger` interface type, change all
the `SetLogger()` functions to accept a `logrus.Entry`.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
As of #521, the runtime now adds the `arch` log field so
`virtcontainers` doesn't need to set it too.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Don't use slash-delimited values in log fields - create two separate
log fields (`source` and `subsystem`) for clarity.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
This PR got merged while it had some issues with some shim processes
being left behind after k8s testing. And because those issues were
real issues introduced by this PR (not some random failures), now
the master branch is broken and new pull requests cannot get the
CI passing. That's the reason why this commit revert the changes
introduced by this PR so that we can fix the master branch.
Fixes#529
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
Docker 18.06 was released last week, update our
supported docker to this new version.
Fixes: #510
Signed-off-by: Salvador Fuentes <salvador.fuentes@intel.com>
Fixes#50
This commit imports a big logic change:
* host device to be attached or appended now is sandbox level resources,
one device should bind to sandbox/hypervisor first, then container could
reference it via device's unique ID.
* attach or detach device should go through the device manager interface
instead of the device interface.
* allocate device ID in global device mapper to guarantee every device
has a uniq device ID and there won't be any ID collision.
With this change, there will some changes on data format on disk for sandbox
and container, these changes also make a breakage of backward compatibility.
New persist data format:
* every sandbox will get a new "devices.json" file under "/run/vc/sbs/<sid>/"
which saves detailed device information, this also conforms to the concept that
device should be sandbox level resource.
* every container uses a "devices.json" file but with new data format:
```
[
{
"ID": "b80d4736e70a471f",
"ContainerPath": "/dev/zero"
},
{
"ID": "6765a06e0aa0897d",
"ContainerPath": "/dev/null"
}
]
```
`ID` should reference to a device in a sandbox, `ContainerPath` indicates device
path inside a container.
Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
Instead of using drivers.XXXDevice directly, we should use exported
struct from device structure. package drivers should be internal struct
and other package should avoid read it's struct content directly.
Signed-off-by: Wei Zhang <zhangwei555@huawei.com>
The interface "VhostUserDevice" has duplicate functions and fields with
Device, so we can merge them into one interface and manage them with one
group of interfaces.
Signed-off-by: Wei Zhang <zhangwei555@huawei.com>
Fixes#50
Previously the devices are created with device manager and laterly
attached to hypervisor with "device.Attach()", this could work, but
there's no way to remember the reference count for every device, which
means if we plug one device to hypervisor twice, it's truly inserted
twice, but actually we only need to insert once but use it in many
places.
Use device manager as a consolidated entrypoint of device management can
give us a way to handle many "references" to single device, because it
can save all devices and remember it's use count.
Signed-off-by: Wei Zhang <zhangwei555@huawei.com>
In some slow enviroments the agent is taking more than 5 seconds
to start to serve grpc request.
This was reproducible in a Centos VM with 4 cpus running 8 pods in
parallel.
Fixes: #516
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
If the grpc connection check fails we only return the grpc error.
To make more clear what failed add more information to the error.
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
Because codecov coverage regarding the patch is very inconsistent,
this commit introduces codecov.yml config file in order to disable
this check.
Fixes#511
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
If kata-agent doesn't start in VM, we need to do some rollback
operations to release related resources.
add grpc check() to check kata-agent is running or not
Fixes: #297
Signed-off-by: flyflypeng <jiangpengfei9@huawei.com>
