Commit Graph

5350 Commits

Author SHA1 Message Date
James O. D. Hunt
0b7e456d47
Merge pull request #250 from matthewfischer/max_attempts
Print attempt number after max check
2019-03-25 10:32:49 +00:00
James O. D. Hunt
17cd8e84ed docs: Explain systemd needed for debug console
Add a note to the developer guide explaining that the debug console
requires systemd support (hence nominally you cannot use alpine linux
for example as that doesn't use systemd).

Fixes #412.

Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
2019-03-25 09:39:53 +00:00
Li Yuxuan
0d2ba4766e builder: Pass the DEBUG flag when using docker
When using docker, pass the `DEBUG` flag to trace the commands as well.

Fixes: #261

Signed-off-by: Li Yuxuan <liyuxuan04@baidu.com>
2019-03-25 17:36:38 +08:00
James O. D. Hunt
49b3cd0c56
Merge pull request #409 from jodh-intel/undo-docker-pin
Undo docker pin
2019-03-25 08:07:26 +00:00
Hui Zhu
814e5de224
Merge pull request #1334 from jongwu/factory
Factory: Fix fake return value issue on creating template
2019-03-25 11:58:30 +08:00
Xu Wang
de9c42e80f
Merge pull request #1227 from WeiZhang555/experimental-support
config: Add config flag "experimental"
2019-03-23 08:59:45 +08:00
Graham Whaley
6301fbe458
Merge pull request #408 from amshinde/remove-privileged-limitation
Limitations: Remove privileged flag limitation
2019-03-22 17:04:52 +00:00
Archana Shinde
bf0d680f56 Limitations: Remove privileged flag limitation
Kata does support privileged flag but within the guest,
so explain how this works in the Limitations docs.

Fixes #362

Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
2019-03-22 09:55:46 -07:00
Archana Shinde
71a4ba11b3
Merge pull request #411 from jodh-intel/fix-debug-console-example-on-ubuntu
docs: Fix debug console for ubuntu/debian
2019-03-22 09:49:10 -07:00
James O. D. Hunt
4c19083e01 docs: Fix debug console for ubuntu/debian
Change the debug console systemd job to specify the path to bash as
`/bin/bash`, *not* `/usr/bin/bash`. This unbreaks the debug console for
Ubuntu and Debian and also works for all other distros.

Fixes #410.

Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
2019-03-22 13:13:47 +00:00
James O. D. Hunt
1f52f5e7bd
Merge pull request #1403 from jodh-intel/add-more-build-targets
Add more build targets
2019-03-22 11:52:32 +00:00
James O. D. Hunt
bfbd4edcca docker: Undo docker version 18.06 pin
Don't force Docker to be kept at version 18.06 (to ensure devicemapper
is available). This feature won't be re-added by Docker and remaining on
an old version of Docker is not good from a security perspective.

Replace the pinning with a note pointing users at an issue which
provides details of alternatives to devicemapper.

Fixes #407.

Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
2019-03-22 10:59:54 +00:00
James O. D. Hunt
17acacbc47 docs: Capital letter at start and period at end of sentence
Fix two nits in the Debian install guide.

Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
2019-03-22 10:57:36 +00:00
James O. D. Hunt
0d146738de
Merge pull request #1405 from jodh-intel/update-collect-script-for-dax-nvdimm-images
Update collect script for dax nvdimm images
2019-03-22 09:54:03 +00:00
James O. D. Hunt
36fce98517
Merge pull request #1387 from jodh-intel/allow-data-collection-to-be-hidden
Allow data collection to be hidden
2019-03-22 09:53:44 +00:00
James O. D. Hunt
072acea2a0
Merge pull request #358 from yyyeerbo/wip
install: VERSION_ID in buster/sid can be unset. default it to 9
2019-03-22 08:40:43 +00:00
Yang Bo
6ba8ae53dd install: Debian sid/buster has no VERSION_ID, error out.
Error out if debian has no VERSION_ID, point user to stable
packages.

Fixes: #357

Signed-off-by: Yang Bo <bo@hyper.sh>
2019-03-21 21:01:11 -07:00
Xu Wang
4f712b0657
Merge pull request #1401 from teawater/vmcache_vsock
config: Make VMCache can work with vsock
2019-03-22 10:51:35 +08:00
Eric Ernst
30726d1dd7
Merge pull request #370 from jcvenegas/release-1.5.1
Release 1.5.1
2019-03-21 13:27:34 -07:00
Salvador Fuentes
a06c82a120
Merge pull request #257 from jcvenegas/release-1.6.0
release: 1.6.0
2019-03-21 13:28:49 -06:00
Jose Carlos Venegas Munoz
75f4338350 release: 1.6.0
Version bump to kata 1.6.0.

Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
2019-03-21 13:00:15 -06:00
James O. D. Hunt
e1eb28836a
Merge pull request #249 from GabyCT/topic/modifytest
test: Modify test_images script to handle FC
2019-03-21 17:04:32 +00:00
GabyCT
2069a3d953
Merge pull request #406 from teawater/vmcache_vsock
howto: Remove vsock from VMCache howto
2019-03-21 10:06:38 -06:00
Julio Montes
a7ccc24c80
Merge pull request #1398 from teawater/curl
ci: check curl before use it
2019-03-21 08:17:38 -06:00
James O. D. Hunt
5d761cec76 scripts: Handle images with a DAX/NVDIMM header
osbuilder recently added the ability to create images with a DAX/NVDIMM
header [1], however this change broke the data collection script. Update
that script to handle images with and without this header.

The data collection script will now assume a header is present. However,
if it fails to find the required partition data, it will try again, this
time assuming the image does not have a DAX/NVDIMM header.

Fixes #1404.

[1] - https://github.com/kata-containers/osbuilder/pull/236

Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
2019-03-21 12:35:28 +00:00
James O. D. Hunt
bdf6b2d49d scripts: Handle missing partitions in collect script
Add an extra check in the data collection script to ensure partitions
are found in the image.

Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
2019-03-21 12:28:58 +00:00
James O. D. Hunt
ad228e3c3b build: Add missing targets to show-usage
Add a number of useful build and install targets to the `show-usage`
target which are visible when the user runs `make help`.

Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
2019-03-21 11:30:19 +00:00
James O. D. Hunt
e6a7091981 build: Allow runtime to be built+installed without shim
Add `install-runtime` and `install-netmon` targets. This allows the
`install` target to be simplified and also allows the runtime to be
built without having to build the `containerd-shim-v2` binary which is
slow to build:

```
$ make runtime && sudo -E PATH=$PATH make install-runtime
```

Fixes #1402.

Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
2019-03-21 11:30:12 +00:00
James O. D. Hunt
206ffc66aa build: Don't build the runtime when building shim binary
The `containerd-shim-v2` binary does not need the `kata-runtime` binary
to be built first, so remove the dependency.

Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
2019-03-21 11:30:07 +00:00
Graham Whaley
c70ba4844f
Merge pull request #1390 from devimc/topic/roFS
virtcontainers: improve security and mount the rootfs as read-only fs
2019-03-21 09:33:04 +00:00
Hui Zhu
c3f082ccb8 howto: Remove vsock from VMCache howto
Remove vsock from VMCache howto because VMCache can work with vsock now.

Fixes: #405

Signed-off-by: Hui Zhu <teawater@hyper.sh>
2019-03-21 17:24:57 +08:00
Hui Zhu
639e8271de config: Make VMCache can work with vsock
After code check and test, found VMCache can work with vsock.
Remove the code that prohibit them from working together.

Fixes: #1400

Signed-off-by: Hui Zhu <teawater@hyper.sh>
2019-03-21 17:13:03 +08:00
Hui Zhu
aec0d263fa ci: check curl before use it
install-yq.sh use curl but not check if curl is available or not.
Add code to check curl before use it.

Fixes: #1379

Signed-off-by: Hui Zhu <teawater@hyper.sh>
2019-03-21 10:52:33 +08:00
Archana Shinde
e16ff37f86 chrony: Comment out any NTP sources for chrony
Reference:  https://chrony.tuxfamily.org/doc/3.4/chrony.conf.html

Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
2019-03-20 16:05:33 -07:00
Archana Shinde
3df19ff984 chrony: Add virtual PTP as source for chrony
KVM virtual PTP in linux kernel allows guest to sync its
clock to the host clock with high precision. kvm-ptp has been
enabled in our kernel. Add this as a source for `chrony` so that
it can be used to sync the guest system clock.
`chrony` needs to be started in the guest for time sync.

Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
2019-03-20 14:05:42 -07:00
Julio Montes
8c2190d3a3
Merge pull request #400 from Pennyzct/snap_aarch64
snap-aarch64: modify qemu-related info for arm64
2019-03-20 09:22:07 -06:00
Sebastien Boeuf
f1ef63e5c6
Merge pull request #1394 from WeiZhang555/improve-readability
refactor: improve readability of `bumpAttachCount`
2019-03-20 08:13:45 -07:00
Julio Montes
9b73900ba6 katautils: mask systemd-random-seed
systemd-random-seed service fails if the rootfs is a read-only fs.
systemd-random-seed restores the random seed of the system at early
boot and saves it at shutdown, since kata containers are one boot machines
this service is not needed.

Signed-off-by: Julio Montes <julio.montes@intel.com>
2019-03-20 09:02:20 -06:00
Julio Montes
64984667ad virtcontainers: improve security and mount the rootfs as read-only fs
Mounting the rootfs as read-only fs the binaries can't be modified.

fixes #1389

Signed-off-by: Julio Montes <julio.montes@intel.com>
2019-03-20 07:50:20 -06:00
Wei Zhang
26a9b72c34 refactor: improve readability of bumpAttachCount
Fixes #1392

Improve code readability of function `device.bumpAttachCount`

Signed-off-by: Wei Zhang <zhangwei555@huawei.com>
2019-03-20 11:38:49 +08:00
Penny Zheng
ddf638ba86 snap-aarch64: modify qemu-related info for arm64
Former snap configuration snapcraft.toml install qemu-lite for all
platforms, which isn't applicable on aarch64. We need qemu-aarch64
of specific version and extra patches.

Fixes: #399

Signed-off-by: Penny Zheng <penny.zheng@arm.com>
2019-03-20 11:08:15 +08:00
Matt Fischer
ad5d879f8c rootfs: Print attempt number after max check
With the old code it was possible to see odd messages like:
"INFO: Create root disk image. Attempt 6 out of 5."

Move the attempt number print to after we check against the max

Fixes #251

Signed-off-by: Matt Fischer <matt@mattfischer.com>
2019-03-19 21:04:40 -06:00
Archana Shinde
8fe64058aa rootfs: Include chrony in the Dockerfile images
Add chrony to distro Dockerfile.

Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
2019-03-19 14:34:14 -07:00
Archana Shinde
0b33519709 rootfs: add PACKAGE var to debian config
debian config seems to be missing PACKAGE variable altogether.
Add it along with appending chrony to the list.

Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
2019-03-19 14:30:10 -07:00
Archana Shinde
510ddd28c8 rootfs: Add chrony service to rootfs
chrony will be used to schronize guest clock with host
using kvm_ptp kernel driver.
This does add another active component to the rootfs
but keeping time scychorized is crucial.

Fixes #255

Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
2019-03-19 14:12:21 -07:00
Gabriela Cervantes
523405e62d test: Modify test_images script to handle FC
We need to modify this test in order to handle firecracker.

Fixes #248

Depends-on:github.com/kata-containers/osbuilder#247

Signed-off-by: Gabriela Cervantes <gabriela.cervantes.tellez@intel.com>
2019-03-19 13:42:00 -06:00
Jose Carlos Venegas Munoz
d67aad893f
Merge pull request #247 from devimc/topic/fixFCNoDax
image-builder: make DAX support optional
2019-03-19 11:51:19 -06:00
Archana Shinde
93e59021b9
Merge pull request #404 from jodh-intel/unbreak-debug-console-instructions
Unbreak debug console instructions
2019-03-19 09:45:58 -07:00
Julio Montes
8e72cf15e6
Merge pull request #1381 from alicefr/bridges_func
s390x: add bridges function
2019-03-19 10:38:38 -06:00
Julio Montes
dbc5a32b74
Merge pull request #1366 from devimc/topic/fixRelativeCgroupPath
virtcontainers: honor OCI cgroupsPath
2019-03-19 10:32:41 -06:00