containerd would like to get the shim's socket
address from shimv2's stdout, thus it's better
to discard the log's output before shimv2 init
it's logger and at the same time add a hook to
log into syslog.
Fixes: #1035
Signed-off-by: Fupan Li <lifupan@gmail.com>
Fix version compare when specifying a pre-release version in
versions.txt. This is needed because kata on git uses strict semver,
while kata RPM packages uses ~ in place of - for PATCH version, to
allow RPM version comparison to work properly.
Fixes: #285
Signed-off-by: Marco Vedovati <mvedovati@suse.com>
Since kata-agent is using virtio-console to output debugging info
and the console ports are available in the guest as /dev/hvc0 and
/dev/hvc1, we should swap origin console type 'console=ttyAMA0'
with 'console=hvc0,hvc1'.
Fixes: #1033
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
Signed-off-by: Wei Chen <Wei.Chen@arm.com>
For supporting nvdimm, we need to update kernel on aarch64 to the
stable version 4.19.8 and backport Suzuki K Poulose's latest
Dynamic IPA and 52bit IPA support patch series
(https://patchwork.kernel.org/cover/10616271/)which has been included
in 4.20-rc3+ to the v4.19.8.
Fixes: #268
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
Signed-off-by: Wei Chen <Wei.Chen@arm.com>
In order to properly setup the network, hence allocate or not multiple
queues, this commit makes sure that the hypervisor capabilities are
checked for this.
Fixes#1027
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
Each hypervisor is different and supports different options regarding
the network interface it creates. In particular, the multiqueue option
is not supported by Firecracker and should not be assumed by default.
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
The point of knowing the number of CPUs from the network perspective
is to determine the number of queues that can be allocated to the
network interface of the our virtual machine.
Therefore, it's more logical to name it queues from a network.go
perspective.
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
In order to prevent from future duplication of calls into the
hypervisor interface, the hypervisor is directly passed as part
of the xConnectVMNetwork() function. Because this does not apply
the disconnection case, this commit splits the former function
into two separate ones.
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
Only create a new docker unit file if no other existing unit files
are detected. Creating a new docker file when not necessary may mask out
existing docker daemon configurations.
Fixes: #300
Signed-off-by: Marco Vedovati <mvedovati@suse.com>
We want to make sure Kata runs on latest stable kernels so that it
benefits from the latest features.
For instance, in case of Kata relying on NEMU hypervisor, the recent
kernel patches reworking the way timer calibration is handled are
solving some boot latency issues.
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
HotplugRemoveMemory require to do a qmp call, but
unit test does not start a Qemu instance.
Depends-on: github.com/kata-containers/tests#1007
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
- Container only is responsable of namespaces and cgroups
inside the VM.
- Sandbox will manage VM resources.
The resouces has to be re-calculated and updated:
- Create new Container: If a new container is created the cpus and memory
may be updated.
- Container update: The update call will change the cgroups of a container.
the sandbox would need to resize the cpus and VM depending the update.
To manage the resources from sandbox the hypervisor interaface adds two methods.
- resizeMemory().
This function will be used by the sandbox to request
increase or decrease the VM memory.
- resizeCPUs()
vcpus are requested to the hypervisor based
on the sum of all the containers in the sandbox.
The CPUs calculations use the container cgroup information all the time.
This should allow do better calculations.
For example.
2 containers in a pod.
container 1 cpus = .5
container 2 cpus = .5
Now:
Sandbox requested vcpus 1
Before:
Sandbox requested vcpus 2
When a update request is done only some atributes have
information. If cpu and quota are nil or 0 we dont update them.
If we would updated them the sandbox calculations would remove already
removed vcpus.
This commit also moves the sandbox resource update call at container.update()
just before the container cgroups information is updated.
Fixes: #833
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
Most of the projects, they can be built with "make". After that,
"sudo make install" can install the application.
It is not work for kata-runtime because kata-runtime's make must work
with golang in the environment that default sudo cannot supply it.
But "make install" doesn't need golang.
So add "GOPATH not set" to handle the issue.
Fixes: #1008
Signed-off-by: Hui Zhu <teawater@hyper.sh>
Fix port URL detection for aarch64, and error out if an unknown
architecture is detected.
Fixes: #215
Signed-off-by: Marco Vedovati <mvedovati@suse.com>
Full commit list:
34b7454 grpc: sandbox: add container when is fully created.
df822eb grpc: support rlimits
87ad0a8 release: Kata Containers 1.5.0-rc1
31c6b6e grpc: add SetGuestDateTime API
4eca13b client: do cleanup after UT stop mock server
c25288a Makefile: Decide if agent will be built by seccomp tag
0aae82b release: Kata Containers 1.4.0
7b4c337 vendor: Update vendor/github.com/containerd/console
8dedf30 agent: build as Position-Independent-Executable
dc635d4 test: Add test for ipvlan routes in l3 mode
69ee60f network: Refactor to reduce cyclomatic complexity
4005c33 network: Handle default route where gateway is empty
83138df pkg: types: Add a new field type
Signed-off-by: Peng Tao <bergwolf@gmail.com>
The PR adds the support for s390x.
In the case of CCW devices, the vhost-user devices are not supported.
See #659. An error message is thrown if they tried to be used.
Memory hotplug is not supported on s390 yet and an error message is thrown.
The VirtioNetPCI has been changed to VirtioNet. The generalization
allows to set the VirtioNet to the correct CCW device for s390x.
Fixes: #666
Co-authored-by: Yash D Jain ydjainopensource@gmail.com
Signed-off-by: Alice Frosi <afrosi@de.ibm.com>
Remove configs s390_kata_kvm_4.14.x
The patch 0003-serial-forbid-8250-on-s390 is no longer necessary as it
has been upstreamed since version 4.16
The kernel configs have been generated as described in https://github.com/kata-containers/packaging/issues/246
plus the vsock options have been manually enabled:
CONFIG_VSOCKETS=y
CONFIG_VIRTIO_VSOCKETS=y
CONFIG_VIRTIO_VSOCKETS_COMMON=y
Fixes: #280
Signed-off-by: Alice Frosi <afrosi@de.ibm.com>
For kata shimv2, the sub-reaper isn't needed, otherwise
it will break the cmd.Run() calling in govmmQemu.LaunchQemu().
Fixes: #939
Signed-off-by: fupan <lifupan@gmail.com>
