When agent is configured as longLive, the VM's agent created
by factory will not close it's client once it connected, thus
the sandbox's agent cannot re-connect successfully.
Sharing the agent's client between VM's agent and sandbox
can fix this issue.
Fixes: #995
Signed-off-by: fupan <lifupan@gmail.com>
Remove modules from default kernel config.
Modules are not used in default kata images.
Lets remove them.
Fixes: #276
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
- Block: Add cache-related options for block devices
- versions: Add nemu
- Update cid vsock
- shim: Add trace config option
- vendor: Update govmm vendoring
- git: Add containerd-shim-kata-v2 to .gitignore
- virtcontainers: change uint32 to uint64 for ioctl
- virtcontainers: Return the appropriate container status
- config: Check factory config
- Implement containerd shim v2 API for Kata Containers
- ppc64le: kata-env fails due to missing vendor field
- kata-check: do not require nested vt
- kata-env: Show runtime trace setting
deb6f16 virtcontainers: update context id of vsock to uint64
f651147 block: Add cache-related options for block devices
018c8c1 vendor: Update govmm vendoring
ea74b98 shim: Add trace config option
2af240b versions: Add nemu
7093eec git: Add containerd-shim-kata-v2 to .gitignore
96ed6c5 git: Sort .gitignore entries
04ce4c0 virtcontainers: change uint32 to uint64 for ioctl
0bf29c8 config: Check factory config
fe784c1 config: Create function to check config options
70e4dc5 config: Move check code to end of LoadConfiguration
fa9b15d virtcontainers: Return the appropriate container status
02f8b29 containerd-shim-kata-v2: add building of shimv2 into Makefile
8199d10 containerd-shim-kata: add unit test cases
7951041 containerd-shim-kata-v2: add the service Stats support
5cc016c containerd-shim-kata-v2: add the service Kill support
9ee53be containerd-shim-kata-v2: add the service Resume support
8df33d3 containerd-shim-kata-v2: add the service Pause support
cd321a3 containerd-shim-kata-v2: add the service ResizePty support
47326f5 containerd-shim-kata-v2: add the service Update support
642231b containerd-shim-kata-v2: add the service Shutdown support
87f591a containerd-shim-kata-v2: add the service Connect support
ec4f27b containerd-shim-kata-v2: add the service CloseIO support
8c95b75 containerd-shim-kata-v2: add the service Pids support
709bc9a containerd-shim-kata-v2: add the service Cleanup support
a0e6456 containerd-shim-kata-v2: add the service Delete support
fd18b22 containerd-shim-kata-v2: add the service State support
fbaefc9 containerd-shim-kata-v2: add the service wait support
269c940 containerd-shim-kata-v2: add the exec service support
4c5b296 containerd-shim-kata-v2: add the start service support
72fd6e0 containerd-shim-kata-v2: add the create service support
ca58bb4 ppc64le: kata-env fails due to missing vendor field
d6c4ca5 container-shim-kata-v2: The init containerd shim v2 support
5e6cd00 containerd-shim-v2: add the shim v2 required vendors
f0cb0c7 cli: refactor to align with katautils package
9984636 kata-env: Show runtime trace setting
8cfb06f kata-check: optionally require kvm-intel unrestricted_guest
acbcde3 kata-check: do not require nested vt
ea9ecd7 kata-check: modprobe missing kernel modules
Signed-off-by: katacontainers bot <katacontainersbot@katacontainers.io>
The CID of VSock needs to be change to uint64. Otherwise that leads to
an endianess issue. For more details see
https://github.com/kata-containers/runtime/issues/947
Remove the uint64 introduced by #984Fixes: #958
Signed-off-by: Alice Frosi <afrosi@de.ibm.com>
Add block_device_cache_set, block_device_cache_direct and
block_device_cache_noflush.
They are cache-related options for block devices that are described in
https://github.com/qemu/qemu/blob/master/qapi/block-core.json.
block_device_cache_direct denotes whether use of O_DIRECT (bypass the host
page cache) is enabled. block_device_cache_noflush denotes whether flush
requests for the device are ignored.
The json said they are supported since 2.9.
So add block_device_cache_set to control the cache options set to block
devices or not. It will help to support the old version qemu.
Fixes: #956
Signed-off-by: Hui Zhu <teawater@hyper.sh>
Shortlog:
f9b31c0 qemu: Allow disable-modern option from QMP
d617307 Run tests for the s390x build
b36b5a8 Contributors: Add Clare Chen to CONTRIBUTORS.md
b41939c Contributors: Add my name
dab4cf1 qmp: Add tests
5ea6da1 Verify govmm builds on s390x
ee75813 contributors: add my name
c80fc3b qemu: Add s390x support
ca477a1 Update source file headers
e68e005 Update the CONTRIBUTING.md
2b7db54 Add the CONTRIBUTORS.md file
b3b765c qemu: test Valid for Vsock for Context ID
3becff5 qemu: change of ContextID from uint32 to uint64
f30fd13 qmp: Output error detail when execute QMP command failed
7da6a4c qmp: fix mem-path properties for hotplug memory.
e4892e3 qemu/qmp: preparation for s390x support
110d2fa qemu/qmp: add new function ExecuteBlockdevAddWithCache
a0b0c86 qmp_test: Change QMP version from 2.6 to 2.9
10c36a1 qemu: add support for pidfile option
Fixes#983
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
Include info such as commit number,tag number, etc for building
nvdimm-supported qemu on aarch64 from source code.
Fixes: #974
Signed-off-by: Hui Zhu <teawater@hyper.sh>
Right golang version is installed before building kata-containers, skip go
version check to avoid including extra build dependencies.
fixes#265
Signed-off-by: Julio Montes <julio.montes@intel.com>
Since Kata Containers work with NEMU, add an entry
of the supported nemu version and its OVMF firmware.
Fixes: #970.
Signed-off-by: Salvador Fuentes <salvador.fuentes@intel.com>
Sort the contents of `.gitignore` into two groups: globs and actual
paths. This is more intuitive than a purely sorted list.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Update the kernel package to allow building for multiple architectures with
a single set of sources.
Changes:
- Add kernel configs for all architectures
- Detect at runtime the correct target architecture and kernel
compressed image location. This is done with the script kata-multiarch.sh
Note that debian control files still need to be updated to handle Multi-Arch,
so that they are not tied to the architecture on which
`linux-container/update.sh` is run.
Fixes: #262
Signed-off-by: Marco Vedovati <mvedovati@suse.com>
The PR changes the parameter args from uint32 to uint64 for ioctl function.
That leads to an endianess bug.
Fixes: #947
Signed-off-by: Alice Frosi <afrosi@de.ibm.com>
If VM factory templating is enabled (`enable_template=true`), error if
the configured image is not an `initrd=` one.
Also add a note to the config file explaining that a normal image cannot
be used - only initrd images are supported.
Fixes#948.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Moved the checking routines in `LoadConfiguration()` to a new
`checkConfig()` function for clarity.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Move the VSOCK handling code higher up so that all the checking code is
gathered together at the end of `LoadConfiguration()`.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
When our runtime is asked for the container status, we also handle
the scenario where the container is stopped if the shim process for
that container on the host has terminated.
In the current implementation, we retrieve the container status
before stopping the container, causing a wrong status to be returned.
The wait for the original go-routine's completion was done in a defer
within the caller of statusContainers(), resulting in the
statusContainer()'s values to return the pre-stopped value.
This bug is first observed when updating to docker v18.09/containerd
v1.2.0. With the current implementation, containerd-shim receives the
TaskExit when it detects kata-shim is terminating. When checking the
container state, however, it does not get the expected "stopped" value.
The following commit resolves the described issue by simplifying the
locking used around the status container calls. Originally
StatusContainer would request a read lock. If we needed to update the
container status in statusContainer, we'd start a go-routine which
would request a read-write lock, waiting for the original read lock to
be released. Can't imagine a bug could linger in this logic. We now
just request a read-write lock in the caller (StatusContainer),
skipping the need for a separate go-routine and defer. This greatly
simplifies the logic, and removes the original bug.
Fixes#926
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
