1. Send the event when the container is paused/resumed successfully
2. Return the error of the pause/resume function rather than
`getContainerStatus`.
Fixes#2121
Signed-off-by: Li Yuxuan <liyuxuan04@baidu.com>
Refactor so that all code to load state, devices, network
takes place at one place. This is in line with the experimental api
for new storage that also loads all the necessary items here all at once.
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
The hypervisor.createSandbox may need to access the state.
For eg, ACRN today needs to access the block index to assign
it to the root image of the VM. Hence load this early on.
Fixes#2026
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Update the version used for testing the cni plugins to the latest
0.8.2 release. This way we make sure CI tests with latest CNI plugins.
Depends-on: github.com/kata-containers/tests#1984
Fixes#2111
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
- Fix cache factory UT
- Virtio-fs v0.3 support
- virtcontainers: set agent's logs vsock port
- config: Fix `virtio-fs` typo in Makefile
- Hypervisor: UUID fix for acrn hypevisor
- virtcontainers: change firecracker socket permissions
- Add annotations to provide custom configs
- Fix CRIO + Firecracker
- rootless: add rootless to kata
- QEMU: do not require nvdimm machine option with initrd
- s390x: Fix runtime build for s390x
- versions: Update kernel to 4.19.75
- config: honor DEFSHAREDFS_QEMU_VIRTIOFS and CONFIG_QEMU_VIRTIOFS_IN
- Support Firecracker 0.18
- virtcontainers: fix the issue of missing qemu error logs
- config: Fix the qemu-virtiofs.toml
- s390x: Share image between qemu instances
- The unit of newMemory is MB
- config: use 9p as default shared filesystem for nemu
- Remove annotation config json key
dd21046 vc/store: fix TestStoreVCNewVCSandboxStore/TestStoreVCNewVCContainerStore
6ab89e4 vc/store: fix cache factory ut
4863aa9 vc/store: reuse store
ad15631 virtiofsd: Do not use posix lock.
2b40b6b vendor: update kata agent
aa43e2a virtcontainers: set agent's logs vsock port
23a5dc7 virtiofsd: use virtiofsd --syslog
d5a3d0a virtiofs: use virtiofsd --fd=FDNUM
6ce6a26 kata_agent: use virtio-fs 0.3+ mount options
80855a8 ci: travis: allow ppc64le failures
c3abd51 config: Fix `virtio-fs` typo in Makefile
8f6b0a6 virtcontainers: change firecracker socket permissions
8f70643 tests: Remove hardcoded annotation value.
e7b9c36 tests: Add tests for annotations.
09129c1 config: Define minimum memory requirement
8405b56 annotations: add Annotations for the agent.
5b78a8a annotations: Add annotations for runtime config
afb91c2 annotations: Add annotations to support additional configurations
845bf73 annotations: Support annotations to customise kata config
30d0b7a annotations: Add missing firmware and hashes to asset annotations
46b6815 annotations: Change existing annotations to fit a new format
312f3e7 virtcontainers/fc: implement remove device
7e9cc56 virtcontainers/fc: improve create disk pool process
07932d5 virtcontainers/fc: add logs and improve others to make debugging easier
ed7240b virtcontainers: move device operations to a more generic place
e93bf96 network: Add tuntap device
c8dd92d dep: update vendor packages for netlink commit
41407cf vc: make cgroup usage configurable if rootless
5f0799f vc: add rootless dir to path variables
cdd6f7e katautils: update paths to be configurable for rootless execution
2d8b278 rootless: add rootless logic
8b843c5 QEMU: do not require nvdimm machine option with initrd
c152ebf s390x: Fix runtime build for s390x
bc3c07b versions: Update kernel to 4.19.75
aa6a16c Hypervisor: UUID fix for acrn hypevisor
b1909e8 config: fix virtiofsd name
84ead98 config: add configuration-qemu-virtio-fs.toml to gitignore
443e657 config: honor DEFSHAREDFS_QEMU_VIRTIOFS and CONFIG_QEMU_VIRTIOFS_IN
3d0949d virtcontainers: check minimum supported version of firecracker
1f93cff virtcontainers: fix the issue of missing qemu error logs
8680db6 versions: update firecracker to the version 0.18.0
123ba13 vendor: update kata agent
5ac6e9a virtcontainers: make socket generation hypervisor specific
f2f0923 virtcontainers: rename kataVSOCK type and move it into the types package
f42dd7d virtcontainers/fc: Add support for hybrid vsocks
2c4cf39 virtcontainers/fc: bump firecracker experimental version
bb87b44 virtcontainers/fc: Add logger to the http transport
880bb2b virtcontainers: introducing HybridVSock type
2a8af23 virtcontainers: Make fc.go fit the new API
67ce728 virtcontainers: Update firecracker swagger API
cdb1b5c cli: Fix the qemu-virtiofs.toml
4134571 config: do not use nemu variable for qemu-virtiofs configuration
97fe749 config: use 9p as default shared filesystem for nemu
c81db9c sandbox: The unit of newMemory is MB
7fa0a72 s390x: Share image between qemu instances
7965baa vendor: update govmm
2ed94cb Config: Remove ConfigJSONKey from annotations
Signed-off-by: katacontainersbot <katacontainersbot@gmail.com>
We have some issues trying to run `apt upgrade` on
a container that uses virtiofsd with `-o posix_lock`.
Add virtiofsd `-o no_posix_lock` argument to not use the
posix lock.
Signed-off-by: Salvador Fuentes <salvador.fuentes@intel.com>
bring support for logging through a hybrid vsock
shortlog:
95be1c3 agent: add support for logging to a vsock port
a03e23b protocols/client: improve hybrid vsock parser
6a96997 protocols/client: make schemes and hybrid vsock dialer public
e01f23c network: Add a testcase for setupDNS
d733185 network: Setup DNS for sandbox
Signed-off-by: Julio Montes <julio.montes@intel.com>
In firecracker, there is no socket connected to /dev/console, so let's
use a vsock port to get agent's logs
Depends-on: github.com/kata-containers/shim#210
fixes#2103
Signed-off-by: Julio Montes <julio.montes@intel.com>
Log to syslog instead of stderr. This way all Kata and virtiofsd logs
are captured in syslog (or the systemd journal). This makes debugging
much easier.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
The new --fd=FDNUM file descriptor passing option eliminates the need to
wait for virtiofsd to create the vhost-user UNIX domain socket. This is
a nice simplification because we can remove the timeouts and stderr
parsing. There is no longer a race between launching virtiofsd and
launching QEMU, so we don't need to wait anymore.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
virtio-fs changed the mount command-line. Previously "mount none -o
tag=kataShared ..." was used. Now "mount kataShared ..." is used
instead.
Since the "kataShared" tag is used for both 9P and virtio-fs, rename the
variable so that it is not 9P-specific.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Fixes: #1993
For security reasons, let's make sure 'others' don't have access to the
firecracker hybrid vsock
fixes#2101
Signed-off-by: Julio Montes <julio.montes@intel.com>
Introduce a constant for minimum memory requirement
in virtcontainers package, that can be used in config.
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Add support for annotations that allow us to custimise a subset
of the configurations provided in kata conf toml file.
This initial commit adds support for customising vcpus, default max
vcpus, memory and the kernel command line passed as Hypervisor
config.
Replaces #1695Fixes#1655
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
These annotations were missing from the list of what are
considered as assets. Add these to existing list.
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Change the naming schema for existing annotations from
"com.github.containers.virtcontainers" to "io.kata-containers"
The hypervisor related annotations are changed to reflect this.
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Unmount and unassign block device when it's required, that way the disk
can be unmounted and destroyed in the host.
fixes#1966
Signed-off-by: Julio Montes <julio.montes@intel.com>
Create a raw file and bind mount it to use it as disk is not needed,
instead a the raw file can be created at the jail path and use it directly
as disk, if a new container is added the real disk/device can be bind mounted
in the raw file.
Signed-off-by: Julio Montes <julio.montes@intel.com>
move device operations to a more generic place where they can be used
in any hypervisor implementation.
Signed-off-by: Julio Montes <julio.montes@intel.com>
The tuntap network device is for tuntap interfaces to connect
to the container. A specific use case is the slirp4netns tap
interface for rootless kata-runtime.
Fixes: #1878
Signed-off-by: Gabi Beyer <gabrielle.n.beyer@intel.com>
The netlink dep needs to be updated to get logic for the tuntap
link. It is fixing a bug that uses a generic link instead.
This also requires the golang/x/sys package to be updated
for the IFLA_* constraints.
Commits for github.com/vishvananda/netlink
c8c507c fix: fix ip rule goto bug
db99c04 tuntap: Return TunTapLink instead of GenericLink
e993616 Fix unit test failure: TestNeighAddDelLLIPAddr
fb5fbae Mirred and connmark clobber their ActionAttrs
1187dc9 Fix tests
00009fb Add support for TC_ACT_CONNMARK
fafc1e7 support vlan protocol
fd97bf4 Add command to set devlink device switchdev mode
bcb80b2 Add devlink command by to get specific device name
f504738 Fix function comments based on best practices from Effective Go
e281812 Fix typos
adb577d Add support for IFLA_GSO_*
aa950f2 travis: run tests with Go 1.12.x
b64d7bc travis: specify go_import_path
b9cafe4 remove redundant type assertions in type switch
1e2e7ab Add Support for Virtual XFRM Interfaces
48a75e0 Fix Race Condition in TestXfrmMonitorExpire
e37f4b4 Avoid 64K allocation on the heap with each Receive
332a698 Add devlink commands for devlink device information
cb78b18 neigh_linux: Fix failure on deleted link neighs updates
2bc5004 Replace redundant copied u32 types with type aliases
093e80f Pass Ndmsg to NeighListExecute
78a3099 Make test suite more deterministic
2529893 genetlink: Add missing error check
91b013f code simplification
023a6da Make go vet happier
aa5b058 Simplify code
e137ed6 Replace nl.NewRtAttrChild with method on struct
3b1c596 Run TravisCI with Go 1.10 and 1.11
d741264 Reduce allocations
b48eed5 Add an API to rename rdma device name
02a3831 Adjust conntrack filters
d3a23fd Make AddChild more generic
1404979 Add support for hoplimit metric in routes
6d53654 Add support for neighbor subscription
531df7a Avoid serializing empty TCA_OPTIONS in qdisc messages
56b1bd2 fix: BRIDGE_FLAGS_* constants off-by-one
8aa85bf Add support for action and ifindex in XFRM policy
9eab419 Netlink: Fix Darwin build
2cbcf73 Add a test for Vlan filtering support for bridges.
0bbc55b Initial support for vlan aware bridges.
3ac69fd Add network namespace ID management.
d68dce4 Ingress qdisc add/del Test case
1006cf4 Implementation of HFSC
d85e18e Allow Tuntap non-persist, allow empty tuntap name
d77c86a protinfo: Check if object is nil
a06dabf Increase size of receive buffer
3e48e44 Revert "RTEXT_FILTER_VF doesn't always work with dump request, fixes#354"
028453c RTEXT_FILTER_VF doesn't always work with dump request, fixes#354
ee06b1d add vti6 support
b1cc70d fix prefixlen/local IP, incl. PtP addresses
7c0b594 Implemented String() for netem, fq and fq_codel in qdisc
769bb84 Adjust flags values
5f662e0 Add info about VFs on link
985ab95 Add support for link flag allmulticast
16769db Support LWTUNNEL_ENCAP_SEG6_LOCAL (including tests)
b7f0669 Add test to Add/Del IPv6 route.
55d3a80 Added tests for Gretap/Gretun devices
f07d9d5 Run both Inline/Encap mode in TestSEG6RouteAddDel
1970aef Add RDMA netlink socket for RDMA device information
dc00cf9 Add Hash to U32
23a36f2 Add Divisor to U32
85aa3b7 Add statistics to class attributes
aa0edbe Add support for setting InfininBand Node and Port GUID of a VF
41009d5 Read conntrack flow statistics
a2ad57a Add changelog file, initial release tagging
5236321 Use IFLA_* constants from x/sys/unix
25d2c79 Use IFF_MULTI_QUEUE from x/sys/unix to define TUNTAP_MULTI_QUEUE
d35d6b5 Clarify ESN bitmap length construction logic
a2af46a Add FQ Codel
465b5fe Add Fq Qdisc support
c27b7f7 Run gofmt -s -w on the project
5f5d5cd Add a 'ListExisting' option to get the existing entries in the route/addr/link tables as part of RouteSubscribeWithOptions, AddrSubscribeWithOptions, and LinkSubscribeWithOptions.
5a988e8 Support IPv6 GRE Tun and Tap
7291c36 addr_linux: Implement CacheInfo installation
422ffe6 addr_linux: Skip BROADCAST and LABEL for non-ipv4
1882fa9 Add Matchall filter
7b4c063 Update bpf_linux.go
ad19ca1 netlink: allow non linux builds to pass.
3ff4c21 Don't overwrite the XDP file descriptor with flags
d4235bf Eliminate cgo from netlink.
54ad9e3 Two new functions: LinkSetBondSlave and VethPeerIndex
f67b75e Properly tear down netns at the end of test
016ba6f Add support for managing source MACVLANs
6e7bb56 Run TestSocketGet in dedicated netns
a5d066d Fix LinkAdd for sit tunnel on 3.10 kernel
8bead6f Add requirements to conntrack tests
9ce265f Retrieve VLAN and VNI when listing neighbour
fad79cb Fix go build issue for fou code
Commits for golang/x/sys
88d2dcc unix: add IFLA_* constants for Linux 4.15
c1138c8 unix: update to Linux 4.15, glibc 2.27 and Go 1.10
37707fd unix: move gccgo redeclared *SyscallNoError functions to a separate file
8f27ce8 unix: fix cpuset size argument in sched_affinity syscall
3dbebcf unix: use SyscallNoError and RawSyscallNoError on Linux only
ff2a66f unix: fix godoc comment for clen
0346725 unix: add godoc for Sockaddr* types
90f0fdc plan9: add arm support
ef80224 unix: add sockaddr_l2 definitions
af9a212 unix: don't export padding fields on all platforms
af50095 unix: use ParseDirent from syscall
2c42eef unix: adjust replacement regex for removed struct fields for linux/s390x
fff93fa unix: add Statx on Linux
52ba35d unix: check error return of os.Symlink in tests on Linux
810d700 unix: match seek argument size to signature on linux/arm
b9cf5f9 unix: add cgroupstats type and constants
d38bf78 unix: restore gccgo support
2493af8 plan9: move Unsetenv into env_plan9.go
3ca7571 windows: move Unsetenv into env_windows.go
1792d66 unix: move Unsetenv into env_unix.go
dd9ec17 unix: fix build on Go 1.8
12d9d5b unix: add SchedGetaffinity and SchedSetaffinity on Linux
a3f2cbd unix: fix typo in unix/asm_linux_arm64.s made in 28a7276
28a7276 unix: add SyscallNoError and RawSyscallNoError on Linux
8380141 unix: simplify error handling in *listxattr on FreeBSD
df29b91 unix: add TestSelect for *BSD
801364e unix: add Select on Solaris
d818ba1 unix: remove syscall constants on Solaris
236baca unix: add timeout tests for Select and Pselect on Linux
571f7bb unix: simplify TestGetwd
d5840ad unix: add GetsockoptString for Darwin, *BSD and Solaris
Signed-off-by: Gabi Beyer <gabrielle.n.beyer@intel.com>
rootless execution does not yet support cgroups, so if running
rootlessly skip the cgroup creation and deletion.
Fixes: 1877
Signed-off-by: Gabi Beyer <gabrielle.n.beyer@intel.com>
Modify some path variables to be functions that return the path
with the rootless directory prefix if running rootlessly.
Fixes: #1827
Signed-off-by: Gabi Beyer <gabrielle.n.beyer@intel.com>
Before using the default ctrsMapTrePath, check whether the runtime
is being ran rootlessly, and if so set the ctrsMapTreePath to the
rootlessRuntimeDir configured by the libpod rootless library.
Fixes: #1827
Signed-off-by: Gabi Beyer <gabrielle.n.beyer@intel.com>
Add the ability to check whether kata is running rootlessly or
not. Add the setup of the rootless directory located in the dir
/run/user/<UID> directory.
Fixes: #1874
Signed-off-by: Gabi Beyer <gabrielle.n.beyer@intel.com>
Co-developed-by: Marco Vedovati <mvedovati@suse.com>
Signed-off-by: Marco Vedovati <mvedovati@suse.com>
