Every dependency in check_deps is used inside the script (apart from
git, which may be a historical artifact), and therefore should be
checked even when the -f option is passed to the script. Simply changed
at what point check_deps is called in order to always run it.
Fixes#6302.
Signed-off-by: Gabe Venberg <gabevenberg@gmail.com>
Send and Sync are automatically derived traits,
if a type is composed entirely of Send or Sync types, then it is Send or Sync.
Almost all primitives are Send and Sync,
so we don't need to implement them manually most of the time.
Fixes: #6307
Signed-off-by: Tim Zhang <tim@hyper.sh>
Use `git-diff` instead of legacy `git-whatchanged` to get
differences in the packaging/kernel directory. This also fixes
a bug by grepping for the kernel directory in the output of the
git command.
Fixes: #6210
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
When a new stable branch is created, it is necessary to change the
references in the tests repo from main to the new stable branch.
However this step needs to be performed after the repos have been tagged
as the `tags_repos.sh` script is the one that creates the new branch.
Clarify this in the documentation and move the step to change branch
references in test repo after repos have been tagged.
Fixes: #1824
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Currently ubuntu is already the default distro for all the architectures
but x86_64, which uses clearlinux. However, our CI does *not* test the
clearlinux image we ship.
Taking a look at our CI code [0], we've been using ubuntu as base for
the tests for a few years already, if not forever.
The minimum we can do is to switch to distributing ubuntu, as the tested
rootfs-image, and then decide later on whether we should switch back to
clearlinux (once we switch our CI to using that, and make sure all tests
will be green), or if we move to slimmer distro, such as alpine.
[0]: 0a39dd1a01/.ci/install_kata_image.sh (L44)Fixes: #6303
Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
There's a check in the runtime-rs Makefile that basically checks whether
the `arch/$arch-options.mk` exists or not and, if it doesn't, the build
is just aborted.
With this in mind, let's create a generic powerpc64le-options.mk file
and not bail when building for this architecture.
Fixes: #6142
Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
In the `install_go_rust.sh` file we're adding a
x86_64-unknown-linux-musl target unconditionally. That should be,
instead, based in the ARCH of the host and the appropriate LIBC to be
used with that host.
Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
The patchset will help users to easily enter guest VM by debug
console sock.
In order to enter guest VM smoothly, users needs to do some
configuration, options as below:
(1) Set debug_console_enabled = true with default vport 1026.
(2) Or add agent.debug_console agent.debug_console_vport=<PORT>
into kernel_params, and the vport is <PORT> you set.
The detail of usage:
$ kata-ctl exec -h
kata-ctl-exec
Enter into guest VM by debug console
USAGE:
kata-ctl exec [OPTIONS] <SANDBOX_ID>
ARGS:
<SANDBOX_ID> pod sandbox ID
Fixes: #5340
Signed-off-by: alex.lyn <alex.lyn@antgroup.com>
For some cases, users will mount system directories as bind volume.
We should not bind mount these kind of directories in the host as it does
not make sense.
Fixes: #6299
Signed-off-by: Yushuo <y-shuo@linux.alibaba.com>
The rust agent had supported to set the guest dns
server in start sandbox request, thus add the dns
in the runtime side.
Fixes:#6286
Signed-off-by: Fupan Li <fupan.lfp@antgroup.com>
We should make sure the dns's source file's parent
directory exist, otherwise, it would failed to create
the file directly.
Signed-off-by: Fupan Li <fupan.lfp@antgroup.com>
In workflow, `set-output` command is deprecated and will be disabled soon.
This commit replaces the deprecated `set-output` command with putting a
value in the environment file `$GITHUB_OUTPUT`.
Fixes#6266
Signed-off-by: jongwooo <jongwooo.han@gmail.com>
Let's not try to sed a file that doesn't exist, which may be the case
depending on the architecture we're building the shim-v2 for.
This is a partial-forward port of
f24c47ea47.
Fixes: #6293
Signed-off-by: Hyounggyu Choi <Hyounggyu.Choi@ibm.com>
Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
Removed the `` around containerd, because when you execute this as a
script it runs the containerd command within the script, which it should
not do.
Fixes#4217
Signed-off-by: Willem Dendauw <willem.dendauw@hotmail.com>
As 3.1.0-rc0 has been released, let's switch the kata-deploy / kata-cleanup
tags back to "latest", and re-add the kata-deploy-stable and the
kata-cleanup-stable files.
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
- kata-deploy: Install protobuf-compiler explicitly in shim-v2 Dockerfile
- runtime: tracing: Fix missing ctx return
- runtime: add reconnect timeout for vhost user block
- SEV: Update ReducedPhysBits
- shim-v2/build.sh: Only build runtime-rs for the supported arches
- kata-ctl: Expand unit tests for CPU check
- runtime: support cgroup v2 metrics marshal guest metrics
- Typo: change tabs in comment to spaces
- rootfs: support EROFS filesystem
- versions: Update runc version
- runtime: Improve documentation of appendFDs
- Minor cleanups in make file
- main | docs: Fix missing critical steps in how-to-hotplug-memory-arm64.md
- Action check kernel config version
- clh: Enforce API timeout only for vm.boot request
- virtiofsd: change cache mod to const
- runtime-rs: ignor "no such process" error when delete cgroup for a thread to let it go
- kernel: Add console kernel config for s390
- runtime: remove not used shim configurations
- improvement: Fix naming conventions for span name and log subsystem
- Dragonball: add cpu resize ability
- arm64/CI: fix unit test failure on arm64
- CI: Make docker version stick to v20.10 in ubuntu:20.04 for s390x|ppc64le
- virtiofsd: fix the build on ppc64le
- runtime:fix stat uds path
- cni: Update cni plugins version to 1.2.0
- Built-in Sandbox: add more unit tests for dragonball. Part 5
- runtime: Drop QEMU log file support
- docs: Add documentation for building agent with seccomp support.
- Add kernel-dragonball-experimental to kata-deploy, kata-deploy-test, and the release
- runtime-rs: add missing config section for share-fs
- runtime: Add hmp for qemu
- upcall: add document for upcall
- runtime: Start QEMU undaemonized and get logs
- docs: Update url link in QAT documentation
- versions: update cni plugins version
- versions: Upgrade to Cloud Hypervisor v29.0
- runtime: Use consts in `kata-runtime check`
- versions: Bump QEMU to v7.2.0
- agent: Eliminate unnecessary metrics
- runtime:all APIs are hang in the service.mu
- Utility functions for kata-env
- versions: Update conmon version
- runtime: paas enablevhostuserstore annotation to hypervisor config
- runk: Upgrade liboci-cli to v0.0.4
- runtime: use system pagesize for hugepage test
- dependency: update cgroups-rs
- runtime: Use git rev-parse for the kata-monitor tag
- virtcontainers: split out linux-specific bits for mount, factory
- Add darwin skeletons
- vendor: revendor netlink to get latest
- Address issues with the initial vCPU pinning functionality
- virtcontainers: Fix misspelling in error message
- runtime: add test generated file to .gitignore
- runtime: fix up disable_netns handling
- docs: add hint of probing loop module
- tools: add --locked option for cargo install
- runtime-rs: add Single Container support
- virtcontainers: tests: Ensure Linux specific tests are just run on Linux
- Change cache mode from none to never
- tools: Fix indentation for setup aks script
- virtcontainers: fs_share: Add Darwin skeleton
- virtcontainers: Add a Virtualization.framework skeleton
- kata-ctl: remove get_kata_version_by_url function
- kata-ctl: fix build error on s390x
- virtcontainers: Introduce hypervisor_darwin
- runtime: Define Darwin handled signals list
- nydus: net-ns handling needs to be only executed on Linux hosts
- clh: Ensure it works with Docker / Moby
- agent: refactor guest hooks
- fix moby prestart hook handling
- schedcore: Make buildable on !linux
- Built-in Sandbox: add more unit tests for dragonball. Part 4
- runtime-rs: cleanup the run dir of hypervisor when shut down
- Feat: implementation of kata-ctl direct-volume operations
- Runtime: Clarify mutability of global var
- kata-runtime: add rust runtime path for kata-runtime exec
- versions: Upgrade to Cloud Hypervisor v28.1
- runtime-rs: add dbs-upcall feature
- runtime/Makefile: Get some bits happy on darwin
- docs: remove old and misleading instructions for minikube
- packaging: fix indents in build-kernel.sh
- kernel: adding kmod to do docker env
- versions: Update the rust toolchain to 1.66.0
- kata-ctl: skip test if access GitHub.com fail
- agent: unset `CC` for cross-build
- runtime-rs: enable hugepage
- runtime-rs: Clean up mount points shared to guest
- kata-ctl: fix checkcpu bug in non-x86 arches
d144ded12 release: Adapt kata-deploy for 3.1.0-rc0
8e3863cec kata-deploy: Install protobuf-compiler explicitly in shim-v2 Dockerfile
c45391991 runtime: tracing: Fix missing ctx return
4139d68d5 runtime-rs: Include target install in conditional branch
ca02c9f51 runtime: add reconnect timeout for vhost user block
2f5bc0f40 kata-ctl: Expand unit tests for CPU check
67b8f0773 SEV: Update ReducedPhysBits
bdf20b5d2 rootfs: support EROFS filesystem
fff0e50a7 versions: Update runc version
ed02c8a05 docs: add guide for building rootfs with EROFS
01765e173 runtime: support cgroup v2 metrics marshal guest metrics
49326fe4e fix(clippy): fix hypervisor clippy checks
94b1d9814 cargo: Update Cargo.lock files
f1855594a make: Get rid of verbose output while creating tar
c3836010a make: clean up obsolete targets
ac64b021a clh: Enforce API timeout only for vm.boot request
56071c6e7 virtiofsd: change cache mod to const
5d37d31ac cgroups: upgrade cgroupfs to 0.3.1
ab59a65c9 runtime-rs: neglect a certain error when delete cgroup
390916b33 runtime: remove not used shim configurations
9794c52c6 improvement: Fix naming conventions for span name and log subsystem
f49b89b63 CI: Set docker version to v20.10 in ubuntu:20.04 for s390x|ppc64le
3c24e2340 README: Update Readme under packaging/kernel
d73f3a8a2 github-action: Add step to verify kernel config version id updated
59f104c02 runtime: skip unit test that fail regularly on aarch64
b7dd97cac kata-ctl: fix permission deny issue in test_add_remove
57c5e5629 Dragonball: add cpu resize ability
3c48f2202 runtime: Improve documentation of appendFDs
856ab6687 virtiofsd: fix the build on ppc64le
f83115a83 docs: Fix missing critical steps in how-to-hotplug-memory-arm64.md
e071d9251 Typo: change tabs in comment to spaces
56f0a27fe kernel: Add console kernel config for s390
334c4b8bd runtime: Drop QEMU log file support
3a63e3c1f cni: Update cni plugins version to 1.2.0
510798155 dragonball: Improve test cases
dc90c6e30 dragonball: add more unit test for vm
c07135535 runtime-rs: Improve s390x error message
4e2db96ef runtime-rs: Don't try to build on Power
8e8c720d5 kata-deploy-push: Ensure we build Dragonball specific kernel
1e531b44d runtime:fix stat uds path
9092c23a2 runtime: Add hmp for qemu
b7f4e96ff kata-deploy-test: Ensure we build dragonball specific kernel
063dec37c release: Add the dragonball-experimental kernel
0b3c91d2a kata-deploy: Add kernel-dragonball-experimental target
00dcd900f docs: Add documentation for building agent with seccomp support.
2b779cba0 docs: Update url link in QAT documentation
39fe4a4b6 runtime: Collect QEMU's stderr
a5319c6be runtime: Start QEMU undaemonized
bf4e3a618 runtime: Launch QEMU with cmd.Start()
8a1723a5c runtime: Pre-establish the QMP connection
8a4f08cb0 govmm: Optionally pass QMP listener to QEMU
219bb8e7d govmm: Optionally start QMP with a pre-configured connection
a85d0e465 versions: update cni plugins version
676d02850 versions: Bump QEMU to v7.2.0
861c38b6a versions: Upgrade to Cloud Hypervisor v29.0
ba87e0afe runtime: Use consts in `kata-runtime check`
9f490d16f upcall: add document for upcall
596037e20 versions: Update conmon version
095e8fdef runk: Use the original Kill command instead of the customed it.
0f9e23a3d runk: Upgrade liboci-cli to v0.0.4
69fc8de71 runtime:all APIs are hang in the service.mu
8d4c2cf1b kata-ctl: Allow certain constants to go unused
64c11a66f kata-ctl: Have function to get cpu details to run on specific arch
923cd3fda virtcontainers: split out Linux parts from mount
cf1bae352 runtime: paas enablevhostuserstore annotation to hypervisor config
1592a385e dependency: update cgroups-rs
60ff230d8 virtcontainers: Split the factory package into Linux and Darwin bits
76437a972 runtime: Use git rev-parse for the kata-monitor tag
a9626682a virtcontainers: resourcecontrol: Add skeleton for Darwin
ea06fe3af virtcontainers: Add a Network API skeleton for Darwin
6ee550e9a runtime: vCPUs pinning is sandbox specific, not hypervisor
6199b6917 runtime-rs: change cache mode
a33a22ccd runtime-rs: add missing config section for share-fs
e3d3b72fa virtcontainers: use resource control for setting CPU affinity
f137048be resource-control: add helper function for setting CPU affinity
73216a810 vendor: revendor netlink to get latest
fc17d7cc4 virtcontainers: Fix misspelling in error message
12fd6ffc1 runtime: fix up disable_netns handling
64c9114a3 tools: add --locked option for cargo install
7eb43cec1 runtime: add test generated file to .gitignore
8551853cf runtime: use system pagesize for hugepage test
86a82cace runtime: change cache mode from none to never
82c59efd6 runtime-rs: change cache mode from none to never
7b309b578 kata-types: change cache mode from none to never
fee4e7c7c docs: change cache mode from none to never
594b57d08 utils: Add utility functions to get cpu and distro details.
d33e34361 check: Move PROC_CPUINFO from architecture specific files
f8a93a1de tools: Fix indentation for setup aks script
03de5f41b kata-ctl: remove get_kata_version_by_url function
464d4c94d runtime-rs: process single_container
5f9c892e4 kata-types: add single_container support
fa9ae9362 virtcontainers: Add a Virtualization.framework skeleton
d48b22bb1 virtcontainers: fs_share: add Darwin skeleton
fafc7a8b1 virtcontainers: tests: Ensure Linux specific tests are just run on Linux
efa4fc0b2 clh: Add hotplug support for network devices
1074d2c1d clh: Make vmAddNetPutRequest capable of doing hotplugs
9ec8a1398 virtcontainers: introduce hypervisor_darwin
8bb68a9f2 vc/network: skip existing endpoints when scanning for new ones
c21a8d5ff kata-ctl: fix build error on s390x
3b4420eb8 runtime: Define Darwin handled signals list
24b05a99b schedcore: Make buildable on !linux
3886aad19 nydus: net-ns handling needs to be only executed on Linux hosts
e256903af runtime-rs: cleanup the run dir of hypervisor when shut down
937a41346 kata-ctl: add unit tests for volume ops
8451db7c0 kata-ctl: direct-volume: add Add and Remove handlers
2d4b2cf72 runtime-rs: add POST method to shim-client
cae78a685 kata-ctl: add constants for direct-volume commands
652021ad9 versions: Upgrade to Cloud Hypervisor v28.1
d08538912 vc: fix up UT for CreateSandbox API change
578a9c25f vc: rescan network endpoints after running prestart hooks
cb84b0fb0 katautils: run prestart hooks after starting VM
079462d2e runk: Fix needless_borrow warning
2c24fcf34 runtime-rs: Fix clippy::bool-to-int-with-if warnings
025e78341 runtime-rs: Fix needless_borrow warnings
4fb163d57 runtime-rs: Allow clippy:box_default warnings
20121fcda runtime-rs: Fix unnecessary_cast warnings
b95364a14 dragonball: Allow question_mark warning in allocate_device_resources()
0b2f060bf dragonball: Fix unnecessary_cast warnings
a545a6593 agent: Allow clippy::question_mark warning in Namespace{}
9ced34dd2 agent: Fix explicit_auto_deref warnings
f77220490 agent: Fix needless_borrow warnings
7bcdc9049 rustjail: Fix unnecessary_cast warnings
41d7dbaae rustjail: Fix needless_borrow warnings
2a73e057d kata-types: Fix unnecessary_cast warnings
cf9ef1833 kata-types: Fix needless_borrow warnings
126187e81 safe-path: Fix needless_borrow warnings
bb78d35db kata-sys-util: Fix "match-like-matches-macro" warning
668e65240 kata-sys-util: Fix unnecessary_cast warnings
c1a8d89a7 kata-sys-util: Fix needless_borrow warnings
c9c38e6d0 logging: Allow clippy::type-complexity warning
ffd6fbb6b logging: Fix needless_borrow warnings
60df30015 protocols: Fix unnecessary_cast warnings
56e7b5d0f runtime/Makefile: Get some bits happy on darwin
0bbeb34b4 protocols: Fix needless_borrow warnings
dfea6c7d2 versions: Update the rust toolchain to 1.66.0
86ee24b33 Runtime: Clarify mutability of global var
dae667062 kata-runtime: add rust runtime path for kata-runtime exec
a2e3715e0 upcall: remove upcall client when stopping vm
31591d791 dragonball: fix unit test failure case about Kvm.
2b02e0a9b dragonball: add more unit test for vcpu manager
85f9094f1 agent: refactor guest hooks
360506225 runtime-rs: add dbs-upcall feature
03a0c9d78 kata-ctl: skip test if access GitHub.com fail
1dcbda3f0 kata-ctl: update Cargo.lock
b4b5d8150 docs: remove old and misleading instructions for minikube
0fe24e08b packaging: fix indents in build-kernel.sh
3480780bd kata-ctl: add check framework support for non-x86
1bd533f10 kata-ctl: let check framework arch-agnostic
fd77eebd4 runtime-rs: fix the issues mentioned in the code review
0e6920790 runtime-rs: Clean up mount points shared to guest
ecb28e2b1 kernel: adding kmod to do docker env
087515a46 agent: unset `CC` for cross-build
bf8848f92 agent: Eliminate unnecessary metrics
f8a48ab41 docs: add hint of probing loop module
afaf17f42 runtime-rs: enable container hugepage
fc4a67eec runtime-rs: enable vm hugepage
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
kata-deploy files must be adapted to a new release. The cases where it
happens are when the release goes from -> to:
* main -> stable:
* kata-deploy-stable / kata-cleanup-stable: are removed
* stable -> stable:
* kata-deploy / kata-cleanup: bump the release to the new one.
There are no changes when doing an alpha release, as the files on the
"main" branch always point to the "latest" and "stable" tags.
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Add a few details about the current state of the Cloud Hypervisor (CH)
runtime-rs external hypervisor implementation with pointers to the
appropriate issues.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Add a basic runtime-rs `Hypervisor` trait implementation for Cloud
Hypervisor (CH).
> **Notes:**
>
> - This only supports a default Kata configuration for CH currently.
>
> - Since this feature is still under development, `cargo` features have
> been added to enable the feature optionally. The default is to not enable
> currently since the code is not ready for general use.
>
> To enable the feature for testing and development, enable the
> `cloud-hypervisor` feature in the `virt_container` crate and enable the
> `cloud-hypervisor` feature for its `hypervisor` dependency.
Fixes: #5242.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
This is to install a missing binary protoc in shim-v2 Dockerfile.
Fixes: #6244
Signed-off-by: Hyounggyu Choi <Hyounggyu.Choi@ibm.com>
(cherry picked from commit 10603e3def)
Normally we return the context when creating a trace span so that the
ordering of spans w.r.t. calls is maintained in tracing output. Add
missing context for StartVM() for Cloud Hypervisor.
Fixes#6271
Signed-off-by: Chelsea Mafrica <chelsea.e.mafrica@intel.com>
Change unit tests for CPU check to table-driven tests and expand test
cases including temp files for cpuinfo.
Fixes#5919
Signed-off-by: Chelsea Mafrica <chelsea.e.mafrica@intel.com>
Updating this field, as `cpuid` provides host level data, which is not
what a guest would expect for Reduced Phsycial Bits. In almost all
cases, we should be using `1` for the value here.
Amend: Adding unit test change.
Fixes: #5006
Signed-off-by: Larry Dewey <larry.dewey@amd.com>
For kata containers, rootfs is used in the read-only way.
EROFS can noticably decrease metadata overhead.
On the basis of supporting the EROFS file system, it supports using the config parameter to switch the file system used by rootfs.
Fixes: #6063
Signed-off-by: Gao Xiang <hsiangkao@linux.alibaba.com>
Signed-off-by: yaoyinnan <yaoyinnan@foxmail.com>
This PR updates the runc version. This new version include
changes in:
- Fix mounting via wrong proc fd. When the user and mount namespaces are
used, and the bind mount is followed by the cgroup mount in the spec,
the cgroup was mounted using the bind mount's mount fd.
- Switch kill() in libcontainer/nsenter to sane_kill().
- Fix "permission denied" error from runc run on noexec fs.
- Fix failed exec after systemctl daemon-reload. Due to a regression
in v1.1.3, the DeviceAllow=char-pts rwm rule was no longer added and
was causing an error open /dev/pts/0: operation not permitted: unknown when systemd was reloaded.
Fixes#6251
Signed-off-by: Gabriela Cervantes <gabriela.cervantes.tellez@intel.com>
