Update the runtime to use qemu-lite by default. After a
build this will be observed as the default in configuration.toml
Fixes: #293
Depends-on: github.com/kata-containers/tests#308
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
Remove the agent version from the output of `kata-env`. The value was
always a static string (`<<unknown>>`) because the runtime cannot
determine the agent version without creating a container.
Note that agent details, including the version, *are* displayed when
the user runs `kata-collect-data.sh`.
Fixes#310.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Don't fail if a new container with a CPU constraint was added to
a POD and no more vCPUs are available, instead apply the constraint
and let kernel balance the resources.
Signed-off-by: Julio Montes <julio.montes@intel.com>
There is a relation between the maximum number of vCPUs and the
memory footprint, if QEMU maxcpus option and kernel nr_cpus
cmdline argument are big, then memory footprint is big, this
issue only occurs if CPU hotplug support is enabled in the kernel,
might be because of kernel needs to allocate resources to watch all
sockets waiting for a CPU to be connected (ACPI event).
For example
```
+---------------+-------------------------+
| | Memory Footprint (KB) |
+---------------+-------------------------+
| NR_CPUS=240 | 186501 |
+---------------+-------------------------+
| NR_CPUS=8 | 110684 |
+---------------+-------------------------+
```
In order to do not affect CPU hotplug and allow to users to have containers
with the same number of physical CPUs, this patch tries to mitigate the
big memory footprint by using the actual number of physical CPUs as the
maximum number of vCPUs for each container if `default_maxvcpus` is <= 0 in
the runtime configuration file, otherwise `default_maxvcpus` is used as the
maximum number of vCPUs.
Before this patch a container with 256MB of RAM
```
total used free shared buff/cache available
Mem: 195M 40M 113M 26M 41M 112M
Swap: 0B 0B 0B
```
With this patch
```
total used free shared buff/cache available
Mem: 236M 11M 188M 26M 36M 186M
Swap: 0B 0B 0B
```
fixes#295
Signed-off-by: Julio Montes <julio.montes@intel.com>
Our tests CI is dependent on `gometalinter` which are run by the static
checks script. However, `gometalinter` changes a lot
and when it does, it breaks (what were) valid PRs.
Add `gometalinter` to the versions database so we can pin the version
we use to a known good one.
Fixes#304.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Since we want to test under kubernetes 1.10 and we also
want to supoort latest version of Openshift, which is v3.9.0,
we need to test with with different versions of CRI-O.
K8s 1.10 should use cri-o 1.10, while openshift v3.9.0
should use v1.9
Depends-on: github.com/kata-containers/tests#277
Signed-off-by: Salvador Fuentes <salvador.fuentes@intel.com>
Reduce the virtcontainers prefix path to avoid hitting the 107 byte
Unix domain socket path limit.
Related #268.
Fixes#290.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
A Unix domain socket is limited to 107 usable bytes on Linux. However,
not all code creating socket paths was checking for this limits.
Created a new `utils.BuildSocketPath()` function (with tests) to
encapsulate the logic and updated all code creating sockets to use it.
Fixes#268.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
An empty string for an environment variable simply means that the
variable is unset. Do not error out if the env value is empty.
Fixes#288
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
This new version of kata-agent brings support for
updating resources and cpuset cgroups
Shortlog:
28cf91a grpc: implement update command
d96b8e1 grpc: update cpuset cgroup
4bcacdc network: Don't remove network routes or DNS when destroying sandbox
1f5cf20 network: Don't store the network info as pointers if slices used
8f828bb uevent: Fix netlink error while assigning pid in netlink client
093f61b agent: add grpc tracer UT
33bd601 agent: add server interceptor to log grpc requests
134d5d5 test: add start/stop grpc server UT
7e94246 agent: track grpc server
9fb8024 UT: add tests for channel
bea6183 agent: wait serial channel to be ready before reading
f8c8c4c agent: accept grpc connections multiple times
Signed-off-by: Julio Montes <julio.montes@intel.com>
Update command is used to update container's resources at run time.
All constraints are applied inside the VM to each container cgroup.
By now only CPU constraints are fully supported, vCPU are hot added
or removed depending of the new constraint.
fixes#189
Signed-off-by: Julio Montes <julio.montes@intel.com>
* Move makeNameID() func to virtcontainers/utils file as it's a generic
function for making name and ID.
* Move bindDevicetoVFIO() and bindDevicetoHost() to vfio driver package.
Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
CreateDevice() is only used by `NewDevices()` so we can make it private and
there's no need to export it.
Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
Fixes#50
This is done for decoupling device management part from other parts.
It seperate device.go to several dirs and files:
```
virtcontainers/device
├── api
│ └── interface.go
├── config
│ └── config.go
├── drivers
│ ├── block.go
│ ├── generic.go
│ ├── utils.go
│ ├── vfio.go
│ ├── vhost_user_blk.go
│ ├── vhost_user.go
│ ├── vhost_user_net.go
│ └── vhost_user_scsi.go
└── manager
├── manager.go
└── utils.go
```
* `api` contains interface definition of device management, so upper level caller
should import and use the interface, and lower level should implement the interface.
it's bridge to device drivers and callers.
* `config` contains structed exported data.
* `drivers` contains specific device drivers including block, vfio and vhost user
devices.
* `manager` exposes an external management package with a `DeviceManager`.
Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
Store the PCI address of rootfs in case the rootfs is block
based and passed using virtio-block.
This helps up get rid of prdicting the device name inside the
container for the block device. The agent will determine the device
node name using the PCI address.
Fixes#266
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Store PCI address for a block device on hotplugging it via
virtio-blk. This address will be passed by kata agent in the
device "Id" field. The agent within the guest can then use this
to identify the PCI slot in the guest and create the device node
based on it.
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
We need to store the bridge address to state to use it
for assigning addresses to devices attached to teh bridge.
So we need to make sure that the bridge pointer is assigned
the address.
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Introduce a new field in Drive to store the PCI address if the drive is
attached using virtio-blk.
Assign PCI address in the format bridge-addr/device-addr.
Since we need to assign the address while hotplugging, pass Drive
by address.
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Change the function to return the bridge itself that the
device is attached to. This will allow bridge address to be used
for determining the PCI slot of the device within the guest.
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
"make install" fails on a clean working directory:
$ make install
install: cannot stat ‘data/kata-collect-data.sh’: No such file or directory
This happens because install and install-scripts do not depend on the
runtime. Make doesn't know it needs to build the runtime before it can
be installed.
Add the missing dependencies to the install targets so that "make
install" works on a clean working directory and rebuilds when source
files have been modified.
Note that SCRIPTS contains the generated kata-collect-data.sh script.
That file needs to be generated before it can be installed, so make
SCRIPTS a dependency of install-scripts.
Fixes: #283
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
CI complains about cyclomatic complexity in sendReq.
warning: cyclomatic complexity 16 of function (*kataAgent).sendReq() is
high (> 15) (gocyclo)
Refactor it a bit to avoid such error. I'm not a big fan of the new code
but it is done so because golang does not support generics.
Signed-off-by: Peng Tao <bergwolf@gmail.com>
Currently we sometimes pass it as a pointer and other times not. As
a result, the view of sandbox across virtcontainers may not be the same
and it costs extra memory copy each time we pass it by value. Fix it
by ensuring sandbox is always passed by pointers.
Fixes: #262
Signed-off-by: Peng Tao <bergwolf@gmail.com>
