Firecracker have its own logging scheme, providing two fifo files with log
and metrics info.
We should extract error info for better debugging.
Fixes: #2072
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
Signed-off-by: Haibo Xu <haibo.xu@arm.com>
When kata-agent run as init process in initrd, do the
init in which will do some base mount such as mount
/proc; thus the following config.parse_cmdline can access
/proc/cmdline to parse the parameters such as agent.log etc.
Fixes: #85
Signed-off-by: lifupan <lifupan@gmail.com>
firecracker 0.19.0 API is not backward compatible, hence we need
to bump the firecracker minimum supported version to 0.19.0
Signed-off-by: Julio Montes <julio.montes@intel.com>
Prior to the addition of tcMirroring support kata-runtime had
compatibility issues with some CNI plugins some of which were addressed
by the bridged model. With the addition of tc mode there are no gaps in
networking that can be filled by the bridged mode or enlightened mode
(which was never implemented).
Eliminate both of these options to simplify the setup.
Fixes: #1213
Signed-off-by: Manohar Castelino <manohar.r.castelino@intel.com>
We do not want to create cgroups in case of rootless.
Fix the logic to implement this.
Fixes#2177
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
The CI was failing due to two problems.
1. The `ci/static-checks.sh` was run from an incorrect place.
2. `rustfmt` was failing as some code wasn't correctly formatted.
This patch address all the changed requested by rustfmt and the
`static-checks.sh` script was updated
Fixes: #83
Signed-off-by: Erich Cordoba <erich.cordoba.malibran@intel.com>
FIPS are a set of security standards for encryption algorithms
in user and kernel space among others.
Have Kata support this by starting the VM for a container
in FIPS mode on detecting that the host is running in FIPS mode.
Depends-on: github.com/kata-containers/packaging#788
Fixes#2170
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
cri-tools version was managed in the tests repository, but as
we define here cri-o, containerd and kubernetes versions, it
make sense to have the cri-tools version defined in this repo.
conmon has now to be installed/built separately. So add it
to the list.
Depends-on: github.com/kata-containers/tests#2057
Signed-off-by: Salvador Fuentes <salvador.fuentes@intel.com>
This adds an option to the agent to control the hotplug timeout of block devices.
Retains the previous behaviour of defaulting to 3 seconds if not specified.
Can be increased when block device hot plugging is taking longer than expected.
fixes#62
Signed-off-by: Alex Price <aprice@atlassian.com>
Update k8s supported version from 1.15.3 to 1.16.2
and cri-o from 1.15.0 to 1.16.0
Fixes: #2166.
Signed-off-by: Salvador Fuentes <salvador.fuentes@intel.com>
The `skip_*` macros will be useful across the different tests so having
them in a separate module can help with code duplication. This change
creates a new module and exports the macros at crate level.
Signed-off-by: Erich Cordoba <erich.cordoba.malibran@intel.com>
Fixes to allow the rust agent to be built using a gnu target.
Specifically, remove assumptions about musl-specific types.
Fixes: #70.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Since build with --release produces corrupted binary in ci, we removed
--release. However, the make install target cannot find the binary,
set BUILDTYPE to debug
Fixes: #67
Signed-off-by: Yang Bo <bo@hyper.sh>
- sandbox/cgroups: don't constrain if using SandboxCgroupsOnly
- cli: add kata-overhead subcommand
- versions: support specify version in versions.yaml for rust agent.
- virtcontainers/sandbox: calculate container's CPU from sandbox.contai…
- ci: Fix versions_checker.sh
- ci: Fix versions_checker.sh
- virtcontainers: unmount host mounts if container can't be created
- virtcontainers/store: make VCStoreUUIDPath rootless
- virtcontainers/annotations: use right domain name for kata annotations
- v2: Change the event and error behavior of pause/resume
- Update cni plugin version
- Load state early so that hypervisor can store the correct state
e4c816b versions: support specify version in versions.yaml for rust agent.
691a6a7 sandbox/cgroups: don't constrain if using SandboxCgroupsOnly
7fe0100 cli: add kata-overhead command
1bbc1d5 virtcontainers: add StatsSandbox to vc API
569bd78 virtcontainers: change pass by value to pass by reference
5b226d0 ci: Fix versions_checker.sh
f8b84d7 ci: Fix versions_checker.sh
24d7aff virtcontainers: change pass by value to pass by reference
abec17f virtcontainers/store: make VCStoreUUIDPath rootless
eca7bd2 virtcontainers: unmount host mounts if container can't be created
91bd095 virtcontainers/annotations: use right domain name for kata annotations
c1060a3 v2: Change the event and error behavior of pause/resume
f6a10bc state: Refactor code to move all the state load code
fa4acad state: Load the state from storage early on
929c4e7 network: Change NewNS() call
c0995c6 vendor: Vendor the latest CNI plugins
86d8346 version: Update the version for cni plugins
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
The get_key_value method is currently only avaiable in nightly rust.
As only this feature is required it worth to refactor and enable building
in the stable channel.
The method was removed by first getting the value from the CGROUPS hashmap,
then key is get by iterating over all the keys. The checks for an empty key and
key == "devices" were moved out of the hashmap block.
The README.md was updated as well to detail the instructions for stable rust.
Signed-off-by: Erich Cordoba <erich.cordoba.malibran@intel.com>
