We were defer removing the temporary config.json files
but not the tmpdir path we had created to store them in.
Expose that path out so we can defer removeall it.
Fixes: #480
Signed-off-by: Graham Whaley <graham.whaley@intel.com>
For one thing, it is not used by any kata components. For another thing,
it breaks vm factory hypervisor config check.
Signed-off-by: Peng Tao <bergwolf@gmail.com>
Add enable_template option to the config file.
When it is set, enable the vm template factory.
cache factory cannot be used by kata cli directly because
it requires a running daemon to maintain the cache VMs.
`kata-runtime factory init` would initialize the vm factory and
`kata-runtime factory destroy` would destroy the vm factory.
When configured, a vm factory is loaded before creating new sandboxes.
Signed-off-by: Peng Tao <bergwolf@gmail.com>
Ephemeral volumes should not be passed at 9pfs mounts.
They should be created inside the VM.
This patch disables ephemeral volumes from getting
mounted as 9pfs from the host and instead a corresponding
tmpfs is created inside the VM.
Fixes : #61
Signed-off-by: Harshal Patil <harshal.patil@in.ibm.com>
Add a test to ensure the JSON output passes the same
parameter check and write/re-read test as the TOML one.
Signed-off-by: Graham Whaley <graham.whaley@intel.com>
With the addition of the JSON kata-env output, we need
to fix up the tests:
- add a test for the JSON flag
- fix the format/layout of the other tests to take into
account the change in function API and the additon of a
flagset to the cmdline ctx.
Signed-off-by: Graham Whaley <graham.whaley@intel.com>
Having a direct JSON output for kata-env will help record
results in our CIs in some instances. Add that ability with
a kata-env command line extension.
Fixes: #474
Signed-off-by: Graham Whaley <graham.whaley@intel.com>
Add the runtime CLI command name to the virtcontainers logger so that it
is clear when reading virtcontainers log entries which runtime command
they refer to.
Fixes#448.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Once `containerID` and `sandboxID` fields are available, re-register
the logger with the external packages to ensure they too display these
important fields.
Fixes#467.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Created a new `setExternalLogger()` which sets (or resets) the logger
used by the external packages which allow a logger to be specified.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Adding cid+sid fields to the log entries generated by most of the CLI
commands will make debugging across the system easier.
Fixes#452.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
SMT must be turned off on Power8 for KVM to work. Put
this as a check for kata-runtime kata-check.
Fixes: #397
Signed-off-by: Nitesh Konkar <niteshkonkar@in.ibm.com>
There were missing test cases in Arm64 for platform-dependent
kata-check and kata-env, leading to 'make test' failure under
kata-containers/runtime
Fixes: #403
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
This commit add a no-pivot flag (just a warning tip) in kata-runtime create and run cmd.
Fixes: #409 , #134
Signed-off-by: wenqi wang wangwenqi01@baidu.com
The CPUinfo need to be refined in Arm architecture, because the
vendor and model of CPU may refer to different meaning in Arm architecture.
Besides, relevant contents extracted from /proc/cpuinfo may need to be
normalized for human-readability.
Fixes: #368
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
Signed-off-by: Wei Chen <wei.chen@arm.com>
in old specs.Spec, Capabilities is [] string, but we don't use CompatOCISpec
for compatibility in kataAgent/createContainer.
fixes#333
Signed-off-by: y00316549 <yangshukui@huawei.com>
Instead of pausing the sanbox, this patch just pauses the container
allowing the communication with the agent. The communication with the agent
should be still possible even if all containers are paused, because of we don't
know when a new container can be created in the same sandbox.
Depends-on: github.com/kata-containers/agent#246
fixes#317
Signed-off-by: Julio Montes <julio.montes@intel.com>
Since the runtime can load its configuration from multiple locations,
add a log field to show which location was used.
Change log level from Debug to Info as this is generally useful
information.
Fixes#335.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
If you build and install the runtime, the config file will contain an
entry for both an `initrd=` and an `image=` entry.
The Developer Guide explains that the user must disable one but it is
easy to forget.
Modified the runtime to fail if both an image and an initrd are
specified. Also added a new test for this scenario.
Fixes#318.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Events cli display container events such as cpu,
memory, and IO usage statistics.
By now OOM notifications and intel RDT are not fully supproted.
Fixes: #186
Signed-off-by: Haomin <caihaomin@huawei.com>
Remove the agent version from the output of `kata-env`. The value was
always a static string (`<<unknown>>`) because the runtime cannot
determine the agent version without creating a container.
Note that agent details, including the version, *are* displayed when
the user runs `kata-collect-data.sh`.
Fixes#310.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
There is a relation between the maximum number of vCPUs and the
memory footprint, if QEMU maxcpus option and kernel nr_cpus
cmdline argument are big, then memory footprint is big, this
issue only occurs if CPU hotplug support is enabled in the kernel,
might be because of kernel needs to allocate resources to watch all
sockets waiting for a CPU to be connected (ACPI event).
For example
```
+---------------+-------------------------+
| | Memory Footprint (KB) |
+---------------+-------------------------+
| NR_CPUS=240 | 186501 |
+---------------+-------------------------+
| NR_CPUS=8 | 110684 |
+---------------+-------------------------+
```
In order to do not affect CPU hotplug and allow to users to have containers
with the same number of physical CPUs, this patch tries to mitigate the
big memory footprint by using the actual number of physical CPUs as the
maximum number of vCPUs for each container if `default_maxvcpus` is <= 0 in
the runtime configuration file, otherwise `default_maxvcpus` is used as the
maximum number of vCPUs.
Before this patch a container with 256MB of RAM
```
total used free shared buff/cache available
Mem: 195M 40M 113M 26M 41M 112M
Swap: 0B 0B 0B
```
With this patch
```
total used free shared buff/cache available
Mem: 236M 11M 188M 26M 36M 186M
Swap: 0B 0B 0B
```
fixes#295
Signed-off-by: Julio Montes <julio.montes@intel.com>
An empty string for an environment variable simply means that the
variable is unset. Do not error out if the env value is empty.
Fixes#288
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Update command is used to update container's resources at run time.
All constraints are applied inside the VM to each container cgroup.
By now only CPU constraints are fully supported, vCPU are hot added
or removed depending of the new constraint.
fixes#189
Signed-off-by: Julio Montes <julio.montes@intel.com>
This commit will allow for better performance regarding the time spent
to retrieve the sandbox ID related to a container ID.
The way it works is by relying on a specific mapping between container
IDs and sanbox IDs, meaning it allows to retrieve directly the sandbox
ID related to a container ID from the CLI. This lowers complexity from
O(n²) to O(1), because we don't need to call into ListPod() which was
parsing all the pods and all the containers on the system everytime
the CLI need to retrieve this mapping.
This commit also updates the whole unit tests as a consequence. This
is involving most of them since they were all relying on ListPod()
before.
Fixes#212
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
Rework the signal handling code so that if debug is enabled and a
`SIGUSR1` signal is received, backtrace to the system log but continue
to run.
Added some basic tests for the signal handling code.
Fixes#241.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
The same way a caller of "kata-runtime kill 12345" expects
the container 12345 to be killed, the same call to a container
representing a sandbox should actually kill the sandbox, meaning
it would be stopped after the container has been killed.
This way, the caller knows the VM is stopped after kill returns.
This is an issue raised by Openshift and Kubernetes tests. They
call into delete way after the call to kill has been submitted,
and in the meantime they kill all processes related to the container,
meaning they do kill the VM before we could do it ourselves. In this
case, the delete responsible of stopping the VM comes too late and it
returns an error when trying to destroy the sandbox while trying to
communicate with the agent since the VM is not here anymore.
This commit addresses this issue by letting "kill" call into
StopSandbox() if the command relates to a sandbox instead of
a simple container.
Fixes#246
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
The way a delete works, it was always trying to stop the sandbox, even
when the force flag was not enabled. Because we want to be able to stop
the sandbox from a kill command, this means a sandbox stop might be
called twice, and we don't want the second stop to fail, leading to the
failure of the delete command.
That's why this commit checks for the sandbox status before to try
stopping the sandbox.
Fixes#246
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
