There are two changes here. There first one being relying on the
`centos-release-advanced-virtualization` package instead providing the
content of the repo ourselves; and the second one being installing
`kata-containers` (2.x) instead of the `kata-runtime` one (1.x).
Fixes: #1583
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
The package to be installed on Fedora is `kata-containers` instead of
`kata-runtime`. The difference being `kata-runtime` is the 1.x package,
while `kata-containers` is the 2.x one.
Fixes: #1582
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
The content of the openSUSE installation guide is related to the 1.x
packages, as openSUSE doesn't provide katacontainers 2.x packages.
Fixes: #1585
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
The content of the SLE installation guide is related to the 1.x
packages, as SUSE doesn't provide katacontainers 2.x packages.
Fixes: #1586
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
- test: install mock hook binary before test
- cgroups: fix the issue of get wrong online cpus
- build: remove unused variables from Makefile
- container: on cleanup, rm container directory for mounts path
- runtime: add support for QEMU 6
- agent: Enable clean shutdown
- runtime: fix virtiofsd RO volume sharing
- runtime: update virtcontainers API documentation
- runtime: Fix trace span ordering and static checks
- fix runtime UTs and enable static check
- kata-deploy: Use the correct tag for 2.1-alpha1 release
- ci: fix virtiofs-experimental build
- Verify container ID
- rustjail: rework execute_hook
- agent: Allow server address to be specified on kernel command-line
- agent: disconnect rpc get_oom_event when destroy_sandbox.
- docs: Update QAT instructions to work with Kata 2.0 repos
- agent: Update Cargo.lock for earlier dependency change
- osbuiler: fixing USE_DOCKER for ppc64le
- agent: Fix unused import warning in unit tests
- [forwardport] Fixup systemd cgroup handling
- runtime: Fix ordering of trace spans
- runtime: add support for readonly sandbox bindmounts
- Bump to QEMU 5.2.0 - respin
- runtime: return hypervisor Pid in TaskExit event
- agent: makefile: Add codecov target
- Bump to QEMU 5.2.0
- exec: ensure sup groups are added to agent request
- rustjail: fix the issue of home_dir function
- osbuilder: Port QAT Dockerfile to 2.0 repo
- agent-ctl: Unbreak build
- rustjail: fix the issue of bind mount device file from guest
- musl/arm64: decompression before use the tarball.
- osbuilder/arm64: build musl toolchain from source code if needed
- runtime: Fix missing 'name' field on containerd-shim-v2 logs
- agent: don't error of virtiofs share is already mounted
- shimv2: return the hypervisor's pid as the container pid
- runtime: check if error loading runtime config
- agent: fix clippy for rustc 1.5
- agent: Upgrade tokio to 1.2.0
- rustjail: fix blkio conversion
- agent: Agent invokes OCI hooks with wrong PID
- kata-deploy: stop mentioning qemu-virtiofsd, as the default qemu supports virtiofsd already (plus some cleanups)
- agent: Stop receive message from Receiver if got None
- Remove "Docker" & "[kata] runtime" references from the release scripts & process documentation
- kata-deploy: Ensure CRI-O uses shimv2 & the "vm" runtime type
- makefile: agent: Add self documented help
- runtime: connect guest debug console bypass kata-monitor
- Clean up PCI path handling
- runtime: Create tracer later in shimv2
- Agent: OCI hooks return malformed json
- osbuilder: Allow image registry to be customizable
- docs: Update licensing strategy to use kata 2.0 repository
- runtime: clh-config: add runtime hooks to the clh toml
- Fix Snap CI
- runtime: cpuset: when creating container, don't pass cpuset details
- agent: Remove bogus check from list_interfaces() unit test
- cli: Add aliases for `kata-` options
- github: Only run kata-deploy-test on pull-requests
- docs: Fix the installation directory of virtiofsd
- osbuilder: Fix USE_DOCKER on s390x
- Add katacontainers end-to-end arch image
- Build for glibc on s390x
- packaging: Fix vmlinux kernel install on s390x
- ci: Upgrade to yq 3.4.1
- kernel: Don't fail if "experimental" dir doesn't exist
- kata-deploy: Remove kata-deploy-docker.sh
- runtime: migrate from opentracing to opentelemetry
- rustjail: use rlimit crate
- rustjail: get all capabilities dynamically
- agent: README update to install protoc for ppc64le
- qemu: Add security fixes for CVE-2020-35517
- Fix lints and remove allow attributes which silence these warnings
- arm64: enable acpi for qemu/virt.
- osbuilder: Enforcing LIBC=gnu to rootfs build for ppc64le
- Fix async problems
- kata-monitor: set buildmode to exe to avoid build failing
- osbuilder: add description for how to use DISTRO variable
- kata-monitor: allow for building for alpine
- shimv2: log a warning and continue on post-stop hook failure
- kernel: Updates to kernel config for ppc64le
- agent: add secure_join to prevent softlink escape
- rustjail: fix the issue of container's cgroup root path
- osbuilder: remove traces of cmake
- versions: Update cloud-hypervisor to release v0.12.0
- clh: Use vanilla kernel.
- osbuilder: miscelaneous fixes/improvements
- branch: change 2.0-dev to main
- snap: Don't release Kata Alpha/RC in snap store
- Migrate to rtnetlink
- agent: Add underscore for constants
- github: Update ubuntu version to 20.04
- agent: implement NVDIMM/PMEM block driver
- rustjail: fix the issue of missing destroy contaienr cgroups
- agent: switch to async runtime
9a4e866 container: on cleanup, rm container directory for mounts path
48e5e4f test: install mock hook binary before test
1d44881 uevent: Add shutdown channel for task
d8d5b4c signal: Move to a new module
011f7d7 logging: Rework for shutdown
7d5f88c agent: Enable clean shutdown
dcb39c6 main: Create logger task
2cf2897 main: Use task list for stopping tasks
039df1d main: Refactor main logic into new async function
2a648fa logging: Use guard to make threaded logging safe
38f0d8d config: Fix assert_error testing macro
3f46e63 cgroups: fix the issue of getting wrong online cpus
e349244 runtime: fix virtiofsd RO volume sharing
532ff7c runtime: update virtcontainers API documentation
6fcfea8 runtime: Fix static check errors
f3ebbb1 runtime: Fix trace span ordering
5a3ee7d snap: Use qemu.version to build snap
0f78a5d kernel: rename exeperimental kernel symlink.
f791052 qemu: Build experimental qemu.
1555bfd runtime: add support for QEMU 6
fc0f93a actions: enable unit tests in PR check
74192d1 runtime: fix static check errors
a2dee1f runtime: fix vm factory UT failure
076bc50 agent-ctl: update Cargo.lock
0153f76 runtime: gofmt code
60f6315 kata-deploy: Use the correct tag for 2.1-alpha1 release
b0e51e5 qemu: Improve cache build
bc587da qemu: Add suffix for qemu binaries.
5493517 qemu: add CACHE_TIMEOUT
98d01ce qemu: Apply patches for specific versions.
190f813 runtime/katautils: PFlash should be initialized
b2ec5a4 runtime: fix cleanupSandboxBindMounts panic
9b689ea runtime/cli: fix TestMainBeforeSubCommandsLoadConfigurationFail failure
8e71c4f runtime: fix missing context argument in mocked sandbox APIs
8ff62be runtime: fix vcmock build failure
0e4b28e rustjail: rework execute_hook
a09e58f packaging: Use local file for assets.
451b45f agent: Make use of test consts for error messages
8c4d334 agent: disconnect rpc get_oom_event when destroy_sandbox.
07cfa4c qemu: patches: Fail if not patches directory
e221c45 versions: Update qemu database
5abdd2a qemu: move 5.0.0 patches to its own dir.
259c179 docs: Update QAT instructions to work with Kata 2.0 repos
34e7d5e agent: Validate CID
b265870 runtime: Validate CID
12e9f7f runtime: Add missing test mock function
ea51c17 agent: Allow server address to be specified on kernel command-line
4bf84b4 runtime: Add contexts to calls in unit tests
9e4932a runtime: use root span for shimv2 tracing
6b0dc60 runtime: Fix ordering of trace spans
3a77e4e build: remove unused variables from Makefile
d7cb3df cgroups: Add systemd detection when creating cgroup manager
f659871 cgroups: remove unused SystemdCgroup variable and accessor/mutators
b0e966c agent: Fix unused import warning in unit tests
d5a9d56 agent: Update Cargo.lock for earlier dependency change
0f7950f packaging: configure QEMU with -O2
224c50f snap: Package virtiofsd and fix path
f0d4985 exec: ensure sup groups are added to agent request
b034458 runtime: return hypervisor Pid in TaskExit event
81607e3 rustjail: fix the issue of home_dir function
c258ea2 agent-ctl: Function parameter cleanup
fcd45de agent-ctl: Unbreak build
efe625d build: Remove whitespace
48ed8f3 runtime: add support for readonly sandbox bindmounts
7ae349c agent: makefile: Add codecov target
f580d33 musl/arm64: decompression before use the tarball.
2da058e osbuild: build musl toolchain from source if needed
6417067 osbuilder: Port QAT Dockerfile to 2.0 repo
85601cd snap: Update for QEMU 5.2.0
88cef33 versions: update QEMU to 5.2.0
21bdaaf runtime: Fix missing 'name' field on containerd-shim-v2 logs
74a893f packaging: Refactor version comparisons on configure-hypervisor.sh
34dc861 rustjail: fix the issue of bind mount device file from guest
0f70983 runtime: check if error loading runtime config
6f72076 agent: fix clippy for rustc 1.5
4a21472 agent: Fix test
02079db agent: upgrade tokio to 1.0
a42dc74 agent: Agent invokes OCI hooks with wrong PID
17e9a2c agent: don't error of virtiofs share is already mounted
947913f agent/protocols: Remove cargo:rerun-if-changed in build.rs
bc0ac52 shimv2: return the hypervisor's pid as the container pid
10ed3da release: Rename runtime-release-notes to release-notes
f5dab6a release: We're not compatible with Docker.
2c8ea0a kata-deploy: Add copyright to the kata-deploy's Dockerfile
4e494e3 packaging: Remove NEMU mentions
f21c54a kata-deploy: QEMU, for 2.x, already includes virtiofs
657bd78 kata-deploy: Get rid of references to the docker script
dcea086 rustjail: fix blkio conversion
bc34cbb agent: Stop receive message from Receiver if got None
01481d6 kata-deploy: Ensure CRI-O uses the VM runtime type
d1c7173 kata-deploy: Move the containerd workarounds to their own functions
5013634 kata-deploy: Stop shipping kata-{clh,fc,qemu,qemu-virtiofs} binaries
2270f19 kata-deploy: Update README to reflect the current distributed artifacts
a494c4d makefile: agent: Add self documented help
72cb928 vhost-user-blk: Use PciPath type for vhost user devices
74f5b5f runtime/block: Use PciPath type through block code
32b40f5 runtime/network: Use PciPath type through network handling
87c5823 agent/device: Add unit test for pcipath_to_sysfs()
066ce7a agent/device: Pass root bus sysfs path to pcipath_to_sysfs()
fda48a9 agent/device: Use pci::Path type, name things consistently
c12b86d agent/device: Generalize PCI path resolution to any number of bridges
3715c57 agent/device: Rename and clarify semantics of get_pci_device_address()
7e92831 protocols: Update PCI path names / terminology in agent protocol def
8e5fd8e runtime: Introduce PciSlot and PciPath types
7464d05 agent: PCI path type
b22259a agent: PCI slot type
8c2f9e6 gitignore: Ignore *~ editor backup files
b412e15 osbuilder: Port QAT Dockerfile to 2.0 repo
5096103 osbuiler: fixing USE_DOCKER for ppc64le
a44b272 runtime: Create tracer later in shimv2
49bdbac osbuilder: Allow image registry to be customizable
fdc573d docs: Update licensing strategy to use kata 2.0 repository
2e2749a runtime: clh-config: add runtime hooks to the clh toml
ef72926 ci: snap: run snap CI on every pull request
919d512 snap: fix kernel setup
d054841 ci: snap: build targets that not need sudo first
a115338 ci: snap: define proxy variables
df14d38 Agent: OCI hooks return malformed json
3721351 runtime: cpuset: when creating container, don't pass cpuset details
c9c7c12 agent: Remove bogus check from list_interfaces() unit test
cb6d2f3 osbuilder: alphabetize fields
056d742 docs: Update documentation with new prefixless config options
fdcde79 cli: use new prefixless config options in tools scripts
02ee8b0 cli: Add aliases for kata- options
c6bc43b docs: Fix broken link to fluentbit.io docs
20b27a1 docs: Fix the installation directory of virtiofsd
11fe6a3 osbuilder: Fix USE_DOCKER on s390x
10f1c30 kata-runtime: use filepath.Join() to compose file path
f4ae9c8 docs: Update Developer-Guide.md
9963428 docs: update document for using debug console
44cde6e runtime: connect guest debug console bypass kata-monitor
3406502 runtime: add jaeger configuration items
fbab262 kernel: Don't fail if "experimental" dir doesn't exist
e1dce3a rustjail: use rlimit crate
8045104 ci: Upgrade to yq 3.4.1
3d3e4dc packaging: Fix vmlinux kernel install on s390x
a252d86 rustjail: get all capabilities dynamically
62cbaf4 kata-deploy: Remove kata-deploy-docker.sh
50fea9f github: Only run kata-deploy-test on pull-requests
b548114 qemu: Add security fixes for CVE-2020-35517
11680ef agent: README update to install protoc for ppc64le
f16ab49 agent: fix non_camel_case_types lint and stop hiding the warning
8ffe4d6 agent: fix unused_parens lint and stop hiding the warning
f70ca69 agent: remove #![allow(unused_unsafe)]
e28bf7a agent: fix dead_code lint
05da23a agent: fix non_snake_case lint and remove ![allow(non_snake_case)]
afb4197 osbuilder: Build for glibc on s390x
a1cedc5 agent: Build for glibc on s390x
9f237aa docs: add katacontainers end-to-end arch image
254b98d rustjail: fix unit test test_process
b25575b agent: remove crate signal-hook which are no longer used
b1880b3 rustjail: remove unnecessary #[async_trait]
83e9414 rustjail: add unittest test_execute_hook
d204100 rustjail: close stdin in execute_hook after it was sent
bb08131 rustjail: fix fork/child in execute_hook
17df9b1 runtime: migrate from opentracing to opentelemetry
71aeb92 osbuilder: updates for feedback
8e2b19a osbuilder: add description for how to use DISTRO variable
b6c2a60 kata-monitor: set buildmode to exe to avoid build failing
9f7a7a4 osbuilder: Enforcing LIBC=gnu to rootfs build for ppc64le
a88b896 kernel: Updates to kernel config for ppc64le
b7a1f75 arm64: enable acpi for qemu/virt.
448771f rustjail: fix the issue of container's cgroup root path
fd39f0f osbuilder: Add "Agent init" on terms glossary
e111093 agent: add secure_join to prevent softlink escape
1273e48 osbuilder: Fix urls to repositories
ba9fa49 osbuilder: Use Fedora and CentOS registries
c2d14cd versions: Update cloud-hypervisor to release v0.12.0
0e57393 shimv2: log a warning and continue on post-start hook failure
e7043fe shimv2: log a warning and continue on post-stop hook failure
3718df6 osbuilder: Remove leftover pieces related to cmake
d1bf829 kernel: ACPI: Always build evged for stable kernel
6f3d591 clh: Use vanilla kernel.
fd5592d branch: change 2.0-dev to main
2b880d2 snap: Don't release Kata Alpha/RC in snap store
14a63cc agent: Add underscore for constants
fa93831 agent: Address linter and tests
96762ab agent: Remove old netlink crate
0ea8243 github: Update ubuntu version to 20.04
33367be agent: Integrate netlink
23f3aef agent: Implement new netlink module
12551de agent: implement NVDIMM/PMEM block driver
6abb1be rustjail: fix the issue of missing destroy contaienr cgroups
fe67f57 agent: set edition = "2018" in .rustfmt.toml to fix rustfmt about async fn
df68771 agent-ctl: Update ttrpc to 0.4.14 for agent-ctl
37e285b agent: Make debug console async
f3bd439 agent: fix tests for async functions
9f79ddb agent: use tokio Notify instead of epoll to fix#1160332fa4c agent: switch to async runtime
5561755 agent: Initial switch to async runtime
2f1cb79 kata-monitor: allow for building for alpine
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
ARM CI fails with new kernel. Lets use 5.4.x until
fixed.
Depends-on: github.com/kata-containers/tests#3363
Signed-off-by: Carlos Venegas <jos.c.venegas.munoz@intel.com>
A wrong path was being used for container directory when
virtiofs is utilized. This resulted in a warning message in
logs when a container is killed, or completes:
level=warning msg="Could not remove container share dir"
Without proper removal, they'd later be cleaned up when the shared
path is removed as part of stopping the sandbox.
Fixes: #1559
Signed-off-by: Eric Ernst <eric.g.ernst@gmail.com>
#1389 has added a context for many signatures to improve trace spans.
Functions specific to s390x lack this. Add context where required. This
affects some common code signatures, since some functions that do not
require context on other architectures do require it on s390x.
Also remove an unnecessary import in test_qemu_s390x.go.
Fixes: #1562
Signed-off-by: Jakob Naucke <jakob.naucke@ibm.com>
`make test` depends mock hook in virtcontainers directory,
before test, install it first.
And also run test as normal user and root in GitHub actions.
Fixes: #1554
Signed-off-by: bin <bin@hyper.sh>
Move the signal handling code into a new module and refactor into the
main handler and a new SIGCHLD handling function to make the code
simpler and easier to understand.
Also added a unit test for shutdown.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Make changes to logger thread to allow the logger to be replaced with
a NOP logger (required for agent shutdown).
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
The agent doesn't normally shutdown: it doesn't need to be as it is
killed *after* the workload has finished. However, a clean and ordered
shutdown sequence is required to support agent tracing, since all trace
spans need to be completed to ensure a valid trace transaction.
Enable a controlled shutdown by allowing the main threads (tasks) to be
stopped.
To allow this to happen, each thread is now passed a shutdown channel
which it must listen to asynchronously, and shut down the thread if
activity is detected on that channel.
Since some threads are created for I/O and since the standard `io::copy`
cannot be stopped, added a new `interruptable_io_copier()` function
which shares the same semantics as `io::copy()`, but which is also
passed a shutdown channel to allow asynchronous I/O operations to be
stopped cleanly.
Fixes: #1531.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Encapsulate the logic for handling the task that displays logger output
into a new function to simplify the code and remove another anonymous
async block.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Maintain a list of tasks and wait on them all before main returns.
This is preparatory work for the agent shutdown: all tasks that are
started need to be added to the list. This aggregation makes it easier
to identify what needs to stop before the agent can exit cleanly.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Move most of the main logic into a separate async function. This makes
the code clearer and avoids the anonymous async block.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Return a guard variable from `create_logger()` which the caller can
implicitly drop to guarantee that all threads started by the async log
drain are stopped.
This fixes a long-standing bug [1] whereby the agent could panic with
the following error, generated by the `slog` logging crate:
```
slog::Fuse Drain: Custom { kind: Other, error: "serde serialization error: Bad file descriptor (os error 9)" }
```
[1] - See https://github.com/kata-containers/kata-containers/issues/171.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Fixed the `assert_error!()` test macro so that it correctly handles the
scenario where the test expects an error, but the actual result was `Ok`
(no error).
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
It's better to get the online cpus from
"/sys/devices/system/cpu/online" instead of from
cpuset cgroup, cause there would be an latency
between one cpu online and present in the root
cpuset cgroup.
Fixes: #1536
Signed-off-by: fupan.lfp <fupan.lfp@antfin.com>
Right now we rely heavily on mount propagation to share host
files/directories to the guest. However, because virtiofsd
pivots and moves itself to a separate mount namespace, the remount
mount is not present in virtiofsd's mount. And it causes guest to be
able to write to the host RO volume.
To fix it, create a private RO mount and then move it to the host mounts
dir so that it will be present readonly in the host-guest shared dir.
Fixes: #1552
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
Linux 5.10.x is the new LTS branch, move
kata to a more recent kernel branch.
Fixes: #1288
Signed-off-by: Carlos Venegas <jos.c.venegas.munoz@intel.com>
Split qemu script to build qemu experimental using
same dockerfile.
Fixes: #1421
Depends-on: github.com/kata-containers/tests#3255
Signed-off-by: Carlos Venegas <jos.c.venegas.munoz@intel.com>
It turns out we have managed to break the static checker in many
difference places with the absence of static checker in github action.
Let's fix them while enabling static checker in github actions...
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
