This document decsribes how an Nvidia GPU can be used with Kata Containers in Nvidia GPU pass-through mode.
Fixes#616
Signed-off-by: Jimmy Xu <junming.xjm@antfin.com>
Because CI build is
1. Slow and in log it is showing because "apt-utils" not installed
2. to avoid CI build to exits with error without having certificate
Fixes: #970
Signed-off-by: Pratik Raj <rajpratik71@gmail.com>
By default, Ubuntu or Debian based "apt" or "apt-get" system installs recommended but not suggested packages .
By passing "--no-install-recommends" option, the user lets apt-get know not to consider recommended packages as a dependency to install.
This results in smaller downloads and installation of packages .
Refer to blog at [Ubuntu Blog](https://ubuntu.com/blog/we-reduced-our-docker-images-by-60-with-no-install-recommends) .
Fixes: #970
Signed-off-by: Pratik Raj <rajpratik71@gmail.com>
Because CI build is
1. Slow and in log it is showing because "apt-utils" not installed
2. to avoid CI build to exits with error without having certificate
Fixes: #427
Signed-off-by: Pratik Raj <rajpratik71@gmail.com>
By default, Ubuntu or Debian based "apt" or "apt-get" system installs recommended but not suggested packages .
By passing "--no-install-recommends" option, the user lets apt-get know not to consider recommended packages as a dependency to install.
This results in smaller downloads and installation of packages .
Refer to blog at [Ubuntu Blog](https://ubuntu.com/blog/we-reduced-our-docker-images-by-60-with-no-install-recommends) .
Fixes: #427
Signed-off-by: Pratik Raj <rajpratik71@gmail.com>
The default chrootBaseDir "/run/vc" in many distributions is mounted
with `noexec` flag, which will bring 'permission denied' error
when running kata-containers with jailer.
Therefore, we decided to remount the jailerRoot dir with exec when setting
up a new firecracker sandbox and umount it when cleaning up.
Fixes: #2511
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
originally, we forcefully set any bind-mount with `private` propagation
type, and it's not applied for all scenarios. e.g. we need to provide
`slave` or `shared` propagation type for bind-mounts in setting up jail
house.
Here, we add another parameter `pgtype` in func bindMount for providing
customized propagation parameters.
Fixes: #2511
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
- ci: Provide source directory path for script execution
- kernel: Install uncompressed kernel by Image instead of vmlinux on arm64
- ACPI: Always build evged in for experimental kernel
- obs: Update obs packages for ppc64le
- scripts: enable libpmem only for x86_64
- scripts/qemu: enable libpmem
- release: Remove release docs
- test: Test for kata-containers packages on Fedora 31
- obs: Remove obs packages and testing for ubuntu 19.04 and fedora 29
- kernel: enable BPF to support libcontainer's cgroups V2 implementation
- kata-deploy: improve logic for crio.conf runtime additions
- yq: Use install_yq.sh script from tests repository
f599c8e kernel: Install uncompressed kernel by Image instead of vmlinux on arm64
c3949fd ACPI: Always build evged in for experimental kernel
83a69de scripts: enable libpmem only for x86_64
aad1e0e obs: Update obs packages for ppc64le
c0d45d8 scripts/qemu: enable libpmem
acf5b91 release: Remove release docs
3418d40 build: Enclose source dir for script execution
ac0d569 kernel: enable BPF to support libcontainer's cgroups V2 implementation
d7c2a38 obs: Remove obs packages and testing for ubuntu 19.04 and fedora 29
c8c3e46 test: Test for kata-containers packages on Fedora 31
43ab57f yq: Use install_yq.sh script from tests repository
cd6d364 kata-deploy: improve logic for crio.conf runtime additions
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
- scripts: set a default path to the yq binary
- AArch64: Build rust image on aarch64
- image-builder: Add NSDAX_BIN for passing in compiled nsdax tool
- rootfs: Don't overwrite /sbin/init if it already exists
- tests: Improve running test_images.sh locally
1c063af scripts: set a default path to the yq binary
67343a1 rust-agent: Separate the build up of rust-agent and go-agent
a390a36 rootfs: remove RUST_SRC_PATH
41aaa36 ubuntu/debian: create aarch64-specific Dockerfile.in
9cba8c4 musl: install musl on aarch64
87a5d5c rootfs: Don't overwrite /sbin/init if it already exists
4004bd8 image-builder: Add NSDAX_BIN for passing in compiled nsdax tool
134175b tests: Document the changed KATA_DEV_MODE behavior
0f4eac4 tests: Skip initrd/image launch if KATA_DEV_MODE
762ec28 tests: Drop kata-runtime env validation if KATA_DEV_MODE is set
6f17b9c tests: Skip set_runtime if KATA_DEV_MODE is set
17a8fb1 tests: Skip all kata-manager usage if KATA_DEV_MODE is set
e787bb0 tests: Define KATA_DEV_MODE
cef2591 tests: Rework dracut docker bind mounts
f3ab6d2 tests: Don't run commands with `chronic` if DEBUG is set
7a8e816 tests: Specify DRACUT_OVERLAY_DIR
7dd99c0 tests: Add project_dir helper variable
1ae3922 tests: Have DEBUG=1 set bash xtrace
555ddf3 tests: Remove unused USE_DOCKER export
0e6a12c tests: Pass DOCKER_RUNTIME to osbuilder scripts
e8624d8 tests: Rename docker_build_runtime -> DOCKER_RUNTIME
cd46d09 tests: Remove hardcoded 'runc' reference
c574ec0 tests: Remove dead unset images_dir check
44f2931 tests: Remove unused test_func_prefix
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
- actions: Add verbose information
- systemd-service: build rust-agent systemd services
- grpc: fix the issue of crash agent when didn't find the process
cd233c0 actions: Add verbose information
f0eaeac path-absolutize: version update
3136712 systemd-service: build rust-agent systemd services
289d617 grpc: fix the issue of crash agent when didn't find the process
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
It explains the details of current supported annotations.
Fixes: #486Fixes: #294
Depends-on: github.com/kata-containers/tests#2240
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
Our CLH driver in kata defines its own constant variable 'maxClhVcpus'
which can conflict with the maximum number of vCPUs specified from the
kata configuration file 'clh.config.DefaultMaxVCPUs'. As the value from
kata configuration file is preferred anyway and the code on 'maxClhVcpus'
is not being used. We'd better remove it for better readability and
avoiding further confusions.
Fixes: #2528
Signed-off-by: Bo Chen <chen.bo@intel.com>
Use the path where `install-yq.sh` installs `yq` as the default path to the
`yq` binary in `lib.sh`.
Install `yq` in the default path if it doesn't exist.
fixes#429
Signed-off-by: Julio Montes <julio.montes@intel.com>
Kata-runtime can append vhost-user-blk device to the
device list of a container. And handle volumes who is
a block device and in VhostUserBlk type.
The vhost-user-blk device will be identified by its
PCI address by Kata-agent inside VM.
Fixes: #2380
Signed-off-by: Liu Xiaodong <xiaodong.liu@intel.com>
Reserved number of Linux device number 241 and 242
are used to identify vhost-user-blk and vhost-user-scsi
devices.
for example, after command:
mknod <Vhost-User-Dir>/block/devices/vhost-dev0 b 241 0
this node will be recognized as vhost-user-blk device.
Fixes: #2380
Signed-off-by: Liu Xiaodong <xiaodong.liu@intel.com>
Two parameters are used to set in toml file:
1. Set "enable_vhost_user_store = true" to indicate
that vhost-user storage device feature is enabled.
2. Set "vhost_user_store_path = <Vhost-User-Dir>".
vhost-user socket files will be under
"<Vhost-User-Dir>/block/sockets/"; and device node
for vhost-user device will be under
"<Vhost-User-Dir>/block/devices/"
The default value of "vhost_user_store_path" is
"/var/run/kata-containers/vhost-user/".
Fixes: #2380
Signed-off-by: Liu Xiaodong <xiaodong.liu@intel.com>
set rootfstype=ext4 to make kernel not do print errros like:
```
Mount option "data=ordered" incompatible with ext2
```
Depends-on: github.com/kata-containers/tests#2377
Fixes: #2524
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
This adds the `agent.container_pipe_size` annotation which allows
configuration of the size of the pipes for stdout/stderr for containers
inside the guest.
fixes#2467
Signed-off-by: Alex Price <aprice@atlassian.com>
The QAT instructions was broken after moving to a newer 4.19 kernel. Now
that the new 5.4 kernel is out, these instructions fix that.
Fixes#612
Signed-off-by: eric.adams@intel.com
shimv2/containerd logs are placed and formatted differently than for
kata CRI-O. Add some details to the Fluentd parsing document to aid
in parsing those.
Fixes: #610
Signed-off-by: Graham Whaley <graham.whaley@intel.com>
Set the katautils default log level to 'Warn', rather than 'Info',
as 'Info' is rather noisy.
Fixes: #2522
Signed-off-by: Graham Whaley <graham.whaley@intel.com>
Set the default log level explicitly to 'Warn', rather than taking
the logrus default (which is normally 'Info').
Fixes: #2522
Signed-off-by: Graham Whaley <graham.whaley@intel.com>
The shimv2 runtime logs slightly differently - let's clarify
that in the existing OCI/CRI-O only runtime section.
Fixes: #2520
Signed-off-by: Graham Whaley <graham.whaley@intel.com>
Separate the build up of rust-agent and go-agent, hence you only
select one as kata-agent.
I've added the generation of rust-agent systemd service files into
rust-agent Makefile.
Therefore, we could use same `make` commands to build go-agent and
rust-agent.
Fixes: #411
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
If user wants to use customized rust-agent, they could use
AGENT_SOURCE_BIN to pass the static binary.
The rust-agent is always statically linked with musl.
Fixes: #411
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
The musl package in ubuntu/debian could not provide everything we need
on aarch64.
e.g. we need `aarch64-linux-musl-gcc` as linker, and it's not provided
in package.
Fixes: #411
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
The original musl-installing method is only for x86_64 and i386(see
musl config.mak template file).
musl.cc provides small and reliable pre-built musl toolchains
for many architectures.
Static so they run on supported platforms without dependencies.
Fixes: #411
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
