When SandboxCgroupsOnly is set, we are expected to just inherit our parent's
cgroup settings and to move all Kata threads within that sandbox cgroup. The
initial implementation still adjusted the size of this cgroup. This commit
fixes this.
This commit makes a couple of functional changes, small refactors, and
adds clarifying comments for some functions.
Fixes: #2090
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
Introduce kata-overhead command to kata-runtime CLI, to help
with calculating sandbox overhead.
Fixes: #2096
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
StatsSandbox is used to gather metrics for the sandbox (host cgroup) as
well as from the individual containers (from the guest cgroups). This is
intended to be used for easily calculating Kata sandbox overheads.
Fixes: #2096
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
container.config does not point to sandbox.config.Containers.ContainerConfig
which caused the ContainerConfig not sync.
Fixes: #2129
Signed-off-by: Wang Liang <wangliangzz@inspur.com>
When do the reloading sandbox in shimv2, it's needed to
rewatch the hypervisor's console when debug enabled.
Fixes:#2091
Signed-off-by: lifupan <lifupan@gmail.com>
Version checker does to work today
- Allow to detect stabe branches
Fixes#1581
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
Version checker does to work today
- Allow to detect stabe branches
Fixes#1581
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
container.config does not point to sandbox.config.Containers.ContainerConfig
which caused the ContainerConfig not sync.
Fixes: #2129
Signed-off-by: Wang Liang <wangliangzz@inspur.com>
The uuid file shouldn't be created at `/var` if running rootless.
Modify `VMUUIDStoragePath` to get a path accessible for non-root users
if running rootless.
fixes#2133
Signed-off-by: Julio Montes <julio.montes@intel.com>
Mount points, like `resolv.conf` and `hostname` are left in the
host when the cgroup creation fails.
Use `unmountHostMounts()` and `bindUnmountContainerRootfs()` in the rollback
function that is called when container's creation fails.
fixes#2108
Signed-off-by: Julio Montes <julio.montes@intel.com>
The domain name should be used as prefix for the annotations, for
kata containers the domain name is katacontainers.io, not kata-containers.io
fixes#2123
Signed-off-by: Julio Montes <julio.montes@intel.com>
1. Send the event when the container is paused/resumed successfully
2. Return the error of the pause/resume function rather than
`getContainerStatus`.
Fixes#2121
Signed-off-by: Li Yuxuan <liyuxuan04@baidu.com>
Refactor so that all code to load state, devices, network
takes place at one place. This is in line with the experimental api
for new storage that also loads all the necessary items here all at once.
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
The hypervisor.createSandbox may need to access the state.
For eg, ACRN today needs to access the block index to assign
it to the root image of the VM. Hence load this early on.
Fixes#2026
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Update the version used for testing the cni plugins to the latest
0.8.2 release. This way we make sure CI tests with latest CNI plugins.
Depends-on: github.com/kata-containers/tests#1984
Fixes#2111
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
- Fix cache factory UT
- Virtio-fs v0.3 support
- virtcontainers: set agent's logs vsock port
- config: Fix `virtio-fs` typo in Makefile
- Hypervisor: UUID fix for acrn hypevisor
- virtcontainers: change firecracker socket permissions
- Add annotations to provide custom configs
- Fix CRIO + Firecracker
- rootless: add rootless to kata
- QEMU: do not require nvdimm machine option with initrd
- s390x: Fix runtime build for s390x
- versions: Update kernel to 4.19.75
- config: honor DEFSHAREDFS_QEMU_VIRTIOFS and CONFIG_QEMU_VIRTIOFS_IN
- Support Firecracker 0.18
- virtcontainers: fix the issue of missing qemu error logs
- config: Fix the qemu-virtiofs.toml
- s390x: Share image between qemu instances
- The unit of newMemory is MB
- config: use 9p as default shared filesystem for nemu
- Remove annotation config json key
dd21046 vc/store: fix TestStoreVCNewVCSandboxStore/TestStoreVCNewVCContainerStore
6ab89e4 vc/store: fix cache factory ut
4863aa9 vc/store: reuse store
ad15631 virtiofsd: Do not use posix lock.
2b40b6b vendor: update kata agent
aa43e2a virtcontainers: set agent's logs vsock port
23a5dc7 virtiofsd: use virtiofsd --syslog
d5a3d0a virtiofs: use virtiofsd --fd=FDNUM
6ce6a26 kata_agent: use virtio-fs 0.3+ mount options
80855a8 ci: travis: allow ppc64le failures
c3abd51 config: Fix `virtio-fs` typo in Makefile
8f6b0a6 virtcontainers: change firecracker socket permissions
8f70643 tests: Remove hardcoded annotation value.
e7b9c36 tests: Add tests for annotations.
09129c1 config: Define minimum memory requirement
8405b56 annotations: add Annotations for the agent.
5b78a8a annotations: Add annotations for runtime config
afb91c2 annotations: Add annotations to support additional configurations
845bf73 annotations: Support annotations to customise kata config
30d0b7a annotations: Add missing firmware and hashes to asset annotations
46b6815 annotations: Change existing annotations to fit a new format
312f3e7 virtcontainers/fc: implement remove device
7e9cc56 virtcontainers/fc: improve create disk pool process
07932d5 virtcontainers/fc: add logs and improve others to make debugging easier
ed7240b virtcontainers: move device operations to a more generic place
e93bf96 network: Add tuntap device
c8dd92d dep: update vendor packages for netlink commit
41407cf vc: make cgroup usage configurable if rootless
5f0799f vc: add rootless dir to path variables
cdd6f7e katautils: update paths to be configurable for rootless execution
2d8b278 rootless: add rootless logic
8b843c5 QEMU: do not require nvdimm machine option with initrd
c152ebf s390x: Fix runtime build for s390x
bc3c07b versions: Update kernel to 4.19.75
aa6a16c Hypervisor: UUID fix for acrn hypevisor
b1909e8 config: fix virtiofsd name
84ead98 config: add configuration-qemu-virtio-fs.toml to gitignore
443e657 config: honor DEFSHAREDFS_QEMU_VIRTIOFS and CONFIG_QEMU_VIRTIOFS_IN
3d0949d virtcontainers: check minimum supported version of firecracker
1f93cff virtcontainers: fix the issue of missing qemu error logs
8680db6 versions: update firecracker to the version 0.18.0
123ba13 vendor: update kata agent
5ac6e9a virtcontainers: make socket generation hypervisor specific
f2f0923 virtcontainers: rename kataVSOCK type and move it into the types package
f42dd7d virtcontainers/fc: Add support for hybrid vsocks
2c4cf39 virtcontainers/fc: bump firecracker experimental version
bb87b44 virtcontainers/fc: Add logger to the http transport
880bb2b virtcontainers: introducing HybridVSock type
2a8af23 virtcontainers: Make fc.go fit the new API
67ce728 virtcontainers: Update firecracker swagger API
cdb1b5c cli: Fix the qemu-virtiofs.toml
4134571 config: do not use nemu variable for qemu-virtiofs configuration
97fe749 config: use 9p as default shared filesystem for nemu
c81db9c sandbox: The unit of newMemory is MB
7fa0a72 s390x: Share image between qemu instances
7965baa vendor: update govmm
2ed94cb Config: Remove ConfigJSONKey from annotations
Signed-off-by: katacontainersbot <katacontainersbot@gmail.com>
We have some issues trying to run `apt upgrade` on
a container that uses virtiofsd with `-o posix_lock`.
Add virtiofsd `-o no_posix_lock` argument to not use the
posix lock.
Signed-off-by: Salvador Fuentes <salvador.fuentes@intel.com>
bring support for logging through a hybrid vsock
shortlog:
95be1c3 agent: add support for logging to a vsock port
a03e23b protocols/client: improve hybrid vsock parser
6a96997 protocols/client: make schemes and hybrid vsock dialer public
e01f23c network: Add a testcase for setupDNS
d733185 network: Setup DNS for sandbox
Signed-off-by: Julio Montes <julio.montes@intel.com>
In firecracker, there is no socket connected to /dev/console, so let's
use a vsock port to get agent's logs
Depends-on: github.com/kata-containers/shim#210
fixes#2103
Signed-off-by: Julio Montes <julio.montes@intel.com>
Log to syslog instead of stderr. This way all Kata and virtiofsd logs
are captured in syslog (or the systemd journal). This makes debugging
much easier.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
The new --fd=FDNUM file descriptor passing option eliminates the need to
wait for virtiofsd to create the vhost-user UNIX domain socket. This is
a nice simplification because we can remove the timeouts and stderr
parsing. There is no longer a race between launching virtiofsd and
launching QEMU, so we don't need to wait anymore.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
virtio-fs changed the mount command-line. Previously "mount none -o
tag=kataShared ..." was used. Now "mount kataShared ..." is used
instead.
Since the "kataShared" tag is used for both 9P and virtio-fs, rename the
variable so that it is not 9P-specific.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Fixes: #1993
