Each hypervisor is different and supports different options regarding
the network interface it creates. In particular, the multiqueue option
is not supported by Firecracker and should not be assumed by default.
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
The point of knowing the number of CPUs from the network perspective
is to determine the number of queues that can be allocated to the
network interface of the our virtual machine.
Therefore, it's more logical to name it queues from a network.go
perspective.
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
In order to prevent from future duplication of calls into the
hypervisor interface, the hypervisor is directly passed as part
of the xConnectVMNetwork() function. Because this does not apply
the disconnection case, this commit splits the former function
into two separate ones.
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
HotplugRemoveMemory require to do a qmp call, but
unit test does not start a Qemu instance.
Depends-on: github.com/kata-containers/tests#1007
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
- Container only is responsable of namespaces and cgroups
inside the VM.
- Sandbox will manage VM resources.
The resouces has to be re-calculated and updated:
- Create new Container: If a new container is created the cpus and memory
may be updated.
- Container update: The update call will change the cgroups of a container.
the sandbox would need to resize the cpus and VM depending the update.
To manage the resources from sandbox the hypervisor interaface adds two methods.
- resizeMemory().
This function will be used by the sandbox to request
increase or decrease the VM memory.
- resizeCPUs()
vcpus are requested to the hypervisor based
on the sum of all the containers in the sandbox.
The CPUs calculations use the container cgroup information all the time.
This should allow do better calculations.
For example.
2 containers in a pod.
container 1 cpus = .5
container 2 cpus = .5
Now:
Sandbox requested vcpus 1
Before:
Sandbox requested vcpus 2
When a update request is done only some atributes have
information. If cpu and quota are nil or 0 we dont update them.
If we would updated them the sandbox calculations would remove already
removed vcpus.
This commit also moves the sandbox resource update call at container.update()
just before the container cgroups information is updated.
Fixes: #833
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
Most of the projects, they can be built with "make". After that,
"sudo make install" can install the application.
It is not work for kata-runtime because kata-runtime's make must work
with golang in the environment that default sudo cannot supply it.
But "make install" doesn't need golang.
So add "GOPATH not set" to handle the issue.
Fixes: #1008
Signed-off-by: Hui Zhu <teawater@hyper.sh>
Full commit list:
34b7454 grpc: sandbox: add container when is fully created.
df822eb grpc: support rlimits
87ad0a8 release: Kata Containers 1.5.0-rc1
31c6b6e grpc: add SetGuestDateTime API
4eca13b client: do cleanup after UT stop mock server
c25288a Makefile: Decide if agent will be built by seccomp tag
0aae82b release: Kata Containers 1.4.0
7b4c337 vendor: Update vendor/github.com/containerd/console
8dedf30 agent: build as Position-Independent-Executable
dc635d4 test: Add test for ipvlan routes in l3 mode
69ee60f network: Refactor to reduce cyclomatic complexity
4005c33 network: Handle default route where gateway is empty
83138df pkg: types: Add a new field type
Signed-off-by: Peng Tao <bergwolf@gmail.com>
The PR adds the support for s390x.
In the case of CCW devices, the vhost-user devices are not supported.
See #659. An error message is thrown if they tried to be used.
Memory hotplug is not supported on s390 yet and an error message is thrown.
The VirtioNetPCI has been changed to VirtioNet. The generalization
allows to set the VirtioNet to the correct CCW device for s390x.
Fixes: #666
Co-authored-by: Yash D Jain ydjainopensource@gmail.com
Signed-off-by: Alice Frosi <afrosi@de.ibm.com>
For kata shimv2, the sub-reaper isn't needed, otherwise
it will break the cmd.Run() calling in govmmQemu.LaunchQemu().
Fixes: #939
Signed-off-by: fupan <lifupan@gmail.com>
When agent is configured as longLive, the VM's agent created
by factory will not close it's client once it connected, thus
the sandbox's agent cannot re-connect successfully.
Sharing the agent's client between VM's agent and sandbox
can fix this issue.
Fixes: #995
Signed-off-by: fupan <lifupan@gmail.com>
- Block: Add cache-related options for block devices
- versions: Add nemu
- Update cid vsock
- shim: Add trace config option
- vendor: Update govmm vendoring
- git: Add containerd-shim-kata-v2 to .gitignore
- virtcontainers: change uint32 to uint64 for ioctl
- virtcontainers: Return the appropriate container status
- config: Check factory config
- Implement containerd shim v2 API for Kata Containers
- ppc64le: kata-env fails due to missing vendor field
- kata-check: do not require nested vt
- kata-env: Show runtime trace setting
deb6f16 virtcontainers: update context id of vsock to uint64
f651147 block: Add cache-related options for block devices
018c8c1 vendor: Update govmm vendoring
ea74b98 shim: Add trace config option
2af240b versions: Add nemu
7093eec git: Add containerd-shim-kata-v2 to .gitignore
96ed6c5 git: Sort .gitignore entries
04ce4c0 virtcontainers: change uint32 to uint64 for ioctl
0bf29c8 config: Check factory config
fe784c1 config: Create function to check config options
70e4dc5 config: Move check code to end of LoadConfiguration
fa9b15d virtcontainers: Return the appropriate container status
02f8b29 containerd-shim-kata-v2: add building of shimv2 into Makefile
8199d10 containerd-shim-kata: add unit test cases
7951041 containerd-shim-kata-v2: add the service Stats support
5cc016c containerd-shim-kata-v2: add the service Kill support
9ee53be containerd-shim-kata-v2: add the service Resume support
8df33d3 containerd-shim-kata-v2: add the service Pause support
cd321a3 containerd-shim-kata-v2: add the service ResizePty support
47326f5 containerd-shim-kata-v2: add the service Update support
642231b containerd-shim-kata-v2: add the service Shutdown support
87f591a containerd-shim-kata-v2: add the service Connect support
ec4f27b containerd-shim-kata-v2: add the service CloseIO support
8c95b75 containerd-shim-kata-v2: add the service Pids support
709bc9a containerd-shim-kata-v2: add the service Cleanup support
a0e6456 containerd-shim-kata-v2: add the service Delete support
fd18b22 containerd-shim-kata-v2: add the service State support
fbaefc9 containerd-shim-kata-v2: add the service wait support
269c940 containerd-shim-kata-v2: add the exec service support
4c5b296 containerd-shim-kata-v2: add the start service support
72fd6e0 containerd-shim-kata-v2: add the create service support
ca58bb4 ppc64le: kata-env fails due to missing vendor field
d6c4ca5 container-shim-kata-v2: The init containerd shim v2 support
5e6cd00 containerd-shim-v2: add the shim v2 required vendors
f0cb0c7 cli: refactor to align with katautils package
9984636 kata-env: Show runtime trace setting
8cfb06f kata-check: optionally require kvm-intel unrestricted_guest
acbcde3 kata-check: do not require nested vt
ea9ecd7 kata-check: modprobe missing kernel modules
Signed-off-by: katacontainers bot <katacontainersbot@katacontainers.io>
The CID of VSock needs to be change to uint64. Otherwise that leads to
an endianess issue. For more details see
https://github.com/kata-containers/runtime/issues/947
Remove the uint64 introduced by #984Fixes: #958
Signed-off-by: Alice Frosi <afrosi@de.ibm.com>
Add block_device_cache_set, block_device_cache_direct and
block_device_cache_noflush.
They are cache-related options for block devices that are described in
https://github.com/qemu/qemu/blob/master/qapi/block-core.json.
block_device_cache_direct denotes whether use of O_DIRECT (bypass the host
page cache) is enabled. block_device_cache_noflush denotes whether flush
requests for the device are ignored.
The json said they are supported since 2.9.
So add block_device_cache_set to control the cache options set to block
devices or not. It will help to support the old version qemu.
Fixes: #956
Signed-off-by: Hui Zhu <teawater@hyper.sh>
Shortlog:
f9b31c0 qemu: Allow disable-modern option from QMP
d617307 Run tests for the s390x build
b36b5a8 Contributors: Add Clare Chen to CONTRIBUTORS.md
b41939c Contributors: Add my name
dab4cf1 qmp: Add tests
5ea6da1 Verify govmm builds on s390x
ee75813 contributors: add my name
c80fc3b qemu: Add s390x support
ca477a1 Update source file headers
e68e005 Update the CONTRIBUTING.md
2b7db54 Add the CONTRIBUTORS.md file
b3b765c qemu: test Valid for Vsock for Context ID
3becff5 qemu: change of ContextID from uint32 to uint64
f30fd13 qmp: Output error detail when execute QMP command failed
7da6a4c qmp: fix mem-path properties for hotplug memory.
e4892e3 qemu/qmp: preparation for s390x support
110d2fa qemu/qmp: add new function ExecuteBlockdevAddWithCache
a0b0c86 qmp_test: Change QMP version from 2.6 to 2.9
10c36a1 qemu: add support for pidfile option
Fixes#983
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
Include info such as commit number,tag number, etc for building
nvdimm-supported qemu on aarch64 from source code.
Fixes: #974
Signed-off-by: Hui Zhu <teawater@hyper.sh>
Since Kata Containers work with NEMU, add an entry
of the supported nemu version and its OVMF firmware.
Fixes: #970.
Signed-off-by: Salvador Fuentes <salvador.fuentes@intel.com>
Sort the contents of `.gitignore` into two groups: globs and actual
paths. This is more intuitive than a purely sorted list.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
The PR changes the parameter args from uint32 to uint64 for ioctl function.
That leads to an endianess bug.
Fixes: #947
Signed-off-by: Alice Frosi <afrosi@de.ibm.com>
If VM factory templating is enabled (`enable_template=true`), error if
the configured image is not an `initrd=` one.
Also add a note to the config file explaining that a normal image cannot
be used - only initrd images are supported.
Fixes#948.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Moved the checking routines in `LoadConfiguration()` to a new
`checkConfig()` function for clarity.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Move the VSOCK handling code higher up so that all the checking code is
gathered together at the end of `LoadConfiguration()`.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
When our runtime is asked for the container status, we also handle
the scenario where the container is stopped if the shim process for
that container on the host has terminated.
In the current implementation, we retrieve the container status
before stopping the container, causing a wrong status to be returned.
The wait for the original go-routine's completion was done in a defer
within the caller of statusContainers(), resulting in the
statusContainer()'s values to return the pre-stopped value.
This bug is first observed when updating to docker v18.09/containerd
v1.2.0. With the current implementation, containerd-shim receives the
TaskExit when it detects kata-shim is terminating. When checking the
container state, however, it does not get the expected "stopped" value.
The following commit resolves the described issue by simplifying the
locking used around the status container calls. Originally
StatusContainer would request a read lock. If we needed to update the
container status in statusContainer, we'd start a go-routine which
would request a read-write lock, waiting for the original read lock to
be released. Can't imagine a bug could linger in this logic. We now
just request a read-write lock in the caller (StatusContainer),
skipping the need for a separate go-routine and defer. This greatly
simplifies the logic, and removes the original bug.
Fixes#926
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
