The shimv2 runtime logs slightly differently - let's clarify
that in the existing OCI/CRI-O only runtime section.
Fixes: #2520
Signed-off-by: Graham Whaley <graham.whaley@intel.com>
Remove the rootfs bind dest and finally remove the created share
directory when stopping the container.
Fixes#2516
Signed-off-by: Li Yuxuan <liyuxuan04@baidu.com>
With the HTTP API 'vm.resize()', the CPU hotplug with CLH is much simpler
comparing with QEMU. This is because we don't need to distinguish adding from
removing CPUs.
Fixes: #2495
Depends-on: github.com/kata-containers/packaging#968
Depends-on: github.com/kata-containers/tests#2364
Signed-off-by: Bo Chen <chen.bo@intel.com>
The 'apiSocket' member in the CloudHypervisorState struct needs to be kept
across different executions of kata-runtime with persist HypervisorState, so
that kata-runtime can talk with the same running cloud-hypervisor through
HTTP/REST API calls.
Fixes: #2506
Signed-off-by: Bo Chen <chen.bo@intel.com>
This allows to reuse detached block index and ensures that the
index will not reach the limit of device(such as `maxSCSIDevices`)
after restarting containers many times in one pod.
Fixes: #2007
Signed-off-by: Li Yuxuan <liyuxuan04@baidu.com>
virtiofsd should be added in kata-env as virtiofs enabled kata then
it will be easy to get the info of virtiofsd from kata-env.
Fixes: #2491
Change-Id: I37ff58ed4315344d1e2b87f3abcd04311661e910
Jira: ENTOS-1579
Signed-off-by: Jianyong Wu <jianyong.wu@arm.com>
For one thing, we should not make kata's internal device type
exactly as govmm string by string.
For another thing, latest govmm changes the device driver strings
and it breaks kata in such a way but the fault is on kata side IMHO.
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
To include block readonly capability. Included commits:
3700c55 qemu: add block device readonly support
88a25a2 Refactor code to support multiple virtio transports at runtime
2ee53b0 qemu: Don't set ".cache-size=" when CacheSize is 0
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
cgroup manager is in charge to create and setup cgroups for
virtual containers, for example it adds /dev/kvm and
/dev/vhost-net to the list of cgroup devices in order to have
virtual containers working.
fixes#2438fixes#2419
Signed-off-by: Julio Montes <julio.montes@intel.com>
virtcontainers/pkg/cgroups contains functions and structures needed to deal
with cgroups and virtual containers
Signed-off-by: Julio Montes <julio.montes@intel.com>
We leverage the new openAPI knobs from CLH to set readonly for disk image
and we also pass kernel cmd to set guest root filesystem readonly.
Signed-off-by: Bo Chen <chen.bo@intel.com>
Use CLH branch stable/v0.5.x, and also re-generate the openAPI client
code with the new 'cloud-hypervisor.yaml'.
Fixes: #2488
Signed-off-by: Bo Chen <chen.bo@intel.com>
cri-o v1.16.x has network namespace mount point leaking problem, and
the latest v1.17.x has fixed this problem.
since cri-o and k8s follow the same release cycle and deprecation policy,
I will also update k8s to the latest release v1.17.3-00 as well.
Fixes: #2457
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
A malicious can trick us with a crafted container
rootfs symlink and make runtime umount other mountpoints.
Make sure we do not walk through symlinks when umounting.
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
cloud-hypervisor uses `hybrid vsocks`, it is not needed to find a
context ID.
Fixes: #2481
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
Some flags defined by the host may not be compatible with golang,
not use LDFLAGS but use our own variable.
Fixes: #2478
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
- Fix typos in sandbox and persist/fs
- AArch64: change image rootfs from fedora to ubuntu
- build: Add support to strip the binary
- kernel: Update kernel to latest stable 5.4.15
- selinux: Disable selinux
- rootless: implement rootless fs and support --rootless option
- ci: Do not setup virtcontainers while using podman
- CI: update yq to 3.1.0
- dep: Fix dep check
- Update Cloud Hypervisor to v0.5.0
- docs: README: Minor grammatical updates
- FC: Update Firecracker to v0.20.0
- Support hotplug PCIe in q35
- virtcontainers: clh: Set the serial to NULL instead of OFF
- s390x: fix refactoring
- AArch64: fix golint error on ARM CI.
- versions: bump conmon version to v2.0.5
- virtcontainers: Fix error message in mockHypervisor
- rootless: use libcontainer API to detect rootless
- Add Ipv6 support
- vendor: update agent client
- qemu: Add virtio-mem support
- virtcontainers: constrain docker container when sandbox_cgroup_only=true
- Fix typo in 'sandbox'
- vc: Detach device when unable to store sandbox device
- unit-test: cleaning up stale files under /tmp
- support systemd cgroups and cgroupsV2
- Land experimental "newstore" as formal feature
- versions: update qemu to 4.1.1
- FC: jailer failed when importing new flag "--config-file"
- ut: fix make test failures
- qemu: add disable_image_nvdimm option
- clh: Increase unit test using mock testing
- versions: Update cloud hypervisor url
- rootless: fix rootless for case net=none
- vendor: Update github.com/kata-containers/agent
- shimv2: support runtime config path via annotation
- shimv2: clean up properly if vmm quits unexpectedly
- vendor: Update golang.org/x/sys
- clh: update to latest master
- cache-factory: a few bug fix
- FC: introduce `--config-file` to bypass API ready state
- clh: client: update acording to versions.yaml
- vc: Check error return from storeState
- makefile: honor virtiofs config for default config
- virtiofs: add default value for virtioFsCache type.
0f720e6f virtcontainers: fix typo in sandbox
78bb6c0f virtcontainers/persist: fix typo in fs
2c3b4657 build: Add support to strip the binary
a45cf62e virtcontainers/pkg/rootless: fix comment on exported var
c36c667b cli: implement --rootless option
11bd456a virtcontainers: support new persist API
9585bc92 virtcontainers/hypervisors: support new persist API
00307a70 virtcontainers/sandbox: support new persist API
4b9ab557 virtcontainers/factory: support new persist API
71f48a33 virtcontainers/persist: update `GetDriver` to support rootless fs
dd2762fd virtcontainers/persist: introduce mock fs driver
ea8fb96c virtcontainers/persist: introduce rootless fs driver
768db1bd virtcontainers/persist: update API and interface
6be74811 virtcontainers: remove getVMPath method from agent
658f7797 rootless: move pkg/rootless to virtcontainers
83561c4c ci: Do not setup virtcontainers while using podman
22c486aa CI: update yq to 3.1.0
a8dcff5b AArch64: change image rootfs from fedora to ubuntu
de7383b2 kernel: Update kernel to latest stable 5.4.15
5c3bcd88 dep: Fix dep check
836e3c21 clh: update to v0.5.0
055f3171 selinux: Disable selinux
7498978c Vendor: update agent client
27d9e433 FC: update Firecracker to v0.20.0
bb41b724 qemu: Support PCIe device hotplug for q35
fa7d00ec vendor: update github.com/intel/govmm
b2fb86f3 virtcontainers: clh: Set the serial to NULL instead of OFF
96a49a89 AArch64: arm ci failed on stale Gopkg.lock.
9bf4b859 AArch64: fix golint error on ARM CI.
2560e65e versions: bump conmon version to v2.0.5
693ad238 virtcontainers: Fix error message in mockHypervisor
c5d79eb2 ipv6: Add support for ipv6 for netmon as well.
b169476b ipv6: Add support for ipv6
4a77b0f8 rootless: use libcontainer API to detect rootless
b602e62a docs: README: Minor grammatical updates
c26ce186 vendor: update agent client
01a12b00 qemu: Add virtio-mem support
c3cf98ac virtcontainers: constrain docker container when sandbox_cgroup_only=true
54482f18 virtcontainers: remove json cgroups struct tag
b3374289 vendor: Update github.com/intel/govmm
316b5f2b virtcontainers: Fix typo in logger message
1f957e1b vc: Detach device when unable to store sandbox device
7186c01d unit-test: delete what ioutil.TempFile creates
0244d95e unit-test: delete what ioutil.TempDir() creates
aa62781a unit-test: reconstuct TestMain
d042d5c0 virtcontainers: fix unit tests
776da087 virtcontainers/hook: fix HookState
f372b858 virtcontainers: reimplement setupSandboxCgroup
9949daf4 virtcontainers: move validCgroupPath
ce2795e9 virtcontainers: remove systemd paramenter from constraintGRPCSpec
8c63c180 virtcontainers: add function to create a new cgroup manager
8057cd72 virtcontainers: add function to identify systemd cgroup path
4126968b virtcontainers: save CgroupPaths and Cgroups in sandbox
a170d00b vendor: update agent
112f90b7 vendor: update golang/x/sys
4a1dc1ee vendor: update libcontainer
908a42a4 vendor: update logrus
0af48197 versions: update qemu to 4.1.1
35948550 s390x: fix refactoring
290339da compatibility: keep oldstore for compatibility
4a298cb9 persist: address comments
d33b154d persist: add interface for global read/write
ed4a1954 persist: remove unused struct
8e88859e persist: remove all usage of VCStore
01b4a64b persist: remove VCStore from sandbox/apis
b63e517f persist: replace sandbox lock with newstore.Lock
508101bc persist: fix vmtemplate storage leak
29b55ab8 persist: remove VCStore from container
633748aa persist: remove VCStore from hypervisor
687f2dbe persist: move "newstore" out of experimental
3ed472dc store: UT tmp path should be random
56171206 nsenter: skip ut on non-root
e5b04a5b ut: fs test should set RunStoragePath
9bf0d67f ut: direct factory needs to set VCStorePrefix
4c35d091 vc: set store RunVMStoragePath for ut
3deb24e5 cli: flush coverage report in defer function
f56d70cc vc: UT should set VCStorePrefix
7c7a4a3b annotations: add disable_image_nvdimm
652bb76d cli: syscall return value check is wrong
a8717286 qemu: add disalbe_image_nvdimm option
dd5b4469 qemu: refactor appendImage
a2d3f9f3 vitiofsd: Add virtiofsd interaface
2a085ee6 clh: virtiofsd: check path is not empty
af5c9c23 clh: hypervisor: Do not set 9p values for virtiofs
6a10cd96 clh: test: add unit test
8a439eab clh: add Client Interface and bootVM test
09198eed FC: jailer failed when importing new flag "--config-file"
661956f5 versions: Update cloud hypervisor url
b96c7e5a rootless: fix rootless for case net=none
a215f87e vendor: Update github.com/kata-containers/agent to handle hvsock issue
1c11fe20 shimv2: support runtime config path via annotation
6cd9b3b0 vendor: Update golang.org/x/sys
9c3151e5 clh: remove not requried values
e9a852dd clh: update api calls for latest master
1a7539c1 clh: update client
55323788 versions: update clh to v0.4.0
6eae033f shimv2: cleanup container if not found
743309cd vc: stop container should change container state at last
efb611aa clh: client: update acording to versions.yaml
ab2088f7 makefile: honor virtiofs config for default config
9a154570 vc: Check error return from storeState
8f6d0ab1 FC: introduce `--config-file` to replace API configure request
f2d8d715 FC: func checkVersion should be more independent
9ce21135 FC: remove API Ready state
cc25216b virtiofs: add default value for virtioFsCache type.
837a0ee0 cache-factory: set bridge info when creating vm
3d8ffe41 cache-factory: fix nil pointer runtime panic
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
we need to refine unit tests due to previous two commits and
add new test for new func checkVersionConsistencyInComponents.
Fixes: #2375
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
Use `kata-runtime kata-check --strict/-s` to perform version
consistency check.
Only if major version number, minor version number and Patch
number are all the same, we determine those two kata components
are version-consistent.
Fixes: #2375
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
We import new struct VersionInfo for better organizing version info of
kata components, in order to follow Semantic Versioning Specification.
Fixes: #2375
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
