In order to support memory hotplug via probe interface in kata-runtime,
firstly, we need to verify whether guest kernel is capable of that.
Fixes: #1149
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
Instead of the agent trying to determine if a serial
or vsock channel is used, pass this information explicitly
as a kernel command line option.
Fixes#1457
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
There is an issue that more than one VMCache server can run with same
vm_cache_endpoint file together.
The cause is factory try to remove vm_cache_endpoint file before VMCache
server runs.
Change it to check if vm_cache_endpoint file exists before VMCache server
runs to handle the issue.
Fixes: #1385
Signed-off-by: Hui Zhu <teawater@hyper.sh>
Gopkg.lock says it's "dbea6f2bd41658b84b00417ceefa416b979cbf10"
but it is actually "5017d4e9a9cf2d4381db99eacd9baf84b95bfb14".
We need to make sure Gopkg.lock does not lie otherwise `dep ensure`
would really fetch the locked revision and it causes build failure
due to API changes.
Introduced by: 76d9db3e0b (vendor: Add github.com/gogo/protobuf).
While at it, constraint containerd/cgroups to a working revision.
Fixes: #1447
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
When the container's rootfs is block storage backed such as devmapper,
shimv2 will not mount it on the host, instead it insert it into hypervisor
as a block device directly.
If kata's config set "disable_block_device_use" as true, it will mount
the rootfs onto host as before.
Fixes:#1158
Signed-off-by: lifupan <lifupan@gmail.com>
container's rootfs is a string type, which cannot represent a
block storage backed rootfs which hasn't been mounted.
Change it to a mount alike struct as below:
RootFs struct {
// Source specify the BlockDevice path
Source string
// Target specify where the rootfs is mounted if it has been mounted
Target string
// Type specifies the type of filesystem to mount.
Type string
// Options specifies zero or more fstab style mount options.
Options []string
// Mounted specifies whether the rootfs has be mounted or not
Mounted bool
}
If the container's rootfs has been mounted as before, then this struct can be
initialized as: RootFs{Target: <rootfs>, Mounted: true} to be compatible with
previous case.
Fixes:#1158
Signed-off-by: lifupan <lifupan@gmail.com>
After we switched golang linter to golangci-lint, we has extra 'deadcode'
linter check, and we need to remove this linter check for all
generic items.
Fixes: #1432
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
Fixes: #1422
Detect failing test case:
```
....
=== RUN TestEnterContainerFailingContNotStarted
--- PASS: TestEnterContainerFailingContNotStarted (0.01s)
=== RUN TestEnterContainer
--- FAIL: TestEnterContainer (0.00s)
Error Trace: sandbox_test.go:1154
Error: Expected value not to be nil.
Messages: Entering non-running container should fail
Error Trace: sandbox_test.go:1157
Error: Expected nil, but got: &errors.errorString{s:"Can not
move from running to running"}
Messages: Failed to start sandbox: Can not move from running to
running
FAIL
```
`TestEnterContainerFailingContNotStarted` calls `cleanUp` at function
begging but it doesn't clean its garbage after it ends.
`TestEnterContainer` only call `cleanUp` in the end but it doesn't do
cleanUp in the begging, that gives first test case a chance to impact
latter one.
This commit modifies all the test cases, let them all do the cleanUp()
in the end.
The policy here is: "everyone needs to take their garbage away when they
leave" :)
Signed-off-by: Wei Zhang <zhangwei555@huawei.com>
Fixes: #1415
Container resources have been saved to ContainerConfig so there's no
need to save it again in state.json.
Signed-off-by: Wei Zhang <zhangwei555@huawei.com>
gometalinter is deprecated and will be archived April '19. The
suggestion is to switch to golangci-lint which is apparently 5x faster
than gometalinter.
Partially Fixes: #1377
Signed-off-by: Ganesh Maharaj Mahalingam <ganesh.mahalingam@intel.com>
osbuilder recently added the ability to create images with a DAX/NVDIMM
header [1], however this change broke the data collection script. Update
that script to handle images with and without this header.
The data collection script will now assume a header is present. However,
if it fails to find the required partition data, it will try again, this
time assuming the image does not have a DAX/NVDIMM header.
Fixes#1404.
[1] - https://github.com/kata-containers/osbuilder/pull/236
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Add a number of useful build and install targets to the `show-usage`
target which are visible when the user runs `make help`.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Add `install-runtime` and `install-netmon` targets. This allows the
`install` target to be simplified and also allows the runtime to be
built without having to build the `containerd-shim-v2` binary which is
slow to build:
```
$ make runtime && sudo -E PATH=$PATH make install-runtime
```
Fixes#1402.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
The `containerd-shim-v2` binary does not need the `kata-runtime` binary
to be built first, so remove the dependency.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
After code check and test, found VMCache can work with vsock.
Remove the code that prohibit them from working together.
Fixes: #1400
Signed-off-by: Hui Zhu <teawater@hyper.sh>
install-yq.sh use curl but not check if curl is available or not.
Add code to check curl before use it.
Fixes: #1379
Signed-off-by: Hui Zhu <teawater@hyper.sh>
systemd-random-seed service fails if the rootfs is a read-only fs.
systemd-random-seed restores the random seed of the system at early
boot and saves it at shutdown, since kata containers are one boot machines
this service is not needed.
Signed-off-by: Julio Montes <julio.montes@intel.com>
