Add support for cgroup driver systemd.
systemd cgroup is not applied in the VM since in some cases like initrd images
there is no systemd running and nobody can update a systemd cgroup using
systemctl.
fixes#596
Signed-off-by: Julio Montes <julio.montes@intel.com>
The CLI being the implementation of the OCI specification, and the
hooks being OCI specific, it makes sense to move the handling of any
OCI hooks to the CLI level. This changes allows the Kata API to
become OCI agnostic.
Fixes#599
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
This commit moves the network namespace creation out of virtcontainers
in order to anticipate the move of the OCI hooks to the CLI through a
follow up commit.
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
Add additional `context.Context` parameters and `struct` fields to allow
trace spans to be created by the `virtcontainers` internal functions,
objects and sub-packages.
Note that not every function is traced; we can add more traces as
desired.
Fixes#566.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Add initial support for opentracing by using the `jaeger` package.
Since opentracing uses the `context` package, add a `context.Context`
as the first parameter to all the functions that we might want to
trace. Trace "spans" (trace points) are then added by extracting the
trace details from the specified context parameter.
Notes:
- Although the tracer is created in `main()`, the "root span"
(aka the first trace point) is not added until `beforeSubcommands()`.
This is by design and is a compromise: by delaying the creation of the
root span, the spans become much more readable since using the web-based
JaegerUI, you will see traces like this:
```
kata-runtime: kata-runtime create
------------ -------------------
^ ^
| |
Trace name First span name
(which clearly shows the CLI command that was run)
```
Creating the span earlier means it is necessary to expand 'n' spans in
the UI before you get to see the name of the CLI command that was run.
In adding support, this became very tedious, hence my design decision to
defer the creation of the root span until after signal handling has been
setup and after CLI options have been parsed, but still very early in
the code path.
- At this stage, the tracing stops at the `virtcontainers` call
boundary.
- Tracing is "always on" as there doesn't appear to be a way to toggle
it. However, its resolves to a "nop" unless the tracer can talk to a
jaeger agent.
Note that this commit required a bit of rework to `beforeSubcommands()`
to reduce the cyclomatic complexity.
Fixes#557.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
For one thing, it is not used by any kata components. For another thing,
it breaks vm factory hypervisor config check.
Signed-off-by: Peng Tao <bergwolf@gmail.com>
Add enable_template option to the config file.
When it is set, enable the vm template factory.
cache factory cannot be used by kata cli directly because
it requires a running daemon to maintain the cache VMs.
`kata-runtime factory init` would initialize the vm factory and
`kata-runtime factory destroy` would destroy the vm factory.
When configured, a vm factory is loaded before creating new sandboxes.
Signed-off-by: Peng Tao <bergwolf@gmail.com>
Ephemeral volumes should not be passed at 9pfs mounts.
They should be created inside the VM.
This patch disables ephemeral volumes from getting
mounted as 9pfs from the host and instead a corresponding
tmpfs is created inside the VM.
Fixes : #61
Signed-off-by: Harshal Patil <harshal.patil@in.ibm.com>
Once `containerID` and `sandboxID` fields are available, re-register
the logger with the external packages to ensure they too display these
important fields.
Fixes#467.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Adding cid+sid fields to the log entries generated by most of the CLI
commands will make debugging across the system easier.
Fixes#452.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
This commit add a no-pivot flag (just a warning tip) in kata-runtime create and run cmd.
Fixes: #409 , #134
Signed-off-by: wenqi wang wangwenqi01@baidu.com
This commit will allow for better performance regarding the time spent
to retrieve the sandbox ID related to a container ID.
The way it works is by relying on a specific mapping between container
IDs and sanbox IDs, meaning it allows to retrieve directly the sandbox
ID related to a container ID from the CLI. This lowers complexity from
O(n²) to O(1), because we don't need to call into ListPod() which was
parsing all the pods and all the containers on the system everytime
the CLI need to retrieve this mapping.
This commit also updates the whole unit tests as a consequence. This
is involving most of them since they were all relying on ListPod()
before.
Fixes#212
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
Many cli and arch files were using the 'older style' fairly full
Apache license text. The project standard is the shorter SPDX style.
Convert them over.
Fixes: #225
Signed-off-by: Graham whaley <graham.whaley@intel.com>
As agreed in [the kata containers API
design](https://github.com/kata-containers/documentation/blob/master/design/kata-api-design.md),
we need to rename pod notion to sandbox. The patch is a bit big but the
actual change is done through the script:
```
sed -i -e 's/pod/sandbox/g' -e 's/Pod/Sandbox/g' -e 's/POD/SB/g'
```
The only expections are `pod_sandbox` and `pod_container` annotations,
since we already pushed them to cri shims, we have to use them unchanged.
Fixes: #199
Signed-off-by: Peng Tao <bergwolf@gmail.com>
