Overlay and veth support wasn't included when migrating to fragment
based configs. Re-add to fix DinD use case.
Fixes: #715
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
As per the comments in security.conf, the intention was to
enable STACKPROTECTOR and STACKPROTECTOR_STRONG.
The current config leaves them unset in the final .config
and also prevents other fragments from overriding the setting.
Set both to =y as indicated in the comments.
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
This adds the kata deploy for QEMU and kernel with virtio-fs 3.0
Depends-on: github.com/kata-containers/runtime#2052
Fixes#709
Signed-off-by: Gabriela Cervantes <gabriela.cervantes.tellez@intel.com>
This adds QEMU and the kernel with virtiofs 3.0 at the versions.yaml
file.
Depends-on: github.com/kata-containers/packaging#710
Fixes#2051
Signed-off-by: Gabriela Cervantes <gabriela.cervantes.tellez@intel.com>
Upgrade vendor ttrpc to fix the issue of fd leak.
Fixes: #2000
0e0f228 Handle ok status
8c74fe8 Update to go 1.12x on travis
17f4d32 Client.Call(): do not return error if no Status is set(gRPC v1.23 and up)
271238a Fix method full name generation
694de9d metadata as KeyValue type
3afb82b Fix error handling with server shutdown
f3eb35b Refactor close handling for ttrpc clients
de8faac Add godocs for interceptors
e409d7d Add example binary for testing the example service
819653f Add client and server unary interceptors
04523b9 Rename headers to metadata
5926a92 Support headers
911c9cd Improve connection error handling
96dcf73 Handle EOF to prevent file descriptor leak
ba15956 Make onclose an option.
Signed-off-by: lifupan <lifupan@gmail.com>
When we try to run the kata-deploy-binaries.sh script, we have a failure on
the pkglib.sh script that we can not source the versions.txt. In order to
avoid these kind of failures, we introduce to detect if this file exists and
in case that it does not, we fail the script.
Fixes#712
Signed-off-by: Gabriela Cervantes <gabriela.cervantes.tellez@intel.com>
Add appendImage function to struct qemuS390x, so that a call of
appendImage results in a call to the appendBlockDevice function of
qemuS390x instead of qemuArchBase.
Fixes: #2043
Signed-off-by: Jan Schintag <jan.schintag@de.ibm.com>
kata deploy script setup a new GOPATH to pull
a fresh environment to install kata. This script
was using the local kernel install script and not the
one in the new environment
Fixes: #706
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
dracut will process conf files with bash, and in fact it's common to
use idioms like += in conf files for string concatenation. The current
grep usage in the Makefile won't catch all possible valid 'drivers'
variable cases.
Instead, use bash to parse and echo the 'drivers' content
Fixes: #356
Signed-off-by: Cole Robinson <crobinso@redhat.com>
The Makefile invokes dracut with a custom confdir. However dracut will
still pull site configuration from /usr/lib/dracut/dracut.conf.d/, which
on Fedora contains a 01-dist.conf that sets among other things
early_microcode="yes".
Because 01-dist.conf is processed after 00-base.conf, kata's
early_microcode="no" is overridden, which isn't intended.
Rename 00-base.conf to 05-base.conf to sidestep this
Fixes: #354
Signed-off-by: Cole Robinson <crobinso@redhat.com>
Document how cgroups are done today and what is expected
for the upcoming SandboxCgroupOnly option.
Prior cgroup documentation are no longer accurate. Removing the cgroup
discussion from the cpu sizing discussion. Updating the
cpu-constraints.md file name to reflect this.
Fixes: #542
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
common/DAX:
- ARCH_ENABLE_MEMORY_HOTPLUG: not needed (auto-selected)
- ARCH_HAS_ZONE_DEVICE: already automatically selected. This is
also removed in future kernels, so let's go ahead and drop.
- RADIX_TREE_MULTIORDER: already autoselected, and dropped in future
kernels
common/net:
- NF_NAT_NEEDED, NF_NAT_PROTO_*: these don't exist in newer kernels, as
they are refactored and unecessary in the upstream kernel. Keep them for
now, but consider dropping if we move to newer LTS. These are part of
whitelist of options we expect to be dropped with newer kernels in our
fragment building.
- NF_NAT_MASQUERADE_IPV4: this is a select, not a tristate. Also, in
the future much of the ipv4/ipv6 nat code is combined, so this config
will not exist in newer kernels. Dropped.
- INET6_XFRM_MODE_* are not needed on newer kernels. While I'm not
confident they are needed today for Kata, we will just note them and add
to whitelist for options we expect to be dropped with newer kernels in
our fragment building.
- MAY_USE_DEVLINK: removed in future kernels, and should not be needed
anyway. Dropped.
x86_64/DAX:
- ARCH_HAS_HMM: should not be needed, and is dropped in future kernels.
Dropped
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
These will be handled directly from virtio-fs gitlab, which is utilized
when experimental support is requested in kernel build.
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
Experimental kernel is much newer, and many configuration options have
dropped since 4.19. Let's use a whitelist to itemize what we expect to
be dropped in the final config if experimental kernel us utilized.
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
This isn't available in the baseline kernel, necessarily. Only
add these config options if an experimental kernel is being used.
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
Adding option `-e` to support experimental flag. When selected, the
kernel for virtio-fs is utilized instead of standard kernel.org.
This is a bit more hack-ish than I'd prefer, sorry.
Fixes: #700
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
