Fixes: #1422
Detect failing test case:
```
....
=== RUN TestEnterContainerFailingContNotStarted
--- PASS: TestEnterContainerFailingContNotStarted (0.01s)
=== RUN TestEnterContainer
--- FAIL: TestEnterContainer (0.00s)
Error Trace: sandbox_test.go:1154
Error: Expected value not to be nil.
Messages: Entering non-running container should fail
Error Trace: sandbox_test.go:1157
Error: Expected nil, but got: &errors.errorString{s:"Can not
move from running to running"}
Messages: Failed to start sandbox: Can not move from running to
running
FAIL
```
`TestEnterContainerFailingContNotStarted` calls `cleanUp` at function
begging but it doesn't clean its garbage after it ends.
`TestEnterContainer` only call `cleanUp` in the end but it doesn't do
cleanUp in the begging, that gives first test case a chance to impact
latter one.
This commit modifies all the test cases, let them all do the cleanUp()
in the end.
The policy here is: "everyone needs to take their garbage away when they
leave" :)
Signed-off-by: Wei Zhang <zhangwei555@huawei.com>
Fixes: #1415
Container resources have been saved to ContainerConfig so there's no
need to save it again in state.json.
Signed-off-by: Wei Zhang <zhangwei555@huawei.com>
k8s host empty-dir is equivalent to docker volumes.
For this case, we should just use the host directory even
for system directories.
Move the isEphemeral function to virtcontainers to not
introduce cyclic dependency.
Fixes#1417
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
We handle system directories differently, if its a bind mount
we mount the guest system directory to the container mount and
skip the 9p share mount.
However, we should not do this for docker volumes which are directories
created by Docker.
This introduces a Docker specific check, but that is the only
information available to us at the OCI layer.
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
gometalinter is deprecated and will be archived April '19. The
suggestion is to switch to golangci-lint which is apparently 5x faster
than gometalinter.
Partially Fixes: #1377
Signed-off-by: Ganesh Maharaj Mahalingam <ganesh.mahalingam@intel.com>
Add a note to the developer guide explaining that the debug console
requires systemd support (hence nominally you cannot use alpine linux
for example as that doesn't use systemd).
Fixes#412.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Kata does support privileged flag but within the guest,
so explain how this works in the Limitations docs.
Fixes#362
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Change the debug console systemd job to specify the path to bash as
`/bin/bash`, *not* `/usr/bin/bash`. This unbreaks the debug console for
Ubuntu and Debian and also works for all other distros.
Fixes#410.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Don't force Docker to be kept at version 18.06 (to ensure devicemapper
is available). This feature won't be re-added by Docker and remaining on
an old version of Docker is not good from a security perspective.
Replace the pinning with a note pointing users at an issue which
provides details of alternatives to devicemapper.
Fixes#407.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
osbuilder recently added the ability to create images with a DAX/NVDIMM
header [1], however this change broke the data collection script. Update
that script to handle images with and without this header.
The data collection script will now assume a header is present. However,
if it fails to find the required partition data, it will try again, this
time assuming the image does not have a DAX/NVDIMM header.
Fixes#1404.
[1] - https://github.com/kata-containers/osbuilder/pull/236
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Add a number of useful build and install targets to the `show-usage`
target which are visible when the user runs `make help`.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Add `install-runtime` and `install-netmon` targets. This allows the
`install` target to be simplified and also allows the runtime to be
built without having to build the `containerd-shim-v2` binary which is
slow to build:
```
$ make runtime && sudo -E PATH=$PATH make install-runtime
```
Fixes#1402.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
The `containerd-shim-v2` binary does not need the `kata-runtime` binary
to be built first, so remove the dependency.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
After code check and test, found VMCache can work with vsock.
Remove the code that prohibit them from working together.
Fixes: #1400
Signed-off-by: Hui Zhu <teawater@hyper.sh>
install-yq.sh use curl but not check if curl is available or not.
Add code to check curl before use it.
Fixes: #1379
Signed-off-by: Hui Zhu <teawater@hyper.sh>
KVM virtual PTP in linux kernel allows guest to sync its
clock to the host clock with high precision. kvm-ptp has been
enabled in our kernel. Add this as a source for `chrony` so that
it can be used to sync the guest system clock.
`chrony` needs to be started in the guest for time sync.
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
