systemd-random-seed service fails if the rootfs is a read-only fs.
systemd-random-seed restores the random seed of the system at early
boot and saves it at shutdown, since kata containers are one boot machines
this service is not needed.
Signed-off-by: Julio Montes <julio.montes@intel.com>
Former snap configuration snapcraft.toml install qemu-lite for all
platforms, which isn't applicable on aarch64. We need qemu-aarch64
of specific version and extra patches.
Fixes: #399
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
With the old code it was possible to see odd messages like:
"INFO: Create root disk image. Attempt 6 out of 5."
Move the attempt number print to after we check against the max
Fixes#251
Signed-off-by: Matt Fischer <matt@mattfischer.com>
debian config seems to be missing PACKAGE variable altogether.
Add it along with appending chrony to the list.
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
chrony will be used to schronize guest clock with host
using kvm_ptp kernel driver.
This does add another active component to the rootfs
but keeping time scychorized is crucial.
Fixes#255
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
We need to modify this test in order to handle firecracker.
Fixes#248
Depends-on:github.com/kata-containers/osbuilder#247
Signed-off-by: Gabriela Cervantes <gabriela.cervantes.tellez@intel.com>
Use a clever HTML trick to allow the output of the data collection
script to be hidden / unhidden in the github.com interface.
See the example at the top of
https://github.com/kata-containers/runtime/issues/1347.
Fixes#1386.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Create a new function to collect all data display function calls in the
data collection script.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Kata supports multiple configuration file locations, so update the dev
guide to tweak config settings in
`/etc/kata-containers/configuration.toml` rather than the pristine
`/usr/share/defaults/kata-containers/configuration.toml` file. The
former is read first meaning the system can be reset to a vanilla Kata
configuration by simply deleting
`/etc/kata-containers/configuration.toml`.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
The debug console systemd job needs to specify `PrivateDevices=no` to
ensure the job can access the *real* console. Without this, connecting
to the socket does not provide access to the main guest root context.
Fixes#403.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
- image-builder: fill out device namespace information into kata image
- tests: install kata components from master
- tests: skip euleros
- arch: Remove calls to arch command
- pullapprove: remove it
- memory_hotplug: MEM_BOUNDARY_MB should be arch-dependent
726f798 image-builder: fill out device namespace information into kata image
cbe5642 image-builder: add gcc as dependecy to generate the image
7620066 image-builder: sync rootfs data after copying it into the image
dc5bc07 image-builder: fix mem boundary recalculation
71ccc0a mage-builder: remove -s option and IMG_SIZE envar
8065bb6 rootfs-builder: delete dnf and rmp data
35588dd tests: install kata containers components from master
519bbe8 tests: remove docker before installing the newer version
b4de168 tests: skip euleros
f38c67d arch: Remove calls to arch command
8963b8e pullapprove: remove it
e4d5c1b memory_hotplug: MEM_BOUNDARY_MB should be arch-dependent
Signed-off-by: Peng Tao <bergwolf@gmail.com>
- volumes: Handle k8s empty-dirs of "default" medium type
- versions: kernel: update to 4.19.28
- qemu: throw error when fail to get addr from bridges
- vc:qemu: Fix id calculation of memory hotplug
- s390x: 2 small test fixes
- arm64: support NVDIMM
- virtcontainers: move resource calculation to its own function
- versions: update nemu to latest release
- Add crio and containerd details to collect script
- pkg: reduce memory footprint
- Fix rootfs mount assumptions
- s390x: fix golint complain
- Network: remove Physical field in VethEndpoint
- test: add tests for sandbox creation rollback and cleanup
- VMCache: the new function that creates VMs as caches before using it
- unit test: Fix local test
- Add upstream version url regexp's to allow upto date checks
- virtcontainer: watch the qemu's console when proxy's debug enabled
- unit-test: fix undefined struct field SupportVSocks on arm64
- Makefile: Fix aarch64 fail in No GO command or GOPATH not set mode
- tracing: Fix tracing
- config: check the builtIn first when updating shim/proxy/agent
- qemu: fix devID value error
- Makefile: Change "GOPATH not set" to "No GO command"
8e2a5ea tests: Fix units tests to check empty-dir volumes backed by host-dir
47a6023 volumes: Handle k8s empty-dirs of "default" medium type
4e81522 vc:qemu: Fix id calculation of memory hotplug
502fdab test: add test for addDeviceToBridge
0061e16 virtcontainers: move resource calculation to its own function
7504d9e unit-test: add TestSandboxUpdateResources
f009a53 versions: update nemu to latest release
f2a506a scripts: Add containerd details to collect script
7266d31 scripts: Log crio config file in collect script
30f9776 scripts: Create separate section for crio in collect script
ae08ea3 scripts: Add helper function to collect script
ae4d8b4 versions: kernel: update to 4.19.28
c7ace4b qemu: throw error when fail to get addr from bridges
2456ac5 pkg: reduce memory footprint
df9a401 Network: remove Physical field in VethEndpoint
76d9db3 vendor: Add github.com/gogo/protobuf
45fe870 runtime: Add unit tests
0f8b2ad VMCache: Update factory to run as a VMCache server
90704c8 VMCache: the core and the client
d8bcddb qemu-arm64: add unit test for func appendImage on aarch64
986e4dc qemu-arm64: Support nvdimm on arm64
8ba27e1 s390x: remove pmu from test
6242af3 s390x: fix TestQemuS390xMemoryTopology
613edd5 s390x: fix golint complain
27a92f9 runtime: Fix rootfs mount assumptions
c964a26 virtcontainers: makefile fix .ci path
fcee080 unit-test: Fix local test
c4957dd virtcontainer: watch the qemu's console when proxy's debug enabled
1e30673 test: add tests for sandbox creation rollback and cleanup
bdb34e7 Makefile: Fix aarch64 fail in No GO command or GOPATH not set mode
c759cf5 tracing: Fix tracing
31232b4 config: check the builtIn first when updating shim/proxy/agent
03dd780 qemu: fix devID value error
a1ddf53 Makefile: Change "GOPATH not set" to "No GO command or GOPATH not set"
35672b5 unit-test: fix undefined struct field SupportVSocks on arm64
975157d versions.yaml: add uscan annotations
Signed-off-by: Peng Tao <bergwolf@gmail.com>
Not all hypervisor support NVDIMM hence DAX support MUST BE enabled explicitly
setting the DAX environment variable to 'yes'
fixes#246
Signed-off-by: Julio Montes <julio.montes@intel.com>
We were considering all empty-dir k8s volumes as backed by tmpfs.
However they can be backed by a host directory as well.
Pass those as 9p volumes, while tmpfs volumes are handled as before,
namely creating a tmpfs directory inside the guest.
The only way to detect "Memory" empty-dirs is to actually check if the
volume is mounted as a tmpfs mount, since any information of k8s
"medium" is lost at the OCI layer.
Fixes#1341
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
We use a packagecloud OSS account for package hosting.
As part of the arrangement with packagecloud we need to
credit them and add a link back to https://packagecloud.io
on our website and project README.
This was added to the kata-containers repository's README,
but it is also probably appropriate to add it to the packaging
README as well.
Signed-off-by: Thierry Carrez <thierry@openstack.org>
We use a packagecloud OSS account for package hosting.
As part of the arrangement with packagecloud we need to
credit them and add a link back to https://packagecloud.io
on our website and project README.
This repository's README is probably the closest we have to
a "project README", so let's add it here.
Signed-off-by: Thierry Carrez <thierry@openstack.org>
Update the how-to containerd-kata doc to support runtime option, by which
we can specify kata configure file for different kata runtime.
Fixes:#390
Signed-off-by: fupan <lifupan@gmail.com>
Now, function NewFactory will return nil even create template
does't complete. As for this, it will tell user that factory
has been initialized no matter whether the template is created
or not. This patch correct it by adding another return value
of error in NewFactory.
Testing initFactoryCommand when enable template will need root
privilege to mount tmpfs. So skip it for no-root user.
Testing initFactoryCommand func will create template, but no
proxy type assigned to VMconfig which will using katabuiltinProxy
instead. this will lead to failure for this type of proxy will
check proxyparams which contains many null value. This commit
fix it by substitute katabuiltinProxy as noopProxy when for test
purpose.
Fixes: #1333
Signed-off-by: Jianyong Wu <jianyong.wu@arm.com>
Create cgroup path relative the cgroups mount point if it's absolute,
or create it relative to a runtime-determined location if the path
is relative.
fixes#1365fixes#1357
Signed-off-by: Julio Montes <julio.montes@intel.com>
Rather than add the config for kata-qemu and kata-fc unconditionally,
the script now checks if the runtime config exists.
If it exists, then do not chnage the path for the runtime.
The user may have configured this to a specific path for testing
local chnages.
Fixes#374
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
The new NVDIMM driver implementation (kernel >= 4.16) needs to know the device
namespace information to map pages, this metadata is read from the nvdimm
namespace at 4k offset.
fixes#235
Signed-off-by: Julio Montes <julio.montes@intel.com>
gcc is required to build the binary in charge to fill out the device
namespace information (matadata) into the kata containers image.
Signed-off-by: Julio Montes <julio.montes@intel.com>
guest kernel needs 64 bytes of DRAM per 4K page of emulated PMEM, hence the
image size should be as small as possible to reduce the container's memory
footprint. The image size is recalculated automatically if it's too small
to contain the rootfs.
Signed-off-by: Julio Montes <julio.montes@intel.com>
