Vsock conflicts with factory, when both of them are enabled,
kata will try to create a new vm template which is useless,
thus it's better to return an error directly to let users know
that those two config cannot be enabled at the same time.
Fixes: #1055
Signed-off-by: fupan <lifupan@gmail.com>
The multiqueue flag associated with the TUNTAP network device cannot
be used if the number of queues indicates 0. When 0, this means the
multiqueue is not supported, and we cannot use the according flag.
Fixes#1051
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
We can use the background context when creating test sandboxes from the
sanbox unit tests. This shuts the "trace called before context set"
erros down.
Fixes: #1048
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
We need to bump the kernel version from 4.14.67 to 4.19.10 in order
to follow the recent kernel config bump.
Fixes#1029
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
containerd would like to get the shim's socket
address from shimv2's stdout, thus it's better
to discard the log's output before shimv2 init
it's logger and at the same time add a hook to
log into syslog.
Fixes: #1035
Signed-off-by: Fupan Li <lifupan@gmail.com>
Since kata-agent is using virtio-console to output debugging info
and the console ports are available in the guest as /dev/hvc0 and
/dev/hvc1, we should swap origin console type 'console=ttyAMA0'
with 'console=hvc0,hvc1'.
Fixes: #1033
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
Signed-off-by: Wei Chen <Wei.Chen@arm.com>
In order to properly setup the network, hence allocate or not multiple
queues, this commit makes sure that the hypervisor capabilities are
checked for this.
Fixes#1027
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
Each hypervisor is different and supports different options regarding
the network interface it creates. In particular, the multiqueue option
is not supported by Firecracker and should not be assumed by default.
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
The point of knowing the number of CPUs from the network perspective
is to determine the number of queues that can be allocated to the
network interface of the our virtual machine.
Therefore, it's more logical to name it queues from a network.go
perspective.
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
In order to prevent from future duplication of calls into the
hypervisor interface, the hypervisor is directly passed as part
of the xConnectVMNetwork() function. Because this does not apply
the disconnection case, this commit splits the former function
into two separate ones.
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
HotplugRemoveMemory require to do a qmp call, but
unit test does not start a Qemu instance.
Depends-on: github.com/kata-containers/tests#1007
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
- Container only is responsable of namespaces and cgroups
inside the VM.
- Sandbox will manage VM resources.
The resouces has to be re-calculated and updated:
- Create new Container: If a new container is created the cpus and memory
may be updated.
- Container update: The update call will change the cgroups of a container.
the sandbox would need to resize the cpus and VM depending the update.
To manage the resources from sandbox the hypervisor interaface adds two methods.
- resizeMemory().
This function will be used by the sandbox to request
increase or decrease the VM memory.
- resizeCPUs()
vcpus are requested to the hypervisor based
on the sum of all the containers in the sandbox.
The CPUs calculations use the container cgroup information all the time.
This should allow do better calculations.
For example.
2 containers in a pod.
container 1 cpus = .5
container 2 cpus = .5
Now:
Sandbox requested vcpus 1
Before:
Sandbox requested vcpus 2
When a update request is done only some atributes have
information. If cpu and quota are nil or 0 we dont update them.
If we would updated them the sandbox calculations would remove already
removed vcpus.
This commit also moves the sandbox resource update call at container.update()
just before the container cgroups information is updated.
Fixes: #833
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
Most of the projects, they can be built with "make". After that,
"sudo make install" can install the application.
It is not work for kata-runtime because kata-runtime's make must work
with golang in the environment that default sudo cannot supply it.
But "make install" doesn't need golang.
So add "GOPATH not set" to handle the issue.
Fixes: #1008
Signed-off-by: Hui Zhu <teawater@hyper.sh>
Full commit list:
34b7454 grpc: sandbox: add container when is fully created.
df822eb grpc: support rlimits
87ad0a8 release: Kata Containers 1.5.0-rc1
31c6b6e grpc: add SetGuestDateTime API
4eca13b client: do cleanup after UT stop mock server
c25288a Makefile: Decide if agent will be built by seccomp tag
0aae82b release: Kata Containers 1.4.0
7b4c337 vendor: Update vendor/github.com/containerd/console
8dedf30 agent: build as Position-Independent-Executable
dc635d4 test: Add test for ipvlan routes in l3 mode
69ee60f network: Refactor to reduce cyclomatic complexity
4005c33 network: Handle default route where gateway is empty
83138df pkg: types: Add a new field type
Signed-off-by: Peng Tao <bergwolf@gmail.com>
The PR adds the support for s390x.
In the case of CCW devices, the vhost-user devices are not supported.
See #659. An error message is thrown if they tried to be used.
Memory hotplug is not supported on s390 yet and an error message is thrown.
The VirtioNetPCI has been changed to VirtioNet. The generalization
allows to set the VirtioNet to the correct CCW device for s390x.
Fixes: #666
Co-authored-by: Yash D Jain ydjainopensource@gmail.com
Signed-off-by: Alice Frosi <afrosi@de.ibm.com>
For kata shimv2, the sub-reaper isn't needed, otherwise
it will break the cmd.Run() calling in govmmQemu.LaunchQemu().
Fixes: #939
Signed-off-by: fupan <lifupan@gmail.com>
When agent is configured as longLive, the VM's agent created
by factory will not close it's client once it connected, thus
the sandbox's agent cannot re-connect successfully.
Sharing the agent's client between VM's agent and sandbox
can fix this issue.
Fixes: #995
Signed-off-by: fupan <lifupan@gmail.com>
- Block: Add cache-related options for block devices
- versions: Add nemu
- Update cid vsock
- shim: Add trace config option
- vendor: Update govmm vendoring
- git: Add containerd-shim-kata-v2 to .gitignore
- virtcontainers: change uint32 to uint64 for ioctl
- virtcontainers: Return the appropriate container status
- config: Check factory config
- Implement containerd shim v2 API for Kata Containers
- ppc64le: kata-env fails due to missing vendor field
- kata-check: do not require nested vt
- kata-env: Show runtime trace setting
deb6f16 virtcontainers: update context id of vsock to uint64
f651147 block: Add cache-related options for block devices
018c8c1 vendor: Update govmm vendoring
ea74b98 shim: Add trace config option
2af240b versions: Add nemu
7093eec git: Add containerd-shim-kata-v2 to .gitignore
96ed6c5 git: Sort .gitignore entries
04ce4c0 virtcontainers: change uint32 to uint64 for ioctl
0bf29c8 config: Check factory config
fe784c1 config: Create function to check config options
70e4dc5 config: Move check code to end of LoadConfiguration
fa9b15d virtcontainers: Return the appropriate container status
02f8b29 containerd-shim-kata-v2: add building of shimv2 into Makefile
8199d10 containerd-shim-kata: add unit test cases
7951041 containerd-shim-kata-v2: add the service Stats support
5cc016c containerd-shim-kata-v2: add the service Kill support
9ee53be containerd-shim-kata-v2: add the service Resume support
8df33d3 containerd-shim-kata-v2: add the service Pause support
cd321a3 containerd-shim-kata-v2: add the service ResizePty support
47326f5 containerd-shim-kata-v2: add the service Update support
642231b containerd-shim-kata-v2: add the service Shutdown support
87f591a containerd-shim-kata-v2: add the service Connect support
ec4f27b containerd-shim-kata-v2: add the service CloseIO support
8c95b75 containerd-shim-kata-v2: add the service Pids support
709bc9a containerd-shim-kata-v2: add the service Cleanup support
a0e6456 containerd-shim-kata-v2: add the service Delete support
fd18b22 containerd-shim-kata-v2: add the service State support
fbaefc9 containerd-shim-kata-v2: add the service wait support
269c940 containerd-shim-kata-v2: add the exec service support
4c5b296 containerd-shim-kata-v2: add the start service support
72fd6e0 containerd-shim-kata-v2: add the create service support
ca58bb4 ppc64le: kata-env fails due to missing vendor field
d6c4ca5 container-shim-kata-v2: The init containerd shim v2 support
5e6cd00 containerd-shim-v2: add the shim v2 required vendors
f0cb0c7 cli: refactor to align with katautils package
9984636 kata-env: Show runtime trace setting
8cfb06f kata-check: optionally require kvm-intel unrestricted_guest
acbcde3 kata-check: do not require nested vt
ea9ecd7 kata-check: modprobe missing kernel modules
Signed-off-by: katacontainers bot <katacontainersbot@katacontainers.io>
The CID of VSock needs to be change to uint64. Otherwise that leads to
an endianess issue. For more details see
https://github.com/kata-containers/runtime/issues/947
Remove the uint64 introduced by #984Fixes: #958
Signed-off-by: Alice Frosi <afrosi@de.ibm.com>
Add block_device_cache_set, block_device_cache_direct and
block_device_cache_noflush.
They are cache-related options for block devices that are described in
https://github.com/qemu/qemu/blob/master/qapi/block-core.json.
block_device_cache_direct denotes whether use of O_DIRECT (bypass the host
page cache) is enabled. block_device_cache_noflush denotes whether flush
requests for the device are ignored.
The json said they are supported since 2.9.
So add block_device_cache_set to control the cache options set to block
devices or not. It will help to support the old version qemu.
Fixes: #956
Signed-off-by: Hui Zhu <teawater@hyper.sh>
