We need to update the network docs to reflect CNM
and CNI are handled much the same way. Start off
by removing the incorrect CNI docs first.
Fixes#678
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
We need to update the way CNI is handled which is
mostly how CNM is taken care of. Start of by removing
the incorrect steps documented for CNI.
Fixes#236
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Fix nasty bug which resulted in `kata-env` showing
`VMContainerCapable = true` even on amd64 systems without virtualisation
support (thankfully `kata-check` still showed the correct results).
Added arch-specific tests to avoid any possibility of regression.
Fixes#660.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
golang version 1.8.3 is old and the runtime cannot even be built with
it now it seems.
Since it is no longer considered a stable version [1], move to the
oldest official stable version (version 1.9.7).
Fixes#642.
[1] - https://golang.org/dl/
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Checkout to a target branch before create a tag.
We dont checkout for repos that does not have stable branches.
We want to do is just push the tags to master branch
since we don't maintain a seperate one.
The repos are:
osbuilder
packaging
ksm-throttler
Fixes: #163
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
Now that we support multiple branches, we changed how
static-checks.sh compares branches. We now need a
variable called $target_branch to make the correct
comparison when testing a PR.
Fixes: #663.
Signed-off-by: Salvador Fuentes <salvador.fuentes@intel.com>
Lets point to qemu repository instead of kata fork
for qemu-vanilla.
Fixes: #161
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
The osbuilder version file wont be the same if
we tag a stable branch. But we still want to tag
the HEAD of osbuilder to do reproducible builds of
a Kata branch.
Fixes: #158
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
When we get changes from one version to a newer this
is empty because we dont get the current version.
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
We need to create the osc file before enter the container.
If build_all.sh is executed without a container and osc
is intalled osc will ask for setup but in the container
fails do to a missing tty.
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
When we genete packages file we want to see
the resulting files. This changes to now
create repos in a tmpdir.
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
If want to create pkgs based in new branch, this script will create
all the empty repositories in OBS for each kata package.
Then we can point use the rest of scripts to push changes to this new repo.
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
Add a heuristic to ensure the amount of memory allocated to the
hypervisor is bigger than the size of the image.
This catches simple configuration issues where `default_memory=` is set
to a smaller value than the size of either the `image=` or `initrd=`
files.
If the configured image type is `initrd`, fail but only warn in the
logs for `image` as although it seems a highly unlikely scenario, it is
permitted.
Update tests to ensure that created resources have `>0` bytes.
Fixes#636.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
The `TestMinimalRuntimeConfig` should not be using the real
resource files that might be installed on a system so make temporary
files instead to better control the test.
Split out `TestMinimalRuntimeConfigWithVsock` to reduce cyclomatic
complexity (along with dropping the config file delete at the end - not
required as the entire test-specific directory gets auto-deleted).
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
pkglib.sh uses BUILD_ARCH and DEB_ARCH which are
by default not set and hence take the value of
x86_64 and amd64 respectively. Make this
architecture specific.
Fixes: #154
Signed-off-by: Nitesh Konkar niteshkonkar@in.ibm.com
qemu-lite is required to be packaged only
for amd64 arch. Skip it for all other
architectures.
Fixes: #152
Signed-off-by: Nitesh Konkar niteshkonkar@in.ibm.com
Currently, since GOARCH is not passed as build-arg
to a Dockerfile, it by default always pick's up amd64
when building it. Also pass it as --env when running it.
Fixes#148
Signed-off-by: Nitesh Konkar niteshkonkar@in.ibm.com
govmm has ExecuteBlockdevAdd() function and ExecuteBlockdevDel() function
doesn't compatible with qemu 2.8,because blockdev-add and x-blockdev-del usages
are different between qemu 2.7 and qemu 2.8
shortlog:
ce070d1 govmm: modify govmm to be compatible with qemu 2.8
0286ff9 qemu/qmp: support hotplug a nic whose qdisc is mq
8515ae4 qmp: Remind users that you must first call ExecuteQMPCapabilities()
21504d3 qemu/qmp: Add netdev_add with chardev support
ed34f61 Add some negative test cases for qmp.go
17cacc7 Add negative test cases for qemu.go
fixes: #637
Signed-off-by: flyflypeng <jiangpengfei9@huawei.com>
Fixes#144
Current kata containers can't run with kernel 4.1 built from current x86 config,
it will report error:
```
$ docker run -ti --runtime kata busybox sh
docker: Error response from daemon: oci runtime error: rpc error: code = Internal
desc = Could not run process: container_linux.go:348: starting container process
caused "process_linux.go:402: container init caused \"open /dev/ptmx: no such
file or directory\"".
```
This is caused by bogus devpts mount options. When run container with docker,
docker will assign a default devpts mount for every container which equals to
command below:
```
$ mount -t devpts -o nosuid,noexec,newinstance,ptmxmode=0666,mode=0620,gid=5 \
devpts /dev/pts
```
This requires kernel config `CONFIG_DEVPTS_MULTIPLE_INSTANCES=y` to work properly
under kernel-4.1, but this option is already removed from latest kernel.
It's better to add it back for support older kernel than current 4.14.
Signed-off-by: Wei Zhang <zhangwei555@huawei.com>
If the sandbox has been initialized with a factory, this means the
caller should be in charge of adding any network to the VM, and
virtcontainers library cannot make any assumptions about adding
the default underlying network.
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
The CLI being the implementation of the OCI specification, and the
hooks being OCI specific, it makes sense to move the handling of any
OCI hooks to the CLI level. This changes allows the Kata API to
become OCI agnostic.
Fixes#599
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
As we want to call the OCI hook from the CLI, we need a way for the
CLI to figure out what is the network namespace used by the sandbox.
This is needed particularly because virtcontainers creates the netns
if none was provided.
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
This commit moves the network namespace creation out of virtcontainers
in order to anticipate the move of the OCI hooks to the CLI through a
follow up commit.
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
Since we removed the CNI implementation and that we agreed the network
should only be handled in a single way from virtcontainers, this patch
logically replace the "CNM" naming with "Default".
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
