After upgrading the kernel to latest 4.14.x kernel, there are new
kconfig options that need users to select in install-kata-kernel.sh.
the prompt will block the script. We update this config file to give
user a good defined default config.
The new kconfig options are about, “Meltdown” and “Spectre”. So I
selected them to yes by default in this config file:
CONFIG_ARM64_ERRATUM_1024718=y
CONFIG_QCOM_FALKOR_ERRATUM_E1041=y
CONFIG_UNMAP_KERNEL_AT_EL0=y
CONFIG_HARDEN_BRANCH_PREDICTOR=y
CONFIG_ARM64_SSBD=y
Fixed#106
Signed-off-by: Wei Chen <wei.chen@arm.com>
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
Build image with agent and osbuilder with master by default.
If want to build a release tag just use -v <version> and
will use that osbuilder and agent tag.
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
Docker 18.06 was released last week, update our
supported docker to this new version.
Fixes: #510
Signed-off-by: Salvador Fuentes <salvador.fuentes@intel.com>
Fixes#50
This commit imports a big logic change:
* host device to be attached or appended now is sandbox level resources,
one device should bind to sandbox/hypervisor first, then container could
reference it via device's unique ID.
* attach or detach device should go through the device manager interface
instead of the device interface.
* allocate device ID in global device mapper to guarantee every device
has a uniq device ID and there won't be any ID collision.
With this change, there will some changes on data format on disk for sandbox
and container, these changes also make a breakage of backward compatibility.
New persist data format:
* every sandbox will get a new "devices.json" file under "/run/vc/sbs/<sid>/"
which saves detailed device information, this also conforms to the concept that
device should be sandbox level resource.
* every container uses a "devices.json" file but with new data format:
```
[
{
"ID": "b80d4736e70a471f",
"ContainerPath": "/dev/zero"
},
{
"ID": "6765a06e0aa0897d",
"ContainerPath": "/dev/null"
}
]
```
`ID` should reference to a device in a sandbox, `ContainerPath` indicates device
path inside a container.
Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
Instead of using drivers.XXXDevice directly, we should use exported
struct from device structure. package drivers should be internal struct
and other package should avoid read it's struct content directly.
Signed-off-by: Wei Zhang <zhangwei555@huawei.com>
The interface "VhostUserDevice" has duplicate functions and fields with
Device, so we can merge them into one interface and manage them with one
group of interfaces.
Signed-off-by: Wei Zhang <zhangwei555@huawei.com>
Fixes#50
Previously the devices are created with device manager and laterly
attached to hypervisor with "device.Attach()", this could work, but
there's no way to remember the reference count for every device, which
means if we plug one device to hypervisor twice, it's truly inserted
twice, but actually we only need to insert once but use it in many
places.
Use device manager as a consolidated entrypoint of device management can
give us a way to handle many "references" to single device, because it
can save all devices and remember it's use count.
Signed-off-by: Wei Zhang <zhangwei555@huawei.com>
In some slow enviroments the agent is taking more than 5 seconds
to start to serve grpc request.
This was reproducible in a Centos VM with 4 cpus running 8 pods in
parallel.
Fixes: #516
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
If the grpc connection check fails we only return the grpc error.
To make more clear what failed add more information to the error.
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
a few qemu options generated by configure-hypervisor.sh were only
suitable for amd64, leading compilation err in aarch64.
Fixes: #92
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
Signed-off-by: Wei Chen <Wei.Chen@arm.com>
Because codecov coverage regarding the patch is very inconsistent,
this commit introduces codecov.yml config file in order to disable
this check.
Fixes#511
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
If kata-agent doesn't start in VM, we need to do some rollback
operations to release related resources.
add grpc check() to check kata-agent is running or not
Fixes: #297
Signed-off-by: flyflypeng <jiangpengfei9@huawei.com>
If some errors occur after qemu process start, then we need to
rollback to kill qemu process
Fixes: #297
Signed-off-by: flyflypeng <jiangpengfei9@huawei.com>
If some errors occur after kata-proxy start, we need to
rollback to kill kata-proxy process
Fixes: #297
Signed-off-by: flyflypeng <jiangpengfei9@huawei.com>
If error occurs after sandbox network created successfully, we need to rollback
to remove the created sandbox network
Fixes: #297
Signed-off-by: flyflypeng <jiangpengfei9@huawei.com>
ContainerID is supposed to be unique within a sandbox. It is better to use
a map to describe containers of a sandbox.
Fixes: #502
Signed-off-by: Peng Tao <bergwolf@gmail.com>
Make sure kernel config version is validated on test.
Also, increse Kata Kernel config version.
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
Today we have instructions to build the kernel
but there are a lot of manual steps to get one kernel.
This tries to automate the process to setup a kernel
for kata.
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
We were defer removing the temporary config.json files
but not the tmpdir path we had created to store them in.
Expose that path out so we can defer removeall it.
Fixes: #480
Signed-off-by: Graham Whaley <graham.whaley@intel.com>
