This introduces a new storage type: local. Local storage type will
tell the kata-agent to create an empty directory in the sandbox
directory within the VM.
K8s host emptyDirs will then use the local storage type and mount it
inside each container. By doing this, we utilise the storage medium
that the sandbox uses. In most cases this will be 9p.
If the VM is using device mapper for container storage, the containers
will benefit from the better performance of device mapper for
host emptyDir.
Fixes#1472
Signed-off-by: Alex Price <aprice@atlassian.com>
k8s host empty-dir is equivalent to docker volumes.
For this case, we should just use the host directory even
for system directories.
Move the isEphemeral function to virtcontainers to not
introduce cyclic dependency.
Fixes#1417
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
We handle system directories differently, if its a bind mount
we mount the guest system directory to the container mount and
skip the 9p share mount.
However, we should not do this for docker volumes which are directories
created by Docker.
This introduces a Docker specific check, but that is the only
information available to us at the OCI layer.
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
osbuilder recently added the ability to create images with a DAX/NVDIMM
header [1], however this change broke the data collection script. Update
that script to handle images with and without this header.
The data collection script will now assume a header is present. However,
if it fails to find the required partition data, it will try again, this
time assuming the image does not have a DAX/NVDIMM header.
Fixes#1404.
[1] - https://github.com/kata-containers/osbuilder/pull/236
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Add a number of useful build and install targets to the `show-usage`
target which are visible when the user runs `make help`.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Add `install-runtime` and `install-netmon` targets. This allows the
`install` target to be simplified and also allows the runtime to be
built without having to build the `containerd-shim-v2` binary which is
slow to build:
```
$ make runtime && sudo -E PATH=$PATH make install-runtime
```
Fixes#1402.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
The `containerd-shim-v2` binary does not need the `kata-runtime` binary
to be built first, so remove the dependency.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
After code check and test, found VMCache can work with vsock.
Remove the code that prohibit them from working together.
Fixes: #1400
Signed-off-by: Hui Zhu <teawater@hyper.sh>
install-yq.sh use curl but not check if curl is available or not.
Add code to check curl before use it.
Fixes: #1379
Signed-off-by: Hui Zhu <teawater@hyper.sh>
systemd-random-seed service fails if the rootfs is a read-only fs.
systemd-random-seed restores the random seed of the system at early
boot and saves it at shutdown, since kata containers are one boot machines
this service is not needed.
Signed-off-by: Julio Montes <julio.montes@intel.com>
Use a clever HTML trick to allow the output of the data collection
script to be hidden / unhidden in the github.com interface.
See the example at the top of
https://github.com/kata-containers/runtime/issues/1347.
Fixes#1386.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Create a new function to collect all data display function calls in the
data collection script.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
- volumes: Handle k8s empty-dirs of "default" medium type
- versions: kernel: update to 4.19.28
- qemu: throw error when fail to get addr from bridges
- vc:qemu: Fix id calculation of memory hotplug
- s390x: 2 small test fixes
- arm64: support NVDIMM
- virtcontainers: move resource calculation to its own function
- versions: update nemu to latest release
- Add crio and containerd details to collect script
- pkg: reduce memory footprint
- Fix rootfs mount assumptions
- s390x: fix golint complain
- Network: remove Physical field in VethEndpoint
- test: add tests for sandbox creation rollback and cleanup
- VMCache: the new function that creates VMs as caches before using it
- unit test: Fix local test
- Add upstream version url regexp's to allow upto date checks
- virtcontainer: watch the qemu's console when proxy's debug enabled
- unit-test: fix undefined struct field SupportVSocks on arm64
- Makefile: Fix aarch64 fail in No GO command or GOPATH not set mode
- tracing: Fix tracing
- config: check the builtIn first when updating shim/proxy/agent
- qemu: fix devID value error
- Makefile: Change "GOPATH not set" to "No GO command"
8e2a5ea tests: Fix units tests to check empty-dir volumes backed by host-dir
47a6023 volumes: Handle k8s empty-dirs of "default" medium type
4e81522 vc:qemu: Fix id calculation of memory hotplug
502fdab test: add test for addDeviceToBridge
0061e16 virtcontainers: move resource calculation to its own function
7504d9e unit-test: add TestSandboxUpdateResources
f009a53 versions: update nemu to latest release
f2a506a scripts: Add containerd details to collect script
7266d31 scripts: Log crio config file in collect script
30f9776 scripts: Create separate section for crio in collect script
ae08ea3 scripts: Add helper function to collect script
ae4d8b4 versions: kernel: update to 4.19.28
c7ace4b qemu: throw error when fail to get addr from bridges
2456ac5 pkg: reduce memory footprint
df9a401 Network: remove Physical field in VethEndpoint
76d9db3 vendor: Add github.com/gogo/protobuf
45fe870 runtime: Add unit tests
0f8b2ad VMCache: Update factory to run as a VMCache server
90704c8 VMCache: the core and the client
d8bcddb qemu-arm64: add unit test for func appendImage on aarch64
986e4dc qemu-arm64: Support nvdimm on arm64
8ba27e1 s390x: remove pmu from test
6242af3 s390x: fix TestQemuS390xMemoryTopology
613edd5 s390x: fix golint complain
27a92f9 runtime: Fix rootfs mount assumptions
c964a26 virtcontainers: makefile fix .ci path
fcee080 unit-test: Fix local test
c4957dd virtcontainer: watch the qemu's console when proxy's debug enabled
1e30673 test: add tests for sandbox creation rollback and cleanup
bdb34e7 Makefile: Fix aarch64 fail in No GO command or GOPATH not set mode
c759cf5 tracing: Fix tracing
31232b4 config: check the builtIn first when updating shim/proxy/agent
03dd780 qemu: fix devID value error
a1ddf53 Makefile: Change "GOPATH not set" to "No GO command or GOPATH not set"
35672b5 unit-test: fix undefined struct field SupportVSocks on arm64
975157d versions.yaml: add uscan annotations
Signed-off-by: Peng Tao <bergwolf@gmail.com>
We were considering all empty-dir k8s volumes as backed by tmpfs.
However they can be backed by a host directory as well.
Pass those as 9p volumes, while tmpfs volumes are handled as before,
namely creating a tmpfs directory inside the guest.
The only way to detect "Memory" empty-dirs is to actually check if the
volume is mounted as a tmpfs mount, since any information of k8s
"medium" is lost at the OCI layer.
Fixes#1341
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Now, function NewFactory will return nil even create template
does't complete. As for this, it will tell user that factory
has been initialized no matter whether the template is created
or not. This patch correct it by adding another return value
of error in NewFactory.
Testing initFactoryCommand when enable template will need root
privilege to mount tmpfs. So skip it for no-root user.
Testing initFactoryCommand func will create template, but no
proxy type assigned to VMconfig which will using katabuiltinProxy
instead. this will lead to failure for this type of proxy will
check proxyparams which contains many null value. This commit
fix it by substitute katabuiltinProxy as noopProxy when for test
purpose.
Fixes: #1333
Signed-off-by: Jianyong Wu <jianyong.wu@arm.com>
Create cgroup path relative the cgroups mount point if it's absolute,
or create it relative to a runtime-determined location if the path
is relative.
fixes#1365fixes#1357
Signed-off-by: Julio Montes <julio.montes@intel.com>
QMP doesn't guarantee the order of the array that is returned by
`query-memory-devices` command. So we would better search the whole
array to find out the current max slot, rather than simply use the last
element's slot.
Fixes: #1362
Signed-off-by: Li Yuxuan <liyuxuan04@baidu.com>
add test for addDeviceToBridge in three case
1. addDeviceToBridge successful
2. fail cause no more available bridge slot
3. fail cause state.bridge == 0
Signed-off-by: Ace-Tang <aceapril@126.com>
Make cpu and memory calculation in a different function
this help to reduce the function complexity and easy unit test.
Fixes: #1296
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
