Drop the bits for bridged networking in ACRN and change the default
to macvtap. We should eventually change this to tcfilter with additional
testing.
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Routes with proto "kernel" are routes that are automatically added
by the kernel.
It is a route added automatically when you assign an address to an
interface which is not /32.
With this commit, these routes are ignored. The guest kernel
would add these routes on the guest side. A corresponding commit on the
agent side would no longer delete these routes while updating them.
Without this commit, netlink gives an error complaining that a route
already exists when you try to add a route with the same dest subnet.
Something like:
dest: 192.168.1.0/24 device:net1 source:192.168.1.217 scope:253
dest: 192.168.1.0/24 device:net2 source:192.168.1.218 scope:253
Depends-on: github.com/kata-containers/agent#624
Fixes: #1811
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
The list of kernel modules can be passed to the runtime through the
configuration file or using OCI annotations. In both cases, a list paramentes
can be specified for each module.
fixes#1925
Signed-off-by: Julio Montes <julio.montes@intel.com>
Bring support for loading kernel modules
shortlog:
72a50ef revert: agent: sandbox_pause should get arguments from proc
ad72fe8 agent: add support for loading kernel modules
4ab32a9 vendor: dep check fixes
b8b8dac s390x: add virtio-blk-ccw support
cf20c9b ci: Allow travis to use go install script
5ffb2a6 agent: make NoPivotRoot config depend on `/` fs type
a1c9d50 make: install depends on $(TARGET)
7c97a0a agent: delete element of sandbox.deviceWatchers with right key
d0117bf release: Kata Containers 1.9.0-alpha0
4354b24 tests: Add lots of new unit tests
d4a22d1 device: Allow uevent handler to be stopped
8eb2134 config: Add parseCmdlineOption test
d4f205d device: Add extra checks
faa6cb0 mount: Fix incorrect error return
2d95c36 mount: Add test for parseMountFlagsAndOptions
5163bab console: Add debug console test
d167490 sandbox: Remove redundant check
72fc0ad mount: Improve error message
c92715f tests: Add test for getMemory
cd2f994 memory: Add extra check for memory file
458b4aa vendor: Move to a previous version for runtime-spec vendor
3cce728 vendor: Update the vendoring for github.com/opencontainers/runtime-spec
7ae6030 release: Kata Containers 1.8.0-rc0
32428bc vendor: update dependency opencontainers/runc
cfbd8c9 agent: sandbox_pause should get arguments from proc
47476d4 agent: lock subreaper agent thread
3548e65 release: Kata Containers 1.8.0-alpha2
0ead592 docs: Fix capitalization
9b59925 mount: Virtio-blk container rootfs mount for ACRN hypervisor
cf50209 release: Kata Containers 1.8.0-alpha1
0666ef0 release: Kata Containers 1.8.0-alpha0
ca2f724 grpc: add unit test for onlineResources function
06a0743 tmp: Add tmp.mount to kata-containers.target
353263d docs: Fix typos and formatting
5064045 docs: Add missing document link
c66349b mount: Add a proper rollback path to addStorages()
5583acd release: Kata Containers 1.7.0
5f9df74 updateInterface: enable hot-add nic on arm64
86ca8e0 vendor: update gogo/protobuf to v1.2.1
c9343fb release: Kata Containers 1.7.0-rc1
560dc87 vendor: update vsock package version
0af7173 agent: support debug console
d9aa453 proto: add network stats
3169c9b docs: Fix markdown in TRACING.md
8aa2880 release: Kata Containers 1.7.0-alpha1
2ada1d1 agent: Display trace details
cb32d28 test: Fix mockContainer
3e12793 agent: Fix container creation
6e558f7 vendor: Update libcontainer vendoring
7fbd860 agent: send SIGKILL instead of SIGTERM to container init process
8847998 agent: Add support for local storage
8b34aaf make: Add build option STATIC=1 to statically link
01b1cb2 travis: Use xenial
d815c97 lint: Update code to handle lint issues
828b417 ci: Update travis go version from 1.10 to 1.11
f61ca8a release: Kata Containers 1.7.0-alpha0
bdf2290 ci: travis: checkout test repo to correct branch
209aa2f agent: Fix "agent grpc server quits" show wrong error
2af3599 channel: Check for channel type in kernel cmdline options
8187461 vendor: use latest github.com/mdlayher/vsock
39696c0 vendor: Revert "vendor: Update libcontainer vendoring"
7866668 agent: Revert "agent: Fix container creation"
8f893b9 test: Revert "test: Fix mockContainer"
49e5847 systemd-target: Add chronyd.service to kata-containers.target
0bf9d1e make: Install systemd targets in systemd unit dir
85e0942 docs: Explain shutdown behaviour with tracing
99d6118 docs: Define "VM" in tracing doc
353ec2d service: Fix user initiated shutdown with static tracing
Signed-off-by: Julio Montes <julio.montes@intel.com>
Currently kata sets the init process to systemd even when it isn't installed,
the criteria to determinate whether systemd is used as init or not
is very odd, since kata only checks whether the `image` option is set in the
configuration file, unfortunately not all images have systemd installed.
Instead kata should rely on the guest kernel and `osbuilder` to use the right
init process. `osbuilder` creates a symbolic link to `systemd` or `kata-agent`
depending on the `AGENT_INIT` environment variable.
fixes#1937
Signed-off-by: Julio Montes <julio.montes@intel.com>
Fixes: #1929
in containerd-kata-v2, container can only be deleted in Delete
interface, or other shim operates(like kill/delete) all fails
since can not get container info.
Signed-off-by: Ace-Tang <aceapril@126.com>
We start virtiofsd in foreground (-f option), so we should wait for it
to reclaim its resources to avoid zombie process when qemu or virtiofsd
got killed unexpectedly.
Fixes: #1934
Signed-off-by: Eryu Guan <eguan@linux.alibaba.com>
When virtio_fs_cache is set to none, the mount options for the folder
inside the guest should not contain the dax option else it leads to
invalid address errors and a crash of the daemon on the host.
Fixes: #1907
Signed-off-by: Ganesh Maharaj Mahalingam <ganesh.mahalingam@intel.com>
in create sandbox, if process error, should remove network without judge
NetNsCreated is true, since network is created by kata and should be
removed by kata, and network.Remove has judged if need to delete netns
depend on NetNsCreated
Fixes: #1920
Signed-off-by: Ace-Tang <aceapril@126.com>
CPU topology has changed in QEMU 4.1: socket > die > core > thread.
die option must be specified in order to hotplug CPUs on x86_64
Depends-on: github.com/kata-containers/packaging#657
fixes#1913
Signed-off-by: Julio Montes <julio.montes@intel.com>
Shortlog:
68cdf64 test: add cpu topology tests
e0cf9d5 qmp: add checks for the CPU toplogy
a5c1190 qemu: support x86 SMP die
Signed-off-by: Julio Montes <julio.montes@intel.com>
Update top-level vendor with
"dep ensure add github.com/blang/semver@3.6.1"
dep check should not succeed.
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
It is not really recommended to have nested vendor directories.
dep does not work well with nested directories:
https://github.com/golang/dep/issues/985
Recommendation is to use flatten the vendor directories.
Hence remove any nested vendor directories.
Fixes#1909
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Fixes#803
Merge "hypervisor.json" into "persist.json", so the new store can take
care of hypervisor data now.
Signed-off-by: Wei Zhang <weizhang555.zw@gmail.com>
For one thing, it is container specific resource so it should not
be cleaned up by the agent. For another thing, we can make container
stop to force cleanup these host mountpoints regardless of hypervisor
and agent liveness.
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
Then we can check hypervisor liveness in those cases to avoid long
timeout when connecting to the agent when hypervisor is dead.
For kata-agent, we still use the kata-proxy pid for the same purpose.
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
Once we have found the container, we should never fail SIGKILL.
It is possible to fail to send SIGKILL because hypervisor might
be gone already. If we fail SIGKILL, upper layer cannot really
proceed to clean things up.
Also there is no need to save sandbox here as we did not change
any state.
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
When force is true, ignore any guest related errors. This can
be used to stop a sandbox when hypervisor process is dead.
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
Whenever we fail to connect, do not make any more attempts.
More attempts are possible during cleanup phase but we should
not try to connect any more there.
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
When a container is paused and something goes terribly
wrong, we still need to be able to clean thing up. A paused
container should be able to transit to stopped state as well
so that we can delete it properly.
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
This allows travis to use the go install script instead of having a
hard coded golang version at travis.yml
Fixes#1903
Signed-off-by: Gabriela Cervantes <gabriela.cervantes.tellez@intel.com>
