- Config changes for 5.4 kernel
- kernel: Enable new LTS 5.4.x on ppc64le arch
- lib: yq: explode anchors to get real value of image values
- kernel: use the maximum number of CPUs supported by KVM
- release: use absolute path for kubeconfig
- network: Enable ipv6 config CONFIG_IPV6_MULTIPLE_TABLES
- actions: check for packaging before clone
- release: bump kata-containers repository
- kernel/configs: enable CONFIG_X86_MPPARSE
- obs: Add ubuntu 19.04 testing
- release: tag and branch kata-containers repository
- add workflow for testing kata-deploy
- fixes for qemu 4.2.0
- config: enable printk_time for arm64.
- kernel: Enable new LTS 5.4.3 on AArch64
- FC: ELF format kernel image unsupported with firecracker on AArch64
- kata-static: Add sudo while building cloud hypervisor docker image
- obs: Remove fedora 28 obs packages
- snap: fix how latest stable version is obtained
- qemu: Patch qemu to support image without write access.
- snap: fix snap in launchpad
- kata-deploy: action: take updated yaml paths into account
04386a6 kernel: Enable new LTS 5.4.x on ppc64le arch
ea8b775 lib: yq: explode anchors to get real value of image values
b66fb43 kernel: Remove CONFIG_INET6 options from fragments
17d86c3 kernel: Always apply whitelist
ba68012 kernel: use the maximum number of CPUs supported by KVM
e0a57b6 network: Enable ipv6 config CONFIG_IPV6_MULTIPLE_TABLES
0751072 release: use absolute path for kubeconfig
32f2ff1 actions: check for packaging before clone
0ff7072 release: bump kata-containers repository
a95b359 kernel/configs: enable CONFIG_X86_MPPARSE
b023d8d kata-deploy: use clh instead of cloud-hypervisor
59a34bb static-build: drop NEMU, add CLH
6c9db9b kata-deploy-action: test CLH
f184afc testing: add workflows for testing kata-deploy
c14ded3 obs: Add ubuntu 19.04 testing
3ce2d36 release: tag and branch kata-containers repository
2ef9bbc FC: ELF format kernel image unsupported with firecracker on AArch64
ca6df85 kata-static: Add sudo while building cloud hypervisor docker image
59dc61d kernel: Enable new LTS 5.4.3 on AArch64
34d2c81 obs: Remove fedora 28 obs packages
ce2accc qemu/patches: add patches for qemu 4.2.0
7c13dc3 static-build: update blacklist for qemu 4.2.0
a407c92 config: enable printk_time for arm64.
5877ab7 snap: fix how latest stable version is obtained
43a6e67 snap: overwrite Makefile variables
bfe65e0 kernel: make get_config_version quiet
076cfa9 qemu: Patch qemu to support image without write access.
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
- should ignore invalid a key-value pair as an env
- Revert: "Makefile: Fix rust agent build using "--release"."
- Makefile: Fix rust agent build using "--release".
- vsock: support log_vport and debug_console_vport
- Agent: Separate logging into a single crate
- agent: fix the issue of crash agent without spec
- fix the issue of missing restore process's cwd
- Running rust-agent on AArch64
- ci: Remove run_rust_test functions as not being used
- add oci compatibility test case
- agent: Add unit tests for sandbox.rs
- version: Add VERSION file
- ci: Add minimal makefile to use central go test script
- netlink: pull out netlink as library crate.
- Fixup workflow 103
40b5a56 agent: ignore invalid a key-value pair as an env
269daa9 Revert: "Makefile: Fix rust agent build using "--release"."
a3e46a3 Makefile: Fix rust agent build using "--release".
3c1252e vsock: support log_vport and debug_console_vport
c373f84 agent: separate logging into a single crate
2be8661 agent: fix the issue of missing restore process's cwd
6c7453d agent: fix the issue of crash agent without spec
4edf537 ci: Remove run_rust_test functions as not being used
d222533 agent: add oci compatibility test case
7dfc4e0 linker: `no such file` linking error on AArch64
44b2caa AArch64: missing symbols on target `aarch64-unknown-linux-musl`
9621a7f ABI: only support arm 64-bit platform
8d60612 version: Add VERSION file
a5192a1 netlink: pull out netlink as library crate.
3881c06 ci: Add minimal makefile to use central go test script
1c57665 workflows: make sure we build the experimental kernel, CLH
cbd5fa0 workflows: fix step output usage
92301a6 agent: Add unit tests for sandbox.rs
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
we need to refine unit tests due to previous two commits and
add new test for new func checkVersionConsistencyInComponents.
Fixes: #2375
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
Use `kata-runtime kata-check --strict/-s` to perform version
consistency check.
Only if major version number, minor version number and Patch
number are all the same, we determine those two kata components
are version-consistent.
Fixes: #2375
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
We import new struct VersionInfo for better organizing version info of
kata components, in order to follow Semantic Versioning Specification.
Fixes: #2375
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
There was a race condition between bind() and listen() that was hit very
rarely when using Kata Containers and Cloud-Hypervisor. It's been
identified the problem is really coming from the virtio-vsock driver,
which is fixed by those new kernel patches uploaded for each version of
the kernels used by Kata Containers.
Fixes#932
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
This provides a flag "STRIP=yes" to strip the golang binary
After this patch, the binary size is reduced a lot:
19356680 containerd-shim-kata-v2*
25980728 containerd-shim-kata-v2.nostip*
4021784 kata-netmon*
5093992 kata-netmon.nostrip*
26339392 kata-runtime*
33097344 kata-runtime.nostrip*
Fixes: #2455
Signed-off-by: Jia He <justin.he@arm.com>
Linux has embraced another LTS kernel version v5.4.x.
Update the kernel config for Power as well.
Fixes: #936
Signed-off-by: Nitesh Konkar <niteshkonkar@in.ibm.com>
yq is not exploding anchors anymore and requiere an extra flag.
Add flag to fix CI.
Fixes: #934
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
Now crio.conf has some kata entries in by default, but commented
out and without the runtime_path elements to them, our deploy
script gets a little confused and fails to add the kata-qemu
elements to the config.
This is because the grep spots the commented out lines, and tries
to, unsuccessfully, update the matching runtime_path elements, that
don't actually exist.
Improve this by matching only uncommented config lines, so now the
script sees that the runtime is not really configured already, and
instead of trying to edit/update it, will place a entry at the
end of the file.
Fixes: #928
Signed-off-by: Graham Whaley <graham.whaley@intel.com>
By default virtcontainer auto-detects if the current process is running
rootless or not, but this behavior can change from commandline with the
--rootless option
fixes#2417
Signed-off-by: Julio Montes <julio.montes@intel.com>
GetDriver returns new PersistDriver according to current needs, a mock fs
driver is returned when mockTesting is enabled, a rootless fs is returned when
rootless is detected, otherwise a fs driver is used.
Signed-off-by: Julio Montes <julio.montes@intel.com>
Mock FS driver can be used in unit testing to allow
Mock fs driver inherits from FS and may overwrite its methods. All files
and directories created by this driver are under a path accessible for all
users, this path is created under the system temporal directory.
Signed-off-by: Julio Montes <julio.montes@intel.com>
Rootless fs driver inherits from FS and may overwrite its methods. All files
and directories created by this driver are under a path accessible for the
current user, typically this path is defined by the environment variable
`XDG_RUNTIME_DIR`, if this variable is not defined, the default path
`/run/user/$UID` is used instead, where $UID is the current user ID.
fixes#2416
Signed-off-by: Julio Montes <julio.montes@intel.com>
Update persist FS API and interface to support rootless and mock filesystem
implementations. `RunStoragePath` and `RunVMStoragePath` are part of FS
object and may change their path depending on the driver (rootless/mock/fs)
Signed-off-by: Julio Montes <julio.montes@intel.com>
`agent.getVMPath()` is an almost useless method that can be easily replaced
with `filepath.Join()`
Signed-off-by: Julio Montes <julio.montes@intel.com>
rootless is used in katautils, cli and virtcontainers. It makes more sense
if it's part of virtcontainer, this way virtcontainers won't depend on other
runtime subpackages
Signed-off-by: Julio Montes <julio.montes@intel.com>
Skip the setup and installation of virtcontainers as it is using docker,
when we try to setup podman CI.
Depends-on: github.com/kata-containers/tests#2299
Fixes#2451
Signed-off-by: Gabriela Cervantes <gabriela.cervantes.tellez@intel.com>
Qemu merely limits the memory-backend-file size to be aligned to page_size
instead of section size(arm64 1GB). Please see file_ram_alloc() in qemu
exec.c. If we use 1024MB, the generated image size will be 3-4 times bigger
than the original one.
After relaxing it, the image size will be changed from 1G to 300M+ on arm64
with Fedora 29 rootfs's default configuration.
I do see there are some different limitation for ram_block on other arches
(e.g. s390x). So gracefully keep other arches unchanged here.
Fixes#404
Signed-off-by: Jia He <justin.he@arm.com>
Ubuntu distribution is the most suitable one for AArch64 to build
image rootfs.
I think the size of rootfs is the key point we should consider most
and first.
And ubuntu has the smallest rootfs, only approximately 100MB.
Fixes: #2449
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
It's better to catch the error of couldn't find the process
in tty_win_resize service, other wise, an invalid process id
could crash the agent.
Fixes: #137
Signed-off-by: fupan.lfp <fupan.lfp@antfin.com>
Dont think these are options are required at all.
Remove them from fragments and whitelist.
Fixes#924
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
The whitelist contains options that we dont really care.
Always apply it, irrespective of if we are using an
experimental kernel.
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
