There is an issue that ctrl-c stop vmcache server will stop all
containers that its VM is created by it.
The cause is kata-proxy and vmcache server use same tty, for example:
ps -e | grep kata
3617 pts/5 00:00:00 kata-runtime
3636 pts/5 00:00:00 kata-proxy
Ctrl-c will send signal to both kata-proxy and vmcache server.
Then the containers that its VM is created by this vmcache server will
quit with it.
Set Setsid to true when exec kata-proxy to handle this issue.
Fixes: #1726
Signed-off-by: Hui Zhu <teawater@hyper.sh>
The rootfs image was fixed, now the DAX metadata and 2 MBRs headers are part
of the same image. Mounting the rootfs partiton with an offset of 2M is no
more needed, since the first MBR is read by partx or losetup by default.
fixes#1443
Signed-off-by: Julio Montes julio.montes@intel.com
Kubelet would cleanup the pod cgroup resources and kill the processes
in the pod cgroups when it detected all of the containers in a pod exited,
thus shimv2 should close the hypervisor process once the podsandbox container
exited, otherwise, the hypervisor process would be killed by kubelet and
made shimv2 failed to shutdown the sandbox.
Fixes:#1672
Signed-off-by: lifupan <lifupan@gmail.com>
```
//the network namespace created by cni plugin
netns, err = namespaces.NamespaceRequired(ctx)
if err != nil {
return nil, errors.Wrap(err, "create namespace")
}
```
the netns is a containerd namespace concept, it not netns, event a cni
set netns for this, this is a tricky way, so remove the logic.
Fixes: #1692
Signed-off-by: Ace-Tang <aceapril@126.com>
According to CRI specs, kubelet will call StopPodSandbox()
at least once before calling RemovePodSandbox, and this call
is idempotent, and must not return an error if all relevant
resources have already been reclaimed. And in that call it will
send a SIGKILL signal first to try to stop the container, thus
once the container has terminated, here should ignore this signal
and return directly.
Fixes:#1672
Signed-off-by: lifupan <lifupan@gmail.com>
Use `kata-containers.runtime` that is the runtime binary, to
collect the data if the kata-runtime binary is not installed
fixes#1720
Signed-off-by: Julio Montes <julio.montes@intel.com>
We need to build kata-runtime to have the correct files
in place to be able to run the static checks script.
Fixes#1716.
Signed-off-by: Salvador Fuentes <salvador.fuentes@intel.com>
Set qemu major/minor version when
running unit test TestQemuPPC64leMemoryTopology
on ppc64le & execute the unit test accordingly.
Fixes: #1308
Signed-off-by: Nitesh Konkar niteshkonkar@in.ibm.com
We should not let shim or proxy read guest console socket if
agent debug console is set. Otherwise when we connect to it with
socat, it reads nothing since all output is read by the shim.
Fixes: #1700
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
Use only one version to install cri-contaienrd
- version could be a containerd version or a commit of the cri
repository.
Depends-on: github.com/kata-containers/tests#1400
Fixes: #1464
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
nemu needs to be configured with:
`machine_type = "virt"` by default.
In addition, this commit removes
`machine_accelerators="virt"` which was added instead
of `machine_type` in a previous commit.
Fixes: #1707.
Signed-off-by: Salvador Fuentes <salvador.fuentes@intel.com>
Fix the test case TestGetShmSizeBindMounted by
setting the right ShmSize for ppc64le.
Fixes: #1702
Signed-off-by: Nitesh Konkar niteshkonkar@in.ibm.com
The systemd units and files that are not needed in Kata Containers,
are removed when the image is created, therefore we don't need to mask
them.
fixes#1704
Signed-off-by: Julio Montes <julio.montes@intel.com>
If virtiofsd fails to initialize and stops unexpected,
qemu might hang forever. We just stop the qemu process.
Resource cleanup will be done by others.
Fixes: #1690
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
Set the minimum golang version to 1.11.10, the latest stable 1.11 version
at the time of writing. Go 1.11 is required to build the agent with working
vsock support.
Fixes: #1693
Signed-off-by: Marco Vedovati <mvedovati@suse.com>
Make sure the hypervisor is stopped if startSandbox does not succeed, by
calling stopSandbox.
Fixes: #1636
Signed-off-by: Marco Vedovati <mvedovati@suse.com>
If kata containers is using vfio and vhost net,the unbinding
of vfio would be hang. In the scenario, vhost net kernel thread
takes a reference to the qemu's mm, and the reference also includes
the mmap regions on the vfio device file. so vhost kernel thread
would be not released when qemu is killed as the vhost file
descriptor still is opened by shim v2 process, and the vfio device
is not released because there's still a reference to the mmap.
Fixes: #1669
Signed-off-by: Yang, Wei <w90p710@gmail.com>
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
- Networking: Ensure that network namespace is propagated
- nemu-config: adjust defaults in configuration-nemu.toml
- support-vsock: load vhost_vsock module if it isn't built-in
bce0d60 unit-test: refine unit test
9b23d4f vsock_module: add 'vhost_vsock' kernel module in kata-check
f21d5a3 Support_vsock: only need to check whether device 'vhost_vsock' exists
09a7d15 nemu-config: adjust defaults in configuration-nemu.toml
66b93c7 Networking: Ensure that network namespace is propagated
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
There are still some systemd units that fail to start for different
reasons. Disable these systemd units to improve boot time.
fixes#1686
Signed-off-by: Julio Montes <julio.montes@intel.com>
Add a few minimal documents to allow all the documentation in this
repository to be navigated from the top-level README.
Fixes#1681.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Got a defunct kata-proxy after kata quit when VMCache is enabled.
The reason is vmcache server opens kata-proxy but doesn't wait it.
If VMCache is disabled, kata-runtime will quit before kata-proxy.
So it will not meet the issue.
Open a special goroutine do cmd.Wait in kataProxy.start to handle
the isssue.
Fixes: #1678
Signed-off-by: Hui Zhu <teawater@hyper.sh>
We should refine unit test which involves func SupportsVsocks and newly
reconstructed struct kernelModule.
Fixes: #1512
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
