Our CLH driver in kata defines its own constant variable 'maxClhVcpus'
which can conflict with the maximum number of vCPUs specified from the
kata configuration file 'clh.config.DefaultMaxVCPUs'. As the value from
kata configuration file is preferred anyway and the code on 'maxClhVcpus'
is not being used. We'd better remove it for better readability and
avoiding further confusions.
Fixes: #2528
Signed-off-by: Bo Chen <chen.bo@intel.com>
set rootfstype=ext4 to make kernel not do print errros like:
```
Mount option "data=ordered" incompatible with ext2
```
Depends-on: github.com/kata-containers/tests#2377
Fixes: #2524
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
This adds the `agent.container_pipe_size` annotation which allows
configuration of the size of the pipes for stdout/stderr for containers
inside the guest.
fixes#2467
Signed-off-by: Alex Price <aprice@atlassian.com>
Set the katautils default log level to 'Warn', rather than 'Info',
as 'Info' is rather noisy.
Fixes: #2522
Signed-off-by: Graham Whaley <graham.whaley@intel.com>
Set the default log level explicitly to 'Warn', rather than taking
the logrus default (which is normally 'Info').
Fixes: #2522
Signed-off-by: Graham Whaley <graham.whaley@intel.com>
The shimv2 runtime logs slightly differently - let's clarify
that in the existing OCI/CRI-O only runtime section.
Fixes: #2520
Signed-off-by: Graham Whaley <graham.whaley@intel.com>
Remove the rootfs bind dest and finally remove the created share
directory when stopping the container.
Fixes#2516
Signed-off-by: Li Yuxuan <liyuxuan04@baidu.com>
With the HTTP API 'vm.resize()', the CPU hotplug with CLH is much simpler
comparing with QEMU. This is because we don't need to distinguish adding from
removing CPUs.
Fixes: #2495
Depends-on: github.com/kata-containers/packaging#968
Depends-on: github.com/kata-containers/tests#2364
Signed-off-by: Bo Chen <chen.bo@intel.com>
The 'apiSocket' member in the CloudHypervisorState struct needs to be kept
across different executions of kata-runtime with persist HypervisorState, so
that kata-runtime can talk with the same running cloud-hypervisor through
HTTP/REST API calls.
Fixes: #2506
Signed-off-by: Bo Chen <chen.bo@intel.com>
This allows to reuse detached block index and ensures that the
index will not reach the limit of device(such as `maxSCSIDevices`)
after restarting containers many times in one pod.
Fixes: #2007
Signed-off-by: Li Yuxuan <liyuxuan04@baidu.com>
virtiofsd should be added in kata-env as virtiofs enabled kata then
it will be easy to get the info of virtiofsd from kata-env.
Fixes: #2491
Change-Id: I37ff58ed4315344d1e2b87f3abcd04311661e910
Jira: ENTOS-1579
Signed-off-by: Jianyong Wu <jianyong.wu@arm.com>
For one thing, we should not make kata's internal device type
exactly as govmm string by string.
For another thing, latest govmm changes the device driver strings
and it breaks kata in such a way but the fault is on kata side IMHO.
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
To include block readonly capability. Included commits:
3700c55 qemu: add block device readonly support
88a25a2 Refactor code to support multiple virtio transports at runtime
2ee53b0 qemu: Don't set ".cache-size=" when CacheSize is 0
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
cgroup manager is in charge to create and setup cgroups for
virtual containers, for example it adds /dev/kvm and
/dev/vhost-net to the list of cgroup devices in order to have
virtual containers working.
fixes#2438fixes#2419
Signed-off-by: Julio Montes <julio.montes@intel.com>
virtcontainers/pkg/cgroups contains functions and structures needed to deal
with cgroups and virtual containers
Signed-off-by: Julio Montes <julio.montes@intel.com>
We leverage the new openAPI knobs from CLH to set readonly for disk image
and we also pass kernel cmd to set guest root filesystem readonly.
Signed-off-by: Bo Chen <chen.bo@intel.com>
Use CLH branch stable/v0.5.x, and also re-generate the openAPI client
code with the new 'cloud-hypervisor.yaml'.
Fixes: #2488
Signed-off-by: Bo Chen <chen.bo@intel.com>
cri-o v1.16.x has network namespace mount point leaking problem, and
the latest v1.17.x has fixed this problem.
since cri-o and k8s follow the same release cycle and deprecation policy,
I will also update k8s to the latest release v1.17.3-00 as well.
Fixes: #2457
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
A malicious can trick us with a crafted container
rootfs symlink and make runtime umount other mountpoints.
Make sure we do not walk through symlinks when umounting.
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
cloud-hypervisor uses `hybrid vsocks`, it is not needed to find a
context ID.
Fixes: #2481
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
Some flags defined by the host may not be compatible with golang,
not use LDFLAGS but use our own variable.
Fixes: #2478
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
