Thist patch adds the following,
1. ACRN only supports virtio-blk and so the rootfs for the VM
sits at /dev/vda. So to get the container rootfs increment the
globalIndex by 1.
2. ACRN doesn't hot-plug container rootfs (but uses blkrescan) to
update the container rootfs. So the agent can be provided the virtpath
rather than the PCIaddr avoiding unneccessary rescaning to find the
virthpath.
v1->v2:
Removed the workaround of incrementing index for
virtio-blk device and addressed it acrn.
Fixes: #1778
Signed-off-by: Vijay Dhanraj <vijay.dhanraj@intel.com>
This patch adds the following,
1. Implement Sandbox management APIs for ACRN.
2. Implement Sandbox operation APIs for ACRN.
3. Add support for hot-plugging virtio-blk based
(using blk rescan feature) container rootfs to ACRN.
4. Prime devices, image and kernel parameters for
launching VM using ACRN.
v2->v3:
Incrementing index to keep track of virtio-blk devices
created. This change removes the workaround introduced
in block.go.
v1->v2:
1. Created issue #1785 to address the UUID TODO item.
2. Removed dead code.
3. Fixed formatting of log messages.
4. Fixed year in copyright message.
5. Removed acrn_amd64.go file as there are no amd64 specific
changes. Moved the code to acrn_arch_base.go.
Fixes: #1778
Signed-off-by: Vijay Dhanraj <vijay.dhanraj@intel.com>
This patch adds support for,
1. Extracting and configuring ACRN hypervisor from toml.
2. Add ACRN hypervisor ctl for controlling ACRN hypervisor.
This will be used for updating virtio-blk based
container rootfs using blk rescan feature.
v2->v3:
Fixed acrnctl path.
v1->v2:
Trimmed hypervisor config options as needed by ACRN.
Fixes: #1778
Signed-off-by: Vijay Dhanraj <vijay.dhanraj@intel.com>
ACRN hypervisor is a type-1 hypervisor and this patch
adds support to check and validate if the system is
capable of running kata containers with ACRN hypervisor.
Depends-on: github.com/kata-containers/tests#1793
v3->v4:
Implemented a generic way to identify hypervisor and
test VM creation.
v2->v3:
1. Removed cgo structs and defined go structs.
2. Suppressed lint warnings due to unused createVM struct.
v1->v2:
1. Created an issue #1784 to address TODO item.
2. Fixed formatting of the log message.
3. Currently ACRN is only supported on amd64. So
moved ACRN specific code to kata-check_amd64.go.
Fixes: #1778
Signed-off-by: Vijay Dhanraj <vijay.dhanraj@intel.com>
This patch covers the following aspects,
1. Add ACRN as a supported hypervisor for amd64 architecture.
2. Build and install configuration file for ACRN hypervisor.
v1->v2:
1. Deleted autogenerated configuration-acrn.toml.
2. Trimmed configuration options not used by ACRN.
Fixes: #1778
Signed-off-by: Vijay Dhanraj <vijay.dhanraj@intel.com>
To avoid conflics between kata companents and their versions, all
components should be built using their tagged version.
Signed-off-by: Julio Montes <julio.montes@intel.com>
Setup the kernel by hand is prone to errors.
Use `build-kernel.sh setup` to pull and setup the kata kernel.
fixes#438
Signed-off-by: Julio Montes <julio.montes@intel.com>
osbuilder shares the yq binary with the container that generates the image,
unfortunately the snap version of yq is not a static binary hence it's not
compatible with the alpine container.
Signed-off-by: Julio Montes <julio.montes@intel.com>
- Changes:
- version: v1.14.6
- Add username and homedir to generated password
- Close temporary image in PullImage
- Version 1.14.6-dev
- Version 1.14.5
- version: if git commit is empty, silently ignore
- enable inline exec and attach test
- Bump up minMemoryLimit to 12Mb
- Backport CircleCI config
- Fix up machine os content version and cri-o version in spec
- Add state of infracontainer to disk when stopped
- Use GlobalAuthFile when pulling the pause image if
PauseImageAuthFile is not set
- Don't discard copy.Options.SourceCtx when credentials are provided
- Don't set non-default copy.Options in imageService.PullImage if it is nil
- Add global_auth_file option to crio.image config
- Create network and plugins directory if they do not exist
- Disable file locking by default
- Update containers/image to v2.0.0, buildah to 1.8.4, libpod to 1.4.1, ...
- Bump github.com/containers/libpod from 1.2.0 to 1.3.1
- Vendor containers/storage v1.12.4
- update github.com/containers/* dependencies
- Changes to rpm build and Dockerfile for ci
- When plugin_dir is set, only use that value
- Update Makefile to be usable without git
- bump to version 1.14.5-dev
- bump to version 1.14.4
- Default to runc is default_runtime is not set
- Fix missing images names on list
- Add crio-wipe
- Add logic for running OpenShift CI on cri-o PRs
- Update device cgroup permissions for configured devices.
- version: v1.14.4-dev
- version: v1.14.3
- Fix runtime panic when having concurrent writes to runtime impl map
- server: do not add default /sys if bind mounted
- Change plugin_dir to plugin_dirs
- Added unit tests
- Add version file functionality
- fix build issues on 32-bit arches
- conmon: use sd_journal_sendv
- make vendor generated
- Move to v1.14.3-dev
- Tag v1.14.2
- Vendor in c/storage release-1.13
- Revert "update github.com/containers/* dependencies"
- Update test suites
- Fix logic of server.restore()
- version: v1.14.2-dev
Fixes#1866
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
Add missing kernel configs to avoid `make oldconfig` asks or
takes the default value for the missing configs.
fixes#623
Signed-off-by: Julio Montes <julio.montes@intel.com>
We want to use the same script for both
PRs and new package CD. Depending if CI
is set a release push will be done or
a ci.
Fixes: #617
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
Fixed `TestSandboxCreationFromConfigRollbackFromCreateSandbox` which
requires that the hypervisor does not exist. Unfortunately, it does
exist (as a fake test binary), but isn't executable meaning although the
test failed (since an error is expected), rather than the expected
`ENOENT` error, the test was logging a message similar to the following
since the fake hypervisor exists with non-executable permissions:
```
Unable to launch /tmp/vc-tmp-526112270/hypervisor: fork/exec /tmp/vc-tmp-526112270/hypervisor: permission denied
```
Fixes: #1835.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Update the `TestQemuAddDeviceKataVSOCK` test so that it:
- Doesn't hard-code the file descriptor number.
- Cleans up after itself.
The latter issue was causing an odd error similar to the following in
the test output:
```
Unable to launch /tmp/vc-tmp-526112270/hypervisor: fork/exec /tmp/vc-tmp-526112270/hypervisor: permission denied
```
Partially fixes: #1835.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
This will take the VERSION of all the components in order to
verify that they match among them before merging the runtime.
Fixes#1581
Depends-on: github.com/kata-containers/packaging#614
Signed-off-by: Gabriela Cervantes <gabriela.cervantes.tellez@intel.com>
qemu static is using all the patches that we have for qemu,
we only want to apply depending the version.
Fixes: #619
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
The image tag opensuse:leap not longer exist
use the the new image format.
Fixes: #615
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
The main purpose is that this script will be used to verify
that VERSION among the components are equal before merging the runtime.
Fixes#613
Depends-on: github.com/kata-containers/runtime#1858
Signed-off-by: Gabriela Cervantes <gabriela.cervantes.tellez@intel.com>
After a rc0 is created the path to have an stable release starts, after that
any rc0 is to improve stabability and not more features are added. When it is
the projects is considered stable no more rc* are done.
Fixes: #611
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
Sometimes get logs could fail, for example
when a tag does not exit, instead of fail
just log the error in the PR.
Fixes: #609
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
When the rootfs creation is used for PRs there is
not a match with a kata runtime version, in this
case lets clone the runtime repository and checkout
to the kata branch target. If is already cloned
this mean this was set by depens-on script or the user.
Fixes: #326
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
We are seeing sporadic failures in the rootfs creation as listed here:
https://github.com/kata-containers/tests/issues/1744
While this cannot be reproduced locally, there is no reason
for the failure to write to $ROOTFS_DIR/etc/chrony.conf unless the upper
directories are missing as this file should be created if it did not
exist earier.
So just create the etc directory to test out if we see these sporadic
failures in the CI.
Fixes#328
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
