We need to update the network docs to reflect CNM
and CNI are handled much the same way. Start off
by removing the incorrect CNI docs first.
Fixes#678
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Fix nasty bug which resulted in `kata-env` showing
`VMContainerCapable = true` even on amd64 systems without virtualisation
support (thankfully `kata-check` still showed the correct results).
Added arch-specific tests to avoid any possibility of regression.
Fixes#660.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
golang version 1.8.3 is old and the runtime cannot even be built with
it now it seems.
Since it is no longer considered a stable version [1], move to the
oldest official stable version (version 1.9.7).
Fixes#642.
[1] - https://golang.org/dl/
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Now that we support multiple branches, we changed how
static-checks.sh compares branches. We now need a
variable called $target_branch to make the correct
comparison when testing a PR.
Fixes: #663.
Signed-off-by: Salvador Fuentes <salvador.fuentes@intel.com>
Add a heuristic to ensure the amount of memory allocated to the
hypervisor is bigger than the size of the image.
This catches simple configuration issues where `default_memory=` is set
to a smaller value than the size of either the `image=` or `initrd=`
files.
If the configured image type is `initrd`, fail but only warn in the
logs for `image` as although it seems a highly unlikely scenario, it is
permitted.
Update tests to ensure that created resources have `>0` bytes.
Fixes#636.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
The `TestMinimalRuntimeConfig` should not be using the real
resource files that might be installed on a system so make temporary
files instead to better control the test.
Split out `TestMinimalRuntimeConfigWithVsock` to reduce cyclomatic
complexity (along with dropping the config file delete at the end - not
required as the entire test-specific directory gets auto-deleted).
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
govmm has ExecuteBlockdevAdd() function and ExecuteBlockdevDel() function
doesn't compatible with qemu 2.8,because blockdev-add and x-blockdev-del usages
are different between qemu 2.7 and qemu 2.8
shortlog:
ce070d1 govmm: modify govmm to be compatible with qemu 2.8
0286ff9 qemu/qmp: support hotplug a nic whose qdisc is mq
8515ae4 qmp: Remind users that you must first call ExecuteQMPCapabilities()
21504d3 qemu/qmp: Add netdev_add with chardev support
ed34f61 Add some negative test cases for qmp.go
17cacc7 Add negative test cases for qemu.go
fixes: #637
Signed-off-by: flyflypeng <jiangpengfei9@huawei.com>
If the sandbox has been initialized with a factory, this means the
caller should be in charge of adding any network to the VM, and
virtcontainers library cannot make any assumptions about adding
the default underlying network.
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
The CLI being the implementation of the OCI specification, and the
hooks being OCI specific, it makes sense to move the handling of any
OCI hooks to the CLI level. This changes allows the Kata API to
become OCI agnostic.
Fixes#599
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
As we want to call the OCI hook from the CLI, we need a way for the
CLI to figure out what is the network namespace used by the sandbox.
This is needed particularly because virtcontainers creates the netns
if none was provided.
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
This commit moves the network namespace creation out of virtcontainers
in order to anticipate the move of the OCI hooks to the CLI through a
follow up commit.
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
Since we removed the CNI implementation and that we agreed the network
should only be handled in a single way from virtcontainers, this patch
logically replace the "CNM" naming with "Default".
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
Update the agent vendoring for the new `NewAgentClient()` API - the
agent client code will enable gRPC tracing when passed a context
containing an opentracing span.
Agent client code changes:
6d26d61 client: Add context parameter and enable tracing support
Fixes#640.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
The storage implementation of filesystem was in the same file where
the resource storage interface was declared. It's more proper to
separate implementations and interface into different files.
Fixes#633
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
This noop implementation of resourceStorage will allow for easier
unit testing of some sandbox functions.
Fixes#632
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
The specific agent implementation kata_agent was defining a very
useful generic function that is now moved to the global file
network.go.
Fixes#629
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
The QMP shutdown is taken care of by the sandbox release, through a
call to hypervisor.disconnect(). By shutting down the QMP at the qemu
level directly, we are creating some unrecoverable errors by trying to
close an already closed channel.
This patch simply removes the faulty code, following the same design
other hotplug functions are designed.
Fixes#627
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
QEMU supports GICv2, GICv3 and host parameters for guest
gic-version. The "host" parameter will let QEMU detect
GIC version by itself. This parameter will work properly
when host GIC version is GICv2 or GICv3. But the detection
will failed when host GIC is GICv4 or higher:
"Unable to determine GIC version supported by host"
In this case, we have to detect the host GIC version manually
and force QEMU to use GICv3 when host GIC is GICv4 or higher.
Fixes: #614
Signed-off-by: Wei Chen <wei.chen@arm.com>
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
Add additional `context.Context` parameters and `struct` fields to allow
trace spans to be created by the `virtcontainers` internal functions,
objects and sub-packages.
Note that not every function is traced; we can add more traces as
desired.
Fixes#566.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
We need this configuration due to a limitation in seabios
firmware in handling hotplug for PCI devices with large BARS.
Long term, this needs to be fixed in the firmware.
Fixes#594
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
When creating a device structure to be added to the hypervisor, make
sure that the device includes the vhost-user type. In particular,
for network devices, specificy VhostUserNet.
Fixes: #601
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
With qemu 2.10, a write lock was added for qcow images that
prevents the same image to be passed more than once.
This can be over-ridden using the --share-rw option which is
desired for raw images.
This solves an issue with running Kata with devicemapper
using the privileged mode as in this case all devices on the host
are passed to the container including the block device associated
with the rootfs, causing it to be passed twice to qemu.
Fixes#606
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
