In order to move the hypervisor implementations into their own package,
we need to put the capabilities type into the types package.
Fixes: #1119
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
In order to move the hypervisor implementations into their own package,
we need to put the asset type into the types package and break the
hypervisor->asset->virtcontainers->hypervisor cyclic dependency.
Fixes: #1119
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Support building with `make HYPERVISOR=firecracker`.
Notes:
- Firecracker is currently only supported on x86_64, hence the
architecture check.
- The template file `cli/config/configuration-fc.toml.in` is based
on `cli/config/configuration.toml.in`.
Fixes#1105.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Improve the build to:
- Encapsulate the qemu configuration.
- Validate the chosen hypervisor.
- Display hypervisor details for `make help`.
This lays the groundwork to build configurations for multiple
hypervisors.
Notes:
- Variables that are hypervisor specific have now been suffixed with `_QEMU`.
- `make install` now installs `configuration-qemu.toml`.
To maintain compatibility with existing installations, a symbolic link
to this file called `configuration.toml` is created.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Move the quiet prefix from the `INSTALL_EXEC` recipe and use it at the
call sites. This makes the code robust when calling the recipe in a
`$(foreach ...)` loop.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
The error message does not provide the max memory that is exceeded.
Fix it for better error information.
Fixes: #1120
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
Function SetKernelParams is just to update the runtimeConfig according to itself.
It just around the configuration.
So this patch moves it to updateRuntimeConfig.
Fixes: #1106
Signed-off-by: Hui Zhu <teawater@hyper.sh>
Add firecracker version to versions.yaml. This allows kata
packaging to build and package firecracker.
Fixes: #1103
Signed-off-by: Manohar Castelino <manohar.r.castelino@intel.com>
The contents of /proc/cpuinfo were
trimmed and hence the "model" field could
not be parsed despite being a field in
/proc/cpuinfo. Fix this issue.
Fixes: #1089
Signed-off-by: Nitesh Konkar niteshkonkar@in.ibm.com
This reverts commit 802bfa26c9.
Seems that we have some performance issues when
using this new kernel. Reverting to have a clean CI and
have a proper investigation about the degradation.
Fixes: #1100.
Signed-off-by: Salvador Fuentes salvador.fuentes@intel.com
When overlay is used as storage driver, kata runtime creates a new bind mount
point to the merged directory, that way this directory can be shared with the
VM through 9p. By default the mount propagation is shared, that means mount
events are propagated, but umount events not, to deal with this problem and to
avoid left mount points in the host once container finishes, the mount
propagation of bind mounts should be set to private.
Depends-on: github.com/kata-containers/tests#971
fixes#794
Signed-off-by: Julio Montes <julio.montes@intel.com>
And add some additional log output for displaying the directories and
files created when kicking the virtcontainers tests.
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
We always call waitSandbox after we start the VM (startSandbox), so
let's simplify the hypervisor interface and integrate waiting for the VM
into startSandbox.
This makes startSandbox a blocking call, but that is practically the
case today.
Fixes: #1009
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
We always combine the hypervisor init and createSandbox, because what
we're trying to do is simply that: Set the hypervisor and have it create
a sandbox.
Instead of keeping a method with vague semantics, remove init and
integrate the actual hypervisor setup phase into the createSandbox one.
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
We can now remove all the sandbox shared types and convert the rest of
the code to using the new internal types package.
This commit includes virtcontainers, cli and containerd-shim changes in
one atomic change in order to not break bisect'ibility.
Fixes: #1095
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
The types package holds all shared virtcontainers types.
With the separation of the virtcontainers code into separate packages,
we need a types one to not create circular dependencies.
This package holds sandbox related types and structures for now. It will
grow as virtcontainers code is moved into their own internal packages.
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Since we're going to have both external and internal types packages, we
alias the external one as vcTypes. And the internal one will be usable
through the types namespace.
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Pass Seccomp profile to the agent only if
the configuration.toml allows it to be passed
and the agent/image is seccomp capable.
Fixes: #688
Signed-off-by: Nitesh Konkar niteshkonkar@in.ibm.com
cri containerd calls kill on stopped sandbox and if we
fail the call, it can cause `cri stopp` command to fail
too.
Fixes: #1084
Signed-off-by: Peng Tao <bergwolf@gmail.com>
Now that stopVM() also calls agent.stopSandbox(), we can have the
sandbox Stop() call using stopVM() directly and avoid code duplication.
Fixes: #1011
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
We always ask the agent to start the sandbox when we start the VM, so we
should simply call agent.startSandbox from startVM instead of open
coding those.
This slightly simplifies the complex createSandboxFromConfig routine.
Fixes: #1011
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
startSandbox() wraps a single operation (sandbox.Start()), so we can
remove it and make the code easier to read/follow.
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
If the env KATA_CONF_FILE was set, shimv2 will use it as the
kata configure file, otherwise, it will try to find it from
/etc and /usr/share directory.
Fixes: #1091
Signed-off-by: fupan <lifupan@gmail.com>
The Network API no longer supports the state field. Using the
state field causes the API call to fail.
Note: The firecracker binary needs to be updated to match the API
as the older versions will expect the state field.
Fixes: #1078
Signed-off-by: Manohar Castelino <manohar.r.castelino@intel.com>
This value will be plused to max memory of hypervisor.
It is the memory address space for the NVDIMM devie.
If set block storage driver (block_device_driver) to "nvdimm",
should set memory_offset to the size of block device.
Signed-off-by: Hui Zhu <teawater@hyper.sh>
Set block_device_driver to "nvdimm" will make the hypervisor use
the block device as NVDIMM disk.
Fixes: #1032
Signed-off-by: Hui Zhu <teawater@hyper.sh>
- sandbox: cleanup sandbox if creation failed
- mounts: Ignore existing mounts if they cannot be honored
- config: Add firecracker as a supported hypervisor configuration
- Firecracker: virtio mmio support
- Firecracker VMM support
- shimv2: discard log before shim init log output
- virtcontainers: cgroups: Don't error if no thread ID
- Copy files from host to guest
- katautils: check config factory/template and vsock
- virtcontainers: Add context when creating tests sandboxes
- make: Add "GOPATH not set"
- virtcontainers: network: Use multiqueue flag only when appropriate
- katautils: fix the issue of shimv2 boot failed with vsock enabled
- docs: add IBM Z in the README
- qemu-arm64: refactor 'console=hvc0,hvc1' for kata-agent debugging
- network: Don't assume multiple queues support by default
- virtcontainers: make sandbox manage VM resources
- factory: set guest time after resuming
- shimv2: fix the error of reaping qemu process mistakenly
- s390x: add support for s390x
- config: Add cache-related options for block devices
83e38c9 mounts: Ignore existing mounts if they cannot be honored
bf1a5ce sandbox: cleanup sandbox if creation failed
0d84d79 virtio-mmio: Add support for virtio-mmio
353564a config: Reorganize the code to fix code complexity
d6c1f53 config: Add firecracker configuration support
b4c3a2f virtcontainers: fc: Stop the VM by killing the process
fba2379 firecracker: Add support for pseudo hotplug
22ebc09 firecracker: Close the vsock vhostfd
e65bafa virtcontainers: Add firecracker as a supported hypervisor
c1d3f1a firecracker: VMM API support
c34b045 firecracker: vendor in all firecracker dependencies
a21d1e6 virtcontainers: cgroups: Don't error if no thread ID
378d815 virtcontainers: copy or bind mount shared file
bc31844 virtcontainers: Check file sharing support
6291762 virtcontainers: copy files form host to guest
dcd48a9 vc: capabilities: add capability flags for filesystem sharing
e776380 vendor: update kata agent
e4e7c3a katautils: check config template and vsock
0f1fde4 virtcontainers: network: Use multiqueue flag only when appropriate
f63a18d virtcontainers: Add context when creating tests sandboxes
05be5bf shimv2: discard log before shim init log output
e98dee6 docs: drop 's in architecture names for consistency
1892102 docs: add IBM Z in the README
573b73e katautils: fix the issue of shimv2 boot failed with vsock enabled
c8c564b qemu-arm64: refactor 'console=hvc0,hvc1' for kata-agent debugging
a1af1cb virtcontainers: network: Rely on hypervisor capabilities for multi queues
a227ab8 virtcontainers: hypervisor: Add capability regarding multiqueue support
0bcd221 virtcontainers: network: Rename numCPUs to queues
2cb4bb9 virtcontainers: network: Reorganize endpoints interconnection
d4586d4 test: remove TestHotplugRemoveMemory
0d80202 vc:sandbox: rename newcontainer to fetchcontainer.
618cfbf vc: sandbox: Let sandbox manage VM resources.
2535844 make: Add "GOPATH not set"
8444a7a factory: set guest time after resuming
f813708 vendor: update agent vendor for SetGuestDateTime
6f83061 s390x: add support for s390x
df8b7db shimv2: fix the issue of reaping child mistakenly
e4a3fd5 vendors: upgrade the containerd vendors
6024088 config: Add cache-related options for block devices
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
In case we use an hypervisor that cannot support filesystem sharing,
we copy files over to the VM rootfs through the gRPC protocol. This
is a nice workaround, but it only works with regular files, which
means no device file, no socket file, no directory, etc... can be
sent this way.
This is a limitation that we accept here, by simply ignoring those
non-regular files.
Fixes#1068
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
