1. For the git clone operation, 'sh' step in a single line would suffice.
2. Provide directory context using 'dir', this avoids having to provide the
path to the scripts twice, while executing each and every script in that folder.
Signed-off-by: Ramanathan Muthaiah <rus.cahimb@gmail.com>
Document examples of how to import Kata logs with `fluentd`.
Show examples both from the systemd/logfmt method and the
file/JSON method.
Fixes: #601
Depends-on:github.com/kata-containers/tests/pull/2334
Signed-off-by: Graham Whaley <graham.whaley@intel.com>
libcontainer's cgroups V2 implementation requires BPF to run a BPF
program in the container
fixes#955
Signed-off-by: Julio Montes <julio.montes@intel.com>
Now that ubuntu 19.04 and fedora 29 has come EOL, we should remove the generation of
the obs generation and testing for ubuntu 19.04.
Fixes#953
Signed-off-by: Gabriela Cervantes <gabriela.cervantes.tellez@intel.com>
This will test the kata-containers packages that are available on
Fedora 31 to see that they are working properly.
Fixes#951
Signed-off-by: Gabriela Cervantes <gabriela.cervantes.tellez@intel.com>
document what cgroups are supported and what changes are needed in the
configuration file to support them.
fixes#603
Signed-off-by: Julio Montes <julio.montes@intel.com>
For one thing, we should not make kata's internal device type
exactly as govmm string by string.
For another thing, latest govmm changes the device driver strings
and it breaks kata in such a way but the fault is on kata side IMHO.
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
To include block readonly capability. Included commits:
3700c55 qemu: add block device readonly support
88a25a2 Refactor code to support multiple virtio transports at runtime
2ee53b0 qemu: Don't set ".cache-size=" when CacheSize is 0
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
Add a section detailing the minimum debug you need to configure in
order to capture the kernel boot messages in the system journal.
Fixes: #593
Signed-off-by: Graham Whaley <graham.whaley@intel.com>
cgroup manager is in charge to create and setup cgroups for
virtual containers, for example it adds /dev/kvm and
/dev/vhost-net to the list of cgroup devices in order to have
virtual containers working.
fixes#2438fixes#2419
Signed-off-by: Julio Montes <julio.montes@intel.com>
virtcontainers/pkg/cgroups contains functions and structures needed to deal
with cgroups and virtual containers
Signed-off-by: Julio Montes <julio.montes@intel.com>
We leverage the new openAPI knobs from CLH to set readonly for disk image
and we also pass kernel cmd to set guest root filesystem readonly.
Signed-off-by: Bo Chen <chen.bo@intel.com>
Use CLH branch stable/v0.5.x, and also re-generate the openAPI client
code with the new 'cloud-hypervisor.yaml'.
Fixes: #2488
Signed-off-by: Bo Chen <chen.bo@intel.com>
This repo triggers the github action to create release tarballs.
It looks for release tags in other repos. So tag this repo
last to make sure tags have been created on other repos.
Fixes#947
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Removes two (similar) functions that install `yq`. Instead of
having different functions, use the one that we have in the
tests repository.
In addition, removes the `.ci/lib.sh` which only had an additional
`clone_tests_repo` function which was not being used.
Fixes: #939.
Signed-off-by: Salvador Fuentes <salvador.fuentes@intel.com>
cri-o v1.16.x has network namespace mount point leaking problem, and
the latest v1.17.x has fixed this problem.
since cri-o and k8s follow the same release cycle and deprecation policy,
I will also update k8s to the latest release v1.17.3-00 as well.
Fixes: #2457
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
A malicious can trick us with a crafted container
rootfs symlink and make runtime umount other mountpoints.
Make sure we do not walk through symlinks when umounting.
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
We now make alpha releases before making a release candidate release.
Mention this in the docs.
Fixes#598
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Update release doc to mention that patch releases are not made
every 3 weeks, while minor releases are made every 12 weeks now.
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
cloud-hypervisor uses `hybrid vsocks`, it is not needed to find a
context ID.
Fixes: #2481
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
