You cannot pass environment variables easily between steps/jobs.
Updated flow to define and set step outputs, and use the outputs of the
corresponding steps later in the flow, rather than env variables (which
never worked correctly - whoops).
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
Shutdown API relies on it being cleaned up in order to proceed.
Otherwise it fails silently and shimv2 process never quits.
This can be triggered by killing the vmm while pod is running.
Fixes: #2345
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
Otherwise if we fail to stop it, container state is set as StateStopped.
And future force stop will just be ignored. Then when we force delete
the container, we are deleting it without actually cleaning up container
resources especially the host shared mounts, which would be removed by
agent cleanup code and we endup removing container volume contents
unexpectedly.
Fixes: #2345
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
Overwrite Makefile variable `DISTRO` in order to
build rootfs and initrd images with the right distro.
fixes#868
Signed-off-by: Julio Montes <julio.montes@intel.com>
`get_config_version` should not log anything because it's used
by functions that print a string as return value, hence its return value
can be tainted, i.e `get_config_version`.
fixes#867
Signed-off-by: Julio Montes <julio.montes@intel.com>
Modify existing patch to include EACCES condition to account for files
that do not have write access to be used as a memory backend.
With this not-only files on a read-only filesystem, but files without
write access on a read-write filesystem can be used as a memory
backend in qemu.
This will alow the image to be used read-only by a rootless user as
well.
Fixes#870
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Instead of point to master use the version defined
in versions.yaml
Fixes: #2341
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
Since kustomize was introduced, we need to take into account the new
paths for our kata-deploy yamls.
Fixes: #865
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
This test is not executed at all and it is problematic when
tags are not updated.
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
NEW_VERSION may be unbound whereas kata_version should be defined
following manual release process docs and while using github actions.
Use kata_version instead to checkout correct version of patches.
Check if kata_version is not empty before doing so,
as the release may be triggered for master as well.
Fixes#857
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
- versions: bump firecracker version
- clh: use http client
- rootless: Disable vhost-net for rootless
- compatoci: Add a SetLogger call
- virtiofs: stop sandbox when virtiofsd quits
- vc: Remove device when AddDevice encounters error
- kernel: update to 4.19.83
- Cloud Hypervisor: driver update number 2
- vc: Use map to represent ignoredMounts
- Fc comment
- vc: Check return value from os.MkdirAll in virtiofsdArgs
- vc: Drop Sandbox#Pause and Sandbox#Resume
- vc: Use map built-in accessor to find container in Sandbox#GetContainer
- Makefile: fix suspicious line
- k8s: fix wrong number cpus after killing a container
- vc: Utilize map for newMounts to speed up replaceOCIMountSource
- vc: Sandbox#getAndSetSandboxBlockIndex shouldn't alter BlockIndex in case of error
- virtcontainers: rename GetOCISpec to GetPatchedOCISpec
- tracing: Unbreak tracing test
- fc.go: Set firecracker log level to debug if hypervisor.enable_debug …
- virtcontainers: honour ContainerConfig struct comment and don't save OCI spec
- virtcontainers: improve algorithm to find containers
- Merge #3 of kata-containers/runtime
- FC: extract error info from firecracker built-in log and metrics scheme
- gitignore: include cloud hypervisor configuration toml
- Respect containerd's debug config
- Clh driver: removed hard-coded vsock contextid (cid)
- vc: Persist file handle may leak in FS#ToDisk
- vc: Clean up directories in case MkdirAll fails
- vc: Restore sandbox state when there is error starting containers
- vc: Persist file handle may leak in FS#FromDisk
- sync fork after merge clh driver #1810c2c9 versions: bump firecracker version
0afeb52 clh: clh http unit test
42061f6 clh: cleanup VM dir
c688a15 version: CH bump to master
9f15dd2 clh: remove cli builder
f73723a clh: use http client
0babd38 rootless: Disable vhost-net for rootless
6010218 clh: Implement check()
a10da3e vendor: update openapi deps
1836226 clh: generate client code
dcac021 clh: Add Generation tools for API client
abbb536 virtiofs: stop sandbox when virtiofsd quits
9c0872d vc: Remove device when AddDevice encounters error
67f203f compatoci: Add a SetLogger call
bec46bb vc: Use map to represent ignoredMounts
628799a vc: Check return value from os.MkdirAll in virtiofsdArgs
9dd3f13 Makefile: Move the .git-commit: rule block to below the all: rule
7bcce3d Makefile: do not use tabs in if/else blocks
38224e8 vc: Use map built-in accessor to find container in Sandbox#GetContainer
544730b vc: Drop Sandbox#Pause and Sandbox#Resume
d4be097 Makefile: fix suspicious line
e8cc87b clh: basic/unit tests for clh driver
0697124 fc: update comments for startSandbox
3ef8f6c clh: fixes erroneous killing of virtiofsd
6af127f clh: improve driver logging for failed hypervisor
c58e6f9 kernel: update to 4.19.86
b7731e9 virtcontainers: don't consider non-running container resources
43f0513 virtcontainers: update resources after adding container to sandbox
613fd0f virtcontainers: rename GetOCISpec to GetPatchedOCISpec
330cc72 tracing: Unbreak tracing test
191ee63 fc.go: Set fc log level to debug if hypervisor.enable_debug is true
336edf7 virtcontainers: honour ContainerConfig struct comment and not save Spec
7f67b9f virtcontainers: improve algorithm to find containers
0ac4355 gitignore: include cloud hypervisor configuration toml
1abe52a clh: removed hard-coded vsock contextid (cid)
c833ac2 vc: BlockIndex should not be altered in case of error
b8b6733 vc: Persist file handle may leak in FS#ToDisk
03478d4 vc: Clean up directories in case MkdirAll fails
51d7c23 shim: Respect containerd's debug config
93a0336 vc: Restore sandbox state when there is error starting containers
2331e87 vc: Persist file handle may leak in FS#FromDisk
9a4ee4f vc: Utilize map for newMounts to speed up replaceOCIMountSource
daae1db log: extract error info from firecracker built-in log and metrics scheme
Signed-off-by: katacontainersbot <katacontainersbot@gmail.com>
- release: Fix bug in how version is determined for actions
- kata-deploy: improve debug message, longer cleanup timeout
- v4.19.86: patch update for v4.19.86 on AArch64
- kata-deploy: add k3s support
- ci: Add obs testing for packaging
- kernel: Fix that the help is not printed twice
- obs: Check for broken packages
- kata-deploy: Increase the wait timeout for control plane to come up
- obs: Failed when we have unresolvable packages
- obs: Add fakeroot dependency for ubuntu 19.04
ff20f20 release: Checkout right version of kernel patches
9377c5d release: Fix bug in how version is determined for actions
168709c v4.19.86: patch update for v4.19.86 on AArch64
bbcffc3 kata-deploy: improve debug message, longer cleanup timeout
34ce361 ci: Add obs testing for packaging
0d84085 kernel: Fix that the help is not printed twice
e9bb8e5 kata-deploy: Increase the wait timeout for control plane to come up
37bce87 obs: Check for broken packages
9e716ae kata-deploy: add k3s support
380bd92 kata-deploy: reorganize files to support kustomize
0b9b722 obs: Add fakeroot dependency for ubuntu 19.04
5956065 obs: Failed when we have unresolvable packages
Signed-off-by: katacontainersbot <katacontainersbot@gmail.com>
- make: use `cd` instead of '--directory' option of `cpio`
38d0be3 make: use `cd` instead of '--directory' option of `cpio`
Signed-off-by: katacontainersbot <katacontainersbot@gmail.com>
Improve our virtualization documentation, as well as introduce
the Cloud Hypervisor VMM. This creates a virtualization specific
document, and references this from the primary architecture document.
We are still limited on ACRN documentation: this should be augmented
in a follow on PR.
The PNGs included were grabbed from https://docs.google.com/presentation/d/1ZJg3w3O6F_j3ucQhdbBdj2hZUwg7L7qF347xC07L2_wFixes: #567
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
remove dirtory created for VM. This should be refactored in all
hypervisors
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
Remove cli builder code as now that we use http client
Signed-off-by: Bo Chen <chen.bo@intel.com>
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
Instead of build a command, use Cloud Hypervisor http API.
Fixes: #2165
Signed-off-by: Bo Chen <chen.bo@intel.com>
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
These are the unit tests for the sandbox struct. This is the summary
of the most important changes:
- To test containers it was needed to create a `LinuxContainer` type
and this requires root privileges. So, some tests now requires root
user to be run.
- There was a bug in the `unset_sandbox_storage` method. The return
type was wrapped in a `Result` to avoid this problem.
Fixes: #50
Signed-off-by: Erich Cordoba <erich.cordoba.malibran@intel.com>
Since the /dev/vhost-net device is owned by root, we cannot used
vhost-net networking in rootless mode. Instead of having to
do this manually in the toml, disable vhost-net when the runtime
detects it is running rootless.
Fixes#2321
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
dep ensure to update new deps from openapi client
golang.org/x/oauth2
Signed-off-by: Bo Chen <chen.bo@intel.com>
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
cloud-hypervisor provides an API server to send commands
in a qmp and Firecracker style over an Unix socket.
The API is defined via OpenAPI, this commit adds
scripts to help to generate a client using:
https://github.com/OpenAPITools/openapi-generator
This will make easy to update any change related with the API
in the future.
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
Commit 89e0dfae11 ("qemu: stop qemu process when virtiofsd quits")
stops sandbox when virtiofsd quits so that virtiofs mount inside guest
won't hang. But commit d5a3d0a61c ("virtiofs: use virtiofsd
--fd=FDNUM") deleted this monitor logic.
Add the Scanner back to monitor virtiofsd's stderr and stop sandbox if
Scanner returns error.
Note that we don't monitor the virtiofsd process itself is because
virtiofsd may be live-upgraded (when available) and the original
process may quit, but virtiofs service is still running.
Fixes: #2315
Signed-off-by: Eryu Guan <eguan@linux.alibaba.com>
