Rather than hardcoding the tarball name to be generated in the
Dockerfile, pass this as an argument.
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Rename artifacts to format kata-static-{artifact-name}.tar.gz.
These predictable names are intended to be consumed by github
actions in our release process.
Fixes#803
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Updated to better clarify this configuration option. Currently in QEMU
pre 1.9 release of Kata, vhost-net is used for the virtio-net backend.
This results in efficient network I/O performance, but does rely on the
backend running in ring0 (host kernel). Update comment to clarify this
trade-off for end-users.
Fixes: #2198
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
vhost-net backend is not supported by the Firecracker VMM. It doesn't
make sense to have this in the configuration, and we should explicitly
disable it.
Fixes: #2192
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
This patch adds a unit test for `namespace.rs`. The baseline for this
test comes from the Go agent tests in which the namespace is mounted in
a temporary folder.
In order to enable testing in the temporary folder the code was refactored
allow configuration for the specified namespace, thus the changes done
are described below:
- The `setup_persistent_ns` method was moved inside the `Namespace` type.
- A builder pattern was implemented for the `Namespace` type. This allows
the caller to set the type of the desired namespace as well as the root
folder which will help the testing.
- A new `NamespaceType` enum was introduced to represent the namespace type.
- The user of the `Namespace` type (sandbox.rs) was updated accordingly.
Fixes: #50
Signed-off-by: Erich Cordoba <erich.cordoba.malibran@intel.com>
The existing document hasn't been updated since ~1.4. Updated to remove
references to qemu-lite, added details on Firecracker.
We still need details on ACRN added here as well.
Fixes: #570
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
Firecracker have its own logging scheme, providing two fifo files with log
and metrics info.
We should extract error info for better debugging.
Fixes: #2072
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
Signed-off-by: Haibo Xu <haibo.xu@arm.com>
When kata-agent run as init process in initrd, do the
init in which will do some base mount such as mount
/proc; thus the following config.parse_cmdline can access
/proc/cmdline to parse the parameters such as agent.log etc.
Fixes: #85
Signed-off-by: lifupan <lifupan@gmail.com>
firecracker 0.19.0 API is not backward compatible, hence we need
to bump the firecracker minimum supported version to 0.19.0
Signed-off-by: Julio Montes <julio.montes@intel.com>
Prior to the addition of tcMirroring support kata-runtime had
compatibility issues with some CNI plugins some of which were addressed
by the bridged model. With the addition of tc mode there are no gaps in
networking that can be filled by the bridged mode or enlightened mode
(which was never implemented).
Eliminate both of these options to simplify the setup.
Fixes: #1213
Signed-off-by: Manohar Castelino <manohar.r.castelino@intel.com>
Fix bug in the `kata-configure-docker.sh` script which assumed
`/etc/docker/` existed by default.
Fixes: #800
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
We do not want to create cgroups in case of rootless.
Fix the logic to implement this.
Fixes#2177
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
The CI was failing due to two problems.
1. The `ci/static-checks.sh` was run from an incorrect place.
2. `rustfmt` was failing as some code wasn't correctly formatted.
This patch address all the changed requested by rustfmt and the
`static-checks.sh` script was updated
Fixes: #83
Signed-off-by: Erich Cordoba <erich.cordoba.malibran@intel.com>
FIPS are a set of security standards for encryption algorithms
in user and kernel space among others.
Have Kata support this by starting the VM for a container
in FIPS mode on detecting that the host is running in FIPS mode.
Depends-on: github.com/kata-containers/packaging#788
Fixes#2170
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
The repos of the CI builds are not used anywhere so let's be friendly to
the OBS infrastructure and do not publish them.
Signed-off-by: Ralf Haferkamp <rhafer@suse.com>
