Add grpc API for adding arp neighbours for a network
interface. These are expected to be static arp entries
sent by the runtime.
Signed-off-by: Tim Zhang <tim@hyper.sh>
Got:
make PROTO_FILE=agent.proto generate-protocol
google/protobuf/descriptor.proto: Read access is denied for file: /usr/local/include/google/protobuf/descriptor.proto
This commit will fix this error.
Signed-off-by: Tim Zhang <tim@hyper.sh>
tools/osbuilder/scripts/lib.sh was making references to agent and
runtime repositories to get golang, rust, cmake and musl versions.
Since runtime and agent repos are consolidating, we only need to
make reference to our versions.yaml in this (kata-containers) repo.
Fixes: #234.
Signed-off-by: Salvador Fuentes <salvador.fuentes@intel.com>
Instead of having the versions.yaml in the runtime source,
it makes more sense to have it in the root directory of
the project.
Signed-off-by: Salvador Fuentes <salvador.fuentes@intel.com>
qemu contains all device support for all the board qemu supported
on arm. But we use virt machine in most cases, so there are lots
of code in no relationship with virt then never used.
Here, we add a customized config, named arm-softmmu.mak.virt for
virt board. There is around 5M decrease of qemu binary using this
customized config compared with the common config.
arm-softmmu.mak includes and customizes the pci.mak and usb.mak to let
the change in aarch64-softmmu take effect. also arm-softmmu.mak.virt
is base on arm-softmmu.mak.
comparison of qemu binary between using common config and virt config
-rwxr-xr-x 1 root root 64190080 May 28 12:49 qemu-system-aarch64*
-rwxr-xr-x 1 root root 59061584 May 27 18:14 qemu-system-aarch64.virt*
Fixes: #1062
Signed-off-by: Jianyong Wu <jianyong.wu@arm.com>
Update ubuntu version to 20.04, due to the following linkage errors
is not possible to build QEMU 5 on ubuntu 18.04.
```
libmount.a(libmount_la-fs.o): In function `__mnt_fs_set_source_ptr':
(.text+0x9b1): undefined reference to `blkid_parse_tag_string'
libmount.a(libmount_la-tab.o): In function `mnt_table_find_source':
(.text+0x1dbf): undefined reference to `blkid_parse_tag_string'
libmount.a(libmount_la-utils.o): In function `mnt_tag_is_valid':
(.text+0x618): undefined reference to `blkid_parse_tag_string'
libmount.a(libmount_la-cache.o): In function `mnt_free_cache':
(.text+0x834): undefined reference to `blkid_put_cache'
libmount.a(libmount_la-cache.o): In function `mnt_cache_read_tags':
(.text+0xa24): undefined reference to `blkid_new_probe_from_filename'
(.text+0xa3d): undefined reference to `blkid_probe_enable_superblocks'
(.text+0xa4a): undefined reference to `blkid_probe_set_superblocks_flags'
(.text+0xa57): undefined reference to `blkid_probe_enable_partitions'
(.text+0xa64): undefined reference to `blkid_probe_set_partitions_flags'
(.text+0xa6c): undefined reference to `blkid_do_safeprobe'
(.text+0xb32): undefined reference to `blkid_free_probe'
(.text+0xb7c): undefined reference to `blkid_free_probe'
(.text+0xba0): undefined reference to `blkid_probe_lookup_value'
libmount.a(libmount_la-cache.o): In function `mnt_get_fstype':
(.text+0xef0): undefined reference to `blkid_new_probe_from_filename'
(.text+0xf09): undefined reference to `blkid_probe_enable_superblocks'
(.text+0xf16): undefined reference to `blkid_probe_set_superblocks_flags'
(.text+0xf1e): undefined reference to `blkid_do_safeprobe'
(.text+0xf4a): undefined reference to `blkid_free_probe'
(.text+0xf68): undefined reference to `blkid_probe_lookup_value'
libmount.a(libmount_la-cache.o): In function `mnt_resolve_tag':
(.text+0x130b): undefined reference to `blkid_evaluate_tag'
```
fixes#1060
Signed-off-by: Julio Montes <julio.montes@intel.com>
In Kata 1.x, agent interface is defined in agent repo and vendored by runtime. But in Kata 2.0, agent and runtime will use ttrpc as protocol, and agent is using rust language, so runtime can't vendor agent again, have to compile from agent's protobuf files.
This PR will hold proto files under src/agent, and compile it to rust/go sources for agent/runtime. Typing `make generate-protocols` under root of this repo or `src/agent` can see how to use it.
Signed-off-by: bin liu <bin@hyper.sh>
We only documented how to launch minikube/kata with CRI-O. It is
trivial to flip this to containerd, and that also works with kata-deploy,
so document it.
Fixes: #660
Signed-off-by: Graham Whaley <graham.whaley@intel.com>
Not all the fragments in common are needed by all the arch. The fragment
can be skipped if the have the tag !arch. For example:
# !s390x
Fixes: #1010
Signed-off-by: Alice Frosi <afrosi@de.ibm.com>
For stable versions the format used `x.y.z`.
kata-env was failing trying to make a new release from 1.11.0-rc to
1.11.0
This fix kata-env for releases 1.11+ where this regression was
introduced.
Fixes: kata-containers/runtime#2674
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
With the new HTTP API from CLH, it removes the support of multiple
virtio-vsock devices, as the Linux kernel does not support it.
Signed-off-by: Bo Chen <chen.bo@intel.com>
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
Changes:
96be8229 release: Release v0.7.0
5115ad6e vmm: config: Support on/off/true/false for all booleans
d5bfa2df vmm, vhost_user_block: Make parameter names match --disk
2f0bc06b vmm: Update default devices names as "internal"
aaba6e77 vmm: Add virtio-console to the list of Migratable devices
9ab4bb1a devices: serial: Expect an identifier upon device creation
06487131 vm-virtio: pci: Expect an identifier upon device creation
eeb7e10d vm-virtio: mmio: Expect an identifier upon device creation
9d84ef50 vmm: Make the virtio identifier mandatory
14350f5d devices: ioapic: Expect an identifier upon device creation
55687157 vm-virtio: iommu: Expect an identifier upon device creation
052eff1c vm-virtio: console: Expect an identifier upon device creation
354c2a4b vm-virtio: vhost-user-net: Expect an identifier upon device creation
46e0b3ff vm-virtio: vhost-user-blk: Expect an identifier upon device creation
bb7fa71f vm-virtio: vhost-user-fs: Expect an identifier upon device creation
ec5ff395 vm-virtio: vsock: Expect an identifier upon device creation
9b53044a vm-virtio: mem: Expect an identifier upon device creation
1592a929 vm-virtio: pmem: Expect an identifier upon device creation
2e91b738 vm-virtio: rng: Expect an identifier upon device creation
9eb7413f vm-virtio: net: Expect an identifier upon device creation
be946caf vm-virtio: blk: Expect an identifier upon device creation
ff9c8b84 vmm: Always generate the next device name
81831413 vmm: Add an identifier to the ioapic device
e4386c8b vmm: Add an identifier to the virtio-iommu device
75ddd2a2 vmm: Add an identifier to the --console device
eac350c4 vmm: Add an identifier to the virtio-mem device
6802ef54 vmm: Add an identifier to the --rng device
d71d52e9 vmm: Fix virtio-console creation with virtual IOMMU
b08fde59 vmm: Fix virtio-rng creation with virtual IOMMU
8031ac33 vmm: Fix virtio-vsock creation with virtual IOMMU
50134969 Jenkins: Run musl unit and integration tests on master branch
ce794f78 ci: Pass target triple to the test scripts
33b0e158 resources: Add musl tools and toolchain to the Dockerfile
ad9374bd dev_cli: Add --libc to the build and test commands
8cef3574 vmm: seccomp: Add fork, gettid and pipe2 syscalls to permitted list
ce7678f2 vmm: seccomp: Add tkill syscall to permitted list
12758d7f vmm: seccomp: Add epoll_pwait syscall to permitted list
86fcd19b build: Initial musl support
a5de4955 vmm: Only allow removal of specific types of virtio device
9ed880d7 vmm: Add an identifier to the --fs device
7e0ab6b5 vmm: Fix pmem device creation
3012975c tests: Enhance vsock integration test to support hotplug
6c2bca5f bin: ch-remote: Add support for adding vsock devices
8de7448d vmm: api: Add "add-vsock" API entry point
bf09a1e6 openapi: Add "id" field to VsockConfig
a76cf086 vmm: vm: Remove vsock device from config
99422324 vmm: vm: Add "add_vsock()"
1d61c476 vmm: device_manager: Add support for hotplugging virtio-vsock devices
f8501a3b vmm: config: Move --vsock syntax to VsockConfig
6e049e0d vmm: Add an identifier to the --vsock device
10348f73 vmm, main: Support only zero or one vsock devices
9d1f95a3 openapi: Add missing "id" field
30e2e515 build(deps): bump serde_json from 1.0.51 to 1.0.52
dd9d0d04 build(deps): bump micro_http from `0d87a94` to `c9ffb90`
cdc8493a build(deps): bump thiserror from 1.0.15 to 1.0.16
Fixes: kata-containers/runtime#2658
Signed-off-by: Bo Chen <chen.bo@intel.com>
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
Pmem size now is calculated by the hypervisor. This is not required
anymore. Remove it to simplify the code.
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
Changes:
f5debc4 build(deps): bump libssh2-sys from 0.2.16 to 0.2.17
37dfb4c build(deps): bump hermit-abi from 0.1.11 to 0.1.12
e1a07ce vmm: vm: Unpark the threads before shutdown when the current state is paused
1df38da vmm, tests: Make specifying a size optional for virtio-pmem
7481e4d vmm: config: Validate that shared memory is enabled if using vhost-user
2ac6971 vmm: MemoryManager: Cleanup the usage of std::ffi/io/result
3f42f86 vmm: Add the 'shared' and 'hugepages' controls to MemoryConfig
d6aa717 build(deps): bump syn from 1.0.17 to 1.0.18
3eaeba4 vm-virtio: Fix FS_IO callback for virtio-fs
df14a68 build(deps): bump smallvec from 1.3.0 to 1.4.0
e685854 gh: Separate the build and release jobs
c790bba tests: Migrate from Ubuntu Eoan to Focal
e525af7 build(deps): bump ryu from 1.0.3 to 1.0.4
3e8a6ba ci: Ignore test_snapshot_restore
9ebf052 build(deps): bump cc from 1.0.51 to 1.0.52
f6b150a ci: Add integration test for VM migration
9f08f53 build(deps): bump pin-utils from 0.1.0-alpha.4 to 0.1.0
9c7215d docs: Add the vhost-user-blk test doc
3574437 build(deps): bump cc from 1.0.50 to 1.0.51
4fc75cf vm-virtio: Implement Snapshottable trait for Console
d41ce90 vm-virtio: Implement Snapshottable trait for Pmem
f626bd6 build(deps): bump parking_lot_core from 0.7.1 to 0.7.2
5a380a6 vmm: memory_manager: Support non-power-of-2 block sizes
f8ee89a build(deps): bump arc-swap from 0.4.5 to 0.4.6
49322c5 vm-virtio: Implement the Snapshottable trait for Net
24c2b67 vm-virtio: Improve virtio-net rx queue processing
03dd249 vm-virtio: Restore queues based on used index
cf707da vm-virtio: Extend Queue helpers
c22fd39 vmm: Remove virtio device's userspace mapping on hot-unplug
0a97c25 vmm: Extend MemoryManager to remove userspace mappings
b2de1cd vm-virtio: Implement shutdown() for virtio-fs
fbcf3a7 vm-virtio: Implement userspace_mappings() for virtio-pmem
b035399 vm-virtio: Implement userspace_mappings() for virtio-fs
3fb0a02 vm-virtio: Get userspace mappings from VirtioDevice
8b823e5 build(deps): bump backtrace-sys from 0.1.35 to 0.1.36
c23b488 ci: Factorize virtio-fs hotplug integration tests
f68b08b tests: add integration tests for vm.add-fs route
18f7789 vmm: Add hotplugged virtio devices to the DeviceManager list
c2abadc vmm: Add ability to add virtio-fs device post-boot
bb2139a vmm/api: Add vm.add-fs route
d35e775 vmm: Update KVM userspace mapping when PCI BAR remapping
49cc73a vm-virtio: pci: Make sure to return the correct list of BARs
187b1ee vm-virtio: Implement the Snapshottable trait for Block
a484aa7 vm-virtio: Implement the Snapshottable trait for Rng
ac7178e vmm: Keep migratable devices list as a Vec
b6fdbf7 vm-virtio: Implement Snapshottable trait for MmioDevice
12fec55 vm-virtio: Add helpers to update queue indexes
fd45e94 vm-virtio: Add the ability to serialize a Queue
b7faf4f vhost_user_fs: Add the WRITE_KILL_PRIV write flag.
0870028 vhost_user_fs: Add the IOCTL_COMPAT_32 flag
592cfba vhost_user_fs: Add the EXPLICIT_INVAL_DATA capability flag
621ea83 vhost_user_fs: Add the ZERO_MESSAGE_OPENDIR capability flag
a2830da vhost_user_fs: Add the CACHE_SYMLINKS flag
926a414 vhost_user_fs: Add support for MAX_PAGES
747f31d vhost_user_fs: Add the ABORT_ERROR flag
5eb903a vhost_user_fs: Add support for FOPEN_CACHE_DIR
97e2d5d vhost_user_fs: Add support for CopyFileRange
b8cfdab pci: configuration: Use correct algorithm for BAR size reporting
9bd5ec8 pci, vfio, vm-virtio: Specify a PCI revision ID of 1 for virtio-pci
e7e0e8a vmm, devices: Add firmware debug port device
82d0cdf vhost_user_net: Simplify match values for handle_event()
a517be4 vhost_user_blk: Add multithreaded multiqueue support
13c8283 vhost_user_blk: Make everything private when possible
a31f5f8 vhost_user_blk: Move disk initialization to VhostUserBlkBackend
e78e34b vhost_user_blk: Make DiskFile sharable across threads
808586e vhost_user_blk: Simplify the code by removing VringWorker
ea82632 tests: Enhance test_pmem_hotplug to also unplug device
6389418 tests: Enhance test_disk_hotplug to also unplug device
f9a0445 vmm: vm: Remove device from configuration after unplug
444e5c2 vmm: device_manager: Generalise NoAvailableVfioDeviceName
5bab9c3 vmm: device_manager: Assign ids to pmem/net/disk devices if absent
514491a vmm: device_manager: Support unplugging virtio-pci devices
2fa652a vm-virtio: pci: Add virtio_device() accessor
476e4ce vmm: device_manager: Add virtio-pci devices into id to BDF map
b38470d vmm: config: Add "id" parameter to {Net, Disk, Pmem}Config
1beb62e vmm: vm: Don't panic on kernel load error
Fixes: kata-containers/runtime#2609
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
Runtime must setup the network before moving itself into the cgroup, otherwise
it won't be able to get the vhost/net queues file descriptors for the
hypervisor.
Signed-off-by: Julio Montes <julio.montes@intel.com>
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
Update sandbox's device cgroup before hotpluggin a device and after it has
been removed from the VM, this way the device cgroup in the host is
fully honoured and the hypervisor will have access only to the devices needed
for the sandbox, improving the security.
Signed-off-by: Julio Montes <julio.montes@intel.com>
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
All the code related to HasCRIContainerType is useless and no longer needed
since the CRIContainerType annotation is not considered for constraining or
not the sandbox
Signed-off-by: Julio Montes <julio.montes@intel.com>
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
Kata relies on the cgroup parent created and configured by the container
engine, but sometimes the sandbox cgroup is not configured and the container
may have access to all the resources, hence the runtime must constrain the
sandbox and update the list of devices with the devices hotplugged in the
hypervisor.
Fixes: kata-containers/runtime#2605
Signed-off-by: Julio Montes <julio.montes@intel.com>
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
The hypervisor needs access to `/dev/vfio/vfio` to use VFIO devices.
Remove all devicemapper devices from the allowed list, the device cgroup
must be updated when before hotpluggin any device.
Signed-off-by: Julio Montes <julio.montes@intel.com>
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
add `AddDevice` and `RemoveDevice` to cgroup manager to allow adding
and removing devices from the device cgroup
Signed-off-by: Julio Montes <julio.montes@intel.com>
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
Add functions to convert a host device to a cgroup device or linux device,
the first one is used to update the device cgroup and the second one to
update the resources in the OCI spec.
Signed-off-by: Julio Montes <julio.montes@intel.com>
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
`GetHostPath()` method returns the device path in the host, this way the
runtime can get the device information for updating the sandbox's device
cgroup.
Signed-off-by: Julio Montes <julio.montes@intel.com>
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
Hardcode the Cargo.lock file to prevent dependencies
change which would cause some compatible issues.
Fixes: #230
Signed-off-by: fupan.lfp <fupan.lfp@antfin.com>
Since the ttrpc upgraded with async supported, which isn't
compatible with current agent, thus it's better to change
the dependency to a stable branch.
Fixes: #229
Signed-off-by: fupan.lfp <fupan.lfp@antfin.com>
