- qemu: use x-ignore-shared to implement vm template
- virtiofs: Allow memory hotplug with virtiofs
- Firecracker Add jailer support for firecracker
- runtime: update govmm and move to virtio 1.0 for hotplugs
- HV: kata-runtime support for ACRN hypervisor
- versions: add crictl version which is compatible with OpenShift
- versions: update CRI-O to v1.14.6
- Fix fork exec test errors
- ci: Verify and block merge if other projects are not updated
- shimv2: Add missing page size to Hugetlb Stat
d14968b qemu: use x-ignore-shared to implement vm template
d392b22 virtiofs: Allow memory hotplug with virtiofs
050f8e9 runtime: Disable disable-modern for virtio QMP add
3e4989d vendor: update govmm and match code
4fed346 Firecracker: Enable jailer by default
78ea50c virtcontainers: Jailer: Add jailer support for firecracker
98a6973 virtcontainers: Add ACRN unit test cases
f246a79 virtcontainers: Add support for updating virtio-blk based container rootfs
d9a4157 virtcontainers: Add support for launching/managing ACRN based VMs
828e0a2 pkg/katautils: Add support for ACRN hypervisor config
adcac93 kata-check: Check and validate type-1 hypervisor for kata
4d26cee Make: Add ACRN hypervisor and generate configuration file
bdd8947 versions: add crictl version which is compatible with OpenShift
098501a versions: update CRI-O to v1.14.6
4968438 tests: Fix fork/exec test error
fcf9f9f test: Fix fd leak causing test error
5182a25 ci: Verify and block merge if other projects are not updated
da7f5f3 shimv2: Add missing page size to Hugetlb Stat
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
- rootfs: upgrade docker images for fedora
- rootfs: Make sure etc exists.
edb770e rootfs: upgrade docker images for fedora
27dddf0 rootfs: Make sure etc exists.
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
Add Minikube to the list of 'cloud' providers installation instructions.
Whilst there, order the list alphabetically.
Signed-off-by: Graham Whaley <graham.whaley@intel.com>
In the workaround solution of ConfigPath, there is a '$@'
missing in the script, so add it.
Fixes: #515
Signed-off-by: Chengguang Xu <cgxu519@zoho.com.cn>
These instructions cover how to install the out of tree
QAT drivers to the host, build a custom kata kernel and
rootfs, and build a QAT accelerated OpenSSL container
image.
Fixes: #509
Signed-off-by: <eric.adams@intel.com>
Add the use case of provisioning an existing rootfs directory with the
components / configurations needed to generate a Kata compatible images.
This supports use cases such as using a rootfs built outside of
osbuilder, and providing a overlay for dracut built initrds.
Signed-off-by: Marco Vedovati <mvedovati@suse.com>
qemu upstream has x-ignore-shared that works similar
to our private bypass-shared-memory. We can use it to
implement the vm template feature.
Fixes: #1798
Depends-on: github.com/kata-containers/packaging#641
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
Then we can use x-ignore-shared to do migration and drop the
extra patch once we move to qemu 4.1.0 or later.
Fixes: #640
Depends-on: github.com/kata-containers/runtime#1799
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
Kata with virtio-fs fails to do memory hotplugging. This is caused by
the fact that hot plugged memory is always backed by
'memory-backend-ram' while virtio-fs expects it to be backed by file and
shared for it to be able to use the system the way it is intended. This
chnage allows using file based memory backend for virtio-fs, hugepages
or when the user prefers to use a file backed memory
Fixes: #1745
Signed-off-by: Ganesh Maharaj Mahalingam <ganesh.mahalingam@intel.com>
History: the previous version of kvm (unknown) and qemu-lite had an
issue using virtio 1.0 version when it came to device hotplug, which led
to the team to disable 1.0 version of virtio for hotplug (set
disable-modern=on). Please check
e99f6b2931
for further info.
We have since moved to QEMU4.0 and probably a later version of kvm as
default across all distros. This change is to move to virtio 1.0 for
hotplugging devices.
Fixes: #1870
Signed-off-by: Ganesh Maharaj Mahalingam <ganesh.mahalingam@intel.com>
Add jailer support to configuration files.
Also enable jailer by default in Kata containers.
Signed-off-by: Manohar Castelino <manohar.r.castelino@intel.com>
Firecracker provides a jailer to constrain the VMM. Use this
jailer to launch the firecracker VMM instead of launching it
directly from the kata-runtime.
The jailer will ensure that the firecracker VMM will run
in its own network and mount namespace. All assets required
by the VMM have to be present within these namespaces.
The assets need to be copied or bind mounted into the chroot
location setup by jailer in order for firecracker to access
these resouces. This includes files, device nodes and all
other assets.
Jailer automatically sets up the jail to have access to
kvm and vhost-vsock.
If a jailer is not available (i.e. not setup in the toml)
for a given hypervisor the runtime will act as the jailer.
Also enhance the hypervisor interface and unit tests to
include the network namespace. This allows the hypervisor
to choose how and where to lauch the VMM process, vs
virtcontainers directly launching the VMM process.
Fixes: #1129
Signed-off-by: Manohar Castelino <manohar.r.castelino@intel.com>
Thist patch adds the following,
1. ACRN only supports virtio-blk and so the rootfs for the VM
sits at /dev/vda. So to get the container rootfs increment the
globalIndex by 1.
2. ACRN doesn't hot-plug container rootfs (but uses blkrescan) to
update the container rootfs. So the agent can be provided the virtpath
rather than the PCIaddr avoiding unneccessary rescaning to find the
virthpath.
v1->v2:
Removed the workaround of incrementing index for
virtio-blk device and addressed it acrn.
Fixes: #1778
Signed-off-by: Vijay Dhanraj <vijay.dhanraj@intel.com>
This patch adds the following,
1. Implement Sandbox management APIs for ACRN.
2. Implement Sandbox operation APIs for ACRN.
3. Add support for hot-plugging virtio-blk based
(using blk rescan feature) container rootfs to ACRN.
4. Prime devices, image and kernel parameters for
launching VM using ACRN.
v2->v3:
Incrementing index to keep track of virtio-blk devices
created. This change removes the workaround introduced
in block.go.
v1->v2:
1. Created issue #1785 to address the UUID TODO item.
2. Removed dead code.
3. Fixed formatting of log messages.
4. Fixed year in copyright message.
5. Removed acrn_amd64.go file as there are no amd64 specific
changes. Moved the code to acrn_arch_base.go.
Fixes: #1778
Signed-off-by: Vijay Dhanraj <vijay.dhanraj@intel.com>
This patch adds support for,
1. Extracting and configuring ACRN hypervisor from toml.
2. Add ACRN hypervisor ctl for controlling ACRN hypervisor.
This will be used for updating virtio-blk based
container rootfs using blk rescan feature.
v2->v3:
Fixed acrnctl path.
v1->v2:
Trimmed hypervisor config options as needed by ACRN.
Fixes: #1778
Signed-off-by: Vijay Dhanraj <vijay.dhanraj@intel.com>
ACRN hypervisor is a type-1 hypervisor and this patch
adds support to check and validate if the system is
capable of running kata containers with ACRN hypervisor.
Depends-on: github.com/kata-containers/tests#1793
v3->v4:
Implemented a generic way to identify hypervisor and
test VM creation.
v2->v3:
1. Removed cgo structs and defined go structs.
2. Suppressed lint warnings due to unused createVM struct.
v1->v2:
1. Created an issue #1784 to address TODO item.
2. Fixed formatting of the log message.
3. Currently ACRN is only supported on amd64. So
moved ACRN specific code to kata-check_amd64.go.
Fixes: #1778
Signed-off-by: Vijay Dhanraj <vijay.dhanraj@intel.com>
This patch covers the following aspects,
1. Add ACRN as a supported hypervisor for amd64 architecture.
2. Build and install configuration file for ACRN hypervisor.
v1->v2:
1. Deleted autogenerated configuration-acrn.toml.
2. Trimmed configuration options not used by ACRN.
Fixes: #1778
Signed-off-by: Vijay Dhanraj <vijay.dhanraj@intel.com>
To avoid conflics between kata companents and their versions, all
components should be built using their tagged version.
Signed-off-by: Julio Montes <julio.montes@intel.com>
Setup the kernel by hand is prone to errors.
Use `build-kernel.sh setup` to pull and setup the kata kernel.
fixes#438
Signed-off-by: Julio Montes <julio.montes@intel.com>
osbuilder shares the yq binary with the container that generates the image,
unfortunately the snap version of yq is not a static binary hence it's not
compatible with the alpine container.
Signed-off-by: Julio Montes <julio.montes@intel.com>
- Changes:
- version: v1.14.6
- Add username and homedir to generated password
- Close temporary image in PullImage
- Version 1.14.6-dev
- Version 1.14.5
- version: if git commit is empty, silently ignore
- enable inline exec and attach test
- Bump up minMemoryLimit to 12Mb
- Backport CircleCI config
- Fix up machine os content version and cri-o version in spec
- Add state of infracontainer to disk when stopped
- Use GlobalAuthFile when pulling the pause image if
PauseImageAuthFile is not set
- Don't discard copy.Options.SourceCtx when credentials are provided
- Don't set non-default copy.Options in imageService.PullImage if it is nil
- Add global_auth_file option to crio.image config
- Create network and plugins directory if they do not exist
- Disable file locking by default
- Update containers/image to v2.0.0, buildah to 1.8.4, libpod to 1.4.1, ...
- Bump github.com/containers/libpod from 1.2.0 to 1.3.1
- Vendor containers/storage v1.12.4
- update github.com/containers/* dependencies
- Changes to rpm build and Dockerfile for ci
- When plugin_dir is set, only use that value
- Update Makefile to be usable without git
- bump to version 1.14.5-dev
- bump to version 1.14.4
- Default to runc is default_runtime is not set
- Fix missing images names on list
- Add crio-wipe
- Add logic for running OpenShift CI on cri-o PRs
- Update device cgroup permissions for configured devices.
- version: v1.14.4-dev
- version: v1.14.3
- Fix runtime panic when having concurrent writes to runtime impl map
- server: do not add default /sys if bind mounted
- Change plugin_dir to plugin_dirs
- Added unit tests
- Add version file functionality
- fix build issues on 32-bit arches
- conmon: use sd_journal_sendv
- make vendor generated
- Move to v1.14.3-dev
- Tag v1.14.2
- Vendor in c/storage release-1.13
- Revert "update github.com/containers/* dependencies"
- Update test suites
- Fix logic of server.restore()
- version: v1.14.2-dev
Fixes#1866
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
Add missing kernel configs to avoid `make oldconfig` asks or
takes the default value for the missing configs.
fixes#623
Signed-off-by: Julio Montes <julio.montes@intel.com>
