Tap device's should be tap0_kata for architecture.md
Fixes#797
Signed-off-by: duanquanfeng <duanquanfeng_yewu@cmss.chinamobile.com>
Signed-off-by: Chelsea Mafrica <chelsea.e.mafrica@intel.com>
First, most people don't care about CNM. Move that out of main doc.
Second, tc-filter is the default. Let's add a bit more background on
our usage of tc-filter (and clarify why we use this instead of macvtap).
Fixes#797
Signed-off-by: Eric Ernst <eric.g.ernst@gmail.com>
Signed-off-by: Chelsea Mafrica <chelsea.e.mafrica@intel.com>
The systemd method of adding a debug console is not really
user friendly. Since we have added a much more straightforward
method to enable agent debug console, update developer guide to
reflect this.
Fixes#834
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Add github action to test that the snap package was generated
correctly, this CI don't test the snap, it just build it.
fixes#838
Signed-off-by: Julio Montes <julio.montes@intel.com>
Use commit c54452c08a467a3e35d8d72f2a91d424e9718c57 as
version for cloud-hypervisor.
Bring openapi fixcloud-hypervisor/cloud-hypervisor#1760 to
support SGX.
Signed-off-by: Julio Montes <julio.montes@intel.com>
Tag openapi-generator-cli container to v4.3.1 that is the latest
stable, this way we can have reproducible builds and the same
generated code in all the systems
Signed-off-by: Julio Montes <julio.montes@intel.com>
k8s.io/apimachinery/pkg/api/resource is a memory quantities parser,
we use it to parse the SGX EPC size defined by the `sgx.intel.com/epc`
annotation
Signed-off-by: Julio Montes <julio.montes@intel.com>
Support the `sgx.intel.com/epc` annotation that is defined by the intel
k8s plugin. This annotation enables SGX. Hardware-based isolation and
memory encryption.
For example, use `sgx.intel.com/epc = "64Mi"` to create a container
with 1 EPC section with pre-allocated memory.
At the time of writing this patch, SGX patches have not landed on the
linux kernel project.
The following github kernel fork contains all the SGX patches for the
host and guest: https://github.com/intel/kvm-sgxfixes#483
Signed-off-by: Julio Montes <julio.montes@intel.com>
We have removed cli support and that means dockder support is dropped
for now. Also it doesn't make sense to have so many duplications on each
distribution as we can simply refer to the official docker guide on how
to install docker.
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
rust agent does not use grpc as submodule for a while, update README
to reflect the change.
Fixes: #196
Signed-off-by: Yang Bo <bo@hyper.sh>
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
Now, the qemu version used in arm is so old. As some new features have merged
in current qemu, so it's time to upgrade it. As obs-packaging has been removed,
I put the qemu patch under qemu/patch/5.1.x.
As vxfs has been Deprecated in qemu-5.1, it will be no longer exist in
configuration-hyperversior.sh when qemu version larger than 5.0.
Fixes: #816
Signed-off-by: Edmond AK Dantes <edmond.dantes.ak47@outlook.com>
2.0 Packaging runtime-release-notes.sh script is using 1.x Packaging
kernel urls. Fix these urls to 2.0 branch Packaging urls.
Fixes: #829
Signed-off-by: Ychau Wang <wangyongchao.bj@inspur.com>
Some sections and files were removed in a previous commit,
remove all reference to such sections and files to fix the
check-markdown test.
fixes#826
Signed-off-by: Julio Montes <julio.montes@intel.com>
We should not checkout to 2.0-dev branch in the clone_tests_repo
function when running in Jenkins CI as it discards changes from
tests repo.
Fixes: #818.
Signed-off-by: Salvador Fuentes <salvador.fuentes@intel.com>
The code in the end of init_child is unreachable and need to be removed.
The code after do_exec is unreachable and need to be removed.
Signed-off-by: Tim Zhang <tim@hyper.sh>
Firecracker expose metrics through fifo file
and using a JSON format. This PR will parse the
Firecracker's metrics and convert to Prometheus metrics.
Fixes: #472
Signed-off-by: bin liu <bin@hyper.sh>
Current working directory is a process level resource. We cannot call
chdir in parallel from multiple threads, which would cause cwd confusion
and result in UT failures.
The agent code itself is correct that chdir is only called from spawned
child init process. Well, there is one exception that it is also called
in do_create_container() but it is safe to assume that containers are
never created in parallel (at least for now).
Fixes: #782
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
