Update supported versions of Kubernetes with its
corresponding CRI implementations:
- Kubernetes from 1.10.5 to 1.12.2
- cri-o from 1.10 to 1.12.0, commit:
fa540c8e806d28c2cbcd157bdf8acf2b20990ab6 as it is needed
for fixing the devicemapper issues when removing a pod.
More info on this issue, see:
https://github.com/kubernetes-sigs/cri-o/issues/1883
- containerd from 1.1.3 to 1.2.0
Fixes: #927.
Depends-on: github.com/kata-containers/tests#926
Signed-off-by: Salvador Fuentes <salvador.fuentes@intel.com>
Since struct VFIODevice needed to be stored into disk by storeSandboxDevices() function,
however struct VFIODevice has a field named "vfioDevs", which is named begin with lower-case,
so it can't be written into file by json.Marshal.And this bug will will cause hotplug vfio
device can not been removed correctly while container exits.
Fixes: #924
Signed-off-by: flyflypeng <jiangpengfei9@huawei.com>
This PR defines a new function supportGuestMemoryHotplug that
clearly defines if the architecture supports memory hotplug. The function
can be reimplemented in virtcontainers/qemu_$arch.go file for each
architecture.
Fixes: #910
Signed-off-by: Alice Frosi <afrosi@de.ibm.com>
The function ioctl can lead to a big endian bug.
Issue already solved in containerd/console:
dbd69c59b8Fixes: #921
Signed-off-by: Alice Frosi <afrosi@de.ibm.com>
Add the ability to skip checking the go version, by passing to make the
variable SKIP_GO_VERSION_CHECK=1
Fixes: #916
Signed-off-by: Marco Vedovati <mvedovati@suse.com>
Type of StatFs is not always declared as int64 for all the architecture(e.g s390x).
The function archConvertStatFs could be reimplemented for other architecture
to correctly convert the StatFs.Type.
Fixes: #908
Signed-off-by: Alice Frosi <afrosi@de.ibm.com>
In order to support use cases such as containerd-shim-v2 where
we would have a long running process holding the sandbox pointer,
there would be no reason to call into the stateless functions
PauseContainer() and ResumeContainer(), which would recreate a
new sandbox pointer and the corresponding ones for containers.
Fixes#903
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
In order to support use cases such as containerd-shim-v2 where
we would have a long running process holding the sandbox pointer,
there would be no reason to call into the stateless function
ProcessListContainer(), which would recreate a new sandbox pointer
and the corresponding ones for containers.
Fixes#903
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
In order to support use cases such as containerd-shim-v2 where we
would have a long running process holding the sandbox pointer, there
would be no reason to call into the stateless function KillContainer(),
which would recreate a new sandbox pointer and the corresponding ones
for containers.
Fixes#903
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
In order to support use cases such as containerd-shim-v2 where we
would have a long running process holding the sandbox pointer, there
would be no reason to call into the stateless function StopContainer(),
which would recreate a new sandbox pointer and the corresponding ones
for containers.
Fixes#903
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
In order to support use cases such as containerd-shim-v2 where we
would have a long running process holding the sandbox pointer, there
would be no reason to call into the stateless function StopSandbox(),
which would recreate a new sandbox pointer and the corresponding ones
for containers.
Fixes#903
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
In order to support use cases such as containerd-shim-v2 where we
would have a long running process holding the sandbox pointer, there
would be no reason to call into the stateless function StartSandbox(),
which would recreate a new sandbox pointer and the corresponding ones
for containers.
Fixes#903
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
golang.mk call yq to get golang_version_min but some environments do
not install it.
This patch check and install yq before use it to handle the issue.
Fixes#899
Signed-off-by: Hui Zhu <teawater@hyper.sh>
Bind back the nic's MAC in HotDetach. So we don't need to modify
nic's MAC in description to hotplug it again.
Fixes: #894
Signed-off-by: Ruidong Cao <caoruidong@huawei.com>
Refactor the config related codes into a separated
package which can be shared with other cli programs
such as kata's shimv2.
Fixes: #787Fixes: #714
Signed-off-by: fupan <lifupan@gmail.com>
Got "docker: Error response from daemon: OCI runtime create failed:
QMP command failed: unknown." when "docker run --privileged" with kata.
In qemu part, it got:
"Could not open '/dev/sr0': Read-only file system"
or
"No medium found"
The cause is qemu need open block device to get its status.
But /dev/sr0 is a CDROM that cannot be opened.
This patch let newContainer doesn't attach device if it is a CDROM
to handle the issue.
Fixes#829
Signed-off-by: Hui Zhu <teawater@hyper.sh>
Now that Interface structure includes the useful information about
the type of interface, Kata does not need to do any assumption about
the type of interface that needs to be added.
Fixes#866
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
In order to provide the right information about the interface that
needs to be added, kata-netmon provisions the new field LinkType of
the Interface structure.
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
This commit replaces every place where the "types" package from the
Kata agent was used, with the new "types" package from virtcontainers.
In order to do so, it introduces a few translation functions between
the agent and virtcontainers types, since this is needed by the kata
agent implementation.
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
Instead of relying on the kata agent to define generic structures,
the logic is to define those as virtcontainers "types" package.
This way, all consumers of those structures, such as kata-runtime,
kata-netmon, and kata-containerd-shim, don't have to import some
dependency from the kata-agent.
Fixes#876
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
Build {runtime,netmon} as Position-Independent-Executable (PIE) for improved
security and compliancy with distros packaging guidelines.
Fixes: #875
Signed-off-by: Marco Vedovati <mvedovati@suse.com>
After we scan the netns, we should hotplug the network interface to
the guest after it is kicked off running.
Fixes: #871
Signed-off-by: Peng Tao <bergwolf@gmail.com>
Check that the system golang version is new enough to build with
according to the data from the `versions.yaml` file.
Update the verions in the versions.yaml accordingly, and add a note
describing what the 'newest-version' item represents.
Note, we only do a minimum requirement check, and are not checking
against the 'newest-version' info from the yaml.
Fixes: #148
Inspired-by: Wei Zhang <zhangwei555@huawei.com>
Idea-by: James O. D. Hunt <james.o.hunt@intel.com>
Signed-off-by: Graham Whaley <graham.whaley@intel.com>
Install `yq` before running the tests.
The Makefile now uses `yq` to check the golang version against
the versions file.
Signed-off-by: Graham Whaley <graham.whaley@intel.com>
We need to have `yq` installed before we can 'make', as we
now use it for a version check in the build. But, we may not
have golang installed. Add a script that installs `yq` via
curl'ing from the github releases.
This was cloned from the function in the tests repo .ci scripts
that perform the same action.
Signed-off-by: Graham Whaley <graham.whaley@intel.com>
Both of the netmon and proxy should use the right path
figured out from the configure instead of the default settings
to get their versions.
Fixes: #868
Signed-off-by: Fupan Li <lifupan@gmail.com>
