A wrong path was being used for container directory when
virtiofs is utilized. This resulted in a warning message in
logs when a container is killed, or completes:
level=warning msg="Could not remove container share dir"
Without proper removal, they'd later be cleaned up when the shared
path is removed as part of stopping the sandbox.
Fixes: #1559
Signed-off-by: Eric Ernst <eric.g.ernst@gmail.com>
`make test` depends mock hook in virtcontainers directory,
before test, install it first.
And also run test as normal user and root in GitHub actions.
Fixes: #1554
Signed-off-by: bin <bin@hyper.sh>
Move the signal handling code into a new module and refactor into the
main handler and a new SIGCHLD handling function to make the code
simpler and easier to understand.
Also added a unit test for shutdown.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Make changes to logger thread to allow the logger to be replaced with
a NOP logger (required for agent shutdown).
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
The agent doesn't normally shutdown: it doesn't need to be as it is
killed *after* the workload has finished. However, a clean and ordered
shutdown sequence is required to support agent tracing, since all trace
spans need to be completed to ensure a valid trace transaction.
Enable a controlled shutdown by allowing the main threads (tasks) to be
stopped.
To allow this to happen, each thread is now passed a shutdown channel
which it must listen to asynchronously, and shut down the thread if
activity is detected on that channel.
Since some threads are created for I/O and since the standard `io::copy`
cannot be stopped, added a new `interruptable_io_copier()` function
which shares the same semantics as `io::copy()`, but which is also
passed a shutdown channel to allow asynchronous I/O operations to be
stopped cleanly.
Fixes: #1531.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Encapsulate the logic for handling the task that displays logger output
into a new function to simplify the code and remove another anonymous
async block.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Maintain a list of tasks and wait on them all before main returns.
This is preparatory work for the agent shutdown: all tasks that are
started need to be added to the list. This aggregation makes it easier
to identify what needs to stop before the agent can exit cleanly.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Move most of the main logic into a separate async function. This makes
the code clearer and avoids the anonymous async block.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Return a guard variable from `create_logger()` which the caller can
implicitly drop to guarantee that all threads started by the async log
drain are stopped.
This fixes a long-standing bug [1] whereby the agent could panic with
the following error, generated by the `slog` logging crate:
```
slog::Fuse Drain: Custom { kind: Other, error: "serde serialization error: Bad file descriptor (os error 9)" }
```
[1] - See https://github.com/kata-containers/kata-containers/issues/171.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Fixed the `assert_error!()` test macro so that it correctly handles the
scenario where the test expects an error, but the actual result was `Ok`
(no error).
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
It's better to get the online cpus from
"/sys/devices/system/cpu/online" instead of from
cpuset cgroup, cause there would be an latency
between one cpu online and present in the root
cpuset cgroup.
Fixes: #1536
Signed-off-by: fupan.lfp <fupan.lfp@antfin.com>
Right now we rely heavily on mount propagation to share host
files/directories to the guest. However, because virtiofsd
pivots and moves itself to a separate mount namespace, the remount
mount is not present in virtiofsd's mount. And it causes guest to be
able to write to the host RO volume.
To fix it, create a private RO mount and then move it to the host mounts
dir so that it will be present readonly in the host-guest shared dir.
Fixes: #1552
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
Split qemu script to build qemu experimental using
same dockerfile.
Fixes: #1421
Depends-on: github.com/kata-containers/tests#3255
Signed-off-by: Carlos Venegas <jos.c.venegas.munoz@intel.com>
It turns out we have managed to break the static checker in many
difference places with the absence of static checker in github action.
Let's fix them while enabling static checker in github actions...
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
Let's ensure we use the appropriate tag for the release, even before it
was actually created.
Fixes: #1493
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Add arguments and files as needed, if only of them
changes the build will start from the change and
not from scratch.
Signed-off-by: Carlos Venegas <jos.c.venegas.munoz@intel.com>
Add docker ARG to provide a date to invalid cache, if the date changes
the image will be rebuild. This is required to keep build dependencies
with security fixes, but still take advantage of build qemu faster using
docker cache.
Signed-off-by: Carlos Venegas <jos.c.venegas.munoz@intel.com>
Today we apply patches per base branch. Having
two qemu versions in a similar base version can make
can have problems if one of the trees already has a patch.
If a patch is needed only for one specific tag/commit
add only the patch to that version.
Signed-off-by: Carlos Venegas <jos.c.venegas.munoz@intel.com>
newQemuHypervisorConfig() sets it to an empty slice. We have to set the
same in the test config otherwise it is nil and reflect DeepEqual would
fail.
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
github.com/kata-containers/kata-containers/src/runtime/virtcontainers/pkg/vcmock
virtcontainers/pkg/vcmock/container.go:19:10: cannot use c.MockSandbox
(type *Sandbox) as type virtcontainers.VCSandbox in return argument:
*Sandbox does not implement virtcontainers.VCSandbox (missing
GetHypervisorPid method)
github.com/kata-containers/kata-containers/src/runtime/pkg/katautils
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
