Currently, there is cloud hypervisor binary released only for x86, thus
we must build from source code when install cloud hypervisor on arm64.
Fixes: #2440
Signed-off-by: Jianyong Wu <jianyong.wu@arm.com>
There is a new "ReadOnly" option added to nvdimm device in qemu
and now added to kata. However, qemu used for arm64 is a little
old and has no this feature. Here we remove this feature for arm.
Depends-on: github.com/kata-containers/tests#3831
Fixes: #2320
Signed-off-by: Jianyong Wu <jianyong.wu@arm.com>
It looks like the version check for cloud hypervisor (clh) was added
initially when clh was actively evolving its API. We no longer need the
version check as clh API has been fairly stable for its recent releases.
Fixes: #1991
Signed-off-by: Bo Chen <chen.bo@intel.com>
(cherry picked from commit d08603bebb)
When running a firecracker instance jailed, block devices
are not removed correctly, as the jailerRoot path is not
stripped from the PATCH command sent to the FC API.
This patch differentiates the jailed case from the non-jailed
one and allows the firecracker instance to be properly
terminated.
Fixes#2387
Signed-off-by: Anastassios Nanos <ananos@nubificus.co.uk>
(cherry picked from commit 64dd35ba4f)
Bring read-only nvdimm support
Shortlog:
335fa81 qemu: fix golangci-lint errors
61b6378 .github/workflows: reimplement github actions CI
9d6e797 go: support go modules
0d21263 qemu: support read-only nvdimm
ff34d28 qemu: Consistent parameter building
Signed-off-by: Julio Montes <julio.montes@intel.com>
(Based-on: 070590fb53)
Improve security by making rootfs image read-only, nobody
will be able to modify it from the guest.
fixes#1916
Signed-off-by: Julio Montes <julio.montes@intel.com>
yq changed syntax in an incompatible way starting from version 4 and
above. Deal with that.
Fixes: #2297
Signed-off-by: Francesco Giudici <fgiudici@redhat.com>
Building rootfs does not depend on golang, delete intalling
golang may save build time.
And there is only rust agent now, the code for golang agent should
be deleted too.
Fixes: #2170
Signed-off-by: bin <bin@hyper.sh>
We'd better stop the virtiofsd specifically after stop qemu,
instead of depending on the qemu's termination to notify virtiofsd
to exit.
Fixes: #2211
Signed-off-by: fupan.lfp <fupan.lfp@antgroup.com>
Since we only send an shutdown qmp command to qemu when do
stopSandbox, and didn't wait until qemu process's exit, thus
we'd better to make sure it had exited when shimv2 terminated.
Thus here to do the last cleanup of the hypervisor.
Fixes: #2198
Signed-off-by: fupan.lfp <fupan.lfp@antgroup.com>
get_mounts() parses /proc/self/mountinfo in order to get the mountpoints
for various cgroup filesystems. One of the entries in mountinfo is the
"device" for each filesystem, but for virtual filesystems like /proc, /sys
and cgroups, the device entry is arbitrary. Depending on the exact rootfs
setup, it can end up being "-".
This breaks get_mounts() because it uses " - " as a separator. There
really is a " - " separator in mountinfo, but in this case the device entry
shows up as a second one. Fix this, by changing a split to a splitn, which
will effectively only consider the first " - " in the line.
While we're there, make the warning message more useful, by having it
actually show which line it wasn't able to parse.
fixes#2182
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Use which to find the full path of exe before run execute_hook
to avoid error: 'No such file or directory'
Fixes: #2172
Signed-off-by: Tim Zhang <tim@hyper.sh>
After create an container/exec successfully, containerd
would wait it immediately, and if start it failed, there
is no chance to send value to exitCh, thus the wait goroutine
would blocked for ever and had no chance to exit.
Fixes: #2087
Signed-off-by: fupan.lfp <fupan.lfp@antgroup.com>
The snap/snapcraft.yaml set AGENT_VERSION to the current VERSION. The osbuilder script
will try to checkout the AGENT_VERSION tag. Let's ensure that all tags and branches
are fetched by the github's checkout action so the tag checkout does not fail.
Fixes#2052
Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
Architectures that do not support memory hotplugging will fail when
memory limits are set because that amount is hotplugged. Issue a warning
instead. The long-term solution is virtio-mem.
Fixes: #1412
Signed-off-by: Jakob Naucke <jakob.naucke@ibm.com>
Bump containerd version to the latest v1.3.x, so we don't have to do
intrusive changes in our codebase (as done for in the main branch).
Fixes: #2350
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
This PR updates the proper urls for the Documentation Requirements document.
Fixes#2094
Signed-off-by: Gabriela Cervantes <gabriela.cervantes.tellez@intel.com>
This PR updates the proper url for kata-deploy scripts at the
minikube installation.
Fixes#2072
Signed-off-by: Gabriela Cervantes <gabriela.cervantes.tellez@intel.com>
This PR updates the correct url for kata installation guides in kata 2.x
Fixes#2069
Signed-off-by: Gabriela Cervantes <gabriela.cervantes.tellez@intel.com>
For QEMU 5.0.0 it is applied the patches/5.0.x/0002-memory-backend-file-nvdimm-support-read-only-files-a.patch
to fix an issue with the use of read-only files as backend memory of nvdimm devices. When Kata Containers bumped
to QEMU 5.2.0 that patch was left behind by mistake. In meanwhile a proper feature ("nvdimm: read-only file support")
was proposed and merged upstream (see https://mail.gnu.org/archive/html/qemu-devel/2021-01/msg00258.html).
This contain the backport of the commit 8360ebeb4f4a from QEMU master which should be applied on QEMU 5.2.0
so that feature is available to Kata Containers.
Fixes#2011
Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
(cherry picked from commit 3f39df0d18)
This PR removes old links that were used in kata 1.x but not
longer valid for kata 2.x
Fixes#2019
Signed-off-by: Gabriela Cervantes <gabriela.cervantes.tellez@intel.com>
- stable-2.1 | week 23: weekly backports
- stable-2.1 | versions: Update kubernetes to 1.21.1
- stable-2.1 | Port fd leak fixes
- [stable-2.1] Weekly backports to stable-2.1 branch, May 31st 2021
- [backport]runtime: and cgroup and SandboxCgroupOnly check for check sub-command
- Weekly stable 2.1 backports may 24th
- [backport-2.1] workflows: release kata 2.x snap through the stable channel
- [2.1] how-to-use-virtio-mem-with-kata.md: Update doc to make it clear
- github: Do not run require porting labels on stable-2.1
492729f4 tools/packaging: clone meson and dependencies before building QEMU
db8d853b runtime: remove covertool from cli test
3fad5277 docs: Fix Release Process document
175970c9 versions: Update kubernetes to 1.21.1
1cc2ad3f agent: Fix fd leak caused by netlink
ac34f6df agent: Upgrade tokio-vsock to fix fd leak of vsock socket
915fea7b cgroup: fix the issue of set mem.limit and mem.swap
a05e1377 agent: re-enable the standard SIGPIPE behavior
8019f732 virtiofsd: Fix file descriptors leak and return correct PID
e48c9d42 runtime: and cgroup and SandboxCgroupOnly check for check sub-command
7874ab33 agent: fix start container failed when dropping all capabilities
536634e9 qemu: align before memory hotplug on arm64
c51891fe sandbox-bindmount: persist mount information
b137c7ac sandbox: Cleanup if failure to setup sandbox-bindmount occurs
68a77a7d workflows: release kata 2.x snap through the stable channel
550269ff how-to-use-virtio-mem-with-kata.md: Update doc to make it clear
1ea0dc98 github: Do not run require porting labels on stable-2.1
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
In some distros (Ubuntu 18 and 20) it's not possible to clone meson
and QEMU dependencies from https://git.qemu.org due to problems with
its certificates, let's pull these dependencies from github before
building QEMU.
fixes#1965
Signed-off-by: Julio Montes <julio.montes@intel.com>
(cherry picked from commit 9ec9bbbabc)
covertool has no active since 2018 and is not compatible with go1.16
../vendor/github.com/dlespiau/covertool/pkg/cover/cover.go:76:29: cannot use f (type dummyTestDeps) as type testing.testDeps in argument to testing.MainStart:
dummyTestDeps does not implement testing.testDeps (missing SetPanicOnExit0 method)
Fixes: #1862
Signed-off-by: Shengjing Zhu <zhsj@debian.org>
(cherry picked from commit 1b60705646)
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
This PR updates the correct url for github actions as well as it
corrects a misspelling.
Fixes#1960
Signed-off-by: Gabriela Cervantes <gabriela.cervantes.tellez@intel.com>
(cherry picked from commit 9158ec68cc)
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
The reason for doing such is to (try to) avoid random crashes we've been
facing as part of our CI, such as the one reported as part of
https://github.com/kata-containers/tests/issues/3473Fixes: #1850
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit dbef2b2931)
See also: little-dude/netlink#165
Fixes: #1952
Because the author of netlink has no time to maintain the crate
(https://github.com/little-dude/netlink/issues/161), so we
need to switch the dependency to github temporarily.
Signed-off-by: Tim Zhang <tim@hyper.sh>
