startSandbox() wraps a single operation (sandbox.Start()), so we can
remove it and make the code easier to read/follow.
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Update the developer guide to include documentation
for the inclusion of seccomp packages in initrd/rootfs
images.
Fixes: #339
Signed-off-by: Nitesh Konkar niteshkonkar@in.ibm.com
If the env KATA_CONF_FILE was set, shimv2 will use it as the
kata configure file, otherwise, it will try to find it from
/etc and /usr/share directory.
Fixes: #1091
Signed-off-by: fupan <lifupan@gmail.com>
Add a reference to the release rotation wiki, and clarify that
the current stable release schedule is every-other-week.
Fixes: #337
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
Fixes#310.
These install instructions are based on the katacontainers repository for Debian. For installation, a newer version of `librbd1` is required. This is available from the `unstable` repo.
Tested only on Debian 9 - Stretch (x86_64).
- tested with `docker-ce=17.12.0~ce-0~debian`
Signed-off-by: zeigerpuppy <zeigerpuppy@users.noreply.github.com>
The Network API no longer supports the state field. Using the
state field causes the API call to fail.
Note: The firecracker binary needs to be updated to match the API
as the older versions will expect the state field.
Fixes: #1078
Signed-off-by: Manohar Castelino <manohar.r.castelino@intel.com>
1.5.0-rc2 packages for linux-container fail for Ubuntu. Let's use 1.4-stable instead of master for now.
Fixes#325
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
This value will be plused to max memory of hypervisor.
It is the memory address space for the NVDIMM devie.
If set block storage driver (block_device_driver) to "nvdimm",
should set memory_offset to the size of block device.
Signed-off-by: Hui Zhu <teawater@hyper.sh>
Set block_device_driver to "nvdimm" will make the hypervisor use
the block device as NVDIMM disk.
Fixes: #1032
Signed-off-by: Hui Zhu <teawater@hyper.sh>
- sandbox: cleanup sandbox if creation failed
- mounts: Ignore existing mounts if they cannot be honored
- config: Add firecracker as a supported hypervisor configuration
- Firecracker: virtio mmio support
- Firecracker VMM support
- shimv2: discard log before shim init log output
- virtcontainers: cgroups: Don't error if no thread ID
- Copy files from host to guest
- katautils: check config factory/template and vsock
- virtcontainers: Add context when creating tests sandboxes
- make: Add "GOPATH not set"
- virtcontainers: network: Use multiqueue flag only when appropriate
- katautils: fix the issue of shimv2 boot failed with vsock enabled
- docs: add IBM Z in the README
- qemu-arm64: refactor 'console=hvc0,hvc1' for kata-agent debugging
- network: Don't assume multiple queues support by default
- virtcontainers: make sandbox manage VM resources
- factory: set guest time after resuming
- shimv2: fix the error of reaping qemu process mistakenly
- s390x: add support for s390x
- config: Add cache-related options for block devices
83e38c9 mounts: Ignore existing mounts if they cannot be honored
bf1a5ce sandbox: cleanup sandbox if creation failed
0d84d79 virtio-mmio: Add support for virtio-mmio
353564a config: Reorganize the code to fix code complexity
d6c1f53 config: Add firecracker configuration support
b4c3a2f virtcontainers: fc: Stop the VM by killing the process
fba2379 firecracker: Add support for pseudo hotplug
22ebc09 firecracker: Close the vsock vhostfd
e65bafa virtcontainers: Add firecracker as a supported hypervisor
c1d3f1a firecracker: VMM API support
c34b045 firecracker: vendor in all firecracker dependencies
a21d1e6 virtcontainers: cgroups: Don't error if no thread ID
378d815 virtcontainers: copy or bind mount shared file
bc31844 virtcontainers: Check file sharing support
6291762 virtcontainers: copy files form host to guest
dcd48a9 vc: capabilities: add capability flags for filesystem sharing
e776380 vendor: update kata agent
e4e7c3a katautils: check config template and vsock
0f1fde4 virtcontainers: network: Use multiqueue flag only when appropriate
f63a18d virtcontainers: Add context when creating tests sandboxes
05be5bf shimv2: discard log before shim init log output
e98dee6 docs: drop 's in architecture names for consistency
1892102 docs: add IBM Z in the README
573b73e katautils: fix the issue of shimv2 boot failed with vsock enabled
c8c564b qemu-arm64: refactor 'console=hvc0,hvc1' for kata-agent debugging
a1af1cb virtcontainers: network: Rely on hypervisor capabilities for multi queues
a227ab8 virtcontainers: hypervisor: Add capability regarding multiqueue support
0bcd221 virtcontainers: network: Rename numCPUs to queues
2cb4bb9 virtcontainers: network: Reorganize endpoints interconnection
d4586d4 test: remove TestHotplugRemoveMemory
0d80202 vc:sandbox: rename newcontainer to fetchcontainer.
618cfbf vc: sandbox: Let sandbox manage VM resources.
2535844 make: Add "GOPATH not set"
8444a7a factory: set guest time after resuming
f813708 vendor: update agent vendor for SetGuestDateTime
6f83061 s390x: add support for s390x
df8b7db shimv2: fix the issue of reaping child mistakenly
e4a3fd5 vendors: upgrade the containerd vendors
6024088 config: Add cache-related options for block devices
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
In case we use an hypervisor that cannot support filesystem sharing,
we copy files over to the VM rootfs through the gRPC protocol. This
is a nice workaround, but it only works with regular files, which
means no device file, no socket file, no directory, etc... can be
sent this way.
This is a limitation that we accept here, by simply ignoring those
non-regular files.
Fixes#1068
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
- docs: update compatibility matrix with s390
- setup: Add make and gcc as dependencies
- suse: fix port URL detection for aarch64
- s390x: set CC for fedora
- Add 'install' target to makefile
- rootfs: Bump golang version to 1.11.1
- tests: skip docker,kata install with KATA_DEV_MODE
c3d77ae docs: add s390 to the compatibility matrix
be97380 setup: Add make and gcc as dependencies
de7fe19 s390x: set CC for fedora
3366a32 README: add ARM architecture to openSUSE
804286f suse: fix port URL detection for aarch64
434fff8 rootfs_builder: Dont fail if GOPATH not defined.
1bbf1e4 rootfs: Allow use host repositories.
f994560 rootfs: Bump golang version to 1.11.1
06c8d88 makefile: Add make install
9c0773a test: avoid errors in exit_handler
eb92306 tests: skip docker,kata install with KATA_DEV_MODE
Signed-off-by: Peng Tao <bergwolf@gmail.com>
This includes cleaning up the sandbox on disk resources,
and closing open fds when preparing the hypervisor.
Fixes: #1057
Signed-off-by: Peng Tao <bergwolf@gmail.com>
Start adding support for virtio-mmio devices starting with block.
The devices show within the vm as vda, vdb,... based on order of
insertion and such within the VM resemble virtio-blk devices.
They need to be explicitly differentiated to ensure that the
agent logic within the VM can discover and mount them appropropriately.
The agent uses PCI location to discover them for virtio-blk.
For virtio-mmio we need to use the predicted device name for now.
Note: Kata used a disk for the VM rootfs in the case of Firecracker.
(Instead of initrd or virtual-nvdimm). The Kata code today does not
handle this case properly.
For now as Firecracker is the only Hypervisor in Kata that
uses virtio-mmio directly offset the drive index to comprehend
this.
Longer term we should track if the rootfs is setup as a block
device explicitly.
Fixes: #1046
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
Signed-off-by: Manohar Castelino <manohar.r.castelino@intel.com>
By breaking down updateRuntimeConfig() into smaller functions, this
commit prevents the function to grow a Go complexity higher than 15.
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
In order to let the user choose firecracker hypervisor instead of
QEMU (from the configuration.toml), let's add it to the list of
supported hypervisors.
Fixes#1042
Depends-on: github.com/kata-containers/runtime#1044
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
Because firecracker currently does not support a proper stop from
the caller, and because we don't want the agent to initiate a reboot
to shutdown the VM, the simplest and most efficient solution at the
moement is to signal the VM process with SIGTERM first, followed by
a SIGKILL if the process is still around.
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
Use the firecracker rescan logic to update the pre-attached drive.
This allows us to emulate hotplug.
Initially the drive backing stores are set to empty files on the
host. Once the actual block based device or file is available
swap the backing store.
The rescan needs to be issued iff the VM is running.
Signed-off-by: Manohar Castelino <manohar.r.castelino@intel.com>
Unlike QEMU firecracker cannot accept a fd as part of the REST API.
Close the vsock vhostfd close to the point where we launch the VM.
Note: This is still racy.
Signed-off-by: Manohar Castelino <manohar.r.castelino@intel.com>
Add firecracker as a supported hypervisor. This connects the
newly defined firecracker implementation as a supported
hypervisor.
Move operation definition to the common hypervisor code.
Signed-off-by: Manohar Castelino <manohar.r.castelino@intel.com>
Initial Support for the firecracker VMM
Note:
- 9p is unsupported by firecracker
- Enable pseudo hotplug block device hotplug capability
Initially, this will be a pseudo capability for Firecracker hypervisor,
but we will utilize a pool of block devices and block device rescan as a
temporary workaround.
Fixes: #1064
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
Signed-off-by: Manohar Castelino <manohar.r.castelino@intel.com>
