containerd/cri's different runtime handlers can pass different
config files to shimv2 by a generic runtime options, by this kata
can launch the pods using different VMM for different runtime handlers.
Fixes:#1082
Signed-off-by: Fupan Li <lifupan@gmail.com>
In order to fix#1059, we want to create a hypervisor package. Some of
the hypervisor implementations (qemu) depend on the network and endpoint
interfaces. We can not have a virtcontainers -> hypervisor -> network,
endpoint -> virtcontainers cyclic dependency.
So before creating the hypervisor package, we need to decouple the
network API from the virtcontainers one.
Fixes: #1180
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
There's only one real implementer of the network interface and no real
need to implement anything else. We can just go ahead and remove this
abstraction.
Fixes: #1179
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
The snap install doc only told you how to install the kata snap,
and did not then go further to describe how to configure and
intergrate it. Those details are available already over in the
packaging repo, so let's link out to them.
Fixes: #360
Signed-off-by: Graham Whaley <graham.whaley@intel.com>
Architecture-dependent settings were not being populated when GOPATH
was set. This change ensures they are always set.
Fixes#1169
Signed-off-by: William Douglas <william.douglas@intel.com>
- Do symlink to a relative path to hypervisor config.
- Create symlink on DESTDIR
Fixes: #1161
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
- update cri-containerd to containerd with cri plugin
- suggest the shimv2 to be the preferred kubernetes integration way.
Signed-off-by: Xu Wang <xu@hyper.sh>
Set testCPUInfoTemplate to systems /proc/cpuinfo
and check if SMT is on/off only on P8 and lower
systems as Power 9 systems support virtualization
irrespective of SMT being on/off.
Fixes: #1114
Signed-off-by: Nitesh Konkar niteshkonkar@in.ibm.com
- mentioned shimv2 in the configuration part of manual installation
- reference the link of shim v2 api and the k8s containerd howto
Signed-off-by: Xu Wang <xu@hyper.sh>
- s390x: root parameter is missing
- vc: qemu: fix error message on hotplug.
- virtcontainers: set private propagation in rootfs
- virtcontainers: ppc64le qemu does not have nvdimm capabilities yet
- shimv2: use the UnmarshalAny() to unmarshal Protobuf.Any
- runtime-v2: Make sure Shutdown() only shuts the server down
- Add build support for the firecracker hypervisor
- virtcontainers: Fix unit test typo
- shimv2: multi wait support for wait service
- update: allow do update on ready.
- cli: fix parameter order error in cli/ps.go
- virtcontainers: Add Asset, Capabilities and Bridge to the types package
- katautils: Move SetKernelParams from CreateSandbox to updateRuntimeCo…
- Versions: Add firecracker version
- Hypervisor interface simplification
- kata-runtime: Return correct kata-env on ppc64le
- katautils: Remove unused argument containerID of function SetKernelPa…
- kernel: Revert "versions: Bump to kernel 4.19.10"
- versions: Bump to kernel 4.19.10
- Initial types package creation
- cli: allow to kill a stopped container and sandbox
- virtcontainers: Pass seccomp profile inside VM
- First createSandboxFromConfig simplification
- shimv2: get the kata configure file from env KATA_CONF_FILE
- firecracker: Network API update
- container: Use lazy unmount
- block: Add new block storage driver "nvdimm"
5329a71 runtime-v2: Make sure Shutdown() only shuts the server down
a07b4cd virtcontainers: Fix unit test typo
f542233 s390x: root parameter is missing
18c7aa4 virtcontainers: ppc64le qemu does not have nvdimm capabilities yet
5ee838d shimv2: use the UnmarshalAny() to unmarshal Protobuf.Any
7228bab container: update: Allow updates once container is created
2e1ddbc virtcontainers: Add Bridge to the types package
5ba30fd shimv2: multi wait support for wait service
b25f43e virtcontainers: Add Capabilities to the types package
67e696b virtcontainers: Add Asset to the types package
6c3e0a9 build: Add support for building firecracker hypervisor
6fcb76c build: Handle qemu explicitly
933b16f build: Improve quiet install
a5a74f6 vc: qemu: fix error message on hotplug.
d4dd5f1 qemu: fix gofmt import order.
42a89d0 katautils: Move SetKernelParams from CreateSandbox to updateRuntimeConfig
abcc2d5 Versions: Add firecracker version
db33d71 Kata-runtime: Use correct model name for TestGetCPUDetails
11e24aa kata-runtime: Return correct kata-env on ppc64le
2c1b15d kernel: Revert "versions: Bump to kernel 4.19.10"
b029e44 virtcontainers: set private propagation in rootfs
a02fd59 virtcontainers: Remove code duplication in the test setup
cf22f40 virtcontainers: Remove the hypervisor waitSandbox method
763bf18 virtcontainers: Remove the hypervisor init method
fb149ce katautils: Remove unused argument containerID of function SetKernelParams
b05dbe3 runtime: Convert to the new internal types package
701afe9 virtcontainers: First types package
3ab7d07 virtcontainers: Alias for pkg/types
c2c9c84 virtcontainers: Conditionally pass seccomp profile
bf2813f cli: allow to kill a stopped container and sandbox
09168cc virtcontainers: Call stopVM() from sandbox.Stop()
acf833c virtcontainers: Call agent startSandbox from startVM
ebf8547 virtcontainers: Remove useless startSandbox wrapper
0b28ab9 shimv2: get the kata configure file from env KATA_CONF_FILE
5c6d94d firecracker: Revendor firecracker go sdk to 0.12.0
ec5cf18 firecracker: Network API update
dd28ff5 memory: Add new option memory_offset
ef75c3d block: Add new block storage driver "nvdimm"
c099be5 container: Use lazy unmount
802bfa2 versions: Bump to kernel 4.19.10
08f1c05 Module: fix parameter order error in cli/ps.go
Signed-off-by: katacontainers bot <katacontainersbot@katacontainers.io>
docker might bind mount some files/dirs under container rootfs
without notifying runtime. We need to unmount them otherwise
docker will fail to clean up containers.
man umount(2):
MNT_DETACH (since Linux 2.4.11)
Perform a lazy unmount: make the mount point unavailable for new accesses, immediately
disconnect the filesystem and all filesystems mounted below it from each other and
from the mount table, and actually perform the unmount when the mount point ceases to be busy.
Signed-off-by: Peng Tao <bergwolf@gmail.com>
The agent code creates a directory at
`/run/kata-containers/shared/sandboxes/sbid/` to hold shared data
between host and guest. We need to clean it up when removing a sandbox.
Fixes: #1138
Signed-off-by: Peng Tao <bergwolf@gmail.com>
VM templates creates a symlink from `/run/vc/vm/sbid` to
`/run/vc/vm/vmid`. We need to clean up both of them.
Signed-off-by: Peng Tao <bergwolf@gmail.com>
As the Debian OBS repo was renamed was renamed on 20181219 the corresponding documentation
needs to be fixed. See also #306, more specifically
https://github.com/kata-containers/documentation/pull/306#discussion_r242983373
A test install using the documentation on a fresh Debian Stretch (9.5) was done
on 20190119.
Fixes#344
Signed-off-by: Ralf-Philipp Weinmann <ralf@comsecuris.com>
The OpenSUSE and SLES install guide for Docker used the --containerd
option. When this option is used on OpenSUSE Leap 15 or SLES 15, the
following error occurs when starting Docker:
Failed to connect to containerd: failed to dial
"/run/containerd/containerd.sock": context deadline exceeded
Removing the --containerd option from the configuration file allows the
Docker daemon to start successfully and a Kata container to be created.
Fixes: #350
Signed-off-by: John L. Jolly <jjolly@suse.com>
As memory hotplug for arm64 by acpi is not ready on qemu, we choose
"probe" instead. You can refer to [1] to get more infomation about
"probe". The process of memory hotplug by "probe" in kata lies below:
firstly, add memory in qemu qmp; secondly, echo the start phyical address
of that memory to /sys/devices/system/memory/probe, which will be done
through kata-agent; thirdly, excute online op, then this newly added
memory is capable to be used.
All functions in this patch will be called after "echo" op. It can be
divided into two parts:
1. create page table for that memory;
2. add that memory to memblock.
In this patch, NUMA must be turned off for not all arm64 machine supports
NUMA.
As the newly added memory should be placed from 2T to 6T which is decided
in qemu and phyical address and virtual address will be one-one mapping
when create pgd for that memory, we must config ARM64_VA_BITS as 48.
Also some configs should be turned on, especially "ARCH_MEMORY_PROBE".
We have tested this patch integrated with another patch which performed
that echo op. It works well when using "-m" in command line when start a
kata-container on aarch64 machine.
This patch derived from Maciej Bielski. You can refer to [2] to get full
infomation about it.
[1] https://www.kernel.org/doc/Documentation/memory-hotplug.txt
[2] https://lkml.org/lkml/2017/11/23/183Fixes: #309
Signed-off-by: Jianyong Wu <jianyong.wu@arm.com>
Signed-off-by: Jia He <justin.he@arm.com>
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
Because the runtime v2 runs as a RPC server, the caller will at some
point use the Shutdown() API to shut down the server. Because this
will cause the server to exit, the caller cannot expect any valid
answer when calling this. That's why we cannot afford stopping and
deleting the sandbox from this function.
Instead, we move sandbox.Stop() and sandbox.Delete() to a more
appropriate API, the Delete() one.
Fixes#1150
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
