This includes cleaning up the sandbox on disk resources,
and closing open fds when preparing the hypervisor.
Fixes: #1057
Signed-off-by: Peng Tao <bergwolf@gmail.com>
Start adding support for virtio-mmio devices starting with block.
The devices show within the vm as vda, vdb,... based on order of
insertion and such within the VM resemble virtio-blk devices.
They need to be explicitly differentiated to ensure that the
agent logic within the VM can discover and mount them appropropriately.
The agent uses PCI location to discover them for virtio-blk.
For virtio-mmio we need to use the predicted device name for now.
Note: Kata used a disk for the VM rootfs in the case of Firecracker.
(Instead of initrd or virtual-nvdimm). The Kata code today does not
handle this case properly.
For now as Firecracker is the only Hypervisor in Kata that
uses virtio-mmio directly offset the drive index to comprehend
this.
Longer term we should track if the rootfs is setup as a block
device explicitly.
Fixes: #1046
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
Signed-off-by: Manohar Castelino <manohar.r.castelino@intel.com>
By breaking down updateRuntimeConfig() into smaller functions, this
commit prevents the function to grow a Go complexity higher than 15.
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
In order to let the user choose firecracker hypervisor instead of
QEMU (from the configuration.toml), let's add it to the list of
supported hypervisors.
Fixes#1042
Depends-on: github.com/kata-containers/runtime#1044
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
Because firecracker currently does not support a proper stop from
the caller, and because we don't want the agent to initiate a reboot
to shutdown the VM, the simplest and most efficient solution at the
moement is to signal the VM process with SIGTERM first, followed by
a SIGKILL if the process is still around.
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
Use the firecracker rescan logic to update the pre-attached drive.
This allows us to emulate hotplug.
Initially the drive backing stores are set to empty files on the
host. Once the actual block based device or file is available
swap the backing store.
The rescan needs to be issued iff the VM is running.
Signed-off-by: Manohar Castelino <manohar.r.castelino@intel.com>
Unlike QEMU firecracker cannot accept a fd as part of the REST API.
Close the vsock vhostfd close to the point where we launch the VM.
Note: This is still racy.
Signed-off-by: Manohar Castelino <manohar.r.castelino@intel.com>
Add firecracker as a supported hypervisor. This connects the
newly defined firecracker implementation as a supported
hypervisor.
Move operation definition to the common hypervisor code.
Signed-off-by: Manohar Castelino <manohar.r.castelino@intel.com>
Initial Support for the firecracker VMM
Note:
- 9p is unsupported by firecracker
- Enable pseudo hotplug block device hotplug capability
Initially, this will be a pseudo capability for Firecracker hypervisor,
but we will utilize a pool of block devices and block device rescan as a
temporary workaround.
Fixes: #1064
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
Signed-off-by: Manohar Castelino <manohar.r.castelino@intel.com>
Since aarch64 need custom QEMU binary and doesn't support OBS
packaging for now, we add this section to lead developers to build
required qemu-system-aarch64 binary.
Fixes: #320
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
Vendor in all firecracker dependencies. This allows virtcontainers
to pull call the firecracker REST API.
Signed-off-by: Manohar Castelino <manohar.r.castelino@intel.com>
In case the hypervisor implementation does not return any thread
ID, this should not issue any error since there is simply nothing
to constrain.
Fixes#1062
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
Copy files to contaier's rootfs if hypervisor doesn't supports filesystem
sharing, otherwise bind mount them in the shared directory.
see #1031
Signed-off-by: Julio Montes <julio.montes@intel.com>
If the hypervisor does not support filesystem sharing (for example, 9p),
files will be copied over gRPC using the copyFile request function.
Signed-off-by: Julio Montes <julio.montes@intel.com>
Files are copied over gRPC and there is no limit in size of the files that
can be copied. Small files are copied using just one gRPC call while big files
are copied by parts.
Signed-off-by: Julio Montes <julio.montes@intel.com>
Not all hypervisors support filesystem sharing. Add capability flags to track
this. Since most hypervisor implementations in Kata *do* support this, the set
semantices are reversed (ie, set the flag if you do not support the feature).
Fixes: #1022
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
Signed-off-by: Julio Montes <julio.montes@intel.com>
Brings support to copy file from host to guest
shortlog:
169d755 protocols/grpc: implement function to copy files
ff87c26 virtio-mmio: Add support for virtio-mmio blk devices
b9c5d5b libcontainer: use /run as root containers path
092f1a0 block: add support of block storage driver "nvdimm"
Signed-off-by: Julio Montes <julio.montes@intel.com>
Vsock conflicts with factory, when both of them are enabled,
kata will try to create a new vm template which is useless,
thus it's better to return an error directly to let users know
that those two config cannot be enabled at the same time.
Fixes: #1055
Signed-off-by: fupan <lifupan@gmail.com>
The multiqueue flag associated with the TUNTAP network device cannot
be used if the number of queues indicates 0. When 0, this means the
multiqueue is not supported, and we cannot use the according flag.
Fixes#1051
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
We can use the background context when creating test sandboxes from the
sanbox unit tests. This shuts the "trace called before context set"
erros down.
Fixes: #1048
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
We want to make sure Kata runs on latest stable kernels so that it
benefits from the latest features.
For instance, in case of Kata relying on NEMU hypervisor, the recent
kernel patches reworking the way timer calibration is handled are
solving some boot latency issues.
Fixes#287
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
We need to bump the kernel version from 4.14.67 to 4.19.10 in order
to follow the recent kernel config bump.
Fixes#1029
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
containerd would like to get the shim's socket
address from shimv2's stdout, thus it's better
to discard the log's output before shimv2 init
it's logger and at the same time add a hook to
log into syslog.
Fixes: #1035
Signed-off-by: Fupan Li <lifupan@gmail.com>
Fix version compare when specifying a pre-release version in
versions.txt. This is needed because kata on git uses strict semver,
while kata RPM packages uses ~ in place of - for PATCH version, to
allow RPM version comparison to work properly.
Fixes: #285
Signed-off-by: Marco Vedovati <mvedovati@suse.com>
Since kata-agent is using virtio-console to output debugging info
and the console ports are available in the guest as /dev/hvc0 and
/dev/hvc1, we should swap origin console type 'console=ttyAMA0'
with 'console=hvc0,hvc1'.
Fixes: #1033
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
Signed-off-by: Wei Chen <Wei.Chen@arm.com>