If initrd_builder.sh fails partway through it may not be possible to run
it again without creating a new rootfs.
This happens because initrd_builder.sh checks for the presence of
/sbin/init and refuses to run if it is missing. Later on, the script
moves /sbin/init to /init, where the kernel expects to find it in an
initramfs. After this step initrd_builder.sh will refuse to run again
since /sbin/init is now missing.
Create a symlink from /init to /sbin/init instead of moving the file.
This allows initrd_builder.sh to be run repeatedly on the same rootfs.
Fixes: #130
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Make sure the osbuilder VERSION file is updated before tag
Also, sort repos alphabetically.
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
This commit fixes an issue with the log handlers defined by qmp_test.
The issue was picked up by the latest version of go vet on go tip.
qemu/qmp_test.go:56::error: missing ... in args forwarded to printf-like function (vet)
qemu/qmp_test.go:60::error: missing ... in args forwarded to printf-like function (vet)
Signed-off-by: Mark Ryan <mark.d.ryan@intel.com>
This commit enables the gas security checker on govmm builds. The
security checker has signalled 4 issues all of which I've checked
and have determined to be non issues. These issues are disabled
by this commit.
Signed-off-by: Mark Ryan <mark.d.ryan@intel.com>
This commit enables staticcheck in the travis builds and fixes the existing
errors detected by staticcheck. There was one type of error repeated in
qemu.go in which the type of some constants was not explicitly specified.
Signed-off-by: Mark Ryan <mark.d.ryan@intel.com>
The image_builder.sh script must be run as root. The following check is
performed before the script checks for root:
[ "${AGENT_INIT}" == "yes" ] || [ -x "${ROOTFS}/usr/bin/${AGENT_BIN}" ] || \
die "/usr/bin/${AGENT_BIN} is not installed in ${ROOTFS}
use AGENT_BIN env variable to change the expected agent binary name"
The -x test is "True if the file is executable by you". It may evaluate
to true as root and false as non-root, depending on the file
permissions.
The permissions for kata-agent given in the Developer Guide are 0550
(https://github.com/kata-containers/documentation/blob/master/Developer-Guide.md#add-a-custom-agent-to-the-image---optional).
Therefore image_builder.sh fails with "/usr/bin/${AGENT_BIN} is not
installed" when run as non-root. This is confusing since the agent
binary is really installed!
Move the root check to the beginning of the script. This solves the
confusing error and prevents similar problems where the script doesn't
take into account that the user may be non-root.
Fixes: #127
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Adding cid+sid fields to the log entries generated by most of the CLI
commands will make debugging across the system easier.
Fixes#452.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Use pointer here since api.VhostUserDevice interface is implemented
by VhostUserNetDevice pointer.
Fixes#446
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Update to kernel to get latest fixes.
Depends-on: github.com/kata-containers/agent#279
Fixes: #420
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
proxy server must be specified in configuration file
of the package manager, /etc/yum.conf for yum or
/etc/dnf/dnf.conf for dnf
fixes#123
Signed-off-by: Julio Montes <julio.montes@intel.com>
When do sandbox release, the kataBuiltInProxy will
be closed, and it will stop the watch of vm's console;
Thus it needs to restart the proxy to monitor the vm
console once to restore the sandbox.
Fixes: #441
Signed-off-by: fupan <lifupan@gmail.com>
SMT must be turned off on Power8 for KVM to work. Put
this as a check for kata-runtime kata-check.
Fixes: #397
Signed-off-by: Nitesh Konkar <niteshkonkar@in.ibm.com>
The EulerOS repository servers can be a little slower to respond than
others. This can lead to timeout issues so move the EulerOS tests to
the end to give the other tests a chance to run.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
The tests perform a lot of configuration and call other commands. Since
the tests are running under BATS, any "stdout pollution" results in the
test failing. This is too rigid for current purposes so convert the
BATS test into a `set -e` test. This will still fail if any command
fails, but does not impose the output pollution restriction. It also
makes debugging easier.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
The `kata-manger.sh` utility is changing its behaviour so that
`install-packages` *only* installs packages (no container manager).
Update the command to both install Docker and the packages.
Fixes#113.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
It is useful when we want to specify migration incoming source.
Supported source are fd and exec right now.
Signed-off-by: Peng Tao <bergwolf@gmail.com>
This commit introduces the instructions to be able to run trendy
service mesh Istio and Conduit with Kata Containers. It provides
a bit of feedback on how they actually work to give the reader a
quick overview. After this introduction, it provides restrictions
and instructions to enable them with Kata Containers.
Fixes#171
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
The script now has new options.
Add options to make CI work.
Fixes: #438
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
Excised an extraneous definite article in the install README.
How did we miss this in the review phase I wonder?
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Add the new Google Compute Engine installation guide to the
installation README, reworking this doc to add in a table of contents
and a new "Cloud services" section.
Fixes#173.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Simplify the installation README by using relative URLs - let github
expand them automatically for readers.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
The docker install guides end with a call to `docker run`. However, they
all specify `-ti` which is causing our CI to fail.
Remove the `-ti` so that the command works both under the CI and as
expected for the user.
Fixes#175.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Simplify the CI check that looks for modified install guides to catch
any modified document below `install/`.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
If we send multiple grpcs at once before a client is created, we end up
creating multiple connections to the agent and that breaks when using builtin
proxy since only one connection is allowed.
Fixes: #431
Signed-off-by: Peng Tao <bergwolf@gmail.com>
