Add framework for different architectures for check. In the existing
kata-runtime check, the network checks do not appear to be
architecture-specific while the kernel module, cpu, and kvm checks do
have separate implementations for different architectures.
Signed-off-by: Chelsea Mafrica <chelsea.e.mafrica@intel.com>
Add more unit tests cases to --version argument.
Signed-off-by: David Esparza <david.esparza.borquez@intel.com>
Commit-edited-by: James O. D. Hunt <james.o.hunt@intel.com>
As we're switching to using the rust version of the kata-ctl, lets
provide with its own entry in the kata-ctl command line.
Signed-off-by: David Esparza <david.esparza.borquez@intel.com>
Commit-edited-by: James O. D. Hunt <james.o.hunt@intel.com>
handle_events for EventManager doesn't take max_events as arguments, so
we need to update the comments for it.
p.s. max_events is defined when initializing the EventManager.
fixes: #5382
Signed-off-by: Chao Wu <chaowu@linux.alibaba.com>
- libs/kata-types: adjust default_vcpus correctly
- runtime-rs: delete duplicated PASSTHROUGH_FS_DIR const
- Enable ACRN hypervisor support for Kata 2.x release
- agent: reduce reference count for failed mount
- agent: don't exit early if signal fails due to ESRCH
- kata-sys-util: delete duplicated get_bundle_path
- packaging: Mount $HOME/.docker in the 1st layer container
- Upgrade to Cloud Hypervisor v27.0
- microvm: Remove kernel_irqchip=on option
- kata-sys-util: fix typo `unknow`
- dragonball: update ut for kernel config
- versions: Update gperf url to avoid libseccomp random failures
- versions: Update oci version
- dragonball: fix no "as_str" error on Arm
- tools: release: fix bogus version check
- runtime-rs: update Cargo.lock
- refactor(runtime-rs): Use RwLock in runtime-agent
- runtime-rs: fix shim close_io call to support kubectl cp
- runtime-rs: add comments for runtime-rs shared directory
- workflow: trigger test-kata-deploy with pull_request and fix workflow_dispatch
- Dragonball: update linux_loader to 0.6.0
- modify virtio_net_dev_mgr.rs wrong code comments
- docs: Update urls in runk documentation
- runtime-rs: support watchable mount
- runtime-rs: debug console support in runtime
- kata-deploy: ship the rustified runtime binary
- runtime-rs: define VFIO unbind path as a const
- runtime-rs: set agent timeout to 0 for stream RPCs
- Added SNP-Support for Kata-Containers
- packaging: fix typo in configure-hypervisor.sh
- runtime/runtime-rs: update dependency
- release: Revert kata-deploy changes after 3.0.0-rc0 release
- runtime-rs: add test for StaticResource
- runtime-rs: remove hardcoded string
- docs: add README for runtime-rs hypervisor crate
- runtime-rs: use Path.is_file to check regular files
- osbuilder: Export directory variables for libseccomp
- runtime-rs: add unit tests for network resource
- runtime-rs/resource: use macro to reduce duplicated code
- runtime-rs: fix incorrect comments
- kernel: Add crypto kernel config for s390
- Non-root hypervisor uid reuse bug
- Build-in Sandbox: update dragonball-sandbox dependencies
- docs: Update url in virtualization document
- dragonball: Fix problem that stdio console cannot connect to stdout
- runtime-rs: call TomlConfig's validate function after load
- feat(Shimmgmt): Shim management server and client
53f209af4 libs/kata-types: adjust default_vcpus correctly
ef5a2dc3b agent: don't exit early if signal fails due to ESRCH
435c8f181 acrn: Enable ACRN hypervisor support for Kata 2.x release
c31cf7269 agent: reduce reference count for failed mount
4da743f90 packaging: Mount $HOME/.docker in the 1st layer container
067e2b1e3 runtime: clh: Use the new API to boot with TDX firmware (td-shim)
5d63fcf34 runtime: clh: Re-generate the client code
fe6107042 versions: Upgrade to Cloud Hypervisor v27.0
17de94e11 microvm: Remove kernel_irqchip=on option
3aeaa6459 runtime-rs: delete duplicated PASSTHROUGH_FS_DIR const
43ae97233 kata-sys-util: delete duplicated get_bundle_path
ac0483122 kata-sys-util: fix typo `unknow`
a24127659 versions: Update gperf url to avoid libseccomp random failures
a617a6348 versions: Update oci version
6d585d591 dragonball: fix no "as_str" error on Arm
421729f99 tools: release: fix bogus version check
457b0beaf runtime-rs: update Cargo.lock
f89ada2de dragonball: update ut for kernel config
0e899669e runtime-rs: fix shim close_io call to support kubectl cp
96cf21fad runtime-rs: add comments for runtime-rs shared directory
9bd941098 docs: Update urls in runk documentation
90ecc015e Dragonball: update linux_loader to 0.6.0
4a763925e runtime-rs: support watchable mount
abc26b00b dragonball: modify wrong code comments modify virtio_net_dev_mgr.rs wrong code comments
20bcaf0e3 runtime-rs: set agent timeout to 0 for stream RPCs
274de024c docs: add README for runtime-rs hypervisor crate
a4a23457c osbuilder: Export directory variables for libseccomp
d663f110d kata-deploy: get the config path from cri options
c6b3dcb67 kata-deploy: support kata-deploy for runtime-rs
46965739a runtime-rs: remove hardcoded string
a394761a5 kata-deploy: add installation for runtime-rs
50299a329 refactor(runtime-rs): Use RwLock in runtime agent
9628c7df0 runtime: update runc dependency
7fbc88387 runtime-rs: drop dependency on rustc-serialize
bf2be0cf7 release: Revert kata-deploy changes after 3.0.0-rc0 release
e23bfd615 runtime-rs: make function name more understandable
426a43678 runtime-rs: add unit test and eliminate raw string
87959cb72 runtime-rs: debug console support in runtime
d55cf9ab7 docs: Update url in virtualization document
0399da677 runtime-rs: update dependencies
f6f19917a dragonball: update dragonball-sandbox dependencies
2caee1f38 runtime-rs: define VFIO unbind path as a const
3f65ff2d0 runtime-rs: fix incorrect comments
9670a3caa runtime-rs: use Path.is_file to check regular files
d9e6eb11a docs: Guide to use SNP-VMs with Kata-Containers
ded60173d runtime: Enable choice between AMD SEV and SNP
22bda0838 runtime: Support for AMD SEV-SNP VMs
a2bbd2942 kernel: Introduce SNP kernel
0e69405e1 docs: Developer-Guide updated
105eda5b9 runtime: Initrd path option added to config
a8a8a28a3 runtime-rs/resource: use macro to reduce duplicated code
7622452f4 Dragonball: Fix the problem about stdio console
208233288 runtime-rs: add test for StaticResource
adb33a412 packaging: fix typo in configure-hypervisor.sh
f91431987 runtime: store the user name in hypervisor config
86a02c5f6 kernel: Add crypto kernel config for s390
5cafe2177 runtime: make StopVM thread-safe
c3015927a runtime: add more debug logs for non-root user operation
5add50aea runtime-rs: timeout for shim management client
9f13496e1 runtime-rs: shim management client
aaf6d6908 runtime-rs: call TomlConfig's validate function after load
e891295e1 runtime-rs: shim management - agent-url
59aeb776b runtime-rs: shim management
a828292b4 runtime-rs: add unit tests for network resource
7676cde0c workflow: trigger test-kata-deploy with pull_request
f10827357 workflow: require PR num input on test-kata-deploy workflow_dispatch
428d6dc80 workflow: Revert "workflow: trigger test-kata-deploy with pull_request"
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
This reverts commit 7676cde0c5.
It turns out that when triggerred from a PR, the docker login command is
failing with
```
Error: Cannot perform an interactive login from a non TTY device
```
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
With default_maxvcpus = 0 and default_vcpus = 1 settings, the
default_vcpus will be set to 0 and leads to starting fail.
The default_maxvcpus is not set correctly when it is set to 0,
and the default_vcpus is set to 0.
The correct action is setting default_maxvcpus to the max number
of CPUs or MAX_DRAGONBALL_VCPUS, and the default_vcpus should be
set to the desired value if the valuse is between 0 and
default_maxvcpus.
Fixes: #5110
Signed-off-by: Bin Liu <bin@hyper.sh>
ESRCH usually means the process has exited. In this case,
the execution should continue to kill remaining container processes.
Fixes: #5366
Signed-off-by: Feng Wang <feng.wang@databricks.com>
[Fix up cargo updates]
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
Currently ACRN hypervisor support in Kata2.x releases is broken.
This commit re-enables ACRN hypervisor support and also refactors
the code so as to remove dependency on Sandbox.
Fixes#3027
Signed-off-by: Vijay Dhanraj <vijay.dhanraj@intel.com>
The kata agent adds a reference for each storage object before mount
and skip mount again if the storage object is known. We need to
remove the object reference if mount fails.
Fixes: #5364
Signed-off-by: Feng Wang <feng.wang@databricks.com>
In order to ensure that the proxy configuration is passed to the 2nd
layer container, let's ensure the $HOME/.docker/config.json file is
exposed inside the 1st layer container.
For some reason which I still don't fully understand exporting
https_proxy / http_proxy / no_proxy was not enough to get those
variables exported to the 2nd layer container.
In this commit we're creating a "$HOME/.docker" directory, and removing
it after the build, in case it doesn't exist yet. The reason we do this
is to avoid docker not running in case "$HOME/.docker" doesn't exist.
This was not tested with podman, but if there's an issue with podman,
the issue was already there beforehand and should be treated as a
different problem than the one addressed in this commit.
Fixes: #5077
Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
The new way to boot from TDX firmware (e.g. td-shim) is using the
combination of '--platform tdx=on' with '--firmware tdshim'.
Fixes: #5309
Signed-off-by: Bo Chen <chen.bo@intel.com>
This release has been tracked in our new [roadmap project ](https://github.com/orgs/cloud-hypervisor/projects/6) as iteration v27.0.
**Community Engagement**
A new mailing list has been created to support broader community discussions.
Please consider [subscribing](https://lists.cloudhypervisor.org/g/dev/); an announcement of a regular meeting will be
announced via this list shortly.
**Prebuilt Packages**
Prebuilt packages are now available. Please see this [document](https://github.com/cloud-hypervisor/obs-packaging/blob/main/README.md)
on how to install. These packages also include packages for the different
firmware options available.
**Network Device MTU Exposed to Guest**
The MTU for the TAP device associated with a virtio-net device is now exposed
to the guest. If the user provides a MTU with --net mtu=.. then that MTU is
applied to created TAP interfaces. This functionality is also exposed for
vhost-user-net devices including those created with the reference backend.
**Boot Tracing**
Support for generating a trace report for the boot time has been added
including a script for generating an SVG from that trace.
**Simplified Build Feature Flags**
The set of feature flags, for e.g. experimental features, have been simplified:
* msvh and kvm features provide support for those specific hypervisors
(with kvm enabled by default),
* tdx provides support for Intel TDX; and although there is no MSHV support
now it is now possible to compile with the mshv feature,
* tracing adds support for boot tracing,
* guest_debug now covers both support for gdbing a guest (formerly gdb
feature) and dumping guest memory.
The following feature flags were removed as the functionality was enabled by
default: amx, fwdebug, cmos and common.
**Asynchronous Kernel Loading**
AArch64 has gained support for loading the guest kernel asynchronously like
x86-64.
**GDB Support for AArch64**
GDB stub support (accessed through --gdb under guest_debug feature) is now
available on AArch64 as well as as x86-64.
**Notable Bug Fixes**
* This version incorporates a version of virtio-queue that addresses an issue
where a rogue guest can potentially DoS the VMM,
* Improvements around PTY handling for virtio-console and serial devices,
* Improved error handling in virtio devices.
**Deprecations**
Deprecated features will be removed in a subsequent release and users should
plan to use alternatives.
* Booting legacy firmware (compiled without a PVH header) has been deprecated.
All the firmware options (Cloud Hypervisor OVMF and Rust Hypervisor Firmware)
support booting with PVH so support for loading firmware in a legacy mode is no
longer needed. This functionality will be removed in the next release.
Details can be found: https://github.com/cloud-hypervisor/cloud-hypervisor/releases/tag/v27.0
Note: To have the new API of loading firmware for booting (e.g. boot
from td-shim), a specific commit revision after the v27.0 release is
used as the Cloud Hypervisor version from the 'versions.yaml'.
Fixes: #5309
Signed-off-by: Bo Chen <chen.bo@intel.com>
`kernel_irqchip` option doesn't seem to bring any benefits and, on the
contrary, its usage cause issues when using the microvm machine type.
With this in mind, let's remove it.
Fixes: #1984, #4386
Signed-off-by: norbjd <norbjd@users.noreply.github.com>
Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
Add support for ephemeral storage and k8s emptydir.
Depends-on:github.com/kata-containers/tests#5161
Fixes: #4730
Signed-off-by: Bin Liu <bin@hyper.sh>
This PR updates the gperf url to avoid random failures when installing
libseccomp as it seems that the mirrror url produces network random
failures in multiple CIs.
Fixes#5294
Signed-off-by: Gabriela Cervantes <gabriela.cervantes.tellez@intel.com>
This PR updates the oci version that we are using in kata containers.
Fixes#5291
Signed-off-by: Gabriela Cervantes <gabriela.cervantes.tellez@intel.com>
Cmdline struct update in the latest linux-loader lib and its as_str
method is changed to as_cstring, thus we need fix it according whereas
the old as_str method is used.
Fixes: #5287
Signed-off-by: Jianyong Wu <jianyong.wu@arm.com>
Shell expands `*"rc"*` to the top-level `src` directory. This results
in comparing a version with a directory name. This doesn't make sense
and causes the script to choose the wrong branch of the `if`.
The intent of the check is actually to detect `rc` in the version.
Fixes: #5283
Signed-off-by: Greg Kurz <groug@kaod.org>
