Fixed `TestSandboxCreationFromConfigRollbackFromCreateSandbox` which
requires that the hypervisor does not exist. Unfortunately, it does
exist (as a fake test binary), but isn't executable meaning although the
test failed (since an error is expected), rather than the expected
`ENOENT` error, the test was logging a message similar to the following
since the fake hypervisor exists with non-executable permissions:
```
Unable to launch /tmp/vc-tmp-526112270/hypervisor: fork/exec /tmp/vc-tmp-526112270/hypervisor: permission denied
```
Fixes: #1835.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Update the `TestQemuAddDeviceKataVSOCK` test so that it:
- Doesn't hard-code the file descriptor number.
- Cleans up after itself.
The latter issue was causing an odd error similar to the following in
the test output:
```
Unable to launch /tmp/vc-tmp-526112270/hypervisor: fork/exec /tmp/vc-tmp-526112270/hypervisor: permission denied
```
Partially fixes: #1835.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
This will take the VERSION of all the components in order to
verify that they match among them before merging the runtime.
Fixes#1581
Depends-on: github.com/kata-containers/packaging#614
Signed-off-by: Gabriela Cervantes <gabriela.cervantes.tellez@intel.com>
When the rootfs creation is used for PRs there is
not a match with a kata runtime version, in this
case lets clone the runtime repository and checkout
to the kata branch target. If is already cloned
this mean this was set by depens-on script or the user.
Fixes: #326
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
We are seeing sporadic failures in the rootfs creation as listed here:
https://github.com/kata-containers/tests/issues/1744
While this cannot be reproduced locally, there is no reason
for the failure to write to $ROOTFS_DIR/etc/chrony.conf unless the upper
directories are missing as this file should be created if it did not
exist earier.
So just create the etc directory to test out if we see these sporadic
failures in the CI.
Fixes#328
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Kubernetes moved CRI document within the sig-node directory. Updating
README.md accordingly.
Fixes: #1837
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
- rootfs: configure chronyc service with makestep
- agent: detect required Go version from versions.yaml
- rootfs-builder: exclude unsupported archs from euleros and clearlinux
- tests: reduce the amount of log displayed
- chrony: Configure chrony to start only when /dev/ptp0 exists.
- rootfs: install systemd tmp.mount if needed
5a5ffa4 rootfs-builder: exclude unsupported archs from euleros
7dc15c2 rootfs-builder: exclude unsupported archs from clearlinux
d2e80f5 chrony: Configure chrony to start only when /dev/ptp0 exists.
6969c7f rootfs: install systemd tmp.mount if needed
add0d44 rootfs: configure chronyc service with makestep
cc5df05 travis: do not set -x when running test
25d75e5 tests: reduce the amount of log displayed
acc9c7f tests: identify the distros with build failures
68f2090 make: add ability to silent recipe commands with chronic
cbb8c01 make: add print-% target printing variable value
e770e2a rootfs: enforce minimum Go version when building locally
92b42c7 agent: detect required Go version from versions.yaml
Signed-off-by: katacontainersbot <katacontainersbot@gmail.com>
With #1485, we moved the default medium empty-dir creation to the
sandbox rootfs. This worked for devicemapper, but in case of overlay
the "local" directory was being created outside the sandbox rootfs.
As a result we were seeing the behaviour seen in #1818.
Fixes#1818
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
For euleros, it has supported aarch64 starting from v2.3,
but here is the sad part, there existed bugs in their 2.3.x image,
this bug existed in both x86_64 and aarch64 image.
related issue euleros/euleros-docker-images/#13
(https://github.com/euleros/euleros-docker-images/issues/13) has been raised.
Fixes: #320
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
Hypercall to implement virtual PTP was introduced in kernel 4.10
Have chrony run only if the device created by kvm-ptp exists.
Add this as a ConditionExists in the systemd service file.
This service if named as chrony.service in deb based distributions
rather than chronyd.service, although a systemd alias exists.
However it is not possible to come up with a generic `PATH` systemd
unit relying on the alias.
Fixes#308
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Update virtcontainer to use latest swagger definition.
Most changes are around mandatory parameters which need to be
passed in via pointers so that the absence of the same can be
detected (vs using default values).
Signed-off-by: Manohar Castelino <manohar.r.castelino@intel.com>
On some distros (Debian, Ubuntu, openSUSE), tmp.mount is not
installed by default in /[etc|usr/lib]/systemd/system, but
just in /usr/shared/systemd, so it needs to be manually copied
there to have /tmp mounted as tmpfs.
Fixes: #317
Signed-off-by: Marco Vedovati <mvedovati@suse.com>
The current chrony service does not step the system clock,
so add the modification to do this if the adjustment is
larger than one second
Fixes: #316
Signed-off-by: Yang, Wei <wei.yang1@linux.alibaba.com>
Auger Eric's latest patches about "ARM virt: Initial RAM expansion
and extended memory map"(https://patchwork.kernel.org/cover/10835377/)
paves the way to device memory, which is the foundation for NVDIMM and
memory hotplug.
This new feature on qemu kinds of depends on host kernel's new feature
on dynamic IPA range(https://lwn.net/Articles/750176/).
The availability of this feature is advertised by a new kvm cap
KVM_CAP_ARM_VM_IPA_SIZE. When supported, this capability returns the
maximum IPA shift supported by the host. The supported IPA size on
a host could be different from the system's PARange indicated
by the CPUs (e.g, kernel limit on the PA size).
Fixes: #1796
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
Add a log message for every trace span created, required by the tracing
tests to validate tracing is working.
Fixes: #1814.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
The upstream yaml definition has a formatting issue. Fix the
indentation to ensure that swagger can generate the code.
Signed-off-by: Manohar Castelino <manohar.r.castelino@intel.com>
We only use the swagger generated code from the firecracker-go-sdk.
Now that vsock support is directly available in the upstream
firecracker swagger definition unvendor and generate the
firecracker API directly from the upstream yaml definition.
Previosly vsock was not available in the upstream definition.
It is now provided as an experimental feature.
https://github.com/firecracker-microvm/firecracker/blob/master/api_server/swagger/firecracker-experimental.yaml
Signed-off-by: Manohar Castelino <manohar.r.castelino@intel.com>
Upgrade Firecracker to 0.17.0. This is required to pick up
bug fixes needed in jailer, to allow kata to run firecracker
constrained by a jailer in Kata.
Fixes: #1746
Signed-off-by: Manohar Castelino <manohar.r.castelino@intel.com>
shimv2 binary was not being built in case of any source changes.
Add dependency of source files to the shimv2 make target to fix this.
Fixes#1805
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
