originally, we forcefully set any bind-mount with `private` propagation
type, and it's not applied for all scenarios. e.g. we need to provide
`slave` or `shared` propagation type for bind-mounts in setting up jail
house.
Here, we add another parameter `pgtype` in func bindMount for providing
customized propagation parameters.
Fixes: #2511
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
- scripts: set a default path to the yq binary
- AArch64: Build rust image on aarch64
- image-builder: Add NSDAX_BIN for passing in compiled nsdax tool
- rootfs: Don't overwrite /sbin/init if it already exists
- tests: Improve running test_images.sh locally
1c063af scripts: set a default path to the yq binary
67343a1 rust-agent: Separate the build up of rust-agent and go-agent
a390a36 rootfs: remove RUST_SRC_PATH
41aaa36 ubuntu/debian: create aarch64-specific Dockerfile.in
9cba8c4 musl: install musl on aarch64
87a5d5c rootfs: Don't overwrite /sbin/init if it already exists
4004bd8 image-builder: Add NSDAX_BIN for passing in compiled nsdax tool
134175b tests: Document the changed KATA_DEV_MODE behavior
0f4eac4 tests: Skip initrd/image launch if KATA_DEV_MODE
762ec28 tests: Drop kata-runtime env validation if KATA_DEV_MODE is set
6f17b9c tests: Skip set_runtime if KATA_DEV_MODE is set
17a8fb1 tests: Skip all kata-manager usage if KATA_DEV_MODE is set
e787bb0 tests: Define KATA_DEV_MODE
cef2591 tests: Rework dracut docker bind mounts
f3ab6d2 tests: Don't run commands with `chronic` if DEBUG is set
7a8e816 tests: Specify DRACUT_OVERLAY_DIR
7dd99c0 tests: Add project_dir helper variable
1ae3922 tests: Have DEBUG=1 set bash xtrace
555ddf3 tests: Remove unused USE_DOCKER export
0e6a12c tests: Pass DOCKER_RUNTIME to osbuilder scripts
e8624d8 tests: Rename docker_build_runtime -> DOCKER_RUNTIME
cd46d09 tests: Remove hardcoded 'runc' reference
c574ec0 tests: Remove dead unset images_dir check
44f2931 tests: Remove unused test_func_prefix
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
- actions: Add verbose information
- systemd-service: build rust-agent systemd services
- grpc: fix the issue of crash agent when didn't find the process
cd233c0 actions: Add verbose information
f0eaeac path-absolutize: version update
3136712 systemd-service: build rust-agent systemd services
289d617 grpc: fix the issue of crash agent when didn't find the process
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
Our CLH driver in kata defines its own constant variable 'maxClhVcpus'
which can conflict with the maximum number of vCPUs specified from the
kata configuration file 'clh.config.DefaultMaxVCPUs'. As the value from
kata configuration file is preferred anyway and the code on 'maxClhVcpus'
is not being used. We'd better remove it for better readability and
avoiding further confusions.
Fixes: #2528
Signed-off-by: Bo Chen <chen.bo@intel.com>
Use the path where `install-yq.sh` installs `yq` as the default path to the
`yq` binary in `lib.sh`.
Install `yq` in the default path if it doesn't exist.
fixes#429
Signed-off-by: Julio Montes <julio.montes@intel.com>
Kata-runtime can append vhost-user-blk device to the
device list of a container. And handle volumes who is
a block device and in VhostUserBlk type.
The vhost-user-blk device will be identified by its
PCI address by Kata-agent inside VM.
Fixes: #2380
Signed-off-by: Liu Xiaodong <xiaodong.liu@intel.com>
Reserved number of Linux device number 241 and 242
are used to identify vhost-user-blk and vhost-user-scsi
devices.
for example, after command:
mknod <Vhost-User-Dir>/block/devices/vhost-dev0 b 241 0
this node will be recognized as vhost-user-blk device.
Fixes: #2380
Signed-off-by: Liu Xiaodong <xiaodong.liu@intel.com>
Two parameters are used to set in toml file:
1. Set "enable_vhost_user_store = true" to indicate
that vhost-user storage device feature is enabled.
2. Set "vhost_user_store_path = <Vhost-User-Dir>".
vhost-user socket files will be under
"<Vhost-User-Dir>/block/sockets/"; and device node
for vhost-user device will be under
"<Vhost-User-Dir>/block/devices/"
The default value of "vhost_user_store_path" is
"/var/run/kata-containers/vhost-user/".
Fixes: #2380
Signed-off-by: Liu Xiaodong <xiaodong.liu@intel.com>
set rootfstype=ext4 to make kernel not do print errros like:
```
Mount option "data=ordered" incompatible with ext2
```
Depends-on: github.com/kata-containers/tests#2377
Fixes: #2524
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
This adds the `agent.container_pipe_size` annotation which allows
configuration of the size of the pipes for stdout/stderr for containers
inside the guest.
fixes#2467
Signed-off-by: Alex Price <aprice@atlassian.com>
Set the katautils default log level to 'Warn', rather than 'Info',
as 'Info' is rather noisy.
Fixes: #2522
Signed-off-by: Graham Whaley <graham.whaley@intel.com>
Set the default log level explicitly to 'Warn', rather than taking
the logrus default (which is normally 'Info').
Fixes: #2522
Signed-off-by: Graham Whaley <graham.whaley@intel.com>
The shimv2 runtime logs slightly differently - let's clarify
that in the existing OCI/CRI-O only runtime section.
Fixes: #2520
Signed-off-by: Graham Whaley <graham.whaley@intel.com>
Separate the build up of rust-agent and go-agent, hence you only
select one as kata-agent.
I've added the generation of rust-agent systemd service files into
rust-agent Makefile.
Therefore, we could use same `make` commands to build go-agent and
rust-agent.
Fixes: #411
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
If user wants to use customized rust-agent, they could use
AGENT_SOURCE_BIN to pass the static binary.
The rust-agent is always statically linked with musl.
Fixes: #411
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
The musl package in ubuntu/debian could not provide everything we need
on aarch64.
e.g. we need `aarch64-linux-musl-gcc` as linker, and it's not provided
in package.
Fixes: #411
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
The original musl-installing method is only for x86_64 and i386(see
musl config.mak template file).
musl.cc provides small and reliable pre-built musl toolchains
for many architectures.
Static so they run on supported platforms without dependencies.
Fixes: #411
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
Remove the rootfs bind dest and finally remove the created share
directory when stopping the container.
Fixes#2516
Signed-off-by: Li Yuxuan <liyuxuan04@baidu.com>
With the HTTP API 'vm.resize()', the CPU hotplug with CLH is much simpler
comparing with QEMU. This is because we don't need to distinguish adding from
removing CPUs.
Fixes: #2495
Depends-on: github.com/kata-containers/packaging#968
Depends-on: github.com/kata-containers/tests#2364
Signed-off-by: Bo Chen <chen.bo@intel.com>
The prepare_overlay() code path is called when rootfs.sh is invoked
with no passed in distro string. This is used for the dracut case
from the Makefile for example. In that particular case, the starting
root directory is empty.
It's also valid to pass a prepopulated directory to rootfs.sh, which
is essentially a request for the script to just make the necessary
kata changes. Currently though prepare_overlay() makes some changes
that could wipe out pre-arranged /sbin/init setup.
Check first to see if /sbin/init exists in the rootfs dir, and if so,
skip the symlink changes
Fixes: #419
Signed-off-by: Cole Robinson <crobinso@redhat.com>
Nothing inherently requires root here. If the ROOTFS_DIR is only
root accessible then the operation may fail, but better IMO to let
that fail naturally
Fixes: #422
Signed-off-by: Cole Robinson <crobinso@redhat.com>
In Fedora we are running the osbuilder scripts on the client machine,
to generate an initrd for the running host kernel. In this setup,
there's currently a runtime dependency on gcc for compiling the nsdax
tool, which is suboptimal.
Add NSDAX_BIN environment variable; if specified, image-builder.sh
will use that path as the nsdax tool. This let's ship a compiled
nsdax tool to users and drop the runtime gcc dependency
Fixes: #417
Signed-off-by: Cole Robinson <crobinso@redhat.com>
The 'apiSocket' member in the CloudHypervisorState struct needs to be kept
across different executions of kata-runtime with persist HypervisorState, so
that kata-runtime can talk with the same running cloud-hypervisor through
HTTP/REST API calls.
Fixes: #2506
Signed-off-by: Bo Chen <chen.bo@intel.com>
Adds a cmdline option to configure the stdout/stderr pipe sizes.
Uses `F_SETPIPE_SZ` to resize the write side of the pipe after
creation.
Example Cmdline option: `agent.container_pipe_size=2097152`
fixes#152
Signed-off-by: Alex Price <aprice@atlassian.com>
This allows to reuse detached block index and ensures that the
index will not reach the limit of device(such as `maxSCSIDevices`)
after restarting containers many times in one pod.
Fixes: #2007
Signed-off-by: Li Yuxuan <liyuxuan04@baidu.com>
I add another sub-command `build-service` in Makefile to
generate rust-agent-related systemd service files, which
are necessary for building guest rootfs image.
The whole design is following the one in go-agent.
Fixes: #144
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
