The script points kata-runtime at the generated initrd/image by
editing the host config file, which we aren't doing when
KATA_DEV_MODE=1 is set, so this won't work.
Fixes: #415
Signed-off-by: Cole Robinson <crobinso@redhat.com>
If KATA_DEV_MODE is set, test_images.sh attempts to validate that
docker has kata-runtime as a configured --runtime value. This gives
a nicer and earlier error, but it also complicates using
/usr/bin/docker as provided by podman, which has a different 'info'
topology.
Let's drop the check and let the tests fail naturally if the host
isn't configured properly
Signed-off-by: Cole Robinson <crobinso@redhat.com>
set_runtime attempts to overwrite the host docker configuration to
default to DOCKER_RUNTIME instead of kata-runtime, which does not
work for 'docker build'.
Since this is a host altering step, skip it if KATA_DEV_MODE is set.
Signed-off-by: Cole Robinson <crobinso@redhat.com>
kata-manager.sh makes host config changes. KATA_DEV_MODE is meant to
avoid such changes.
Add a helper run_mgr function which stubs out kata-manager.sh usage
if KATA_DEV_MODE is set.
Signed-off-by: Cole Robinson <crobinso@redhat.com>
Define KATA_DEV_MODE at the top of the file, so code doesn't need
to conditionally compare against it
Signed-off-by: Cole Robinson <crobinso@redhat.com>
The current setup leaves images/ and rootfs-osbuilder/ dirs stranded
in the $project_dir when run locally. This simplifies things by only
passing through the project_dir and the tmp_dir that all our output
is relative to
Signed-off-by: Cole Robinson <crobinso@redhat.com>
Otherwise it defaults to using the $project_dir/dracut_overlay, which
leaves junk hanging around when running the tests locally
Signed-off-by: Cole Robinson <crobinso@redhat.com>
This is similarly used in image_builder.sh and can be handy to
determine what is happening. Unfold the 'set' short options while
we are at it
Signed-off-by: Cole Robinson <crobinso@redhat.com>
The rootfs and image builder scripts are wired up to handle the
DOCKER_RUNTIME, so pass our value down to those scripts
Signed-off-by: Cole Robinson <crobinso@redhat.com>
DOCKER_RUNTIME is the naming used in the actual osbuilder scripts
for this value. Change the test code to match
Signed-off-by: Cole Robinson <crobinso@redhat.com>
This value is set globally, so this condition will never trigger.
`mkdir -p` would error anyways if it was unspecified
Signed-off-by: Cole Robinson <crobinso@redhat.com>
virtiofsd should be added in kata-env as virtiofs enabled kata then
it will be easy to get the info of virtiofsd from kata-env.
Fixes: #2491
Change-Id: I37ff58ed4315344d1e2b87f3abcd04311661e910
Jira: ENTOS-1579
Signed-off-by: Jianyong Wu <jianyong.wu@arm.com>
For one thing, we should not make kata's internal device type
exactly as govmm string by string.
For another thing, latest govmm changes the device driver strings
and it breaks kata in such a way but the fault is on kata side IMHO.
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
To include block readonly capability. Included commits:
3700c55 qemu: add block device readonly support
88a25a2 Refactor code to support multiple virtio transports at runtime
2ee53b0 qemu: Don't set ".cache-size=" when CacheSize is 0
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
cgroup manager is in charge to create and setup cgroups for
virtual containers, for example it adds /dev/kvm and
/dev/vhost-net to the list of cgroup devices in order to have
virtual containers working.
fixes#2438fixes#2419
Signed-off-by: Julio Montes <julio.montes@intel.com>
virtcontainers/pkg/cgroups contains functions and structures needed to deal
with cgroups and virtual containers
Signed-off-by: Julio Montes <julio.montes@intel.com>
We leverage the new openAPI knobs from CLH to set readonly for disk image
and we also pass kernel cmd to set guest root filesystem readonly.
Signed-off-by: Bo Chen <chen.bo@intel.com>
Use CLH branch stable/v0.5.x, and also re-generate the openAPI client
code with the new 'cloud-hypervisor.yaml'.
Fixes: #2488
Signed-off-by: Bo Chen <chen.bo@intel.com>
cri-o v1.16.x has network namespace mount point leaking problem, and
the latest v1.17.x has fixed this problem.
since cri-o and k8s follow the same release cycle and deprecation policy,
I will also update k8s to the latest release v1.17.3-00 as well.
Fixes: #2457
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
A malicious can trick us with a crafted container
rootfs symlink and make runtime umount other mountpoints.
Make sure we do not walk through symlinks when umounting.
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
cloud-hypervisor uses `hybrid vsocks`, it is not needed to find a
context ID.
Fixes: #2481
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
Some flags defined by the host may not be compatible with golang,
not use LDFLAGS but use our own variable.
Fixes: #2478
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
