Currently kata sets the init process to systemd even when it isn't installed,
the criteria to determinate whether systemd is used as init or not
is very odd, since kata only checks whether the `image` option is set in the
configuration file, unfortunately not all images have systemd installed.
Instead kata should rely on the guest kernel and `osbuilder` to use the right
init process. `osbuilder` creates a symbolic link to `systemd` or `kata-agent`
depending on the `AGENT_INIT` environment variable.
fixes#1937
Signed-off-by: Julio Montes <julio.montes@intel.com>
Fixes: #1929
in containerd-kata-v2, container can only be deleted in Delete
interface, or other shim operates(like kill/delete) all fails
since can not get container info.
Signed-off-by: Ace-Tang <aceapril@126.com>
We start virtiofsd in foreground (-f option), so we should wait for it
to reclaim its resources to avoid zombie process when qemu or virtiofsd
got killed unexpectedly.
Fixes: #1934
Signed-off-by: Eryu Guan <eguan@linux.alibaba.com>
When virtio_fs_cache is set to none, the mount options for the folder
inside the guest should not contain the dax option else it leads to
invalid address errors and a crash of the daemon on the host.
Fixes: #1907
Signed-off-by: Ganesh Maharaj Mahalingam <ganesh.mahalingam@intel.com>
in create sandbox, if process error, should remove network without judge
NetNsCreated is true, since network is created by kata and should be
removed by kata, and network.Remove has judged if need to delete netns
depend on NetNsCreated
Fixes: #1920
Signed-off-by: Ace-Tang <aceapril@126.com>
CPU topology has changed in QEMU 4.1: socket > die > core > thread.
die option must be specified in order to hotplug CPUs on x86_64
Depends-on: github.com/kata-containers/packaging#657
fixes#1913
Signed-off-by: Julio Montes <julio.montes@intel.com>
Shortlog:
68cdf64 test: add cpu topology tests
e0cf9d5 qmp: add checks for the CPU toplogy
a5c1190 qemu: support x86 SMP die
Signed-off-by: Julio Montes <julio.montes@intel.com>
Update top-level vendor with
"dep ensure add github.com/blang/semver@3.6.1"
dep check should not succeed.
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
It is not really recommended to have nested vendor directories.
dep does not work well with nested directories:
https://github.com/golang/dep/issues/985
Recommendation is to use flatten the vendor directories.
Hence remove any nested vendor directories.
Fixes#1909
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Fixes#803
Merge "hypervisor.json" into "persist.json", so the new store can take
care of hypervisor data now.
Signed-off-by: Wei Zhang <weizhang555.zw@gmail.com>
For one thing, it is container specific resource so it should not
be cleaned up by the agent. For another thing, we can make container
stop to force cleanup these host mountpoints regardless of hypervisor
and agent liveness.
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
Then we can check hypervisor liveness in those cases to avoid long
timeout when connecting to the agent when hypervisor is dead.
For kata-agent, we still use the kata-proxy pid for the same purpose.
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
Once we have found the container, we should never fail SIGKILL.
It is possible to fail to send SIGKILL because hypervisor might
be gone already. If we fail SIGKILL, upper layer cannot really
proceed to clean things up.
Also there is no need to save sandbox here as we did not change
any state.
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
When force is true, ignore any guest related errors. This can
be used to stop a sandbox when hypervisor process is dead.
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
Whenever we fail to connect, do not make any more attempts.
More attempts are possible during cleanup phase but we should
not try to connect any more there.
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
When a container is paused and something goes terribly
wrong, we still need to be able to clean thing up. A paused
container should be able to transit to stopped state as well
so that we can delete it properly.
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
This allows travis to use the go install script instead of having a
hard coded golang version at travis.yml
Fixes#1903
Signed-off-by: Gabriela Cervantes <gabriela.cervantes.tellez@intel.com>
It requires root to manipulate netns and otherwise fails
like below:
=== RUN TestStartNetworkMonitor
--- FAIL: TestStartNetworkMonitor (0.00s)
Error Trace: sandbox_test.go:1481
Error: Expected nil, but got: &errors.errorString{s:"Error switching to ns /proc/6648/task/6651/ns/net: operation not permitted"}
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
Convert virtcontainers tests to testify/assert to make the virtcontainers
tests more readable.
fixes#156
Signed-off-by: Julio Montes <julio.montes@intel.com>
since some vendor id like 1ded can not be identified by virtio-pci
driver, so need to pass a specified vendor id to qemu.
Fixes: #1894
Signed-off-by: Ace-Tang <aceapril@126.com>
- qemu: use x-ignore-shared to implement vm template
- virtiofs: Allow memory hotplug with virtiofs
- Firecracker Add jailer support for firecracker
- runtime: update govmm and move to virtio 1.0 for hotplugs
- HV: kata-runtime support for ACRN hypervisor
- versions: add crictl version which is compatible with OpenShift
- versions: update CRI-O to v1.14.6
- Fix fork exec test errors
- ci: Verify and block merge if other projects are not updated
- shimv2: Add missing page size to Hugetlb Stat
d14968b qemu: use x-ignore-shared to implement vm template
d392b22 virtiofs: Allow memory hotplug with virtiofs
050f8e9 runtime: Disable disable-modern for virtio QMP add
3e4989d vendor: update govmm and match code
4fed346 Firecracker: Enable jailer by default
78ea50c virtcontainers: Jailer: Add jailer support for firecracker
98a6973 virtcontainers: Add ACRN unit test cases
f246a79 virtcontainers: Add support for updating virtio-blk based container rootfs
d9a4157 virtcontainers: Add support for launching/managing ACRN based VMs
828e0a2 pkg/katautils: Add support for ACRN hypervisor config
adcac93 kata-check: Check and validate type-1 hypervisor for kata
4d26cee Make: Add ACRN hypervisor and generate configuration file
bdd8947 versions: add crictl version which is compatible with OpenShift
098501a versions: update CRI-O to v1.14.6
4968438 tests: Fix fork/exec test error
fcf9f9f test: Fix fd leak causing test error
5182a25 ci: Verify and block merge if other projects are not updated
da7f5f3 shimv2: Add missing page size to Hugetlb Stat
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
qemu upstream has x-ignore-shared that works similar
to our private bypass-shared-memory. We can use it to
implement the vm template feature.
Fixes: #1798
Depends-on: github.com/kata-containers/packaging#641
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
Kata with virtio-fs fails to do memory hotplugging. This is caused by
the fact that hot plugged memory is always backed by
'memory-backend-ram' while virtio-fs expects it to be backed by file and
shared for it to be able to use the system the way it is intended. This
chnage allows using file based memory backend for virtio-fs, hugepages
or when the user prefers to use a file backed memory
Fixes: #1745
Signed-off-by: Ganesh Maharaj Mahalingam <ganesh.mahalingam@intel.com>
History: the previous version of kvm (unknown) and qemu-lite had an
issue using virtio 1.0 version when it came to device hotplug, which led
to the team to disable 1.0 version of virtio for hotplug (set
disable-modern=on). Please check
e99f6b2931
for further info.
We have since moved to QEMU4.0 and probably a later version of kvm as
default across all distros. This change is to move to virtio 1.0 for
hotplugging devices.
Fixes: #1870
Signed-off-by: Ganesh Maharaj Mahalingam <ganesh.mahalingam@intel.com>
