github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-06-21 21:18:54 +00:00
Code Issues Projects Releases Wiki Activity
8,929 Commits 70 Branches 134 Tags 318 MiB
dd397ff1bf
Commit Graph

8929 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Fabiano Fidêncio
dd397ff1bf versions: Bump QEMU TDX version 
Let's use the latest tag provided in the
"https://github.com/intel/qemu-dcp" repo, "SPR-BKC-QEMU-v2.5".

Fixes: #4802

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
 2022-08-03 11:00:36 +02:00
Chelsea Mafrica
873e75b915
Merge pull request #4773 from fidencio/topic/build-tdvf 
packaging: Add support for building TDVF
 2022-08-02 09:14:13 -07:00
Fabiano Fidêncio
c9b5bde30b versions: Track and build TDVF 
TDVF is the firmware used by QEMU to start TDX capable VMs.  Let's start
tracking it as it'll become part of the Confidential Containers sooner
or later.

TDVF lives in the public https://github.com/tianocore/edk2-staging repo
and we're using as its version tags that are consumed internally at
Intel.

Fixes: #4624

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
 2022-08-02 09:51:47 +02:00
Fabiano Fidêncio
e6a5a5106d packaging: Generate a tarball as OVMF build result 
Instead of having as a result the directory where OVMF artefacts where
installed, let's follow what we do with the other components and have a
tarball as a result of the OVMF build.

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
 2022-08-02 09:48:59 +02:00
Fabiano Fidêncio
42eaf19b43 packaging: Simplify OVMF repo clone 
Instead of cloning the repo, and then switching to a specific branch,
let's take advantage of `--branch` and directly clone the specific
branch / tag.

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
 2022-08-02 09:48:59 +02:00
Fabiano Fidêncio
4d33b0541d packaging: Don't hardcode "edk2" as the cloned repo's dir. 
As TDVF comes from a different repo, the edk2-staging one, we cannot
simply hardcode the name.  Instead, let's get the name of the directory
from name of the git repo.

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
 2022-08-02 09:48:59 +02:00
Fabiano Fidêncio
7503bdab6e
Merge pull request #4783 from fidencio/topic/build-td-shim 
versions: Track and add support for building TD-shim
 2022-08-01 20:50:58 +02:00
Fabiano Fidêncio
b06bc82284 versions: Track and add support for building TD-shim 
TD-shim is a simplified TDX virtual firmware, used by Cloud Hypervisor,
in order to create a TDX capable VM.

TD-shim is heavily under development, and is hosted as part of the
Confidential Containers project:
https://github.com/confidential-containers/td-shim

The version chosen for this commit, is a version that's being tested
inside Intel, but we, most likely, will need to change it before we have
it officially packaged as part of an official release.

Fixes: #4779

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
 2022-08-01 16:36:12 +02:00
Bin Liu
8d9135a7ce
Merge pull request #4765 from ryansavino/ccv0-rust-upgrade 
versions: Upgrade rust version
 2022-08-01 17:15:05 +08:00
Ryan Savino
9b1940e93e versions: update rust version 
Fixes #4764

versions: update rust version to fix ccv0 attestation-agent build error
static-checks: kata tools, libs, and agent fixes

Signed-Off-By: Ryan Savino <ryan.savino@amd.com>
 2022-07-29 18:41:43 -05:00
Peng Tao
0aefab4d80
Merge pull request #4739 from liubin/fix/4738-trace-rpc-calls 
agent: log RPC calls for debugging
 2022-07-29 14:18:23 +08:00
Fabiano Fidêncio
54147db921
Merge pull request #4170 from Alex-Carter01/build-amdsev-ovmf 
Add support AmdSev build of OVMF
 2022-07-28 19:42:50 +02:00
Alex Carter
638c2c4164 static-build: Add AmdSev option for OVMF builder 
Introduces new build of firmware needed for SEV

Fixes: kata-containers#4169

Signed-off-by: Alex Carter <alex.carter@ibm.com>
 2022-07-28 09:56:06 -05:00
Alex Carter
f0b58e38d2 static-build: Add build script for OVMF 
Introduces a build script for OVMF. Defaults to X86_64 build (x64 in OVMF)

Fixes: #4169

Signed-off-by: Alex Carter <alex.carter@ibm.com>
 2022-07-28 09:07:49 -05:00
Bin Liu
a67402cc1f
Merge pull request #4397 from yaoyinnan/3073/ftr/host-cgroupv2 
runtime: Support for host cgroupv2
 2022-07-28 14:30:03 +08:00
Tim Zhang
229ff29c0f
Merge pull request #4758 from GabyCT/topic/updaterunc 
versions: Update runc version
 2022-07-28 14:12:58 +08:00
yaoyinnan
5c3155f7e2 runtime: Support for host cgroup v2 
Support cgroup v2 on the host. Update vendor containerd/cgroups to add cgroup v2.

Fixes: #3073

Signed-off-by: yaoyinnan <yaoyinnan@foxmail.com>
 2022-07-28 10:30:45 +08:00
yaoyinnan
4ab45e5c93 docs: Update support for host cgroupv2 
Currently cgroup v2 is supported. Remove the note that host cgroup v2 is not supported.

Fixes: #3073

Signed-off-by: yaoyinnan <yaoyinnan@foxmail.com>
 2022-07-28 10:30:44 +08:00
GabyCT
9dfd949f23
Merge pull request #4646 from amshinde/add-liburing-qemu 
qemu: Add liburing to qemu build
 2022-07-27 15:47:49 -05:00
Gabriela Cervantes
326eb2f910 versions: Update runc version 
This PR updates the runc version to v1.1.0.

Fixes #4757

Signed-off-by: Gabriela Cervantes <gabriela.cervantes.tellez@intel.com>
 2022-07-27 16:19:11 +00:00
Bin Liu
557229c39d
Merge pull request #4724 from yahaa/fix-docs 
Docs: fix tables format error
 2022-07-27 21:13:29 +08:00
Archana Shinde
1b01ea53d9
Merge pull request #4735 from nubificus/feature-fc-v1.1 
versions: Update Firecracker version to v1.1.0
 2022-07-27 04:50:32 +05:30
Peng Tao
27c82018d1
Merge pull request #4753 from Tim-Zhang/agent-fix-stream-fd-double-close 
agent: Fix stream fd's double close
 2022-07-27 00:54:07 +08:00
Bin Liu
6fddf031df
Merge pull request #4664 from lifupan/main 
container: kill all of the processes in a container when it terminated
 2022-07-26 23:12:11 +08:00
Tim Zhang
f5aa6ae467 agent: Fix stream fd's double close problem 
The fd would be closed on Pipestream's dropping and we should
not close it agian.

Fixes: #4752

Signed-off-by: Tim Zhang <tim@hyper.sh>
 2022-07-26 20:05:06 +08:00
yahaa
6e149b43f7 Docs: fix tables format error 
Fixes: #4725

Signed-off-by: yahaa <1477765176@qq.com>
 2022-07-26 19:05:09 +08:00
gntouts
56d49b5073 versions: Update Firecracker version to v1.1.0 
This patch upgrades Firecracker version from v0.23.4 to v1.1.0

* Generate swagger models for v1.1.0 (from firecracker.yaml)
* Replace ht_enabled param to smt (API change)
* Remove NUMA-related jailer param --node 0

Fixes: #4673
Depends-on: github.com/kata-containers/tests#4968

Signed-off-by: George Ntoutsos <gntouts@nubificus.co.uk>
Signed-off-by: Anastassios Nanos <ananos@nubificus.co.uk>
 2022-07-26 07:01:26 +00:00
liubin
0e24f47a43 agent: log RPC calls for debugging 
We can log all RPC calls to the agent for debugging purposes
to check which RPC is called, which can help us to understand
the container lifespan.

Fixes: #4738

Signed-off-by: liubin <liubin0329@gmail.com>
 2022-07-26 10:32:44 +08:00
Tim Zhang
e764a726ab
Merge pull request #4715 from Tim-Zhang/fix-ut-test_do_write_stream 
agent: fix fd-double-close problem in ut test_do_write_stream
 2022-07-25 17:34:26 +08:00
Tim Zhang
427b29454a
Merge pull request #4709 from liubin/fix/4708-unwrap-error 
rustjail: check result to let it return early
 2022-07-25 15:05:20 +08:00
Tim Zhang
0337377838
Merge pull request #4695 from liubin/4694/upgrade-nydus-version 
upgrade nydus version
 2022-07-25 15:05:04 +08:00
Wainer Moschetta
0b4a91ec1a
Merge pull request #4644 from bookinabox/optimize-get-paths 
cgroups: remove unnecessary get_paths()
 2022-07-22 17:01:01 -03:00
GabyCT
68c265587c
Merge pull request #4718 from GabyCT/topic/updatefirecrackerversion 
versions: Update firecracker version
 2022-07-21 14:26:57 -05:00
Gabriela Cervantes
df79c8fe1d versions: Update firecracker version 
This PR updates the firecracker version that is being
used in kata CI.

Fixes #4717

Signed-off-by: Gabriela Cervantes <gabriela.cervantes.tellez@intel.com>
 2022-07-21 16:10:29 +00:00
Tim Zhang
912641509e agent: fix fd-double-close problem in ut test_do_write_stream 
The fd will closed on struct Process's dropping, so don't
close it again manually.

Fixes: #4598

Signed-off-by: Tim Zhang <tim@hyper.sh>
 2022-07-21 19:37:15 +08:00
liubin
0d7cb7eb16 agent: delete agent-type property in announce 
Since there is only one type of agent now, the
agent-type is not needed anymore.

Signed-off-by: liubin <liubin0329@gmail.com>
 2022-07-21 14:53:01 +08:00
liubin
eec9ac81ef rustjail: check result to let it return early. 
check the result to let it return early if there are some errors

Fixes: #4708

Signed-off-by: liubin <liubin0329@gmail.com>
 2022-07-21 14:51:30 +08:00
liubin
402bfa0ce3 nydus: upgrade nydus/nydus-snapshotter version 
Upgrade nydus/nydus-snapshotter to the latest version.

Fixes: #4694

Signed-off-by: liubin <liubin0329@gmail.com>
 2022-07-21 14:39:14 +08:00
Peng Tao
6d56cdb9ac
Merge pull request #4686 from xujunjie-cover/issue4685 
kata-monitor: fix can't monitor /run/vc/sbs
 2022-07-19 23:40:14 +08:00
xujunjie-cover
72dbd1fcb4 kata-monitor: fix can't monitor /run/vc/sbs. 
need bind host dir /run/vc/sbs/ to kata monitor

Fixes: #4685

Signed-off-by: xujunjie-cover <xujunjielxx@163.com>
 2022-07-19 09:52:54 +08:00
Archana Shinde
f690b0aad0 qemu: Add liburing to qemu build 
io_uring is a Linux API for asynchronous I/O introduced in qemu 5.0.
It is designed to better performance than older aio API.
We could leverage this in order to get better storage performance.

We should be adding liburing-dev to qemu build to leverage this feature.
However liburing-dev package is not available in ubuntu 20.04,
it is avaiable in 22.04.

Upgrading the ubuntu version in the dockerfile to 22.04 is causing
issues in the static qemu build related to libpmem.

So instead we are building liburing from source until those build issues
are solved.

Fixes: #4645

Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
 2022-07-14 19:21:47 -07:00
Fupan Li
d93e4b939d container: kill all of the processes in this container 
When a container terminated, we should make sure there's no processes
left after destroying the container.

Before this commit, kata-agent depended on the kernel's pidns
to destroy all of the process in a container after the 1 process
exit in a container. This is true for those container using a
separated pidns, but for the case of shared pidns within the
sandbox, the container exit wouldn't trigger the pidns terminated,
and there would be some daemon process left in this container, this
wasn't expected.

Fixes: #4663

Signed-off-by: Fupan Li <fupan.lfp@antgroup.com>
 2022-07-14 16:39:49 +08:00
Bin Liu
575b5eb5f5
Merge pull request #4506 from cyyzero/runk-exec 
runk: Support `exec` sub-command
 2022-07-14 14:22:24 +08:00
Derek Lee
9ae2a45b38 cgroups: remove unnecessary get_paths() 
Change get_mounts to get paths from a borrowed argument rather than
calling get_paths a second time.

Fixes #3768

Signed-off-by: Derek Lee <derlee@redhat.com>
 2022-07-13 09:17:14 -07:00
Bin Liu
0cc20f014d
Merge pull request #4647 from fidencio/topic/fix-clh-crash-when-booting-up-with-no-network-device 
clh: Don't crash if no network device is set by the upper layer
 2022-07-13 21:28:46 +08:00
Fabiano Fidêncio
418a03a128
Merge pull request #4639 from fidencio/topic/packaging-rework-qemu-build-suffix 
packaging: Rework how ${BUILD_SUFFIX} is used with the QEMU builder scripts
 2022-07-13 15:03:19 +02:00
Fabiano Fidêncio
be31207f6e clh: Don't crash if no network device is set by the upper layer 
`ctr` doesn't set a network device when creating the sandbox, which
leads to Cloud Hypervisor's driver crashing, see the log below:
```
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x8 pc=0x55641c23b248]
goroutine 32 [running]:
github.com/kata-containers/kata-containers/src/runtime/virtcontainers.glob..func1(0xc000397900)
	/home/ubuntu/go/src/github.com/kata-containers/kata-containers/src/runtime/virtcontainers/clh.go:163 +0x128
github.com/kata-containers/kata-containers/src/runtime/virtcontainers.(*cloudHypervisor).vmAddNetPut(...)
	/home/ubuntu/go/src/github.com/kata-containers/kata-containers/src/runtime/virtcontainers/clh.go:1348
github.com/kata-containers/kata-containers/src/runtime/virtcontainers.(*cloudHypervisor).bootVM(0xc000397900, {0x55641c76dfc0, 0xc000454ae0})
	/home/ubuntu/go/src/github.com/kata-containers/kata-containers/src/runtime/virtcontainers/clh.go:1378 +0x5a2
github.com/kata-containers/kata-containers/src/runtime/virtcontainers.(*cloudHypervisor).StartVM(0xc000397900, {0x55641c76dff8, 0xc00044c240},
0x55641b8016fd)
        /home/ubuntu/go/src/github.com/kata-containers/kata-containers/src/runtime/virtcontainers/clh.go:659 +0x7ee
github.com/kata-containers/kata-containers/src/runtime/virtcontainers.(*Sandbox).startVM.func2()
        /home/ubuntu/go/src/github.com/kata-containers/kata-containers/src/runtime/virtcontainers/sandbox.go:1219 +0x190
github.com/kata-containers/kata-containers/src/runtime/virtcontainers.(*LinuxNetwork).Run.func1({0xc0004a8910, 0x3b})
        /home/ubuntu/go/src/github.com/kata-containers/kata-containers/src/runtime/virtcontainers/network_linux.go:319 +0x1b
github.com/kata-containers/kata-containers/src/runtime/virtcontainers.doNetNS({0xc000048440, 0xc00044c240}, 0xc0005d5b38)
        /home/ubuntu/go/src/github.com/kata-containers/kata-containers/src/runtime/virtcontainers/network_linux.go:1045 +0x163
github.com/kata-containers/kata-containers/src/runtime/virtcontainers.(*LinuxNetwork).Run(0xc000150c80, {0x55641c76dff8, 0xc00044c240}, 0xc00014e4e0)
	/home/ubuntu/go/src/github.com/kata-containers/kata-containers/src/runtime/virtcontainers/network_linux.go:318 +0x105
github.com/kata-containers/kata-containers/src/runtime/virtcontainers.(*Sandbox).startVM(0xc000107d40, {0x55641c76dff8, 0xc0005529f0})
	/home/ubuntu/go/src/github.com/kata-containers/kata-containers/src/runtime/virtcontainers/sandbox.go:1205 +0x65f
github.com/kata-containers/kata-containers/src/runtime/virtcontainers.createSandboxFromConfig({_, _}, {{0x0, 0x0, 0x0}, {0xc000385a00, 0x1, 0x1},
{0x55641d033260, 0x0, ...}, ...}, ...)
        /home/ubuntu/go/src/github.com/kata-containers/kata-containers/src/runtime/virtcontainers/api.go:91 +0x346
github.com/kata-containers/kata-containers/src/runtime/virtcontainers.CreateSandbox({_, _}, {{0x0, 0x0, 0x0}, {0xc000385a00, 0x1, 0x1},
{0x55641d033260, 0x0, ...}, ...}, ...)
        /home/ubuntu/go/src/github.com/kata-containers/kata-containers/src/runtime/virtcontainers/api.go:51 +0x150
github.com/kata-containers/kata-containers/src/runtime/virtcontainers.(*VCImpl).CreateSandbox(_, {_, _}, {{0x0, 0x0, 0x0}, {0xc000385a00, 0x1, 0x1},
{0x55641d033260, ...}, ...})
        /home/ubuntu/go/src/github.com/kata-containers/kata-containers/src/runtime/virtcontainers/implementation.go:35 +0x74
github.com/kata-containers/kata-containers/src/runtime/pkg/katautils.CreateSandbox({_, _}, {_, _}, {{0xc0004806c0, 0x9}, 0xc000140110, 0xc00000f7a0,
{0x0, 0x0}, ...}, ...)
        /home/ubuntu/go/src/github.com/kata-containers/kata-containers/src/runtime/pkg/katautils/create.go:175 +0x8b6
github.com/kata-containers/kata-containers/src/runtime/pkg/containerd-shim-v2.create({0x55641c76dff8, 0xc0004129f0}, 0xc00034a000, 0xc00036a000)
        /home/ubuntu/go/src/github.com/kata-containers/kata-containers/src/runtime/pkg/containerd-shim-v2/create.go:147 +0xdea
github.com/kata-containers/kata-containers/src/runtime/pkg/containerd-shim-v2.(*service).Create.func2()
        /home/ubuntu/go/src/github.com/kata-containers/kata-containers/src/runtime/pkg/containerd-shim-v2/service.go:401 +0x32
created by github.com/kata-containers/kata-containers/src/runtime/pkg/containerd-shim-v2.(*service).Create
        /home/ubuntu/go/src/github.com/kata-containers/kata-containers/src/runtime/pkg/containerd-shim-v2/service.go:400 +0x534
```

This bug has been introduced as part of the
https://github.com/kata-containers/kata-containers/pull/4312 PR, which
changed how we add the network device.

In order to avoid the crash, let's simply check whether we have a device
to be added before iterating the list of network devices.

Fixes: #4618

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
 2022-07-13 10:40:21 +02:00
Peng Tao
39974fbacc
Merge pull request #4642 from fidencio/topic/clh-bump-to-v25.0-release 
versions: Update Cloud Hypervisor to v25.0
 2022-07-13 16:08:01 +08:00
Fabiano Fidêncio
051181249c packaging: Add a "-" in the dir name if $BUILD_DIR is available 
Currently $BUILD_DIR will be used to create a directory as:
/opt/kata/share/kata-qemu${BUILD_DIR}

It means that when passing a BUILD_DIR, like "foo", a name would be
built like /opt/kata/share/kata-qemufoo
We should, instead, be building it as /opt/kata/share/kata-qemu-foo.

Fixes: #4638

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
 2022-07-12 21:27:41 +02:00
Fabiano Fidêncio
dc3b6f6592 versions: Update Cloud Hypervisor to v25.0 
Cloud Hypervisor v25.0 has been released on July 7th, 2022, and brings
the following changes:

**ch-remote Improvements**
The ch-remote command has gained support for creating the VM from a JSON
config and support for booting and deleting the VM from the VMM.

**VM "Coredump" Support**
Under the guest_debug feature flag it is now possible to extract the memory
of the guest for use in debugging with e.g. the crash utility.
(https://github.com/cloud-hypervisor/cloud-hypervisor/issues/4012)

**Notable Bug Fixes**
* Always restore console mode on exit
  (https://github.com/cloud-hypervisor/cloud-hypervisor/issues/4249,
   https://github.com/cloud-hypervisor/cloud-hypervisor/issues/4248)
* Restore vCPUs in numerical order which fixes aarch64 snapshot/restore
  (https://github.com/cloud-hypervisor/cloud-hypervisor/issues/4244)
* Don't try and configure IFF_RUNNING on TAP devices
  (https://github.com/cloud-hypervisor/cloud-hypervisor/issues/4279)
* Propagate configured queue size through to vhost-user backend
  (https://github.com/cloud-hypervisor/cloud-hypervisor/issues/4286)
* Always Program vCPU CPUID before running the vCPU to fix running on Linux
  5.16
  (https://github.com/cloud-hypervisor/cloud-hypervisor/issues/4156)
* Enable ACPI MADT "Online Capable" flag for hotpluggable vCPUs to fix newer
  Linux guest

**Removals**
The following functionality has been removed:

* The mergeable option from the virtio-pmem support has been removed
  (https://github.com/cloud-hypervisor/cloud-hypervisor/issues/3968)
* The dax option from the virtio-fs support has been removed
  (https://github.com/cloud-hypervisor/cloud-hypervisor/issues/3889)

Fixes: #4641

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
 2022-07-12 14:47:58 +00:00