The k8s test creates a log file in /dev under
/dev/termination-log, which is not the right place to create
logs, but we need to handle this. With this commit, we handle
regular files under /dev by passing them as 9p shares. All other
special files including device files and directories
are not passed as 9p shares as these are specific to the host.
Any operations on these in the guest would fail anyways.
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Since we want to handle certain files in /dev for k8s case,
remove /dev from the mounts list that we ignore.
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
This reverts commit 08909b2213.
We should not be passing any bind-mounts from /dev, /sys and /proc.
Mounting these from the host inside the container does not make
sense as these files are relevant to the host OS.
Fixes#219
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
The config file is in TOML format which supports comments, so add the
license header to it.
Fixes#234.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
This new version of kata agent contains changes
to list the processes that are running inside the VM
Shortlog:
ff7eaa1 grpc: add unit test for ListProcesses
c394b63 mockcontainer: implement mockContainer
d208929 mockreaper: add unit tests
01bc953 grpc: implement ListProcesses
Signed-off-by: Julio Montes <julio.montes@intel.com>
processListContainer is called by the ps command implementation to
list the processes running inside a containers, this patch implements
this function in the kata agent
fixes#129
Signed-off-by: Julio Montes <julio.montes@intel.com>
When imported, the vc files carried in the 'full style' apache
license text, but the standard for kata is to use SPDX style.
Update the relevant files to SPDX.
Fixes: #227
Signed-off-by: Graham whaley <graham.whaley@intel.com>
After we rename pod to sandbox, still there are some codes left which
will cause some misunderstanding.Such as,`p` in short of `pod` left in
`sandbox.go`.So we need to channge it into `s` in short of `sandbox`.
Fixes:#230
Related: #200
Signed-off-by: Haomin Tsai <caihaomin@huawei.com>
maligned linter was complaining about the size of the
struct. So move fields around to pack the struct better.
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Many cli and arch files were using the 'older style' fairly full
Apache license text. The project standard is the shorter SPDX style.
Convert them over.
Fixes: #225
Signed-off-by: Graham whaley <graham.whaley@intel.com>
Add spec command that generates a basic config.json for kata.
fixes#188
Signed-off-by: Ruidong Cao <caoruidong@huawei.com>
Signed-off-by: Ruidong <caoruidong@huawei.com>
Disable cpuset and cpumem constraints as this is not properly
supported yet.
If we add "cpuset_cpus" and "cpuset_mems" to the container.json,
kata-runtime failed to start, so we need to disable them.
Fixes: #221.
Signed-off-by: Salvador Fuentes <salvador.fuentes@intel.com>
Those different files were all calling into a go routine that was
eventually reporting some result through a go channel. The problem
was the way those routine were implemented, as they were hanging
around forever. Indeed, nothing was actually listening to the channel
in some cases, and those routines never ended.
This was one of the problem detected by the fact that our unit tests
needed more time to pass because when they were all run in parallel,
the resources consumed by those routines were increasing the time
for other tests to complete.
Fixes#208
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
Because of the bad design of the cc_proxy_mock go routine, we were
leaving an infinite loop running into this go routine behind. This
was consuming a lot of resources and it was obviously slowing down
the tests being run in parallel. That's one of the reason we were
hitting the 10 seconds timeout when running go tests.
Fixes#208
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
When using noopShim type from the unit tests, we were ending up
getting a PID 1000, and when checking if the shim was around, we
were always expecting the shim to be "not running", based on the
fact that the process was not there anymore. Unfortunately, this
was a very wrong assumption because we cannot control which PIDs
are running or not on the system. The way to simplify this is to
return a PID 0 in case of noopShim, processed as a special case
by the function waitForShim().
Fixes#208
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
This change updates to latest version from CRI-O
of the 1.9 branch.
This will allow us to unskip a test from the
CRI-O ctr.bats test file.
Fixes: #182.
Signed-off-by: Salvador Fuentes <salvador.fuentes@intel.com>
This new version of kata-containers agent includes
the fix for CPU hotplug race condition
Shortlog:
131554d network: specify netlink protocol
49f01ed protocols/grpc: fix CPU hotplug race condition
ee7850d mockreaper: implement mock reaper
9f60034 reaper: implement reaper interface
Signed-off-by: Julio Montes <julio.montes@intel.com>
Communicate to the agent the number of vCPUs that were hot added,
allowing to the agent wait for the creation of all vCPUs.
fixes#90
Signed-off-by: Julio Montes <julio.montes@intel.com>
As agreed in [the kata containers API
design](https://github.com/kata-containers/documentation/blob/master/design/kata-api-design.md),
we need to rename pod notion to sandbox. The patch is a bit big but the
actual change is done through the script:
```
sed -i -e 's/pod/sandbox/g' -e 's/Pod/Sandbox/g' -e 's/POD/SB/g'
```
The only expections are `pod_sandbox` and `pod_container` annotations,
since we already pushed them to cri shims, we have to use them unchanged.
Fixes: #199
Signed-off-by: Peng Tao <bergwolf@gmail.com>
The runtime already hot added the number of vCPUs needed by each container,
in order to have a better control over those resources, CPU constraints
must be applied.
fixes#203
Signed-off-by: Julio Montes <julio.montes@intel.com>
Check if a volume passed to the container with -v is a block device
file, and if so pass the block device by hotplugging it to the VM
instead of passing this as a 9pfs volume. This would give us
better performance.
Add block device associated with a volume to the list of
container devices, so that it is detached with all other devices
when the container is stopped with detachDevices()
Fixes#137
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
All bind mounts are now passed to the guest with 9p.
We need to exclude /dev/shm, as this is passed as a bind mount
in the spec. We handle /dev/shm in the guest by allocating
memory for it on the guest side. Passing /dev/shm as a 9p mount
was causing it to be mounted twice.
Fixes#190
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
