The main process do unshare pid namespace, the process
couldn't spawn new thread, in order to avoid this issue,
fork a new child process and do the pid namespace unshare
in the new temporary process.
Fixes: #1140
Signed-off-by: fupan.lfp <fupan.lfp@antfin.com>
Since kata containers shared the network ns with
the guest system, thus there's no need to do the
network ns check.
Fixes: #1047
Signed-off-by: fupan.lfp <fupan.lfp@antfin.com>
In first shim v2 startup(with `start` command-line option), it will start
the second shim v2 process running as ttrpc server, there is no needs to
wait the second process, because the current shim v2 process will exit immediately.
Fixes: #1127
Signed-off-by: bin liu <bin@hyper.sh>
The lto setting controls the -C lto flag which controls LLVM's link time optimizations.
LTO can produce better optimized code, using whole-program analysis,
at the cost of longer linking time.
https://doc.rust-lang.org/cargo/reference/profiles.html#ltoFixes: #1125
Signed-off-by: bin liu <bin@hyper.sh>
Add `kata-runtime` and `kata-collect-data.sh` commands to the apps
section, these two command will be accessible through the commands
`kata-containers.runtime` and `kata-containers.collect-data`
respectively.
Henceforth the snap command for `containerd-shim-kata-v2` will be
`kata-containers.shim`
fixes#1122
Signed-off-by: Julio Montes <julio.montes@intel.com>
In PR 1079, CleanupContainer's parameter of sandboxID is changed to VCSandbox, but at cleanup,
there is no VCSandbox is constructed, we should load it from disk by loadSandboxConfig() in
persist.go. This commit reverts parts of #1079Fixes: #1119
Signed-off-by: bin liu <bin@hyper.sh>
Split some of the core hypervisor details out of the virtualisation
document and present in a simpler fashion for new users.
Fixes: #1063.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
- Removed the `QEMU-virtio-fs` entry from the virtualization doc since
support is now available upstream and the QEMU virtio-fs-specific
configuration file has been removed.
- Removed NEMU as this is no longer used.
- Sorted the remaining rows.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Referring virtio-net mentioning in the kata virtualization
documentation to the virtio-networking blog series published
and explaining how it works.
Fixes#612
Signed-off-by: Ariel Adam <aadam@redhat.com>
Changing "implementor" to "implementer"
Fixes: #612
Signed-off-by: Ariel Adam <aadam@redhat.com>
Signed-off-by: Christophe de Dinechin <dinechin@redhat.com>
This (unreleased) version of CRI-O brings in the possibility of enabling
the `k8s-oom.bats` test.
Depends-on: github.com/kata-containers/tests#3060
Fixes: #1116
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Under stress, the agent can be OOM-killed, which exists the sandbox.
One possible hard-to-diagnose manifestation is a virtiofsd crash.
Fixes: #1111
Reported-by: Qian Cai <caiqian@redhat.com>
Signed-off-by: Christophe de Dinechin <dinechin@redhat.com>
Key name in configuration file is in snake case but not camel case.
And the key is processed as `enable_pprof` in code, the configuration
template file should replace `EnablePprof` it by `enable_pprof`
Fixes: #1109
Signed-off-by: bin liu <bin@hyper.sh>
Remove global sandbox variable, and save *Sandbox to hypervisor struct.
For some needs, hypervisor may need to use methods from Sandbox.
Signed-off-by: bin liu <bin@hyper.sh>
Let's update CRI-O version to the commit which introduced the fix for
the "k8s-copy-file" tests.
Depends-on: github.com/kata-containers/tests#3042
Fixes: #1080
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Update cloud-hypervisor to commit 2706319.
Fixes a limitation in OpenAPITools/openapi-generator tool,
it's impossible to send go zero types, like false and 0 to
cloud-hypervisor because `omitempty` is added if a field is not
required.
See cloud-hypervisor/cloud-hypervisor#1961 for more information
Signed-off-by: Julio Montes <julio.montes@intel.com>
Guest consumes 120Mb more of memory when DAX is enabled and the default
FS cache size (8G) is used. Disable dax when it is not required
reducing guest's memory footprint.
Without this patch:
```
7fdea4000000-7fdee4000000 rw-s 18850589 /memfd:ch_ram (deleted)
Size: 1048576 kB
KernelPageSize: 4 kB
MMUPageSize: 4 kB
Rss: 187876 kB
```
With this patch:
```
7fa970000000-7fa9b0000000 rw-s 612001 /memfd:ch_ram (deleted)
Size: 1048576 kB
KernelPageSize: 4 kB
MMUPageSize: 4 kB
Rss: 57308 kB
Pss: 56722 kB
```
fixes#1100
Signed-off-by: Julio Montes <julio.montes@intel.com>
Fix `kata-runtime kata-check`'s network version check which was failing
when the user was running a release candidate build and the latest
release was a major one, two examples of the error being:
- `BUG: unhandled scenario: current version: 1.12.0-rc0, latest version: 1.12.0`
- `BUG: unhandled scenario: current version: 2.0.0-rc0, latest version: 2.0.0`
Fixes: #1104.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
According to the Semantic Versioning specification, build metadata must
be ignored for version comparisions, so add some explicit tests for this
scenario to `TestGetNewReleaseType()`.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
In some cases, for example agent crashed and not marked dead yet, the GetOOMEvent
will return errors like `connection reset by peer` or `ttrpc: closed`. Do a sleep
with 1 second (agent check interval) and let agent health check to do the check.
Fixes: #991
Signed-off-by: bin liu <bin@hyper.sh>
The documentation contains existing spelling mistakes that are caught by the CI
and prevent checking in. The errors include:
INFO: Spell checking file 'docs/how-to/how-to-load-kernel-modules-with-kata.md'
WARNING: Word 'configurated': did you mean one of the following?: configuration, reconfigured, Confederate, confederate
WARNING: Word 'cri': did you mean one of the following?: cir, crib, chi, cry, Fri, crier
ERROR: Spell check failed for file: 'docs/how-to/how-to-load-kernel-modules-with-kata.md'
INFO: spell check failed for document docs/how-to/how-to-load-kernel-modules-with-kata.md
INFO: Spell checking file 'docs/how-to/how-to-set-sandbox-config-kata.md'
INFO: Spell check successful for file: 'docs/how-to/how-to-set-sandbox-config-kata.md'
ERROR: spell check failed, See https://github.com/kata-containers/documentation/blob/master/Documentation-Requirements.md#spelling for more information.
Signed-off-by: Christophe de Dinechin <dinechin@redhat.com>
The documentation `how-to/how-to-set-sandbox-config-kata.md` contains a number
of differences relative to the 1.x variant, which do not seem to correspond to
missing features in the actual code.
Fixes: #1046
Signed-off-by: Christophe de Dinechin <dinechin@redhat.com>
This reverts commit ff13bde3c1, which
moved back CRI-O to v1.18.3.
The was, IMHO, a little bit premature. We want to know exactly what are
the issues on v1.18.4, solve those, and be prepared for a v1.18.5 bump
(or even a bump to a specific commit, if needed).
Just for the sake of the completeness, v1.18.4 caused a regression on
"k8s-copy-file" tests, which is tracked on CRI-O side as
https://github.com/cri-o/cri-o/issues/4353.
Fixes: #1080
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Use `if err := q.qmpSetup(); err != nil` to reduce code and make it easy
to read. And remove checking err if last function call also return an error,
return the function call directly.
Fixes: #1081
Signed-off-by: bin liu <bin@hyper.sh>
