vhost-net backend is not supported by the Firecracker VMM. It doesn't
make sense to have this in the configuration, and we should explicitly
disable it.
Fixes: #2192
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
This patch adds a unit test for `namespace.rs`. The baseline for this
test comes from the Go agent tests in which the namespace is mounted in
a temporary folder.
In order to enable testing in the temporary folder the code was refactored
allow configuration for the specified namespace, thus the changes done
are described below:
- The `setup_persistent_ns` method was moved inside the `Namespace` type.
- A builder pattern was implemented for the `Namespace` type. This allows
the caller to set the type of the desired namespace as well as the root
folder which will help the testing.
- A new `NamespaceType` enum was introduced to represent the namespace type.
- The user of the `Namespace` type (sandbox.rs) was updated accordingly.
Fixes: #50
Signed-off-by: Erich Cordoba <erich.cordoba.malibran@intel.com>
The existing document hasn't been updated since ~1.4. Updated to remove
references to qemu-lite, added details on Firecracker.
We still need details on ACRN added here as well.
Fixes: #570
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
Firecracker have its own logging scheme, providing two fifo files with log
and metrics info.
We should extract error info for better debugging.
Fixes: #2072
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
Signed-off-by: Haibo Xu <haibo.xu@arm.com>
When kata-agent run as init process in initrd, do the
init in which will do some base mount such as mount
/proc; thus the following config.parse_cmdline can access
/proc/cmdline to parse the parameters such as agent.log etc.
Fixes: #85
Signed-off-by: lifupan <lifupan@gmail.com>
firecracker 0.19.0 API is not backward compatible, hence we need
to bump the firecracker minimum supported version to 0.19.0
Signed-off-by: Julio Montes <julio.montes@intel.com>
Prior to the addition of tcMirroring support kata-runtime had
compatibility issues with some CNI plugins some of which were addressed
by the bridged model. With the addition of tc mode there are no gaps in
networking that can be filled by the bridged mode or enlightened mode
(which was never implemented).
Eliminate both of these options to simplify the setup.
Fixes: #1213
Signed-off-by: Manohar Castelino <manohar.r.castelino@intel.com>
Fix bug in the `kata-configure-docker.sh` script which assumed
`/etc/docker/` existed by default.
Fixes: #800
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
We do not want to create cgroups in case of rootless.
Fix the logic to implement this.
Fixes#2177
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
The CI was failing due to two problems.
1. The `ci/static-checks.sh` was run from an incorrect place.
2. `rustfmt` was failing as some code wasn't correctly formatted.
This patch address all the changed requested by rustfmt and the
`static-checks.sh` script was updated
Fixes: #83
Signed-off-by: Erich Cordoba <erich.cordoba.malibran@intel.com>
FIPS are a set of security standards for encryption algorithms
in user and kernel space among others.
Have Kata support this by starting the VM for a container
in FIPS mode on detecting that the host is running in FIPS mode.
Depends-on: github.com/kata-containers/packaging#788
Fixes#2170
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
The repos of the CI builds are not used anywhere so let's be friendly to
the OBS infrastructure and do not publish them.
Signed-off-by: Ralf Haferkamp <rhafer@suse.com>
cri-tools version was managed in the tests repository, but as
we define here cri-o, containerd and kubernetes versions, it
make sense to have the cri-tools version defined in this repo.
conmon has now to be installed/built separately. So add it
to the list.
Depends-on: github.com/kata-containers/tests#2057
Signed-off-by: Salvador Fuentes <salvador.fuentes@intel.com>
Bump test fails because Kata version at this moment is alfa and
only bumps from alpha to rc0 are allowed. Just use rc0 as use-case
for all, there is not any other constrain at the moment.
Fixes: #795
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
This adds an option to the agent to control the hotplug timeout of block devices.
Retains the previous behaviour of defaulting to 3 seconds if not specified.
Can be increased when block device hot plugging is taking longer than expected.
fixes#62
Signed-off-by: Alex Price <aprice@atlassian.com>
