Instead of have special cases, just
bump all, bumps are check and more if are automated.
CI probbly not, but we can skip if necesary.
Fixes: #744
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
This is a experimental feature for arm64 as linux kernel has
not enable kvm ptp for arm64.
ptp_kvm need co-work from host and guest, so you need add this
patch both to your guest and host. Host kernel version is better
lower than 5.0 and higher than 4.19.
another version of this patch base on kernel v5.3 is under review in kernel upstream, refer to [1]
to see the full info.
[1] https://lkml.org/lkml/2019/8/29/80Fixes: #692
Signed-off-by: Jianyong Wu jianyong.wu@arm.com
We have some issues trying to run `apt upgrade` on
a container that uses virtiofsd with `-o posix_lock`.
Add virtiofsd `-o no_posix_lock` argument to not use the
posix lock.
Signed-off-by: Salvador Fuentes <salvador.fuentes@intel.com>
bring support for logging through a hybrid vsock
shortlog:
95be1c3 agent: add support for logging to a vsock port
a03e23b protocols/client: improve hybrid vsock parser
6a96997 protocols/client: make schemes and hybrid vsock dialer public
e01f23c network: Add a testcase for setupDNS
d733185 network: Setup DNS for sandbox
Signed-off-by: Julio Montes <julio.montes@intel.com>
In firecracker, there is no socket connected to /dev/console, so let's
use a vsock port to get agent's logs
Depends-on: github.com/kata-containers/shim#210
fixes#2103
Signed-off-by: Julio Montes <julio.montes@intel.com>
Log to syslog instead of stderr. This way all Kata and virtiofsd logs
are captured in syslog (or the systemd journal). This makes debugging
much easier.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
The new --fd=FDNUM file descriptor passing option eliminates the need to
wait for virtiofsd to create the vhost-user UNIX domain socket. This is
a nice simplification because we can remove the timeouts and stderr
parsing. There is no longer a race between launching virtiofsd and
launching QEMU, so we don't need to wait anymore.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
virtio-fs changed the mount command-line. Previously "mount none -o
tag=kataShared ..." was used. Now "mount kataShared ..." is used
instead.
Since the "kataShared" tag is used for both 9P and virtio-fs, rename the
variable so that it is not 9P-specific.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Fixes: #1993
For security reasons, let's make sure 'others' don't have access to the
firecracker hybrid vsock
fixes#2101
Signed-off-by: Julio Montes <julio.montes@intel.com>
Apply qemu/patches/virtiofsd/0001-add-time-to-seccomp.patch
to be able to build virtiofsd statically.
Fixes: #742.
Signed-off-by: Salvador Fuentes <salvador.fuentes@intel.com>
Introduce a constant for minimum memory requirement
in virtcontainers package, that can be used in config.
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Add support for annotations that allow us to custimise a subset
of the configurations provided in kata conf toml file.
This initial commit adds support for customising vcpus, default max
vcpus, memory and the kernel command line passed as Hypervisor
config.
Replaces #1695Fixes#1655
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
These annotations were missing from the list of what are
considered as assets. Add these to existing list.
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Change the naming schema for existing annotations from
"com.github.containers.virtcontainers" to "io.kata-containers"
The hypervisor related annotations are changed to reflect this.
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Unmount and unassign block device when it's required, that way the disk
can be unmounted and destroyed in the host.
fixes#1966
Signed-off-by: Julio Montes <julio.montes@intel.com>
Create a raw file and bind mount it to use it as disk is not needed,
instead a the raw file can be created at the jail path and use it directly
as disk, if a new container is added the real disk/device can be bind mounted
in the raw file.
Signed-off-by: Julio Montes <julio.montes@intel.com>
move device operations to a more generic place where they can be used
in any hypervisor implementation.
Signed-off-by: Julio Montes <julio.montes@intel.com>
`USE_PODMAN` variable needs to be set for the osbuilder
scripts to use podman as a containerization engine to
build initrd/rootfs images. If both are set, `USE_DOCKER`
would take precedence over `USE_PODMAN`
Fixes: #370
Signed-off-by: Nitesh Konkar <niteshkonkar@in.ibm.com>
In case a user wants to use podman instead of
docker to build initrd/rootfs images, facilitate
it by setting the variable `USE_PODMAN=true`.
Fixes: #370
Signed-off-by: Nitesh Konkar <niteshkonkar@in.ibm.com>
time syscall on seccomp is needed to be able to build
virtiofsd successfully.
This patch is currently not availabe upstream, so lets
add it until it becomes available.
Signed-off-by: Salvador Fuentes <salvador.fuentes@intel.com>
Removes `--vsock` flag when building Firecracker since
the flag was removed as vsock is enabled by default.
Also update the path where the binaries are placed.
Fixes: #739.
Signed-off-by: Salvador Fuentes <salvador.fuentes@intel.com>
Update osbuilder README to use DEBUG
environment variable for executing scripts in
debug mode.
Fixes: #368
Signed-off-by: Nitesh Konkar <niteshkonkar@in.ibm.com>
