Kata-runtime can append vhost-user-blk device to the
device list of a container. And handle volumes who is
a block device and in VhostUserBlk type.
The vhost-user-blk device will be identified by its
PCI address by Kata-agent inside VM.
Fixes: #2380
Signed-off-by: Liu Xiaodong <xiaodong.liu@intel.com>
Reserved number of Linux device number 241 and 242
are used to identify vhost-user-blk and vhost-user-scsi
devices.
for example, after command:
mknod <Vhost-User-Dir>/block/devices/vhost-dev0 b 241 0
this node will be recognized as vhost-user-blk device.
Fixes: #2380
Signed-off-by: Liu Xiaodong <xiaodong.liu@intel.com>
Two parameters are used to set in toml file:
1. Set "enable_vhost_user_store = true" to indicate
that vhost-user storage device feature is enabled.
2. Set "vhost_user_store_path = <Vhost-User-Dir>".
vhost-user socket files will be under
"<Vhost-User-Dir>/block/sockets/"; and device node
for vhost-user device will be under
"<Vhost-User-Dir>/block/devices/"
The default value of "vhost_user_store_path" is
"/var/run/kata-containers/vhost-user/".
Fixes: #2380
Signed-off-by: Liu Xiaodong <xiaodong.liu@intel.com>
set rootfstype=ext4 to make kernel not do print errros like:
```
Mount option "data=ordered" incompatible with ext2
```
Depends-on: github.com/kata-containers/tests#2377
Fixes: #2524
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
This adds the `agent.container_pipe_size` annotation which allows
configuration of the size of the pipes for stdout/stderr for containers
inside the guest.
fixes#2467
Signed-off-by: Alex Price <aprice@atlassian.com>
Set the katautils default log level to 'Warn', rather than 'Info',
as 'Info' is rather noisy.
Fixes: #2522
Signed-off-by: Graham Whaley <graham.whaley@intel.com>
Set the default log level explicitly to 'Warn', rather than taking
the logrus default (which is normally 'Info').
Fixes: #2522
Signed-off-by: Graham Whaley <graham.whaley@intel.com>
The shimv2 runtime logs slightly differently - let's clarify
that in the existing OCI/CRI-O only runtime section.
Fixes: #2520
Signed-off-by: Graham Whaley <graham.whaley@intel.com>
Remove the rootfs bind dest and finally remove the created share
directory when stopping the container.
Fixes#2516
Signed-off-by: Li Yuxuan <liyuxuan04@baidu.com>
With the HTTP API 'vm.resize()', the CPU hotplug with CLH is much simpler
comparing with QEMU. This is because we don't need to distinguish adding from
removing CPUs.
Fixes: #2495
Depends-on: github.com/kata-containers/packaging#968
Depends-on: github.com/kata-containers/tests#2364
Signed-off-by: Bo Chen <chen.bo@intel.com>
The 'apiSocket' member in the CloudHypervisorState struct needs to be kept
across different executions of kata-runtime with persist HypervisorState, so
that kata-runtime can talk with the same running cloud-hypervisor through
HTTP/REST API calls.
Fixes: #2506
Signed-off-by: Bo Chen <chen.bo@intel.com>
This allows to reuse detached block index and ensures that the
index will not reach the limit of device(such as `maxSCSIDevices`)
after restarting containers many times in one pod.
Fixes: #2007
Signed-off-by: Li Yuxuan <liyuxuan04@baidu.com>
virtiofsd should be added in kata-env as virtiofs enabled kata then
it will be easy to get the info of virtiofsd from kata-env.
Fixes: #2491
Change-Id: I37ff58ed4315344d1e2b87f3abcd04311661e910
Jira: ENTOS-1579
Signed-off-by: Jianyong Wu <jianyong.wu@arm.com>
For one thing, we should not make kata's internal device type
exactly as govmm string by string.
For another thing, latest govmm changes the device driver strings
and it breaks kata in such a way but the fault is on kata side IMHO.
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
To include block readonly capability. Included commits:
3700c55 qemu: add block device readonly support
88a25a2 Refactor code to support multiple virtio transports at runtime
2ee53b0 qemu: Don't set ".cache-size=" when CacheSize is 0
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
cgroup manager is in charge to create and setup cgroups for
virtual containers, for example it adds /dev/kvm and
/dev/vhost-net to the list of cgroup devices in order to have
virtual containers working.
fixes#2438fixes#2419
Signed-off-by: Julio Montes <julio.montes@intel.com>
virtcontainers/pkg/cgroups contains functions and structures needed to deal
with cgroups and virtual containers
Signed-off-by: Julio Montes <julio.montes@intel.com>
We leverage the new openAPI knobs from CLH to set readonly for disk image
and we also pass kernel cmd to set guest root filesystem readonly.
Signed-off-by: Bo Chen <chen.bo@intel.com>
Use CLH branch stable/v0.5.x, and also re-generate the openAPI client
code with the new 'cloud-hypervisor.yaml'.
Fixes: #2488
Signed-off-by: Bo Chen <chen.bo@intel.com>
cri-o v1.16.x has network namespace mount point leaking problem, and
the latest v1.17.x has fixed this problem.
since cri-o and k8s follow the same release cycle and deprecation policy,
I will also update k8s to the latest release v1.17.3-00 as well.
Fixes: #2457
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
A malicious can trick us with a crafted container
rootfs symlink and make runtime umount other mountpoints.
Make sure we do not walk through symlinks when umounting.
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
cloud-hypervisor uses `hybrid vsocks`, it is not needed to find a
context ID.
Fixes: #2481
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
