Last week openshift origin v3.10.0 was released,
this PR updates our supported version from 3.9.0 to
3.10.0
This also updates the cri-o version that we use for
openshift, which is now cri-o 1.10.
Fixes: #552.
Signed-off-by: Salvador Fuentes <salvador.fuentes@intel.com>
Right now we create it in `createsandbox` and it would
create the vm dir unnecessarily for fetchsandbox() and
it ends up leaving an empty vm dir behind even after
DeleteSandbox.
Fixes: #547
Signed-off-by: Peng Tao <bergwolf@gmail.com>
To use the filepath.Join() instead of the simple
string append method to form the file path, otherwise
it will lose the "/" between the two parts.
Fixes#543.
Signed-off-by: Fupan Li <lifupan@gmail.com>
To include ReseedRandomDev grpc.
Full commits:
e398fd4 agent: add ReseedRandomDev rpc
8a51909 codecov: remove codecov.yml
Signed-off-by: Peng Tao <bergwolf@gmail.com>
Remove the `initcall_debug` boot option from the kernel command-line as
we don't need it any more and it generates a ton of boot messages that
may well be impacting performance.
Fixes#526.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
And do not append sandbox id to kernel arguments since that
would fail qemu args comparison in vm factory.
Fixes: #523
Signed-off-by: Peng Tao <bergwolf@gmail.com>
To include SandboxId in CreateSandboxRequest.
Included commits:
745fa71 (origin/pr/309) agent: set sandbox id log field in CreateSandbox
a3321f4 (origin/pr/304) vendor: Revendor netlink to fix PID 1 segfault
a9ade15 (origin/pr/293) agent: Add sandbox level reference counter for sandbox storage
5f89c07 (origin/pr/263) yamux: disable yamux keep alive in server channel
815f831 (origin/pr/303) agent: do not quit on grpc serve errors
8abefd1 (origin/pr/301) protocols/client: close yamux session when closing the stream
67643cf (origin/pr/297) agent: Fix CPU tests for both initrd and rootfs image
cf8d3c8 (origin/pr/295) agent: disable yamux keep alive
ed656df (origin/pr/284) grpc: Ignore WriteStdin after the standard input has been closed
1a52204 grpc: Don't close the terminal on CloseStdin() call
04457e3 (origin/pr/292) logging: Add sandbox field
ba2a32a (origin/pr/286) create: Reduce cyclomatic complexity of CreateContainer
bce5f78 (origin/pr/289) logging: Redirect yamux warnings/errors to logger
23311ea namespace: Add check to make sure PID namespace is not received
7fe2eba (origin/pr/273) release: Kata Containers 1.1.0
4ef4971 (origin/pr/277) travis: Enable travis ci for ppc64le
57bf4e6 (origin/pr/279) namespace: do not create path using rand.
a589bdb (origin/pr/275) CI: update static-checks.sh in travis.yml
1372df2 (origin/pr/271) logging: Fix handling of non-string fields when PID 1
4018add (origin/pr/269) agent: honour CPU constraints when agent is the init process
1cff660 (origin/pr/268) mount: Remove redundant mkdir
cc74b5d (origin/pr/266) network: Setup localhost when running as init
dc06ec7 network: Add extra sanity checks
b580ae7 network: Check all function parameters
ee106e9 main: Exit(1) on error
5bf3909 network: Reduce cyclomatic complexity
cdf9bce namespace: Simplify code
0d7f36f (origin/pr/260) agent: update container cpuset cgroup parents
4cf1809 (origin/pr/258) agent: update container cpuset cgroup before setting the new configuration
d70e5bb agent: don't modify container's config
a30395a (origin/pr/253) grpc: signal frozen containers
Signed-off-by: Peng Tao <bergwolf@gmail.com>
When the hypervisor option `use_vsock` is true the runtime will check for vsock
support. If vsock is supported, not proxy will be used and the shims
will connect to the VM using VSOCKS. This flag is true by default, so will use
VSOCK when possible and no proxy will be started.
fixes#383
Signed-off-by: Jose Carlos Venegas Munoz jose.carlos.venegas.munoz@intel.com
Signed-off-by: Julio Montes <julio.montes@intel.com>
parseVSOCKAddr function is no more needed since now agent config
contains a field to identify if vsocks should be used or not.
Signed-off-by: Julio Montes <julio.montes@intel.com>
`appendVSockPCI` function can be used to cold plug vocks, vhost file descriptor
holds the context ID and it's inherit by QEMU process, ID must be unique and
disable-modern prevents qemu from relying on fast MMIO.
Signed-off-by: Julio Montes <julio.montes@intel.com>
add extra field in KataAgentConfig structure to specify if the
kata agent have to use a vsock instead of serial port.
Signed-off-by: Julio Montes <julio.montes@intel.com>
In order to see what proxy was started or not, we should log
its type and the URL
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
Signed-off-by: Julio Montes <julio.montes@intel.com>
Add `use_vsock` option to enable or disable the use of vsocks
for communication between host and guest.
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
Signed-off-by: Julio Montes <julio.montes@intel.com>
We already save the URL used to connect to the agent in the `state.URL` this
variable is the used to connect the shim to agnet independently the socket type
(VSOCK or serial)
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
FindContextID generates a random number between 3 and max uint32
and uses it as context ID.
Using ioctl findContextID checks if the context ID is free, if
the context ID is being used by other process, this function
iterates from over all valid context IDs until one is available.
`/dev/vhost-vsock` is used to check what context IDs are free,
we need it to ensure we are using a unique context ID to
create the vsocks.
Signed-off-by: Julio Montes <julio.montes@intel.com>
Implement function to check if the system has support for vsocks.
This function looks for vsock and vhost-vsock devices returning
true if those exist, otherwise false.
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
Signed-off-by: Julio Montes <julio.montes@intel.com>
add vhostfd and disable-modern to vhost-vsock-pci
shortlog:
3830b44 qemu: add vhostfd and disable-modern to vhost-vsock-pci
f700a97 qemu/qmp: implement function to hotplug vsock-pci
Signed-off-by: Julio Montes <julio.montes@intel.com>
So that if there is any remaining state, we do not let it interfere
with the new one. This should fix the occasional vm factory hang.
Fixes: #535
Signed-off-by: Peng Tao <bergwolf@gmail.com>
Fixes#50
This commit imports a big logic change:
* host device to be attached or appended now is sandbox level resources,
one device should bind to sandbox/hypervisor first, then container could
reference it via device's unique ID.
* attach or detach device should go through the device manager interface
instead of the device interface.
* allocate device ID in global device mapper to guarantee every device
has a uniq device ID and there won't be any ID collision.
With this change, there will some changes on data format on disk for sandbox
and container, these changes also make a breakage of backward compatibility.
New persist data format:
* every sandbox will get a new "devices.json" file under "/run/vc/sbs/<sid>/"
which saves detailed device information, this also conforms to the concept that
device should be sandbox level resource.
* every container uses a "devices.json" file but with new data format:
```
[
{
"ID": "b80d4736e70a471f",
"ContainerPath": "/dev/zero"
},
{
"ID": "6765a06e0aa0897d",
"ContainerPath": "/dev/null"
}
]
```
`ID` should reference to a device in a sandbox, `ContainerPath` indicates device
path inside a container.
Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
Instead of using drivers.XXXDevice directly, we should use exported
struct from device structure. package drivers should be internal struct
and other package should avoid read it's struct content directly.
Signed-off-by: Wei Zhang <zhangwei555@huawei.com>
The interface "VhostUserDevice" has duplicate functions and fields with
Device, so we can merge them into one interface and manage them with one
group of interfaces.
Signed-off-by: Wei Zhang <zhangwei555@huawei.com>
Fixes#50
Previously the devices are created with device manager and laterly
attached to hypervisor with "device.Attach()", this could work, but
there's no way to remember the reference count for every device, which
means if we plug one device to hypervisor twice, it's truly inserted
twice, but actually we only need to insert once but use it in many
places.
Use device manager as a consolidated entrypoint of device management can
give us a way to handle many "references" to single device, because it
can save all devices and remember it's use count.
Signed-off-by: Wei Zhang <zhangwei555@huawei.com>
Ensure the entire codebase uses `"sandbox"` and `"container"` log
fields for the sandboxID and containerID respectively.
Simplify code where fields can be dropped.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Refine the changes made on #468 by adding the containerID log field as
soon as possible (before *any* virtcontainers calls). This requires
that `setExternalLoggers()` be called more times, but it's essential to
ensure the correct log fields are available as early as possible.
Partially fixes#519.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
