container's rootfs is a string type, which cannot represent a
block storage backed rootfs which hasn't been mounted.
Change it to a mount alike struct as below:
RootFs struct {
// Source specify the BlockDevice path
Source string
// Target specify where the rootfs is mounted if it has been mounted
Target string
// Type specifies the type of filesystem to mount.
Type string
// Options specifies zero or more fstab style mount options.
Options []string
// Mounted specifies whether the rootfs has be mounted or not
Mounted bool
}
If the container's rootfs has been mounted as before, then this struct can be
initialized as: RootFs{Target: <rootfs>, Mounted: true} to be compatible with
previous case.
Fixes:#1158
Signed-off-by: lifupan <lifupan@gmail.com>
when use shim v2 interface to run container, no need to use kata-proxy
and kata-shim, remove kata-proxy and kata-shim in config file will cause
panic since type assertion. add check to avoid panic
Fixes: #1440
Signed-off-by: Ace-Tang <aceapril@126.com>
The "ephemeral" is just used to indicate ephemeral volumes in
runtime. We should not pass it to agent. Instead, "bind" should be
the correct mount type to be passed.
Fixes: #1438
Signed-off-by: Xie Yongji <xieyongji@baidu.com>
After we switched golang linter to golangci-lint, we has extra 'deadcode'
linter check, and we need to remove this linter check for all
generic items.
Fixes: #1432
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
Fixes: #1422
Detect failing test case:
```
....
=== RUN TestEnterContainerFailingContNotStarted
--- PASS: TestEnterContainerFailingContNotStarted (0.01s)
=== RUN TestEnterContainer
--- FAIL: TestEnterContainer (0.00s)
Error Trace: sandbox_test.go:1154
Error: Expected value not to be nil.
Messages: Entering non-running container should fail
Error Trace: sandbox_test.go:1157
Error: Expected nil, but got: &errors.errorString{s:"Can not
move from running to running"}
Messages: Failed to start sandbox: Can not move from running to
running
FAIL
```
`TestEnterContainerFailingContNotStarted` calls `cleanUp` at function
begging but it doesn't clean its garbage after it ends.
`TestEnterContainer` only call `cleanUp` in the end but it doesn't do
cleanUp in the begging, that gives first test case a chance to impact
latter one.
This commit modifies all the test cases, let them all do the cleanUp()
in the end.
The policy here is: "everyone needs to take their garbage away when they
leave" :)
Signed-off-by: Wei Zhang <zhangwei555@huawei.com>
Fixes: #1415
Container resources have been saved to ContainerConfig so there's no
need to save it again in state.json.
Signed-off-by: Wei Zhang <zhangwei555@huawei.com>
k8s host empty-dir is equivalent to docker volumes.
For this case, we should just use the host directory even
for system directories.
Move the isEphemeral function to virtcontainers to not
introduce cyclic dependency.
Fixes#1417
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
We handle system directories differently, if its a bind mount
we mount the guest system directory to the container mount and
skip the 9p share mount.
However, we should not do this for docker volumes which are directories
created by Docker.
This introduces a Docker specific check, but that is the only
information available to us at the OCI layer.
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
gometalinter is deprecated and will be archived April '19. The
suggestion is to switch to golangci-lint which is apparently 5x faster
than gometalinter.
Partially Fixes: #1377
Signed-off-by: Ganesh Maharaj Mahalingam <ganesh.mahalingam@intel.com>
osbuilder recently added the ability to create images with a DAX/NVDIMM
header [1], however this change broke the data collection script. Update
that script to handle images with and without this header.
The data collection script will now assume a header is present. However,
if it fails to find the required partition data, it will try again, this
time assuming the image does not have a DAX/NVDIMM header.
Fixes#1404.
[1] - https://github.com/kata-containers/osbuilder/pull/236
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Add a number of useful build and install targets to the `show-usage`
target which are visible when the user runs `make help`.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Add `install-runtime` and `install-netmon` targets. This allows the
`install` target to be simplified and also allows the runtime to be
built without having to build the `containerd-shim-v2` binary which is
slow to build:
```
$ make runtime && sudo -E PATH=$PATH make install-runtime
```
Fixes#1402.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
The `containerd-shim-v2` binary does not need the `kata-runtime` binary
to be built first, so remove the dependency.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
After code check and test, found VMCache can work with vsock.
Remove the code that prohibit them from working together.
Fixes: #1400
Signed-off-by: Hui Zhu <teawater@hyper.sh>
install-yq.sh use curl but not check if curl is available or not.
Add code to check curl before use it.
Fixes: #1379
Signed-off-by: Hui Zhu <teawater@hyper.sh>
systemd-random-seed service fails if the rootfs is a read-only fs.
systemd-random-seed restores the random seed of the system at early
boot and saves it at shutdown, since kata containers are one boot machines
this service is not needed.
Signed-off-by: Julio Montes <julio.montes@intel.com>
Use a clever HTML trick to allow the output of the data collection
script to be hidden / unhidden in the github.com interface.
See the example at the top of
https://github.com/kata-containers/runtime/issues/1347.
Fixes#1386.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Create a new function to collect all data display function calls in the
data collection script.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
- volumes: Handle k8s empty-dirs of "default" medium type
- versions: kernel: update to 4.19.28
- qemu: throw error when fail to get addr from bridges
- vc:qemu: Fix id calculation of memory hotplug
- s390x: 2 small test fixes
- arm64: support NVDIMM
- virtcontainers: move resource calculation to its own function
- versions: update nemu to latest release
- Add crio and containerd details to collect script
- pkg: reduce memory footprint
- Fix rootfs mount assumptions
- s390x: fix golint complain
- Network: remove Physical field in VethEndpoint
- test: add tests for sandbox creation rollback and cleanup
- VMCache: the new function that creates VMs as caches before using it
- unit test: Fix local test
- Add upstream version url regexp's to allow upto date checks
- virtcontainer: watch the qemu's console when proxy's debug enabled
- unit-test: fix undefined struct field SupportVSocks on arm64
- Makefile: Fix aarch64 fail in No GO command or GOPATH not set mode
- tracing: Fix tracing
- config: check the builtIn first when updating shim/proxy/agent
- qemu: fix devID value error
- Makefile: Change "GOPATH not set" to "No GO command"
8e2a5ea tests: Fix units tests to check empty-dir volumes backed by host-dir
47a6023 volumes: Handle k8s empty-dirs of "default" medium type
4e81522 vc:qemu: Fix id calculation of memory hotplug
502fdab test: add test for addDeviceToBridge
0061e16 virtcontainers: move resource calculation to its own function
7504d9e unit-test: add TestSandboxUpdateResources
f009a53 versions: update nemu to latest release
f2a506a scripts: Add containerd details to collect script
7266d31 scripts: Log crio config file in collect script
30f9776 scripts: Create separate section for crio in collect script
ae08ea3 scripts: Add helper function to collect script
ae4d8b4 versions: kernel: update to 4.19.28
c7ace4b qemu: throw error when fail to get addr from bridges
2456ac5 pkg: reduce memory footprint
df9a401 Network: remove Physical field in VethEndpoint
76d9db3 vendor: Add github.com/gogo/protobuf
45fe870 runtime: Add unit tests
0f8b2ad VMCache: Update factory to run as a VMCache server
90704c8 VMCache: the core and the client
d8bcddb qemu-arm64: add unit test for func appendImage on aarch64
986e4dc qemu-arm64: Support nvdimm on arm64
8ba27e1 s390x: remove pmu from test
6242af3 s390x: fix TestQemuS390xMemoryTopology
613edd5 s390x: fix golint complain
27a92f9 runtime: Fix rootfs mount assumptions
c964a26 virtcontainers: makefile fix .ci path
fcee080 unit-test: Fix local test
c4957dd virtcontainer: watch the qemu's console when proxy's debug enabled
1e30673 test: add tests for sandbox creation rollback and cleanup
bdb34e7 Makefile: Fix aarch64 fail in No GO command or GOPATH not set mode
c759cf5 tracing: Fix tracing
31232b4 config: check the builtIn first when updating shim/proxy/agent
03dd780 qemu: fix devID value error
a1ddf53 Makefile: Change "GOPATH not set" to "No GO command or GOPATH not set"
35672b5 unit-test: fix undefined struct field SupportVSocks on arm64
975157d versions.yaml: add uscan annotations
Signed-off-by: Peng Tao <bergwolf@gmail.com>
We were considering all empty-dir k8s volumes as backed by tmpfs.
However they can be backed by a host directory as well.
Pass those as 9p volumes, while tmpfs volumes are handled as before,
namely creating a tmpfs directory inside the guest.
The only way to detect "Memory" empty-dirs is to actually check if the
volume is mounted as a tmpfs mount, since any information of k8s
"medium" is lost at the OCI layer.
Fixes#1341
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Now, function NewFactory will return nil even create template
does't complete. As for this, it will tell user that factory
has been initialized no matter whether the template is created
or not. This patch correct it by adding another return value
of error in NewFactory.
Testing initFactoryCommand when enable template will need root
privilege to mount tmpfs. So skip it for no-root user.
Testing initFactoryCommand func will create template, but no
proxy type assigned to VMconfig which will using katabuiltinProxy
instead. this will lead to failure for this type of proxy will
check proxyparams which contains many null value. This commit
fix it by substitute katabuiltinProxy as noopProxy when for test
purpose.
Fixes: #1333
Signed-off-by: Jianyong Wu <jianyong.wu@arm.com>
Create cgroup path relative the cgroups mount point if it's absolute,
or create it relative to a runtime-determined location if the path
is relative.
fixes#1365fixes#1357
Signed-off-by: Julio Montes <julio.montes@intel.com>
