`/test-kata-deploy` command does **not** work, and the output returned
is:
```
Error: Comment didn't contain a valid slash command
```
So, why does this happen?
This is the regex used: `^\/([\w]+)\b *(.*)?$`, being the important part
of the command "\/([\w]+)\b", with the rest being arguments to it.
Okay, `\w` is the key here, as `\w` means: a-z, A-Z, 0-9, including the
_.
Our command is `/test-kata-deploy`, and `-` is not present as part of
`\w`. Knowing this we need to update the command to something like:
`/test_kata_deploy`
Fixes: #1645
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 7873b7a1f9)
This partially reverts commit 1cce930071.
As mentioned in #1635, the malformed yaml wouldn't allow us to actually
test changes that were supposed to be test by this action.
So, this is now reverted and adapted accordingly.
Main differences from what we had before:
* As it tests kata-deploy itself, not the statically built binaries,
let's just use the binaries from 2.0.0 release;
* Adapt download and deploy location to the
`kata-containers/kata-containers` repo, as the original action was
based on 1.x repos;
Fixes: #1640
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit eda8da1ec5)
Currently the action is not running because it's broken, and it was
broken by 50fea9f.
Sadly, I cannot just test a fix on a PR as every single time we end up
triggering what's currently on main, rather than triggering the content
of the PR itself.
With this in mind, let me just remove the file and re-add it as part of
a new PR and, hopefully, have it tested in this way.
Sorry for the breakage, by the way.
Fixes: #1634
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 1cce930071)
Regenerate the client code with the added `go-fmt` step. No functional
changes.
Fixes: #1606
Signed-off-by: Bo Chen <chen.bo@intel.com>
(cherry picked from commit 0c38d9ecc4)
This patch extends the current process of generating client code for
cloud-hypervisor API with an additional step, `go-fmt`, which will remove
the generated `client/go.mod` file and format all auto-generated code.
Fixes: #1606
Signed-off-by: Bo Chen <chen.bo@intel.com>
(cherry picked from commit 52cacf8838)
Highlights for cloud-hypervisor version 0.14.0 include: 1) Structured
event monitoring; 2) MSHV improvements; 3) Improved aarch64 platform; 4)
Updated hotplug documentation; 6) PTY control for serial and
virtio-console; 7) Block device rate limiting; 8) Plan to deprecate the
support of "LinuxBoot" protocol and support PVH protocol only.
Highlights for cloud-hypervisor version 0.13.0 include: 1) Wider VFIO
device support; 2) Improve huge page support; 3) MACvTAP support; 4) VHD
disk image support; 5) Improved Virtio device threading; 6) Clean
shutdown support via synthetic power button.
Details can be found:
https://github.com/cloud-hypervisor/cloud-hypervisor/releases
Note: The client code of cloud-hypervisor's OpenAPI is automatically
generated by `openapi-generator` [1-2]. As the API changes do not
impact usages in Kata, no additional changes in kata's runtime are
needed to work with the latest version of cloud-hypervisor.
[1] https://github.com/OpenAPITools/openapi-generator
[2] https://github.com/kata-containers/kata-containers/blob/main/src/runtime/virtcontainers/pkg/cloud-hypervisor/README.mdFixes: #1591
Signed-off-by: Bo Chen <chen.bo@intel.com>
(cherry picked from commit 84b62dc3b1)
The docker script has been removed as part of
62cbaf4de4, but references to it were left
behind in the artifact-list.sh, release/kata-deploy-binaries.sh, and
kata-deploy/Dockerfile.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
There's no more NEMU, for some time already. Considering this, let's
just remove any mention to it as part of our project.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
There's no reason to ship qemu & qemu-virtiofs when the former already
includes vitiofs support (and that's the default for 2.x deployments).
In case we will enable experimental qemu DAX support, we should add a
new target, a "qemu-experimental" target, as Carlos has been working on.
Fixes: #1424
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
A wrong path was being used for container directory when
virtiofs is utilized. This resulted in a warning message in
logs when a container is killed, or completes:
level=warning msg="Could not remove container share dir"
Without proper removal, they'd later be cleaned up when the shared
path is removed as part of stopping the sandbox.
Fixes: #1559
Signed-off-by: Eric Ernst <eric.g.ernst@gmail.com>
Right now we rely heavily on mount propagation to share host
files/directories to the guest. However, because virtiofsd
pivots and moves itself to a separate mount namespace, the remount
mount is not present in virtiofsd's mount. And it causes guest to be
able to write to the host RO volume.
To fix it, create a private RO mount and then move it to the host mounts
dir so that it will be present readonly in the host-guest shared dir.
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
bindmount remount events are not propagated through mount subtrees,
so we have to remount the shared dir mountpoint directly.
E.g.,
```
mkdir -p source dest foo source/foo
mount -o bind --make-shared source dest
mount -o bind foo source/foo
echo bind mount rw
mount | grep foo
echo remount ro
mount -o remount,bind,ro source/foo
mount | grep foo
```
would result in:
```
bind mount rw
/dev/xvda1 on /home/ubuntu/source/foo type ext4 (rw,relatime,discard,data=ordered)
/dev/xvda1 on /home/ubuntu/dest/foo type ext4 (rw,relatime,discard,data=ordered)
remount ro
/dev/xvda1 on /home/ubuntu/source/foo type ext4 (ro,relatime,discard,data=ordered)
/dev/xvda1 on /home/ubuntu/dest/foo type ext4 (rw,relatime,discard,data=ordered)
```
The reason is that bind mount creats new mount structs and attaches them to different mount subtrees.
However, MS_REMOUNT only looks for existing mount structs to modify and does not try to propagate the
change to mount structs in other subtrees.
Fixes: #1061
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
On some setups, starting multiple kata pods (qemu) simultaneously on the same node
might cause kata VMs booting time to increase and the pods to fail with:
Failed to check if grpc server is working: rpc error: code = DeadlineExceeded desc = timed
out connecting to vsock 1358662990:1024: unknown
Increasing default dialing timeout to 30s should cover most cases.
Signed-off-by: Snir Sheriber <ssheribe@redhat.com>
Fixes: #1543
(backport https://github.com/kata-containers/kata-containers/pull/1544)
Let's tag the yet non existent 2.0.2 image, so whoever deploys kata
using kata-deploy from the release tarball is pointed to the correct
image.
Fixes: #1493
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Other RPC calls return Pid of hypervisor, the TaskExit should
return the same Pid.
Fixes: #1497
Signed-off-by: bin <bin@hyper.sh>
(backport https://github.com/kata-containers/kata-containers/pull/1498)
Signed-off-by: Francesco Giudici <fgiudici@redhat.com>
[ fix missing GetHypervisorPid method in MockSandbox ]
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
Since the kata's hypervisor process is in the network namespace,
which is close to container's process, and some host metrics
such as cadvisor can use this pid to access the network namespace
to get some network metrics. Thus this commit replace the shim's
pid with the hypervisor's pid.
Fixes: #1451
Signed-off-by: fupan.lfp <fupan.lfp@antfin.com>
(backport https://github.com/kata-containers/kata-containers/pull/1452)
Signed-off-by: Francesco Giudici <fgiudici@redhat.com>
Let's update CRI-O version to the commit which introduced the fix for
the "k8s-copy-file" tests.
Fixes: #1080
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
Each Kata Containers application should generate log records with a specified
structure. Currently on containerd-shim-v2's logs, the required 'name' field
is missing. This changed its logger to append the application name on each
and every emitted entries.
Fixes#1479
Related-to: github.com/kata-containers/tests/issues/3260
Suggested-by: James O. D. Hunt <james.o.hunt@intel.com>
Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
Qemu config alredy use vanilla kernel build for virtiofs.
Lets make cosisntent the usage of kernel.
Fixes: #1302
Depends-on: github.com/kata-containers/tests#3325
Signed-off-by: Carlos Venegas <jos.c.venegas.munoz@intel.com>
Look at the provided cgroup path to determine whether systemd is being
used to manage the cgroups. With this, systemd cgroups are being detected
and created appropriately for the sandbox.
Fixes: #599
Signed-off-by: Eric Ernsteernst <eric@amperecomputing.com>
(forward port of https://github.com/kata-containers/runtime/pull/2817)
Signed-off-by: Francesco Giudici <fgiudici@redhat.com>
Since we are now detecting, no longer to keep this state.
Signed-off-by: Eric Ernsteernst <eric@amperecomputing.com>
(forward port of https://github.com/kata-containers/runtime/pull/2817)
Signed-off-by: Francesco Giudici <fgiudici@redhat.com>
Got:
find . -type f -name "*.rs" | egrep -v "target/|grpc-rs/|protocols/" | xargs rustfmt --check
error[E0670]: `async fn` is not permitted in the 2015 edition
This commit fixes this issue.
Signed-off-by: Tim Zhang <tim@hyper.sh>
Highlights for cloud-hypervisor version v0.12.0 include: removal of
`vhost-user-net` and `vhost-user-block` self spawning, migration of
`vhost-user-fs` backend, ARM64 enhancements with full support of
`--watchdog` for rebooting, and enhanced `info` HTTP API to include the
details of devices used by the VM including VFIO devices.
Fixes: #1315
Signed-off-by: Bo Chen <chen.bo@intel.com>
Agent sends -1 PID when invoking OCI hooks.
OCI state struct is initialized before obtaining PID, so this PR moves
`oci_state` call down, right after we get the id.
Fixes: #1458
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
There's no runtime repo anymore, let's avoid making a reference to it,
which may end up confusing people reading the Release-Process file.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
BFQ weight controller is using the same BFQ weight scheme (i.e 1->1000).
Therefore, there is no need to do the conversion.
More details here: https://github.com/opencontainers/runc/pull/2786Fixes: #1440
Signed-off-by: Manabu Sugimoto <Manabu.Sugimoto@sony.com>
For Kata Containers 2.x, CRI-O should always be using the
`containerd-shim-kata-v2` binary, and always be configured to use the
"vm" runtime type, developed specifically for the shimv2, instead of the
default "oci" runtime type.
I've taken the liberty to try to simplify the CRI-O script and make it
less error prone. In the future, we can start dropping a configuration
file to /etc/crio/crio.conf.d and just removing it as part of the
cleanup, but that's for the future.
Fixes: #1357
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Factoring those pieces of code to their own functions allows us to
easily re-use them when creating & cleaning up the CRI-O configuration
files, as CRI-O is also affected by the issues that are still opened.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
