If the sandbox has been initialized with a factory, this means the
caller should be in charge of adding any network to the VM, and
virtcontainers library cannot make any assumptions about adding
the default underlying network.
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
The CLI being the implementation of the OCI specification, and the
hooks being OCI specific, it makes sense to move the handling of any
OCI hooks to the CLI level. This changes allows the Kata API to
become OCI agnostic.
Fixes#599
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
As we want to call the OCI hook from the CLI, we need a way for the
CLI to figure out what is the network namespace used by the sandbox.
This is needed particularly because virtcontainers creates the netns
if none was provided.
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
This commit moves the network namespace creation out of virtcontainers
in order to anticipate the move of the OCI hooks to the CLI through a
follow up commit.
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
Since we removed the CNI implementation and that we agreed the network
should only be handled in a single way from virtcontainers, this patch
logically replace the "CNM" naming with "Default".
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
Update the agent vendoring for the new `NewAgentClient()` API - the
agent client code will enable gRPC tracing when passed a context
containing an opentracing span.
Agent client code changes:
6d26d61 client: Add context parameter and enable tracing support
Fixes#640.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
The storage implementation of filesystem was in the same file where
the resource storage interface was declared. It's more proper to
separate implementations and interface into different files.
Fixes#633
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
This noop implementation of resourceStorage will allow for easier
unit testing of some sandbox functions.
Fixes#632
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
The specific agent implementation kata_agent was defining a very
useful generic function that is now moved to the global file
network.go.
Fixes#629
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
The QMP shutdown is taken care of by the sandbox release, through a
call to hypervisor.disconnect(). By shutting down the QMP at the qemu
level directly, we are creating some unrecoverable errors by trying to
close an already closed channel.
This patch simply removes the faulty code, following the same design
other hotplug functions are designed.
Fixes#627
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
QEMU supports GICv2, GICv3 and host parameters for guest
gic-version. The "host" parameter will let QEMU detect
GIC version by itself. This parameter will work properly
when host GIC version is GICv2 or GICv3. But the detection
will failed when host GIC is GICv4 or higher:
"Unable to determine GIC version supported by host"
In this case, we have to detect the host GIC version manually
and force QEMU to use GICv3 when host GIC is GICv4 or higher.
Fixes: #614
Signed-off-by: Wei Chen <wei.chen@arm.com>
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
Add additional `context.Context` parameters and `struct` fields to allow
trace spans to be created by the `virtcontainers` internal functions,
objects and sub-packages.
Note that not every function is traced; we can add more traces as
desired.
Fixes#566.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
We need this configuration due to a limitation in seabios
firmware in handling hotplug for PCI devices with large BARS.
Long term, this needs to be fixed in the firmware.
Fixes#594
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
When creating a device structure to be added to the hypervisor, make
sure that the device includes the vhost-user type. In particular,
for network devices, specificy VhostUserNet.
Fixes: #601
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
With qemu 2.10, a write lock was added for qcow images that
prevents the same image to be passed more than once.
This can be over-ridden using the --share-rw option which is
desired for raw images.
This solves an issue with running Kata with devicemapper
using the privileged mode as in this case all devices on the host
are passed to the container including the block device associated
with the rootfs, causing it to be passed twice to qemu.
Fixes#606
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Includes --share-rw option for hotplugging disks.
govmm Shortlog:
2706a07 qemu: Use the supplied context.Context for launching
e46092e qemu: Do not try and generate invalid RTC parameters
fcaf61d qemu/qmp: add vfio mediated device support
4461c45 disk: Add --share-rw option for hotplugging disks
6851999 qemu/qmp: add addr and bus to hotplug vsock devices
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Remove unsed variable, the variable is set just in one place, and
never is used again.
Fixes: #603
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
To support tap network hotplug. Implement netdev_add, netdev_del and corresponding device_add QMP commands.
Full list in govmm:
10efa84 qemu/qmp: add function for hotplug network by fds
80ed88e qemu/qmp: implement function to hotplug serial ports
ca46f21 qemu/qmp: implement function to hotplug character devices
03f1a1c qemu/qmp: implement getfd
84b212f qemu: add vhostfd and disable-modern to vsock hotplug
12dfa87 qemu/qmp: implement function for hotplug network
4ca232e qmp_test: Fix Warning and Error level logs
430e72c qemu,qmp: Enable gas security checker
ffc06e6 qemu,qmp: Add staticcheck to travis and fix errors
Add agent ListInterfaces and ListRoutes APIs.
Full list in agent:
7c287c6 agent: add ListInterfaces and ListRoutes rpc
Signed-off-by: Ruidong Cao <caoruidong@huawei.com>
Fixes#50 .
Add new interface sandbox.AddDevice, then for Frakti use case, a device
can be attached to sandbox before container is created.
Signed-off-by: Wei Zhang <zhangwei555@huawei.com>
We dont really call CNI from Kata, this is done by the CRI layer.
All of the CNI code is unused.
Fixes#567
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
