Modify some path variables to be functions that return the path
with the rootless directory prefix if running rootlessly.
Fixes: #1827
Signed-off-by: Gabi Beyer <gabrielle.n.beyer@intel.com>
Kata support several hypervisor and not all hypervisor support the
same type of sockets, for example QEMU support vsock and unix sockets, while
firecracker only support hybrid vsocks, hence sockets generations should be
hypervisor specific
fixes#2027
Signed-off-by: Julio Montes <julio.montes@intel.com>
Rename kataVSOCK to VSock and move it into the types package, this way it can
be accessible by other subpackages. This change is required because in next
commits the socket address and type (socket, vsock, hybrid vsock) will be
hypervisor specific.
Signed-off-by: Julio Montes <julio.montes@intel.com>
Fixes: #2023
We can get OCI spec config from bundle instead of annotations, so this
field isn't necessary.
Signed-off-by: Wei Zhang <weizhang555.zw@gmail.com>
For one thing, it is container specific resource so it should not
be cleaned up by the agent. For another thing, we can make container
stop to force cleanup these host mountpoints regardless of hypervisor
and agent liveness.
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
Convert virtcontainers tests to testify/assert to make the virtcontainers
tests more readable.
fixes#156
Signed-off-by: Julio Montes <julio.montes@intel.com>
With #1485, we moved the default medium empty-dir creation to the
sandbox rootfs. This worked for devicemapper, but in case of overlay
the "local" directory was being created outside the sandbox rootfs.
As a result we were seeing the behaviour seen in #1818.
Fixes#1818
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Add configuration options to support the various Kata agent tracing
modes and types. See the comments in the built configuration files for
details:
- `cli/config/configuration-fc.toml`
- `cli/config/configuration-qemu.toml`
Fixes#1369.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Updated the agent vendoring for `StartTracing` and `StopTracing`. This
only changed a single file - the auto-generated gRPC protocol
buffer file.
This change resolves four vendoring issues:
- The github.com/kubernetes-incubator/cri-o project was renamed to
github.com/cri-o/cri-o. Although github redirects, `dep` complains that
it cannot find the old `github.com/kubernetes-incubator/cri-o` files
under `vendor/` so remove the old config, relying on the existing (and
in other respects identical) `dep` config.
- There was a stale dependency on `github.com/clearcontainers/proxy`
which should have been removed when the Clear Containers code was
excised.
- The latest version of the agent code vendored into the runtime prior
to this commit was a merge commit (commit
`48dd1c031530fce9bf16b0f6a7305979cedd8fc9`). This somehow confused `dep`
which did *not* correctly pull in the latest version of the
auto-generated gRPC code
(`vendor/github.com/kata-containers/agent/protocols/grpc/agent.pb.go`).
This is clear because commit `48dd1c031530fce9bf16b0f6a7305979cedd8fc9`
is newer than the agent commit that introduced the `StartTracing` and
`StopTracing` APIs (`00cf907afcb7c8e56f077cf45ae3615f612fdc9d`).
Resolving the other two issues above seems to have resolved this issue
as the correct version of this file has now been included in the
vendoring, however note there is no change to the `dep` files as this
version of `agent.pb.go` should already have been included (!)
- Updating `agent.pb.go` also removed the `AddInterface` and
`RemoveInterface` API calls which should again also have been removed
already.
Updated tests to remove these redundant calls.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Previously, the agent behaviour was controlled entirely using the
`kernel_params=` config option. This mechanism suffers from a subtle
problem - the runtime is not aware of how the agent will behave.
From now on, all significant agent options will be controlled from the
agent section in the configuration file. This allows the runtime to be
more aware of -- and in control of -- such agent settings. It would also
allow the underlying kernel CLI options to be modified in the future if
required.
This PR adds the only useful agent option as an explicit option by
adding an `enable_debug=true` option to the Kata agent section in
`configuration.toml`. This allows controlling agent debug to be handled
in the same manner as the other debug options.
This change is somewhat foundational: it permits the agent to be handled
consistently with other config file sections which is useful, but
arguably not essential (the old way worked). However, the new way of
handling agent options will be essential when introducing agent tracing
control as the runtime must be aware of the agent trace mode to allow
the runtime to modify its behaviour accordingly.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
This reverts commit 196661bc0d.
Reverting because cri-o with devicemapper started
to fail after this commit was merged.
Fixes: #1574.
Signed-off-by: Salvador Fuentes <salvador.fuentes@intel.com>
We can use the same data structure to describe both of them.
So that we can handle them similarly.
Fixes: #1566
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
The hyperstart agent has not been supported in kata since 2.1,
so remove it as a component to kata. Mentioned in issue #1113.
Fixes: #1419
Signed-off-by: Gabi Beyer <gabrielle.n.beyer@intel.com>
This introduces a new storage type: local. Local storage type will
tell the kata-agent to create an empty directory in the sandbox
directory within the VM.
K8s host emptyDirs will then use the local storage type and mount it
inside each container. By doing this, we utilise the storage medium
that the sandbox uses. In most cases this will be 9p.
If the VM is using device mapper for container storage, the containers
will benefit from the better performance of device mapper for
host emptyDir.
Fixes#1472
Signed-off-by: Alex Price <aprice@atlassian.com>
Current approach cannot work for shimv2 as there is no kata-shim thus
sandbox.state.pid is always -1. Let's just simplify things by always
making a container share pidns if it has a pidns path.
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
we need to notify guest kernel about memory hot-added event via probe interface.
hot-added memory deivce should be sliced into the size of memory section.
Fixes: #1149
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
We convert the whole virtcontainers code to use the store package
instead of the resource_storage one. The resource_storage removal will
happen in a separate change for a more logical split.
This change is fairly big but mostly does not change the code logic.
What really changes is when we create a store for a container or a
sandbox. We now need to explictly do so instead of just assigning a
filesystem{} instance. Other than that, the logic is kept intact.
Fixes: #1099
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
We can now remove all the sandbox shared types and convert the rest of
the code to using the new internal types package.
This commit includes virtcontainers, cli and containerd-shim changes in
one atomic change in order to not break bisect'ibility.
Fixes: #1095
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Since we're going to have both external and internal types packages, we
alias the external one as vcTypes. And the internal one will be usable
through the types namespace.
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Pass Seccomp profile to the agent only if
the configuration.toml allows it to be passed
and the agent/image is seccomp capable.
Fixes: #688
Signed-off-by: Nitesh Konkar niteshkonkar@in.ibm.com
Start adding support for virtio-mmio devices starting with block.
The devices show within the vm as vda, vdb,... based on order of
insertion and such within the VM resemble virtio-blk devices.
They need to be explicitly differentiated to ensure that the
agent logic within the VM can discover and mount them appropropriately.
The agent uses PCI location to discover them for virtio-blk.
For virtio-mmio we need to use the predicted device name for now.
Note: Kata used a disk for the VM rootfs in the case of Firecracker.
(Instead of initrd or virtual-nvdimm). The Kata code today does not
handle this case properly.
For now as Firecracker is the only Hypervisor in Kata that
uses virtio-mmio directly offset the drive index to comprehend
this.
Longer term we should track if the rootfs is setup as a block
device explicitly.
Fixes: #1046
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
Signed-off-by: Manohar Castelino <manohar.r.castelino@intel.com>
Files are copied over gRPC and there is no limit in size of the files that
can be copied. Small files are copied using just one gRPC call while big files
are copied by parts.
Signed-off-by: Julio Montes <julio.montes@intel.com>
This commit replaces every place where the "types" package from the
Kata agent was used, with the new "types" package from virtcontainers.
In order to do so, it introduces a few translation functions between
the agent and virtcontainers types, since this is needed by the kata
agent implementation.
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
Some agent types definition that were generic enough to be reused
everywhere, have been split from the initial grpc package.
This prevents from importing the entire protobuf package through
the grpc one, and prevents binaries such as kata-netmon to stay
in sync with the types definitions.
Fixes#856
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
It shouldn't set kataAgent.state.URL in its configure() method
for builtin kata proxy, otherwise the following check of whether
is it nil in startProxy() will return directly and failed to
start builtin proxy which will log the qemu's console.
Fixes: #756
Signed-off-by: fupan <lifupan@gmail.com>
Add support for cgroup driver systemd.
systemd cgroup is not applied in the VM since in some cases like initrd images
there is no systemd running and nobody can update a systemd cgroup using
systemctl.
fixes#596
Signed-off-by: Julio Montes <julio.montes@intel.com>
Add support for using update command to hotplug memory to vm.
Connect kata-runtime update interface with hypervisor memory hotplug
feature.
Fixes#625
Signed-off-by: Clare Chen <clare.chenhui@huawei.com>
Fixes#671
agent Shortlog:
7e8e20b agent: add GetGuestDetails gRPC function
5936600 grpc: grpc.Code is deprecated
2d3b9ac release: Kata Containers 1.3.0-rc0
a6e27d6 client: fix dialer after vendor update
cd03e0c vendor: update grpc-go dependency
1d559a7 channel: add serial yamux channel close timeout
fcf6fa7 agent: update resources list with the right device major-minor number
Signed-off-by: Zichang Lin <linzichang@huawei.com>
Callers can use setProxy to ask agent to use an existing proxy.
agent is modified to rely on its state.URL to tell if an
its proxy is a valid one. And startProxy will skip a valid
proxy since it is already started.
Signed-off-by: Peng Tao <bergwolf@gmail.com>
Fixes#635
Remove `Hotplugged bool` field from device and add two new fields
instead:
* `RefCount`: how many references to this device. One device can be
referenced(`NewDevice()`) many times by same/different container(s),
two devices are regarded identical if they have same hostPath
* `AttachCount`: how many times this device has been attached. A device
can only be hotplugged once to the qemu, every new Attach command will
add the AttachCount, and real `Detach` will be done only when
`AttachCount == 0`
Signed-off-by: Wei Zhang <zhangwei555@huawei.com>
The specific agent implementation kata_agent was defining a very
useful generic function that is now moved to the global file
network.go.
Fixes#629
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
parseVSOCKAddr function is no more needed since now agent config
contains a field to identify if vsocks should be used or not.
Signed-off-by: Julio Montes <julio.montes@intel.com>
add extra field in KataAgentConfig structure to specify if the
kata agent have to use a vsock instead of serial port.
Signed-off-by: Julio Montes <julio.montes@intel.com>
