When SandboxCgroupsOnly is set, we are expected to just inherit our parent's
cgroup settings and to move all Kata threads within that sandbox cgroup. The
initial implementation still adjusted the size of this cgroup. This commit
fixes this.
This commit makes a couple of functional changes, small refactors, and
adds clarifying comments for some functions.
Fixes: #2090
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
Introduce kata-overhead command to kata-runtime CLI, to help
with calculating sandbox overhead.
Fixes: #2096
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
StatsSandbox is used to gather metrics for the sandbox (host cgroup) as
well as from the individual containers (from the guest cgroups). This is
intended to be used for easily calculating Kata sandbox overheads.
Fixes: #2096
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
container.config does not point to sandbox.config.Containers.ContainerConfig
which caused the ContainerConfig not sync.
Fixes: #2129
Signed-off-by: Wang Liang <wangliangzz@inspur.com>
These include features like privileged containers without host devices
and support for per runtime annotations.
Depends-on: github.com/kata-containers/tests#2029
Fixes#2099
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
ACRN doesn't support configuring number of guest vcpu option ('-c') anymore.
Number of guest vcpus will be defined in the hypervisor scenario
configuration file instead.
Removed the -c option from the acrn-dm parameters when launching VMs and
also trimmed configuration.toml file accordingly.
fixes#2136
Signed-off-by: Vijay Dhanraj <vijay.dhanraj@intel.com>
Use correct key for the kata-qemu-virtiofs runtime class definition
in the crio configuration file.
Fixes: #771.
Signed-off-by: Salvador Fuentes <salvador.fuentes@intel.com>
For better reading, re-orginize the `release/README.md`
and fix a typo in `runtime-release-notes.sh`.
Fixes: #769.
Signed-off-by: Salvador Fuentes <salvador.fuentes@intel.com>
Create a container based action which will test a Kata artifact tarball
in the kata-deploy daemonset on AKS. This AZ credentials are available
from the callers environment.
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
artifact-list.sh is created so a builder can quickly determine which
artifacts may be built within this repository.
I user may get this list, which indicates exactly which functions are
available within ./release/kata-deploy-binaries.sh for building.
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
When building the kata-deploy images before, we would look to pull the
latest artifacts from the release URL.
It would be better to allow the user to pull from this URL, or to create
the artifacts locally, and pass the location of this tar.xz to the build
process.
Instead of providing KATA_VER, builders should provide KATA_ARTIFACTS,
which is the filename that is assumed to be located within the docker
build path.
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
We want to isupport calling individual functions from the script,
independendent of the actual script being called.
Define a default value for $destdir.
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
We ran into issues in the past since we didn't create stable branches
for the packaging repository. We will maintain this appropriately going
forward, so let's go ahead and remove the notion of local versus remote.
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
When do the reloading sandbox in shimv2, it's needed to
rewatch the hypervisor's console when debug enabled.
Fixes:#2091
Signed-off-by: lifupan <lifupan@gmail.com>
Now that all files have a VERSION we
can check if there is a bump for the file.
We can now tag all repos with the same kata version.
As all of them are branched and have a VERSION file.
Fixes: #748
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
Version checker does to work today
- Allow to detect stabe branches
Fixes#1581
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
Version checker does to work today
- Allow to detect stabe branches
Fixes#1581
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
We need an entry of `kata-qemu-virtiofs` on the
containerd configuration file.
In addition we need to add `kata-qemu-virtiofs` to the
shim list, so that the wrapper is created for shimv2.
Fixes: #760.
Signed-off-by: Salvador Fuentes <salvador.fuentes@intel.com>
container.config does not point to sandbox.config.Containers.ContainerConfig
which caused the ContainerConfig not sync.
Fixes: #2129
Signed-off-by: Wang Liang <wangliangzz@inspur.com>
Add requirement for the user to be added to the docker group.
Observed firecracker failing due to this.
Add fixes for typos and missing spaces.
Fixes#754
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
The uuid file shouldn't be created at `/var` if running rootless.
Modify `VMUUIDStoragePath` to get a path accessible for non-root users
if running rootless.
fixes#2133
Signed-off-by: Julio Montes <julio.montes@intel.com>
Mount points, like `resolv.conf` and `hostname` are left in the
host when the cgroup creation fails.
Use `unmountHostMounts()` and `bindUnmountContainerRootfs()` in the rollback
function that is called when container's creation fails.
fixes#2108
Signed-off-by: Julio Montes <julio.montes@intel.com>
