Commit Graph

5061 Commits

Author SHA1 Message Date
Julio Montes
c79a01b3f9 static-build: upgrade the container before building qemu and nemu
Upgrade the container before building qemu and nemu in order to install
the latest fixes for the CVEs.

fixes #676

Signed-off-by: Julio Montes <julio.montes@intel.com>
2019-08-16 20:42:00 +00:00
Julio Montes
decb9de7df static-build: do not use cache to build docker images
Do not use cache to build the docker images that build static  qemu and nemu.
The latest version of the packages must be installed, since they may include
the fixes for theirs CVEs.

Signed-off-by: Julio Montes <julio.montes@intel.com>
2019-08-16 20:42:00 +00:00
Julio Montes
7892608589 static-build/qemu: use the latest ubuntu long term to build qemu
In theory the latest ubuntu long term may have less CVE than previous versions,
so let's use it to build the static QEMU.

Signed-off-by: Julio Montes <julio.montes@intel.com>
2019-08-16 20:42:00 +00:00
Julio Montes
33368859d9 qemu/nemu: remove blacklisted binaries
Remove blacklisted binaries, since they are not needed in kata and may have
CVEs.

fixes #311

Signed-off-by: Julio Montes <julio.montes@intel.com>
2019-08-16 20:42:00 +00:00
Julio Montes
54102ca98a snap/ci: run all tests
All test should pass in the snap CI

fixes #669

Signed-off-by: Julio Montes <julio.montes@intel.com>
2019-08-16 15:44:15 +00:00
Julio Montes
ed7d57349a
Merge pull request #668 from devimc/topic/snap/supportRoofsImg
snap: support rootfs image
2019-08-16 10:43:29 -05:00
Salvador Fuentes
3dadaf64c5
Merge pull request #532 from gabibeyer/updateDocs
Update fedora version support
2019-08-16 07:59:51 -05:00
Peng Tao
e7457e6248 qemu: add logfile when debug is on
So that we can check qemu log to see if something goes wrong.

Signed-off-by: Peng Tao <bergwolf@hyper.sh>
2019-08-16 12:58:25 +00:00
Peng Tao
aebc49692b qemu: fix memory prealloc option handling
Memory preallocation is just a property that hugepage, file backed
memory and memory-backend-ram can each choose to configure.

Signed-off-by: Peng Tao <bergwolf@hyper.sh>
2019-08-16 12:58:25 +00:00
Peng Tao
6c77d76f24 qemu: check guest status with qmp query-status
When guest panics or stops with unexpected internal
error, qemu process might still be running but we can
find out such situation with qmp. Then monitor can still
report such failures to watchers.

Fixes: #1963
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
2019-08-16 12:58:25 +00:00
Peng Tao
5b50b34df4 shimv2: cancel monitor before stopping sandbox
So that we don't trigger sandbox watcher on our own.

Signed-off-by: Peng Tao <bergwolf@hyper.sh>
2019-08-16 12:58:25 +00:00
Peng Tao
49184ee562 vendor: update govmm
164bd8c test/fmt: drop extra newlines
73555a4 qmp: add query-status API
234e0ed qemu: fix memory prealloc handling
30bfcaa qemu: add debug logfile

dep now checks for dependency recersively.
runtime-spec and gogo protobuf are also updated as being required by kata agent.

Solving failure: No versions of github.com/kata-containers/agent met constraints:
        94e2a254a94a77c02280f4f84d7f82269be163ce: Could not introduce github.com/kata-containers/agent@94e2a254a94a77c02280f4f84d7f82269be163ce, as it has a dependency on github.com/opencontainers/runtime-spec with constraint a1b50f621a48ad13f8f696a162f684a241307db0, which has no overlap with existing constraint 5806c35637336642129d03657419829569abc5aa from (root)

Solving failure: No versions of github.com/kata-containers/agent met constraints:
        94e2a254a94a77c02280f4f84d7f82269be163ce: Could not introduce github.com/kata-containers/agent@94e2a254a94a77c02280f4f84d7f82269be163ce, as it has a dependency on github.com/gogo/protobuf with constraint 4cbf7e384e768b4e01799441fdf2a706a5635ae7, which has no overlap with existing constraint 342cbe0a04158f6dcb03ca0079991a51a4248c02 from (root)

Signed-off-by: Peng Tao <bergwolf@hyper.sh>
2019-08-16 12:55:10 +00:00
Peng Tao
b3987e4786
Merge pull request #1933 from lifupan/noproxywatchconsole
add watchconsole for no_proxy type
2019-08-16 11:06:02 +08:00
gabi beyer
6870294a12 install: update fedora version support
Remove support/installation information for fedora 27, and
add fedora 30.

Fixes: #528

Signed-off-by: gabi beyer <gabrielle.n.beyer@intel.com>
2019-08-16 02:01:52 +00:00
Julio Montes
810abd67c4 snap: support rootfs image
Use the rootfs image by defult since performance is better,
smaller memory footprint and boot time.

fixes #667

Signed-off-by: Julio Montes <julio.montes@intel.com>
2019-08-15 15:22:59 +00:00
Julio Montes
de4582eda3
Merge pull request #1959 from bergwolf/stopvm
qemu: do not try to stop qemu multiple times
2019-08-15 08:50:17 -05:00
Julio Montes
0bf48dca65
Merge pull request #1969 from bergwolf/detach
do not hotplug network device when stopping sandbox
2019-08-15 08:46:06 -05:00
James O. D. Hunt
60d0850e07
Merge pull request #531 from grahamwhaley/20190813_docker_compose
Limitations: docker compose: note it has issues
2019-08-15 11:04:15 +01:00
Peng Tao
d90eba8593 network: always cold unplug network devices
We don't really need to unplug it from guest because we have
already stopped it. Just detach it and clean it up.

Fixes: #1968
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
2019-08-15 00:02:52 -07:00
Peng Tao
d26ff71201 Revert: "sandbox: remove network before stopping vm"
This reverts commit 794e08e243.

It breaks vfio device passthru as we need to bind the device
back to host when removing the endpoint. And that is not possible
when qemu is still running (thus holding reference to the device).

Signed-off-by: Peng Tao <bergwolf@hyper.sh>
2019-08-15 00:02:44 -07:00
Eric Ernst
a5c7e6b934
Merge pull request #1962 from bergwolf/grpc-timeout
agent: add default timeout for grpc requests
2019-08-14 21:04:20 -07:00
Marco Vedovati
94bf5e5c86 OBS: upgrade openSUSE Leap version
Upgrade openSUSE Leap version from 42.3 to the latest 15.1, since 42.3
version is now discontinued.

Fixes: #637

Signed-off-by: Marco Vedovati <mvedovati@suse.com>
2019-08-14 17:13:18 +02:00
Fupan Li
99e04ac8cd
Merge pull request #1961 from bergwolf/pause-ready
container: do not pause a StateReady container
2019-08-14 08:54:59 +08:00
Graham Whaley
f1b9c23040 Limitations: docker compose: note it has issues
Note that docker compose has similar issues to docker swarm
when under Kata.

Fixes: #530

Signed-off-by: Graham Whaley <graham.whaley@intel.com>
2019-08-13 17:51:11 +01:00
Eric Ernst
263f64829d
Merge pull request #1957 from bergwolf/network-removal
sandbox: remove network before stopping vm
2019-08-13 09:32:21 -07:00
Julio Montes
5e631391bf
Merge pull request #1942 from woshijpf/fix-hotplug-exceed-problem
virtcontainers: fix hotplug block/net devices execeed pciBridgeMaxCap…
2019-08-13 08:45:24 -05:00
Julio Montes
9de19ddbeb
Merge pull request #674 from nitkon/patch-7
kernel: Update README with right instructions
2019-08-13 08:14:18 -05:00
Peng Tao
debc7d93ad agent: add default timeout for grpc requests
If guest is malfunctioning, we need a way to bail out. Add
a default timeout for most of the grpc requests so that the
runtime does not wait indefinitely.

Fixes: #1952
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
2019-08-13 01:22:05 -07:00
Peng Tao
9d4050e0b1 container: do not pause a StateReady container
We can only pause a running container.

Fixes: #1960
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
2019-08-13 01:19:36 -07:00
Peng Tao
b58ab66f05 qemu: do not try to stop qemu multiple times
We've cleaned it up the first time. Future stop will
only fail.

Fixes: #1958
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
2019-08-13 01:13:06 -07:00
Peng Tao
794e08e243 sandbox: remove network before stopping vm
We might need to call hypervisor hotunplug to really remove
a network device. We cannot do it after stopping the VM.

Fixes: #1956
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
2019-08-13 01:04:07 -07:00
lifupan
31ddb4d452 virtcontainers: add watchconsole for no_proxy type
For no proxy type, we also need the feature
of watch hypervisor's console to help debug.

Fixes:#1932

Signed-off-by: lifupan <lifupan@gmail.com>
2019-08-13 09:09:23 +08:00
Archana Shinde
9ea469bcfa
Merge pull request #1954 from amshinde/propagate-vsock-error
vsock: Propogate error for vsock ioctl
2019-08-12 17:22:25 -07:00
Archana Shinde
3fc17e96fc vsock: Propogate error for vsock ioctl
Make error handling better by propogating error.

Fixes #1953

Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
2019-08-12 12:13:52 -07:00
Jose Carlos Venegas Munoz
4cf1fa687d
Merge pull request #1948 from egernst/kernel-4.19-65
versions: kernel: update to 4.19.65
2019-08-12 11:39:56 -05:00
Eric Ernst
cfedb06a19
Merge pull request #1936 from amshinde/ignore-routes-with-kernel-proto
network: Ignore routes with proto as "kernel"
2019-08-12 07:08:34 -07:00
Eric Ernst
d9a7780514
Merge pull request #1951 from amshinde/deprecate-bridged-mode
network: Deprecate bridged networking mode.
2019-08-12 07:06:45 -07:00
Nitesh Konkar
862b077598 image_builder: create /etc/resolv.conf
Since the image rootfs is readonly, we
create an empty /etc/resolv.conf which
the agent would later bind-remount as
read-write.

Fixes: #345

Signed-off-by: Nitesh Konkar <niteshkonkar@in.ibm.com>
2019-08-12 19:15:32 +05:30
Archana Shinde
565f14f685 acrn: Change the default network model for ACRN to macvtap
Drop the bits for bridged networking in ACRN and change the default
to macvtap. We should eventually change this to tcfilter with additional
testing.

Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
2019-08-09 13:01:54 -07:00
Archana Shinde
2c99b95c53 network: Deprecate bridged networking mode.
We plan to get rid of this feature in the future.

Fixes: #1950

Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
2019-08-09 13:01:47 -07:00
GabyCT
88f8216978
Merge pull request #342 from devimc/topic/rootfs/kmod
Add kmod package
2019-08-09 14:05:45 -05:00
nitkon
311bd47795
kernel: Update README with right instructions
Fix the instructions in the README guide
when setting up kernel source code. 

Fixes:  #673

Signed-off-by: Nitesh Konkar <niteshkonkar@in.ibm.com>
2019-08-09 22:22:38 +05:30
Julio Montes
987fe3067e
Merge pull request #344 from marcov/dracut-improvements
dracut: improve host distro support
2019-08-09 11:39:23 -05:00
jiangpengfei
e467293a3e virtcontainers: fix hotplug pci devices execeed max capacity bug
add rollback operations when hotplug block/net devices execeed pciBridgeMaxCapacity

Fixes: #1941

Signed-off-by: jiangpengfei <jiangpengfei9@huawei.com>
2019-08-09 12:31:46 -04:00
Julio Montes
7412b98774
Merge pull request #340 from bmwiedemann/date
Allow to override build date with SOURCE_DATE_EPOCH
2019-08-09 08:39:27 -05:00
Marco Vedovati
ce20d72593 dracut: improve host distro support
Detecting the host distro allows the rootfs setup to be correctly
carried out.

Fixes: #343

Signed-off-by: Marco Vedovati <mvedovati@suse.com>
2019-08-09 15:35:08 +02:00
GabyCT
f4c26c1ac3
Merge pull request #672 from devimc/topic/static-build/fix
static-build: fix nemu static-build
2019-08-08 17:08:07 -05:00
Julio Montes
495a92d2c3 rootfs-builder: add kmod package
Support for loading kernel modules got merged. kmod package is needed for
loading kernel modules in the guest.

fixes #341

Signed-off-by: Julio Montes <julio.montes@intel.com>
2019-08-08 20:28:59 +00:00
Eric Ernst
604e1ab24f versions: kernel: update to 4.19.65
52 is long in the tooth.  On to x.y.65!

Fixes: #1947

Signed-off-by: Eric Ernst <eric.ernst@intel.com>
2019-08-08 13:24:04 -07:00
Julio Montes
87af599dd0 rootfs-builder/clearlinux: reduce image size when AGENT_INIT=yes
Don't install chrony, iptables-bin and util-linux-bin when AGENT_INIT=yes,
these packages are only needed when the init process is systemd.

Signed-off-by: Julio Montes <julio.montes@intel.com>
2019-08-08 20:12:03 +00:00