The error raised by toGrpc() mentions Firecracker instead of
mockHypervisor, which is incorrect; the fromGrpc() functions
right above it gets this right.
Fixes: #2424
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Do not ignore ipv6 addresses and routes. These are now processed
along with ipv4 addresses/routes. Add unit tests to verify ipv6.
Fixes#147
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
libcontainer already has an API to detect if the runtime is running rootless.
Use libcontainer API instead of reinventing the wheel.
fixes#2415
Signed-off-by: Julio Montes <julio.montes@intel.com>
This commit adds qemu virtio-mem support.
Then qemu can use virtio-mem support memory resize.
To enable this function, need the Linux and the qemu that support
virtio-mem.
Use command "echo 1 > /proc/sys/vm/overcommit_memory" to enable memory
overcommitment of the Linux kernel. Because qemu virtio-mem device need
to allocate a lot of memory.
Set "enable_virtio_mem" of kata configuration to true.
Fixes: #2406
Signed-off-by: Hui Zhu <teawater@antfin.com>
The sandbox cgroup will be constrained if there is no container
type annotation, otherwise kata will rely on container engine's cgroup
configuration
Depends-on: github.com/kata-containers/tests#2255
fixes#2408
Signed-off-by: Julio Montes <julio.montes@intel.com>
In Container#mountSharedDirMounts, if sandbox.storeSandboxDevices() returns error, we should detach the device.
Fixes#2301
Signed-off-by: Ted Yu yuzhihong@gmail.com
ioutil.TempFile creates a new temporary file in the directory dir.
It is the caller's responsibility to remove the file
when no longer needed.
Fixes: #2398
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
Normally, ioutil.TempDir will create a new temporary
dir under /tmp.
And we should do cleaning up after ioutil.TempDir().
Fixes: #2398
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
os.Exit will skip all deferred instructions.
So we should reconstruct TestMain to leave all setup-related
code in setup(), and all cleanup-related code in shutdown().
Fixes: #2398
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
`HookState` was removed from libcontainer, fortunately it was an alias for
`specs.State`, use `specs.State` instead.
Signed-off-by: Julio Montes <julio.montes@intel.com>
Reimplement `setupSandboxCgroup` to support cgroupsV2 and systemd cgroups
using libcontainer instead of containerd/cgroups.
As an initial effort to support these cgroups, `sandbox_cgroup_only` must
be set to `true` in configuration file.
fixes#2350
Signed-off-by: Julio Montes <julio.montes@intel.com>
move `validCgroupPath` to `cgroups.go` since it's cgroups specific.
Now `validCgroupPath` supports systemd cgroup path and returns a cgroup path
ready to use, calls to `renameCgroupPath` are no longer needed.
Signed-off-by: Julio Montes <julio.montes@intel.com>
systemd paramenter is no longer needed since `isSystemdCgroup` function
can be used to know if the cgroup path is a systemd cgroup path.
Signed-off-by: Julio Montes <julio.montes@intel.com>
Add function to create a new cgroup manager depending on the cgroups path and
if the runtime is running rootless.
Signed-off-by: Julio Montes <julio.montes@intel.com>
Add function to identify if the given cgroup path is a systemd
cgroup path.
We need to parse the cgroup path to know which cgroup manager we have to use,
since some container engines do not use `--systemd-cgroup` runtime option.
Signed-off-by: Julio Montes <julio.montes@intel.com>
`CgroupPaths` is a map that saves the cgroup type and path that were used for
the sandbox to create the cgroups
`Cgroups` contains information about sandbox's cgroups and its constraints.
Both variables can be used to create a cgroup configuration needed to
manipulate cgroups in the host.
currently kata uses `containerd/cgroups` and `libcontainer` to create cgroups.
`CgroupPaths` will replace to `CgroupPath` once kata uses *only* `libcontainer`
Signed-off-by: Julio Montes <julio.montes@intel.com>
Keep old store restore functions for keeping backward compatibility, if
old store files are found from disk, restore them with old store first.
Signed-off-by: Wei Zhang <weizhang555.zw@gmail.com>
Add two interfaces for fs storage driver for supporting global writing
and reading, which is used by ACRN.
Signed-off-by: Wei Zhang <weizhang555@gmail.com>
Fix VM template storage leak by adding delete operations, we need to
delete sandbox storage dirs when stop VM.
Signed-off-by: Wei Zhang <weizhang555.zw@gmail.com>
Fixes#803
Move "newstore" features out of experimental feature list, from this
commit "newstore" will be default enabled.
Signed-off-by: Wei Zhang <weizhang555@gmail.com>
Otherwise we fail to run it with non-root user with errors like:
`mkdir /var/lib/vc/uuid: permission denied`
Fixes: #2370
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
To control whether an image rootfs is used as nvdimm device or just
plain virtio-block device.
Fixes: #2372
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
Do not implement in each arch code. We should have a generic
implementation instead.
-. amd64 and arm64 uses nvdimm
-. ppc64le and s390x uses virtio-blk
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
In oderder to make unit testing simpler,
lets add an interface that could be mocked.
Let hypervisor have a instance of virtiofsd interface,
and this makes a loose dependency to allow mock testing.
With the inteface is possible to add startSandbox unit test:
- use utils.StartCmd to mock call to start hypervisor process.
- Add unit test for startSandbox.
Fixes: #2367
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
Check if path is not empty this makes, this help
unit test know why the function failed.
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
9p values are ignored by virtiofs, but this should be
not changed on validation to allow have unit test with
virtiofs config.
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
Add unit test for clh.
- Check endpoint has valid values for CH.
- Add unit tests
- Add force flag to ignore cleanup errors.
- Add unit tests.
- Fail if hypervisor ID is empty.
- Add createSandbox uni test
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
