Two parameters are used to set in toml file:
1. Set "enable_vhost_user_store = true" to indicate
that vhost-user storage device feature is enabled.
2. Set "vhost_user_store_path = <Vhost-User-Dir>".
vhost-user socket files will be under
"<Vhost-User-Dir>/block/sockets/"; and device node
for vhost-user device will be under
"<Vhost-User-Dir>/block/devices/"
The default value of "vhost_user_store_path" is
"/var/run/kata-containers/vhost-user/".
Fixes: #2380
Signed-off-by: Liu Xiaodong <xiaodong.liu@intel.com>
This adds the `agent.container_pipe_size` annotation which allows
configuration of the size of the pipes for stdout/stderr for containers
inside the guest.
fixes#2467
Signed-off-by: Alex Price <aprice@atlassian.com>
- add pcie-root-port device to qemu command line for q35
- hotplug a PCIe device into a PCIe Root Port
Fixes: #2432
Signed-off-by: Jimmy Xu <junming.xjm@antfin.com>
This commit adds qemu virtio-mem support.
Then qemu can use virtio-mem support memory resize.
To enable this function, need the Linux and the qemu that support
virtio-mem.
Use command "echo 1 > /proc/sys/vm/overcommit_memory" to enable memory
overcommitment of the Linux kernel. Because qemu virtio-mem device need
to allocate a lot of memory.
Set "enable_virtio_mem" of kata configuration to true.
Fixes: #2406
Signed-off-by: Hui Zhu <teawater@antfin.com>
The domain name should be used as prefix for the annotations, for
kata containers the domain name is katacontainers.io, not kata-containers.io
fixes#2123
Signed-off-by: Julio Montes <julio.montes@intel.com>
Add support for annotations that allow us to custimise a subset
of the configurations provided in kata conf toml file.
This initial commit adds support for customising vcpus, default max
vcpus, memory and the kernel command line passed as Hypervisor
config.
Replaces #1695Fixes#1655
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Change the naming schema for existing annotations from
"com.github.containers.virtcontainers" to "io.kata-containers"
The hypervisor related annotations are changed to reflect this.
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Fixes: #2023
We can get OCI spec config from bundle instead of annotations, so this
field isn't necessary.
Signed-off-by: Wei Zhang <weizhang555.zw@gmail.com>
The list of kernel modules can be passed to the runtime through the
configuration file or using OCI annotations. In both cases, a list paramentes
can be specified for each module.
fixes#1925
Signed-off-by: Julio Montes <julio.montes@intel.com>
Firecracker provides a jailer to constrain the VMM. Use this
jailer to launch the firecracker VMM instead of launching it
directly from the kata-runtime.
The jailer will ensure that the firecracker VMM will run
in its own network and mount namespace. All assets required
by the VMM have to be present within these namespaces.
The assets need to be copied or bind mounted into the chroot
location setup by jailer in order for firecracker to access
these resouces. This includes files, device nodes and all
other assets.
Jailer automatically sets up the jail to have access to
kvm and vhost-vsock.
If a jailer is not available (i.e. not setup in the toml)
for a given hypervisor the runtime will act as the jailer.
Also enhance the hypervisor interface and unit tests to
include the network namespace. This allows the hypervisor
to choose how and where to lauch the VMM process, vs
virtcontainers directly launching the VMM process.
Fixes: #1129
Signed-off-by: Manohar Castelino <manohar.r.castelino@intel.com>
When imported, the vc files carried in the 'full style' apache
license text, but the standard for kata is to use SPDX style.
Update the relevant files to SPDX.
Fixes: #227
Signed-off-by: Graham whaley <graham.whaley@intel.com>
As agreed in [the kata containers API
design](https://github.com/kata-containers/documentation/blob/master/design/kata-api-design.md),
we need to rename pod notion to sandbox. The patch is a bit big but the
actual change is done through the script:
```
sed -i -e 's/pod/sandbox/g' -e 's/Pod/Sandbox/g' -e 's/POD/SB/g'
```
The only expections are `pod_sandbox` and `pod_container` annotations,
since we already pushed them to cri shims, we have to use them unchanged.
Fixes: #199
Signed-off-by: Peng Tao <bergwolf@gmail.com>
If an initrd image is configured in HypervisorConfig or passed in by
annotations, append it to qemu command line arguments.
Fixes: #97
Signed-off-by: Peng Tao <bergwolf@gmail.com>
