The ItemLock API allows for taking shared and exclusive locks on all
items.
For virtcontainers, this is specialized into taking locks on the Lock
item, and will be used for sandbox locking.
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
The Raw API creates a raw item, i.e. an item that must be handled
directly by the caller. A raw item is one that's not defined by the
store.Item enum, i.e. it is a custom, caller defined one.
The caller gets a URL back and is responsible for handling the item
directly from this URL.
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
This is basically a Store dispatcher, for storing items into their right
Store (either configuration or state).
There's very little logic here, except for finding out which store an
item belongs to in the virtcontainers context.
vc.go also provides virtcontainers specific utilities.
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
When a component creates a new store from a given root path, we add it
to the store manager and return it back when another component asks for
it.
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Each virtcontainers module/component should be able to get a handler on
a Store for loading component specific items. The Store manager is an
internal Store layer for tracking all created Stores.
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Store is a replacement for the current resource storage virtcontainers
implementation and the Manager is the front-end for it. The back-ends
will provide actual storage capabilities and the first one will be the
filesystem one, for storing virtcontainers Items on a local filesystem.
The main design goals for Store are the following ones:
- Simplicity: The API should be short and simple.
- Transparency: The core virtcontainers code should not care about
the storage backend details.
- Extensibility: It should be easily extensible to add non local and in
memory backends.
Manger provides a very short and simple API for the rest of the virtcontainers
code base to consume:
New: Creates a new Store, if needed.
Load: Loads an Item from a Store
Store: Stores an Item into a Store.
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
In order to fix#1059, we want to create a hypervisor package. Some of
the hypervisor implementations (qemu) depend on the network and endpoint
interfaces. We can not have a virtcontainers -> hypervisor -> network,
endpoint -> virtcontainers cyclic dependency.
So before creating the hypervisor package, we need to decouple the
network API from the virtcontainers one.
Fixes: #1180
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
There's only one real implementer of the network interface and no real
need to implement anything else. We can just go ahead and remove this
abstraction.
Fixes: #1179
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
docker might bind mount some files/dirs under container rootfs
without notifying runtime. We need to unmount them otherwise
docker will fail to clean up containers.
man umount(2):
MNT_DETACH (since Linux 2.4.11)
Perform a lazy unmount: make the mount point unavailable for new accesses, immediately
disconnect the filesystem and all filesystems mounted below it from each other and
from the mount table, and actually perform the unmount when the mount point ceases to be busy.
Signed-off-by: Peng Tao <bergwolf@gmail.com>
The agent code creates a directory at
`/run/kata-containers/shared/sandboxes/sbid/` to hold shared data
between host and guest. We need to clean it up when removing a sandbox.
Fixes: #1138
Signed-off-by: Peng Tao <bergwolf@gmail.com>
VM templates creates a symlink from `/run/vc/vm/sbid` to
`/run/vc/vm/vmid`. We need to clean up both of them.
Signed-off-by: Peng Tao <bergwolf@gmail.com>
Remove `nvdimm` from qemu command line
as the upstream qemu on ppc64le does not have
nvdimm capabilities yet.
Fixes: #1136
Signed-off-by: Nitesh Konkar niteshkonkar@in.ibm.com
Bridge is representing a PCI/E bridge, so we're moving the bridge*.go
to types/pci*.go.
Fixes: #1119
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
In order to move the hypervisor implementations into their own package,
we need to put the capabilities type into the types package.
Fixes: #1119
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
In order to move the hypervisor implementations into their own package,
we need to put the asset type into the types package and break the
hypervisor->asset->virtcontainers->hypervisor cyclic dependency.
Fixes: #1119
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
The error message does not provide the max memory that is exceeded.
Fix it for better error information.
Fixes: #1120
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
When overlay is used as storage driver, kata runtime creates a new bind mount
point to the merged directory, that way this directory can be shared with the
VM through 9p. By default the mount propagation is shared, that means mount
events are propagated, but umount events not, to deal with this problem and to
avoid left mount points in the host once container finishes, the mount
propagation of bind mounts should be set to private.
Depends-on: github.com/kata-containers/tests#971
fixes#794
Signed-off-by: Julio Montes <julio.montes@intel.com>
And add some additional log output for displaying the directories and
files created when kicking the virtcontainers tests.
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
We always call waitSandbox after we start the VM (startSandbox), so
let's simplify the hypervisor interface and integrate waiting for the VM
into startSandbox.
This makes startSandbox a blocking call, but that is practically the
case today.
Fixes: #1009
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
We always combine the hypervisor init and createSandbox, because what
we're trying to do is simply that: Set the hypervisor and have it create
a sandbox.
Instead of keeping a method with vague semantics, remove init and
integrate the actual hypervisor setup phase into the createSandbox one.
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
We can now remove all the sandbox shared types and convert the rest of
the code to using the new internal types package.
This commit includes virtcontainers, cli and containerd-shim changes in
one atomic change in order to not break bisect'ibility.
Fixes: #1095
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
The types package holds all shared virtcontainers types.
With the separation of the virtcontainers code into separate packages,
we need a types one to not create circular dependencies.
This package holds sandbox related types and structures for now. It will
grow as virtcontainers code is moved into their own internal packages.
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Since we're going to have both external and internal types packages, we
alias the external one as vcTypes. And the internal one will be usable
through the types namespace.
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
