The k8s test creates a log file in /dev under
/dev/termination-log, which is not the right place to create
logs, but we need to handle this. With this commit, we handle
regular files under /dev by passing them as 9p shares. All other
special files including device files and directories
are not passed as 9p shares as these are specific to the host.
Any operations on these in the guest would fail anyways.
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
This reverts commit 08909b2213.
We should not be passing any bind-mounts from /dev, /sys and /proc.
Mounting these from the host inside the container does not make
sense as these files are relevant to the host OS.
Fixes#219
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
When imported, the vc files carried in the 'full style' apache
license text, but the standard for kata is to use SPDX style.
Update the relevant files to SPDX.
Fixes: #227
Signed-off-by: Graham whaley <graham.whaley@intel.com>
Communicate to the agent the number of vCPUs that were hot added,
allowing to the agent wait for the creation of all vCPUs.
fixes#90
Signed-off-by: Julio Montes <julio.montes@intel.com>
As agreed in [the kata containers API
design](https://github.com/kata-containers/documentation/blob/master/design/kata-api-design.md),
we need to rename pod notion to sandbox. The patch is a bit big but the
actual change is done through the script:
```
sed -i -e 's/pod/sandbox/g' -e 's/Pod/Sandbox/g' -e 's/POD/SB/g'
```
The only expections are `pod_sandbox` and `pod_container` annotations,
since we already pushed them to cri shims, we have to use them unchanged.
Fixes: #199
Signed-off-by: Peng Tao <bergwolf@gmail.com>
Check if a volume passed to the container with -v is a block device
file, and if so pass the block device by hotplugging it to the VM
instead of passing this as a 9pfs volume. This would give us
better performance.
Add block device associated with a volume to the list of
container devices, so that it is detached with all other devices
when the container is stopped with detachDevices()
Fixes#137
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
All bind mounts are now passed to the guest with 9p.
We need to exclude /dev/shm, as this is passed as a bind mount
in the spec. We handle /dev/shm in the guest by allocating
memory for it on the guest side. Passing /dev/shm as a 9p mount
was causing it to be mounted twice.
Fixes#190
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Factorize configuration and hardware support for hotplugging block
devices into a single function and use that.
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
The rollback does not work as expected because the error has to be
checked from the defer itself.
Fixes#178
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
In case the container creation fails, we need a proper rollback
regarding the mounts and hotplugs previously performed.
This patch also rework the hotplugDrive() function in order to
prevent createContainer() function complexity to exceed 15.
Fixes#135
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
If a container is not running, but created/ready instead, this means
a container process exists and that we can actually exec another
process inside this container. The container does not have to be
in running state.
Fixes#120
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
Instead of ignoring containers based on their path, this commit
relies on the type of mount being "bind" to choose if this mount
should be ignored or not.
For instance, we have some use cases where k8s expects the path
"/dev/container-log" to be bind mounted inside the container, but
the code ignores it because it has the prefix "/dev" which is a
system prefix mount.
Fixes#122
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
After hot adding vCPUs in the POD, agent's funtion `onlineCPUMem`
must be called to request the agent to online the vCPUs
fixes#67
Signed-off-by: Julio Montes <julio.montes@intel.com>
