The agent code creates a directory at
`/run/kata-containers/shared/sandboxes/sbid/` to hold shared data
between host and guest. We need to clean it up when removing a sandbox.
Fixes: #1138
Signed-off-by: Peng Tao <bergwolf@gmail.com>
In order to move the hypervisor implementations into their own package,
we need to put the capabilities type into the types package.
Fixes: #1119
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
We can now remove all the sandbox shared types and convert the rest of
the code to using the new internal types package.
This commit includes virtcontainers, cli and containerd-shim changes in
one atomic change in order to not break bisect'ibility.
Fixes: #1095
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Since we're going to have both external and internal types packages, we
alias the external one as vcTypes. And the internal one will be usable
through the types namespace.
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Pass Seccomp profile to the agent only if
the configuration.toml allows it to be passed
and the agent/image is seccomp capable.
Fixes: #688
Signed-off-by: Nitesh Konkar niteshkonkar@in.ibm.com
Set block_device_driver to "nvdimm" will make the hypervisor use
the block device as NVDIMM disk.
Fixes: #1032
Signed-off-by: Hui Zhu <teawater@hyper.sh>
In case we use an hypervisor that cannot support filesystem sharing,
we copy files over to the VM rootfs through the gRPC protocol. This
is a nice workaround, but it only works with regular files, which
means no device file, no socket file, no directory, etc... can be
sent this way.
This is a limitation that we accept here, by simply ignoring those
non-regular files.
Fixes#1068
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
Start adding support for virtio-mmio devices starting with block.
The devices show within the vm as vda, vdb,... based on order of
insertion and such within the VM resemble virtio-blk devices.
They need to be explicitly differentiated to ensure that the
agent logic within the VM can discover and mount them appropropriately.
The agent uses PCI location to discover them for virtio-blk.
For virtio-mmio we need to use the predicted device name for now.
Note: Kata used a disk for the VM rootfs in the case of Firecracker.
(Instead of initrd or virtual-nvdimm). The Kata code today does not
handle this case properly.
For now as Firecracker is the only Hypervisor in Kata that
uses virtio-mmio directly offset the drive index to comprehend
this.
Longer term we should track if the rootfs is setup as a block
device explicitly.
Fixes: #1046
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
Signed-off-by: Manohar Castelino <manohar.r.castelino@intel.com>
If the hypervisor does not support filesystem sharing (for example, 9p),
files will be copied over gRPC using the copyFile request function.
Signed-off-by: Julio Montes <julio.montes@intel.com>
Files are copied over gRPC and there is no limit in size of the files that
can be copied. Small files are copied using just one gRPC call while big files
are copied by parts.
Signed-off-by: Julio Montes <julio.montes@intel.com>
When agent is configured as longLive, the VM's agent created
by factory will not close it's client once it connected, thus
the sandbox's agent cannot re-connect successfully.
Sharing the agent's client between VM's agent and sandbox
can fix this issue.
Fixes: #995
Signed-off-by: fupan <lifupan@gmail.com>
This commit replaces every place where the "types" package from the
Kata agent was used, with the new "types" package from virtcontainers.
In order to do so, it introduces a few translation functions between
the agent and virtcontainers types, since this is needed by the kata
agent implementation.
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
Some agent types definition that were generic enough to be reused
everywhere, have been split from the initial grpc package.
This prevents from importing the entire protobuf package through
the grpc one, and prevents binaries such as kata-netmon to stay
in sync with the types definitions.
Fixes#856
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
This reverts commit 8a6d383715.
Don't remove all directories in the shared directory because
`docker cp` re-mounts all the mount points specified in the
config.json causing serious problems in the host.
fixes#777
Signed-off-by: Julio Montes <julio.montes@intel.com>
Kata agent expects the pci address to be passed and not the
predicted device name.
Fixes#773
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
It does not give better pjdfstest results but allows us to pass
ubuntu `apt update`, fedora `dnf install`, and also launch `mariadb:latest`.
Fixes: #769
Signed-off-by: Peng Tao <bergwolf@gmail.com>
It shouldn't set kataAgent.state.URL in its configure() method
for builtin kata proxy, otherwise the following check of whether
is it nil in startProxy() will return directly and failed to
start builtin proxy which will log the qemu's console.
Fixes: #756
Signed-off-by: fupan <lifupan@gmail.com>
Add support for cgroup driver systemd.
systemd cgroup is not applied in the VM since in some cases like initrd images
there is no systemd running and nobody can update a systemd cgroup using
systemctl.
fixes#596
Signed-off-by: Julio Montes <julio.montes@intel.com>
Get and store guest details after sandbox is completely created.
And get memory block size from sandbox state file when check
hotplug memory valid.
Signed-off-by: Clare Chen <clare.chenhui@huawei.com>
Signed-off-by: Zichang Lin <linzichang@huawei.com>
Add support for using update command to hotplug memory to vm.
Connect kata-runtime update interface with hypervisor memory hotplug
feature.
Fixes#625
Signed-off-by: Clare Chen <clare.chenhui@huawei.com>
Fixes#671
agent Shortlog:
7e8e20b agent: add GetGuestDetails gRPC function
5936600 grpc: grpc.Code is deprecated
2d3b9ac release: Kata Containers 1.3.0-rc0
a6e27d6 client: fix dialer after vendor update
cd03e0c vendor: update grpc-go dependency
1d559a7 channel: add serial yamux channel close timeout
fcf6fa7 agent: update resources list with the right device major-minor number
Signed-off-by: Zichang Lin <linzichang@huawei.com>
Callers can use setProxy to ask agent to use an existing proxy.
agent is modified to rely on its state.URL to tell if an
its proxy is a valid one. And startProxy will skip a valid
proxy since it is already started.
Signed-off-by: Peng Tao <bergwolf@gmail.com>
A proxy is mostly associated with an agent. Decouple it from sandbox
so that we can start it before linking vm with an actual sandbox.
Signed-off-by: Peng Tao <bergwolf@gmail.com>
Fixes#635
When container rootfs is block based in devicemapper use case, we can re-use
sandbox device manager to manage rootfs block plug/unplug, we don't detailed
description of block in container state file, instead we only need a Block index
referencing sandbox device.
Remove `HotpluggedDrive` and `RootfsPCIAddr` from state file because it's not
necessary any more.
Signed-off-by: Wei Zhang <zhangwei555@huawei.com>
Fixes#635
Remove `Hotplugged bool` field from device and add two new fields
instead:
* `RefCount`: how many references to this device. One device can be
referenced(`NewDevice()`) many times by same/different container(s),
two devices are regarded identical if they have same hostPath
* `AttachCount`: how many times this device has been attached. A device
can only be hotplugged once to the qemu, every new Attach command will
add the AttachCount, and real `Detach` will be done only when
`AttachCount == 0`
Signed-off-by: Wei Zhang <zhangwei555@huawei.com>
Update the agent vendoring for the new `NewAgentClient()` API - the
agent client code will enable gRPC tracing when passed a context
containing an opentracing span.
Agent client code changes:
6d26d61 client: Add context parameter and enable tracing support
Fixes#640.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
The specific agent implementation kata_agent was defining a very
useful generic function that is now moved to the global file
network.go.
Fixes#629
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
Add additional `context.Context` parameters and `struct` fields to allow
trace spans to be created by the `virtcontainers` internal functions,
objects and sub-packages.
Note that not every function is traced; we can add more traces as
desired.
Fixes#566.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
And do not append sandbox id to kernel arguments since that
would fail qemu args comparison in vm factory.
Fixes: #523
Signed-off-by: Peng Tao <bergwolf@gmail.com>
When the hypervisor option `use_vsock` is true the runtime will check for vsock
support. If vsock is supported, not proxy will be used and the shims
will connect to the VM using VSOCKS. This flag is true by default, so will use
VSOCK when possible and no proxy will be started.
fixes#383
Signed-off-by: Jose Carlos Venegas Munoz jose.carlos.venegas.munoz@intel.com
Signed-off-by: Julio Montes <julio.montes@intel.com>
parseVSOCKAddr function is no more needed since now agent config
contains a field to identify if vsocks should be used or not.
Signed-off-by: Julio Montes <julio.montes@intel.com>
add extra field in KataAgentConfig structure to specify if the
kata agent have to use a vsock instead of serial port.
Signed-off-by: Julio Montes <julio.montes@intel.com>
