The PR changes the parameter args from uint32 to uint64 for ioctl function.
That leads to an endianess bug.
Fixes: #947
Signed-off-by: Alice Frosi <afrosi@de.ibm.com>
When our runtime is asked for the container status, we also handle
the scenario where the container is stopped if the shim process for
that container on the host has terminated.
In the current implementation, we retrieve the container status
before stopping the container, causing a wrong status to be returned.
The wait for the original go-routine's completion was done in a defer
within the caller of statusContainers(), resulting in the
statusContainer()'s values to return the pre-stopped value.
This bug is first observed when updating to docker v18.09/containerd
v1.2.0. With the current implementation, containerd-shim receives the
TaskExit when it detects kata-shim is terminating. When checking the
container state, however, it does not get the expected "stopped" value.
The following commit resolves the described issue by simplifying the
locking used around the status container calls. Originally
StatusContainer would request a read lock. If we needed to update the
container status in statusContainer, we'd start a go-routine which
would request a read-write lock, waiting for the original read lock to
be released. Can't imagine a bug could linger in this logic. We now
just request a read-write lock in the caller (StatusContainer),
skipping the need for a separate go-routine and defer. This greatly
simplifies the logic, and removes the original bug.
Fixes#926
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
Since struct VFIODevice needed to be stored into disk by storeSandboxDevices() function,
however struct VFIODevice has a field named "vfioDevs", which is named begin with lower-case,
so it can't be written into file by json.Marshal.And this bug will will cause hotplug vfio
device can not been removed correctly while container exits.
Fixes: #924
Signed-off-by: flyflypeng <jiangpengfei9@huawei.com>
This PR defines a new function supportGuestMemoryHotplug that
clearly defines if the architecture supports memory hotplug. The function
can be reimplemented in virtcontainers/qemu_$arch.go file for each
architecture.
Fixes: #910
Signed-off-by: Alice Frosi <afrosi@de.ibm.com>
In order to support use cases such as containerd-shim-v2 where
we would have a long running process holding the sandbox pointer,
there would be no reason to call into the stateless functions
PauseContainer() and ResumeContainer(), which would recreate a
new sandbox pointer and the corresponding ones for containers.
Fixes#903
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
In order to support use cases such as containerd-shim-v2 where
we would have a long running process holding the sandbox pointer,
there would be no reason to call into the stateless function
ProcessListContainer(), which would recreate a new sandbox pointer
and the corresponding ones for containers.
Fixes#903
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
In order to support use cases such as containerd-shim-v2 where we
would have a long running process holding the sandbox pointer, there
would be no reason to call into the stateless function KillContainer(),
which would recreate a new sandbox pointer and the corresponding ones
for containers.
Fixes#903
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
In order to support use cases such as containerd-shim-v2 where we
would have a long running process holding the sandbox pointer, there
would be no reason to call into the stateless function StopContainer(),
which would recreate a new sandbox pointer and the corresponding ones
for containers.
Fixes#903
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
In order to support use cases such as containerd-shim-v2 where we
would have a long running process holding the sandbox pointer, there
would be no reason to call into the stateless function StopSandbox(),
which would recreate a new sandbox pointer and the corresponding ones
for containers.
Fixes#903
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
In order to support use cases such as containerd-shim-v2 where we
would have a long running process holding the sandbox pointer, there
would be no reason to call into the stateless function StartSandbox(),
which would recreate a new sandbox pointer and the corresponding ones
for containers.
Fixes#903
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
Bind back the nic's MAC in HotDetach. So we don't need to modify
nic's MAC in description to hotplug it again.
Fixes: #894
Signed-off-by: Ruidong Cao <caoruidong@huawei.com>
Got "docker: Error response from daemon: OCI runtime create failed:
QMP command failed: unknown." when "docker run --privileged" with kata.
In qemu part, it got:
"Could not open '/dev/sr0': Read-only file system"
or
"No medium found"
The cause is qemu need open block device to get its status.
But /dev/sr0 is a CDROM that cannot be opened.
This patch let newContainer doesn't attach device if it is a CDROM
to handle the issue.
Fixes#829
Signed-off-by: Hui Zhu <teawater@hyper.sh>
Now that Interface structure includes the useful information about
the type of interface, Kata does not need to do any assumption about
the type of interface that needs to be added.
Fixes#866
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
This commit replaces every place where the "types" package from the
Kata agent was used, with the new "types" package from virtcontainers.
In order to do so, it introduces a few translation functions between
the agent and virtcontainers types, since this is needed by the kata
agent implementation.
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
Instead of relying on the kata agent to define generic structures,
the logic is to define those as virtcontainers "types" package.
This way, all consumers of those structures, such as kata-runtime,
kata-netmon, and kata-containerd-shim, don't have to import some
dependency from the kata-agent.
Fixes#876
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
After we scan the netns, we should hotplug the network interface to
the guest after it is kicked off running.
Fixes: #871
Signed-off-by: Peng Tao <bergwolf@gmail.com>
Fixes#344
Add host cgroup support for kata.
This commits only adds cpu.cfs_period and cpu.cfs_quota support.
It will create 3-level hierarchy, take "cpu" cgroup as an example:
```
/sys/fs/cgroup
|---cpu
|---kata
|---<sandbox-id>
|--vcpu
|---<sandbox-id>
```
* `vc` cgroup is common parent for all kata-container sandbox, it won't be removed
after sandbox removed. This cgroup has no limitation.
* `<sandbox-id>` cgroup is the layer for each sandbox, it contains all other qemu
threads except for vcpu threads. In future, we can consider putting all shim
processes and proxy process here. This cgroup has no limitation yet.
* `vcpu` cgroup contains vcpu threads from qemu. Currently cpu quota and period
constraint applies to this cgroup.
Signed-off-by: Wei Zhang <zhangwei555@huawei.com>
Signed-off-by: Jingxiao Lu <lujingxiao@huawei.com>
Some agent types definition that were generic enough to be reused
everywhere, have been split from the initial grpc package.
This prevents from importing the entire protobuf package through
the grpc one, and prevents binaries such as kata-netmon to stay
in sync with the types definitions.
Fixes#856
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
Introduce constants for the network model strings, so as to
avoid using the strings directly at multiple places.
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Introduce a new mode that uses tc filters to redirect traffic from
the network interface created by the network plugin to a
tap interface that we connect to the VM.
This mode will help support ipvlan as well.
Fixes#144
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Move to golang version 1.10.4 -- the oldest stable golang release at the
time of writing -- since golang 1.10+ is needed to make namespace
handling safe.
Re-ordered a couple of structs (moved `sync.WaitGroup` fields) to keep
the `maligned` linter happy. Previously:
``
virtcontainers/pkg/mock/cc_proxy_mock.go:24:18⚠️ struct of size 160 could be 152 (maligned)
virtcontainers/monitor.go:15:14⚠️ struct of size 80 could be 72 (maligned)
```
See:
- https://github.com/golang/go/issues/20676
- 2595fe7fb6
Also bumped `languages.golang.meta.newest-version` to golang version
1.11, which is the newest stable release at the time of writing.
Fixes#148.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Instead of using ethtool for getting the driver for network
devices, use sysfs instead. This is because in case of virtio
devices, ethtool returns virtio-net instead of virtio-pci for
virtio network devices. We need to bind/unbind from virtio-pci
driver in case of virtio-net devices.
Fixes#612
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Refactor these functions so differernt types of endpoints can use a unified
function to hotplug nics.
Fixes#731
Signed-off-by: Ruidong Cao <caoruidong@huawei.com>
reflect.DeepEqual would return false when comparing nil map/slice with
empty map/slice. We would want to return success in such case, since it
is possible for upper layers to send these kind of configs.
Fixes: #844
Signed-off-by: Peng Tao <bergwolf@gmail.com>
