If the sandbox has been initialized with a factory, this means the
caller should be in charge of adding any network to the VM, and
virtcontainers library cannot make any assumptions about adding
the default underlying network.
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
The CLI being the implementation of the OCI specification, and the
hooks being OCI specific, it makes sense to move the handling of any
OCI hooks to the CLI level. This changes allows the Kata API to
become OCI agnostic.
Fixes#599
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
As we want to call the OCI hook from the CLI, we need a way for the
CLI to figure out what is the network namespace used by the sandbox.
This is needed particularly because virtcontainers creates the netns
if none was provided.
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
This commit moves the network namespace creation out of virtcontainers
in order to anticipate the move of the OCI hooks to the CLI through a
follow up commit.
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
Since we removed the CNI implementation and that we agreed the network
should only be handled in a single way from virtcontainers, this patch
logically replace the "CNM" naming with "Default".
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
Update the agent vendoring for the new `NewAgentClient()` API - the
agent client code will enable gRPC tracing when passed a context
containing an opentracing span.
Agent client code changes:
6d26d61 client: Add context parameter and enable tracing support
Fixes#640.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
The storage implementation of filesystem was in the same file where
the resource storage interface was declared. It's more proper to
separate implementations and interface into different files.
Fixes#633
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
This noop implementation of resourceStorage will allow for easier
unit testing of some sandbox functions.
Fixes#632
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
The specific agent implementation kata_agent was defining a very
useful generic function that is now moved to the global file
network.go.
Fixes#629
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
The QMP shutdown is taken care of by the sandbox release, through a
call to hypervisor.disconnect(). By shutting down the QMP at the qemu
level directly, we are creating some unrecoverable errors by trying to
close an already closed channel.
This patch simply removes the faulty code, following the same design
other hotplug functions are designed.
Fixes#627
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
QEMU supports GICv2, GICv3 and host parameters for guest
gic-version. The "host" parameter will let QEMU detect
GIC version by itself. This parameter will work properly
when host GIC version is GICv2 or GICv3. But the detection
will failed when host GIC is GICv4 or higher:
"Unable to determine GIC version supported by host"
In this case, we have to detect the host GIC version manually
and force QEMU to use GICv3 when host GIC is GICv4 or higher.
Fixes: #614
Signed-off-by: Wei Chen <wei.chen@arm.com>
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
Add additional `context.Context` parameters and `struct` fields to allow
trace spans to be created by the `virtcontainers` internal functions,
objects and sub-packages.
Note that not every function is traced; we can add more traces as
desired.
Fixes#566.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
We need this configuration due to a limitation in seabios
firmware in handling hotplug for PCI devices with large BARS.
Long term, this needs to be fixed in the firmware.
Fixes#594
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
When creating a device structure to be added to the hypervisor, make
sure that the device includes the vhost-user type. In particular,
for network devices, specificy VhostUserNet.
Fixes: #601
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
With qemu 2.10, a write lock was added for qcow images that
prevents the same image to be passed more than once.
This can be over-ridden using the --share-rw option which is
desired for raw images.
This solves an issue with running Kata with devicemapper
using the privileged mode as in this case all devices on the host
are passed to the container including the block device associated
with the rootfs, causing it to be passed twice to qemu.
Fixes#606
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Remove unsed variable, the variable is set just in one place, and
never is used again.
Fixes: #603
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
Fixes#50 .
Add new interface sandbox.AddDevice, then for Frakti use case, a device
can be attached to sandbox before container is created.
Signed-off-by: Wei Zhang <zhangwei555@huawei.com>
We dont really call CNI from Kata, this is done by the CRI layer.
All of the CNI code is unused.
Fixes#567
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Instead of continuing with the network setup, we should detect
if host network namespace was requested and error out early.
Fixes#499
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
nvdimm is fundamental to get rootfs approach
working for Kata Containers on ppc64le. It should
be added to the default qemu machine option list.
Fixes: #561
Signed-off-by: Nitesh Konkar niteshkonkar@in.ibm.com
In order to start playing with the "virt" machine type for Kata,
we need this new machine type to be part of the list of supported
machines for qemu on x86 architecture.
Fixes#558
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
Right now we create it in `createsandbox` and it would
create the vm dir unnecessarily for fetchsandbox() and
it ends up leaving an empty vm dir behind even after
DeleteSandbox.
Fixes: #547
Signed-off-by: Peng Tao <bergwolf@gmail.com>
To use the filepath.Join() instead of the simple
string append method to form the file path, otherwise
it will lose the "/" between the two parts.
Fixes#543.
Signed-off-by: Fupan Li <lifupan@gmail.com>
Remove the `initcall_debug` boot option from the kernel command-line as
we don't need it any more and it generates a ton of boot messages that
may well be impacting performance.
Fixes#526.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
And do not append sandbox id to kernel arguments since that
would fail qemu args comparison in vm factory.
Fixes: #523
Signed-off-by: Peng Tao <bergwolf@gmail.com>
When the hypervisor option `use_vsock` is true the runtime will check for vsock
support. If vsock is supported, not proxy will be used and the shims
will connect to the VM using VSOCKS. This flag is true by default, so will use
VSOCK when possible and no proxy will be started.
fixes#383
Signed-off-by: Jose Carlos Venegas Munoz jose.carlos.venegas.munoz@intel.com
Signed-off-by: Julio Montes <julio.montes@intel.com>
parseVSOCKAddr function is no more needed since now agent config
contains a field to identify if vsocks should be used or not.
Signed-off-by: Julio Montes <julio.montes@intel.com>
`appendVSockPCI` function can be used to cold plug vocks, vhost file descriptor
holds the context ID and it's inherit by QEMU process, ID must be unique and
disable-modern prevents qemu from relying on fast MMIO.
Signed-off-by: Julio Montes <julio.montes@intel.com>
