When enabled, do not release in memory sandbox resources in VC APIs,
and callers are expected to call sandbox.Release() to release the in
memory resources.
Signed-off-by: Peng Tao <bergwolf@gmail.com>
For each time a sandbox structure is created, we ensure s.Release()
is called. Then we can keep the qmp connection as long as Sandbox
pointer is alive.
All VC interfaces are still stateless as s.Release() is called before
each API returns.
OTOH, for VCSandbox APIs, FetchSandbox() must be paired with s.Release,
the same as before.
Fixes: #500
Signed-off-by: Peng Tao <bergwolf@gmail.com>
Unify qmp channel setup and teardown. This also fixes the issue that
sometimes qmp pointer is not reset after qmp is shutdown.
Signed-off-by: Peng Tao <bergwolf@gmail.com>
Add enable_template option to the config file.
When it is set, enable the vm template factory.
cache factory cannot be used by kata cli directly because
it requires a running daemon to maintain the cache VMs.
`kata-runtime factory init` would initialize the vm factory and
`kata-runtime factory destroy` would destroy the vm factory.
When configured, a vm factory is loaded before creating new sandboxes.
Signed-off-by: Peng Tao <bergwolf@gmail.com>
Add SetFactory to allow virtcontainers consumers to set a vm factory.
And use it to create new VMs whenever the factory is set.
Signed-off-by: Peng Tao <bergwolf@gmail.com>
Add vm factory support per design in the VM Factory plugin section.
The vm factory controls how a new vm is created:
1. direct: vm is created directly
2. template: vm is created via vm template. A template vm is pre-created
and saved. Later vm is just a clone of the template vm so that they
readonly share a portion of initial memory (including kernel, initramfs
and the kata agent). CPU and memory are hot plugged when necessary.
3. cache: vm is created via vm caches. A set of cached vm are pre-created
and maintained alive. New vms are created by just picking a cached vm.
CPU and memory are hot plugged when necessary.
Fixes: #303
Signed-off-by: Peng Tao <bergwolf@gmail.com>
1. support qemu migration save operation
2. setup vm templating parameters per hypervisor config
3. create vm storage path when it does not exist. This can happen when
an empty guest is created without a sandbox.
Signed-off-by: Peng Tao <bergwolf@gmail.com>
There are a few changes we need on kata agent to introduce vm factory
support:
1. decouple agent creation from sandbox config
2. setup agent without creating a sandbox
3. expose vm storage path and share mount point
Signed-off-by: Peng Tao <bergwolf@gmail.com>
A hypervisor implementation does not need to depend on a sandbox
structure. Decouple them in preparation for vm factory.
Signed-off-by: Peng Tao <bergwolf@gmail.com>
It helps tracking each request that is sent and we can match with the
one printed by kata-agent on the guest side to find out any stack
requests in the middle.
Fixes: #494
Signed-off-by: Peng Tao <bergwolf@gmail.com>
Ephemeral volumes should not be passed at 9pfs mounts.
They should be created inside the VM.
This patch disables ephemeral volumes from getting
mounted as 9pfs from the host and instead a corresponding
tmpfs is created inside the VM.
Fixes : #61
Signed-off-by: Harshal Patil <harshal.patil@in.ibm.com>
After the sandbox is paused, it's needed to stop its monitor,
Otherwise, its monitors will receive timeout errors if it is
paused for a long time, thus its monitor will not tell it's a
crash caused timeout or just a paused timeout.
Fixes: #472
Signed-off-by: fupan <lifupan@gmail.com>
Reworked `TestCCProxyStart` to create a generic `testProxyStart()` that
is now used for testing both CC and Kata proxies.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Add the `-sandbox` option when launching the proxy. This isn't strictly
required by the proxy, but is extremely useful for log analysis to allow
log entries to be matched to sandboxes as the proxy will add a
`sandbox` field in each log entry.
Fixes#463.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Add a kernel command-line option that the agent can read to determine
the sandbox ID of the VM. It can use this to create a `sandbox=` log
field for improved log analysis.
Fixes#465.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Use pointer here since api.VhostUserDevice interface is implemented
by VhostUserNetDevice pointer.
Fixes#446
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
When do sandbox release, the kataBuiltInProxy will
be closed, and it will stop the watch of vm's console;
Thus it needs to restart the proxy to monitor the vm
console once to restore the sandbox.
Fixes: #441
Signed-off-by: fupan <lifupan@gmail.com>
If we send multiple grpcs at once before a client is created, we end up
creating multiple connections to the agent and that breaks when using builtin
proxy since only one connection is allowed.
Fixes: #431
Signed-off-by: Peng Tao <bergwolf@gmail.com>
So that we let callers decide if kata-agent should let all containers in
a sandbox share the same pid namespace.
This will be first used only by frakti. And kata cli can possibly use it
as well when cri-o and containerd-cri stop creating pause containers
and just pass the CreateSandbox CRI requests to kata.
Fixes: #426
Signed-off-by: Peng Tao <bergwolf@gmail.com>
We only need one qmp channel and it is qemu internal detail thus
sandbox.go does not need to be aware of it.
Fixes: #428
Signed-off-by: Peng Tao <bergwolf@gmail.com>
The "Failed to allocate HTAB of requested size,
try with smaller maxmem" error in ppc64le occurs
when maxmem allocated is very high. This got fixed
in qemu 2.10 and kernel 4.11. Hence put a maxmem
restriction of 32GB per kata-container if qemu
version less than 2.10
Fixes: #415
Signed-off-by: Nitesh Konkar <niteshkonkar@in.ibm.com>
Before this patch shared dir will reamin when sandox
has already removed, espacilly for kata-agent mod.
Do clean up shared dirs after all mounts are umounted.
Fixes: #291
Signed-off-by: Haomin <caihaomin@huawei.com>
Out CI is failing because of a recent change introduced in the
CNI plugins repo(github.com/containernetworking/plugins) that vendors in
CNI v0.7.0-alpha0. Refer to commit #e4fdb6cd1883b7b.
However, it looks like the the plugins themselves have not been
updated yet, causing failures in CI. This was verified by vendoring
in the latest CNI and CNI plugins in our repo.
Till the plugin binaries our fixed, use older version of CNI plugins
for testing virtcontainers. See this:
https://github.com/containernetworking/plugins/commit/68b4efb4056c
In any case we should keep this version
in sync with what we vendor in, in our runtime and not use the
latest commit.
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
All calls to deleteNetNS were passing the "mounted" parameter as
true. So drop this parameter.
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
In case of physical network interfaces, we explicitly
pass through them to the VM. We need to bind them back to
the host driver when the sandbox is stopped, irrespective if
the network namespace has been created by virtcontainers or not.
Fixes#384
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
This commit checks the size of "/dev/shm" for the sandbox container
which is then used to create the shared memory inside the guest.
kata agent then uses this size to set up a sandbox level ephemeral
storage for shm. The containers then simply bind mount this sandbox level
shm.
With this, we will now be able to support docker --shm-size option
as well have a shared shm within containers in a pod, since they are
supposed to be in the same IPC namespace.
Fixes#356
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Correct the document URLs which have gone stale.
The virtcontainers build status links have been moved to the top-level
README.
Fixes#376.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
