No call cgroup operations for containers in host
if SandboxCgroupOnly is enabled.
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
add option to eneable only pod cgroup (SandboxCgroupOnly)
Depends-on: github.com/kata-containers/tests#1824
Fixes: #1879
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
The container CgroupsPath is optional acording to OCI.
If for some reason the runtime decide to not define one.
just skip cgroup operations.
This is going to be useful for upcoming, sandbox cgroup only
cgroup managment feature.
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
Some errors propagate with printing showing a cgroup path.
If for some reason this is empty is difficult to know looking
at the logs.
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
constrainHypervisor -> constrainHypervisorVCPUs
Document and rename function.
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
prefix cgroup related methods with cgroups,
make easy to group together in auto-generated docs.
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
When shimv2 was killed by accident, containerd would try to
launch a new shimv2 binarry to cleanup the container. In order
to avoid race condition, the cleanup should be done serialized
in a sandbox. Thus adding a new api to do this by locking the
sandbox.
Fixes:#1832
Signed-off-by: lifupan <lifupan@gmail.com>
When create container failed, it should delete the container
config from sandbox, otherwise, the following new creating container
would get a wrong resources caculating which would contain the previous
failed container resources such as memory and cpu.
Fixes: #1997
Signed-off-by: lifupan <lifupan@gmail.com>
The following storeSandbox() will store the sandbox config
data, thus there is no need to store it specifically before
run storeSandbox().
Signed-off-by: lifupan <lifupan@gmail.com>
strErr is qemu log message, should add err in error message, or if fail
before launch qemu, can not get corrent message.
Fixes: #1991
Signed-off-by: Ace-Tang <aceapril@126.com>
Since firecracker hasn't support console watching by now, so skip
watching console if the consoleURL is empty.
Fixes: #1970
Signed-off-by: lifupan <lifupan@gmail.com>
so that for qemu, we can save and export virtiofsd pid,
and put it to the same cgroup as the qemu process.
Fixes: #1972
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
Memory preallocation is just a property that hugepage, file backed
memory and memory-backend-ram can each choose to configure.
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
When guest panics or stops with unexpected internal
error, qemu process might still be running but we can
find out such situation with qmp. Then monitor can still
report such failures to watchers.
Fixes: #1963
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
We don't really need to unplug it from guest because we have
already stopped it. Just detach it and clean it up.
Fixes: #1968
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
This reverts commit 794e08e243.
It breaks vfio device passthru as we need to bind the device
back to host when removing the endpoint. And that is not possible
when qemu is still running (thus holding reference to the device).
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
If guest is malfunctioning, we need a way to bail out. Add
a default timeout for most of the grpc requests so that the
runtime does not wait indefinitely.
Fixes: #1952
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
We might need to call hypervisor hotunplug to really remove
a network device. We cannot do it after stopping the VM.
Fixes: #1956
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
Drop the bits for bridged networking in ACRN and change the default
to macvtap. We should eventually change this to tcfilter with additional
testing.
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Routes with proto "kernel" are routes that are automatically added
by the kernel.
It is a route added automatically when you assign an address to an
interface which is not /32.
With this commit, these routes are ignored. The guest kernel
would add these routes on the guest side. A corresponding commit on the
agent side would no longer delete these routes while updating them.
Without this commit, netlink gives an error complaining that a route
already exists when you try to add a route with the same dest subnet.
Something like:
dest: 192.168.1.0/24 device:net1 source:192.168.1.217 scope:253
dest: 192.168.1.0/24 device:net2 source:192.168.1.218 scope:253
Depends-on: github.com/kata-containers/agent#624
Fixes: #1811
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
The list of kernel modules can be passed to the runtime through the
configuration file or using OCI annotations. In both cases, a list paramentes
can be specified for each module.
fixes#1925
Signed-off-by: Julio Montes <julio.montes@intel.com>
We start virtiofsd in foreground (-f option), so we should wait for it
to reclaim its resources to avoid zombie process when qemu or virtiofsd
got killed unexpectedly.
Fixes: #1934
Signed-off-by: Eryu Guan <eguan@linux.alibaba.com>
When virtio_fs_cache is set to none, the mount options for the folder
inside the guest should not contain the dax option else it leads to
invalid address errors and a crash of the daemon on the host.
Fixes: #1907
Signed-off-by: Ganesh Maharaj Mahalingam <ganesh.mahalingam@intel.com>
