It helps tracking each request that is sent and we can match with the
one printed by kata-agent on the guest side to find out any stack
requests in the middle.
Fixes: #494
Signed-off-by: Peng Tao <bergwolf@gmail.com>
Ephemeral volumes should not be passed at 9pfs mounts.
They should be created inside the VM.
This patch disables ephemeral volumes from getting
mounted as 9pfs from the host and instead a corresponding
tmpfs is created inside the VM.
Fixes : #61
Signed-off-by: Harshal Patil <harshal.patil@in.ibm.com>
After the sandbox is paused, it's needed to stop its monitor,
Otherwise, its monitors will receive timeout errors if it is
paused for a long time, thus its monitor will not tell it's a
crash caused timeout or just a paused timeout.
Fixes: #472
Signed-off-by: fupan <lifupan@gmail.com>
Reworked `TestCCProxyStart` to create a generic `testProxyStart()` that
is now used for testing both CC and Kata proxies.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Add the `-sandbox` option when launching the proxy. This isn't strictly
required by the proxy, but is extremely useful for log analysis to allow
log entries to be matched to sandboxes as the proxy will add a
`sandbox` field in each log entry.
Fixes#463.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Add a kernel command-line option that the agent can read to determine
the sandbox ID of the VM. It can use this to create a `sandbox=` log
field for improved log analysis.
Fixes#465.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Use pointer here since api.VhostUserDevice interface is implemented
by VhostUserNetDevice pointer.
Fixes#446
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
When do sandbox release, the kataBuiltInProxy will
be closed, and it will stop the watch of vm's console;
Thus it needs to restart the proxy to monitor the vm
console once to restore the sandbox.
Fixes: #441
Signed-off-by: fupan <lifupan@gmail.com>
If we send multiple grpcs at once before a client is created, we end up
creating multiple connections to the agent and that breaks when using builtin
proxy since only one connection is allowed.
Fixes: #431
Signed-off-by: Peng Tao <bergwolf@gmail.com>
So that we let callers decide if kata-agent should let all containers in
a sandbox share the same pid namespace.
This will be first used only by frakti. And kata cli can possibly use it
as well when cri-o and containerd-cri stop creating pause containers
and just pass the CreateSandbox CRI requests to kata.
Fixes: #426
Signed-off-by: Peng Tao <bergwolf@gmail.com>
We only need one qmp channel and it is qemu internal detail thus
sandbox.go does not need to be aware of it.
Fixes: #428
Signed-off-by: Peng Tao <bergwolf@gmail.com>
The "Failed to allocate HTAB of requested size,
try with smaller maxmem" error in ppc64le occurs
when maxmem allocated is very high. This got fixed
in qemu 2.10 and kernel 4.11. Hence put a maxmem
restriction of 32GB per kata-container if qemu
version less than 2.10
Fixes: #415
Signed-off-by: Nitesh Konkar <niteshkonkar@in.ibm.com>
Before this patch shared dir will reamin when sandox
has already removed, espacilly for kata-agent mod.
Do clean up shared dirs after all mounts are umounted.
Fixes: #291
Signed-off-by: Haomin <caihaomin@huawei.com>
Out CI is failing because of a recent change introduced in the
CNI plugins repo(github.com/containernetworking/plugins) that vendors in
CNI v0.7.0-alpha0. Refer to commit #e4fdb6cd1883b7b.
However, it looks like the the plugins themselves have not been
updated yet, causing failures in CI. This was verified by vendoring
in the latest CNI and CNI plugins in our repo.
Till the plugin binaries our fixed, use older version of CNI plugins
for testing virtcontainers. See this:
https://github.com/containernetworking/plugins/commit/68b4efb4056c
In any case we should keep this version
in sync with what we vendor in, in our runtime and not use the
latest commit.
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
All calls to deleteNetNS were passing the "mounted" parameter as
true. So drop this parameter.
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
In case of physical network interfaces, we explicitly
pass through them to the VM. We need to bind them back to
the host driver when the sandbox is stopped, irrespective if
the network namespace has been created by virtcontainers or not.
Fixes#384
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
This commit checks the size of "/dev/shm" for the sandbox container
which is then used to create the shared memory inside the guest.
kata agent then uses this size to set up a sandbox level ephemeral
storage for shm. The containers then simply bind mount this sandbox level
shm.
With this, we will now be able to support docker --shm-size option
as well have a shared shm within containers in a pod, since they are
supposed to be in the same IPC namespace.
Fixes#356
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Correct the document URLs which have gone stale.
The virtcontainers build status links have been moved to the top-level
README.
Fixes#376.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
in old specs.Spec, Capabilities is [] string, but we don't use CompatOCISpec
for compatibility in kataAgent/createContainer.
fixes#333
Signed-off-by: y00316549 <yangshukui@huawei.com>
Pause and resume container functions allow us to just pause/resume a
specific container not all the sanbox, in that way different containers
can be paused or running in the same sanbox.
Signed-off-by: Julio Montes <julio.montes@intel.com>
When a container is updated, those modifications are stored, to
avoid race conditions with other operations, a RW lock should be used.
fixes#346
Signed-off-by: Julio Montes <julio.montes@intel.com>
Since the vendoring included changes introducing PauseContainer
and ResumeContainer changes, fix the tests to satisfy the grpc api.
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
