nemu needs to be configured with:
`machine_type = "virt"` by default.
In addition, this commit removes
`machine_accelerators="virt"` which was added instead
of `machine_type` in a previous commit.
Fixes: #1707.
Signed-off-by: Salvador Fuentes <salvador.fuentes@intel.com>
- For initial offering of virtiofsd, hugepages are required
- use the qemu hypervisor type for configuration template
- decrease virtiofs cache size from 8192 to 1024, to better support
running with virtio-fs on smaller machines while hugepages are required.
- For initial experimental release, utilize virtio-serial instead of
vsock
Fixes: #1662
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
NEMU requires a unique runtime configuration. Add support for utilizing
a configuration-nemu.toml
Fixes: #1647
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
Several cache modes are supported by virtio-fs. They affect the
performance and consistency characteristics of the file system.
For the time being cache="none" is recommended, but the other modes can
be experimented with.
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Add VirtioFSCacheSize aka virtio_fs_cache_size option
to set the size (in MiB) of the DAX cache.
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Add a config option to select between virtio-9p and virtiofs. This
option currently has no effect and will be used in a later patch.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
When a parallel build is invoked using "make -j4" there is a race
between EXTRA_DEPS ('clean') and generating files:
CPU1 CPU2
---- ----
create cli/generated-config.go
rm cli/generated-config.go
go build -> error: generated-config.go doesn't exist!
Previous commits ensured that targets relying on version information
like VERSION and COMMIT declare appropriate dependencies. Therefore
make is now able to detect changes and rebuild targets as needed. It is
no longer necessary to abuse the clean target to force a rebuild.
Fixes: #1540
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Makefile uses $(shell) to build a git commit string. Unfortunately this
means make targets cannot be rebuilt when COMMIT changes value. We need
to reflect this string value into files on which make can process
dependencies.
I stole a solution from QEMU's Makefile:
1. Print the string into .git-commit.tmp
2. If .git-commit.tmp differs from .git-commit, copy it to .git-commit
3. Depend on .git-commit from all targets that need $COMMIT
This way targets are only rebuilt if the commit string value actually
changes.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Makefile had a template for cli/config-generated.go embedded inside it.
There is already a templating mechanism for .in files. Using a .in file
is cleaner since it avoids make's awkward interaction with shell
escaping and line splitting.
This patch moves the template into cli/config-generated.go.in and reuses
the existing .in file templating mechanism. Only the PKGRUNDIR variable
needs to be added.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Depending on Makefile is not enough to detect all changes. We must
rebuild when included makefiles change, too.
The MAKEFILE_LIST special variable contains the filenames of all
included makefiles and Makefile itself.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
The netmon target must be rebuilt when the VERSION file changes since it
uses the value of VERSION on the build command-line.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
GENERATED_FILES already includes COLLECT_SCRIPT, so there's no need to
specify it again:
GENERATED_FILES += $(COLLECT_SCRIPT)
...
clean:
$(QUIET_CLEAN)rm -f ... $(GENERATED_FILES) $(COLLECT_SCRIPT)
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
tcfilter requires no changes to the interface provided by the network
plugin and supports a larger set of plugins.
Fixes#1501
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Add a number of useful build and install targets to the `show-usage`
target which are visible when the user runs `make help`.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Add `install-runtime` and `install-netmon` targets. This allows the
`install` target to be simplified and also allows the runtime to be
built without having to build the `containerd-shim-v2` binary which is
slow to build:
```
$ make runtime && sudo -E PATH=$PATH make install-runtime
```
Fixes#1402.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
The `containerd-shim-v2` binary does not need the `kata-runtime` binary
to be built first, so remove the dependency.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Fixes#1226
Add new flag "experimental" for supporting underworking features.
Some features are under developing which are not ready for release,
there're also some features which will break compatibility which is not
suitable to be merged into a kata minor release(x version in x.y.z)
For getting these features above merged earlier for more testing, we can
mark them as "experimental" features, and move them to formal features
when they are ready.
Signed-off-by: Wei Zhang <zhangwei555@huawei.com>
Got aarch64 fail in No GO command or GOPATH not set mode:
Makefile:38: arch/aarch64-options.mk: No such file or directory
Makefile:237: *** "ERROR: No hypervisors known for architecture aarch64 (looked for: firecracker qemu)". Stop.
The cause is the machine hardware name of aarch64 is aarch64 but
runtime's arch make file's name is arm64-options.mk.
This commit convert aarch64 to arm64 to fix the issue.
Fixes: #1320
Signed-off-by: Hui Zhu <teawater@hyper.sh>
The cause that make "sudo make install" fail is not "GOPATH not set",
but no go command in path.
But the commit still keep the "GOPATH not set" because
execute "unset GOPATH; make" will fail because "go build" cannot work
without GOPATH.
Fixes: #1285
Signed-off-by: Hui Zhu <teawater@hyper.sh>
In GOPATH not set mode got:
make: go: Command not found
Makefile:38: arch/-options.mk: No such file or directory
make: go: Command not found
Makefile:237: *** "ERROR: No hypervisors known for architecture (looked for: firecracker qemu)". Stop.
The root cause is GOPATH not set mode is not set ARCH.
Set it to fix the issue.
Fixes: #1224
Signed-off-by: Hui Zhu <teawater@hyper.sh>
Architecture-dependent settings were not being populated when GOPATH
was set. This change ensures they are always set.
Fixes#1169
Signed-off-by: William Douglas <william.douglas@intel.com>
- Do symlink to a relative path to hypervisor config.
- Create symlink on DESTDIR
Fixes: #1161
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
Support building with `make HYPERVISOR=firecracker`.
Notes:
- Firecracker is currently only supported on x86_64, hence the
architecture check.
- The template file `cli/config/configuration-fc.toml.in` is based
on `cli/config/configuration.toml.in`.
Fixes#1105.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Improve the build to:
- Encapsulate the qemu configuration.
- Validate the chosen hypervisor.
- Display hypervisor details for `make help`.
This lays the groundwork to build configurations for multiple
hypervisors.
Notes:
- Variables that are hypervisor specific have now been suffixed with `_QEMU`.
- `make install` now installs `configuration-qemu.toml`.
To maintain compatibility with existing installations, a symbolic link
to this file called `configuration.toml` is created.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Move the quiet prefix from the `INSTALL_EXEC` recipe and use it at the
call sites. This makes the code robust when calling the recipe in a
`$(foreach ...)` loop.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Pass Seccomp profile to the agent only if
the configuration.toml allows it to be passed
and the agent/image is seccomp capable.
Fixes: #688
Signed-off-by: Nitesh Konkar niteshkonkar@in.ibm.com
Most of the projects, they can be built with "make". After that,
"sudo make install" can install the application.
It is not work for kata-runtime because kata-runtime's make must work
with golang in the environment that default sudo cannot supply it.
But "make install" doesn't need golang.
So add "GOPATH not set" to handle the issue.
Fixes: #1008
Signed-off-by: Hui Zhu <teawater@hyper.sh>
Add the ability to skip checking the go version, by passing to make the
variable SKIP_GO_VERSION_CHECK=1
Fixes: #916
Signed-off-by: Marco Vedovati <mvedovati@suse.com>
Refactor the config related codes into a separated
package which can be shared with other cli programs
such as kata's shimv2.
Fixes: #787Fixes: #714
Signed-off-by: fupan <lifupan@gmail.com>
Build {runtime,netmon} as Position-Independent-Executable (PIE) for improved
security and compliancy with distros packaging guidelines.
Fixes: #875
Signed-off-by: Marco Vedovati <mvedovati@suse.com>
Check that the system golang version is new enough to build with
according to the data from the `versions.yaml` file.
Update the verions in the versions.yaml accordingly, and add a note
describing what the 'newest-version' item represents.
Note, we only do a minimum requirement check, and are not checking
against the 'newest-version' info from the yaml.
Fixes: #148
Inspired-by: Wei Zhang <zhangwei555@huawei.com>
Idea-by: James O. D. Hunt <james.o.hunt@intel.com>
Signed-off-by: Graham Whaley <graham.whaley@intel.com>
Add configuration to decide the amount of slots that will be used in a VM
- This will limit the amount of times that memory can be hotplugged.
- Use memory slots provided by user.
- tests: aling struct
cli: kata-env: Add memory slots info.
- Show the slots to be added to the VM.
```diff
[Hypervisor]
MachineType = "pc"
Version = "QEMU ..."
Path = "/opt/kata/bin/qemu-system-x86_64"
BlockDeviceDriver = "virtio-scsi"
Msize9p = 8192
+ MemorySlots = 10
Debug = false
UseVSock = false
```
Fixes: #751
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
In order to choose if the network monitor should be used or not, this
patch makes it configurable from the configuration.toml file.
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
This commit modifies the Makefile at the root of this repository
so that the binary kata-netmon can be built from there.
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
We need this configuration due to a limitation in seabios
firmware in handling hotplug for PCI devices with large BARS.
Long term, this needs to be fixed in the firmware.
Fixes#594
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Allow the path being checked by the os-no-exit script to be
passed in, and update the Makefile to use that to check the
current code paths of the cli and virtcontainers.
Fixes: #477
Signed-off-by: Graham Whaley <graham.whaley@intel.com>
There is a relation between the maximum number of vCPUs and the
memory footprint, if QEMU maxcpus option and kernel nr_cpus
cmdline argument are big, then memory footprint is big, this
issue only occurs if CPU hotplug support is enabled in the kernel,
might be because of kernel needs to allocate resources to watch all
sockets waiting for a CPU to be connected (ACPI event).
For example
```
+---------------+-------------------------+
| | Memory Footprint (KB) |
+---------------+-------------------------+
| NR_CPUS=240 | 186501 |
+---------------+-------------------------+
| NR_CPUS=8 | 110684 |
+---------------+-------------------------+
```
In order to do not affect CPU hotplug and allow to users to have containers
with the same number of physical CPUs, this patch tries to mitigate the
big memory footprint by using the actual number of physical CPUs as the
maximum number of vCPUs for each container if `default_maxvcpus` is <= 0 in
the runtime configuration file, otherwise `default_maxvcpus` is used as the
maximum number of vCPUs.
Before this patch a container with 256MB of RAM
```
total used free shared buff/cache available
Mem: 195M 40M 113M 26M 41M 112M
Swap: 0B 0B 0B
```
With this patch
```
total used free shared buff/cache available
Mem: 236M 11M 188M 26M 36M 186M
Swap: 0B 0B 0B
```
fixes#295
Signed-off-by: Julio Montes <julio.montes@intel.com>
"make install" fails on a clean working directory:
$ make install
install: cannot stat ‘data/kata-collect-data.sh’: No such file or directory
This happens because install and install-scripts do not depend on the
runtime. Make doesn't know it needs to build the runtime before it can
be installed.
Add the missing dependencies to the install targets so that "make
install" works on a clean working directory and rebuilds when source
files have been modified.
Note that SCRIPTS contains the generated kata-collect-data.sh script.
That file needs to be generated before it can be installed, so make
SCRIPTS a dependency of install-scripts.
Fixes: #283
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
