When create sandbox, we setup a sandbox of 2048M base memory, and
then hotplug memory that is needed for every new container. And
we change the unit of c.config.Resources.Mem from MiB to Byte in
order to prevent the 4095B < memory < 1MiB from being lost.
Depends-on:github.com/kata-containers/tests#813
Fixes#400
Signed-off-by: Clare Chen <clare.chenhui@huawei.com>
Signed-off-by: Zichang Lin <linzichang@huawei.com>
The virt machine type provided by the NEMU project needs to be
supported the same way we support pc and q35 machine types.
First, this patch takes care of adding the hotpluggable block device
capability to this machine type, this way when using devicemapper, we
prevent the code from falling back on using 9pfs instead of SCSI.
It also add one or several bridges to this machine type, as the code
is tightly coupled to the fact that a bridge is required for PCI
hotplug.
At last, it changes the name of the PCI host bridge (main bus), to
use "pcie.0". The default set up from pc machine type "pci.0" is not
suitable for this machine type.
Fixes#804
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
Add unit tests in network_test.go and qemu_arch_base_test.go
for macvlan and macvtap network endpoints.
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Macvtap interfaces require mac addresses to be unique even
though they may be in a separate namespace. Hence use a randomly
generate MAC address.
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Add support for macvlan driver by bridging it with a macvtap or
tap+bridge and moving the mac and ip address from the
macvlan to the bridged interface.
Fixes#162
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
If the memory is reduced , its cgroup in the VM was updated properly. But the
runtime assumed that the memory was also removed from the VM.
Then when it is added more memory again, more is added (but not needed).
Fixes: #801
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
Add block device capability for q35 as this machine type supports it.
This was never added with the introduction of q35 support.
Fixes#771
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
This reverts commit 8a6d383715.
Don't remove all directories in the shared directory because
`docker cp` re-mounts all the mount points specified in the
config.json causing serious problems in the host.
fixes#777
Signed-off-by: Julio Montes <julio.montes@intel.com>
Kata agent expects the pci address to be passed and not the
predicted device name.
Fixes#773
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Add configuration to decide the amount of slots that will be used in a VM
- This will limit the amount of times that memory can be hotplugged.
- Use memory slots provided by user.
- tests: aling struct
cli: kata-env: Add memory slots info.
- Show the slots to be added to the VM.
```diff
[Hypervisor]
MachineType = "pc"
Version = "QEMU ..."
Path = "/opt/kata/bin/qemu-system-x86_64"
BlockDeviceDriver = "virtio-scsi"
Msize9p = 8192
+ MemorySlots = 10
Debug = false
UseVSock = false
```
Fixes: #751
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
It does not give better pjdfstest results but allows us to pass
ubuntu `apt update`, fedora `dnf install`, and also launch `mariadb:latest`.
Fixes: #769
Signed-off-by: Peng Tao <bergwolf@gmail.com>
It shouldn't set kataAgent.state.URL in its configure() method
for builtin kata proxy, otherwise the following check of whether
is it nil in startProxy() will return directly and failed to
start builtin proxy which will log the qemu's console.
Fixes: #756
Signed-off-by: fupan <lifupan@gmail.com>
Enable GPU device support in kata runtime, including GVT-g and GVT-d.
GVT-g: graphic virtualization technology with mediated pass through
GVT-d: graphic virtualization technology with direct pass through
BDF of device eg "0000:00:1c.0" is used to distinguish GPU device in GVT-d,
while sysfsdev of device eg "f79944e4-5a3d-11e8-99ce-479cbab002e4" is used
in GVT-g.
Fixes#542
Signed-off-by: Zhao Xinda <xinda.zhao@intel.com>
Add support for cgroup driver systemd.
systemd cgroup is not applied in the VM since in some cases like initrd images
there is no systemd running and nobody can update a systemd cgroup using
systemctl.
fixes#596
Signed-off-by: Julio Montes <julio.montes@intel.com>
Get and store guest details after sandbox is completely created.
And get memory block size from sandbox state file when check
hotplug memory valid.
Signed-off-by: Clare Chen <clare.chenhui@huawei.com>
Signed-off-by: Zichang Lin <linzichang@huawei.com>
Add support for using update command to hotplug memory to vm.
Connect kata-runtime update interface with hypervisor memory hotplug
feature.
Fixes#625
Signed-off-by: Clare Chen <clare.chenhui@huawei.com>
Fixes#671
agent Shortlog:
7e8e20b agent: add GetGuestDetails gRPC function
5936600 grpc: grpc.Code is deprecated
2d3b9ac release: Kata Containers 1.3.0-rc0
a6e27d6 client: fix dialer after vendor update
cd03e0c vendor: update grpc-go dependency
1d559a7 channel: add serial yamux channel close timeout
fcf6fa7 agent: update resources list with the right device major-minor number
Signed-off-by: Zichang Lin <linzichang@huawei.com>
In order to choose if the network monitor should be used or not, this
patch makes it configurable from the configuration.toml file.
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
Because the network monitor will be listening to every event received
through the netlink socket, it will be notified everytime a new link
will be added/updated/modified in the network namespace it's running
into. The goal being to detect new interface added by Docker such as
a veth pair.
The problem is that kata-runtime will add other internal interfaces
when the network monitor will ask for the addition of the new veth
pair. And we need a way to ignore those new interfaces being created
as they relate to the veth pair that is being added. That's why, in
order to prevent from running into an infinite loop, virtcontainers
needs to tag the internal interfaces with the "kata" suffix so that
the network monitor will be able to ignore them.
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
The PR moves ahead the start of proxy process for vm factory so that
it waits for both vm and proxy to be up at the same time. This saves
about 300ms for new container creation in my local test machine.
Fixes: #683
Signed-off-by: Peng Tao <bergwolf@gmail.com>
Callers can use setProxy to ask agent to use an existing proxy.
agent is modified to rely on its state.URL to tell if an
its proxy is a valid one. And startProxy will skip a valid
proxy since it is already started.
Signed-off-by: Peng Tao <bergwolf@gmail.com>
A proxy is mostly associated with an agent. Decouple it from sandbox
so that we can start it before linking vm with an actual sandbox.
Signed-off-by: Peng Tao <bergwolf@gmail.com>
Add `disable_vhost_net` option to enable or disable the use of
vhost_net. Vhost_net can improve network performance.
Signed-off-by: Ruidong Cao <caoruidong@huawei.com>
The runtime and hypervisor `Debug` options were always showing as
`false` (although all debug options in `configuration.toml` were
correctly honoured).
Note: Also moved location of `FactoryConfig` in `RuntimeConfig` as the
`malign` linter was complaining:
```
virtcontainers/pkg/oci/utils.go:102:20⚠️ struct of size 408 could be 400 (maligned)
```
Fixes#724.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Instead of using a default queue size of 8 for macvtap fds,
use the number of CPUs on the guest as the queue size.
This is the recommended approach. This also shown better
performance results.
Fixes#680
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
