Add a config option to select between virtio-9p and virtiofs. This
option currently has no effect and will be used in a later patch.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Add configuration options to support the various Kata agent tracing
modes and types. See the comments in the built configuration files for
details:
- `cli/config/configuration-fc.toml`
- `cli/config/configuration-qemu.toml`
Fixes#1369.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Previously, the agent behaviour was controlled entirely using the
`kernel_params=` config option. This mechanism suffers from a subtle
problem - the runtime is not aware of how the agent will behave.
From now on, all significant agent options will be controlled from the
agent section in the configuration file. This allows the runtime to be
more aware of -- and in control of -- such agent settings. It would also
allow the underlying kernel CLI options to be modified in the future if
required.
This PR adds the only useful agent option as an explicit option by
adding an `enable_debug=true` option to the Kata agent section in
`configuration.toml`. This allows controlling agent debug to be handled
in the same manner as the other debug options.
This change is somewhat foundational: it permits the agent to be handled
consistently with other config file sections which is useful, but
arguably not essential (the old way worked). However, the new way of
handling agent options will be essential when introducing agent tracing
control as the runtime must be aware of the agent trace mode to allow
the runtime to modify its behaviour accordingly.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Replace the two versions of `makeRuntimeConfigFileData()` with a single
`MakeRuntimeConfigFileData()` in a new `katatestutils` package and a new
`katautils.GetDefaultHypervisorConfig()` to query the default hypervisor
details.
This isn't ideal but a new package had to be created to avoid circular
dependencies. It was also required since test code cannot be exported
from a package.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
This reverts commit 196661bc0d.
Reverting because cri-o with devicemapper started
to fail after this commit was merged.
Fixes: #1574.
Signed-off-by: Salvador Fuentes <salvador.fuentes@intel.com>
We can use the same data structure to describe both of them.
So that we can handle them similarly.
Fixes: #1566
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
Clear Containers proxy and shim are no longer supported. This
was mentioned in issue #1113. Their functionalities are thus
removed from the runtime.
Fixes#1419
Signed-off-by: Gabi Beyer <gabrielle.n.beyer@intel.com>
The hyperstart agent has not been supported in kata since 2.1,
so remove it as a component to kata. Mentioned in issue #1113.
Fixes: #1419
Signed-off-by: Gabi Beyer <gabrielle.n.beyer@intel.com>
This introduces a new storage type: local. Local storage type will
tell the kata-agent to create an empty directory in the sandbox
directory within the VM.
K8s host emptyDirs will then use the local storage type and mount it
inside each container. By doing this, we utilise the storage medium
that the sandbox uses. In most cases this will be 9p.
If the VM is using device mapper for container storage, the containers
will benefit from the better performance of device mapper for
host emptyDir.
Fixes#1472
Signed-off-by: Alex Price <aprice@atlassian.com>
When used builtin proxy, it's better to config the proxy
debug based on debug setting of runtime in kata configuration.
Fixes:#1495
Signed-off-by: lifupan <lifupan@gmail.com>
container's rootfs is a string type, which cannot represent a
block storage backed rootfs which hasn't been mounted.
Change it to a mount alike struct as below:
RootFs struct {
// Source specify the BlockDevice path
Source string
// Target specify where the rootfs is mounted if it has been mounted
Target string
// Type specifies the type of filesystem to mount.
Type string
// Options specifies zero or more fstab style mount options.
Options []string
// Mounted specifies whether the rootfs has be mounted or not
Mounted bool
}
If the container's rootfs has been mounted as before, then this struct can be
initialized as: RootFs{Target: <rootfs>, Mounted: true} to be compatible with
previous case.
Fixes:#1158
Signed-off-by: lifupan <lifupan@gmail.com>
when use shim v2 interface to run container, no need to use kata-proxy
and kata-shim, remove kata-proxy and kata-shim in config file will cause
panic since type assertion. add check to avoid panic
Fixes: #1440
Signed-off-by: Ace-Tang <aceapril@126.com>
k8s host empty-dir is equivalent to docker volumes.
For this case, we should just use the host directory even
for system directories.
Move the isEphemeral function to virtcontainers to not
introduce cyclic dependency.
Fixes#1417
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
gometalinter is deprecated and will be archived April '19. The
suggestion is to switch to golangci-lint which is apparently 5x faster
than gometalinter.
Partially Fixes: #1377
Signed-off-by: Ganesh Maharaj Mahalingam <ganesh.mahalingam@intel.com>
After code check and test, found VMCache can work with vsock.
Remove the code that prohibit them from working together.
Fixes: #1400
Signed-off-by: Hui Zhu <teawater@hyper.sh>
systemd-random-seed service fails if the rootfs is a read-only fs.
systemd-random-seed restores the random seed of the system at early
boot and saves it at shutdown, since kata containers are one boot machines
this service is not needed.
Signed-off-by: Julio Montes <julio.montes@intel.com>
We were considering all empty-dir k8s volumes as backed by tmpfs.
However they can be backed by a host directory as well.
Pass those as 9p volumes, while tmpfs volumes are handled as before,
namely creating a tmpfs directory inside the guest.
The only way to detect "Memory" empty-dirs is to actually check if the
volume is mounted as a tmpfs mount, since any information of k8s
"medium" is lost at the OCI layer.
Fixes#1341
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Fixes#1226
Add new flag "experimental" for supporting underworking features.
Some features are under developing which are not ready for release,
there're also some features which will break compatibility which is not
suitable to be merged into a kata minor release(x version in x.y.z)
For getting these features above merged earlier for more testing, we can
mark them as "experimental" features, and move them to formal features
when they are ready.
Signed-off-by: Wei Zhang <zhangwei555@huawei.com>
Reduce memory footprint ~7% by disabling some systemd services like
systemd-journald and systemd-udevd, those services are just consuming memory
and are not needed. For example kata-agent logs the errors through the proxy.
fixes#1339
Signed-off-by: Julio Montes <julio.montes@intel.com>
VMCache is a new function that creates VMs as caches before using it.
It helps speed up new container creation.
The function consists of a server and some clients communicating
through Unix socket. The protocol is gRPC in protocols/cache/cache.proto.
The VMCache server will create some VMs and cache them by factory cache.
It will convert the VM to gRPC format and transport it when gets
requestion from clients.
Factory grpccache is the VMCache client. It will request gRPC format
VM and convert it back to a VM. If VMCache function is enabled,
kata-runtime will request VM from factory grpccache when it creates
a new sandbox.
VMCache has two options.
vm_cache_number specifies the number of caches of VMCache:
unspecified or == 0 --> VMCache is disabled
> 0 --> will be set to the specified number
vm_cache_endpoint specifies the address of the Unix socket.
This commit just includes the core and the client of VMCache.
Currently, VM cache still cannot work with VM templating and vsock.
And just support qemu.
Fixes: #52
Signed-off-by: Hui Zhu <teawater@hyper.sh>
Check the "builtIn" first when updating the shim/proxy/agent,
thus can avoid checking the shim/proxy's binary files path which
is needless for "builtIn" type.
Fixes: #1314
Signed-off-by: fupan <lifupan@gmail.com>
If only initrd or rootfs image is installed,
allow to start Kata Containers without erroring
out.
Fixes: #1174
Signed-off-by: Nitesh Konkar niteshkonkar@in.ibm.com
Function SetKernelParams is just to update the runtimeConfig according to itself.
It just around the configuration.
So this patch moves it to updateRuntimeConfig.
Fixes: #1106
Signed-off-by: Hui Zhu <teawater@hyper.sh>
Pass Seccomp profile to the agent only if
the configuration.toml allows it to be passed
and the agent/image is seccomp capable.
Fixes: #688
Signed-off-by: Nitesh Konkar niteshkonkar@in.ibm.com
This value will be plused to max memory of hypervisor.
It is the memory address space for the NVDIMM devie.
If set block storage driver (block_device_driver) to "nvdimm",
should set memory_offset to the size of block device.
Signed-off-by: Hui Zhu <teawater@hyper.sh>
Set block_device_driver to "nvdimm" will make the hypervisor use
the block device as NVDIMM disk.
Fixes: #1032
Signed-off-by: Hui Zhu <teawater@hyper.sh>
Start adding support for virtio-mmio devices starting with block.
The devices show within the vm as vda, vdb,... based on order of
insertion and such within the VM resemble virtio-blk devices.
They need to be explicitly differentiated to ensure that the
agent logic within the VM can discover and mount them appropropriately.
The agent uses PCI location to discover them for virtio-blk.
For virtio-mmio we need to use the predicted device name for now.
Note: Kata used a disk for the VM rootfs in the case of Firecracker.
(Instead of initrd or virtual-nvdimm). The Kata code today does not
handle this case properly.
For now as Firecracker is the only Hypervisor in Kata that
uses virtio-mmio directly offset the drive index to comprehend
this.
Longer term we should track if the rootfs is setup as a block
device explicitly.
Fixes: #1046
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
Signed-off-by: Manohar Castelino <manohar.r.castelino@intel.com>
By breaking down updateRuntimeConfig() into smaller functions, this
commit prevents the function to grow a Go complexity higher than 15.
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
In order to let the user choose firecracker hypervisor instead of
QEMU (from the configuration.toml), let's add it to the list of
supported hypervisors.
Fixes#1042
Depends-on: github.com/kata-containers/runtime#1044
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
Vsock conflicts with factory, when both of them are enabled,
kata will try to create a new vm template which is useless,
thus it's better to return an error directly to let users know
that those two config cannot be enabled at the same time.
Fixes: #1055
Signed-off-by: fupan <lifupan@gmail.com>
