virtiofsd binary built using our packaging scripts
is named `virtiofsd` and not `virtiofsd-x86_64`
Signed-off-by: Salvador Fuentes <salvador.fuentes@intel.com>
replace `DEFSHAREDFS_QEMU_VIRTIOFS` and `CONFIG_QEMU_VIRTIOFS_IN`
with their values on the generated `configuration-qemu-virtiofs.toml`
Fixes: #2079
Signed-off-by: Salvador Fuentes <salvador.fuentes@intel.com>
This will fix the qemu-virtiofs.toml to use the kernel with virtiofs.
Also removes the initrd image from the toml.
Depends-on: github.com/kata-containers/packaging#731
Fixes#2077
Signed-off-by: Gabriela Cervantes <gabriela.cervantes.tellez@intel.com>
instead of using `DEFSHAREDFS_NEMU` in `configuration-qemu-virtiofs.toml`,
use `DEFSHAREDFS_QEMU_VIRTIOFS`.
nemu will be deprecated soon so using `DEFSHAREDFS_NEMU` may
brake the configuration for qemu-virtiofs.
Signed-off-by: Salvador Fuentes <salvador.fuentes@intel.com>
currently virtiofs support is being reworked to use qemu
and kernel from virtio-fs gitlab repo. The current support
that we have for virtio-fs has been disabled as required
patches for the 4.19 kernel were removed in [1].
[1] https://github.com/kata-containers/packaging/pull/703Fixes: #2048.
Signed-off-by: Salvador Fuentes <salvador.fuentes@intel.com>
Enable a new configuration file for QEMU with virtiofs 3.0
Depends-on: github.com/kata-containers/packaging#710
Fixes#2053
Signed-off-by: Gabriela Cervantes <gabriela.cervantes.tellez@intel.com>
add option to eneable only pod cgroup (SandboxCgroupOnly)
Depends-on: github.com/kata-containers/tests#1824
Fixes: #1879
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
Since virtio-fs is under active development, more
options will be added increasingly. To avaoid frequent
change on runtime side to handle option changes, use
one mingled arg to ease testing new option/feature of
virtiofsd.
See `virtiofsd -h` for more option details.
Fixes: #1999
Signed-off-by: Eric Ren <renzhen@linux.alibaba.com>
Drop the bits for bridged networking in ACRN and change the default
to macvtap. We should eventually change this to tcfilter with additional
testing.
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Add jailer support to configuration files.
Also enable jailer by default in Kata containers.
Signed-off-by: Manohar Castelino <manohar.r.castelino@intel.com>
This patch covers the following aspects,
1. Add ACRN as a supported hypervisor for amd64 architecture.
2. Build and install configuration file for ACRN hypervisor.
v1->v2:
1. Deleted autogenerated configuration-acrn.toml.
2. Trimmed configuration options not used by ACRN.
Fixes: #1778
Signed-off-by: Vijay Dhanraj <vijay.dhanraj@intel.com>
shimv2 binary was not being built in case of any source changes.
Add dependency of source files to the shimv2 make target to fix this.
Fixes#1805
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
hugepages were enbled by default on NEMU to allow use of virtio-fs. kata
now has a change where virtio-fs will default to use /dev/shm as the
shared memory file backing location. With that, we should be able to
disable default hugepages for NEMU
Fixes: #1775
Signed-off-by: Ganesh Maharaj Mahalingam <ganesh.mahalingam@intel.com>
nemu needs to be configured with:
`machine_type = "virt"` by default.
In addition, this commit removes
`machine_accelerators="virt"` which was added instead
of `machine_type` in a previous commit.
Fixes: #1707.
Signed-off-by: Salvador Fuentes <salvador.fuentes@intel.com>
- For initial offering of virtiofsd, hugepages are required
- use the qemu hypervisor type for configuration template
- decrease virtiofs cache size from 8192 to 1024, to better support
running with virtio-fs on smaller machines while hugepages are required.
- For initial experimental release, utilize virtio-serial instead of
vsock
Fixes: #1662
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
NEMU requires a unique runtime configuration. Add support for utilizing
a configuration-nemu.toml
Fixes: #1647
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
Several cache modes are supported by virtio-fs. They affect the
performance and consistency characteristics of the file system.
For the time being cache="none" is recommended, but the other modes can
be experimented with.
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Add VirtioFSCacheSize aka virtio_fs_cache_size option
to set the size (in MiB) of the DAX cache.
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Add a config option to select between virtio-9p and virtiofs. This
option currently has no effect and will be used in a later patch.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
When a parallel build is invoked using "make -j4" there is a race
between EXTRA_DEPS ('clean') and generating files:
CPU1 CPU2
---- ----
create cli/generated-config.go
rm cli/generated-config.go
go build -> error: generated-config.go doesn't exist!
Previous commits ensured that targets relying on version information
like VERSION and COMMIT declare appropriate dependencies. Therefore
make is now able to detect changes and rebuild targets as needed. It is
no longer necessary to abuse the clean target to force a rebuild.
Fixes: #1540
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Makefile uses $(shell) to build a git commit string. Unfortunately this
means make targets cannot be rebuilt when COMMIT changes value. We need
to reflect this string value into files on which make can process
dependencies.
I stole a solution from QEMU's Makefile:
1. Print the string into .git-commit.tmp
2. If .git-commit.tmp differs from .git-commit, copy it to .git-commit
3. Depend on .git-commit from all targets that need $COMMIT
This way targets are only rebuilt if the commit string value actually
changes.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Makefile had a template for cli/config-generated.go embedded inside it.
There is already a templating mechanism for .in files. Using a .in file
is cleaner since it avoids make's awkward interaction with shell
escaping and line splitting.
This patch moves the template into cli/config-generated.go.in and reuses
the existing .in file templating mechanism. Only the PKGRUNDIR variable
needs to be added.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Depending on Makefile is not enough to detect all changes. We must
rebuild when included makefiles change, too.
The MAKEFILE_LIST special variable contains the filenames of all
included makefiles and Makefile itself.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
The netmon target must be rebuilt when the VERSION file changes since it
uses the value of VERSION on the build command-line.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
GENERATED_FILES already includes COLLECT_SCRIPT, so there's no need to
specify it again:
GENERATED_FILES += $(COLLECT_SCRIPT)
...
clean:
$(QUIET_CLEAN)rm -f ... $(GENERATED_FILES) $(COLLECT_SCRIPT)
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
tcfilter requires no changes to the interface provided by the network
plugin and supports a larger set of plugins.
Fixes#1501
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Add a number of useful build and install targets to the `show-usage`
target which are visible when the user runs `make help`.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Add `install-runtime` and `install-netmon` targets. This allows the
`install` target to be simplified and also allows the runtime to be
built without having to build the `containerd-shim-v2` binary which is
slow to build:
```
$ make runtime && sudo -E PATH=$PATH make install-runtime
```
Fixes#1402.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
The `containerd-shim-v2` binary does not need the `kata-runtime` binary
to be built first, so remove the dependency.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Fixes#1226
Add new flag "experimental" for supporting underworking features.
Some features are under developing which are not ready for release,
there're also some features which will break compatibility which is not
suitable to be merged into a kata minor release(x version in x.y.z)
For getting these features above merged earlier for more testing, we can
mark them as "experimental" features, and move them to formal features
when they are ready.
Signed-off-by: Wei Zhang <zhangwei555@huawei.com>
Got aarch64 fail in No GO command or GOPATH not set mode:
Makefile:38: arch/aarch64-options.mk: No such file or directory
Makefile:237: *** "ERROR: No hypervisors known for architecture aarch64 (looked for: firecracker qemu)". Stop.
The cause is the machine hardware name of aarch64 is aarch64 but
runtime's arch make file's name is arm64-options.mk.
This commit convert aarch64 to arm64 to fix the issue.
Fixes: #1320
Signed-off-by: Hui Zhu <teawater@hyper.sh>
The cause that make "sudo make install" fail is not "GOPATH not set",
but no go command in path.
But the commit still keep the "GOPATH not set" because
execute "unset GOPATH; make" will fail because "go build" cannot work
without GOPATH.
Fixes: #1285
Signed-off-by: Hui Zhu <teawater@hyper.sh>
In GOPATH not set mode got:
make: go: Command not found
Makefile:38: arch/-options.mk: No such file or directory
make: go: Command not found
Makefile:237: *** "ERROR: No hypervisors known for architecture (looked for: firecracker qemu)". Stop.
The root cause is GOPATH not set mode is not set ARCH.
Set it to fix the issue.
Fixes: #1224
Signed-off-by: Hui Zhu <teawater@hyper.sh>
Architecture-dependent settings were not being populated when GOPATH
was set. This change ensures they are always set.
Fixes#1169
Signed-off-by: William Douglas <william.douglas@intel.com>
- Do symlink to a relative path to hypervisor config.
- Create symlink on DESTDIR
Fixes: #1161
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
Support building with `make HYPERVISOR=firecracker`.
Notes:
- Firecracker is currently only supported on x86_64, hence the
architecture check.
- The template file `cli/config/configuration-fc.toml.in` is based
on `cli/config/configuration.toml.in`.
Fixes#1105.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Improve the build to:
- Encapsulate the qemu configuration.
- Validate the chosen hypervisor.
- Display hypervisor details for `make help`.
This lays the groundwork to build configurations for multiple
hypervisors.
Notes:
- Variables that are hypervisor specific have now been suffixed with `_QEMU`.
- `make install` now installs `configuration-qemu.toml`.
To maintain compatibility with existing installations, a symbolic link
to this file called `configuration.toml` is created.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Move the quiet prefix from the `INSTALL_EXEC` recipe and use it at the
call sites. This makes the code robust when calling the recipe in a
`$(foreach ...)` loop.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Pass Seccomp profile to the agent only if
the configuration.toml allows it to be passed
and the agent/image is seccomp capable.
Fixes: #688
Signed-off-by: Nitesh Konkar niteshkonkar@in.ibm.com
Most of the projects, they can be built with "make". After that,
"sudo make install" can install the application.
It is not work for kata-runtime because kata-runtime's make must work
with golang in the environment that default sudo cannot supply it.
But "make install" doesn't need golang.
So add "GOPATH not set" to handle the issue.
Fixes: #1008
Signed-off-by: Hui Zhu <teawater@hyper.sh>
Add the ability to skip checking the go version, by passing to make the
variable SKIP_GO_VERSION_CHECK=1
Fixes: #916
Signed-off-by: Marco Vedovati <mvedovati@suse.com>
Refactor the config related codes into a separated
package which can be shared with other cli programs
such as kata's shimv2.
Fixes: #787Fixes: #714
Signed-off-by: fupan <lifupan@gmail.com>
Build {runtime,netmon} as Position-Independent-Executable (PIE) for improved
security and compliancy with distros packaging guidelines.
Fixes: #875
Signed-off-by: Marco Vedovati <mvedovati@suse.com>
