aljaz/kata-containers
1
0
Fork 0
mirror of https://github.com/aljazceru/kata-containers.git synced 2026-01-23 16:24:19 +01:00
Code Issues Packages Projects Releases Wiki Activity
11,257 Commits 30 Branches 115 Tags
c19cebfa801ef4c9baff9cceb0d18a7bbbef2cbd
Commit Graph

3398 Commits

Author SHA1 Message Date
yaoyinnan
5c3155f7e2 runtime: Support for host cgroup v2 
Support cgroup v2 on the host. Update vendor containerd/cgroups to add cgroup v2.

Fixes: #3073

Signed-off-by: yaoyinnan <yaoyinnan@foxmail.com>
 2022-07-28 10:30:45 +08:00
Bin Liu
50b0b7cc15 Merge pull request #4681 from Tim-0731-Hzt/runtime-rs-sharepid 
runtime-rs: fix set share sandbox pid namespace
 2022-07-27 21:43:58 +08:00
Bin Liu
557229c39d Merge pull request #4724 from yahaa/fix-docs 
Docs: fix tables format error
 2022-07-27 21:13:29 +08:00
Bin Liu
09672eb2da agent: do some rollback works if case of do_create_container failed 
In some cases do_create_container may return an error, mostly due to
`container.start(process)` call. This commit will do some rollback
works if this function failed.

Fixes: #4749

Signed-off-by: Bin Liu <bin@hyper.sh>
 2022-07-27 10:23:46 +08:00
Archana Shinde
1b01ea53d9 Merge pull request #4735 from nubificus/feature-fc-v1.1 
versions: Update Firecracker version to v1.1.0
 2022-07-27 04:50:32 +05:30
Peng Tao
27c82018d1 Merge pull request #4753 from Tim-Zhang/agent-fix-stream-fd-double-close 
agent: Fix stream fd's double close
 2022-07-27 00:54:07 +08:00
Bin Liu
6fddf031df Merge pull request #4664 from lifupan/main 
container: kill all of the processes in a container when it terminated
 2022-07-26 23:12:11 +08:00
Tim Zhang
f5aa6ae467 agent: Fix stream fd's double close problem 
The fd would be closed on Pipestream's dropping and we should
not close it agian.

Fixes: #4752

Signed-off-by: Tim Zhang <tim@hyper.sh>
 2022-07-26 20:05:06 +08:00
yahaa
6e149b43f7 Docs: fix tables format error 
Fixes: #4725

Signed-off-by: yahaa <1477765176@qq.com>
 2022-07-26 19:05:09 +08:00
Bin Liu
85f4e7caf6 runtime: explicitly mark the source of the log is from qemu.log 
In qemu.StopVM(), if debug is enabled, the shim will dump logs
from qemu.log, but users don't know which logs are from qemu.log
and shim itself. Adding some additional messages will
help users to distinguish these logs.

Fixes: #4745

Signed-off-by: Bin Liu <bin@hyper.sh>
 2022-07-26 16:08:59 +08:00
Peng Tao
129335714b Merge pull request #4727 from openanolis/anolis-fix-network 
fix network failed for kata ci
 2022-07-26 15:10:55 +08:00
Peng Tao
71384b60f3 Merge pull request #4713 from openanolis/adjust_default_vcpu 
runtime-rs: handle default_vcpus greator than default_maxvcpu
 2022-07-26 15:02:34 +08:00
gntouts
56d49b5073 versions: Update Firecracker version to v1.1.0 
This patch upgrades Firecracker version from v0.23.4 to v1.1.0

* Generate swagger models for v1.1.0 (from firecracker.yaml)
* Replace ht_enabled param to smt (API change)
* Remove NUMA-related jailer param --node 0

Fixes: #4673
Depends-on: github.com/kata-containers/tests#4968

Signed-off-by: George Ntoutsos <gntouts@nubificus.co.uk>
Signed-off-by: Anastassios Nanos <ananos@nubificus.co.uk>
 2022-07-26 07:01:26 +00:00
Zhongtao Hu
b3147411e3 runtime-rs:add unit test for set share pid ns 
Fixes:#4680
Signed-off-by: Zhongtao Hu <zhongtaohu.tim@linux.alibaba.com>
 2022-07-26 14:42:00 +08:00
Zhongtao Hu
1ef3f8eac6 runtime-rs: set share sandbox pid namespace 
Set the share sandbox pid namepsace from spec

Fixes:#4680
Signed-off-by: Zhongtao Hu <zhongtaohu.tim@linux.alibaba.com>
 2022-07-26 14:41:59 +08:00
Quanwei Zhou
57c556a801 runtime-rs: fix stop failed in azure 
Fix the stop failed in azure.

Fixes: #4740
Signed-off-by: Quanwei Zhou <quanweiZhou@linux.alibaba.com>
 2022-07-26 12:16:32 +08:00
liubin
0e24f47a43 agent: log RPC calls for debugging 
We can log all RPC calls to the agent for debugging purposes
to check which RPC is called, which can help us to understand
the container lifespan.

Fixes: #4738

Signed-off-by: liubin <liubin0329@gmail.com>
 2022-07-26 10:32:44 +08:00
Tim Zhang
e764a726ab Merge pull request #4715 from Tim-Zhang/fix-ut-test_do_write_stream 
agent: fix fd-double-close problem in ut test_do_write_stream
 2022-07-25 17:34:26 +08:00
Peng Tao
3f4dd92c2d Merge pull request #4702 from openanolis/runtime-rs-endpoint-dev 
runtime-rs: add functionalities support for macvlan and vlan endpoints
 2022-07-25 17:04:45 +08:00
Tim Zhang
427b29454a Merge pull request #4709 from liubin/fix/4708-unwrap-error 
rustjail: check result to let it return early
 2022-07-25 15:05:20 +08:00
Quanwei Zhou
c825065b27 runtime-rs: fix tc filter setup failed 
Fix bug using tc filter and protocol needs to use network byte order.

Fixes: #4726
Signed-off-by: Quanwei Zhou <quanweiZhou@linux.alibaba.com>
 2022-07-25 11:16:33 +08:00
Quanwei Zhou
e0194dcb5e runtime-rs: update route destination with prefix 
Update route destination with prefix.

Fixes: #4726
Signed-off-by: Quanwei Zhou <quanweiZhou@linux.alibaba.com>
 2022-07-25 11:16:22 +08:00
Wainer Moschetta
0b4a91ec1a Merge pull request #4644 from bookinabox/optimize-get-paths 
cgroups: remove unnecessary get_paths()
 2022-07-22 17:01:01 -03:00
Ji-Xinyou
896478c92b runtime-rs: add functionalities support for macvlan and vlan endpoints 
Add macvlan and vlan support to runtime-rs code and corresponding unit
tests.

Fixes: #4701
Signed-off-by: Ji-Xinyou <jerryji0414@outlook.com>
 2022-07-22 10:09:11 +08:00
Tim Zhang
912641509e agent: fix fd-double-close problem in ut test_do_write_stream 
The fd will closed on struct Process's dropping, so don't
close it again manually.

Fixes: #4598

Signed-off-by: Tim Zhang <tim@hyper.sh>
 2022-07-21 19:37:15 +08:00
Zhongtao Hu
43045be8d1 runtime-rs: handle default_vcpus greator than default_maxvcpu 
when the default_vcpus is greater than the default_maxvcpus, the default
vcpu number should be set equal to the default_maxvcpus.

Fixes: #4712
Signed-off-by: Zhongtao Hu <zhongtaohu.tim@linux.alibaba.com>
 2022-07-21 16:37:56 +08:00
liubin
0d7cb7eb16 agent: delete agent-type property in announce 
Since there is only one type of agent now, the
agent-type is not needed anymore.

Signed-off-by: liubin <liubin0329@gmail.com>
 2022-07-21 14:53:01 +08:00
liubin
eec9ac81ef rustjail: check result to let it return early. 
check the result to let it return early if there are some errors

Fixes: #4708

Signed-off-by: liubin <liubin0329@gmail.com>
 2022-07-21 14:51:30 +08:00
Quanwei Zhou
54f53d57ef runtime-rs: support disable_guest_seccomp 
support disable_guest_seccomp

Fixes: #4691
Signed-off-by: Quanwei Zhou <quanweiZhou@linux.alibaba.com>
 2022-07-21 07:46:28 +08:00
Bin Liu
540303880e Merge pull request #4688 from quanweiZhou/fix_sandbox_cgroup_false 
runtime-rs: fix sandbox_cgroup_only=false panic
 2022-07-19 20:38:57 +08:00
Peng Tao
7c146a5d95 Merge pull request #4684 from quanweiZhou/fix-ctr-exit-error 
runtime-rs: fix ctr exit failed
 2022-07-19 16:02:20 +08:00
Peng Tao
4c3bd6b1d1 Merge pull request #4656 from openanolis/runtime-rs-ipvlan 
runtime-rs: support functionalities of ipvlan endpoint
 2022-07-19 11:15:31 +08:00
Bin Liu
960f2a7f70 Merge pull request #4678 from Tim-0731-Hzt/runtime-rs-makefile-2 
runtime-rs: remove the value of hypervisor path in DB config
 2022-07-19 09:34:45 +08:00
Quanwei Zhou
e9988f0c68 runtime-rs: fix sandbox_cgroup_only=false panic 
When run with configuration `sandbox_cgroup_only=false`, we will call
`gen_overhead_path()` as the overhead path. The `cgroup-rs` will push
the path with the subsystem prefix by `PathBuf::push()`. When the path
has prefix “/” it will act as root path, such as
```
let mut path = PathBuf::from("/tmp");
path.push("/etc");
assert_eq!(path, PathBuf::from("/etc"));
```
So we shoud not set overhead path with prefix "/".

Fixes: #4687
Signed-off-by: Quanwei Zhou <quanweiZhou@linux.alibaba.com>
 2022-07-19 08:30:34 +08:00
Quanwei Zhou
cebbebbe8a runtime-rs: fix ctr exit failed 
During use, there will be cases where the container is in the stop state
and get another stop. In this case, the second stop needs to be ignored.

Fixes: #4683
Signed-off-by: Quanwei Zhou <quanweiZhou@linux.alibaba.com>
 2022-07-19 07:43:22 +08:00
Bin Liu
758cc47b32 Merge pull request #4671 from liubin/4670-upgrade-nix 
kata-sys-util: upgrade nix version
 2022-07-18 23:31:07 +08:00
Ji-Xinyou
62182db645 runtime-rs: add unit test for ipvlan endpoint 
Add unit test to check the integrity of IPVlanEndpoint::new(...)

Fixes: #4655
Signed-off-by: Ji-Xinyou <jerryji0414@outlook.com>
 2022-07-18 15:56:06 +08:00
xuejun-xj
99654ce694 runtime-rs: update dbs-xxx dependencies 
Update dbs-xxx commit ID for aarch64 in runtime-rs/Cargo.toml file to add
dependencies for aarch64.

Fixes: #4676

Signed-off-by: xuejun-xj <jiyunxue@alibaba.linux.com>
 2022-07-18 13:46:46 +08:00
xuejun-xj
f4c3adf596 runtime-rs: Add compile option file 
Add file aarch64-options.mk for compiling on aarch64 architectures.

Fixes: #4676

Signed-off-by: xuejun-xj <jiyunxue@alibaba.linux.com>
 2022-07-18 13:46:46 +08:00
xuejun-xj
545ae3f0ee runtime-rs: fix warning 
Module anyhow::anyhow is only used on x86_64 architecture in
crates/hypervisor/src/device/vfio.rs file.

Fixes: #4676

Signed-off-by: xuejun-xj <jiyunxue@alibaba.linux.com>
 2022-07-18 13:46:39 +08:00
Zhongtao Hu
19eca71cd9 runtime-rs: remove the value of hypervisor path in DB config 
As a built in VMM, Path, jailer path, ctlpath are not needed for
Dragonball. So we don't generate those value in Makefile.

Fixes: #4677
Signed-off-by: Zhongtao Hu <zhongtaohu.tim@linux.alibaba.com>
 2022-07-18 13:37:51 +08:00
Ji-Xinyou
d8920b00cd runtime-rs: support functionalities of ipvlan endpoint 
Add support for ipvlan endpoint

Fixes: #4655
Signed-off-by: Ji-Xinyou <jerryji0414@outlook.com>
 2022-07-18 11:34:03 +08:00
xuejun-xj
2b01e9ba40 dragonball: fix warning 
Add map_err for vcpu_manager.set_reset_event_fd() function.

Fixes: #4676

Signed-off-by: xuejun-xj <jiyunxue@alibaba.linux.com>
 2022-07-18 09:52:13 +08:00
liubin
996a6b80bc kata-sys-util: upgrade nix version 
New nix is supporting UMOUNT_NOFOLLOW, upgrade nix
version to use this flag instead of the self-defined flag.

Fixes: #4670

Signed-off-by: liubin <liubin0329@gmail.com>
 2022-07-15 17:38:15 +08:00
Fupan Li
d93e4b939d container: kill all of the processes in this container 
When a container terminated, we should make sure there's no processes
left after destroying the container.

Before this commit, kata-agent depended on the kernel's pidns
to destroy all of the process in a container after the 1 process
exit in a container. This is true for those container using a
separated pidns, but for the case of shared pidns within the
sandbox, the container exit wouldn't trigger the pidns terminated,
and there would be some daemon process left in this container, this
wasn't expected.

Fixes: #4663

Signed-off-by: Fupan Li <fupan.lfp@antgroup.com>
 2022-07-14 16:39:49 +08:00
Bin Liu
575b5eb5f5 Merge pull request #4506 from cyyzero/runk-exec 
runk: Support `exec` sub-command
 2022-07-14 14:22:24 +08:00
Quanwei Zhou
3c989521b1 dragonball: update for review 
update for review

Fixes: #3785
Signed-off-by: Quanwei Zhou <quanweiZhou@linux.alibaba.com>
 2022-07-14 10:43:59 +08:00
wllenyj
274598ae56 kata-runtime: add dragonball config check support. 
add dragonball config check support.

Signed-off-by: wllenyj <wllenyj@linux.alibaba.com>
 2022-07-14 10:43:50 +08:00
Chao Wu
1befbe6738 runtime-rs: Cargo lock for fix version problem 
Cargo lock for fix version problem

Signed-off-by: Chao Wu <chaowu@linux.alibaba.com>
 2022-07-14 08:49:39 +08:00
Quanwei Zhou
3d6156f6ec runtime-rs: support dragonball and runtime-binary 
Fixes: #3785
Signed-off-by: Quanwei Zhou <quanweiZhou@linux.alibaba.com>
Signed-off-by: Zhongtao Hu <zhongtaohu.tim@linux.alibaba.com>
 2022-07-14 08:49:30 +08:00