aljaz/kata-containers
1
0
Fork 0
mirror of https://github.com/aljazceru/kata-containers.git synced 2026-01-25 09:14:29 +01:00
Code Issues Packages Projects Releases Wiki Activity
9,518 Commits 30 Branches 115 Tags
ccf21299cc162127388c62cb1269cc57c8bddb10
Commit Graph

887 Commits

Author SHA1 Message Date
Megan Wright
c6c8018730 CCv0: Merge main into CCv0 branch 
Merge remote-tracking branch 'upstream/main' into CCv0
Fixes: #4970
Signed-off-by: Megan Wright <megan.wright@ibm.com>
 2022-08-24 11:18:46 +01:00
Bin Liu
6551d4f25a Merge pull request #4051 from bergwolf/github/vmx-vm-factory 
enable vmx for vm factory
 2022-08-24 16:22:37 +08:00
Fabiano Fidêncio
9806ce8615 Merge pull request #4937 from chenhengqi/fix-error-msg 
network: Fix error message for setting hardware address on TAP interface
 2022-08-19 17:54:58 +02:00
Peng Tao
f508c2909a runtime: constify splitIrqChipMachineOptions 
A simple cleanup.

Signed-off-by: Peng Tao <bergwolf@hyper.sh>
 2022-08-18 10:09:20 +08:00
Peng Tao
2b0587db95 runtime: VMX is migratible in vm factory case 
We are not spinning up any L2 guests in vm factory, so the L1 guest
migration is expected to work even with VMX.

See https://www.linux-kvm.org/page/Nested_Guests

Fixes: #4050
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
 2022-08-18 10:08:43 +08:00
Peng Tao
fa09f0ec84 runtime: remove qemuPaths 
It is broken that it doesn't list QemuVirt machine type. In fact we
don't need it at all. Just drop it.

Signed-off-by: Peng Tao <bergwolf@hyper.sh>
 2022-08-18 10:06:10 +08:00
Bo Chen
3a597c2742 runtime: clh: Use the new 'payload' interface 
The new 'payload' interface now contains the 'kernel' and 'initramfs'
config.

Fixes: #4952

Signed-off-by: Bo Chen <chen.bo@intel.com>
 2022-08-17 12:23:43 -07:00
Bo Chen
16baecc5b1 runtime: clh: Re-generate the client code 
This patch re-generates the client code for Cloud Hypervisor v26.0.
Note: The client code of cloud-hypervisor's (CLH) OpenAPI is
automatically generated by openapi-generator [1-2].

[1] https://github.com/OpenAPITools/openapi-generator
[2] https://github.com/kata-containers/kata-containers/blob/main/src/runtime/virtcontainers/pkg/cloud-hypervisor/README.md

Fixes: #4952

Signed-off-by: Bo Chen <chen.bo@intel.com>
 2022-08-17 12:23:12 -07:00
Georgina Kinge
bb9bbc7523 CCv0: Merge main into CCv0 branch 
Merge remote-tracking branch 'upstream/main' into CCv0

Fixes: #4943
Signed-off-by: Georgina Kinge <georgina.kinge@ibm.com>
 2022-08-17 10:40:39 +01:00
Hengqi Chen
8ff5c10ac4 network: Fix error message for setting hardware address on TAP interface 
Error out with the correct interface name and hardware address instead.

Fixes: #4944

Signed-off-by: Hengqi Chen <chenhengqi@outlook.com>
 2022-08-17 16:42:07 +08:00
Megan Wright
d08bb20e98 CCv0: Merge main into CCv0 branch 
Merge remote-tracking branch 'upstream/main' into CCv0

Fixes: #4864
Signed-off-by: Megan Wright <megan.wright@ibm.com>
 2022-08-11 11:16:02 +01:00
Bin Liu
cb7f9524be Merge pull request #4804 from openanolis/anolis/merge_runtime_rs_to_main 
runtime-rs:merge runtime rs to main
 2022-08-11 08:40:41 +08:00
Jim Cadden
a87698fe56 runtime: Add support for SEV pre-attestation 
AMD SEV pre-attestation is handled by the runtime before the guest is
launched. Guest VM is started paused and the runtime communicates with a
remote keybroker service (e.g., simple-kbs) to validate the attestation
measurement and to receive launch secret. Upon validation, the launch
secret is injected into guest memory and the VM is started.

Fixes: #4280
Signed-off-by: Jim Cadden <jcadden@ibm.com>
Signed-off-by: Tobin Feldman-Fitzthum <tobin@ibm.com>
Signed-off-by: Dov Murik <dovmurik@linux.ibm.com>
 2022-08-10 14:00:14 -04:00
Tim Zhang
4813a3cef9 Merge pull request #4711 from liubin/fix/4710-wait-nydusd-api-server-ready 
nydus: wait nydusd API server ready before mounting share fs
 2022-08-10 17:20:17 +08:00
liubin
2ae807fd29 nydus: wait nydusd API server ready before mounting share fs 
If the API server is not ready, the mount call will fail, so before
mounting share fs, we should wait the nydusd is started and
the API server is ready.

Fixes: #4710

Signed-off-by: liubin <liubin0329@gmail.com>
Signed-off-by: Bin Liu <bin@hyper.sh>
 2022-08-08 16:18:38 +08:00
Tim Zhang
8d4d98587f Merge pull request #4746 from liubin/fix/4745-add-log-field 
runtime: explicitly mark the source of the log is from qemu.log
 2022-08-08 15:21:01 +08:00
chmod100
d8ad16a34e runtime: add unlock before return in sendReq 
Unlock is required before return, so there need to add unlock

Fixes: #4827

Signed-off-by: chmod100 <letfu@outlook.com>
 2022-08-05 13:30:12 +00:00
Megan Wright
c13380ba69 CCv0: Merge main into CCv0 branch 
Merge remote-tracking branch 'upstream/main' into CCv0

Fixes: #4750
Depends-on: github.com/kata-containers/tests#4971
Signed-off-by: Megan Wright megan.wright@ibm.com
 2022-08-01 16:29:50 +01:00
Zhongtao Hu
adfad44efe Merge remote-tracking branch 'origin/main' into runtime-rs-merge-tmp 
To keep runtime-rs up to date, we will merge main into runtime-rs every
week.

Fixes:#4776
Signed-off-by: Zhongtao Hu <zhongtaohu.tim@linux.alibaba.com>
 2022-08-01 11:12:48 +08:00
yaoyinnan
5c3155f7e2 runtime: Support for host cgroup v2 
Support cgroup v2 on the host. Update vendor containerd/cgroups to add cgroup v2.

Fixes: #3073

Signed-off-by: yaoyinnan <yaoyinnan@foxmail.com>
 2022-07-28 10:30:45 +08:00
Bin Liu
85f4e7caf6 runtime: explicitly mark the source of the log is from qemu.log 
In qemu.StopVM(), if debug is enabled, the shim will dump logs
from qemu.log, but users don't know which logs are from qemu.log
and shim itself. Adding some additional messages will
help users to distinguish these logs.

Fixes: #4745

Signed-off-by: Bin Liu <bin@hyper.sh>
 2022-07-26 16:08:59 +08:00
gntouts
56d49b5073 versions: Update Firecracker version to v1.1.0 
This patch upgrades Firecracker version from v0.23.4 to v1.1.0

* Generate swagger models for v1.1.0 (from firecracker.yaml)
* Replace ht_enabled param to smt (API change)
* Remove NUMA-related jailer param --node 0

Fixes: #4673
Depends-on: github.com/kata-containers/tests#4968

Signed-off-by: George Ntoutsos <gntouts@nubificus.co.uk>
Signed-off-by: Anastassios Nanos <ananos@nubificus.co.uk>
 2022-07-26 07:01:26 +00:00
Georgina Kinge
c8d783e5ef CCv0: Merge main into CCv0 branch 
Merge remote-tracking branch 'upstream/main' into CCv0

Fixes: #4696
Signed-off-by: Georgina Kinge <georgina.kinge@ibm.com>
 2022-07-20 09:39:59 +01:00
Ji-Xinyou
62182db645 runtime-rs: add unit test for ipvlan endpoint 
Add unit test to check the integrity of IPVlanEndpoint::new(...)

Fixes: #4655
Signed-off-by: Ji-Xinyou <jerryji0414@outlook.com>
 2022-07-18 15:56:06 +08:00
wllenyj
274598ae56 kata-runtime: add dragonball config check support. 
add dragonball config check support.

Signed-off-by: wllenyj <wllenyj@linux.alibaba.com>
 2022-07-14 10:43:50 +08:00
Megan Wright
f4979a9aa5 CCv0: Merge main into CCv0 branch 
Merge remote-tracking branch 'upstream/main' into CCv0

Fixes: #4651
Signed-off-by: Megan Wright <megan.wright@ibm.com>
 2022-07-13 14:32:08 +01:00
Fabiano Fidêncio
be31207f6e clh: Don't crash if no network device is set by the upper layer 
`ctr` doesn't set a network device when creating the sandbox, which
leads to Cloud Hypervisor's driver crashing, see the log below:
```
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x8 pc=0x55641c23b248]
goroutine 32 [running]:
github.com/kata-containers/kata-containers/src/runtime/virtcontainers.glob..func1(0xc000397900)
	/home/ubuntu/go/src/github.com/kata-containers/kata-containers/src/runtime/virtcontainers/clh.go:163 +0x128
github.com/kata-containers/kata-containers/src/runtime/virtcontainers.(*cloudHypervisor).vmAddNetPut(...)
	/home/ubuntu/go/src/github.com/kata-containers/kata-containers/src/runtime/virtcontainers/clh.go:1348
github.com/kata-containers/kata-containers/src/runtime/virtcontainers.(*cloudHypervisor).bootVM(0xc000397900, {0x55641c76dfc0, 0xc000454ae0})
	/home/ubuntu/go/src/github.com/kata-containers/kata-containers/src/runtime/virtcontainers/clh.go:1378 +0x5a2
github.com/kata-containers/kata-containers/src/runtime/virtcontainers.(*cloudHypervisor).StartVM(0xc000397900, {0x55641c76dff8, 0xc00044c240},
0x55641b8016fd)
        /home/ubuntu/go/src/github.com/kata-containers/kata-containers/src/runtime/virtcontainers/clh.go:659 +0x7ee
github.com/kata-containers/kata-containers/src/runtime/virtcontainers.(*Sandbox).startVM.func2()
        /home/ubuntu/go/src/github.com/kata-containers/kata-containers/src/runtime/virtcontainers/sandbox.go:1219 +0x190
github.com/kata-containers/kata-containers/src/runtime/virtcontainers.(*LinuxNetwork).Run.func1({0xc0004a8910, 0x3b})
        /home/ubuntu/go/src/github.com/kata-containers/kata-containers/src/runtime/virtcontainers/network_linux.go:319 +0x1b
github.com/kata-containers/kata-containers/src/runtime/virtcontainers.doNetNS({0xc000048440, 0xc00044c240}, 0xc0005d5b38)
        /home/ubuntu/go/src/github.com/kata-containers/kata-containers/src/runtime/virtcontainers/network_linux.go:1045 +0x163
github.com/kata-containers/kata-containers/src/runtime/virtcontainers.(*LinuxNetwork).Run(0xc000150c80, {0x55641c76dff8, 0xc00044c240}, 0xc00014e4e0)
	/home/ubuntu/go/src/github.com/kata-containers/kata-containers/src/runtime/virtcontainers/network_linux.go:318 +0x105
github.com/kata-containers/kata-containers/src/runtime/virtcontainers.(*Sandbox).startVM(0xc000107d40, {0x55641c76dff8, 0xc0005529f0})
	/home/ubuntu/go/src/github.com/kata-containers/kata-containers/src/runtime/virtcontainers/sandbox.go:1205 +0x65f
github.com/kata-containers/kata-containers/src/runtime/virtcontainers.createSandboxFromConfig({_, _}, {{0x0, 0x0, 0x0}, {0xc000385a00, 0x1, 0x1},
{0x55641d033260, 0x0, ...}, ...}, ...)
        /home/ubuntu/go/src/github.com/kata-containers/kata-containers/src/runtime/virtcontainers/api.go:91 +0x346
github.com/kata-containers/kata-containers/src/runtime/virtcontainers.CreateSandbox({_, _}, {{0x0, 0x0, 0x0}, {0xc000385a00, 0x1, 0x1},
{0x55641d033260, 0x0, ...}, ...}, ...)
        /home/ubuntu/go/src/github.com/kata-containers/kata-containers/src/runtime/virtcontainers/api.go:51 +0x150
github.com/kata-containers/kata-containers/src/runtime/virtcontainers.(*VCImpl).CreateSandbox(_, {_, _}, {{0x0, 0x0, 0x0}, {0xc000385a00, 0x1, 0x1},
{0x55641d033260, ...}, ...})
        /home/ubuntu/go/src/github.com/kata-containers/kata-containers/src/runtime/virtcontainers/implementation.go:35 +0x74
github.com/kata-containers/kata-containers/src/runtime/pkg/katautils.CreateSandbox({_, _}, {_, _}, {{0xc0004806c0, 0x9}, 0xc000140110, 0xc00000f7a0,
{0x0, 0x0}, ...}, ...)
        /home/ubuntu/go/src/github.com/kata-containers/kata-containers/src/runtime/pkg/katautils/create.go:175 +0x8b6
github.com/kata-containers/kata-containers/src/runtime/pkg/containerd-shim-v2.create({0x55641c76dff8, 0xc0004129f0}, 0xc00034a000, 0xc00036a000)
        /home/ubuntu/go/src/github.com/kata-containers/kata-containers/src/runtime/pkg/containerd-shim-v2/create.go:147 +0xdea
github.com/kata-containers/kata-containers/src/runtime/pkg/containerd-shim-v2.(*service).Create.func2()
        /home/ubuntu/go/src/github.com/kata-containers/kata-containers/src/runtime/pkg/containerd-shim-v2/service.go:401 +0x32
created by github.com/kata-containers/kata-containers/src/runtime/pkg/containerd-shim-v2.(*service).Create
        /home/ubuntu/go/src/github.com/kata-containers/kata-containers/src/runtime/pkg/containerd-shim-v2/service.go:400 +0x534
```

This bug has been introduced as part of the
https://github.com/kata-containers/kata-containers/pull/4312 PR, which
changed how we add the network device.

In order to avoid the crash, let's simply check whether we have a device
to be added before iterating the list of network devices.

Fixes: #4618

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
 2022-07-13 10:40:21 +02:00
Fabiano Fidêncio
dc3b6f6592 versions: Update Cloud Hypervisor to v25.0 
Cloud Hypervisor v25.0 has been released on July 7th, 2022, and brings
the following changes:

**ch-remote Improvements**
The ch-remote command has gained support for creating the VM from a JSON
config and support for booting and deleting the VM from the VMM.

**VM "Coredump" Support**
Under the guest_debug feature flag it is now possible to extract the memory
of the guest for use in debugging with e.g. the crash utility.
(https://github.com/cloud-hypervisor/cloud-hypervisor/issues/4012)

**Notable Bug Fixes**
* Always restore console mode on exit
  (https://github.com/cloud-hypervisor/cloud-hypervisor/issues/4249,
   https://github.com/cloud-hypervisor/cloud-hypervisor/issues/4248)
* Restore vCPUs in numerical order which fixes aarch64 snapshot/restore
  (https://github.com/cloud-hypervisor/cloud-hypervisor/issues/4244)
* Don't try and configure IFF_RUNNING on TAP devices
  (https://github.com/cloud-hypervisor/cloud-hypervisor/issues/4279)
* Propagate configured queue size through to vhost-user backend
  (https://github.com/cloud-hypervisor/cloud-hypervisor/issues/4286)
* Always Program vCPU CPUID before running the vCPU to fix running on Linux
  5.16
  (https://github.com/cloud-hypervisor/cloud-hypervisor/issues/4156)
* Enable ACPI MADT "Online Capable" flag for hotpluggable vCPUs to fix newer
  Linux guest

**Removals**
The following functionality has been removed:

* The mergeable option from the virtio-pmem support has been removed
  (https://github.com/cloud-hypervisor/cloud-hypervisor/issues/3968)
* The dax option from the virtio-fs support has been removed
  (https://github.com/cloud-hypervisor/cloud-hypervisor/issues/3889)

Fixes: #4641

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
 2022-07-12 14:47:58 +00:00
Georgina Kinge
9d524b29ad CCv0: Merge main into CCv0 branch 
Merge remote-tracking branch 'upstream/main' into CCv0

Fixes: #4602
Signed-off-by: Georgina Kinge <georgina.kinge@ibm.com>
 2022-07-06 14:27:15 +01:00
GabyCT
02a51e75a7 Merge pull request #4554 from liubin/fix/delete-not-used-console-from-container-config 
runtime: delete Console from Cmd type
 2022-06-30 11:40:07 -05:00
Fabiano Fidêncio
aa561b49f5 Merge pull request #4540 from fidencio/topic/default_maxmemory 
Add `default_maxmemory` config option
 2022-06-30 12:08:15 +02:00
GabyCT
2a94261df5 Merge pull request #4549 from liubin/fix/4419-set-status-if-wait-process-failed 
shim: set a non-zero return code if the wait process call failed.
 2022-06-29 17:04:53 -05:00
Georgina Kinge
eb9836ff8e runtime: add image import back in 
Putting image import back in after removal during merge conflict

Fixes: #4555
Signed-off-by: Georgina Kinge <georgina.kinge@ibm.com>
 2022-06-29 14:13:18 +01:00
Georgina Kinge
bda68b16f1 CCv0: Merge main into CCv0 branch 
Merge remote-tracking branch 'upstream/main' into CCv0

Fixes: #4555
Signed-off-by: Georgina Kinge <georgina.kinge@ibm.com>
 2022-06-29 13:22:22 +01:00
liubin
a5a25ed13d runtime: delete Console from Cmd type 
There is much code related to this property, but it is not used anymore.

Fixes: #4553

Signed-off-by: liubin <liubin0329@gmail.com>
 2022-06-29 17:36:32 +08:00
liubin
ab5f1c9564 shim: set a non-zero return code if the wait process call failed. 
Return code is an int32 type, so if an error occurred, the default value
may be zero, this value will be created as a normal exit code.

Set return code to 255 will let the caller(for example Kubernetes) know
that there are some problems with the pod/container.

Fixes: #4419

Signed-off-by: liubin <liubin0329@gmail.com>
 2022-06-29 12:33:32 +08:00
Eric Ernst
5f936f268f virtcontainers: config validation is host specific 
Ideally this config validation would be in a seperate package
(katautils?), but that would introduce circular dependency since we'd
call it from vc, and it depends on vc types (which, shouldn't be vc, but
probably a hypervisor package instead).

Signed-off-by: Eric Ernst <eric_ernst@apple.com>
 2022-06-28 18:22:28 -07:00
Fabiano Fidêncio
323271403e virtcontainers: Remove unused function 
While working on the previous commits, some of the functions become
non-used.  Let's simply remove them.

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
 2022-06-28 21:19:24 +02:00
Fabiano Fidêncio
58ff2bd5c9 clh,qemu: Adapt to using default_maxmemory 
Let's adapt Cloud Hypervisor's and QEMU's code to properly behave to the
newly added `default_maxmemory` config.

While implementing this, a change of behaviour (or a bug fix, depending
on how you see it) has been introduced as if a pod requests more memory
than the amount avaiable in the host, instead of failing to start the
pod, we simply hotplug the maximum amount of memory available, mimicing
better the runc behaviour.

Fixes: #4516

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
 2022-06-28 21:19:24 +02:00
Fabiano Fidêncio
afdc960424 hypervisor: Add default_maxmemory configuration 
Let's add a `default_maxmemory` configuration, which allows the admins
to set the maximum amount of memory to be used by a VM, considering the
initial amount + whatever ends up being hotplugged via the pod limits.

By default this value is 0 (zero), and it means that the whole physical
RAM is the limit.

Fixes: #4516

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
 2022-06-28 08:32:15 +02:00
Eric Ernst
bdf5e5229b virtcontainers: validate hypervisor config outside of hypervisor itself 
Depending on the user of it, the hypervisor from hypervisor interface
could have differing view on what is valid or not. To help decouple,
let's instead check the hypervisor config validity as part of the
sandbox creation, rather than as part of the CreateVM call within the
hypervisor interface implementation.

Fixes: #4251

Signed-off-by: Eric Ernst <eric_ernst@apple.com>
 2022-06-27 11:53:41 -07:00
Eric Ernst
469e098543 katautils: don't do validation when loading hypervisor config 
Policy for whats valid/invalid within the config varies by VMM, host,
and by silicon architecture. Let's keep katautils simple for just
translating a toml to the hypervisor config structure, and leave
validation to virtcontainers.

Without this change, we're doing duplicate validation.

Signed-off-by: Eric Ernst <eric_ernst@apple.com>
 2022-06-27 10:13:26 -07:00
Bin Liu
27b1bb5ed9 Merge pull request #4467 from egernst/device-pkg 
device package cleanup/refactor
 2022-06-27 14:40:53 +08:00
Eric Ernst
f97d9b45c8 runtime: device/persist: drop persist dependency from device pkgs 
Rather than have device package depend on persist, let's define the
(almost duplicate) structures within device itself, and have the Kata
Container's persist pkg import these.

This'll help avoid unecessary dependencies within our core packages.

Signed-off-by: Eric Ernst <eric_ernst@apple.com>
 2022-06-26 21:31:29 -07:00
Eric Ernst
f9e96c6506 runtime: device: move to top level package 
Let's move device package to runtime/pkg instead of being buried under
virtcontainers.

Signed-off-by: Eric Ernst <eric_ernst@apple.com>
 2022-06-26 21:31:29 -07:00
Fabiano Fidêncio
133528dd14 Merge pull request #4503 from amshinde/multi-queue-block 
block: Leverage multiqueue for virtio-block
 2022-06-23 12:17:11 +02:00
Fabiano Fidêncio
78e27de6c3 Merge pull request #4358 from zvonkok/memreserve 
runtime: Add heuristic to get the right value(s) for mem-reserve
 2022-06-22 13:41:23 +02:00
Georgina Kinge
4f80ea1962 CCv0: Merge main into CCv0 branch 
Merge remote-tracking branch 'upstream/main' into CCv0

Fixes: #4507
Signed-off-by: Georgina Kinge <georgina.kinge@ibm.com>
 2022-06-22 10:06:27 +01:00
Archana Shinde
e227b4c404 block: Leverage multiqueue for virtio-block 
Similar to network, we can use multiple queues for virtio-block
devices. This can help improve storage performance.
This commit changes the number of queues for block devices to
the number of cpus for cloud-hypervisor and qemu.

Today the default number of cpus a VM starts with is 1.
Hence the queues used will be 1. This change will help
improve performance when the default cold-plugged cpus is greater
than one by changing this in the config file. This may also help
when we use the sandboxing feature with k8s that passes down
the sum of the resources required down to Kata.

Fixes #4502

Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
 2022-06-21 12:38:53 -07:00
Eric Ernst
72049350ae Merge pull request #4288 from fengwang666/enable-qemu-sandbox 
runtime: enable sandbox feature on qemu
 2022-06-21 09:22:26 -07:00