The CPUinfo need to be refined in Arm architecture, because the
vendor and model of CPU may refer to different meaning in Arm architecture.
Besides, relevant contents extracted from /proc/cpuinfo may need to be
normalized for human-readability.
Fixes: #368
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
Signed-off-by: Wei Chen <wei.chen@arm.com>
in old specs.Spec, Capabilities is [] string, but we don't use CompatOCISpec
for compatibility in kataAgent/createContainer.
fixes#333
Signed-off-by: y00316549 <yangshukui@huawei.com>
Instead of pausing the sanbox, this patch just pauses the container
allowing the communication with the agent. The communication with the agent
should be still possible even if all containers are paused, because of we don't
know when a new container can be created in the same sandbox.
Depends-on: github.com/kata-containers/agent#246
fixes#317
Signed-off-by: Julio Montes <julio.montes@intel.com>
Since the runtime can load its configuration from multiple locations,
add a log field to show which location was used.
Change log level from Debug to Info as this is generally useful
information.
Fixes#335.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
If you build and install the runtime, the config file will contain an
entry for both an `initrd=` and an `image=` entry.
The Developer Guide explains that the user must disable one but it is
easy to forget.
Modified the runtime to fail if both an image and an initrd are
specified. Also added a new test for this scenario.
Fixes#318.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Events cli display container events such as cpu,
memory, and IO usage statistics.
By now OOM notifications and intel RDT are not fully supproted.
Fixes: #186
Signed-off-by: Haomin <caihaomin@huawei.com>
Remove the agent version from the output of `kata-env`. The value was
always a static string (`<<unknown>>`) because the runtime cannot
determine the agent version without creating a container.
Note that agent details, including the version, *are* displayed when
the user runs `kata-collect-data.sh`.
Fixes#310.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
There is a relation between the maximum number of vCPUs and the
memory footprint, if QEMU maxcpus option and kernel nr_cpus
cmdline argument are big, then memory footprint is big, this
issue only occurs if CPU hotplug support is enabled in the kernel,
might be because of kernel needs to allocate resources to watch all
sockets waiting for a CPU to be connected (ACPI event).
For example
```
+---------------+-------------------------+
| | Memory Footprint (KB) |
+---------------+-------------------------+
| NR_CPUS=240 | 186501 |
+---------------+-------------------------+
| NR_CPUS=8 | 110684 |
+---------------+-------------------------+
```
In order to do not affect CPU hotplug and allow to users to have containers
with the same number of physical CPUs, this patch tries to mitigate the
big memory footprint by using the actual number of physical CPUs as the
maximum number of vCPUs for each container if `default_maxvcpus` is <= 0 in
the runtime configuration file, otherwise `default_maxvcpus` is used as the
maximum number of vCPUs.
Before this patch a container with 256MB of RAM
```
total used free shared buff/cache available
Mem: 195M 40M 113M 26M 41M 112M
Swap: 0B 0B 0B
```
With this patch
```
total used free shared buff/cache available
Mem: 236M 11M 188M 26M 36M 186M
Swap: 0B 0B 0B
```
fixes#295
Signed-off-by: Julio Montes <julio.montes@intel.com>
An empty string for an environment variable simply means that the
variable is unset. Do not error out if the env value is empty.
Fixes#288
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Update command is used to update container's resources at run time.
All constraints are applied inside the VM to each container cgroup.
By now only CPU constraints are fully supported, vCPU are hot added
or removed depending of the new constraint.
fixes#189
Signed-off-by: Julio Montes <julio.montes@intel.com>
This commit will allow for better performance regarding the time spent
to retrieve the sandbox ID related to a container ID.
The way it works is by relying on a specific mapping between container
IDs and sanbox IDs, meaning it allows to retrieve directly the sandbox
ID related to a container ID from the CLI. This lowers complexity from
O(n²) to O(1), because we don't need to call into ListPod() which was
parsing all the pods and all the containers on the system everytime
the CLI need to retrieve this mapping.
This commit also updates the whole unit tests as a consequence. This
is involving most of them since they were all relying on ListPod()
before.
Fixes#212
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
Rework the signal handling code so that if debug is enabled and a
`SIGUSR1` signal is received, backtrace to the system log but continue
to run.
Added some basic tests for the signal handling code.
Fixes#241.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
The same way a caller of "kata-runtime kill 12345" expects
the container 12345 to be killed, the same call to a container
representing a sandbox should actually kill the sandbox, meaning
it would be stopped after the container has been killed.
This way, the caller knows the VM is stopped after kill returns.
This is an issue raised by Openshift and Kubernetes tests. They
call into delete way after the call to kill has been submitted,
and in the meantime they kill all processes related to the container,
meaning they do kill the VM before we could do it ourselves. In this
case, the delete responsible of stopping the VM comes too late and it
returns an error when trying to destroy the sandbox while trying to
communicate with the agent since the VM is not here anymore.
This commit addresses this issue by letting "kill" call into
StopSandbox() if the command relates to a sandbox instead of
a simple container.
Fixes#246
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
The way a delete works, it was always trying to stop the sandbox, even
when the force flag was not enabled. Because we want to be able to stop
the sandbox from a kill command, this means a sandbox stop might be
called twice, and we don't want the second stop to fail, leading to the
failure of the delete command.
That's why this commit checks for the sandbox status before to try
stopping the sandbox.
Fixes#246
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
The config file is in TOML format which supports comments, so add the
license header to it.
Fixes#234.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
maligned linter was complaining about the size of the
struct. So move fields around to pack the struct better.
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Many cli and arch files were using the 'older style' fairly full
Apache license text. The project standard is the shorter SPDX style.
Convert them over.
Fixes: #225
Signed-off-by: Graham whaley <graham.whaley@intel.com>
As agreed in [the kata containers API
design](https://github.com/kata-containers/documentation/blob/master/design/kata-api-design.md),
we need to rename pod notion to sandbox. The patch is a bit big but the
actual change is done through the script:
```
sed -i -e 's/pod/sandbox/g' -e 's/Pod/Sandbox/g' -e 's/POD/SB/g'
```
The only expections are `pod_sandbox` and `pod_container` annotations,
since we already pushed them to cri shims, we have to use them unchanged.
Fixes: #199
Signed-off-by: Peng Tao <bergwolf@gmail.com>
Add option to configure if IO needs to be in a separate IO thread.
Add tests to verify option is correctly parsed. The default value
is set to false for now.
This should be considered to be enabled by default in the future.
Fixes#132
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
If a container is not running, but created/ready instead, this means
a container process exists and that we can actually exec another
process inside this container. The container does not have to be
in running state.
Fixes#120
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
Add `initrd=[path]` option to configuration.toml and use it to set
the HypervisorConfig.InitrdPath option.
The default value of hypervisor image option is removed since we want
to allow it to be unset. For the same reason, there is no default value
for hypervisor initrd option either.
Signed-off-by: Peng Tao <bergwolf@gmail.com>
Merge `cli/Makefile` with the top level `Makefile`.
Also includes a Travis config update.
Fixes#88.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
