We should refine unit test which involves func SupportsVsocks and newly
reconstructed struct kernelModule.
Fixes: #1512
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
QEMU opens /dev/vhost-vsock and this causes vhost_vsock.ko to be
automatically loaded.
So, checking the existence of /dev/vhost-vsock is enough.
Fixes: #1512
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
Setup rootfs to be RO both from the VMM point of view and the
VM point of view.
Fixes: #1632
Signed-off-by: Manohar Castelino <manohar.r.castelino@intel.com>
When using experimental feature "newstore", we save and load devices
information from `persist.json` instead of `devices.json`, in such case,
file `devices.json` isn't needed anymore, so remove it.
Signed-off-by: Wei Zhang <zhangwei555@huawei.com>
Several cache modes are supported by virtio-fs. They affect the
performance and consistency characteristics of the file system.
For the time being cache="none" is recommended, but the other modes can
be experimented with.
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Add VirtioFSCacheSize aka virtio_fs_cache_size option
to set the size (in MiB) of the DAX cache.
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Firecracker does not support pci. It also uses kbd to implement reboot/reset.
Fix the kernel boot params to address this.
It also does not have good entropy at startup. Use the hardware random
number generator to support entropy.
Fixes: #1620
Signed-off-by: Manohar Castelino <manohar.r.castelino@intel.com>
This change updates the isSystemMount check for mountSharedDirMounts
when setting up shared directory mounts for the container and uses
the source of the mount instead of the destination for the check.
We want to exclude system mounts from the host side as they
shouldn't be mounted into the container.
We do however want to allow system mounts within the
container as denying them can prevent some containers from
running properly.
Fixes#1591
Signed-off-by: Alex Price <aprice@atlassian.com>
Kata support specifing the default VM configuration via
configuration.toml. This allows the system or cluster admin
to choose the default (i.e minimum) size of the VM.
Add support in kata to respect the VM configuration for firecracker.
Also refactor some code to make error handling uniform.
Fixes: #1594
Signed-off-by: Manohar Castelino <manohar.r.castelino@intel.com>
Add support for v0.15.x. Change the drive naming scheme to match
the requirement of v0.15.x
Fixes: #1598
Signed-off-by: Manohar Castelino <manohar.r.castelino@intel.com>
Add a config option to select between virtio-9p and virtiofs. This
option currently has no effect and will be used in a later patch.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
The virtcontainers `Makefile` was referencing an old script to handle
static checks. Although these are still run if `make` is invoked at the
top-level, correct the error.
Fixes#1609.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
sockets * cores * threads should be equal to maxcpus otherwise a
warning is thrown: 'warning: Invalid CPU topology deprecated:
sockets * cores * threads != maxcpus'
This warning in the future will be an error and won't be possible to run
kata containers.
fixes#1605
Signed-off-by: Julio Montes <julio.montes@intel.com>
The proxy is in charge to print the agent logs, but when `use_vsocks` is true
the runtime doesn't start the proxy, because it's not needed, hence the agent
logs are ignored. To mitigate this limitation and to make the debugging
processes easier, the fist shim started (the one who monitors the sandbox)
will read the console.sock and print the agent logs.
Depends-on: github.com/kata-containers/shim#172
fixes#1596
Signed-off-by: Julio Montes <julio.montes@intel.com>
Add configuration options to support the various Kata agent tracing
modes and types. See the comments in the built configuration files for
details:
- `cli/config/configuration-fc.toml`
- `cli/config/configuration-qemu.toml`
Fixes#1369.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Updated the agent vendoring for `StartTracing` and `StopTracing`. This
only changed a single file - the auto-generated gRPC protocol
buffer file.
This change resolves four vendoring issues:
- The github.com/kubernetes-incubator/cri-o project was renamed to
github.com/cri-o/cri-o. Although github redirects, `dep` complains that
it cannot find the old `github.com/kubernetes-incubator/cri-o` files
under `vendor/` so remove the old config, relying on the existing (and
in other respects identical) `dep` config.
- There was a stale dependency on `github.com/clearcontainers/proxy`
which should have been removed when the Clear Containers code was
excised.
- The latest version of the agent code vendored into the runtime prior
to this commit was a merge commit (commit
`48dd1c031530fce9bf16b0f6a7305979cedd8fc9`). This somehow confused `dep`
which did *not* correctly pull in the latest version of the
auto-generated gRPC code
(`vendor/github.com/kata-containers/agent/protocols/grpc/agent.pb.go`).
This is clear because commit `48dd1c031530fce9bf16b0f6a7305979cedd8fc9`
is newer than the agent commit that introduced the `StartTracing` and
`StopTracing` APIs (`00cf907afcb7c8e56f077cf45ae3615f612fdc9d`).
Resolving the other two issues above seems to have resolved this issue
as the correct version of this file has now been included in the
vendoring, however note there is no change to the `dep` files as this
version of `agent.pb.go` should already have been included (!)
- Updating `agent.pb.go` also removed the `AddInterface` and
`RemoveInterface` API calls which should again also have been removed
already.
Updated tests to remove these redundant calls.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Previously, the agent behaviour was controlled entirely using the
`kernel_params=` config option. This mechanism suffers from a subtle
problem - the runtime is not aware of how the agent will behave.
From now on, all significant agent options will be controlled from the
agent section in the configuration file. This allows the runtime to be
more aware of -- and in control of -- such agent settings. It would also
allow the underlying kernel CLI options to be modified in the future if
required.
This PR adds the only useful agent option as an explicit option by
adding an `enable_debug=true` option to the Kata agent section in
`configuration.toml`. This allows controlling agent debug to be handled
in the same manner as the other debug options.
This change is somewhat foundational: it permits the agent to be handled
consistently with other config file sections which is useful, but
arguably not essential (the old way worked). However, the new way of
handling agent options will be essential when introducing agent tracing
control as the runtime must be aware of the agent trace mode to allow
the runtime to modify its behaviour accordingly.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Removed the unused `KataShimConfig` type and updated an error message
that incorrectly mentioned it.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Make `newAgentConfig()` return an explicit error rather than handling
the error scenario by simply returning the `error` object in the
`interface{}` return type. The old behaviour was confusing and
inconsistent with the other functions creating a new config type (shim,
proxy, etc).
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
This reverts commit 196661bc0d.
Reverting because cri-o with devicemapper started
to fail after this commit was merged.
Fixes: #1574.
Signed-off-by: Salvador Fuentes <salvador.fuentes@intel.com>
In order to support NOARP in ipvlan interface, the runtime
will pass the rawflags to agent, which also apply to other
network interfaces, not just ipvlan.
Fixes: #1391
Signed-off-by: Zha Bin <zhabin@linux.alibaba.com>
We can use the same data structure to describe both of them.
So that we can handle them similarly.
Fixes: #1566
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
