- add pcie-root-port device to qemu command line for q35
- hotplug a PCIe device into a PCIe Root Port
Fixes: #2432
Signed-off-by: Jimmy Xu <junming.xjm@antfin.com>
This commit adds qemu virtio-mem support.
Then qemu can use virtio-mem support memory resize.
To enable this function, need the Linux and the qemu that support
virtio-mem.
Use command "echo 1 > /proc/sys/vm/overcommit_memory" to enable memory
overcommitment of the Linux kernel. Because qemu virtio-mem device need
to allocate a lot of memory.
Set "enable_virtio_mem" of kata configuration to true.
Fixes: #2406
Signed-off-by: Hui Zhu <teawater@antfin.com>
The sandbox cgroup will be constrained if there is no container
type annotation, otherwise kata will rely on container engine's cgroup
configuration
Depends-on: github.com/kata-containers/tests#2255
fixes#2408
Signed-off-by: Julio Montes <julio.montes@intel.com>
Fixes#803
Move "newstore" features out of experimental feature list, from this
commit "newstore" will be default enabled.
Signed-off-by: Wei Zhang <weizhang555@gmail.com>
To control whether an image rootfs is used as nvdimm device or just
plain virtio-block device.
Fixes: #2372
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
NEMU deprecation was announced in 1.8 of Kata. Removing from tree.
Thanks for all the fish!
Fixes: #2195
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
Updated to better clarify this configuration option. Currently in QEMU
pre 1.9 release of Kata, vhost-net is used for the virtio-net backend.
This results in efficient network I/O performance, but does rely on the
backend running in ring0 (host kernel). Update comment to clarify this
trade-off for end-users.
Fixes: #2198
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
vhost-net backend is not supported by the Firecracker VMM. It doesn't
make sense to have this in the configuration, and we should explicitly
disable it.
Fixes: #2192
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
Prior to the addition of tcMirroring support kata-runtime had
compatibility issues with some CNI plugins some of which were addressed
by the bridged model. With the addition of tc mode there are no gaps in
networking that can be filled by the bridged mode or enlightened mode
(which was never implemented).
Eliminate both of these options to simplify the setup.
Fixes: #1213
Signed-off-by: Manohar Castelino <manohar.r.castelino@intel.com>
ACRN doesn't support configuring number of guest vcpu option ('-c') anymore.
Number of guest vcpus will be defined in the hypervisor scenario
configuration file instead.
Removed the -c option from the acrn-dm parameters when launching VMs and
also trimmed configuration.toml file accordingly.
fixes#2136
Signed-off-by: Vijay Dhanraj <vijay.dhanraj@intel.com>
This will fix the qemu-virtiofs.toml to use the kernel with virtiofs.
Also removes the initrd image from the toml.
Depends-on: github.com/kata-containers/packaging#731
Fixes#2077
Signed-off-by: Gabriela Cervantes <gabriela.cervantes.tellez@intel.com>
instead of using `DEFSHAREDFS_NEMU` in `configuration-qemu-virtiofs.toml`,
use `DEFSHAREDFS_QEMU_VIRTIOFS`.
nemu will be deprecated soon so using `DEFSHAREDFS_NEMU` may
brake the configuration for qemu-virtiofs.
Signed-off-by: Salvador Fuentes <salvador.fuentes@intel.com>
currently virtiofs support is being reworked to use qemu
and kernel from virtio-fs gitlab repo. The current support
that we have for virtio-fs has been disabled as required
patches for the 4.19 kernel were removed in [1].
[1] https://github.com/kata-containers/packaging/pull/703Fixes: #2048.
Signed-off-by: Salvador Fuentes <salvador.fuentes@intel.com>
Enable a new configuration file for QEMU with virtiofs 3.0
Depends-on: github.com/kata-containers/packaging#710
Fixes#2053
Signed-off-by: Gabriela Cervantes <gabriela.cervantes.tellez@intel.com>
add option to eneable only pod cgroup (SandboxCgroupOnly)
Depends-on: github.com/kata-containers/tests#1824
Fixes: #1879
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
Since virtio-fs is under active development, more
options will be added increasingly. To avaoid frequent
change on runtime side to handle option changes, use
one mingled arg to ease testing new option/feature of
virtiofsd.
See `virtiofsd -h` for more option details.
Fixes: #1999
Signed-off-by: Eric Ren <renzhen@linux.alibaba.com>
The list of kernel modules can be passed to the runtime through the
configuration file or using OCI annotations. In both cases, a list paramentes
can be specified for each module.
fixes#1925
Signed-off-by: Julio Montes <julio.montes@intel.com>
Add jailer support to configuration files.
Also enable jailer by default in Kata containers.
Signed-off-by: Manohar Castelino <manohar.r.castelino@intel.com>
This patch covers the following aspects,
1. Add ACRN as a supported hypervisor for amd64 architecture.
2. Build and install configuration file for ACRN hypervisor.
v1->v2:
1. Deleted autogenerated configuration-acrn.toml.
2. Trimmed configuration options not used by ACRN.
Fixes: #1778
Signed-off-by: Vijay Dhanraj <vijay.dhanraj@intel.com>
proxy will never be use with the Firecracker VMM. Keeping this header
will result in runtime failures, since the configuration will be parsed
on the path searched for.
Since vsock will always be used, remove the proxy section.
Fixes: #1761
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
A file based memory backend mapped to the host, fot eg: '/dev/shm' will
be used by virtio-fs for performance reasons. This change is a generic
implementation of that for kata. This will be enabled default for
virtio-fs negating the need to enable hugepages in that scenario. This
option can be used without virtio-fs by setting 'file_mem_backend' to
the location in the configuration file. Default value is an empty
string.
Fixes: #1656
Signed-off-by: Ganesh Maharaj Mahalingam <ganesh.mahalingam@intel.com>
nemu needs to be configured with:
`machine_type = "virt"` by default.
In addition, this commit removes
`machine_accelerators="virt"` which was added instead
of `machine_type` in a previous commit.
Fixes: #1707.
Signed-off-by: Salvador Fuentes <salvador.fuentes@intel.com>
- For initial offering of virtiofsd, hugepages are required
- use the qemu hypervisor type for configuration template
- decrease virtiofs cache size from 8192 to 1024, to better support
running with virtio-fs on smaller machines while hugepages are required.
- For initial experimental release, utilize virtio-serial instead of
vsock
Fixes: #1662
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
NEMU requires a unique runtime configuration. Add support for utilizing
a configuration-nemu.toml
Fixes: #1647
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
Several cache modes are supported by virtio-fs. They affect the
performance and consistency characteristics of the file system.
For the time being cache="none" is recommended, but the other modes can
be experimented with.
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Add VirtioFSCacheSize aka virtio_fs_cache_size option
to set the size (in MiB) of the DAX cache.
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Add a config option to select between virtio-9p and virtiofs. This
option currently has no effect and will be used in a later patch.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Add configuration options to support the various Kata agent tracing
modes and types. See the comments in the built configuration files for
details:
- `cli/config/configuration-fc.toml`
- `cli/config/configuration-qemu.toml`
Fixes#1369.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Previously, the agent behaviour was controlled entirely using the
`kernel_params=` config option. This mechanism suffers from a subtle
problem - the runtime is not aware of how the agent will behave.
From now on, all significant agent options will be controlled from the
agent section in the configuration file. This allows the runtime to be
more aware of -- and in control of -- such agent settings. It would also
allow the underlying kernel CLI options to be modified in the future if
required.
This PR adds the only useful agent option as an explicit option by
adding an `enable_debug=true` option to the Kata agent section in
`configuration.toml`. This allows controlling agent debug to be handled
in the same manner as the other debug options.
This change is somewhat foundational: it permits the agent to be handled
consistently with other config file sections which is useful, but
arguably not essential (the old way worked). However, the new way of
handling agent options will be essential when introducing agent tracing
control as the runtime must be aware of the agent trace mode to allow
the runtime to modify its behaviour accordingly.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Fixes#1226
Add new flag "experimental" for supporting underworking features.
Some features are under developing which are not ready for release,
there're also some features which will break compatibility which is not
suitable to be merged into a kata minor release(x version in x.y.z)
For getting these features above merged earlier for more testing, we can
mark them as "experimental" features, and move them to formal features
when they are ready.
Signed-off-by: Wei Zhang <zhangwei555@huawei.com>
VMCache is a new function that creates VMs as caches before using it.
It helps speed up new container creation.
The function consists of a server and some clients communicating
through Unix socket. The protocol is gRPC in protocols/cache/cache.proto.
The VMCache server will create some VMs and cache them by factory cache.
It will convert the VM to gRPC format and transport it when gets
requestion from clients.
Factory grpccache is the VMCache client. It will request gRPC format
VM and convert it back to a VM. If VMCache function is enabled,
kata-runtime will request VM from factory grpccache when it creates
a new sandbox.
VMCache has two options.
vm_cache_number specifies the number of caches of VMCache:
unspecified or == 0 --> VMCache is disabled
> 0 --> will be set to the specified number
vm_cache_endpoint specifies the address of the Unix socket.
This commit just includes the core and the client of VMCache.
Currently, VM cache still cannot work with VM templating and vsock.
And just support qemu.
Fixes: #52
Signed-off-by: Hui Zhu <teawater@hyper.sh>
Support building with `make HYPERVISOR=firecracker`.
Notes:
- Firecracker is currently only supported on x86_64, hence the
architecture check.
- The template file `cli/config/configuration-fc.toml.in` is based
on `cli/config/configuration.toml.in`.
Fixes#1105.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Improve the build to:
- Encapsulate the qemu configuration.
- Validate the chosen hypervisor.
- Display hypervisor details for `make help`.
This lays the groundwork to build configurations for multiple
hypervisors.
Notes:
- Variables that are hypervisor specific have now been suffixed with `_QEMU`.
- `make install` now installs `configuration-qemu.toml`.
To maintain compatibility with existing installations, a symbolic link
to this file called `configuration.toml` is created.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Pass Seccomp profile to the agent only if
the configuration.toml allows it to be passed
and the agent/image is seccomp capable.
Fixes: #688
Signed-off-by: Nitesh Konkar niteshkonkar@in.ibm.com
This value will be plused to max memory of hypervisor.
It is the memory address space for the NVDIMM devie.
If set block storage driver (block_device_driver) to "nvdimm",
should set memory_offset to the size of block device.
Signed-off-by: Hui Zhu <teawater@hyper.sh>
Set block_device_driver to "nvdimm" will make the hypervisor use
the block device as NVDIMM disk.
Fixes: #1032
Signed-off-by: Hui Zhu <teawater@hyper.sh>
