Test PR #130
Merged
Test PR #130
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This PR disables the stratovirt for gha metrics. Fixes kata-containers#8496 Signed-off-by: Gabriela Cervantes <[email protected]>
Update cloud hypervisor implementation to allow hybrid vsock device to be handled. Fixes kata-containers#6692 Signed-off-by: Chelsea Mafrica <[email protected]>
(1) rawblock volume is directvol mount type. (2) block volume is based on the bind mount type. Fixes: kata-containers#8300 Signed-off-by: alex.lyn <[email protected]>
Fixes: kata-containers#8300 Signed-off-by: alex.lyn <[email protected]>
Add a new dire direct_volumes containing spdk, rawblock and vfio volume. Fixes: kata-containers#8300 Signed-off-by: alex.lyn <[email protected]>
Fiexes: kata-containers#8300 Signed-off-by: alex.lyn <[email protected]>
Introduce a new function generate_vhost_vsock_cid to generate a guest CID and set guest CID for vsock fd. Also this commit wouldn't introduce functional change and it's just splited from the previous VsockDevice::new(). Fixes: kata-containers#8474 Signed-off-by: alex.lyn <[email protected]>
Currently encounters difficulty in utilizing the clone operation on VsockConfig due to the implicit management of the vhost fd within the runtime-rs. This responsibility should be delegated to the VMM(especially QEMU) child process, as it's not runtime-rs core responsibilities. We'll remove the member vhost_fd from VsockConfig and make the VsockConfig/VsockDevice Cloneable. Fixes: kata-containers#8474 Signed-off-by: alex.lyn <[email protected]>
As vsock device will be used in Qemu or other VMMs, the Vsoock is reintroduced to DeviceType enum. Fixes: kata-containers#8474 Signed-off-by: Pavel Mores <[email protected]> Signed-off-by: alex.lyn <[email protected]>
(1) Implement Device Trait for vsock device. (2) add vsock device in device manager. Fixes: kata-containers#8474 Signed-off-by: alex.lyn <[email protected]>
Fiexes: kata-containers#8300 Signed-off-by: alex.lyn <[email protected]>
The current infra(K8S, CSI, CRI, Containerd) for Kata containers is unable to properly handle direct volumes, resulting in the need for workarounds like searching/comparision and then patch up volume type. In this commit, reimplement of handling method is added to support raw block volume which backends may be rawdisk or other format file. Fixes: kata-containers#8300 Signed-off-by: alex.lyn <[email protected]>
(1) Add enum DirectVolumeType for direct volumes. (2) Reimplement spdk volume into direct_volume and do alignment of rawblock volume. Fixes: kata-containers#8300 Signed-off-by: alex.lyn <[email protected]>
Reimplement vfio volume into direct_volume and do alignment of rawblock/spdk volume. Fixes: kata-containers#8300 Signed-off-by: alex.lyn <[email protected]>
Install the rust runtime configuration files to a `runtime-rs/` directory to distinguish them from the golang config files (which may have a different syntax). The default values mean that the rust config files are now installed to `/opt/kata/share/defaults/kata-containers/runtime-rs/` rather than `/opt/kata/share/defaults/kata-containers/`. See: kata-containers#6020 Fixes: kata-containers#8444. Signed-off-by: James O. D. Hunt <[email protected]>
Update the `DEFAULT_RUNTIME_CONFIGURATIONS` list to include a number of rust runtime specific paths to try to load before checking the "traditional" (golang) runtime configuration paths. Signed-off-by: James O. D. Hunt <[email protected]>
As the configuration files are different, we can safely remove those as any new installation of the binary should also bring in the new configurations. This makes things less error-prone in the future, as we're ensuring that the rust runtime will only be reading the rust configuration files. Signed-off-by: Fabiano Fidêncio <[email protected]>
By convention the caller of tools/packaging/kernel/build-kernel.sh changes the script behavior by passing arguments, whereas, for measured rootfs it has used an environment variable (MEASURED_ROOTFS). This refactor the script so that the caller now must pass the "-m" argument to enable the build of the kernel with measured rootfs support. Fixes kata-containers#6674 Signed-off-by: Wainer dos Santos Moschetta <[email protected]>
Moved the measure rootfs logic from kata-deploy-binaries.sh to the kernel's builder script so that the former get less bloated with components's specific code. Fixes kata-containers#6674 Signed-off-by: Wainer dos Santos Moschetta <[email protected]>
Moved the measure rootfs logic from kata-deploy-binaries.sh to the shim-v2's builder script so that the former get less bloated with components's specific code. Fixes kata-containers#6674 Signed-off-by: Wainer dos Santos Moschetta <[email protected]>
The KATA_BUILD_CC variable plus the existence (or not) of the initramfs were used to determine whether to build the kernel for measured rootfs or not. Currently the variable MEASURED_ROOTFS has been used to trigger the feature build and when it is activated it should expect the initramfs exist. In other words, this changed the kernel build so that if `MEASURED_ROOTFS=yes` then the initramf file must exist and be found. Signed-off-by: Wainer dos Santos Moschetta <[email protected]>
When measured toofs is enabled then the shim-v2 build should find the guest rootfs hash file, otherwise might (silently) generate configuration files with empty hash. Signed-off-by: Wainer dos Santos Moschetta <[email protected]>
Re-wrote the logic of init.sh to follow the rules: * the root device MUST exist always because it will be either mounted or verified (then mounted) * if rootfs verifier is enabled then the hash device MUST exist. Avoid the case where dm-verity is set but the hash device does not exist and so the verification is silently skipped Signed-off-by: Wainer dos Santos Moschetta <[email protected]>
The following functions were copied from CCv0's branch test's integration/kubernetes/confidential/lib.sh. I did just smalls refactorings (shortened their names and delinted shellcheck warnings): - k8s_delete_all_pods_if_any_exists() - k8s_wait_pod_be_ready() - k8s_create_pod() - assert_pod_fail() Co-authored-by: Fabiano Fidêncio <[email protected]> Co-authored-by: Georgina Kinge <[email protected]> Co-authored-by: Jordan Jackson <[email protected]> Co-authored-by: Megan Wright <[email protected]> Signed-off-by: Wainer dos Santos Moschetta <[email protected]> Co-authored-by: Wang, Arron <[email protected]>
Copied the new_pod_config() and pod-config.yaml.in from CCv0 branch
tests' integration/kubernetes/confidential/tests_common.sh and fixtures.
Unlike the original version, new_pod_config() now gets the runtimeclass
by parameter as the RUNTIMECLASS environment variable seems not broadly
used on main branch's CI.
The pod-config.yaml.in was changed as the diff shows below. In
particular the imagePullSecrets was removed to avoid it throwing a
warning on the pod's log.
```
--- a/tests/integration/kubernetes/runtimeclass_workloads/pod-config.yaml.in
+++ b/tests/integration/kubernetes/runtimeclass_workloads/pod-config.yaml.in
@@ -5,12 +5,10 @@
apiVersion: v1
kind: Pod
metadata:
- name: busybox-cc
+ name: test-e2e
spec:
runtimeClassName: $RUNTIMECLASS
containers:
- - name: nginx
+ - name: test_container
image: $IMAGE
- imagePullPolicy: Always
- imagePullSecrets:
- - name: cococred
\ No newline at end of file
+ imagePullPolicy: Always
\ No newline at end of file
```
Co-authored-by: Georgina Kinge <[email protected]>
Co-authored-by: Megan Wright <[email protected]>
Co-authored-by: stevenhorsman <[email protected]>
Signed-off-by: Wainer dos Santos Moschetta <[email protected]>
The new clean-generated-files make target allows for removing the generated files (including the configuration.toml files). The tools/packaging/static-build/shim-v2/build.sh script now uses that target to always force the re-generation of those files. Signed-off-by: Wainer dos Santos Moschetta <[email protected]>
This new function allow to the annotations to metadata section in a yaml configuration file. Co-authored-by: Ryan Savino <[email protected]> Signed-off-by: Wainer dos Santos Moschetta <[email protected]>
Bring the assert_logs_contain() from CCv0 branch tests' integration/kubernetes/confidential/lib.sh. Introduced the print_node_journal() which uses `kubectl debug` to print the systemd's journal of a k8s's node. Fixes kata-containers#7590 Co-authored-by: stevenhorsman <[email protected]> Signed-off-by: Wainer dos Santos Moschetta <[email protected]>
Bring the setup_common() from CCv0 branch test's integration/kubernetes/confidential/tests_common.sh. It should be used to reduce boilerplates on the setup() of the tests. Unlike the original code, this won't export the `test_start_time` variable as it wouldn't be accurate to grab logs from the worker nodes due date/time mismatch between the running tests machine and the worker node. The function export the `node` variable which holds the name of a random node which has kata installed. Apart from that, it exports the `node_start_time` which capture the date/time when the test started, relative to the `node`. Tests that should inspect the logs can schedule pods/resources to the `node` and use `node_start_time` as the value reference to grep the logs. Fixes kata-containers#7590 Co-authored-by: stevenhorsman <[email protected]> Signed-off-by: Wainer dos Santos Moschetta <[email protected]>
Use this new function to set the node where the pod should be scheduled to. Signed-off-by: Wainer dos Santos Moschetta <[email protected]>
agent: correct CPUShares and CPUWeight value
As a follow-up for kata-containers#8516, guest_cid and vhost_fd are not necessarily initialised via new(). Instead, the fields should be initialised later when they are really used to construct hypervisor's parameters. This commit is to separate init_config() from new() to initialise guest_cid and vhost_fd and leave only the assignment of id for the existing function. Fixes: kata-containers#8671 Signed-off-by: Hyounggyu Choi <[email protected]>
…e-loc ci: Use static checks from kata repo for lib functions
This PR fixes the indentation of the confidential common script for kubernetes tests. Fixes kata-containers#8698 Signed-off-by: Gabriela Cervantes <[email protected]>
…device-init runtime-rs: Separate init_config() from new() for struct VsockDevice
`make SUPPORT_VIRTUALIZATION=1 test` iterates through all subcrates and does test. Plus, this patch fixes some issues about unit tests: - Feed too much parameters to `I8042Device::new()`. - Virtqueue checks have been introduced since `virtio-queue v0.7.0`. - GHA might have no access to `/var/tmp` dir on runner. Fixes: kata-containers#8690 Signed-off-by: Xuewei Niu <[email protected]>
dragonball: Trigger unit tests of dbs_* subcrates by `make test`
Add logging to run-runk, for debugging possible failures. Fixes: kata-containers#8696 Signed-off-by: Dan Mihai <[email protected]>
tests: additional run-runk logging
…tialscript tests: k8s: Fix indentation in confidential common script
…te-readme runtime-rs: Update readme to indicate cloud-hypervisor support
After kata-deploy has installed, check that the worker nodes are still in Ready state and don't have a containerd://Unknown container runtime versions, identicating that container isn't working to ensure that we didn't corrupt the containerd config during kata-deploy's edits Fixes: kata-containers#8678 Signed-off-by: stevenhorsman <[email protected]>
This reverts commit dd9f5b0. Signed-off-by: stevenhorsman <[email protected]>
…y-containerd-config-fix gha: kata-deploy: Revert containerd config break
`jq` coming from alpine is in its 1.6 version, and that has a bug that
hits us quite hard, as it changes a float to an int whenever the number
is in the `x.0` format.
One example is:
```bash
/ # jq --version
jq-1.6
/ # echo '{"foo": 1.0}' | jq .foo
1
```
With this in mind, let's switch, at least for now, to using the `jq`
released directly on github, as it does address the issue we've been
hitting.
```bash
⋊> Downloads ./jq-linux-amd64 --version
jq-1.7
⋊> Downloads echo '{"foo": 1.0}' | jq .foo
1.0
```
Fixes: kata-containers#8678
Signed-off-by: Fabiano Fidêncio <[email protected]>
This reverts commit ee5fa08. This is perfectly fine to do as we narrwoed down the issue to be on the version of `jq` provided by alpine, and we've already updated it in the previous commit (in this very same series). Signed-off-by: Fabiano Fidêncio <[email protected]>
sprt
force-pushed
the
sprt/sync-upstream-1223
branch
2 times, most recently
from
58072b1 to
d59fe15
Compare
…-for-kata-deploy kata-deploy: Update `jq` as part of the kata-deploy daemonset
sprt
force-pushed
the
sprt/sync-upstream-1223
branch
5 times, most recently
from
f4183f0 to
1117d81
Compare
sprt
force-pushed
the
sprt/sync-upstream-1223
branch
from
1117d81 to
b1c8818
Compare
sprt
added
upstream/missing
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.