We need to build kata-runtime to have the correct files
in place to be able to run the static checks script.

Fixes kata-containers#1716.

Signed-off-by: Salvador Fuentes <[email protected]>
(cherry picked from commit e8bf810)
Signed-off-by: Ganesh Maharaj Mahalingam <[email protected]>

Here we have done with logger and container ID map
Just delete these code.
fixes kata-containers#1740

Signed-off-by: Haomin Tsai <[email protected]>
(cherry picked from commit bdae295)
Signed-off-by: Ganesh Maharaj Mahalingam <[email protected]>

There is an issue that ctrl-c stop vmcache server will stop all
containers that its VM is created by it.
The cause is kata-proxy and vmcache server use same tty, for example:
ps -e | grep kata
3617 pts/5    00:00:00 kata-runtime
3636 pts/5    00:00:00 kata-proxy
Ctrl-c will send signal to both kata-proxy and vmcache server.
Then the containers that its VM is created by this vmcache server will
quit with it.

Set Setsid to true when exec kata-proxy to handle this issue.

Fixes: kata-containers#1726

Signed-off-by: Hui Zhu <[email protected]>
(cherry picked from commit 19115ef)
Signed-off-by: Ganesh Maharaj Mahalingam <[email protected]>

After previous commit, found that kata-proxy is not quit
when vmcache server is stopped by ctrl-c.
The cause is current kata-proxy is setsid when it exec.  It will
not get the signal ctrl-c.

Call vm.Disconnect() when close vm in cache factory to handle
this issue.

Fixes: kata-containers#1726

Signed-off-by: Hui Zhu <[email protected]>
(cherry picked from commit 7bf6c67)
Signed-off-by: Ganesh Maharaj Mahalingam <[email protected]>

The rootfs image was fixed, now the DAX metadata and 2 MBRs headers are part
of the same image. Mounting the rootfs partiton with an offset of 2M is no
more needed, since the first MBR is read by partx or losetup by default.

fixes kata-containers#1443

Signed-off-by: Julio Montes [email protected]
(cherry picked from commit 82e51d4)
Signed-off-by: Ganesh Maharaj Mahalingam <[email protected]>

It should pass the container id instead of sandbox id.

Fixes:kata-containers#1672

Signed-off-by: lifupan <[email protected]>
(cherry picked from commit 5e1f5ca)
Signed-off-by: Ganesh Maharaj Mahalingam <[email protected]>

According to CRI specs, kubelet will call StopPodSandbox()
at least once before calling RemovePodSandbox, and this call
is idempotent, and must not return an error if all relevant
resources have already been reclaimed. And in that call it will
send a SIGKILL signal first to try to stop the container, thus
once the container has terminated, here should ignore this signal
and return directly.

Fixes:kata-containers#1672

Signed-off-by: lifupan <[email protected]>
(cherry picked from commit 0d535f5)
Signed-off-by: Ganesh Maharaj Mahalingam <[email protected]>

Kubelet would cleanup the pod cgroup resources and kill the processes
in the pod cgroups when it detected all of the containers in a pod exited,
thus shimv2 should close the hypervisor process once the podsandbox container
exited, otherwise, the hypervisor process would be killed by kubelet and
made shimv2 failed to shutdown the sandbox.

Fixes:kata-containers#1672

Signed-off-by: lifupan <[email protected]>
(cherry picked from commit f301c95)
Signed-off-by: Ganesh Maharaj Mahalingam <[email protected]>

```
//the network namespace created by cni plugin
netns, err = namespaces.NamespaceRequired(ctx)
if err != nil {
        return nil, errors.Wrap(err, "create namespace")
}
```

the netns is a containerd namespace concept, it not netns, event a cni
set netns for this, this is a tricky way, so remove the logic.

Fixes: kata-containers#1692

Signed-off-by: Ace-Tang <[email protected]>
(cherry picked from commit d6b3bff)
Signed-off-by: Ganesh Maharaj Mahalingam <[email protected]>

Use `kata-containers.runtime` that is the runtime binary, to
collect the data if the kata-runtime binary is not installed

fixes kata-containers#1720

Signed-off-by: Julio Montes <[email protected]>
(cherry picked from commit 19288aa)
Signed-off-by: Ganesh Maharaj Mahalingam <[email protected]>

virtio-fs is now available in 1.7 release and needs hugepages enabled.
Updating version of NEMU that ships with kata by default which contains
the fixes for hugepages, machine_type=virt and network access.

Fixes: kata-containers#1709
Signed-off-by: Ganesh Maharaj Mahalingam <[email protected]>
(cherry picked from commit 722ac5a)
Signed-off-by: Ganesh Maharaj Mahalingam <[email protected]>

nemu needs to be configured with:
`machine_type = "virt"` by default.

In addition, this commit removes
`machine_accelerators="virt"` which was added instead
of `machine_type` in a previous commit.

Fixes: kata-containers#1707.

Signed-off-by: Salvador Fuentes <[email protected]>
(cherry picked from commit 6be5e5f)
Signed-off-by: Ganesh Maharaj Mahalingam <[email protected]>

Fix the test case TestGetShmSizeBindMounted by
setting the right ShmSize for ppc64le.

Fixes: kata-containers#1702

Signed-off-by: Nitesh Konkar [email protected]
(cherry picked from commit 1789b65)
Signed-off-by: Ganesh Maharaj Mahalingam <[email protected]>

Now that CRI-O released a new version we can update it.

Fixes kata-containers#1696

Signed-off-by: Gabriela Cervantes <[email protected]>
(cherry picked from commit 5d527d7)
Signed-off-by: Ganesh Maharaj Mahalingam <[email protected]>

Set the minimum golang version to 1.11.10, the latest stable 1.11 version
at the time of writing. Go 1.11 is required to build the agent with working
vsock support.

Fixes: kata-containers#1693

Signed-off-by: Marco Vedovati <[email protected]>
(cherry picked from commit c22b15d)
Signed-off-by: Ganesh Maharaj Mahalingam <[email protected]>

To help trace virtiofsd issues.

Signed-off-by: Peng Tao <[email protected]>
(cherry picked from commit d0aae80)
Signed-off-by: Ganesh Maharaj Mahalingam <[email protected]>

If virtiofsd fails to initialize and stops unexpected,
qemu might hang forever. We just stop the qemu process.
Resource cleanup will be done by others.

Fixes: kata-containers#1690
Signed-off-by: Peng Tao <[email protected]>
(cherry picked from commit 89e0dfa)
Signed-off-by: Ganesh Maharaj Mahalingam <[email protected]>

Got a defunct kata-proxy after kata quit when VMCache is enabled.
The reason is vmcache server opens kata-proxy but doesn't wait it.

If VMCache is disabled, kata-runtime will quit before kata-proxy.
So it will not meet the issue.

Open a special goroutine do cmd.Wait in kataProxy.start to handle
the isssue.

Fixes: kata-containers#1678

Signed-off-by: Hui Zhu <[email protected]>
(cherry picked from commit 00d03c1)
Signed-off-by: Ganesh Maharaj Mahalingam <[email protected]>

Fixes: kata-containers#1673

Signed-off-by: Zha Bin <[email protected]>
(cherry picked from commit bdb1047)
Signed-off-by: Ganesh Maharaj Mahalingam <[email protected]>

If kata containers is using vfio and vhost net，the unbinding
of vfio would be hang. In the scenario, vhost net kernel thread
takes a reference to the qemu's mm, and the reference also includes
the mmap regions on the vfio device file. so vhost kernel thread
would be not released when qemu is killed as the vhost file
descriptor still is opened by shim v2 process, and the vfio device
is not released because there's still a reference to the mmap.

Fixes: kata-containers#1669

Signed-off-by: Yang, Wei <[email protected]>
Signed-off-by: Eric Ernst <[email protected]>
(cherry picked from commit 071030b)
Signed-off-by: Ganesh Maharaj Mahalingam <[email protected]>

proxy will never be use with the Firecracker VMM. Keeping this header
will result in runtime failures, since the configuration will be parsed
on the path searched for.

Since vsock will always be used, remove the proxy section.

Fixes: kata-containers#1761

Signed-off-by: Eric Ernst <[email protected]>
(cherry picked from commit bbe5584)
Signed-off-by: Ganesh Maharaj Mahalingam <[email protected]>