virtcontainers

package
v0.0.0-...-4e35f11 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 24, 2024 License: Apache-2.0 Imports: 95 Imported by: 0

README

What is it?

virtcontainers is a Go library that can be used to build hardware-virtualized container runtimes.

Background

The few existing VM-based container runtimes (Clear Containers, runV, rkt's KVM stage 1) all share the same hardware virtualization semantics but use different code bases to implement them. virtcontainers's goal is to factorize this code into a common Go library.

Ideally, VM-based container runtime implementations would become translation layers from the runtime specification they implement (e.g. the OCI runtime-spec or the Kubernetes CRI) to the virtcontainers API.

virtcontainers was used as a foundational package for the Kata Containers runtime implementation, formerly the Clear Containers runtime implementation.

Out of scope

Implementing a container runtime is out of scope for this project. Any tools or executables in this repository are only provided for demonstration or testing purposes.

virtcontainers and Kubernetes CRI

virtcontainers's API is loosely inspired by the Kubernetes CRI because we believe it provides the right level of abstractions for containerized sandboxes. However, despite the API similarities between the two projects, the goal of virtcontainers is not to build a CRI implementation, but instead to provide a generic, runtime-specification agnostic, hardware-virtualized containers library that other projects could leverage to implement CRI themselves.

Design

Sandboxes

The virtcontainers execution unit is a sandbox, i.e. virtcontainers users start sandboxes where containers will be running.

virtcontainers creates a sandbox by starting a virtual machine and setting the sandbox up within that environment. Starting a sandbox means launching all containers with the VM sandbox runtime environment.

Hypervisors

The virtcontainers package relies on hypervisors to start and stop virtual machine where sandboxes will be running. An hypervisor is defined by an Hypervisor interface implementation, and the default implementation is the QEMU one.

Update cloud-hypervisor client code

See docs

Agents

During the lifecycle of a container, the runtime running on the host needs to interact with the virtual machine guest OS in order to start new commands to be executed as part of a given container workload, set new networking routes or interfaces, fetch a container standard or error output, and so on. There are many existing and potential solutions to resolve that problem and virtcontainers abstracts this through the Agent interface.

API

The high level virtcontainers API includes Sandbox API and Container API. For further details, see the API documentation.

Networking

virtcontainers supports the 2 major container networking models: the Container Network Model (CNM) and the Container Network Interface (CNI).

Typically the former is the Docker default networking model while the later is used on Kubernetes deployments.

CNM

High-level CNM Diagram

CNM lifecycle

  1. RequestPool

  2. CreateNetwork

  3. RequestAddress

  4. CreateEndPoint

  5. CreateContainer

  6. Create config.json

  7. Create PID and network namespace

  8. ProcessExternalKey

  9. JoinEndPoint

  10. LaunchContainer

  11. Launch

  12. Run container

Detailed CNM Diagram

Runtime network setup with CNM

  1. Read config.json

  2. Create the network namespace (code)

  3. Call the prestart hook (from inside the netns) (code)

  4. Scan network interfaces inside netns and get the name of the interface created by prestart hook (code)

  5. Create bridge, TAP, and link all together with network interface previously created (code)

  6. Start VM inside the netns and start the container (code)

Drawbacks of CNM

There are three drawbacks about using CNM instead of CNI:

  • The way we call into it is not very explicit: Have to re-exec dockerd binary so that it can accept parameters and execute the prestart hook related to network setup.
  • Implicit way to designate the network namespace: Instead of explicitly giving the netns to dockerd, we give it the PID of our runtime so that it can find the netns from this PID. This means we have to make sure being in the right netns while calling the hook, otherwise the VETH pair will be created with the wrong netns.
  • No results are back from the hook: We have to scan the network interfaces to discover which one has been created inside the netns. This introduces more latency in the code because it forces us to scan the network in the CreateSandbox path, which is critical for starting the VM as quick as possible.

Storage

See Kata Containers Architecture.

Devices

Support has been added to pass VFIO assigned devices on the docker command line with --device. Support for passing other devices including block devices with --device has not been added yet. PCI and AP (IBM Z Crypto Express cards) devices can be passed.

How to pass a device using VFIO-PCI passthrough

  1. Requirements

IOMMU group represents the smallest set of devices for which the IOMMU has visibility and which is isolated from other groups. VFIO uses this information to enforce safe ownership of devices for userspace.

You will need Intel VT-d capable hardware. Check if IOMMU is enabled in your host kernel by verifying CONFIG_VFIO_NOIOMMU is not in the kernel configuration. If it is set, you will need to rebuild your kernel.

The following kernel configuration options need to be enabled:

CONFIG_VFIO_IOMMU_TYPE1=m 
CONFIG_VFIO=m
CONFIG_VFIO_PCI=m

In addition, you need to pass intel_iommu=on on the kernel command line.

  1. Identify BDF(Bus-Device-Function) of the PCI device to be assigned.
$ lspci -D | grep -e Ethernet -e Network
0000:01:00.0 Ethernet controller: Intel Corporation Ethernet Controller 10-Gigabit X540-AT2 (rev 01)

$ BDF=0000:01:00.0
  1. Find vendor and device id.
$ lspci -n -s $BDF
01:00.0 0200: 8086:1528 (rev 01)
  1. Find IOMMU group.
$ readlink /sys/bus/pci/devices/$BDF/iommu_group
../../../../kernel/iommu_groups/16
  1. Unbind the device from host driver.
$ echo $BDF | sudo tee /sys/bus/pci/devices/$BDF/driver/unbind
  1. Bind the device to vfio-pci.
$ sudo modprobe vfio-pci
$ echo 8086 1528 | sudo tee /sys/bus/pci/drivers/vfio-pci/new_id
$ echo $BDF | sudo tee --append /sys/bus/pci/drivers/vfio-pci/bind
  1. Check /dev/vfio
$ ls /dev/vfio
16 vfio
  1. Start a Clear Containers container passing the VFIO group on the docker command line.
docker run -it --device=/dev/vfio/16 centos/tools bash
  1. Running lspci within the container should show the device among the PCI devices. The driver for the device needs to be present within the Clear Containers kernel. If the driver is missing, you can add it to your custom container kernel using the osbuilder tooling.

How to pass a device using VFIO-AP passthrough

IBM Z mainframes (s390x) use the AP (Adjunct Processor) bus for their Crypto Express hardware security modules. Such devices can be passed over VFIO, which is also supported in Kata. Pass-through happens separated by adapter and domain, i.e. a passable VFIO device has one or multiple adapter-domain combinations.

  1. You must follow the kernel documentation for preparing VFIO-AP passthrough. In short, your host kernel should have the following enabled or available as module (in case of modules, load the modules accordingly, e.g. through modprobe). If one is missing, you will have to update your kernel accordingly, e.g. through recompiling.
CONFIG_VFIO_AP
CONFIG_VFIO_IOMMU_TYPE1
CONFIG_VFIO
CONFIG_VFIO_MDEV
CONFIG_VFIO_MDEV_DEVICE
CONFIG_S390_AP_IOMMU
  1. Set the AP adapter(s) and domain(s) you want to pass in /sys/bus/ap/apmask and /sys/bus/ap/aqmask by writing their negative numbers. Assuming you want to pass 06.0032, you'd run
$ echo -0x6 | sudo tee /sys/bus/ap/apmask > /dev/null
$ echo -0x32 | sudo tee /sys/bus/ap/aqmask > /dev/null
  1. Create one or multiple mediated devices -- one per container you want to pass to. You must write a UUID for the device to /sys/devices/vfio_ap/matrix/mdev_supported_types/vfio_ap-passthrough/create. You can use uuidgen for generating the UUID, e.g.
$ uuidgen | sudo tee /sys/devices/vfio_ap/matrix/mdev_supported_types/vfio_ap-passthrough/create
a297db4a-f4c2-11e6-90f6-d3b88d6c9525
  1. Set the AP adapter(s) and domain(s) you want to pass per device by writing their numbers to /sys/devices/vfio_ap/matrix/${UUID}/assign_adapter and assign_domain in the same directory. For the UUID from step 3, that would be
$ echo 0x6 | sudo tee /sys/devices/vfio_ap/matrix/a297db4a-f4c2-11e6-90f6-d3b88d6c9525/assign_adapter > /dev/null
$ echo 0x32 | sudo tee /sys/devices/vfio_ap/matrix/a297db4a-f4c2-11e6-90f6-d3b88d6c9525/assign_domain > /dev/null
  1. Find the IOMMU group of the mediated device by following the link from /sys/devices/vfio_ap/matrix/${UUID}/iommu_group. There should be a correspondent VFIO device in /dev/vfio.
$ readlink /sys/devices/vfio_ap/matrix/a297db4a-f4c2-11e6-90f6-d3b88d6c9525/iommu_group
../../../../kernel/iommu_groups/0
$ ls /dev/vfio
0 vfio
  1. This device can now be passed. To verify the cards are there, you can use lszcrypt from s390-tools (s390-tools in Alpine, Debian, and Ubuntu, s390utils in Fedora). With lszcrypt, you can see the cards after the configuration time has passed.
$ sudo docker run -it --device /dev/vfio/0 ubuntu
$ lszcrypt
CARD.DOMAIN TYPE  MODE        STATUS  REQUESTS
----------------------------------------------
06          CEX7C CCA-Coproc  online         1
06.0032     CEX7C CCA-Coproc  online         1

Developers

For information on how to build, develop and test virtcontainers, see the developer documentation.

Persistent storage plugin support

See the persistent storage plugin documentation.

Experimental features

See the experimental features documentation.

Documentation

Overview

Example (CreateAndStartSandbox)

This example creates and starts a single container sandbox, using qemu as the hypervisor and kata as the VM agent. 

package main

import (
	"context"
	"fmt"
	"strings"

	vc "github.com/kata-containers/kata-containers/src/runtime/virtcontainers"
	"github.com/kata-containers/kata-containers/src/runtime/virtcontainers/types"
)

var containerRootfs = vc.RootFs{Target: "/var/lib/container/bundle/", Mounted: true}

// This example creates and starts a single container sandbox,
// using qemu as the hypervisor and kata as the VM agent.
func main() {
	envs := []types.EnvVar{
		{
			Var:   "PATH",
			Value: "/bin:/usr/bin:/sbin:/usr/sbin",
		},
	}

	cmd := types.Cmd{
		Args:    strings.Split("/bin/sh", " "),
		Envs:    envs,
		WorkDir: "/",
	}

	// Define the container command and bundle.
	container := vc.ContainerConfig{
		ID:     "1",
		RootFs: containerRootfs,
		Cmd:    cmd,
	}

	// Sets the hypervisor configuration.
	hypervisorConfig := vc.HypervisorConfig{
		KernelPath:     "/usr/share/kata-containers/vmlinux.container",
		ImagePath:      "/usr/share/kata-containers/kata-containers.img",
		HypervisorPath: "/usr/bin/qemu-system-x86_64",
		MemorySize:     1024,
	}

	// Use kata default values for the agent.
	agConfig := vc.KataAgentConfig{}

	// The sandbox configuration:
	// - One container
	// - Hypervisor is QEMU
	// - Agent is kata
	sandboxConfig := vc.SandboxConfig{
		HypervisorType:   vc.QemuHypervisor,
		HypervisorConfig: hypervisorConfig,

		AgentConfig: agConfig,

		Containers: []vc.ContainerConfig{container},
	}

	// Create the sandbox
	s, err := vc.CreateSandbox(context.Background(), sandboxConfig, nil, nil)
	if err != nil {
		fmt.Printf("Could not create sandbox: %s", err)
		return
	}

	// Start the sandbox
	err = s.Start(context.Background())
	if err != nil {
		fmt.Printf("Could not start sandbox: %s", err)
	}
}

Output:

Index

Examples

Constants

View Source 
const (
	// MinimalGuestCID is the smallest valid context ID for a guest.
	MinimalGuestCID uint64 = 3

	// MaxGuestCID is the largest valid context ID for a guest.
	MaxGuestCID uint64 = 1<<32 - 1
)
View Source 
const (
	// VirtioBlk is the Virtio-Blk rootfs driver.
	VirtioBlk RootfsDriver = "/dev/vda1"

	// Nvdimm is the Nvdimm rootfs driver.
	Nvdimm RootfsType = "/dev/pmem0p1"
)
View Source 
const (
	// KataEphemeralDevType creates a tmpfs backed volume for sharing files between containers.
	KataEphemeralDevType = "ephemeral"

	// KataLocalDevType creates a local directory inside the VM for sharing files between
	// containers.
	KataLocalDevType = "local"

	NydusRootFSType = "fuse.nydus-overlayfs"

	VirtualVolumePrefix = "io.katacontainers.volume="
)
View Source 
const (
	// K8sEmptyDir is the k8s specific path for `empty-dir` volumes
	K8sEmptyDir  = "kubernetes.io~empty-dir"
	K8sConfigMap = "kubernetes.io~configmap"
	K8sSecret    = "kubernetes.io~secret"
)
View Source 
const (
	// QemuQ35 is the QEMU Q35 machine type for amd64
	QemuQ35 = "q35"

	// QemuMicrovm is the QEMU microvm machine type for amd64
	QemuMicrovm = "microvm"

	// QemuVirt is the QEMU virt machine type for aarch64 or amd64
	QemuVirt = "virt"

	// QemuPseries is a QEMU virt machine type for ppc64le
	QemuPseries = "pseries"

	// QemuCCWVirtio is a QEMU virt machine type for for s390x
	QemuCCWVirtio = "s390-ccw-virtio"
)
View Source 
const (
	// VmStartTimeout represents the time in seconds a sandbox can wait before
	// to consider the VM starting operation failed.
	VmStartTimeout = 10

	// DirMode is the permission bits used for creating a directory
	DirMode = os.FileMode(0750) | os.ModeDir
)
View Source 
const DefaultShmSize = 65536 * 1024

DefaultShmSize is the default shm size to be used in case host IPC is used.

View Source 
const UmountNoFollow = 0x8

Sadly golang/sys doesn't have UmountNoFollow although it's there since Linux 2.6.34

Variables

View Source 
var AcrnBlkDevPoolSz = 8

AcrnBlkDevPoolSz defines the number of dummy virtio-blk device that will be created for hot-plugging container rootfs. Since acrn doesn't support hot-plug, dummy virtio-blk devices are added and later replaced with container-rootfs.

View Source 
var AcrnBlkdDevSlot = make([]int, AcrnBlkDevPoolSz+1)

AcrnBlkdDevSlot array provides translation between the vitio-blk device index and slot it is currently attached. Allocating extra 1 to accommodate for VM rootfs which is at driveIndex 0

View Source 
var DefaultNetInterworkingModel = NetXConnectTCFilterModel

DefaultNetInterworkingModel is a package level default that determines how the VM should be connected to the the container network interface

View Source 
var (
	GuestDNSFile = "/etc/resolv.conf"
)
View Source 
var MockHybridVSockPath = "/tmp/kata-mock-hybrid-vsock.socket"

Functions

func AvailableGuestProtections 

func AvailableGuestProtections() (protections []string)

func CPUFlags 

func CPUFlags(cpuInfoPath string) (map[string]bool, error)

func CheckCmdline 

func CheckCmdline(kernelCmdlinePath, searchParam string, searchValues []string) (bool, error)

CheckCmdline checks whether an option or parameter is present in the kernel command line. Search is case-insensitive. Takes path to file that contains the kernel command line, desired option, and permitted values (empty values to Check for options).

func CleanupContainer 

func CleanupContainer(ctx context.Context, sandboxID, containerID string, force bool) error

CleanupContainer is used by shimv2 to stop and delete a container exclusively, once there is no container in the sandbox left, do stop the sandbox and delete it. Those serial operations will be done exclusively by locking the sandbox.

func EnterNetNS 

func EnterNetNS(networkID string, cb func() error) error

EnterNetNS is free from any call to a go routine, and it calls into runtime.LockOSThread(), meaning it won't be executed in a different thread than the one expected by the caller.

func GetHypervisorPid 

func GetHypervisorPid(h Hypervisor) int

func GetHypervisorSocketTemplate 

func GetHypervisorSocketTemplate(hType HypervisorType, config *HypervisorConfig) (string, error)

GetHypervisorSocketTemplate returns the full "template" path to the hypervisor socket. If the specified hypervisor doesn't use a socket, an empty string is returned.

The returned value is not the actual socket path since this function does not create a sandbox. Instead a path is returned with a special template value "{ID}" which would be replaced with the real sandbox name sandbox creation time.

func GetSharePath 

func GetSharePath(id string) string

Shared path handling: 1. create three directories for each sandbox: -. /run/kata-containers/shared/sandboxes/$sbx_id/mounts/, a directory to hold all host/guest shared mounts -. /run/kata-containers/shared/sandboxes/$sbx_id/shared/, a host/guest shared directory (9pfs/virtiofs source dir) -. /run/kata-containers/shared/sandboxes/$sbx_id/private/, a directory to hold all temporary private mounts when creating ro mounts

2. /run/kata-containers/shared/sandboxes/$sbx_id/mounts/ is bind mounted readonly to /run/kata-containers/shared/sandboxes/$sbx_id/shared/, so guest cannot modify it

3. host-guest shared files/directories are mounted one-level under /run/kata-containers/shared/sandboxes/$sbx_id/mounts/ and thus present to guest at one level under /run/kata-containers/shared/sandboxes/$sbx_id/shared/

func HasOption 

func HasOption(options []string, option string) bool

func HasOptionPrefix 

func HasOptionPrefix(options []string, prefix string) bool

func IsDockerVolume 

func IsDockerVolume(path string) bool

IsDockerVolume returns true if the given source path is a docker volume. This uses a very specific path that is used by docker.

func IsEphemeralStorage 

func IsEphemeralStorage(path string) bool

IsEphemeralStorage returns true if the given path to the storage belongs to kubernetes ephemeral storage

This method depends on a specific path used by k8s to detect if it's of type ephemeral. As of now, this is a very k8s specific solution that works but in future there should be a better way for this method to determine if the path is for ephemeral volume type

func Isk8sHostEmptyDir 

func Isk8sHostEmptyDir(path string) bool

Isk8sHostEmptyDir returns true if the given path to the storage belongs to kubernetes empty-dir of medium "default" i.e volumes that are directories on the host.

func KernelParamFields 

func KernelParamFields(s string) []string

KernelParamFields is similar to strings.Fields(), but doesn't split based on space characters that are part of a quoted substring. Example of quoted kernel command line parameter value: dm-mod.create="dm-verity,,,ro,0 736328 verity 1 /dev/vda1 /dev/vda2 4096 4096 92041 0 sha256 f211b9f1921ef726d57a72bf82be23a510076639fa8549ade10f85e214e0ddb4 065c13dfb5b4e0af034685aa5442bddda47b17c182ee44ba55a373835d18a038"

func LaunchAcrn 

func LaunchAcrn(config Config, logger *logrus.Entry) (int, string, error)

LaunchAcrn can be used to launch a new acrn instance.

The Config parameter contains a set of acrn parameters and settings.

This function writes its log output via logger parameter.

func LaunchCustomAcrn 

func LaunchCustomAcrn(ctx context.Context, path string, params []string,
	logger *logrus.Entry) (int, string, error)

LaunchCustomAcrn can be used to launch a new acrn instance.

The path parameter is used to pass the acrn executable path.

params is a slice of options to pass to acrn-dm

This function writes its log output via logger parameter.

func MaxAcrnVCPUs 

func MaxAcrnVCPUs() uint32

MaxAcrnVCPUs returns the maximum number of vCPUs supported

func NewMockAgent 

func NewMockAgent() agent

nolint:golint

func RegisterMetrics 

func RegisterMetrics()

func RoundUpNumVCPUs 

func RoundUpNumVCPUs(cpus float32) uint32

func RunningOnVMM 

func RunningOnVMM(cpuInfoPath string) (bool, error)

RunningOnVMM checks if the system is running inside a VM.

func SerializeParams 

func SerializeParams(params []Param, delim string) []string

SerializeParams converts []Param to []string

func SetHypervisorLogger 

func SetHypervisorLogger(logger *logrus.Entry)

SetHypervisorLogger sets up a logger for the hypervisor part of this pkg

func SetLogger 

func SetLogger(ctx context.Context, logger *logrus.Entry)

SetLogger sets the logger for virtcontainers package.

func WithNewAgentFunc 

func WithNewAgentFunc(ctx context.Context, f newAgentFuncType) context.Context

WithNewAgentFunc set newAgentFuncKey in `ctx`

Types

type APIServerMetrics 

type APIServerMetrics struct {
	// Measures the process's startup time in microseconds.
	ProcessStartupTimeUs uint64 `json:"process_startup_time_us"`
	// Measures the cpu's startup time in microseconds.
	ProcessStartupTimeCPUUs uint64 `json:"process_startup_time_cpu_us"`
	// Number of failures on API requests triggered by internal errors.
	SyncResponseFails uint64 `json:"sync_response_fails"`
	// Number of timeouts during communication with the VMM.
	SyncVmmSendTimeoutCount uint64 `json:"sync_vmm_send_timeout_count"`
}

API Server related metrics.

type Acrn 

type Acrn struct {
	// contains filtered or unexported fields
}

Acrn is an Hypervisor interface implementation for the Linux acrn hypervisor.

func (*Acrn) AddDevice 

func (a *Acrn) AddDevice(ctx context.Context, devInfo interface{}, devType DeviceType) error

AddDevice will add extra devices to acrn command line.

func (*Acrn) Capabilities 

func (a *Acrn) Capabilities(ctx context.Context) types.Capabilities

Adds all capabilities supported by Acrn implementation of hypervisor interface

func (*Acrn) Check 

func (a *Acrn) Check() error

func (*Acrn) Cleanup 

func (a *Acrn) Cleanup(ctx context.Context) error

func (*Acrn) CreateVM 

func (a *Acrn) CreateVM(ctx context.Context, id string, network Network, hypervisorConfig *HypervisorConfig) error

CreateVM is the VM creation

func (*Acrn) Disconnect 

func (a *Acrn) Disconnect(ctx context.Context)

func (*Acrn) GenerateSocket 

func (a *Acrn) GenerateSocket(id string) (interface{}, error)

func (*Acrn) GetPids 

func (a *Acrn) GetPids() []int

func (*Acrn) GetThreadIDs 

func (a *Acrn) GetThreadIDs(ctx context.Context) (VcpuThreadIDs, error)

func (*Acrn) GetTotalMemoryMB 

func (a *Acrn) GetTotalMemoryMB(ctx context.Context) uint32

func (*Acrn) GetVMConsole 

func (a *Acrn) GetVMConsole(ctx context.Context, id string) (string, string, error)

GetVMConsole builds the path of the console where we can read logs coming from the sandbox.

func (*Acrn) GetVirtioFsPid 

func (a *Acrn) GetVirtioFsPid() *int

func (*Acrn) HotplugAddDevice 

func (a *Acrn) HotplugAddDevice(ctx context.Context, devInfo interface{}, devType DeviceType) (interface{}, error)

func (*Acrn) HotplugRemoveDevice 

func (a *Acrn) HotplugRemoveDevice(ctx context.Context, devInfo interface{}, devType DeviceType) (interface{}, error)

func (*Acrn) HypervisorConfig 

func (a *Acrn) HypervisorConfig() HypervisorConfig

func (*Acrn) IsRateLimiterBuiltin 

func (a *Acrn) IsRateLimiterBuiltin() bool

func (*Acrn) Load 

func (a *Acrn) Load(s hv.HypervisorState)

func (*Acrn) Logger 

func (a *Acrn) Logger() *logrus.Entry

Logger returns a logrus logger appropriate for logging acrn messages

func (*Acrn) PauseVM 

func (a *Acrn) PauseVM(ctx context.Context) error

func (*Acrn) ResizeMemory 

func (a *Acrn) ResizeMemory(ctx context.Context, reqMemMB uint32, memoryBlockSizeMB uint32, probe bool) (uint32, MemoryDevice, error)

func (*Acrn) ResizeVCPUs 

func (a *Acrn) ResizeVCPUs(ctx context.Context, reqVCPUs uint32) (currentVCPUs uint32, newVCPUs uint32, err error)

func (*Acrn) ResumeVM 

func (a *Acrn) ResumeVM(ctx context.Context) error

func (*Acrn) Save 

func (a *Acrn) Save() (s hv.HypervisorState)

func (*Acrn) SaveVM 

func (a *Acrn) SaveVM() error

func (*Acrn) StartVM 

func (a *Acrn) StartVM(ctx context.Context, timeoutSecs int) error

StartVM will start the Sandbox's VM.

func (*Acrn) StopVM 

func (a *Acrn) StopVM(ctx context.Context, waitOnly bool) (err error)

StopVM will stop the Sandbox's VM.

type AcrnState 

type AcrnState struct {
	PID int
}

AcrnState keeps track of VM UUID, PID.

type BEPortType 

type BEPortType int

BEPortType marks the port as console port or virtio-serial port 

const (
	// SerialBE marks the port as serial port
	SerialBE BEPortType = iota

	//ConsoleBE marks the port as console port (append @)
	ConsoleBE
)

type BlkioStatEntry 

type BlkioStatEntry struct {
	Op    string `json:"op,omitempty"`
	Major uint64 `json:"major,omitempty"`
	Minor uint64 `json:"minor,omitempty"`
	Value uint64 `json:"value,omitempty"`
}

BlkioStatEntry gather date related to a block device

type BlkioStats 

type BlkioStats struct {
	// number of bytes tranferred to and from the block device
	IoServiceBytesRecursive []BlkioStatEntry `json:"io_service_bytes_recursive,omitempty"`
	IoServicedRecursive     []BlkioStatEntry `json:"io_serviced_recursive,omitempty"`
	IoQueuedRecursive       []BlkioStatEntry `json:"io_queue_recursive,omitempty"`
	IoServiceTimeRecursive  []BlkioStatEntry `json:"io_service_time_recursive,omitempty"`
	IoWaitTimeRecursive     []BlkioStatEntry `json:"io_wait_time_recursive,omitempty"`
	IoMergedRecursive       []BlkioStatEntry `json:"io_merged_recursive,omitempty"`
	IoTimeRecursive         []BlkioStatEntry `json:"io_time_recursive,omitempty"`
	SectorsRecursive        []BlkioStatEntry `json:"sectors_recursive,omitempty"`
}

BlkioStats describes block io stats

type BlockDevice 

type BlockDevice struct {

	// mem path to block device
	FilePath string

	//BlkIndex - Blk index corresponding to slot
	Index int
}

BlockDevice represents a acrn block device.

func (BlockDevice) AcrnParams 

func (blkdev BlockDevice) AcrnParams(slot int, config *Config) []string

AcrnParams returns the acrn parameters built out of this block device.

func (BlockDevice) Valid 

func (blkdev BlockDevice) Valid() bool

Valid returns true if the BlockDevice structure is valid and complete.

type BlockDeviceMetrics 

type BlockDeviceMetrics struct {
	// Number of times when activate failed on a block device.
	ActivateFails uint64 `json:"activate_fails"`
	// Number of times when interacting with the space config of a block device failed.
	CfgFails uint64 `json:"cfg_fails"`
	// No available buffer for the block queue.
	NoAvailBuffer uint64 `json:"no_avail_buffer"`
	// Number of times when handling events on a block device failed.
	EventFails uint64 `json:"event_fails"`
	// Number of failures in executing a request on a block device.
	ExecuteFails uint64 `json:"execute_fails"`
	// Number of invalid requests received for this block device.
	InvalidReqsCount uint64 `json:"invalid_reqs_count"`
	// Number of flushes operation triggered on this block device.
	FlushCount uint64 `json:"flush_count"`
	// Number of events triggerd on the queue of this block device.
	QueueEventCount uint64 `json:"queue_event_count"`
	// Number of events ratelimiter-related.
	RateLimiterEventCount uint64 `json:"rate_limiter_event_count"`
	// Number of update operation triggered on this block device.
	UpdateCount uint64 `json:"update_count"`
	// Number of failures while doing update on this block device.
	UpdateFails uint64 `json:"update_fails"`
	// Number of bytes read by this block device.
	ReadBytes uint64 `json:"read_bytes"`
	// Number of bytes written by this block device.
	WriteBytes uint64 `json:"write_bytes"`
	// Number of successful read operations.
	ReadCount uint64 `json:"read_count"`
	// Number of successful write operations.
	WriteCount uint64 `json:"write_count"`
	// Number of rate limiter throttling events.
	RateLimiterThrottledEvents uint64 `json:"rate_limiter_throttled_events"`
}

A block device's related metrics.

type BridgeDevice 

type BridgeDevice struct {
	// Emul is a string describing the type of PCI device e.g. virtio-net
	Emul string

	// Config is an optional string, depending on the device, that can be
	// used for configuration
	Config string

	// Function is PCI function. Func can be from 0 to 7
	Function int
}

BridgeDevice represents a acrn bridge device like pci-bridge, pxb, etc.

func (BridgeDevice) AcrnParams 

func (bridgeDev BridgeDevice) AcrnParams(slot int, config *Config) []string

AcrnParams returns the acrn parameters built out of this bridge device.

func (BridgeDevice) Valid 

func (bridgeDev BridgeDevice) Valid() bool

Valid returns true if the BridgeDevice structure is valid and complete.

type BuildTimeInfo 

type BuildTimeInfo struct {
	PackageVer string `json:"package_ver"`
	GitCommit  string `json:"git_commit"`
	BuildTime  string `json:"build_time"`
	Profile    string `json:"profile"`
	Rustc      string `json:"rustc"`
}

type CPUStats 

type CPUStats struct {
	CPUUsage       CPUUsage       `json:"cpu_usage,omitempty"`
	ThrottlingData ThrottlingData `json:"throttling_data,omitempty"`
}

CPUStats describes the cpu stats

type CPUUsage 

type CPUUsage struct {
	// Total CPU time consumed per core.
	// Units: nanoseconds.
	PercpuUsage []uint64 `json:"percpu_usage,omitempty"`
	// Total CPU time consumed.
	// Units: nanoseconds.
	TotalUsage uint64 `json:"total_usage,omitempty"`
	// Time spent by tasks of the cgroup in kernel mode.
	// Units: nanoseconds.
	UsageInKernelmode uint64 `json:"usage_in_kernelmode"`
	// Time spent by tasks of the cgroup in user mode.
	// Units: nanoseconds.
	UsageInUsermode uint64 `json:"usage_in_usermode"`
}

CPUUsage denotes the usage of a CPU. All CPU stats are aggregate since container inception.

type CgroupStats 

type CgroupStats struct {
	// the map is in the format "size of hugepage: stats of the hugepage"
	HugetlbStats map[string]HugetlbStats `json:"hugetlb_stats,omitempty"`
	BlkioStats   BlkioStats              `json:"blkio_stats,omitempty"`
	CPUStats     CPUStats                `json:"cpu_stats,omitempty"`
	MemoryStats  MemoryStats             `json:"memory_stats,omitempty"`
	PidsStats    PidsStats               `json:"pids_stats,omitempty"`
}

CgroupStats describes all cgroup subsystem stats

type CloudHypervisorState 

type CloudHypervisorState struct {
	PID               int
	VirtiofsDaemonPid int
	// contains filtered or unexported fields
}

Cloud hypervisor state

type Config 

type Config struct {
	// Devices is a list of devices for acrn to create and drive.
	Devices []Device

	// Path is the acrn binary path.
	Path string

	// Path is the acrn binary path.
	CtlPath string

	// Name is the acrn guest name
	Name string

	// APICID to identify vCPU that will be assigned for this VM.
	ApicID string

	// Kernel is the guest kernel configuration.
	Kernel Kernel

	// Memory is the guest memory configuration.
	Memory Memory

	// ACPI virtualization support
	ACPIVirt bool
	// contains filtered or unexported fields
}

Config is the acrn configuration structure. It allows for passing custom settings and parameters to the acrn-dm API.

type ConsoleDevice 

type ConsoleDevice struct {
	// Name of the socket
	Name string

	//Path to virtio-console backend (can be omitted for pty, tty, stdio)
	Path string

	//Backend device used for virtio-console
	Backend ConsoleDeviceBackend

	// PortType marks the port as serial or console port (@)
	PortType BEPortType
}

ConsoleDevice represents a acrn console device.

func (ConsoleDevice) AcrnParams 

func (cdev ConsoleDevice) AcrnParams(slot int, config *Config) []string

AcrnParams returns the acrn parameters built out of this console device.

func (ConsoleDevice) Valid 

func (cdev ConsoleDevice) Valid() bool

Valid returns true if the CharDevice structure is valid and complete.

type ConsoleDeviceBackend 

type ConsoleDeviceBackend string

ConsoleDeviceBackend is the character device backend for acrn 

const (

	// Socket creates a 2 way stream socket (TCP or Unix).
	Socket ConsoleDeviceBackend = "socket"

	// Stdio sends traffic from the guest to acrn's standard output.
	Stdio ConsoleDeviceBackend = "console"

	// File backend only supports console output to a file (no input).
	File ConsoleDeviceBackend = "file"

	// TTY is an alias for Serial.
	TTY ConsoleDeviceBackend = "tty"

	// PTY creates a new pseudo-terminal on the host and connect to it.
	PTY ConsoleDeviceBackend = "pty"
)

type Container 

type Container struct {
	// contains filtered or unexported fields
}

Container is composed of a set of containers and a runtime environment. A Container can be created, deleted, started, stopped, listed, entered, paused and restored.

func (*Container) GetAnnotations 

func (c *Container) GetAnnotations() map[string]string

GetAnnotations returns container's annotations

func (*Container) GetPatchedOCISpec 

func (c *Container) GetPatchedOCISpec() *specs.Spec

GetPatchedOCISpec returns container's OCI specification This OCI specification was patched when the sandbox was created by containerCapabilities(), SetEphemeralStorageType() and others in order to support: * Capabilities * Ephemeral storage * k8s empty dir If you need the original (vanilla) OCI spec, use compatoci.GetContainerSpec() instead.

func (*Container) GetPid 

func (c *Container) GetPid() int

GetPid returns the pid related to this container's process.

func (*Container) GetToken 

func (c *Container) GetToken() string

GetToken returns the token related to this container's process.

func (*Container) ID 

func (c *Container) ID() string

ID returns the container identifier string.

func (*Container) Logger 

func (c *Container) Logger() *logrus.Entry

Logger returns a logrus logger appropriate for logging Container messages

func (*Container) Process 

func (c *Container) Process() Process

Process returns the container process.

func (*Container) Restore 

func (c *Container) Restore() error

Restore will restore container data from persist file on disk

func (*Container) Sandbox 

func (c *Container) Sandbox() VCSandbox

Sandbox returns the sandbox handler related to this container.

type ContainerConfig 

type ContainerConfig struct {
	// Device configuration for devices that must be available within the container.
	DeviceInfos []config.DeviceInfo

	Mounts []Mount

	// Raw OCI specification, it won't be saved to disk.
	CustomSpec *specs.Spec `json:"-"`

	// Annotations allow clients to store arbitrary values,
	// for example to add additional status values required
	// to support particular specifications.
	Annotations map[string]string

	ID string

	// Resources container resources
	Resources specs.LinuxResources

	// Cmd specifies the command to run on a container
	Cmd types.Cmd

	// RootFs is the container workload image on the host.
	RootFs RootFs

	// ReadOnlyRootfs indicates if the rootfs should be mounted readonly
	ReadonlyRootfs bool
}

ContainerConfig describes one container runtime configuration.

type ContainerDevice 

type ContainerDevice struct {
	// ID is device id referencing the device from sandbox's device manager
	ID string

	// ContainerPath is device path displayed in container
	ContainerPath string

	// FileMode permission bits for the device.
	FileMode os.FileMode

	// UID is user ID in the container namespace
	UID uint32

	// GID is group ID in the container namespace
	GID uint32
}

ContainerDevice describes a device associated with container

type ContainerResources 

type ContainerResources struct {
	// VCPUs are the number of vCPUs that are being used by the container
	VCPUs uint32

	// Mem is the memory that is being used by the container
	MemByte int64
}

ContainerResources describes container resources

type ContainerStats 

type ContainerStats struct {
	CgroupStats  *CgroupStats
	NetworkStats []*NetworkStats
}

ContainerStats describes a container stats.

type ContainerStatus 

type ContainerStatus struct {
	Spec *specs.Spec

	// Annotations allow clients to store arbitrary values,
	// for example to add additional status values required
	// to support particular specifications.
	Annotations map[string]string

	ID        string
	RootFs    string
	StartTime time.Time
	State     types.ContainerState

	PID int
}

ContainerStatus describes a container status.

type ContainerType 

type ContainerType string

ContainerType defines a type of container. 

const (
	// PodContainer identifies a container that should be associated with an existing pod
	PodContainer ContainerType = "pod_container"
	// PodSandbox identifies an infra container that will be used to create the pod
	PodSandbox ContainerType = "pod_sandbox"
	// SingleContainer is utilized to describe a container that didn't have a container/sandbox
	// annotation applied. This is expected when dealing with non-pod container (ie, running
	// from ctr, podman, etc).
	SingleContainer ContainerType = "single_container"
	// UnknownContainerType specifies a container that provides container type annotation, but
	// it is unknown.
	UnknownContainerType ContainerType = "unknown_container_type"
)

List different types of containers

func (ContainerType) IsCriSandbox 

func (t ContainerType) IsCriSandbox() bool

func (ContainerType) IsSandbox 

func (cType ContainerType) IsSandbox() bool

IsSandbox determines if the container type can be considered as a sandbox. We can consider a sandbox in case we have a PodSandbox or a "regular" container

func (ContainerType) IsSingleContainer 

func (t ContainerType) IsSingleContainer() bool

"Regular" Container

type DNSInfo 

type DNSInfo struct {
	Servers  []string
	Domain   string
	Searches []string
	Options  []string
}

DNSInfo describes the DNS setup related to a network interface.

type DaemonInfo 

type DaemonInfo struct {
	ID      string        `json:"id"`
	Version BuildTimeInfo `json:"version"`
	State   string        `json:"state"`
}

type Device 

type Device interface {
	Valid() bool
	AcrnParams(slot int, config *Config) []string
}

Device is the acrn device interface.

type DeviceType 

type DeviceType int

DeviceType describes a virtualized device type. 

const (
	// ImgDev is the image device type.
	ImgDev DeviceType = iota

	// FsDev is the filesystem device type.
	FsDev

	// NetDev is the network device type.
	NetDev

	// BlockDev is the block device type.
	BlockDev

	// SerialPortDev is the serial port device type.
	SerialPortDev

	// VSockPCIDev is the vhost vsock PCI device type.
	VSockPCIDev

	// VFIODevice is VFIO device type
	VfioDev

	// VhostuserDev is a Vhost-user device type
	VhostuserDev

	// CPUDevice is CPU device type
	CpuDev

	// MemoryDev is memory device type
	MemoryDev

	// HybridVirtioVsockDev is a hybrid virtio-vsock device supported
	// only on certain hypervisors, like firecracker.
	HybridVirtioVsockDev
)

type Endpoint 

type Endpoint interface {
	Properties() NetworkInfo
	Name() string
	HardwareAddr() string
	Type() EndpointType
	PciPath() vcTypes.PciPath
	NetworkPair() *NetworkInterfacePair

	SetProperties(NetworkInfo)
	SetPciPath(vcTypes.PciPath)
	Attach(context.Context, *Sandbox) error
	Detach(ctx context.Context, netNsCreated bool, netNsPath string) error
	HotAttach(ctx context.Context, h Hypervisor) error
	HotDetach(ctx context.Context, h Hypervisor, netNsCreated bool, netNsPath string) error

	GetRxRateLimiter() bool
	SetRxRateLimiter() error
	GetTxRateLimiter() bool
	SetTxRateLimiter() error
	// contains filtered or unexported methods
}

Endpoint represents a physical or virtual network interface.

type EndpointType 

type EndpointType string

EndpointType identifies the type of the network endpoint. 

const (
	// PhysicalEndpointType is the physical network interface.
	PhysicalEndpointType EndpointType = "physical"

	// VethEndpointType is the virtual network interface.
	VethEndpointType EndpointType = "virtual"

	// VhostUserEndpointType is the vhostuser network interface.
	VhostUserEndpointType EndpointType = "vhost-user"

	// MacvlanEndpointType is macvlan network interface.
	MacvlanEndpointType EndpointType = "macvlan"

	// MacvtapEndpointType is macvtap network interface.
	MacvtapEndpointType EndpointType = "macvtap"

	// TapEndpointType is tap network interface.
	TapEndpointType EndpointType = "tap"

	// TuntapEndpointType is a tap network interface.
	TuntapEndpointType EndpointType = "tuntap"

	// IPVlanEndpointType is ipvlan network interface.
	IPVlanEndpointType EndpointType = "ipvlan"
)

func (*EndpointType) Set 

func (endpointType *EndpointType) Set(value string) error

Set sets an endpoint type based on the input string.

func (*EndpointType) String 

func (endpointType *EndpointType) String() string

String converts an endpoint type to a string.

type ErrorMessage 

type ErrorMessage struct {
	Code    string `json:"code"`
	Message string `json:"message"`
}

type Factory 

type Factory interface {
	// Config returns base factory config.
	Config() VMConfig

	// GetVMStatus returns the status of the paused VM created by the base factory.
	GetVMStatus() []*pb.GrpcVMStatus

	// GetVM gets a new VM from the factory.
	GetVM(ctx context.Context, config VMConfig) (*VM, error)

	// GetBaseVM returns a paused VM created by the base factory.
	GetBaseVM(ctx context.Context, config VMConfig) (*VM, error)

	// CloseFactory closes and cleans up the factory.
	CloseFactory(ctx context.Context)
}

Factory controls how a new VM is created.

type FilesystemShare 

type FilesystemShare struct {
	sync.Mutex
	// contains filtered or unexported fields
}

func (*FilesystemShare) Cleanup 

func (f *FilesystemShare) Cleanup(ctx context.Context) error

func (*FilesystemShare) Logger 

func (f *FilesystemShare) Logger() *logrus.Entry

Logger returns a logrus logger appropriate for logging filesystem sharing messages

func (*FilesystemShare) Prepare 

func (f *FilesystemShare) Prepare(ctx context.Context) error

func (*FilesystemShare) ShareFile 

func (f *FilesystemShare) ShareFile(ctx context.Context, c *Container, m *Mount) (*SharedFile, error)

func (*FilesystemShare) ShareRootFilesystem 

func (f *FilesystemShare) ShareRootFilesystem(ctx context.Context, c *Container) (*SharedFile, error)

func (c *Container) shareRootfs(ctx context.Context) (*grpc.Storage, string, error) {

func (*FilesystemShare) StartFileEventWatcher 

func (f *FilesystemShare) StartFileEventWatcher(ctx context.Context) error

func (*FilesystemShare) StopFileEventWatcher 

func (f *FilesystemShare) StopFileEventWatcher(ctx context.Context)

func (*FilesystemShare) UnshareFile 

func (f *FilesystemShare) UnshareFile(ctx context.Context, c *Container, m *Mount) error

func (*FilesystemShare) UnshareRootFilesystem 

func (f *FilesystemShare) UnshareRootFilesystem(ctx context.Context, c *Container) error

type FilesystemSharer 

type FilesystemSharer interface {
	// Prepare will set the host filesystem up, making it ready
	// to share container files and directories with the guest.
	// It will be called before any container is running.
	//
	// For example, the Linux implementation would create and
	// prepare the host shared folders, and also make all
	// sandbox mounts ready to be shared.
	//
	// Implementation of this method must be idempotent and be
	// ready to potentially be called several times in a row,
	// without symmetric calls to Cleanup in between.
	Prepare(context.Context) error

	// Cleanup cleans the host filesystem up from the initial
	// setup created by Prepare.
	// It will be called after all containers are terminated.
	//
	// Implementation of this method must be idempotent and be
	// ready to potentially be called several times in a row,
	// without symmetric calls to Prepare in between.
	Cleanup(context.Context) error

	// ShareFile shares a file (a regular file or a directory)
	// from the host filesystem with a container running in the
	// guest. The host file to be shared is described by the
	// Mount argument.
	// This method should be called for each container file to
	// be shared with the guest.
	//
	// The returned SharedFile pointer describes how the file
	// should be shared between the host and the guest. If it
	// is nil, then the shared filed described by the Mount
	// argument will be ignored by the guest, i.e. it will NOT
	// be shared with the guest.
	ShareFile(context.Context, *Container, *Mount) (*SharedFile, error)

	// UnshareFile stops sharing a container file, described by
	// the Mount argument.
	UnshareFile(context.Context, *Container, *Mount) error

	// ShareRootFilesystem shares a container bundle rootfs with
	// the Kata guest, allowing the kata agent to eventually start
	// the container from that shared rootfs.
	ShareRootFilesystem(context.Context, *Container) (*SharedFile, error)

	// UnshareRootFilesystem stops sharing a container bundle
	// rootfs.
	UnshareRootFilesystem(context.Context, *Container) error

	// startFileEventWatcher is the event loop to detect changes in
	// specific volumes - configmap, secrets, downward-api, projected-volumes
	// and copy the changes to the guest
	StartFileEventWatcher(context.Context) error

	// Stops the event loop for file watcher
	StopFileEventWatcher(context.Context)
}

func NewFilesystemShare 

func NewFilesystemShare(s *Sandbox) (FilesystemSharer, error)

type FirecrackerInfo 

type FirecrackerInfo struct {
	Version string
	PID     int
}

FirecrackerInfo contains information related to the hypervisor that we want to store on disk

type FirecrackerMetrics 

type FirecrackerMetrics struct {
	// API Server related metrics.
	APIServer APIServerMetrics `json:"api_server"`
	// A block device's related metrics.
	Block BlockDeviceMetrics `json:"block"`
	// Metrics related to API GET requests.
	GetAPIRequests GetRequestsMetrics `json:"get_api_requests"`
	// Metrics related to the i8042 device.
	I8042 I8042DeviceMetrics `json:"i8042"`
	// Metrics related to performance measurements.
	LatenciesUs PerformanceMetrics `json:"latencies_us"`
	// Logging related metrics.
	Logger LoggerSystemMetrics `json:"logger"`
	// Metrics specific to MMDS functionality.
	Mmds MmdsMetrics `json:"mmds"`
	// A network device's related metrics.
	Net NetDeviceMetrics `json:"net"`
	// Metrics related to API PATCH requests.
	PatchAPIRequests PatchRequestsMetrics `json:"patch_api_requests"`
	// Metrics related to API PUT requests.
	PutAPIRequests PutRequestsMetrics `json:"put_api_requests"`
	// Metrics related to the RTC device.
	Rtc RTCDeviceMetrics `json:"rtc"`
	// Metrics related to seccomp filtering.
	Seccomp SeccompMetrics `json:"seccomp"`
	// Metrics related to a vcpu's functioning.
	Vcpu VcpuMetrics `json:"vcpu"`
	// Metrics related to the virtual machine manager.
	Vmm VmmMetrics `json:"vmm"`
	// Metrics related to the UART device.
	Uart SerialDeviceMetrics `json:"uart"`
	// Metrics related to signals.
	Signals SignalMetrics `json:"signals"`
	// Metrics related to virtio-vsockets.
	Vsock VsockDeviceMetrics `json:"vsock"`
}

Structure storing all metrics while enforcing serialization support on them.

type GetRequestsMetrics 

type GetRequestsMetrics struct {
	// Number of GETs for getting information on the instance.
	InstanceInfoCount uint64 `json:"instance_info_count"`
	// Number of failures when obtaining information on the current instance.
	InstanceInfoFails uint64 `json:"instance_info_fails"`
	// Number of GETs for getting status on attaching machine configuration.
	MachineCfgCount uint64 `json:"machine_cfg_count"`
	// Number of failures during GETs for getting information on the instance.
	MachineCfgFails uint64 `json:"machine_cfg_fails"`
}

Metrics related to API GET requests.

type HugetlbStats 

type HugetlbStats struct {
	// current res_counter usage for hugetlb
	Usage uint64 `json:"usage,omitempty"`
	// maximum usage ever recorded.
	MaxUsage uint64 `json:"max_usage,omitempty"`
	// number of times hugetlb usage allocation failure.
	Failcnt uint64 `json:"failcnt"`
}

HugetlbStats describes hugetable memory stats

type Hypervisor 

type Hypervisor interface {
	CreateVM(ctx context.Context, id string, network Network, hypervisorConfig *HypervisorConfig) error
	StartVM(ctx context.Context, timeout int) error

	// If wait is set, don't actively stop the sandbox:
	// just perform cleanup.
	StopVM(ctx context.Context, waitOnly bool) error
	PauseVM(ctx context.Context) error
	SaveVM() error
	ResumeVM(ctx context.Context) error
	AddDevice(ctx context.Context, devInfo interface{}, devType DeviceType) error
	HotplugAddDevice(ctx context.Context, devInfo interface{}, devType DeviceType) (interface{}, error)
	HotplugRemoveDevice(ctx context.Context, devInfo interface{}, devType DeviceType) (interface{}, error)
	ResizeMemory(ctx context.Context, memMB uint32, memoryBlockSizeMB uint32, probe bool) (uint32, MemoryDevice, error)
	ResizeVCPUs(ctx context.Context, vcpus uint32) (uint32, uint32, error)
	GetTotalMemoryMB(ctx context.Context) uint32
	GetVMConsole(ctx context.Context, sandboxID string) (string, string, error)
	Disconnect(ctx context.Context)
	Capabilities(ctx context.Context) types.Capabilities
	HypervisorConfig() HypervisorConfig
	GetThreadIDs(ctx context.Context) (VcpuThreadIDs, error)
	Cleanup(ctx context.Context) error

	GetPids() []int
	GetVirtioFsPid() *int

	Check() error

	Save() hv.HypervisorState
	Load(hv.HypervisorState)

	// generate the socket to communicate the host and guest
	GenerateSocket(id string) (interface{}, error)

	// check if hypervisor supports built-in rate limiter.
	IsRateLimiterBuiltin() bool
	// contains filtered or unexported methods
}

hypervisor is the virtcontainers hypervisor interface. The default hypervisor implementation is Qemu.

func NewHypervisor 

func NewHypervisor(hType HypervisorType) (Hypervisor, error)

NewHypervisor returns an hypervisor from a hypervisor type.

type HypervisorConfig 

type HypervisorConfig struct {

	// Supplementary group IDs.
	Groups []uint32

	// KernelPath is the guest kernel host path.
	KernelPath string

	// ImagePath is the guest image host path.
	ImagePath string

	// InitrdPath is the guest initrd image host path.
	// ImagePath and InitrdPath cannot be set at the same time.
	InitrdPath string

	// RootfsType is filesystem type of rootfs.
	RootfsType string

	// FirmwarePath is the bios host path
	FirmwarePath string

	// FirmwareVolumePath is the configuration volume path for the firmware
	FirmwareVolumePath string

	// MachineAccelerators are machine specific accelerators
	MachineAccelerators string

	// CPUFeatures are cpu specific features
	CPUFeatures string

	// HypervisorPath is the hypervisor executable host path.
	HypervisorPath string

	// HypervisorCtlPath is the hypervisor ctl executable host path.
	HypervisorCtlPath string

	// JailerPath is the jailer executable host path.
	JailerPath string

	// BlockDeviceDriver specifies the driver to be used for block device
	// either VirtioSCSI or VirtioBlock with the default driver being defaultBlockDriver
	BlockDeviceDriver string

	// HypervisorMachineType specifies the type of machine being
	// emulated.
	HypervisorMachineType string

	// MemoryPath is the memory file path of VM memory. Used when either BootToBeTemplate or
	// BootFromTemplate is true.
	MemoryPath string

	// DevicesStatePath is the VM device state file path. Used when either BootToBeTemplate or
	// BootFromTemplate is true.
	DevicesStatePath string

	// EntropySource is the path to a host source of
	// entropy (/dev/random, /dev/urandom or real hardware RNG device)
	EntropySource string

	// Shared file system type:
	//   - virtio-9p
	//   - virtio-fs (default)
	SharedFS string

	// Path for filesystem sharing
	SharedPath string

	// VirtioFSDaemon is the virtio-fs vhost-user daemon path
	VirtioFSDaemon string

	// VirtioFSCache cache mode for fs version cache
	VirtioFSCache string

	// File based memory backend root directory
	FileBackedMemRootDir string

	// VhostUserStorePath is the directory path where vhost-user devices
	// related folders, sockets and device nodes should be.
	VhostUserStorePath string

	// VhostUserDeviceReconnect is the timeout for reconnecting on non-server spdk sockets
	// when the remote end goes away. Zero disables reconnecting.
	VhostUserDeviceReconnect uint32

	// GuestCoredumpPath is the path in host for saving guest memory dump
	GuestMemoryDumpPath string

	// GuestHookPath is the path within the VM that will be used for 'drop-in' hooks
	GuestHookPath string

	// VMid is the id of the VM that create the hypervisor if the VM is created by the factory.
	// VMid is "" if the hypervisor is not created by the factory.
	VMid string

	// VMStorePath is the location on disk where VM information will persist
	VMStorePath string

	// VMStorePath is the location on disk where runtime information will persist
	RunStorePath string

	// SELinux label for the VM
	SELinuxProcessLabel string

	// HypervisorPathList is the list of hypervisor paths names allowed in annotations
	HypervisorPathList []string

	// HypervisorCtlPathList is the list of hypervisor control paths names allowed in annotations
	HypervisorCtlPathList []string

	// JailerPathList is the list of jailer paths names allowed in annotations
	JailerPathList []string

	// EntropySourceList is the list of valid entropy sources
	EntropySourceList []string

	// VirtioFSDaemonList is the list of valid virtiofs names for annotations
	VirtioFSDaemonList []string

	// VirtioFSExtraArgs passes options to virtiofsd daemon
	VirtioFSExtraArgs []string

	// Enable annotations by name
	EnableAnnotations []string

	// FileBackedMemRootList is the list of valid root directories values for annotations
	FileBackedMemRootList []string

	// PFlash image paths
	PFlash []string

	// VhostUserStorePathList is the list of valid values for vhost-user paths
	VhostUserStorePathList []string

	// SeccompSandbox is the qemu function which enables the seccomp feature
	SeccompSandbox string

	// BlockiDeviceAIO specifies the I/O API to be used.
	BlockDeviceAIO string

	// The socket to connect to the remote hypervisor implementation on
	RemoteHypervisorSocket string

	// The name of the sandbox (pod)
	SandboxName string

	// The name of the namespace of the sandbox (pod)
	SandboxNamespace string

	// The user maps to the uid.
	User string

	// KernelParams are additional guest kernel parameters.
	KernelParams []Param

	// HypervisorParams are additional hypervisor parameters.
	HypervisorParams []Param

	// SGXEPCSize specifies the size in bytes for the EPC Section.
	// Enable SGX. Hardware-based isolation and memory encryption.
	SGXEPCSize int64

	// DiskRateLimiterBwRate is used to control disk I/O bandwidth on VM level.
	// The same value, defined in bits per second, is used for inbound and outbound bandwidth.
	DiskRateLimiterBwMaxRate int64

	// DiskRateLimiterBwOneTimeBurst is used to control disk I/O bandwidth on VM level.
	// This increases the initial max rate and this initial extra credit does *NOT* replenish
	// and can be used for an *initial* burst of data.
	DiskRateLimiterBwOneTimeBurst int64

	// DiskRateLimiterOpsRate is used to control disk I/O operations on VM level.
	// The same value, defined in operations per second, is used for inbound and outbound bandwidth.
	DiskRateLimiterOpsMaxRate int64

	// DiskRateLimiterOpsOneTimeBurst is used to control disk I/O operations on VM level.
	// This increases the initial max rate and this initial extra credit does *NOT* replenish
	// and can be used for an *initial* burst of data.
	DiskRateLimiterOpsOneTimeBurst int64

	// RxRateLimiterMaxRate is used to control network I/O inbound bandwidth on VM level.
	RxRateLimiterMaxRate uint64

	// TxRateLimiterMaxRate is used to control network I/O outbound bandwidth on VM level.
	TxRateLimiterMaxRate uint64

	// NetRateLimiterBwRate is used to control network I/O bandwidth on VM level.
	// The same value, defined in bits per second, is used for inbound and outbound bandwidth.
	NetRateLimiterBwMaxRate int64

	// NetRateLimiterBwOneTimeBurst is used to control network I/O bandwidth on VM level.
	// This increases the initial max rate and this initial extra credit does *NOT* replenish
	// and can be used for an *initial* burst of data.
	NetRateLimiterBwOneTimeBurst int64

	// NetRateLimiterOpsRate is used to control network I/O operations on VM level.
	// The same value, defined in operations per second, is used for inbound and outbound bandwidth.
	NetRateLimiterOpsMaxRate int64

	// NetRateLimiterOpsOneTimeBurst is used to control network I/O operations on VM level.
	// This increases the initial max rate and this initial extra credit does *NOT* replenish
	// and can be used for an *initial* burst of data.
	NetRateLimiterOpsOneTimeBurst int64

	// MemOffset specifies memory space for nvdimm device
	MemOffset uint64

	// VFIODevices are used to get PCIe device info early before the sandbox
	// is started to make better PCIe topology decisions
	VFIODevices []config.DeviceInfo
	// VhostUserBlkDevices are handled differently in Q35 and Virt machine
	// type. capture them early before the sandbox to make better PCIe topology
	// decisions
	VhostUserBlkDevices []config.DeviceInfo

	// HotplugVFIO is used to indicate if devices need to be hotplugged on the
	// root port or a switch
	HotPlugVFIO config.PCIePort

	// ColdPlugVFIO is used to indicate if devices need to be coldplugged on the
	// root port, switch or no port
	ColdPlugVFIO config.PCIePort

	// NumVCPUs specifies default number of vCPUs for the VM.
	NumVCPUsF float32

	//DefaultMaxVCPUs specifies the maximum number of vCPUs for the VM.
	DefaultMaxVCPUs uint32

	// DefaultMem specifies default memory size in MiB for the VM.
	MemorySize uint32

	// DefaultMaxMemorySize specifies the maximum amount of RAM in MiB for the VM.
	DefaultMaxMemorySize uint64

	// DefaultBridges specifies default number of bridges for the VM.
	// Bridges can be used to hot plug devices
	DefaultBridges uint32

	// Msize9p is used as the msize for 9p shares
	Msize9p uint32

	// MemSlots specifies default memory slots the VM.
	MemSlots uint32

	// VirtioFSCacheSize is the DAX cache size in MiB
	VirtioFSCacheSize uint32

	// Size of virtqueues
	VirtioFSQueueSize uint32

	// User ID.
	Uid uint32

	// Group ID.
	Gid uint32

	// Timeout for actions e.g. startVM for the remote hypervisor
	RemoteHypervisorTimeout uint32

	// BlockDeviceCacheSet specifies cache-related options will be set to block devices or not.
	BlockDeviceCacheSet bool

	// BlockDeviceCacheDirect specifies cache-related options for block devices.
	// Denotes whether use of O_DIRECT (bypass the host page cache) is enabled.
	BlockDeviceCacheDirect bool

	// BlockDeviceCacheNoflush specifies cache-related options for block devices.
	// Denotes whether flush requests for the device are ignored.
	BlockDeviceCacheNoflush bool

	// DisableBlockDeviceUse disallows a block device from being used.
	DisableBlockDeviceUse bool

	// EnableIOThreads enables IO to be processed in a separate thread.
	// Supported currently for virtio-scsi driver.
	EnableIOThreads bool

	// Debug changes the default hypervisor and kernel parameters to
	// enable debug output where available.
	Debug bool

	// MemPrealloc specifies if the memory should be pre-allocated
	MemPrealloc bool

	// HugePages specifies if the memory should be pre-allocated from huge pages
	HugePages bool

	// VirtioMem is used to enable/disable virtio-mem
	VirtioMem bool

	// IOMMU specifies if the VM should have a vIOMMU
	IOMMU bool

	// IOMMUPlatform is used to indicate if IOMMU_PLATFORM is enabled for supported devices
	IOMMUPlatform bool

	// DisableNestingChecks is used to override customizations performed
	// when running on top of another VMM.
	DisableNestingChecks bool

	// DisableImageNvdimm is used to disable guest rootfs image nvdimm devices
	DisableImageNvdimm bool

	// GuestMemoryDumpPaging is used to indicate if enable paging
	// for QEMU dump-guest-memory command
	GuestMemoryDumpPaging bool

	// Enable confidential guest support.
	// Enable or disable different hardware features, ranging
	// from memory encryption to both memory and CPU-state encryption and integrity.
	ConfidentialGuest bool

	// Enable SEV-SNP guests on AMD machines capable of both
	SevSnpGuest bool

	// BootToBeTemplate used to indicate if the VM is created to be a template VM
	BootToBeTemplate bool

	// BootFromTemplate used to indicate if the VM should be created from a template VM
	BootFromTemplate bool

	// DisableVhostNet is used to indicate if host supports vhost_net
	DisableVhostNet bool

	// EnableVhostUserStore is used to indicate if host supports vhost-user-blk/scsi
	EnableVhostUserStore bool

	// GuestSwap Used to enable/disable swap in the guest
	GuestSwap bool

	// Rootless is used to enable rootless VMM process
	Rootless bool

	// Disable seccomp from the hypervisor process
	DisableSeccomp bool

	// Disable selinux from the hypervisor process
	DisableSeLinux bool

	// Disable selinux from the container process
	DisableGuestSeLinux bool

	// Use legacy serial for the guest console
	LegacySerial bool

	// ExtraMonitorSocket allows to add an extra HMP or QMP socket when the VMM is Qemu
	ExtraMonitorSocket govmmQemu.MonitorProtocol
	// contains filtered or unexported fields
}

HypervisorConfig is the hypervisor configuration. nolint: govet

func (*HypervisorConfig) AddCustomAsset 

func (conf *HypervisorConfig) AddCustomAsset(a *types.Asset) error

func (*HypervisorConfig) AddKernelParam 

func (conf *HypervisorConfig) AddKernelParam(p Param) error

AddKernelParam allows the addition of new kernel parameters to an existing hypervisor configuration.

func (*HypervisorConfig) CheckTemplateConfig 

func (conf *HypervisorConfig) CheckTemplateConfig() error

func (*HypervisorConfig) CustomHypervisorAsset 

func (conf *HypervisorConfig) CustomHypervisorAsset() bool

CustomHypervisorAsset returns true if the hypervisor asset is a custom one, false otherwise.

func (*HypervisorConfig) CustomImageAsset 

func (conf *HypervisorConfig) CustomImageAsset() bool

CustomImageAsset returns true if the image asset is a custom one, false otherwise.

func (*HypervisorConfig) CustomInitrdAsset 

func (conf *HypervisorConfig) CustomInitrdAsset() bool

CustomInitrdAsset returns true if the initrd asset is a custom one, false otherwise.

func (*HypervisorConfig) CustomKernelAsset 

func (conf *HypervisorConfig) CustomKernelAsset() bool

CustomKernelAsset returns true if the kernel asset is a custom one, false otherwise.

func (*HypervisorConfig) FirmwareAssetPath 

func (conf *HypervisorConfig) FirmwareAssetPath() (string, error)

FirmwareAssetPath returns the guest firmware path

func (*HypervisorConfig) FirmwareVolumeAssetPath 

func (conf *HypervisorConfig) FirmwareVolumeAssetPath() (string, error)

FirmwareVolumeAssetPath returns the guest firmware volume path

func (*HypervisorConfig) HypervisorAssetPath 

func (conf *HypervisorConfig) HypervisorAssetPath() (string, error)

HypervisorAssetPath returns the VM hypervisor path

func (*HypervisorConfig) HypervisorCtlAssetPath 

func (conf *HypervisorConfig) HypervisorCtlAssetPath() (string, error)

HypervisorCtlAssetPath returns the VM hypervisor ctl path

func (*HypervisorConfig) IfPVPanicEnabled 

func (conf *HypervisorConfig) IfPVPanicEnabled() bool

func (*HypervisorConfig) ImageAssetPath 

func (conf *HypervisorConfig) ImageAssetPath() (string, error)

ImageAssetPath returns the guest image path

func (*HypervisorConfig) ImageOrInitrdAssetPath 

func (conf *HypervisorConfig) ImageOrInitrdAssetPath() (string, types.AssetType, error)

ImageOrInitrdAssetPath returns an image or an initrd path, along with the corresponding asset type Annotation path is preferred to config path.

func (*HypervisorConfig) InitrdAssetPath 

func (conf *HypervisorConfig) InitrdAssetPath() (string, error)

InitrdAssetPath returns the guest initrd path

func (*HypervisorConfig) KernelAssetPath 

func (conf *HypervisorConfig) KernelAssetPath() (string, error)

KernelAssetPath returns the guest kernel path

func (HypervisorConfig) NumVCPUs 

func (conf HypervisorConfig) NumVCPUs() uint32

type HypervisorPidKey 

type HypervisorPidKey struct{}

HypervisorPidKey is the context key for hypervisor pid

type HypervisorType 

type HypervisorType string

HypervisorType describes an hypervisor type. 

const (
	// FirecrackerHypervisor is the FC hypervisor.
	FirecrackerHypervisor HypervisorType = "firecracker"

	// QemuHypervisor is the QEMU hypervisor.
	QemuHypervisor HypervisorType = "qemu"

	// AcrnHypervisor is the ACRN hypervisor.
	AcrnHypervisor HypervisorType = "acrn"

	// ClhHypervisor is the ICH hypervisor.
	ClhHypervisor HypervisorType = "clh"

	// StratovirtHypervisor is the StratoVirt hypervisor.
	StratovirtHypervisor HypervisorType = "stratovirt"

	// DragonballHypervisor is the Dragonball hypervisor.
	DragonballHypervisor HypervisorType = "dragonball"

	// VirtFrameworkHypervisor is the Darwin Virtualization.framework hypervisor
	VirtframeworkHypervisor HypervisorType = "virtframework"

	// RemoteHypervisor is the Remote hypervisor.
	RemoteHypervisor HypervisorType = "remote"

	// MockHypervisor is a mock hypervisor for testing purposes
	MockHypervisor HypervisorType = "mock"

	// MinHypervisorMemory is the minimum memory required for a VM.
	MinHypervisorMemory = 256
)

func (*HypervisorType) Set 

func (hType *HypervisorType) Set(value string) error

Set sets an hypervisor type based on the input string.

func (*HypervisorType) String 

func (hType *HypervisorType) String() string

String converts an hypervisor type to a string.

type I8042DeviceMetrics 

type I8042DeviceMetrics struct {
	// Errors triggered while using the i8042 device.
	ErrorCount uint64 `json:"error_count"`
	// Number of superfluous read intents on this i8042 device.
	MissedReadCount uint64 `json:"missed_read_count"`
	// Number of superfluous write intents on this i8042 device.
	MissedWriteCount uint64 `json:"missed_write_count"`
	// Bytes read by this device.
	ReadCount uint64 `json:"read_count"`
	// Number of resets done by this device.
	ResetCount uint64 `json:"reset_count"`
	// Bytes written by this device.
	WriteCount uint64 `json:"write_count"`
}

Metrics related to the i8042 device.

type IPVlanEndpoint 

type IPVlanEndpoint struct {
	EndpointType       EndpointType
	PCIPath            vcTypes.PciPath
	EndpointProperties NetworkInfo
	NetPair            NetworkInterfacePair
	RxRateLimiter      bool
	TxRateLimiter      bool
}

IPVlanEndpoint represents a ipvlan endpoint that is bridged to the VM

func (*IPVlanEndpoint) Attach 

func (endpoint *IPVlanEndpoint) Attach(ctx context.Context, s *Sandbox) error

Attach for ipvlan endpoint bridges the network pair and adds the tap interface of the network pair to the hypervisor.

func (*IPVlanEndpoint) Detach 

func (endpoint *IPVlanEndpoint) Detach(ctx context.Context, netNsCreated bool, netNsPath string) error

Detach for the ipvlan endpoint tears down the tap and bridge created for the veth interface.

func (*IPVlanEndpoint) GetRxRateLimiter 

func (endpoint *IPVlanEndpoint) GetRxRateLimiter() bool

func (*IPVlanEndpoint) GetTxRateLimiter 

func (endpoint *IPVlanEndpoint) GetTxRateLimiter() bool

func (*IPVlanEndpoint) HardwareAddr 

func (endpoint *IPVlanEndpoint) HardwareAddr() string

HardwareAddr returns the mac address that is assigned to the tap interface in th network pair.

func (*IPVlanEndpoint) HotAttach 

func (endpoint *IPVlanEndpoint) HotAttach(ctx context.Context, h Hypervisor) error

func (*IPVlanEndpoint) HotDetach 

func (endpoint *IPVlanEndpoint) HotDetach(ctx context.Context, h Hypervisor, netNsCreated bool, netNsPath string) error

func (*IPVlanEndpoint) Name 

func (endpoint *IPVlanEndpoint) Name() string

Name returns name of the veth interface in the network pair.

func (*IPVlanEndpoint) NetworkPair 

func (endpoint *IPVlanEndpoint) NetworkPair() *NetworkInterfacePair

NetworkPair returns the network pair of the endpoint.

func (*IPVlanEndpoint) PciPath 

func (endpoint *IPVlanEndpoint) PciPath() vcTypes.PciPath

PciPath returns the PCI path of the endpoint.

func (*IPVlanEndpoint) Properties 

func (endpoint *IPVlanEndpoint) Properties() NetworkInfo

Properties returns properties of the interface.

func (*IPVlanEndpoint) SetPciPath 

func (endpoint *IPVlanEndpoint) SetPciPath(pciPath vcTypes.PciPath)

SetPciPath sets the PCI path of the endpoint.

func (*IPVlanEndpoint) SetProperties 

func (endpoint *IPVlanEndpoint) SetProperties(properties NetworkInfo)

SetProperties sets the properties for the endpoint.

func (*IPVlanEndpoint) SetRxRateLimiter 

func (endpoint *IPVlanEndpoint) SetRxRateLimiter() error

func (*IPVlanEndpoint) SetTxRateLimiter 

func (endpoint *IPVlanEndpoint) SetTxRateLimiter() error

func (*IPVlanEndpoint) Type 

func (endpoint *IPVlanEndpoint) Type() EndpointType

Type identifies the endpoint as a ipvlan endpoint.

type Interface 

type Interface interface {
	CheckStatus() (DaemonInfo, error)
	Mount(string, *MountRequest) error
	Umount(sharedMountPoint string) error
}

func NewNydusClient 

func NewNydusClient(sock string) (Interface, error)

type KataAgentConfig 

type KataAgentConfig struct {
	KernelModules      []string
	ContainerPipeSize  uint32
	DialTimeout        uint32
	LongLiveConn       bool
	Debug              bool
	Trace              bool
	EnableDebugConsole bool
	Policy             string
}

KataAgentConfig is a structure storing information needed to reach the Kata Containers agent.

type KataAgentState 

type KataAgentState struct {
	URL string
}

KataAgentState is the structure describing the data stored from this agent implementation.

type Kernel 

type Kernel struct {
	// Path is the guest kernel path on the host filesystem.
	Path string

	// InitrdPath is the guest initrd path on the host filesystem.
	ImagePath string

	// Params is the kernel parameters string.
	Params string
}

Kernel is the guest kernel configuration structure.

type LPCDevice 

type LPCDevice struct {
	// Emul is a string describing the type of PCI device e.g. virtio-net
	Emul string

	// Function is PCI function. Func can be from 0 to 7
	Function int
}

LPCDevice represents a acrn LPC device

func (LPCDevice) AcrnParams 

func (lpcDev LPCDevice) AcrnParams(slot int, config *Config) []string

AcrnParams returns the acrn parameters built out of this bridge device.

func (LPCDevice) Valid 

func (lpcDev LPCDevice) Valid() bool

Valid returns true if the BridgeDevice structure is valid and complete.

type LinuxNetwork 

type LinuxNetwork struct {
	// contains filtered or unexported fields
}

LinuxNetwork represents a sandbox networking setup.

func (*LinuxNetwork) AddEndpoints 

func (n *LinuxNetwork) AddEndpoints(ctx context.Context, s *Sandbox, endpointsInfo []NetworkInfo, hotplug bool) ([]Endpoint, error)

Add adds all needed interfaces inside the network namespace.

func (*LinuxNetwork) Endpoints 

func (n *LinuxNetwork) Endpoints() []Endpoint

func (*LinuxNetwork) GetEndpointsNum 

func (n *LinuxNetwork) GetEndpointsNum() (int, error)

func (*LinuxNetwork) NetworkCreated 

func (n *LinuxNetwork) NetworkCreated() bool

func (*LinuxNetwork) NetworkID 

func (n *LinuxNetwork) NetworkID() string

Network getters

func (*LinuxNetwork) RemoveEndpoints 

func (n *LinuxNetwork) RemoveEndpoints(ctx context.Context, s *Sandbox, endpoints []Endpoint, hotplug bool) error

Remove network endpoints in the network namespace. It also deletes the network namespace in case the namespace has been created by us.

func (*LinuxNetwork) Run 

func (n *LinuxNetwork) Run(ctx context.Context, cb func() error) error

Run runs a callback in the specified network namespace.

func (*LinuxNetwork) SetEndpoints 

func (n *LinuxNetwork) SetEndpoints(endpoints []Endpoint)

type LoggerSystemMetrics 

type LoggerSystemMetrics struct {
	// Number of misses on flushing metrics.
	MissedMetricsCount uint64 `json:"missed_metrics_count"`
	// Number of errors during metrics handling.
	MetricsFails uint64 `json:"metrics_fails"`
	// Number of misses on logging human readable content.
	MissedLogCount uint64 `json:"missed_log_count"`
	// Number of errors while trying to log human readable content.
	LogFails uint64 `json:"log_fails"`
}

Logging related metrics.

type MacvlanEndpoint 

type MacvlanEndpoint struct {
	EndpointType       EndpointType
	PCIPath            vcTypes.PciPath
	EndpointProperties NetworkInfo
	NetPair            NetworkInterfacePair
	RxRateLimiter      bool
	TxRateLimiter      bool
}

MacvlanEndpoint represents a macvlan endpoint that is bridged to the VM

func (*MacvlanEndpoint) Attach 

func (endpoint *MacvlanEndpoint) Attach(ctx context.Context, s *Sandbox) error

Attach for virtual endpoint bridges the network pair and adds the tap interface of the network pair to the hypervisor.

func (*MacvlanEndpoint) Detach 

func (endpoint *MacvlanEndpoint) Detach(ctx context.Context, netNsCreated bool, netNsPath string) error

Detach for the virtual endpoint tears down the tap and bridge created for the veth interface.

func (*MacvlanEndpoint) GetRxRateLimiter 

func (endpoint *MacvlanEndpoint) GetRxRateLimiter() bool

func (*MacvlanEndpoint) GetTxRateLimiter 

func (endpoint *MacvlanEndpoint) GetTxRateLimiter() bool

func (*MacvlanEndpoint) HardwareAddr 

func (endpoint *MacvlanEndpoint) HardwareAddr() string

HardwareAddr returns the mac address that is assigned to the tap interface in th network pair.

func (*MacvlanEndpoint) HotAttach 

func (endpoint *MacvlanEndpoint) HotAttach(ctx context.Context, h Hypervisor) error

func (*MacvlanEndpoint) HotDetach 

func (endpoint *MacvlanEndpoint) HotDetach(ctx context.Context, h Hypervisor, netNsCreated bool, netNsPath string) error

func (*MacvlanEndpoint) Name 

func (endpoint *MacvlanEndpoint) Name() string

Name returns name of the veth interface in the network pair.

func (*MacvlanEndpoint) NetworkPair 

func (endpoint *MacvlanEndpoint) NetworkPair() *NetworkInterfacePair

NetworkPair returns the network pair of the endpoint.

func (*MacvlanEndpoint) PciPath 

func (endpoint *MacvlanEndpoint) PciPath() vcTypes.PciPath

PciPath returns the PCI path of the endpoint.

func (*MacvlanEndpoint) Properties 

func (endpoint *MacvlanEndpoint) Properties() NetworkInfo

Properties returns properties of the interface.

func (*MacvlanEndpoint) SetPciPath 

func (endpoint *MacvlanEndpoint) SetPciPath(pciPath vcTypes.PciPath)

SetPciPath sets the PCI path of the endpoint.

func (*MacvlanEndpoint) SetProperties 

func (endpoint *MacvlanEndpoint) SetProperties(properties NetworkInfo)

SetProperties sets the properties for the endpoint.

func (*MacvlanEndpoint) SetRxRateLimiter 

func (endpoint *MacvlanEndpoint) SetRxRateLimiter() error

func (*MacvlanEndpoint) SetTxRateLimiter 

func (endpoint *MacvlanEndpoint) SetTxRateLimiter() error

func (*MacvlanEndpoint) Type 

func (endpoint *MacvlanEndpoint) Type() EndpointType

Type identifies the endpoint as a bridged macvlan endpoint.

type MacvtapEndpoint 

type MacvtapEndpoint struct {
	EndpointProperties NetworkInfo
	EndpointType       EndpointType
	VMFds              []*os.File
	VhostFds           []*os.File
	PCIPath            vcTypes.PciPath
	RxRateLimiter      bool
	TxRateLimiter      bool
}

MacvtapEndpoint represents a macvtap endpoint

func (*MacvtapEndpoint) Attach 

func (endpoint *MacvtapEndpoint) Attach(ctx context.Context, s *Sandbox) error

Attach for macvtap endpoint passes macvtap device to the hypervisor.

func (*MacvtapEndpoint) Detach 

func (endpoint *MacvtapEndpoint) Detach(ctx context.Context, netNsCreated bool, netNsPath string) error

Detach for macvtap endpoint does nothing.

func (*MacvtapEndpoint) GetRxRateLimiter 

func (endpoint *MacvtapEndpoint) GetRxRateLimiter() bool

func (*MacvtapEndpoint) GetTxRateLimiter 

func (endpoint *MacvtapEndpoint) GetTxRateLimiter() bool

func (*MacvtapEndpoint) HardwareAddr 

func (endpoint *MacvtapEndpoint) HardwareAddr() string

HardwareAddr returns the mac address of the macvtap network interface.

func (*MacvtapEndpoint) HotAttach 

func (endpoint *MacvtapEndpoint) HotAttach(ctx context.Context, h Hypervisor) error

HotAttach for macvtap endpoint not supported yet

func (*MacvtapEndpoint) HotDetach 

func (endpoint *MacvtapEndpoint) HotDetach(ctx context.Context, h Hypervisor, netNsCreated bool, netNsPath string) error

HotDetach for macvtap endpoint not supported yet

func (*MacvtapEndpoint) Name 

func (endpoint *MacvtapEndpoint) Name() string

Name returns name of the macvtap interface.

func (*MacvtapEndpoint) NetworkPair 

func (endpoint *MacvtapEndpoint) NetworkPair() *NetworkInterfacePair

NetworkPair returns the network pair of the endpoint.

func (*MacvtapEndpoint) PciPath 

func (endpoint *MacvtapEndpoint) PciPath() vcTypes.PciPath

PciPath returns the PCI path of the endpoint.

func (*MacvtapEndpoint) Properties 

func (endpoint *MacvtapEndpoint) Properties() NetworkInfo

Properties returns the properties of the macvtap interface.

func (*MacvtapEndpoint) SetPciPath 

func (endpoint *MacvtapEndpoint) SetPciPath(pciPath vcTypes.PciPath)

SetPciPath sets the PCI path of the endpoint.

func (*MacvtapEndpoint) SetProperties 

func (endpoint *MacvtapEndpoint) SetProperties(properties NetworkInfo)

SetProperties sets the properties of the macvtap endpoint.

func (*MacvtapEndpoint) SetRxRateLimiter 

func (endpoint *MacvtapEndpoint) SetRxRateLimiter() error

func (*MacvtapEndpoint) SetTxRateLimiter 

func (endpoint *MacvtapEndpoint) SetTxRateLimiter() error

func (*MacvtapEndpoint) Type 

func (endpoint *MacvtapEndpoint) Type() EndpointType

Type indentifies the endpoint as a macvtap endpoint.

type Memory 

type Memory struct {
	// Size is the amount of memory made available to the guest.
	// It should be suffixed with M or G for sizes in megabytes or
	// gigabytes respectively.
	Size string
}

Memory is the guest memory configuration structure.

type MemoryData 

type MemoryData struct {
	Usage    uint64 `json:"usage,omitempty"`
	MaxUsage uint64 `json:"max_usage,omitempty"`
	Failcnt  uint64 `json:"failcnt"`
	Limit    uint64 `json:"limit"`
}

MemoryData gather the data related to memory

type MemoryDevice 

type MemoryDevice struct {
	Slot   int
	SizeMB int
	Addr   uint64
	Probe  bool
}

type MemoryStats 

type MemoryStats struct {
	Stats map[string]uint64 `json:"stats,omitempty"`
	// usage of memory
	Usage MemoryData `json:"usage,omitempty"`
	// usage of memory  swap
	SwapUsage MemoryData `json:"swap_usage,omitempty"`
	// usage of kernel memory
	KernelUsage MemoryData `json:"kernel_usage,omitempty"`
	// usage of kernel TCP memory
	KernelTCPUsage MemoryData `json:"kernel_tcp_usage,omitempty"`
	// memory used for cache
	Cache uint64 `json:"cache,omitempty"`
	// if true, memory usage is accounted for throughout a hierarchy of cgroups.
	UseHierarchy bool `json:"use_hierarchy"`
}

MemoryStats describes the memory stats

type MmdsMetrics 

type MmdsMetrics struct {
	// Number of frames rerouted to MMDS.
	RxAccepted uint64 `json:"rx_accepted"`
	// Number of errors while handling a frame through MMDS.
	RxAcceptedErr uint64 `json:"rx_accepted_err"`
	// Number of uncommon events encountered while processing packets through MMDS.
	RxAcceptedUnusual uint64 `json:"rx_accepted_unusual"`
	// The number of buffers which couldn't be parsed as valid Ethernet frames by the MMDS.
	RxBadEth uint64 `json:"rx_bad_eth"`
	// The total number of successful receive operations by the MMDS.
	RxCount uint64 `json:"rx_count"`
	// The total number of bytes sent by the MMDS.
	TxBytes uint64 `json:"tx_bytes"`
	// The total number of successful send operations by the MMDS.
	TxCount uint64 `json:"tx_count"`
	// The number of errors raised by the MMDS while attempting to send frames/packets/segments.
	TxErrors uint64 `json:"tx_errors"`
	// The number of frames sent by the MMDS.
	TxFrames uint64 `json:"tx_frames"`
	// The number of connections successfully accepted by the MMDS TCP handler.
	ConnectionsCreated uint64 `json:"connections_created"`
	// The number of connections cleaned up by the MMDS TCP handler.
	ConnectionsDestroyed uint64 `json:"connections_destroyed"`
}

Metrics specific to MMDS functionality.

type Mount 

type Mount struct {
	// Source is the source of the mount.
	Source string
	// Destination is the destination of the mount (within the container).
	Destination string

	// Type specifies the type of filesystem to mount.
	Type string

	// HostPath used to store host side bind mount path
	HostPath string

	// GuestDeviceMount represents the path within the VM that the device
	// is mounted. Only relevant for block devices. This is tracked in the event
	// runtime wants to query the agent for mount stats.
	GuestDeviceMount string

	// BlockDeviceID represents block device that is attached to the
	// VM in case this mount is a block device file or a directory
	// backed by a block device.
	BlockDeviceID string

	// Options list all the mount options of the filesystem.
	Options []string

	// ReadOnly specifies if the mount should be read only or not
	ReadOnly bool

	// FSGroup a group ID that the group ownership of the files for the mounted volume
	// will need to be changed when set.
	FSGroup *int

	// FSGroupChangePolicy specifies the policy that will be used when applying
	// group id ownership change for a volume.
	FSGroupChangePolicy volume.FSGroupChangePolicy
}

Mount describes a container mount. nolint: govet

type MountOption 

type MountOption struct {
	// contains filtered or unexported fields
}

type MountRequest 

type MountRequest struct {
	FsType string `json:"fs_type"`
	Source string `json:"source"`
	Config string `json:"config"`
}

func NewMountRequest 

func NewMountRequest(fsType, source, config string) *MountRequest

type NetDevice 

type NetDevice struct {
	// Type is the netdev type (e.g. tap).
	Type NetDeviceType

	// IfName is the interface name
	IFName string

	//MACAddress is the networking device interface MAC address
	MACAddress string
}

NetDevice represents a guest networking device

func (NetDevice) AcrnNetdevParam 

func (netdev NetDevice) AcrnNetdevParam() []string

AcrnNetdevParam converts to the acrn type to string

func (NetDevice) AcrnParams 

func (netdev NetDevice) AcrnParams(slot int, config *Config) []string

AcrnParams returns the acrn parameters built out of this network device.

func (NetDevice) Valid 

func (netdev NetDevice) Valid() bool

Valid returns true if the NetDevice structure is valid and complete.

type NetDeviceMetrics 

type NetDeviceMetrics struct {
	// Number of times when activate failed on a network device.
	ActivateFails uint64 `json:"activate_fails"`
	// Number of times when interacting with the space config of a network device failed.
	CfgFails          uint64 `json:"cfg_fails"`
	MacAddressUpdates uint64 `json:"mac_address_updates"`
	// No available buffer for the net device rx queue.
	NoRxAvailBuffer uint64 `json:"no_rx_avail_buffer"`
	// No available buffer for the net device tx queue.
	NoTxAvailBuffer uint64 `json:"no_tx_avail_buffer"`
	// Number of times when handling events on a network device failed.
	EventFails uint64 `json:"event_fails"`
	// Number of events associated with the receiving queue.
	RxQueueEventCount uint64 `json:"rx_queue_event_count"`
	// Number of events associated with the rate limiter installed on the receiving path.
	RxEventRateLimiterCount uint64 `json:"rx_event_rate_limiter_count"`
	// Number of RX partial writes to guest.
	RxPartialWrites uint64 `json:"rx_partial_writes"`
	// Number of RX rate limiter throttling events.
	RxRateLimiterThrottled uint64 `json:"rx_rate_limiter_throttled"`
	// Number of events received on the associated tap.
	RxTapEventCount uint64 `json:"rx_tap_event_count"`
	// Number of bytes received.
	RxBytesCount uint64 `json:"rx_bytes_count"`
	// Number of packets received.
	RxPacketsCount uint64 `json:"rx_packets_count"`
	// Number of errors while receiving data.
	RxFails uint64 `json:"rx_fails"`
	// Number of successful read operations while receiving data.
	RxCount uint64 `json:"rx_count"`
	// Number of times reading from TAP failed.
	TapReadFails uint64 `json:"tap_read_fails"`
	// Number of times writing to TAP failed.
	TapWriteFails uint64 `json:"tap_write_fails"`
	// Number of transmitted bytes.
	TxBytesCount uint64 `json:"tx_bytes_count"`
	// Number of malformed TX frames.
	TxMalformedFrames uint64 `json:"tx_malformed_frames"`
	// Number of errors while transmitting data.
	TxFails uint64 `json:"tx_fails"`
	// Number of successful write operations while transmitting data.
	TxCount uint64 `json:"tx_count"`
	// Number of transmitted packets.
	TxPacketsCount uint64 `json:"tx_packets_count"`
	// Number of TX partial reads from guest.
	TxPartialReads uint64 `json:"tx_partial_reads"`
	// Number of events associated with the transmitting queue.
	TxQueueEventCount uint64 `json:"tx_queue_event_count"`
	// Number of events associated with the rate limiter installed on the transmitting path.
	TxRateLimiterEventCount uint64 `json:"tx_rate_limiter_event_count"`
	// Number of RX rate limiter throttling events.
	TxRateLimiterThrottled uint64 `json:"tx_rate_limiter_throttled"`
	// Number of packets with a spoofed mac, sent by the guest.
	TxSpoofedMacCount uint64 `json:"tx_spoofed_mac_count"`
}

A network device's related metrics.

type NetDeviceType 

type NetDeviceType string

NetDeviceType is a acrn networking device type. 

const (
	// TAP is a TAP networking device type.
	TAP NetDeviceType = "tap"

	// MACVTAP is a macvtap networking device type.
	MACVTAP NetDeviceType = "macvtap"
)

type NetInterworkingModel 

type NetInterworkingModel int

NetInterworkingModel defines the network model connecting the network interface to the virtual machine. 

const (
	// NetXConnectDefaultModel Ask to use DefaultNetInterworkingModel
	NetXConnectDefaultModel NetInterworkingModel = iota

	// NetXConnectMacVtapModel can be used when the Container network
	// interface can be bridged using macvtap
	NetXConnectMacVtapModel

	// NetXConnectTCFilterModel redirects traffic from the network interface
	// provided by the network plugin to a tap interface.
	// This works for ipvlan and macvlan as well.
	NetXConnectTCFilterModel

	// NetXConnectNoneModel can be used when the VM is in the host network namespace
	NetXConnectNoneModel

	// NetXConnectInvalidModel is the last item to Check valid values by IsValid()
	NetXConnectInvalidModel
)

func (*NetInterworkingModel) GetModel 

func (n *NetInterworkingModel) GetModel() string

GetModel returns the string value of a NetInterworkingModel

func (NetInterworkingModel) IsValid 

func (n NetInterworkingModel) IsValid() bool

IsValid checks if a model is valid

func (*NetInterworkingModel) SetModel 

func (n *NetInterworkingModel) SetModel(modelName string) error

SetModel change the model string value

type NetlinkIface 

type NetlinkIface struct {
	netlink.LinkAttrs
	Type string
}

NetlinkIface describes fully a network interface.

type Network 

type Network interface {
	// AddEndpoint adds endpoints to a sandbox's network.
	// If the NetworkInfo slice is empty, implementations are expected to scan
	// the sandbox's network for all existing endpoints.
	AddEndpoints(context.Context, *Sandbox, []NetworkInfo, bool) ([]Endpoint, error)

	// RemoveEndpoints removes endpoints from the sandbox's network.
	// If the the endpoint slice is empty, all endpoints will be removed.
	// If the network has been created by virtcontainers, Remove also deletes
	// the network.
	RemoveEndpoints(context.Context, *Sandbox, []Endpoint, bool) error

	// Run runs a callback in a sandbox's network.
	Run(context.Context, func() error) error

	// NetworkID returns a network unique identifier,
	// like e,g. a networking namespace on Linux hosts.
	NetworkID() string

	// NetworkCreated returns true if the network has been created
	// by virtcontainers.
	NetworkCreated() bool

	// Endpoints returns the list of networking endpoints attached to
	// the host network.
	Endpoints() []Endpoint

	// SetEndpoints sets a sandbox's network endpoints.
	SetEndpoints([]Endpoint)

	// GetEndpoints number of sandbox's network endpoints.
	GetEndpointsNum() (int, error)
}

func LoadNetwork 

func LoadNetwork(netInfo persistapi.NetworkInfo) Network

func NewNetwork 

func NewNetwork(configs ...*NetworkConfig) (Network, error)

NewNetwork creates a new Linux Network from a NetworkConfig. The constructor is overloaded as it can be called with 0 or 1 argument. The former is used to create empty networks, mostly for unit testing. Passing more than one NetworkConfig pointer will make the constructor fail.

type NetworkConfig 

type NetworkConfig struct {
	NetworkID         string
	InterworkingModel NetInterworkingModel
	NetworkCreated    bool
	DisableNewNetwork bool
}

NetworkConfig is the network configuration related to a network.

type NetworkInfo 

type NetworkInfo struct {
	Iface     NetlinkIface
	DNS       DNSInfo
	Link      netlink.Link
	Addrs     []netlink.Addr
	Routes    []netlink.Route
	Neighbors []netlink.Neigh
}

NetworkInfo gathers all information related to a network interface. It can be used to store the description of the underlying network.

type NetworkInterface 

type NetworkInterface struct {
	Name     string
	HardAddr string
	Addrs    []netlink.Addr
}

NetworkInterface defines a network interface.

type NetworkInterfacePair 

type NetworkInterfacePair struct {
	TapInterface
	VirtIface NetworkInterface
	NetInterworkingModel
}

NetworkInterfacePair defines a pair between VM and virtual network interfaces.

type NetworkStats 

type NetworkStats struct {
	// Name is the name of the network interface.
	Name string `json:"name,omitempty"`

	RxBytes   uint64 `json:"rx_bytes,omitempty"`
	RxPackets uint64 `json:"rx_packets,omitempty"`
	RxErrors  uint64 `json:"rx_errors,omitempty"`
	RxDropped uint64 `json:"rx_dropped,omitempty"`
	TxBytes   uint64 `json:"tx_bytes,omitempty"`
	TxPackets uint64 `json:"tx_packets,omitempty"`
	TxErrors  uint64 `json:"tx_errors,omitempty"`
	TxDropped uint64 `json:"tx_dropped,omitempty"`
}

NetworkStats describe all network stats.

type NydusClient 

type NydusClient struct {
	// contains filtered or unexported fields
}

func (*NydusClient) CheckStatus 

func (c *NydusClient) CheckStatus() (DaemonInfo, error)

func (*NydusClient) Mount 

func (c *NydusClient) Mount(mountPoint string, mr *MountRequest) error

func (*NydusClient) Umount 

func (c *NydusClient) Umount(mountPoint string) error

type Operation 

type Operation int
const (
	AddDevice Operation = iota
	RemoveDevice
)

type Param 

type Param struct {
	Key   string
	Value string
}

Param is a key/value representation for hypervisor and kernel parameters.

func DeserializeParams 

func DeserializeParams(parameters []string) []Param

DeserializeParams converts []string to []Param

func GetKernelRootParams 

func GetKernelRootParams(rootfstype string, disableNvdimm bool, dax bool) ([]Param, error)

func KataAgentKernelParams 

func KataAgentKernelParams(config KataAgentConfig) []Param

KataAgentKernelParams returns a list of Kata Agent specific kernel parameters.

type PatchRequestsMetrics 

type PatchRequestsMetrics struct {
	// Number of tries to PATCH a block device.
	DriveCount uint64 `json:"drive_count"`
	// Number of failures in PATCHing a block device.
	DriveFails uint64 `json:"drive_fails"`
	// Number of tries to PATCH a net device.
	NetworkCount uint64 `json:"network_count"`
	// Number of failures in PATCHing a net device.
	NetworkFails uint64 `json:"network_fails"`
	// Number of PATCHs for configuring the machine.
	MachineCfgCount uint64 `json:"machine_cfg_count"`
	// Number of failures in configuring the machine.
	MachineCfgFails uint64 `json:"machine_cfg_fails"`
}

Metrics related to API PATCH requests.

type PerformanceMetrics 

type PerformanceMetrics struct {
	// Measures the snapshot full create time, at the API (user) level, in microseconds.
	FullCreateSnapshot uint64 `json:"full_create_snapshot"`
	// Measures the snapshot diff create time, at the API (user) level, in microseconds.
	DiffCreateSnapshot uint64 `json:"diff_create_snapshot"`
	// Measures the snapshot Load time, at the API (user) level, in microseconds.
	LoadSnapshot uint64 `json:"load_snapshot"`
	// Measures the microVM pausing duration, at the API (user) level, in microseconds.
	PauseVM uint64 `json:"pause_vm"`
	// Measures the microVM resuming duration, at the API (user) level, in microseconds.
	ResumeVM uint64 `json:"resume_vm"`
	// Measures the snapshot full create time, at the VMM level, in microseconds.
	VmmFullCreateSnapshot uint64 `json:"vmm_full_create_snapshot"`
	// Measures the snapshot diff create time, at the VMM level, in microseconds.
	VmmDiffCreateSnapshot uint64 `json:"vmm_diff_create_snapshot"`
	// Measures the snapshot Load time, at the VMM level, in microseconds.
	VmmLoadSnapshot uint64 `json:"vmm_load_snapshot"`
	// Measures the microVM pausing duration, at the VMM level, in microseconds.
	VmmPauseVM uint64 `json:"vmm_pause_vm"`
	// Measures the microVM resuming duration, at the VMM level, in microseconds.
	VmmResumeVM uint64 `json:"vmm_resume_vm"`
}

Metrics related to performance measurements.

type PhysicalEndpoint 

type PhysicalEndpoint struct {
	IfaceName          string
	HardAddr           string
	EndpointProperties NetworkInfo
	EndpointType       EndpointType
	BDF                string
	Driver             string
	VendorDeviceID     string
	PCIPath            vcTypes.PciPath
}

PhysicalEndpoint gathers a physical network interface and its properties

func (*PhysicalEndpoint) Attach 

func (endpoint *PhysicalEndpoint) Attach(ctx context.Context, s *Sandbox) error

Attach for physical endpoint binds the physical network interface to vfio-pci and adds device to the hypervisor with vfio-passthrough.

func (*PhysicalEndpoint) Detach 

func (endpoint *PhysicalEndpoint) Detach(ctx context.Context, netNsCreated bool, netNsPath string) error

Detach for physical endpoint unbinds the physical network interface from vfio-pci and binds it back to the saved host driver.

func (*PhysicalEndpoint) GetRxRateLimiter 

func (endpoint *PhysicalEndpoint) GetRxRateLimiter() bool

unsupported

func (*PhysicalEndpoint) GetTxRateLimiter 

func (endpoint *PhysicalEndpoint) GetTxRateLimiter() bool

unsupported

func (*PhysicalEndpoint) HardwareAddr 

func (endpoint *PhysicalEndpoint) HardwareAddr() string

HardwareAddr returns the mac address of the physical network interface.

func (*PhysicalEndpoint) HotAttach 

func (endpoint *PhysicalEndpoint) HotAttach(ctx context.Context, h Hypervisor) error

HotAttach for physical endpoint not supported yet

func (*PhysicalEndpoint) HotDetach 

func (endpoint *PhysicalEndpoint) HotDetach(ctx context.Context, h Hypervisor, netNsCreated bool, netNsPath string) error

HotDetach for physical endpoint not supported yet

func (*PhysicalEndpoint) Name 

func (endpoint *PhysicalEndpoint) Name() string

Name returns name of the physical interface.

func (*PhysicalEndpoint) NetworkPair 

func (endpoint *PhysicalEndpoint) NetworkPair() *NetworkInterfacePair

NetworkPair returns the network pair of the endpoint.

func (*PhysicalEndpoint) PciPath 

func (endpoint *PhysicalEndpoint) PciPath() vcTypes.PciPath

PciPath returns the PCI path of the endpoint.

func (*PhysicalEndpoint) Properties 

func (endpoint *PhysicalEndpoint) Properties() NetworkInfo

Properties returns the properties of the physical interface.

func (*PhysicalEndpoint) SetPciPath 

func (endpoint *PhysicalEndpoint) SetPciPath(pciPath vcTypes.PciPath)

SetPciPath sets the PCI path of the endpoint.

func (*PhysicalEndpoint) SetProperties 

func (endpoint *PhysicalEndpoint) SetProperties(properties NetworkInfo)

SetProperties sets the properties of the physical endpoint.

func (*PhysicalEndpoint) SetRxRateLimiter 

func (endpoint *PhysicalEndpoint) SetRxRateLimiter() error

func (*PhysicalEndpoint) SetTxRateLimiter 

func (endpoint *PhysicalEndpoint) SetTxRateLimiter() error

func (*PhysicalEndpoint) Type 

func (endpoint *PhysicalEndpoint) Type() EndpointType

Type indentifies the endpoint as a physical endpoint.

type PidsStats 

type PidsStats struct {
	// number of pids in the cgroup
	Current uint64 `json:"current,omitempty"`
	// active pids hard limit
	Limit uint64 `json:"limit,omitempty"`
}

PidsStats describes the pids stats

type Process 

type Process struct {
	StartTime time.Time

	// Token is the process execution context ID. It must be
	// unique per sandbox.
	// Token is used to manipulate processes for containers
	// that have not started yet, and later identify them
	// uniquely within a sandbox.
	Token string

	// Pid is the process ID as seen by the host software
	// stack, e.g. CRI-O, containerd. This is typically the
	// shim PID.
	Pid int
}

Process gathers data related to a container process.

type PutRequestsMetrics 

type PutRequestsMetrics struct {
	// Number of PUTs triggering an action on the VM.
	ActionsCount uint64 `json:"actions_count"`
	// Number of failures in triggering an action on the VM.
	ActionsFails uint64 `json:"actions_fails"`
	// Number of PUTs for attaching source of boot.
	BootSourceCount uint64 `json:"boot_source_count"`
	// Number of failures during attaching source of boot.
	BootSourceFails uint64 `json:"boot_source_fails"`
	// Number of PUTs triggering a block attach.
	DriveCount uint64 `json:"drive_count"`
	// Number of failures in attaching a block device.
	DriveFails uint64 `json:"drive_fails"`
	// Number of PUTs for initializing the logging system.
	LoggerCount uint64 `json:"logger_count"`
	// Number of failures in initializing the logging system.
	LoggerFails uint64 `json:"logger_fails"`
	// Number of PUTs for configuring the machine.
	MachineCfgCount uint64 `json:"machine_cfg_count"`
	// Number of failures in configuring the machine.
	MachineCfgFails uint64 `json:"machine_cfg_fails"`
	// Number of PUTs for initializing the metrics system.
	MetricsCount uint64 `json:"metrics_count"`
	// Number of failures in initializing the metrics system.
	MetricsFails uint64 `json:"metrics_fails"`
	// Number of PUTs for creating a new network interface.
	NetworkCount uint64 `json:"network_count"`
	// Number of failures in creating a new network interface.
	NetworkFails uint64 `json:"network_fails"`
}

Metrics related to API PUT requests.

type QemuState 

type QemuState struct {
	UUID              string
	HotPlugVFIO       config.PCIePort
	Bridges           []types.Bridge
	HotpluggedVCPUs   []hv.CPUDevice
	HotpluggedMemory  int
	VirtiofsDaemonPid int
	HotplugVFIO       config.PCIePort
	ColdPlugVFIO      config.PCIePort
}

QemuState keeps Qemu's state

type RTCDeviceMetrics 

type RTCDeviceMetrics struct {
	// Errors triggered while using the RTC device.
	ErrorCount uint64 `json:"error_count"`
	// Number of superfluous read intents on this RTC device.
	MissedReadCount uint64 `json:"missed_read_count"`
	// Number of superfluous write intents on this RTC device.
	MissedWriteCount uint64 `json:"missed_write_count"`
}

Metrics related to the RTC device.

type RootFs 

type RootFs struct {
	// Source specifies the BlockDevice path
	Source string
	// Target specify where the rootfs is mounted if it has been mounted
	Target string
	// Type specifies the type of filesystem to mount.
	Type string
	// Options specifies zero or more fstab style mount options.
	Options []string
	// Mounted specifies whether the rootfs has be mounted or not
	Mounted bool
}

RootFs describes the container's rootfs.

type RootfsDriver 

type RootfsDriver string

RootfsDriver describes a rootfs driver.

type RootfsType 

type RootfsType string

RootfsType describes a rootfs type. 

const (
	// EXT4 is the ext4 filesystem.
	EXT4 RootfsType = "ext4"

	// XFS is the xfs filesystem.
	XFS RootfsType = "xfs"

	// EROFS is the erofs filesystem.
	EROFS RootfsType = "erofs"
)

type Sandbox 

type Sandbox struct {
	sync.Mutex
	// contains filtered or unexported fields
}

Sandbox is composed of a set of containers and a runtime environment. A Sandbox can be created, deleted, started, paused, stopped, listed, entered, and restored.

func (*Sandbox) AddDevice 

func (s *Sandbox) AddDevice(ctx context.Context, info config.DeviceInfo) (api.Device, error)

AddDevice will add a device to sandbox

func (*Sandbox) AddInterface 

func (s *Sandbox) AddInterface(ctx context.Context, inf *pbTypes.Interface) (*pbTypes.Interface, error)

AddInterface adds new nic to the sandbox.

func (*Sandbox) Annotations 

func (s *Sandbox) Annotations(key string) (string, error)

Annotations returns any annotation that a user could have stored through the sandbox.

func (*Sandbox) AppendDevice 

func (s *Sandbox) AppendDevice(ctx context.Context, device api.Device) error

AppendDevice can only handle vhost user device currently, it adds a vhost user device to sandbox Sandbox implement DeviceReceiver interface from device/api/interface.go

func (*Sandbox) CreateContainer 

func (s *Sandbox) CreateContainer(ctx context.Context, contConfig ContainerConfig) (VCContainer, error)

CreateContainer creates a new container in the sandbox This should be called only when the sandbox is already created. It will add new container config to sandbox.config.Containers

func (*Sandbox) Delete 

func (s *Sandbox) Delete(ctx context.Context) error

Delete deletes an already created sandbox. The VM in which the sandbox is running will be shut down.

func (*Sandbox) DeleteContainer 

func (s *Sandbox) DeleteContainer(ctx context.Context, containerID string) (VCContainer, error)

DeleteContainer deletes a container from the sandbox

func (*Sandbox) EnterContainer 

func (s *Sandbox) EnterContainer(ctx context.Context, containerID string, cmd types.Cmd) (VCContainer, *Process, error)

EnterContainer is the virtcontainers container command execution entry point. EnterContainer enters an already running container and runs a given command.

func (*Sandbox) GetAgentMetrics 

func (s *Sandbox) GetAgentMetrics(ctx context.Context) (string, error)

func (*Sandbox) GetAgentURL 

func (s *Sandbox) GetAgentURL() (string, error)

func (*Sandbox) GetAllContainers 

func (s *Sandbox) GetAllContainers() []VCContainer

GetAllContainers returns all containers.

func (*Sandbox) GetAndSetSandboxBlockIndex 

func (s *Sandbox) GetAndSetSandboxBlockIndex() (int, error)

GetAndSetSandboxBlockIndex is used for getting and setting virtio-block indexes Sandbox implement DeviceReceiver interface from device/api/interface.go

func (*Sandbox) GetAnnotations 

func (s *Sandbox) GetAnnotations() map[string]string

GetAnnotations returns sandbox's annotations

func (*Sandbox) GetContainer 

func (s *Sandbox) GetContainer(containerID string) VCContainer

GetContainer returns the container named by the containerID.

func (*Sandbox) GetHypervisorPid 

func (s *Sandbox) GetHypervisorPid() (int, error)

GetHypervisorPid returns the hypervisor's pid.

func (*Sandbox) GetHypervisorType 

func (s *Sandbox) GetHypervisorType() string

GetHypervisorType is used for getting Hypervisor name currently used. Sandbox implement DeviceReceiver interface from device/api/interface.go

func (*Sandbox) GetIPTables 

func (s *Sandbox) GetIPTables(ctx context.Context, isIPv6 bool) ([]byte, error)

GetIPTables will obtain the iptables from the guest

func (*Sandbox) GetNetNs 

func (s *Sandbox) GetNetNs() string

GetNetNs returns the network namespace of the current sandbox.

func (*Sandbox) GetOOMEvent 

func (s *Sandbox) GetOOMEvent(ctx context.Context) (string, error)

func (*Sandbox) GetPatchedOCISpec 

func (s *Sandbox) GetPatchedOCISpec() *specs.Spec

GetPatchedOCISpec returns sandbox's OCI specification This OCI specification was patched when the sandbox was created by containerCapabilities(), SetEphemeralStorageType() and others in order to support: * Capabilities * Ephemeral storage * k8s empty dir If you need the original (vanilla) OCI spec, use compatoci.GetContainerSpec() instead.

func (*Sandbox) GuestVolumeStats 

func (s *Sandbox) GuestVolumeStats(ctx context.Context, volumePath string) ([]byte, error)

GuestVolumeStats return the filesystem stat of a given volume in the guest.

func (*Sandbox) HotplugAddDevice 

func (s *Sandbox) HotplugAddDevice(ctx context.Context, device api.Device, devType config.DeviceType) error

HotplugAddDevice is used for add a device to sandbox Sandbox implement DeviceReceiver interface from device/api/interface.go

func (*Sandbox) HotplugRemoveDevice 

func (s *Sandbox) HotplugRemoveDevice(ctx context.Context, device api.Device, devType config.DeviceType) error

HotplugRemoveDevice is used for removing a device from sandbox Sandbox implement DeviceReceiver interface from device/api/interface.go

func (*Sandbox) ID 

func (s *Sandbox) ID() string

ID returns the sandbox identifier string.

func (*Sandbox) IOStream 

func (s *Sandbox) IOStream(containerID, processID string) (io.WriteCloser, io.Reader, io.Reader, error)

IOStream returns stdin writer, stdout reader and stderr reader of a process

func (*Sandbox) KillContainer 

func (s *Sandbox) KillContainer(ctx context.Context, containerID string, signal syscall.Signal, all bool) error

KillContainer signals a container in the sandbox

func (*Sandbox) ListInterfaces 

func (s *Sandbox) ListInterfaces(ctx context.Context) ([]*pbTypes.Interface, error)

ListInterfaces lists all nics and their configurations in the sandbox.

func (*Sandbox) ListRoutes 

func (s *Sandbox) ListRoutes(ctx context.Context) ([]*pbTypes.Route, error)

ListRoutes lists all routes and their configurations in the sandbox.

func (*Sandbox) Logger 

func (s *Sandbox) Logger() *logrus.Entry

Logger returns a logrus logger appropriate for logging Sandbox messages

func (*Sandbox) Monitor 

func (s *Sandbox) Monitor(ctx context.Context) (chan error, error)

Monitor returns a error channel for watcher to watch at

func (*Sandbox) PauseContainer 

func (s *Sandbox) PauseContainer(ctx context.Context, containerID string) error

PauseContainer pauses a running container.

func (*Sandbox) Release 

func (s *Sandbox) Release(ctx context.Context) error

Release closes the agent connection.

func (*Sandbox) RemoveInterface 

func (s *Sandbox) RemoveInterface(ctx context.Context, inf *pbTypes.Interface) (*pbTypes.Interface, error)

RemoveInterface removes a nic of the sandbox.

func (*Sandbox) ResizeGuestVolume 

func (s *Sandbox) ResizeGuestVolume(ctx context.Context, volumePath string, size uint64) error

ResizeGuestVolume resizes a volume in the guest.

func (*Sandbox) Restore 

func (s *Sandbox) Restore() error

Restore will restore sandbox data from persist file on disk

func (*Sandbox) ResumeContainer 

func (s *Sandbox) ResumeContainer(ctx context.Context, containerID string) error

ResumeContainer resumes a paused container.

func (*Sandbox) Save 

func (s *Sandbox) Save() error

func (*Sandbox) SetAnnotations 

func (s *Sandbox) SetAnnotations(annotations map[string]string) error

SetAnnotations sets or adds an annotations

func (*Sandbox) SetIPTables 

func (s *Sandbox) SetIPTables(ctx context.Context, isIPv6 bool, data []byte) error

SetIPTables will set the iptables in the guest

func (*Sandbox) SetPolicy 

func (s *Sandbox) SetPolicy(ctx context.Context, policy string) error

SetPolicy will set the policy in the guest

func (*Sandbox) SignalProcess 

func (s *Sandbox) SignalProcess(ctx context.Context, containerID, processID string, signal syscall.Signal, all bool) error

SignalProcess sends a signal to a process of a container when all is false. When all is true, it sends the signal to all processes of a container.

func (*Sandbox) Start 

func (s *Sandbox) Start(ctx context.Context) error

Start starts a sandbox. The containers that are making the sandbox will be started.

func (*Sandbox) StartContainer 

func (s *Sandbox) StartContainer(ctx context.Context, containerID string) (VCContainer, error)

StartContainer starts a container in the sandbox

func (*Sandbox) Stats 

func (s *Sandbox) Stats(ctx context.Context) (SandboxStats, error)

Stats returns the stats of a running sandbox

func (*Sandbox) StatsContainer 

func (s *Sandbox) StatsContainer(ctx context.Context, containerID string) (ContainerStats, error)

StatsContainer return the stats of a running container

func (*Sandbox) Status 

func (s *Sandbox) Status() SandboxStatus

Status gets the status of the sandbox

func (*Sandbox) StatusContainer 

func (s *Sandbox) StatusContainer(containerID string) (ContainerStatus, error)

StatusContainer gets the status of a container

func (*Sandbox) Stop 

func (s *Sandbox) Stop(ctx context.Context, force bool) error

Stop stops a sandbox. The containers that are making the sandbox will be destroyed. When force is true, ignore guest related stop failures.

func (*Sandbox) StopContainer 

func (s *Sandbox) StopContainer(ctx context.Context, containerID string, force bool) (VCContainer, error)

StopContainer stops a container in the sandbox

func (*Sandbox) UnsetSandboxBlockIndex 

func (s *Sandbox) UnsetSandboxBlockIndex(index int) error

UnsetSandboxBlockIndex unsets block indexes Sandbox implement DeviceReceiver interface from device/api/interface.go

func (*Sandbox) UpdateContainer 

func (s *Sandbox) UpdateContainer(ctx context.Context, containerID string, resources specs.LinuxResources) error

UpdateContainer update a running container.

func (*Sandbox) UpdateRoutes 

func (s *Sandbox) UpdateRoutes(ctx context.Context, routes []*pbTypes.Route) ([]*pbTypes.Route, error)

UpdateRoutes updates the sandbox route table (e.g. for portmapping support).

func (*Sandbox) UpdateRuntimeMetrics 

func (s *Sandbox) UpdateRuntimeMetrics() error

UpdateRuntimeMetrics update shim/hypervisor's metrics

func (*Sandbox) UpdateVirtiofsdMetrics 

func (s *Sandbox) UpdateVirtiofsdMetrics() error

func (*Sandbox) WaitProcess 

func (s *Sandbox) WaitProcess(ctx context.Context, containerID, processID string) (int32, error)

WaitProcess waits on a container process and return its exit code

func (*Sandbox) WinsizeProcess 

func (s *Sandbox) WinsizeProcess(ctx context.Context, containerID, processID string, height, width uint32) error

WinsizeProcess resizes the tty window of a process

type SandboxConfig 

type SandboxConfig struct {
	// Annotations keys must be unique strings and must be name-spaced
	Annotations map[string]string

	// Custom SELinux security policy to the container process inside the VM
	GuestSeLinuxLabel string

	HypervisorType HypervisorType

	ID string

	Hostname string

	// SandboxBindMounts - list of paths to mount into guest
	SandboxBindMounts []string

	// Experimental features enabled
	Experimental []exp.Feature

	// Containers describe the list of containers within a Sandbox.
	// This list can be empty and populated by adding containers
	// to the Sandbox a posteriori.
	// TODO: this should be a map to avoid duplicated containers
	Containers []ContainerConfig

	Volumes []types.Volume

	NetworkConfig NetworkConfig

	AgentConfig KataAgentConfig

	HypervisorConfig HypervisorConfig

	ShmSize uint64

	SandboxResources SandboxResourceSizing

	VfioMode config.VFIOModeType

	// StaticResourceMgmt indicates if the shim should rely on statically sizing the sandbox (VM)
	StaticResourceMgmt bool

	// SharePidNs sets all containers to share the same sandbox level pid namespace.
	SharePidNs bool
	// SystemdCgroup enables systemd cgroup support
	SystemdCgroup bool
	// SandboxCgroupOnly enables cgroup only at podlevel in the host
	SandboxCgroupOnly bool

	// DisableGuestSeccomp disable seccomp within the guest
	DisableGuestSeccomp bool

	// EnableVCPUsPinning controls whether each vCPU thread should be scheduled to a fixed CPU
	EnableVCPUsPinning bool

	// Create container timeout which, if provided, indicates the create container timeout
	// needed for the workload(s)
	CreateContainerTimeout uint64
}

SandboxConfig is a Sandbox configuration.

type SandboxResourceSizing 

type SandboxResourceSizing struct {
	// The number of CPUs required for the sandbox workload(s)
	WorkloadCPUs float32
	// The base number of CPUs for the VM that are assigned as overhead
	BaseCPUs float32
	// The amount of memory required for the sandbox workload(s)
	WorkloadMemMB uint32
	// The base amount of memory required for that VM that is assigned as overhead
	BaseMemMB uint32
}

type SandboxStats 

type SandboxStats struct {
	CgroupStats CgroupStats
	Cpus        int
}

SandboxStats describes a sandbox's stats

type SandboxStatus 

type SandboxStatus struct {
	Annotations      map[string]string
	ID               string
	Hypervisor       HypervisorType
	ContainersStatus []ContainerStatus
	State            types.SandboxState
	HypervisorConfig HypervisorConfig
}

SandboxStatus describes a sandbox status.

type SeccompMetrics 

type SeccompMetrics struct {
	// Number of errors inside the seccomp filtering.
	NumFaults uint64 `json:"num_faults"`
}

Metrics related to seccomp filtering.

type SerialDeviceMetrics 

type SerialDeviceMetrics struct {
	// Errors triggered while using the UART device.
	ErrorCount uint64 `json:"error_count"`
	// Number of flush operations.
	FlushCount uint64 `json:"flush_count"`
	// Number of read calls that did not trigger a read.
	MissedReadCount uint64 `json:"missed_read_count"`
	// Number of write calls that did not trigger a write.
	MissedWriteCount uint64 `json:"missed_write_count"`
	// Number of succeeded read calls.
	ReadCount uint64 `json:"read_count"`
	// Number of succeeded write calls.
	WriteCount uint64 `json:"write_count"`
}

Metrics related to the UART device.

type SharedFile 

type SharedFile struct {
	// contains filtered or unexported fields
}

SharedFile represents the outcome of a host filesystem sharing operation.

type SignalMetrics 

type SignalMetrics struct {
	// Number of times that SIGBUS was handled.
	Sigbus uint64 `json:"sigbus"`
	// Number of times that SIGSEGV was handled.
	Sigsegv uint64 `json:"sigsegv"`
}

Metrics related to signals.

type State 

type State struct {
	// contains filtered or unexported fields
}

State keeps StratoVirt device and pids state.

type StratovirtConfig 

type StratovirtConfig struct {
	// contains filtered or unexported fields
}

StratovirtConfig keeps the custom settings and parameters to start virtual machine.

type SystemMountsInfo 

type SystemMountsInfo struct {
	// Indicates if /dev has been passed as a bind mount for the host /dev
	BindMountDev bool

	// Size of /dev/shm assigned on the host.
	DevShmSize uint
}

SystemMountsInfo describes additional information for system mounts that the agent needs to handle

type TapEndpoint 

type TapEndpoint struct {
	TapInterface       TapInterface
	EndpointProperties NetworkInfo
	EndpointType       EndpointType
	PCIPath            vcTypes.PciPath
	RxRateLimiter      bool
	TxRateLimiter      bool
}

TapEndpoint represents just a tap endpoint

func (*TapEndpoint) Attach 

func (endpoint *TapEndpoint) Attach(ctx context.Context, s *Sandbox) error

Attach for tap endpoint adds the tap interface to the hypervisor.

func (*TapEndpoint) Detach 

func (endpoint *TapEndpoint) Detach(ctx context.Context, netNsCreated bool, netNsPath string) error

Detach for the tap endpoint tears down the tap

func (*TapEndpoint) GetRxRateLimiter 

func (endpoint *TapEndpoint) GetRxRateLimiter() bool

func (*TapEndpoint) GetTxRateLimiter 

func (endpoint *TapEndpoint) GetTxRateLimiter() bool

func (*TapEndpoint) HardwareAddr 

func (endpoint *TapEndpoint) HardwareAddr() string

HardwareAddr returns the mac address that is assigned to the tap interface

func (*TapEndpoint) HotAttach 

func (endpoint *TapEndpoint) HotAttach(ctx context.Context, h Hypervisor) error

HotAttach for the tap endpoint uses hot plug device

func (*TapEndpoint) HotDetach 

func (endpoint *TapEndpoint) HotDetach(ctx context.Context, h Hypervisor, netNsCreated bool, netNsPath string) error

HotDetach for the tap endpoint uses hot pull device

func (*TapEndpoint) Name 

func (endpoint *TapEndpoint) Name() string

Name returns name of the tap interface in the network pair.

func (*TapEndpoint) NetworkPair 

func (endpoint *TapEndpoint) NetworkPair() *NetworkInterfacePair

NetworkPair returns the network pair of the endpoint.

func (*TapEndpoint) PciPath 

func (endpoint *TapEndpoint) PciPath() vcTypes.PciPath

PciPath returns the PCI path of the endpoint.

func (*TapEndpoint) Properties 

func (endpoint *TapEndpoint) Properties() NetworkInfo

Properties returns the properties of the tap interface.

func (*TapEndpoint) SetPciPath 

func (endpoint *TapEndpoint) SetPciPath(pciPath vcTypes.PciPath)

SetPciPath sets the PCI path of the endpoint.

func (*TapEndpoint) SetProperties 

func (endpoint *TapEndpoint) SetProperties(properties NetworkInfo)

SetProperties sets the properties for the endpoint.

func (*TapEndpoint) SetRxRateLimiter 

func (endpoint *TapEndpoint) SetRxRateLimiter() error

func (*TapEndpoint) SetTxRateLimiter 

func (endpoint *TapEndpoint) SetTxRateLimiter() error

func (*TapEndpoint) Type 

func (endpoint *TapEndpoint) Type() EndpointType

Type identifies the endpoint as a tap endpoint.

type TapInterface 

type TapInterface struct {
	ID       string
	Name     string
	TAPIface NetworkInterface
	VMFds    []*os.File
	VhostFds []*os.File
}

TapInterface defines a tap interface

type ThrottlingData 

type ThrottlingData struct {
	// Number of periods with throttling active
	Periods uint64 `json:"periods,omitempty"`
	// Number of periods when the container hit its throttling limit.
	ThrottledPeriods uint64 `json:"throttled_periods,omitempty"`
	// Aggregate time the container was throttled for in nanoseconds.
	ThrottledTime uint64 `json:"throttled_time,omitempty"`
}

ThrottlingData gather the date related to container cpu throttling.

type TuntapEndpoint 

type TuntapEndpoint struct {
	EndpointType       EndpointType
	PCIPath            vcTypes.PciPath
	TuntapInterface    TuntapInterface
	EndpointProperties NetworkInfo
	NetPair            NetworkInterfacePair
	RxRateLimiter      bool
	TxRateLimiter      bool
}

TuntapEndpoint represents just a tap endpoint

func (*TuntapEndpoint) Attach 

func (endpoint *TuntapEndpoint) Attach(ctx context.Context, s *Sandbox) error

Attach for tun/tap endpoint adds the tap interface to the hypervisor.

func (*TuntapEndpoint) Detach 

func (endpoint *TuntapEndpoint) Detach(ctx context.Context, netNsCreated bool, netNsPath string) error

Detach for the tun/tap endpoint tears down the tap

func (*TuntapEndpoint) GetRxRateLimiter 

func (endpoint *TuntapEndpoint) GetRxRateLimiter() bool

func (*TuntapEndpoint) GetTxRateLimiter 

func (endpoint *TuntapEndpoint) GetTxRateLimiter() bool

func (*TuntapEndpoint) HardwareAddr 

func (endpoint *TuntapEndpoint) HardwareAddr() string

HardwareAddr returns the mac address that is assigned to the tun/tap interface

func (*TuntapEndpoint) HotAttach 

func (endpoint *TuntapEndpoint) HotAttach(ctx context.Context, h Hypervisor) error

HotAttach for the tun/tap endpoint uses hot plug device

func (*TuntapEndpoint) HotDetach 

func (endpoint *TuntapEndpoint) HotDetach(ctx context.Context, h Hypervisor, netNsCreated bool, netNsPath string) error

HotDetach for the tun/tap endpoint uses hot pull device

func (*TuntapEndpoint) Name 

func (endpoint *TuntapEndpoint) Name() string

Name returns name of the tap interface in the network pair.

func (*TuntapEndpoint) NetworkPair 

func (endpoint *TuntapEndpoint) NetworkPair() *NetworkInterfacePair

NetworkPair returns the network pair of the endpoint.

func (*TuntapEndpoint) PciPath 

func (endpoint *TuntapEndpoint) PciPath() vcTypes.PciPath

PciPath returns the PCI path of the endpoint.

func (*TuntapEndpoint) Properties 

func (endpoint *TuntapEndpoint) Properties() NetworkInfo

Properties returns the properties of the tun/tap interface.

func (*TuntapEndpoint) SetPciPath 

func (endpoint *TuntapEndpoint) SetPciPath(pciPath vcTypes.PciPath)

SetPciPath sets the PCI path of the endpoint.

func (*TuntapEndpoint) SetProperties 

func (endpoint *TuntapEndpoint) SetProperties(properties NetworkInfo)

SetProperties sets the properties for the endpoint.

func (*TuntapEndpoint) SetRxRateLimiter 

func (endpoint *TuntapEndpoint) SetRxRateLimiter() error

func (*TuntapEndpoint) SetTxRateLimiter 

func (endpoint *TuntapEndpoint) SetTxRateLimiter() error

func (*TuntapEndpoint) Type 

func (endpoint *TuntapEndpoint) Type() EndpointType

Type identifies the endpoint as a tun/tap endpoint.

type TuntapInterface 

type TuntapInterface struct {
	Name     string
	TAPIface NetworkInterface
}

TuntapInterface defines a tap interface

type VC 

type VC interface {
	SetLogger(ctx context.Context, logger *logrus.Entry)
	SetFactory(ctx context.Context, factory Factory)

	CreateSandbox(ctx context.Context, sandboxConfig SandboxConfig, hookFunc func(context.Context) error) (VCSandbox, error)
	CleanupContainer(ctx context.Context, sandboxID, containerID string, force bool) error
}

VC is the Virtcontainers interface

type VCContainer 

type VCContainer interface {
	GetAnnotations() map[string]string
	GetPid() int
	GetToken() string
	ID() string
	Sandbox() VCSandbox
	Process() Process
}

VCContainer is the Container interface (required since virtcontainers.Container only contains private fields)

type VCImpl 

type VCImpl struct {
	// contains filtered or unexported fields
}

VCImpl is the official virtcontainers function of the same name.

func (*VCImpl) CleanupContainer 

func (impl *VCImpl) CleanupContainer(ctx context.Context, sandboxID, containerID string, force bool) error

CleanupContainer is used by shimv2 to stop and delete a container exclusively, once there is no container in the sandbox left, do stop the sandbox and delete it. Those serial operations will be done exclusively by locking the sandbox.

func (*VCImpl) CreateSandbox 

func (impl *VCImpl) CreateSandbox(ctx context.Context, sandboxConfig SandboxConfig, hookFunc func(context.Context) error) (VCSandbox, error)

CreateSandbox implements the VC function of the same name.

func (*VCImpl) SetFactory 

func (impl *VCImpl) SetFactory(ctx context.Context, factory Factory)

SetFactory implements the VC function of the same name.

func (*VCImpl) SetLogger 

func (impl *VCImpl) SetLogger(ctx context.Context, logger *logrus.Entry)

SetLogger implements the VC function of the same name.

type VCSandbox 

type VCSandbox interface {
	Annotations(key string) (string, error)
	GetNetNs() string
	GetAllContainers() []VCContainer
	GetAnnotations() map[string]string
	GetContainer(containerID string) VCContainer
	ID() string
	SetAnnotations(annotations map[string]string) error

	Stats(ctx context.Context) (SandboxStats, error)

	Start(ctx context.Context) error
	Stop(ctx context.Context, force bool) error
	Release(ctx context.Context) error
	Monitor(ctx context.Context) (chan error, error)
	Delete(ctx context.Context) error
	Status() SandboxStatus
	CreateContainer(ctx context.Context, contConfig ContainerConfig) (VCContainer, error)
	DeleteContainer(ctx context.Context, containerID string) (VCContainer, error)
	StartContainer(ctx context.Context, containerID string) (VCContainer, error)
	StopContainer(ctx context.Context, containerID string, force bool) (VCContainer, error)
	KillContainer(ctx context.Context, containerID string, signal syscall.Signal, all bool) error
	StatusContainer(containerID string) (ContainerStatus, error)
	StatsContainer(ctx context.Context, containerID string) (ContainerStats, error)
	PauseContainer(ctx context.Context, containerID string) error
	ResumeContainer(ctx context.Context, containerID string) error
	EnterContainer(ctx context.Context, containerID string, cmd types.Cmd) (VCContainer, *Process, error)
	UpdateContainer(ctx context.Context, containerID string, resources specs.LinuxResources) error
	WaitProcess(ctx context.Context, containerID, processID string) (int32, error)
	SignalProcess(ctx context.Context, containerID, processID string, signal syscall.Signal, all bool) error
	WinsizeProcess(ctx context.Context, containerID, processID string, height, width uint32) error
	IOStream(containerID, processID string) (io.WriteCloser, io.Reader, io.Reader, error)

	AddDevice(ctx context.Context, info config.DeviceInfo) (api.Device, error)

	AddInterface(ctx context.Context, inf *pbTypes.Interface) (*pbTypes.Interface, error)
	RemoveInterface(ctx context.Context, inf *pbTypes.Interface) (*pbTypes.Interface, error)
	ListInterfaces(ctx context.Context) ([]*pbTypes.Interface, error)
	UpdateRoutes(ctx context.Context, routes []*pbTypes.Route) ([]*pbTypes.Route, error)
	ListRoutes(ctx context.Context) ([]*pbTypes.Route, error)

	GetOOMEvent(ctx context.Context) (string, error)
	GetHypervisorPid() (int, error)

	UpdateRuntimeMetrics() error
	GetAgentMetrics(ctx context.Context) (string, error)
	GetAgentURL() (string, error)

	GuestVolumeStats(ctx context.Context, volumePath string) ([]byte, error)
	ResizeGuestVolume(ctx context.Context, volumePath string, size uint64) error

	GetIPTables(ctx context.Context, isIPv6 bool) ([]byte, error)
	SetIPTables(ctx context.Context, isIPv6 bool, data []byte) error
	SetPolicy(ctx context.Context, policy string) error
}

VCSandbox is the Sandbox interface (required since virtcontainers.Sandbox only contains private fields)

func CreateSandbox 

func CreateSandbox(ctx context.Context, sandboxConfig SandboxConfig, factory Factory, prestartHookFunc func(context.Context) error) (VCSandbox, error)

CreateSandbox is the virtcontainers sandbox creation entry point. CreateSandbox creates a sandbox and its containers. It does not start them.

type VM 

type VM struct {
	// contains filtered or unexported fields
}

VM is abstraction of a virtual machine.

func NewVM 

func NewVM(ctx context.Context, config VMConfig) (*VM, error)

NewVM creates a new VM based on provided VMConfig.

func NewVMFromGrpc 

func NewVMFromGrpc(ctx context.Context, v *pb.GrpcVM, config VMConfig) (*VM, error)

NewVMFromGrpc creates a new VM based on provided pb.GrpcVM and VMConfig.

func (*VM) AddCPUs 

func (v *VM) AddCPUs(ctx context.Context, num uint32) error

AddCPUs adds num of CPUs to the VM.

func (*VM) AddMemory 

func (v *VM) AddMemory(ctx context.Context, numMB uint32) error

AddMemory adds numMB of memory to the VM.

func (*VM) Disconnect 

func (v *VM) Disconnect(ctx context.Context) error

Disconnect agent connections to a VM

func (*VM) GetVMStatus 

func (v *VM) GetVMStatus() *pb.GrpcVMStatus

func (*VM) OnlineCPUMemory 

func (v *VM) OnlineCPUMemory(ctx context.Context) error

OnlineCPUMemory puts the hotplugged CPU and memory online.

func (*VM) Pause 

func (v *VM) Pause(ctx context.Context) error

Pause pauses a VM.

func (*VM) ReseedRNG 

func (v *VM) ReseedRNG(ctx context.Context) error

ReseedRNG adds random entropy to guest random number generator and reseeds it.

func (*VM) Resume 

func (v *VM) Resume(ctx context.Context) error

Resume resumes a paused VM.

func (*VM) Save 

func (v *VM) Save() error

Save saves a VM to persistent disk.

func (*VM) Start 

func (v *VM) Start(ctx context.Context) error

Start kicks off a configured VM.

func (*VM) Stop 

func (v *VM) Stop(ctx context.Context) error

Stop stops a VM process.

func (*VM) SyncTime 

func (v *VM) SyncTime(ctx context.Context) error

SyncTime syncs guest time with host time.

func (*VM) ToGrpc 

func (v *VM) ToGrpc(ctx context.Context, config VMConfig) (*pb.GrpcVM, error)

ToGrpc convert VM struct to Grpc format pb.GrpcVM.

type VMConfig 

type VMConfig struct {
	HypervisorType   HypervisorType
	AgentConfig      KataAgentConfig
	HypervisorConfig HypervisorConfig
}

VMConfig is a collection of all info that a new blackbox VM needs.

func GrpcToVMConfig 

func GrpcToVMConfig(j *pb.GrpcVMConfig) (*VMConfig, error)

GrpcToVMConfig convert grpc format pb.GrpcVMConfig to VMConfig struct.

func (*VMConfig) ToGrpc 

func (c *VMConfig) ToGrpc() (*pb.GrpcVMConfig, error)

ToGrpc convert VMConfig struct to grpc format pb.GrpcVMConfig.

func (*VMConfig) Valid 

func (c *VMConfig) Valid() error

type VSOCKDevice 

type VSOCKDevice struct {
	//Guest CID assigned by Host.
	ContextID uint64
}

VSOCKDevice represents a AF_VSOCK socket.

func (VSOCKDevice) AcrnParams 

func (vsock VSOCKDevice) AcrnParams(slot int, config *Config) []string

AcrnParams returns the acrn parameters built out of this vsock device.

func (VSOCKDevice) Valid 

func (vsock VSOCKDevice) Valid() bool

Valid returns true if the VSOCKDevice structure is valid and complete.

type VcpuMetrics 

type VcpuMetrics struct {
	// Number of KVM exits for handling input IO.
	ExitIoIn uint64 `json:"exit_io_in"`
	// Number of KVM exits for handling output IO.
	ExitIoOut uint64 `json:"exit_io_out"`
	// Number of KVM exits for handling MMIO reads.
	ExitMmioRead uint64 `json:"exit_mmio_read"`
	// Number of KVM exits for handling MMIO writes.
	ExitMmioWrite uint64 `json:"exit_mmio_write"`
	// Number of errors during this VCPU's run.
	Failures uint64 `json:"failures"`
	// Failures in configuring the CPUID.
	FilterCPUid uint64 `json:"filter_cpuid"`
}

Metrics related to a vcpu's functioning.

type VcpuThreadIDs 

type VcpuThreadIDs struct {
	// contains filtered or unexported fields
}

vcpu mapping from vcpu number to thread number

type VethEndpoint 

type VethEndpoint struct {
	EndpointType       EndpointType
	PCIPath            vcTypes.PciPath
	EndpointProperties NetworkInfo
	NetPair            NetworkInterfacePair
	RxRateLimiter      bool
	TxRateLimiter      bool
}

VethEndpoint gathers a network pair and its properties.

func (*VethEndpoint) Attach 

func (endpoint *VethEndpoint) Attach(ctx context.Context, s *Sandbox) error

Attach for veth endpoint bridges the network pair and adds the tap interface of the network pair to the hypervisor.

func (*VethEndpoint) Detach 

func (endpoint *VethEndpoint) Detach(ctx context.Context, netNsCreated bool, netNsPath string) error

Detach for the veth endpoint tears down the tap and bridge created for the veth interface.

func (*VethEndpoint) GetRxRateLimiter 

func (endpoint *VethEndpoint) GetRxRateLimiter() bool

func (*VethEndpoint) GetTxRateLimiter 

func (endpoint *VethEndpoint) GetTxRateLimiter() bool

func (*VethEndpoint) HardwareAddr 

func (endpoint *VethEndpoint) HardwareAddr() string

HardwareAddr returns the mac address that is assigned to the tap interface in th network pair.

func (*VethEndpoint) HotAttach 

func (endpoint *VethEndpoint) HotAttach(ctx context.Context, h Hypervisor) error

HotAttach for the veth endpoint uses hot plug device

func (*VethEndpoint) HotDetach 

func (endpoint *VethEndpoint) HotDetach(ctx context.Context, h Hypervisor, netNsCreated bool, netNsPath string) error

HotDetach for the veth endpoint uses hot pull device

func (*VethEndpoint) Name 

func (endpoint *VethEndpoint) Name() string

Name returns name of the veth interface in the network pair.

func (*VethEndpoint) NetworkPair 

func (endpoint *VethEndpoint) NetworkPair() *NetworkInterfacePair

NetworkPair returns the network pair of the endpoint.

func (*VethEndpoint) PciPath 

func (endpoint *VethEndpoint) PciPath() vcTypes.PciPath

PciPath returns the PCI path of the endpoint.

func (*VethEndpoint) Properties 

func (endpoint *VethEndpoint) Properties() NetworkInfo

Properties returns properties for the veth interface in the network pair.

func (*VethEndpoint) SetPciPath 

func (endpoint *VethEndpoint) SetPciPath(pciPath vcTypes.PciPath)

SetPciPath sets the PCI path of the endpoint.

func (*VethEndpoint) SetProperties 

func (endpoint *VethEndpoint) SetProperties(properties NetworkInfo)

SetProperties sets the properties for the endpoint.

func (*VethEndpoint) SetRxRateLimiter 

func (endpoint *VethEndpoint) SetRxRateLimiter() error

func (*VethEndpoint) SetTxRateLimiter 

func (endpoint *VethEndpoint) SetTxRateLimiter() error

func (*VethEndpoint) Type 

func (endpoint *VethEndpoint) Type() EndpointType

Type identifies the endpoint as a veth endpoint.

type VhostUserEndpoint 

type VhostUserEndpoint struct {
	// Path to the vhost-user socket on the host system
	SocketPath string
	// MAC address of the interface
	HardAddr           string
	IfaceName          string
	EndpointProperties NetworkInfo
	EndpointType       EndpointType
	PCIPath            vcTypes.PciPath
}

VhostUserEndpoint represents a vhost-user socket based network interface

func (*VhostUserEndpoint) Attach 

func (endpoint *VhostUserEndpoint) Attach(ctx context.Context, s *Sandbox) error

Attach for vhostuser endpoint

func (*VhostUserEndpoint) Detach 

func (endpoint *VhostUserEndpoint) Detach(ctx context.Context, netNsCreated bool, netNsPath string) error

Detach for vhostuser endpoint

func (*VhostUserEndpoint) GetRxRateLimiter 

func (endpoint *VhostUserEndpoint) GetRxRateLimiter() bool

unsupported

func (*VhostUserEndpoint) GetTxRateLimiter 

func (endpoint *VhostUserEndpoint) GetTxRateLimiter() bool

unsupported

func (*VhostUserEndpoint) HardwareAddr 

func (endpoint *VhostUserEndpoint) HardwareAddr() string

HardwareAddr returns the mac address of the vhostuser network interface

func (*VhostUserEndpoint) HotAttach 

func (endpoint *VhostUserEndpoint) HotAttach(ctx context.Context, h Hypervisor) error

HotAttach for vhostuser endpoint not supported yet

func (*VhostUserEndpoint) HotDetach 

func (endpoint *VhostUserEndpoint) HotDetach(ctx context.Context, h Hypervisor, netNsCreated bool, netNsPath string) error

HotDetach for vhostuser endpoint not supported yet

func (*VhostUserEndpoint) Name 

func (endpoint *VhostUserEndpoint) Name() string

Name returns name of the interface.

func (*VhostUserEndpoint) NetworkPair 

func (endpoint *VhostUserEndpoint) NetworkPair() *NetworkInterfacePair

NetworkPair returns the network pair of the endpoint.

func (*VhostUserEndpoint) PciPath 

func (endpoint *VhostUserEndpoint) PciPath() vcTypes.PciPath

PciPath returns the PCI path of the endpoint.

func (*VhostUserEndpoint) Properties 

func (endpoint *VhostUserEndpoint) Properties() NetworkInfo

Properties returns the properties of the interface.

func (*VhostUserEndpoint) SetPciPath 

func (endpoint *VhostUserEndpoint) SetPciPath(pciPath vcTypes.PciPath)

SetPciPath sets the PCI path of the endpoint.

func (*VhostUserEndpoint) SetProperties 

func (endpoint *VhostUserEndpoint) SetProperties(properties NetworkInfo)

SetProperties sets the properties of the endpoint.

func (*VhostUserEndpoint) SetRxRateLimiter 

func (endpoint *VhostUserEndpoint) SetRxRateLimiter() error

func (*VhostUserEndpoint) SetTxRateLimiter 

func (endpoint *VhostUserEndpoint) SetTxRateLimiter() error

func (*VhostUserEndpoint) Type 

func (endpoint *VhostUserEndpoint) Type() EndpointType

Type indentifies the endpoint as a vhostuser endpoint.

type VirtioDev 

type VirtioDev interface {
	// contains filtered or unexported methods
}

VirtioDev is the StratoVirt device interface.

type VirtioDriver 

type VirtioDriver string

type VirtiofsDaemon 

type VirtiofsDaemon interface {
	// Start virtiofs daemon, return pid of virtiofs daemon process
	Start(context.Context, onQuitFunc) (pid int, err error)
	// Stop virtiofs daemon process
	Stop(context.Context) error
	// Add a submount rafs to the virtiofs mountpoint
	Mount(opt MountOption) error
	// Umount a submount rafs from the virtiofs mountpoint
	Umount(mountpoint string) error
}

type VmmMetrics 

type VmmMetrics struct {
	// Number of device related events received for a VM.
	DeviceEvents uint64 `json:"device_events"`
	// Metric for signaling a panic has occurred.
	PanicCount uint64 `json:"panic_count"`
}

Metrics related to the virtual machine manager.

type VsockDeviceMetrics 

type VsockDeviceMetrics struct {
	// Number of times when activate failed on a vsock device.
	ActivateFails uint64 `json:"activate_fails"`
	// Number of times when interacting with the space config of a vsock device failed.
	CfgFails uint64 `json:"cfg_fails"`
	// Number of times when handling RX queue events on a vsock device failed.
	RxQueueEventFails uint64 `json:"rx_queue_event_fails"`
	// Number of times when handling TX queue events on a vsock device failed.
	TxQueueEventFails uint64 `json:"tx_queue_event_fails"`
	// Number of times when handling event queue events on a vsock device failed.
	EvQueueEventFails uint64 `json:"ev_queue_event_fails"`
	// Number of times when handling muxer events on a vsock device failed.
	MuxerEventFails uint64 `json:"muxer_event_fails"`
	// Number of times when handling connection events on a vsock device failed.
	ConnEventFails uint64 `json:"conn_event_fails"`
	// Number of events associated with the receiving queue.
	RxQueueEventCount uint64 `json:"rx_queue_event_count"`
	// Number of events associated with the transmitting queue.
	TxQueueEventCount uint64 `json:"tx_queue_event_count"`
	// Number of bytes received.
	RxBytesCount uint64 `json:"rx_bytes_count"`
	// Number of transmitted bytes.
	TxBytesCount uint64 `json:"tx_bytes_count"`
	// Number of packets received.
	RxPacketsCount uint64 `json:"rx_packets_count"`
	// Number of transmitted packets.
	TxPacketsCount uint64 `json:"tx_packets_count"`
	// Number of added connections.
	ConnsAdded uint64 `json:"conns_added"`
	// Number of killed connections.
	ConnsKilled uint64 `json:"conns_killed"`
	// Number of removed connections.
	ConnsRemoved uint64 `json:"conns_removed"`
	// How many times the killq has been resynced.
	KillqResync uint64 `json:"killq_resync"`
	// How many flush fails have been seen.
	TxFlushFails uint64 `json:"tx_flush_fails"`
	// How many write fails have been seen.
	TxWriteFails uint64 `json:"tx_write_fails"`
	// Number of times read() has failed.
	RxReadFails uint64 `json:"rx_read_fails"`
}

Metrics related to virtio-vsockets.

Source Files

View all Source files

Directories

Path Synopsis
base
cache
direct
grpccache
template
api
fs
pkg
agent/protocols
agent/protocols/client
agent/protocols/grpc
Code generated by protoc-gen-go-ttrpc.
 Code generated by protoc-gen-go-ttrpc.
annotations
annotations/dockershim
cloud-hypervisor/client
compatoci
cpuset
firecracker/client
firecracker/client/models
firecracker/client/operations
mock
rootless
vcmock
retry
copy from https://github.com/containerd/nydus-snapshotter/blob/38b23bcd0658f2bd9d99083d320b727bf73129b7/pkg/utils/retry/retry.go
 copy from https://github.com/containerd/nydus-snapshotter/blob/38b23bcd0658f2bd9d99083d320b727bf73129b7/pkg/utils/retry/retry.go

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.