| Age | Commit message (Collapse) | Author |
|---|
|
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
If the required modules aren't in the image, k3s will fail to start.
Set the requirements as RRECOMMENDS for image types that don't install
the kernel-modules meta-package.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
We build and depend on our own containerd, we don't need the ctr
symlink to k3s for proper operation.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
To more closely align with the rancher/upstream build, we add
additional tags to the build. To make them easier to manage, we
also introduce a variable and use it in the go build line.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
k3s requires seccomp, and a runc with seccomp enabled for proper
operation. runc has a distro feature check to enable seccomp, so
if we enforce it as k3s feature, we'll also get a properly built
runc and we'll work out of the box.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Fixing up the PV to use SRCPV for tracking future version bumps, if
the tree is dirty or not, git will tell us.
We also add some additional kernel module rrecommends, so that the
tools called by k3s can find the support they need (mainly iptools)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
To make it easier to build container host or k*s host images (as
well as guests), we start to add some packagegroups that wrap the
required elements.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Clarify some limitations / tweaks to get up and running in a
qemu virtual machine.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Many of the CNI plugins require authenticated connections, as such
they are looking for elements of ca-certificates.
CNI isn't small, so we add this as a general rdepends. If we need to
slim things down in the future, we can split the CNI into specific
implementations and add the dependency to those packages.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
The docker split/requirement on their forked version of runc is
not relevant any more. While we keep the docker-runc around, we
should prefer the opencontainers variant, since that is where
development happens.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
containerd is rarely used without runc, so we add the runtime dependency
to make installation and image construction easier.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
We already have docker and some other fragments that are relevant to
k3s/k8s, but the addition of ipset as a depends for k3s highlights
that we should have a reference configuration that sets all the options
for proper opration and runtime dependencies.
When k8s or k3s are distro features, we'll apply the new fragment to
any kernel that supports fragments (and matches the supported
versions).
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Grab any remaning binaries into the main k3s package. Both k3s-agent
and k3s-server rdepend on it, so we'll be sure to get them intalled
in both scenarios.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
containerd itself provides 'ctr', and it is in our rdepends. So on
target, we have a conflict for the provider of the ctr binary.
Dropping the ctr link from k3s, since having the actual containerd
package provide its binary .. makes sense.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
See recipes-containers/k3s/README.md for basic usage and testing
instructions.
Signed-off-by: Joakim Roubert <joakimr@axis.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
The URI has been changed to 'https://linuxcontainers.org/downloads/lxc'
by the site maintainers recently. Updating the recipe to reflect the new
path.
Signed-off-by: Robi Buranyi <rburanyi@google.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
- OVSDB:
* Changed format in which ovsdb transactions are stored in database files.
Now each transaction contains diff of data instead of the whole new
value of a column.
New ovsdb-server process will be able to read old database format, but
old processes will *fail* to read database created by the new one.
For cluster and active-backup service models follow upgrade instructions
in 'Upgrading from version 2.14 and earlier to 2.15 and later' section
of ovsdb(7).
* New unixctl command 'ovsdb-server/get-db-storage-status' to show the
status of the storage that's backing a database.
* New unixctl command 'ovsdb-server/memory-trim-on-compaction on|off'.
If turned on, ovsdb-server will try to reclaim all the unused memory
after every DB compaction back to OS. Disabled by default.
* Maximum backlog on RAFT connections limited to 500 messages or 4GB.
Once threshold reached, connection is dropped (and re-established).
Use the 'cluster/set-backlog-threshold' command to change limits.
- DPDK:
* Removed support for vhost-user dequeue zero-copy.
* Add support for DPDK 20.11.
- Userspace datapath:
* Add the 'pmd' option to "ovs-appctl dpctl/dump-flows", which
restricts a flow dump to a single PMD thread if set.
* New 'options:dpdk-vf-mac' field for DPDK interface of VF ports,
that allows configuring the MAC address of a VF representor.
* Add generic IP protocol support to conntrack. With this change, all
none UDP, TCP, and ICMP traffic will be treated as general L3
traffic, i.e. using 3 tupples.
* Add parameters 'pmd-auto-lb-load-threshold' and
'pmd-auto-lb-improvement-threshold' to configure PMD auto load balance
behaviour.
- The environment variable OVS_UNBOUND_CONF, if set, is now used
as the DNS resolver's (unbound) configuration file.
- Linux datapath:
* Support for kernel versions up to 5.8.x.
- Terminology:
* The terms "master" and "slave" have been replaced by "primary" and
"secondary", respectively, for OpenFlow connection roles.
* The term "slave" has been replaced by "member", for bonds, LACP, and
OpenFlow bundle actions.
- Support for GitHub Actions based continuous integration builds has been
added.
- Bareudp Tunnel
* Bareudp device support is present in linux kernel from version 5.7
* Kernel bareudp device is not backported to ovs tree.
* Userspace datapath support is not added
- ovs-dpctl and 'ovs-appctl dpctl/':
* New commands '{add,mod,del}-flows' where added, which allow adding,
deleting, or modifying flows based on information read from a file.
- IPsec:
* Add option '--no-cleanup' to allow ovs-monitor-ipsec to stop without
tearing down IPsec tunnels.
* Add option '--no-restart-ike-daemon' to allow ovs-monitor-ipsec to start
without restarting ipsec daemon.
- Building the Linux kernel module from the OVS source tree is deprecated
* Support for the Linux kernel is capped at version 5.8
* Only bug fixes for the Linux OOT kernel module will be accepted.
* The Linux kernel module will be fully removed from the OVS source tree
in OVS branch 2.18
fix some do_patch error about local patch.
Signed-off-by: Zqiang <qiang.zhang@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Miscellaneous bug fix release, consisting of:
Strlen checking for IRQBALANCE_BANNED_CPU env var
Typo cleanup in SOCKET_TMPFS
consolidation of numa node creation on non-numa systems
fix uninitialized use of package_mask in affinity setup
use num_online_cpus instead of core_count
fix a null ptr crash in do_one_cpu
make list searching common from glib
fix a calloc parameter bug
remove some unused variables
use g_list_free_full
remove redundant call to free_cl_opts
fix some resource leaks in main()
fix some use after free issues in check_for_irq_ban
fix resource leaks in irqballance-ui, and in add_one_node
Signed-off-by: Yanfei Xu <yanfei.xu@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Upgrade version of seabios to the latest one.
This is solving compilation errors happening with newer version of gcc
introduced in poky which in the following error after some warnings:
"x86_64-poky-linux-ld: cannot use executable file 'out/rom16.strip.o' as
input to a link"
Signed-off-by: Bertrand Marquis <bertrand.marquis@arm.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
fix following error during do_rootfs:
nothing provides php needed by nagios-core-4.4.6-r0.corei7_64
(try to add '--skip-broken' to skip uninstallable packages)
Since commit c4ffcaa2 [php: split out phpdbg into a separate package],
package php is empty.
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
CVE entries are using version 2.xx.xx, our PV is 2.13+xxx, this causes
problem for CVE detection. So we need to set a CVE_VERSION for better
CVE scanning.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Bump SRCREV version of xen recipes to use the latest 4.14 release
(4.14.1) and the current status of master.
This allows to remove some patches related to gcc 10 support which have
now been merged in Xen.
Xen-tools is modified to include the latest tools installed with Xen:
- a rename of the bash-completion,
- a new xl example,
- xen-access,
- xen-memshare (only available on x86).
A new patch to fix python and pygrub is added as the makefiles have been
deeply modified in 4.15 which require a new patch (but doing the same).
Signed-off-by: Bertrand Marquis <bertrand.marquis@arm.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
With the latest go version bump in oe-core export GO111MODULE is
on by default. Our build is not setup to use go modules, so we
disable it and avoid configuration errors:
no required module provides package ... : working directory is not part of a module
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
With the latest go version bump in oe-core export GO111MODULE is
on by default. Our build is not setup to use go modules, so we
disable it and avoid configuration errors:
no required module provides package ... : working directory is not part of a module
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
With the latest go version bump in oe-core export GO111MODULE is
on by default. Our build is not setup to use go modules, so we
disable it and avoid configuration errors:
no required module provides package ... : working directory is not part of a module
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
With the latest go version bump in oe-core export GO111MODULE is
on by default. Our build is not setup to use go modules, so we
disable it and avoid configuration errors:
no required module provides package ... : working directory is not part of a module
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
With the latest go version bump in oe-core export GO111MODULE is
on by default. Our build is not setup to use go modules, so we
disable it and avoid configuration errors:
no required module provides package ... : working directory is not part of a module
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
With the latest go version bump in oe-core export GO111MODULE is
on by default. Our build is not setup to use go modules, so we
disable it and avoid configuration errors:
no required module provides package ... : working directory is not part of a module
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
With the latest go version bump in oe-core export GO111MODULE is
on by default. Our build is not setup to use go modules, so we
disable it and avoid configuration errors:
no required module provides package ... : working directory is not part of a module
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
With the latest go version bump in oe-core export GO111MODULE is
on by default. Our build is not setup to use go modules, so we
disable it and avoid configuration errors:
no required module provides package ... : working directory is not part of a module
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
With the latest go version bump in oe-core export GO111MODULE is
on by default. Our build is not setup to use go modules, so we
disable it and avoid configuration errors:
no required module provides package ... : working directory is not part of a module
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
OE core has updated busybox, so we bump to match.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
We no longer need to support both the docker and opencontainer
variants, so we can just grab the service file from the source tree.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Bumping to the release, which pulls in the
808420e release: distribute CHECKSUMS file
c2b0064 build-aux: provide arm build without systemd
7cc03f7 .gitignore: update file
f5274bd NEWS: tag 0.18
94e8364 src: add missing definitions
baed691 libocispec: sync from upstream
8d0ebf6 Add arm64 static binary build
b66d5d9 tests: fix make check in a user namespace
e10205e linux: remove temporary mount logic
7819f4c linux: use targetfd for move_mount
891cd3c linux: use safe_openat for masked/readonly paths
6c5577f linux: use new function
9aa264d utils: add function to safely create and open
436daef src: add function to cleanup container struct
c955ece src: pull function out
7bd51a0 build: check for linux/openat2.h
dcb1914 utils: add function to remove initial slashes
a1c958c utils: memoize check result
25c6f07 container: rename function to get_root_in_the_userns
f08bd31 src: fix leak of the descriptors buffer
df88061 tests: disable more Podman flaky tests
052bab7 utils: set HOME to root if the user not found
efe35f1 linux: ignore ENOSYS on keyctl
1b65163 tests: enable asan sanitizer
a0f322a tests: build init always statically
a656698 configure.ac: allow to disable dl support
6adb26b tests: disable hooks_stdin for oci-validation
06199c7 tests: update to podman 3.0
bc888b9 tests: disable podman pull test
f1373f9 tests: install crun under /usr/bin
257f442 Fix permission error when using both user namespaces & NOTIFY_SOCKET
617a212 cgroup: skip +cpu on EINVAL in cgroup root
b6ac8de linux: use safe_openat for tmpcopyup
2d1f910 utils: avoid reopening the root during lookup
3ce74e8 utils: fix symlink lookup
cbb67ae container: set working directory for libkrun
df01709 seccomp: custom annotation to load raw bpf
b229dca linux: refactor allocate_tmp_mounts
68bb50f linux: disable temporary mounts with [r]slave
d6ae36b libocispec: update from upstream
487e792 github: enable clang-format checks
61d6844 src: run make clang-format
1d559d0 clang-format: change ColumnLimit to 0
643d05b linux: disable temporary mounts with [r]shared
de6082f cgroup: fix conversion from blkio to io
1db8312 Update nix pin with `make nixpkgs`
540444c Makefile.am: crun depends on libocispec.la
1df96e5 linux: fix build without CLONE_NEWCGROUP
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
We are not building containerd-docker anymore, so the containerd
service file should not be changing it in as the binary. It is
confusing when you see 'containerd-docker' in the process list,
when you've built and installed containerd-opencontainers.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Based on the original recipe from Tim Orling, we introduce a recipe
for critools so we can interact diretly with cri based runtimes.
We do the normal go manipulations to get this cross building,
with the following specific tweak/patch:
The build system already knows whether or not we want to use CGO,
so we remove the hardcoded variant so our exported environment
variable will control the enablement.
Since our oe-core go infrastructure insists on both -pie and static
builds (for the most part), and that is not recommended by many
packages, we end up with errors like:
1.20.0+gitec9e336fd8c21c4bab89a6aed2c4a138c8cfae75/src/import/_output/crictl \
-ldflags '-X github.com/kubernetes-sigs/cri-tools/pkg/version.Version=1.20.0' \
-tags '' \
github.com/kubernetes-sigs/cri-tools/cmd/crictl
# github.com/kubernetes-sigs/cri-tools/cmd/crictl
cannot find package runtime/cgo (using -importcfg)
/work/cortexa72-poky-linux/cri-tools/1.20.0+gitec9e336fd8c21c4bab89a6aed2c4a138c8cfae75-r0/recipe-sysroot-native/usr/lib/aarch64-poky-linux/go/pkg/tool/linux_amd64/link:
cannot open file : open : no such file or directory
In a similar manner to:
https://www.yoctoproject.org/pipermail/meta-virtualization/2019-March/004084.html
We introduce '-a -pkgdir dontusecurrentpkgs' to mask/fix the problem,
and continue to work towards non-static builds.
% root@qemux86-64:~# crictl --version
crictl version 1.20.0-dirty
Signed-off-by: Tim Orling <ticotimo@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
0e3bf6dad9f kubeadm: drop explicit constant override in version test
1619e810d1c kubeadm: get k8s CI version markers from k8s infra bucket
42a3b9e85ef fix kube-scheduler cannot send event because the Note field is too large
afb0de9647c Fix nil pointer dereference in disruption controller
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Updating to the latest colorama. We also tweak the license
text to match the latest upstream content.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
Bruce Ashfield
Joakim Roubert
Robi Buranyi
Zqiang
Yanfei Xu
Bertrand Marquis
Changqing Li
Chen Qi