criu needs to turn on sock diag features in kernel to do the system dump[1].
Ref:
[1] https://criu.org/Linux_kernel
Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Adding support for the 6.6 kernel series as testing has been
completed against linux-yocto v6.6/*
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Allow the kernel include file to be skipped, even if a
kernel is capable of merging and using the fragments in
the layer and kernel-cache.
Setting SKIP_META_VIRT_KERNEL_INCLUDE="t" in a kernel
bbappend, or in a configuration file will inhibit the
generated / detected include file.
BUT
If that opt-out is done, we warn, as the user has
explicitly disabled safeguards that help ensure that
subtle runtime issues aren't introduced.
BUT
If someone really knows what they are doing, they
don't want the warning to be present in each build.
So setting META_VIRT_KERNEL_CHECK_WARNING_INHIBIT="t"
will inhibit the message.
At that point, you have jumped through all the hoops
and you are free to ensure your kernel configuration
is correct using other means.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
The 6.5 kernel has now been tested against core and meta-virtualization
so we add the .inc file to show that status.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
5.15 hasn't been in master for quite some time, so we drop
our version matching .inc
Support for 5.15 can be found on release branches.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
The more generic linux-%.bbappend will match on linux-yocto-dev.
If we have the version specific .inc files in the layer, then we
will have support for linux-yocto-dev. Since we already track
the linux-yocto-tested versions, it isn't hard to track the -dev
kernel version.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
The major stacks have been tested against 5.19, so we add the
tracking .inc to indicate support.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
K3s (and Kubernetes) supports load balancing via IPVS, and by default reports
errors when IPVS kernel modules cannot be loaded.
This patch adds the missing reported kernel modules to the k3s recipe:
* ip-vs
* ip-vs-rr
* ip-vs-wrr
* ip-vs-sh
The modules are configured by including the ip_vs kernel feature.
Signed-off-by: Richard Neill <richard.neill@arm.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
The removal of the .inc was pushed prematurely. We'll remove it
again, once 5.14 is removed from core and 5.15 is the default.
This reverts commit 79e0e4598c.
5.14 has been removed from core, and is EOL upstream. We drop our 5.15
.inc file to match that status.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Adds the following kernel modules for k3s:
* xt-physdev
* xt-nflog
* xt-limit
* nfnetlink-log
Without them, the k3s network-policy-controller reports failures in the log
related to iptables-restore.
Signed-off-by: Richard Neill <richard.neill@arm.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* fixes:
KERNEL_FEATURES:append += is not a recommended operator combination, please replace it.
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
To help enforce/guide consistent configuration and to avoid duplicating
configuration fragments into the meta-virt layer, we leverage a native
provider of the yocto-kernel-cache fragment repository.
To allow support for kernels that support fragments, but don't have the
yocto-kernel-cache in the kernel's SRC_URI, we create two conditional
parts of the virtualization configuration.
If virtualization is enabled in the distro features, the kernel
version matches one of our supported ones, and the kernel inherits
kernel-yocto, we add a depedency on the yocto-cfg-fragments-native
recipe.
That recipe will install the fragment collection to the kernel recipe's
native sysroot.
We can then check for the kernel-cache on the SRC_URI. If it is present,
we use the feature at the standard location. If it is not present, we
add the fragment from the native sysroot.
While we could always use the native sysroot variant, we want to allow
a kernel with a kernel-cache to be the first choice, and provide their
own fragments.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
To allow the use of the yocto configuration fragments in scenarios where
a kernel inherits kernel-yocto or has a custom fragment implementation, but
doesn't directly include the yocto-kernel-cache in the kernel SRC_URI,
we introduce a native provider of the fragments.
This fragment provider is independent of a kernel tree and when added
as a dependency to a recipe, the fragments will be placed in:
recipe-sysroot-native/kcfg/
These can then be referenced on the SRC_URI or in KERNEL_FEEATURES by
using '../recipe-sysroot-native/kcfg' as the relative path to the
.scc or .cfg file. In the future, this won't be required as kernel-yocto
will always check the native sysroot for fragments, and fragments will
always be referenced by relative path from the base of the kernel-cache.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
5.13 hs been removed from core, so we drop our associated
configuration include. 5.14 is now the default.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
OEcore/bitbake are moving to use the clearer ":" as an overrides
separator.
This is pass one of updating the meta-virt recipes to use that
syntax.
This has only been minimally build/runtime tested, more changes
will be required for missed overrides, or incorrect conversions
Note: A recent bitbake is required:
commit 75fad23fc06c008a03414a1fc288a8614c6af9ca
Author: Richard Purdie <richard.purdie@linuxfoundation.org>
Date: Sun Jul 18 12:59:15 2021 +0100
bitbake: data_smart/parse: Allow ':' characters in variable/function names
It is becomming increasingly clear we need to find a way to show what
is/is not an override in our syntax. We need to do this in a way which
is clear to users, readable and in a way we can transition to.
The most effective way I've found to this is to use the ":" charater
to directly replace "_" where an override is being specified. This
includes "append", "prepend" and "remove" which are effectively special
override directives.
This patch simply adds the character to the parser so bitbake accepts
the value but maps it back to "_" internally so there is no behaviour
change.
This change is simple enough it could potentially be backported to older
version of bitbake meaning layers using the new syntax/markup could
work with older releases. Even if other no other changes are accepted
at this time and we don't backport, it does set us on a path where at
some point in future we could
require a more explict syntax.
I've tested this patch by converting oe-core/meta-yocto to the new
syntax for overrides (9000+ changes) and then seeing that builds
continue to work with this patch.
(Bitbake rev: 0dbbb4547cb2570d2ce607e9a53459df3c0ac284)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Add kernel config fragment according to the requirement from the file
types_unix.go in source codes of kubernetes.
Signed-off-by: Zqiang <qiang.zhang@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
We already have docker and some other fragments that are relevant to
k3s/k8s, but the addition of ipset as a depends for k3s highlights
that we should have a reference configuration that sets all the options
for proper opration and runtime dependencies.
When k8s or k3s are distro features, we'll apply the new fragment to
any kernel that supports fragments (and matches the supported
versions).
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
The 5.8 kernel is being dropped in oe-core, which means we don't
test the 5.8 integration any more .. so we drop the .inc for the
configs.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
oe-core now has a 5.10 reference kernel, so we need a 5.10 include
file to pick up our configurations.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Add kernel config fragment for CONFIG_CGROUP_HUGETLB
This is a recommended config for Kubernetes and k8s
will throw a warning if it is not present.
Signed-off-by: Tim Orling <ticotimo@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
using bb.utils.contains wasn't able to match on the substring
"type=kmeta" to enable the conditional inclusion of fragments
and KERNEL_FEATURES.
We switch to a python string only method so we can fix the
fragment application
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Rather than only matching on the major/minor version, we should also
check that the SRC_URI contains a "type=kmeta", to indicate that a
kernel-meta data repository is available.
This allows fragment enabled kernels, that don't want to use the
main kernel meta data repository to not throw an error (when their
version matches one of the reference kernels).
This can potentially mask runtime issues (since kernel configuration
options may not be present in the final kernel), but it makes the
layer more usable, so we take the tradeoff.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
The group scheduling options in the lxc fragment were initially
used to support performance guaranteed systems using containers.
This option now causes issues with systemd runtimes and the
original feature it implemented is no longer relevant
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
CONFIG_XEN_MAX_DOMAIN_MEMORY has been retired since kernel commit:
197ecb3802c04499d8ff4f8cb28f6efa008067db
xen/balloon: add runtime control for scrubbing ballooned out pages
CONFIG_XEN_SCRUB_PAGES has been replaced with CONFIG_XEN_SCRUB_PAGES_DEFAULT
since kernel commit: c70727a5bc18a5a233fddc6056d1de9144d7a293
xen: allow more than 512 GB of RAM for 64 bit pv-domains
Signed-off-by: Christopher Clark <christopher.clark6@baesystems.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
The kernel fragments contained in this layer could not easily
be consumed by any fragment aware kernel not called "linux-yocto".
To make them easier to include, we make the bbappend more generic,
to match any linux*.bb recipe (note: this means it will match
things like linux-atm.bb as well).
To avoid adding the fragments to recipes that can't use them,
or to a version that hasn't been valided, we use the LINUX_VERSION
variable to pull out the major/minor kernel release and then
include a specific version of the .inc file.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
The vxlan module is needed if user or some software is trying
to configure network when the image is running in virtual machine.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Althought the bbappends are currently empty, lets stick with
the versioned (versus wildcard) bbappend. They serve as an
explicit reference to which kernels have been tested with
meta-virt
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Since af6363374cbd ("cgroup: make CONFIG_CGROUP_NET_PRIO bool and drop unnecessary init_netclassid_cgroup()"),
CONFIG_CGROUP_NET_PRIO has become a bool option. Forcedly setting it to "m"
would end up with "n". Change it to "y" here.
Signed-off-by: He Zhe <zhe.he@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
linux-yocto-dev would also use virualization features.
Signed-off-by: He Zhe <zhe.he@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
kernel has replaced CONFIG_NF_CONNTRACK_IPV4 with CONFIG_NF_CONNTRACK.
[commit: a0ae2562c]
Signed-off-by: Hongzhi.Song <hongzhi.song@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
