github.com/kata-containers/runtime@v0.0.0-20210505125100-04f29832a923/cli/config/configuration-acrn.toml.in (about) 1 # Copyright (c) 2017-2019 Intel Corporation 2 # 3 # SPDX-License-Identifier: Apache-2.0 4 # 5 6 # XXX: WARNING: this file is auto-generated. 7 # XXX: 8 # XXX: Source file: "@CONFIG_ACRN_IN@" 9 # XXX: Project: 10 # XXX: Name: @PROJECT_NAME@ 11 # XXX: Type: @PROJECT_TYPE@ 12 13 [hypervisor.acrn] 14 path = "@ACRNPATH@" 15 ctlpath = "@ACRNCTLPATH@" 16 kernel = "@KERNELPATH_ACRN@" 17 image = "@IMAGEPATH@" 18 19 # List of valid annotation names for the hypervisor 20 # Each member of the list is a regular expression, which is the base name 21 # of the annotation, e.g. "path" for io.katacontainers.config.hypervisor.path" 22 # The default if not set is empty (all annotations rejected.) 23 # Your distribution recommends: @DEFENABLEANNOTATIONS@ 24 enable_annotations = @DEFENABLEANNOTATIONS@ 25 26 # List of valid annotation values for the hypervisor path 27 # Each member of the list is a path pattern as described by glob(3). 28 # The default if not set is empty (all annotations rejected.) 29 # Your distribution recommends: @ACRNVALIDHYPERVISORPATHS@ 30 valid_hypervisor_paths = @ACRNVALIDHYPERVISORPATHS@ 31 32 # List of valid annotation values for ctl path 33 # Each member of the list is a path pattern as described by glob(3). 34 # The default if not set is empty (all annotations rejected.) 35 # Your distribution recommends: @ACRNVALIDCTLPATHS@ 36 valid_ctlpaths = @ACRNVALIDCTLPATHS@ 37 38 # Optional space-separated list of options to pass to the guest kernel. 39 # For example, use `kernel_params = "vsyscall=emulate"` if you are having 40 # trouble running pre-2.15 glibc. 41 # 42 # WARNING: - any parameter specified here will take priority over the default 43 # parameter value of the same name used to start the virtual machine. 44 # Do not set values here unless you understand the impact of doing so as you 45 # may stop the virtual machine from booting. 46 # To see the list of default parameters, enable hypervisor debug, create a 47 # container and look for 'default-kernel-parameters' log entries. 48 kernel_params = "@KERNELPARAMS@" 49 50 # Path to the firmware. 51 # If you want that acrn uses the default firmware leave this option empty 52 firmware = "@FIRMWAREPATH@" 53 54 # Default maximum number of vCPUs per SB/VM: 55 # unspecified or == 0 --> will be set to the actual number of physical cores or to the maximum number 56 # of vCPUs supported by KVM if that number is exceeded 57 # > 0 <= number of physical cores --> will be set to the specified number 58 # > number of physical cores --> will be set to the actual number of physical cores or to the maximum number 59 # of vCPUs supported by KVM if that number is exceeded 60 # WARNING: Depending of the architecture, the maximum number of vCPUs supported by KVM is used when 61 # the actual number of physical cores is greater than it. 62 # WARNING: Be aware that this value impacts the virtual machine's memory footprint and CPU 63 # the hotplug functionality. For example, `default_maxvcpus = 240` specifies that until 240 vCPUs 64 # can be added to a SB/VM, but the memory footprint will be big. Another example, with 65 # `default_maxvcpus = 8` the memory footprint will be small, but 8 will be the maximum number of 66 # vCPUs supported by the SB/VM. In general, we recommend that you do not edit this variable, 67 # unless you know what are you doing. 68 default_maxvcpus = @DEFMAXVCPUS_ACRN@ 69 70 # Bridges can be used to hot plug devices. 71 # Limitations: 72 # * Currently only pci bridges are supported 73 # * Until 30 devices per bridge can be hot plugged. 74 # * Until 5 PCI bridges can be cold plugged per VM. 75 # This limitation could be a bug in the kernel 76 # Default number of bridges per SB/VM: 77 # unspecified or 0 --> will be set to @DEFBRIDGES@ 78 # > 1 <= 5 --> will be set to the specified number 79 # > 5 --> will be set to 5 80 default_bridges = @DEFBRIDGES@ 81 82 # Default memory size in MiB for SB/VM. 83 # If unspecified then it will be set @DEFMEMSZ@ MiB. 84 default_memory = @DEFMEMSZ@ 85 86 # Block storage driver to be used for the hypervisor in case the container 87 # rootfs is backed by a block device. ACRN only supports virtio-blk. 88 block_device_driver = "@DEFBLOCKSTORAGEDRIVER_ACRN@" 89 90 # This option changes the default hypervisor and kernel parameters 91 # to enable debug output where available. This extra output is added 92 # to the proxy logs, but only when proxy debug is also enabled. 93 # 94 # Default false 95 #enable_debug = true 96 97 # Disable the customizations done in the runtime when it detects 98 # that it is running on top a VMM. This will result in the runtime 99 # behaving as it would when running on bare metal. 100 # 101 #disable_nesting_checks = true 102 103 # If host doesn't support vhost_net, set to true. Thus we won't create vhost fds for nics. 104 # Default false 105 #disable_vhost_net = true 106 107 # Path to OCI hook binaries in the *guest rootfs*. 108 # This does not affect host-side hooks which must instead be added to 109 # the OCI spec passed to the runtime. 110 # 111 # You can create a rootfs with hooks by customizing the osbuilder scripts: 112 # https://github.com/kata-containers/osbuilder 113 # 114 # Hooks must be stored in a subdirectory of guest_hook_path according to their 115 # hook type, i.e. "guest_hook_path/{prestart,postart,poststop}". 116 # The agent will scan these directories for executable files and add them, in 117 # lexicographical order, to the lifecycle of the guest container. 118 # Hooks are executed in the runtime namespace of the guest. See the official documentation: 119 # https://github.com/opencontainers/runtime-spec/blob/v1.0.1/config.md#posix-platform-hooks 120 # Warnings will be logged if any error is encountered will scanning for hooks, 121 # but it will not abort container execution. 122 #guest_hook_path = "/usr/share/oci/hooks" 123 124 [proxy.@PROJECT_TYPE@] 125 path = "@PROXYPATH@" 126 127 # If enabled, proxy messages will be sent to the system log 128 # (default: disabled) 129 #enable_debug = true 130 131 [shim.@PROJECT_TYPE@] 132 path = "@SHIMPATH@" 133 134 # If enabled, shim messages will be sent to the system log 135 # (default: disabled) 136 #enable_debug = true 137 138 # If enabled, the shim will create opentracing.io traces and spans. 139 # (See https://www.jaegertracing.io/docs/getting-started). 140 # 141 # Note: By default, the shim runs in a separate network namespace. Therefore, 142 # to allow it to send trace details to the Jaeger agent running on the host, 143 # it is necessary to set 'disable_new_netns=true' so that it runs in the host 144 # network namespace. 145 # 146 # (default: disabled) 147 #enable_tracing = true 148 149 [agent.@PROJECT_TYPE@] 150 # If enabled, make the agent display debug-level messages. 151 # (default: disabled) 152 #enable_debug = true 153 154 # Enable agent tracing. 155 # 156 # If enabled, the default trace mode is "dynamic" and the 157 # default trace type is "isolated". The trace mode and type are set 158 # explicity with the `trace_type=` and `trace_mode=` options. 159 # 160 # Notes: 161 # 162 # - Tracing is ONLY enabled when `enable_tracing` is set: explicitly 163 # setting `trace_mode=` and/or `trace_type=` without setting `enable_tracing` 164 # will NOT activate agent tracing. 165 # 166 # - See https://github.com/kata-containers/agent/blob/master/TRACING.md for 167 # full details. 168 # 169 # (default: disabled) 170 #enable_tracing = true 171 # 172 #trace_mode = "dynamic" 173 #trace_type = "isolated" 174 175 [netmon] 176 # If enabled, the network monitoring process gets started when the 177 # sandbox is created. This allows for the detection of some additional 178 # network being added to the existing network namespace, after the 179 # sandbox has been created. 180 # (default: disabled) 181 #enable_netmon = true 182 183 # Specify the path to the netmon binary. 184 path = "@NETMONPATH@" 185 186 # If enabled, netmon messages will be sent to the system log 187 # (default: disabled) 188 #enable_debug = true 189 190 [runtime] 191 # If enabled, the runtime will log additional debug messages to the 192 # system log 193 # (default: disabled) 194 #enable_debug = true 195 # 196 # Internetworking model 197 # Determines how the VM should be connected to the 198 # the container network interface 199 # Options: 200 # 201 # - bridged (Deprecated) 202 # Uses a linux bridge to interconnect the container interface to 203 # the VM. Works for most cases except macvlan and ipvlan. 204 # ***NOTE: This feature has been deprecated with plans to remove this 205 # feature in the future. Please use other network models listed below. 206 # 207 # 208 # - macvtap 209 # Used when the Container network interface can be bridged using 210 # macvtap. 211 # 212 # - none 213 # Used when customize network. Only creates a tap device. No veth pair. 214 # 215 # - tcfilter 216 # Uses tc filter rules to redirect traffic from the network interface 217 # provided by plugin to a tap interface connected to the VM. 218 # 219 internetworking_model="@DEFNETWORKMODEL_ACRN@" 220 221 # disable guest seccomp 222 # Determines whether container seccomp profiles are passed to the virtual 223 # machine and applied by the kata agent. If set to true, seccomp is not applied 224 # within the guest 225 # (default: true) 226 disable_guest_seccomp=@DEFDISABLEGUESTSECCOMP@ 227 228 # If enabled, the runtime will create opentracing.io traces and spans. 229 # (See https://www.jaegertracing.io/docs/getting-started). 230 # (default: disabled) 231 #enable_tracing = true 232 233 # If enabled, the runtime will not create a network namespace for shim and hypervisor processes. 234 # This option may have some potential impacts to your host. It should only be used when you know what you're doing. 235 # `disable_new_netns` conflicts with `enable_netmon` 236 # `disable_new_netns` conflicts with `internetworking_model=bridged` and `internetworking_model=macvtap`. It works only 237 # with `internetworking_model=none`. The tap device will be in the host network namespace and can connect to a bridge 238 # (like OVS) directly. 239 # If you are using docker, `disable_new_netns` only works with `docker run --net=none` 240 # (default: false) 241 #disable_new_netns = true 242 243 # if enabled, the runtime will add all the kata processes inside one dedicated cgroup. 244 # The container cgroups in the host are not created, just one single cgroup per sandbox. 245 # The runtime caller is free to restrict or collect cgroup stats of the overall Kata sandbox. 246 # The sandbox cgroup path is the parent cgroup of a container with the PodSandbox annotation. 247 # The sandbox cgroup is constrained if there is no container type annotation. 248 # See: https://godoc.org/github.com/kata-containers/runtime/virtcontainers#ContainerType 249 sandbox_cgroup_only=@DEFSANDBOXCGROUPONLY@ 250 251 # Enabled experimental feature list, format: ["a", "b"]. 252 # Experimental features are features not stable enough for production, 253 # they may break compatibility, and are prepared for a big version bump. 254 # Supported experimental features: 255 # (default: []) 256 experimental=@DEFAULTEXPFEATURES@ 257 258 # If enabled, containers are allowed to join the pid namespace of the agent 259 # when the env variable KATA_AGENT_PIDNS is set for a container. 260 # Use this with caution and only when required, as this option allows the container 261 # to access the agent process. It is recommended to enable this option 262 # only in debug scenarios and with containers with lowered priveleges. 263 #enable_agent_pidns = true