Mirror of git.yoctoproject.org/meta-virtualization https://git.enea.com/cgit/linux/meta-virtualization.git/atom?h=master 2026-04-21T13:11:11+00:00 2026-04-21T13:11:11+00:00 Zhixiong Chi zhixiong.chi@windriver.com 2026-04-21T07:46:17+00:00 urn:sha1:6218ce020d388cf05a95b6427cda1e93d8438929 Since libvirt was upgraded to v12.1.0, the new systemd service file virt-secret-init-encryption.service has been introduced, and it requires systemd to add openssl to PACKAGECONFIG. Because systemd-creds encrypt command will be executed in the service file, which depends on openssl is enabled. Meanwhile this service was added into the dependency chain of the main service libvirtd.service, and will be enabled by default by libvirtd service without any build dependency detection according to the original upstream commit https://github.com/libvirt/libvirt/commit/97758bc9a0b1fccf8c0009308658f1204b113b89 In systemd oe-core recipe, the openssl PACKAGECONFIG is disabled at default. Finally the service file virt-secret-init-encryption.service and libvirtd will be failed as the following error: > # systemctl status libvirtd -l * libvirtd.service - libvirt legacy monolithic daemon Loaded: loaded (/usr/lib/systemd/system/libvirtd.service; enabled; preset: enabled) Active: inactive (dead) TriggeredBy: * libvirtd.socket * libvirtd-ro.socket * libvirtd-admin.socket Docs: man:libvirtd(8) https://libvirt.org/ systemd[1]: Dependency failed for libvirt legacy monolithic daemon. systemd[1]: libvirtd.service: Job libvirtd.service/start failed with result 'dependency' > # journalctl -xe A start job for unit virt-secret-init-encryption.service has begun execution. systemd-creds[1251]: Support for encrypted credentials not available. systemd[1]: virt-secret-init-encryption.service: Main process exited, code=exited, status=1/FAILURE The above error info "Support for encrypted credentials not available." comes from systemd-creds command provided by systemd without HAVE_OPENSSL option at the source code src/shared/creds-utils.c Here we enable openssl for systemd when 'virtualization' is in distro feature. Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> 2026-04-07T16:05:39+00:00 Bruce Ashfield bruce.ashfield@gmail.com 2026-04-07T16:05:39+00:00 urn:sha1:d138800d7925a007fc61366bb20a3c90412a45c6 Add infrastructure for booting the same container-image-host image as either a k3s server or agent, controlled via kernel cmdline parameters (k3s.role=server|agent). k3s-role-setup.service / k3s-role-setup.sh: - Reads k3s.role, k3s.server, k3s.token, k3s.node-name, k3s.node-ip, k3s.iface from kernel cmdline - Configures cluster network interface IP via networkd drop-in - For agent role: masks k3s.service, writes agent environment file, starts k3s-agent.service - For server role: masks k3s-agent.service (default) 10-k3s-cluster.network: - Claims the cluster interface (eth1) via virt_networking bbclass - Disables DHCP to prevent systemd-networkd from interfering - Static IP added at boot by role-setup via drop-in k3s-get-token.sh: - Helper script to display the server join token - Waits for token file if k3s is still starting k3s-agent.service: - Add EnvironmentFile for /etc/default/k3s-agent (K3S_URL, K3S_TOKEN) - Add After=k3s-role-setup.service and network-online.target k3s.service: - Add After=k3s-role-setup.service packagegroup-kubernetes.bb: - k3s-host packagegroup now includes k3s-agent (both roles available) - Both k3s-host and k3s-node include k3s-net-conf Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> 2026-03-14T15:16:57+00:00 Richard Purdie richard.purdie@linuxfoundation.org 2026-03-14T10:31:09+00:00 urn:sha1:4162f89853eeeec194530dfbbb2210143ede1ca9 OE-Core made changes to the way dummy providers work, update the container-dummy-provides to match them. It now needs a hint in layer.conf to make the core components aware of the presence of the dummy recipe. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> 2026-02-26T01:05:02+00:00 Bruce Ashfield bruce.ashfield@gmail.com 2026-02-25T04:38:28+00:00 urn:sha1:506d5af230f0b41809dfe754e84d5611b75c6585 README-xen.md: - Add vxn and containerd integration section describing all execution paths (containerd, vxn standalone, vdkr/vpdmn, native Docker/Podman) - Add memory requirements section explaining QB_MEM_VALUE=1024 is insufficient for vxn/vctr and documenting qemuparams="-m 4096" - Add runtime tests section with build prerequisites, test commands, and skip behavior - Fix x86-64 runqemu command to include qemuparams="-m 4096" vxn/README.md: - Add testing section referencing the pytest runtime test suite Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> 2026-02-26T01:05:01+00:00 Bruce Ashfield bruce.ashfield@gmail.com 2026-02-19T16:08:45+00:00 urn:sha1:c734621380aed127ee515839aeeb8126f2dcf9ad Add a host-side OCI image cache at ~/.vxn/images/ for the vdkr/vpdmn standalone Xen path. Images pulled via skopeo are stored in a content-addressed layout (refs/ symlinks + store/ OCI dirs) so subsequent runs hit the cache without network access. New commands on Xen: pull, images, rmi, tag, inspect, image <subcmd>. The run path is unchanged — cache integration into hv_prepare_container is deferred to a follow-up. Also fix Docker iptables conflict: when docker-moby and vxn-docker-config coexist on Dom0, Docker's default FORWARD DROP policy blocks DHCP for Xen DomU vifs on xenbr0. Adding "iptables": false to daemon.json prevents Docker from modifying iptables since VM-based containers manage their own network stack. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> 2026-02-26T01:05:01+00:00 Bruce Ashfield bruce.ashfield@gmail.com 2026-02-19T01:53:36+00:00 urn:sha1:035e0daebeb53880ea2a6bd0f0e31785f3ec9e55 Add vdkr/vpdmn as Dom0 target packages with Xen auto-detection, native Docker/Podman config sub-packages, and OCI runtime fixes for Docker compatibility (JSON logging, root.path, kill --all, monitor PID lifecycle). Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> 2026-02-26T01:05:01+00:00 Bruce Ashfield bruce.ashfield@gmail.com 2026-02-19T19:14:22+00:00 urn:sha1:ba23ccd3390b7fbebfed641ebfcd978a0ba406dd Update SUMMARY and DESCRIPTION to note that runx is unmaintained (upstream dormant since 2022) and that vxn provides the same Xen DomU container functionality with pluggable hypervisor backends. go-build is the serial FD handler companion to runx and is similarly superseded. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> 2026-02-26T01:05:01+00:00 Bruce Ashfield bruce.ashfield@gmail.com 2026-02-18T14:07:49+00:00 urn:sha1:9377aede3157a3e7b702dc389c15f27523b673e7 Add shell-based OCI runtime (vxn-oci-runtime) that enables containerd to manage Xen DomU containers through the standard runc shim. Non-terminal container output flows back to ctr via the shim's pipe mechanism. New files: - vxn-oci-runtime: OCI runtime (create/start/state/kill/delete/features/logs) - vxn-sendtty.c: SCM_RIGHTS helper for terminal mode PTY passing - containerd-shim-vxn-v2: PATH trick wrapper for runc shim coexistence - containerd-config-vxn.toml: CRI config (vxn default, runc fallback) - vctr: convenience wrapper injecting --runtime io.containerd.vxn.v2 Key design: - Monitor subprocess uses wait on xl console (not sleep-polling) for instant reaction when domain dies, then extracts output markers and writes to stdout (shim pipe -> containerd FIFO -> ctr client) - cmd_state checks monitor PID liveness (not domain status) to prevent premature cleanup race that killed monitor before output - cmd_delete always destroys remnant domains (no --force needed) - Coexists with runc: /usr/libexec/vxn/shim/runc symlink + PATH trick Verified: vctr run --rm, vctr run -d, vxn standalone, vxn daemon mode. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> 2026-02-26T01:05:01+00:00 Bruce Ashfield bruce.ashfield@gmail.com 2026-02-16T16:11:54+00:00 urn:sha1:dec4b4dfc719e095c0b3dcbff638896282c389af To avoid check layer issues, and distros without systemd trying to build this package group, add a check and requirement for systemd to be defined. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> 2026-02-26T01:05:01+00:00 Bruce Ashfield bruce.ashfield@gmail.com 2026-02-15T04:35:55+00:00 urn:sha1:57d267db7878180d1ecd1936df5284550d0031c3 vxn runs OCI containers as Xen DomU guests — the VM IS the container. No Docker/containerd runs inside the guest; the init script directly mounts the container rootfs and execs the entrypoint via chroot. Host-side (Dom0): - vxn.sh: Docker-like CLI wrapper (sets HYPERVISOR=xen) - vrunner-backend-xen.sh: Xen xl backend for vrunner - hv_prepare_container(): pulls OCI images via skopeo, resolves entrypoint from OCI config using jq on host - xl create for VM lifecycle (PVH on aarch64, PV on x86_64) - Bridge networking with iptables DNAT for port forwards - Console capture via xl console for ephemeral mode Guest-side (DomU): - vxn-init.sh: mounts container rootfs from input disk, extracts OCI layers, execs entrypoint via chroot - Supports containers with or without /bin/sh - grep/sed fallback for OCI config parsing (no jq needed) - Daemon mode with command loop on hvc1 - vcontainer-init-common.sh: hypervisor detection, head -n fix - vcontainer-preinit.sh: init selection via vcontainer.init= Build system: - vxn-initramfs-create.inc: assembles boot blobs from vruntime multiconfig, injects vxn-init.sh into rootfs squashfs - vxn_1.0.bb: Dom0 package with scripts + blobs - nostamp on install/package chain (blobs from DEPLOY_DIR are untracked by sstate) - vxn.cfg: Xen PV kernel config fragment Tested: vxn -it --no-daemon run --rm hello-world Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>