Get the image clear-XXXXX-kvm.img
wget https://download.clearlinux.org/releases/30080/clear/clear-30080-kvm.img.xz
unxz clear-30080-kvm.img.xz
Add intel_iommu=on to the kernel boot parameters
mkdir mount_dir
Archana Shinde amshinde
amshinde
/ Nested_VFIO.md
Created
May 17, 2023 06:27
— forked from sboeuf/Nested_VFIO.md
How to test VFIO with virtio-net-pci device
amshinde
/ qemu_direct_kernel_boot_disk.md
Created
April 25, 2023 18:47
— forked from mcastelino/qemu_direct_kernel_boot_disk.md
QEMU Direct Kernel Boot into a disk image
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*- | |
| # ex: ts=8 sw=4 sts=4 et filetype=sh | |
| VMN=${VMN:=1} | |
| NEMU=~/build-x86_64/x86_64-softmmu/qemu-system-x86_64 | |
| sudo $NEMU \ | |
| -trace events=/tmp/events \ |
amshinde
/ bpftrace.md
Created
April 24, 2023 21:28
— forked from krsna1729/bpftrace.md
bpftrace one-liners skbdump
$ sudo bpftrace -e 'tracepoint:napi:napi_poll /comm == "ping"/ { printf("%s\n", comm) }'
Attaching 1 probe...
ping
ping
ping$ sudo bpftrace -e 'tracepoint:napi:napi_poll /comm == "ping"/ { printf("%d\n", args->work) }'
amshinde
/ canal.md
Created
April 24, 2023 21:26
— forked from krsna1729/canal.md
tracing network stack for MACVLAN IPVLAN
This is only a trace on vxlan interface on the host. not from within container namespace
ping-26819 [001] 3678.931358: fib_table_lookup: table 254 oif 0 iif 1 proto 17 0.0.0.0/40784 -> 10.244.2.4/1025 tos 0 scope 0 flags 0 ==> dev flannel.1 gw 10.244.2.0 src 10.244.0.0 err 0
ping-26819 [001] 3678.931387: fib_table_lookup: table 254 oif 0 iif 1 proto 17 10.244.0.0/40784 -> 10.244.2.4/1025 tos 0 scope 0 flags 0 ==> dev flannel.1 gw 10.244.2.0 src 10.244.0.0 err 0
ping-26819 [001] 3678.931468: fib_table_lookup: table 254 oif 0 iif 1 proto 1 0.0.0.0/0 -> 10.244.2.4/0 tos 0 scope 0 flags 0 ==> dev flannel.1 gw 10.244.2.0 src 10.244.0.0 err 0
ping-26819 [001] 3678.931485: fib_table_lookup: table 255 oif 0 iif 0 proto 0 0.0.0.0/0 -> 10.244.2.4/0 tos 0 scope 0 flags 0 ==> dev flannel.1 gw 10.244.2.0 src 10.244.0.0 err 0
ping-26819 [001] 3678.931499: net_dev_queue: dev=flannel.1 skbaddr=0xffff919236689800 len=98
ping-26819 [001] 3678.931500: net_dev_start_xmit: dev=flann
amshinde
/ kcgroups.md
Created
April 24, 2023 21:23
— forked from mcastelino/kcgroups.md
Kubernetes and cgroups Resource Management/Static cpuManagerPolicy/Memory and Resource Isolation & Scheduling
The goal of this document to cover all aspects of Kubernetes management, including how resources are expressed, constrained and accounted for. This started a way to ensure that alternate container runtime implementation like Kata containers will behave from a resource accounting and consumption point of view in the same manner as runc.
Location of the latest version of this document: https://gist.github.com/mcastelino/b8ce9a70b00ee56036dadd70ded53e9f
If you do not understand cgroups please refer to a quick primer at the bottom of this document. This will help you understand how the resource enforcement actually works.
backdoor-image can be used to easily add user with passwordless sudo access to a image or a root filesystem.
Operating on an image requires the 'mount-image-callback' tool from
cloud-utils. That can be installed on ubuntu via apt-get install -qy cloud-image-utils.
amshinde
/ dump_all_iptables_stats
Created
April 2, 2019 22:33
— forked from mcastelino/dump_all_iptables_stats
Dump all iptables stats
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| for table in $(echo filter nat mangle raw security); do echo $table; iptables -L -v -n --line-numbers -t $table; done | |
| tcpdump -elnXXi |
amshinde
/ Release.md
Created
March 27, 2019 18:14
— forked from jcvenegas/Release.md
Kata Containers Release
Hi if you are reading this document you may also want to create a kata Containers Release.
The Kata Containers Release Process is defined in the follwoing documents.
https://github.com/kata-containers/documentation/blob/master/Releases.md
To simply the process of read each release we have created a checklist for it.
amshinde
/ remap_and_post.md
Created
March 27, 2019 18:14
— forked from mcastelino/remap_and_post.md
Interrupt Remapping and posted interrupt notes
https://software.intel.com/sites/default/files/managed/c5/15/vt-directed-io-spec.pdf
• Legacy pin interrupts
— For devices that use legacy methods for interrupt routing (such as either through direct wiring to the I/OxAPIC input pins, or through INTx messages), the I/OxAPIC hardware generates the interrupt-request transaction. To identify the source of interrupt requests generated by I/OxAPICs, the interrupt-remapping hardware requires each I/OxAPIC in the platform (enumerated through the ACPI Multiple APIC Descriptor Tables (MADT)) to include a unique 16-bit source-id in its requests. BIOS reports the source-id for these I/OxAPICs via ACPI
amshinde
/ slirp4netns.md
Created
March 27, 2019 18:12
— forked from mcastelino/slirp4netns.md
slirp4netns: How does it work
NewerOlder