CRI-O works well with runc when stopping a container because as soon
as the container process returns, it can consider every container
resources such as its rootfs as being freed, and it can proceed
further by unmounting it.
But in case of virtualized runtime such as Clear Containers or Kata
Containers, the same rootfs is being mounted into the VM, usually as
a device being hotplugged. This means the runtime will need to be
triggered after the container process has returned. Particularly,
such runtimes should expect a call into "state" in order to realize
the container process is not running anymore, and it would trigger
the container to be officially stopped, proceeding to the necessary
unmounts.
The way this can be done from CRI-O, without impacting the case of
runc, is to explicitly wait for the container status to be updated
into "stopped" after the container process has returned. This way
CRI-O will call into "state" as long as it cannot see the container
status being updated properly, generating an error after a timeout.
Both PollUpdateStatusStopped() and WaitContainerStateStopped() make
use of go routines in order to support a timeout definition. They
follow the waitContainerStop() approach with chControl.
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
Some steps are now being run with Go tip and not in all the different versions,
there were also moved to their own block so they will fail fast and in the mean
time the unit test for the different versions can start.
Also, "make docs" was removed because it's already being done by "make" without
any argument.
Fixes#1400.
Signed-off-by: Álex González <agonzalezro@gmail.com>
If the pid namespace mode is set to POD, then the container's namespace
should be set to the namespace of the pod infra container.
Signed-off-by: umohnani8 <umohnani@redhat.com>
When the image name is resolved with the registries from crio.conf only
the resolved name with the first registry is passed to create_container
eventhough there are more registries in the crio.conf file.
Fix this to try the resolved image names with all the registries given in the conf file.
Signed-off-by: umohnani8 <umohnani@redhat.com>
These changes allow for the container's pid namespace to be set to the same
as the pod infra container's namespace if the pid namespace mode is set to POD
Signed-off-by: umohnani8 <umohnani@redhat.com>
using github.com/LK4D4/vndr, but then trimming all vendored packages
that had changed, back to only containers/storage.
Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>
We may consider setting it to true all the time but this
should match our previous behavior before we started
using process json for exec.
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
We've been occasionally creating this file since 9c44933b (build:
create a local GOPATH if none specified, 2017-03-27, #410). But it's
recording information about the local environment, not part of our
common source. Adding it to .gitignore helps avoid having it
accidentally committed.
Signed-off-by: W. Trevor King <wking@tremily.us>
The GOPATH layout is created in the Makefile:
mkdir -p "/home/test/cri-o/_output/src/github.com/kubernetes-incubator"
ln -s "/home/test/cri-o" "/home/test/cri-o/_output/src/github.com/kubernetes-incubator"
Signed-off-by: Jan Pazdziora <jpazdziora@redhat.com>
