Under some slow environment (nested VMs) or with some
not as fast runtimes (Clear Containers), asking for a
status right away is racy.
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
The bats "run" helper function sets "$status", so there's no point to
checking the value of "$status" when we haven't used the "run" helper to
run a command, and we almost always want to be checking the value after
we have used the helper.
There's no need to run commands like 'sleep' or 'rm -f' with the helper,
since they're not expected to fail, and if they do, it's probably
indicative of a larger problem that we want to allow to cause tests to
fail.
Helper functions like start_crio already check "$status" when they call
"run", so we don't need to check it again after they return.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Our CI tests on RHEL and Fedora and we want to test the systemd cgroup
driver. However, kubelet needs to run in tests with systemd cgroup
driver as well, or tests fail. This patch fixes broken CI because of
not matching cgroup driver between CRI-O and the kubelet.
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
The test "ctr execsync std{out,err}" from ctr.bats works with runc,
but the semantics behind is wrong.
We should not be able to execute a new process on a container which
has not been previously started. That's why this patch adds a call
to start the container.
Moreover, we don't want to be able to execute a new process on a
container that has already returned because its workload is done.
For that reason, we need to force the container workload to be a
"sleep 10" to ensure it is still running when the call to "exec"
is issued.
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
This patch isn't adding a test for /etc/hosts as that requires host
network and we don't want to play with host's /etc/hosts when running
make localintegration on our laptops. That may change in the future
moving to some sort of in-container testing.
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
This patch fixes the following command:
kubectl run -i --tty centos --image=centos -- sh
The command above use to fail with:
/usr/bin/sh: /usr/bin/sh: cannot execute binary file
That's because we were wrongly assembling the OCI processArgs.
Thanks @alexlarsson for spotting this.
This patch basically replicates what docker does when merging container
config and image config. It also replicates how docker sets processArgs
for the OCI runtime.
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
`containerdID` is overridden in `s.ctrIDIndex.Get()`, if the ctr is not
found it's overridden by an empty string making the error return
totally unusable.
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
conmon has many flags that are parsed when it's executed, one of them
is "-c". During PR #510 where we vendor latest kube master code,
upstream has changed a test to call a "ctr execsync" with a command of
"sh -c commmand ...".
Turns out:
a) conmon has a "-c" flag which refers to the container name/id
b) the exec command has a "-c" flags but it's for "sh"
That leads to conmon parsing the second "-c" flags from the exec
command causing an error. The executed command looks like:
conmon -c [..other flags..] CONTAINERID -e sh -c echo hello world
This patch rewrites the exec sync code to not pass down to conmon the
exec command via command line. Rather, we're now creating an OCI runtime
process spec in a temp file, pass _the path_ down to conmon, and have
runc exec the command using "runc exec --process
/path/to/process-spec.json CONTAINERID". This is far better in which we
don't need to bother anymore about conflicts with flags in conmon.
Added and fixed some tests also.
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
The ocid project was renamed to CRI-O, months ago, it is time that we moved
all of the code to the new name. We want to elminate the name ocid from use.
Move fully to crio.
Also cric is being renamed to crioctl for the time being.
Signed-off-by: Dan Walsh <dwalsh@redhat.com>
Now that we have support for split std{out,err}, make sure that execsync
will correctly handle the split stdio properly. In addition, extend the
ctr logging test to make sure that the regular container logging is also
split correctly. We can't test !terminal containers because we only have
a single console for both std{out,err}.
Signed-off-by: Aleksa Sarai <asarai@suse.de>
The main purpose of these tests is to make sure that the log actually
contains output from the container. We don't test the timestamps or the
stream that's stated at the moment.
Signed-off-by: Aleksa Sarai <asarai@suse.de>
"executable file not found in" is part of a runc
specific output when 'runc exec' fails.
This prevents the execsync failure to pass when running
ocid with other runtimes than runc.
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
The gprc execsync client call doesn't populate `ExecSyncResponse` on
error at all. You just get an error.
This patch modifies the code to include command's streams, exit code
and error direcly into the error. `ocic` will then print useful
infomation in the cli, otherwise it won't.
Signed-off-by: Antonio Murdaca <runcom@redhat.com>