Use containers/storage to store images, pod sandboxes, and containers.
A pod sandbox's infrastructure container has the same ID as the pod to
which it belongs, and all containers also keep track of their pod's ID.
The container configuration that we build using the data in a
CreateContainerRequest is stored in the container's ContainerDirectory
and ContainerRunDirectory.
We catch SIGTERM and SIGINT, and when we receive either, we gracefully
exit the grpc loop. If we also think that there aren't any container
filesystems in use, we attempt to do a clean shutdown of the storage
driver.
The test harness now waits for ocid to exit before attempting to delete
the storage root directory.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
* Rename 'vendor/src' -> 'vendor'
* Ignore vendor/ instead of vendor/src/ for lint
* Rename 'cmd/client' -> 'cmd/ocic' to make it 'go install'able
* Rename 'cmd/server' -> 'cmd/ocid' to make it 'go install'able
* Update Makefile to build and install from GOPATH
* Update tests to locate ocid/ocic in GOPATH/bin
* Search for binaries in GOPATH/bin instead of PATH
* Install tools using `go get -u`, so they are updated on each run
Signed-off-by: Jonathan Yu <jawnsy@redhat.com>
"executable file not found in" is part of a runc
specific output when 'runc exec' fails.
This prevents the execsync failure to pass when running
ocid with other runtimes than runc.
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
We create 2 pods in 2 different networking namespace and
we check if we can ping one from the other.
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
We create temporary CNI networking configurations and run 2
functional tests:
- Verify that the networking namespace interface has a valid CIDR
- Ping the networking namespace interface from the host
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
The gprc execsync client call doesn't populate `ExecSyncResponse` on
error at all. You just get an error.
This patch modifies the code to include command's streams, exit code
and error direcly into the error. `ocic` will then print useful
infomation in the cli, otherwise it won't.
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
The rootfs that gets created needs to have an SELinux label that containers
can write to. Until they get native storage support, this patch will
force the entire storage pool to be labeled in such a way that confined
containers can read/write/execute the content.
Signed-off-by: Dan Walsh <dwalsh@redhat.com>
This subcommand is so that users can get a nice commented version of the
ocid configuration file. This comes from the "current" version of the
configuration (allowing somone to get their custom configuration as a
file). It also has a --default option.
In addition, update the tests to use `ocid config` so that we test this
setup (the loading and saving of the options).
Signed-off-by: Aleksa Sarai <asarai@suse.de>
This lessens the Docker requirement for creating sandboxes (with the
requirement only existing for the actual image pulling that is done when
adding a container to a pod). The interface was chosen to match the
--conmon interface, so that the location of the pause binary can be
chosen by a user.
Signed-off-by: Aleksa Sarai <asarai@suse.de>
In several places, we previously didn't output the $output of the
failing command, leading to confusion when debugging. A proper fix is to
alias oci{c,d} in helpers.sh like runC does, but that can come later.
Signed-off-by: Aleksa Sarai <asarai@suse.de>
