Commit graph

2124 commits

Author SHA1 Message Date
baude
3bf23b684a Add kpod wait
Waits on one or more containers to stop and prints the container's
return code

Signed-off-by: baude <bbaude@redhat.com>
2017-09-27 09:03:33 -05:00
Daniel J Walsh
214adee0ef Merge pull request #926 from TomSweeneyRedHat/pause
Add `kpod pause` and `kpod unpause`
2017-09-27 09:33:22 -04:00
Daniel J Walsh
154283764d Merge pull request #866 from vbatts/fine_grain_targets
Makefile: break out the `install` target
2017-09-27 09:20:26 -04:00
Mrunal Patel
41372dba70 Merge pull request #940 from vbatts/no-pivot
*: allow to not use pivot_root
2017-09-26 16:18:08 -07:00
Daniel J Walsh
8e6d5b1c9a Merge branch 'master' of github.com:kubernetes-incubator/cri-o into umount
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2017-09-26 21:41:02 +00:00
Daniel J Walsh
8949e669c9 Modify kpod tag to use libpod runtime interface
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2017-09-26 16:14:34 -04:00
53a9472b94
man-pages: add no_pivot information
Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>
2017-09-26 11:35:09 -04:00
d6a44bf111
*: allow to not use pivot_root
runc has a `--no-pivot` flag, that uses MS_MOVE instead.

This patch set bubbles up a runtime config to enable using no-pivot
globally.

Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>
2017-09-26 11:35:00 -04:00
Antonio Murdaca
0ff3580f05 Merge pull request #891 from mrunalp/cfg_log_max
Max log size config
2017-09-26 17:04:57 +02:00
a22d04de4b
Makefile: break out the install target
Where `make install` still has the same behaviour, but you could instead
only `make install.bin` if you don't need the man pages.

Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>
2017-09-26 09:32:39 -04:00
Daniel J Walsh
9db7cf1370 Add kpod pause and kpod unpause
Implement the ability to pause and unpause running containers.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
2017-09-26 08:38:07 -04:00
Daniel J Walsh
45747cc5d0 Merge pull request #946 from sameo/topic/readme
README: Update status
2017-09-26 07:54:18 -04:00
Samuel Ortiz
266e620ea9 README: Update status
We're at rc2 now.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2017-09-26 12:24:14 +02:00
Mrunal Patel
37e282a29b docs: Add docs for log size max
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-09-25 16:08:09 -07:00
Mrunal Patel
d47061ac57 test: Add a test for log size max
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-09-25 15:37:55 -07:00
Mrunal Patel
4d0270d138 crio: Add flag for --log-size-max
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-09-25 15:37:10 -07:00
Mrunal Patel
c7d33e1899 conmon: Re-open the log file to not exceed max log file size
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-09-25 15:36:14 -07:00
Mrunal Patel
82899bdb4e conmon: Track the number of bytes written to the container log file
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-09-25 15:35:25 -07:00
Mrunal Patel
48d0706a49 Add log size max flag to conmon and pass it on container create
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-09-25 15:31:31 -07:00
Mrunal Patel
bb11ee522b oci: Add log size max to container
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-09-25 15:28:29 -07:00
Mrunal Patel
c7f5347673 Add log size max configuration
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-09-25 15:27:21 -07:00
Mrunal Patel
db0bd66fca Merge pull request #917 from runcom/fixes-rc3-0
Fix Origin test and update kube to v1.7.6
2017-09-25 14:55:42 -07:00
Antonio Murdaca
a8ee86b1cc Merge pull request #943 from mrunalp/info_client
client: Add crio client package
2017-09-25 23:04:04 +02:00
Daniel J Walsh
51b2254742 Tell oci-umount where to remove mountpoints inside container
This patch set add crio-umount.conf file which tells oci-umount plugin
to look for leaked mount points in /var/lib/containers/storage/* and
/var/run/containers/*

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2017-09-25 15:21:17 -04:00
Antonio Murdaca
3dd043c581
sandbox_network: pass sandbox to newPodNetwork
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-25 21:08:11 +02:00
Antonio Murdaca
6c871769b4
server: more fixes for selinux and privileged mode
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-25 21:08:11 +02:00
Antonio Murdaca
7b0bde4362
container_create: fix seccomp annotations
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-25 21:08:11 +02:00
Antonio Murdaca
59c0218a9c
container_create: follow symlink for mount host path
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-25 21:08:11 +02:00
Antonio Murdaca
5e7c932771
vendor: update kube to v1.7.6
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-25 21:08:11 +02:00
Antonio Murdaca
e8cfe3b867
container_create: support seccomp docker/default annotation
Fixes the following Origin/Kube test:

```
• Failure [10.323 seconds]
[k8s.io] Security Context [Feature:SecurityContext]
/go/src/github.com/openshift/origin/vendor/k8s.io/kubernetes/test/e2e/framework/framework.go:619
  should support seccomp alpha docker/default annotation
[Feature:Seccomp] [It]
  /go/src/github.com/openshift/origin/vendor/k8s.io/kubernetes/test/e2e/security_context.go:133

  Expected error:
      <*errors.errorString | 0xc420cbacf0>: {
          s: "expected \"2\" in container output: Expected\n
<string>: Seccomp:\t0\n    \nto contain substring\n    <string>: 2",
      }
      expected "2" in container output: Expected
          <string>: Seccomp:	0

      to contain substring
          <string>: 2
  not to have occurred
}
```

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-25 21:08:11 +02:00
Mrunal Patel
1beb75d839 test: Add steps for testing crio client
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-09-25 11:59:40 -07:00
Mrunal Patel
50baca10e9 Add crio annotations to container endpoint
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-09-25 11:59:40 -07:00
Mrunal Patel
2e3d5240c2 client: Add crio client package
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-09-25 11:59:40 -07:00
Mrunal Patel
4fadbea75d Merge pull request #927 from stevekuznetsov/skuznets/dont-pull-code-in-test
Refactor integration test playbooks
2017-09-25 11:58:11 -07:00
Steve Kuznetsov
e160796d4e
Refactor the CRI-O test playbook to be more modular
Signed-off-by: Steve Kuznetsov <skuznets@redhat.com>
2017-09-25 10:02:04 -07:00
Mrunal Patel
89f18fa7b5 Merge pull request #928 from cevich/fix_missing_fedora_dep
integration-playbook: Add hidden dependencies
2017-09-22 10:19:05 -07:00
Chris Evich
bedf75dcfc integration-playbook: Require RHEL repos.
Both the base and extras repos are required.  Rather than try to fuss
around with subscription manager, require two variables be defined
pointing to the baseurl's to use.  Assert that these variables are set
and non-empty.

Signed-off-by: Chris Evich <cevich@redhat.com>
2017-09-21 13:01:08 -04:00
Chris Evich
78c400ccd3 integration-playbook: Increase test timeout
Depending on circumstances out of our control, the 'integration tests'
may take longer than an hour (3600 seconds).  Since the maximum time
is referenced in several places, define a variable with a larger value
then reference it from the affected tasks.

Signed-off-by: Chris Evich <cevich@redhat.com>
2017-09-21 13:01:08 -04:00
Chris Evich
e6b5fc7d53 integration-playbook: Add hidden dependencies
Previously, an internal playbook installed many extra
necessary/unnecessary packages before this playbook even started.  Since
this is a terrible design, move all dependencies here so that nothing is
unwritten.  This includes installing some deps. for ansible itself
(which must be done as a raw command).

Signed-off-by: Chris Evich <cevich@redhat.com>
2017-09-21 13:01:08 -04:00
Chris Evich
29c4d890c8 Faster venv-ansible-playbook.sh
If running a playbook more than once, there's no need to re-bootstrap
the virtual environment.  Assume if the verified crio directory already
exists, it should be used (after re-asserting hashes of requirements).

Signed-off-by: Chris Evich <cevich@redhat.com>
2017-09-21 12:59:33 -04:00
Daniel J Walsh
d153815f74 Merge pull request #936 from rhatdan/readme
Describe in readme `kpod cp` man page
2017-09-21 10:02:07 -04:00
Daniel J Walsh
fd6446ade5 Describe in readme kpod cp man page
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2017-09-21 12:20:26 +00:00
Antonio Murdaca
0fc411d4fe Merge pull request #905 from mrunalp/bump_rc2
version: Release 1.0.0-rc2
2017-09-20 15:20:31 +02:00
Daniel J Walsh
2282b5339f Merge pull request #922 from ashcrow/add-libkpod-config-unit-test
test: Add libkpod config tests
2017-09-19 15:14:41 -04:00
Steve Milner
65faae6782 test: Add libkpod config tests
- config_test.go for testing libkpod/config.go
- testdata/config.toml as a fixture for config_test.go

Signed-off-by: Steve Milner <smilner@redhat.com>
2017-09-19 09:32:57 -04:00
Daniel J Walsh
5e3c53c172 Merge pull request #909 from rhatdan/lastError
We should not be exiting with exit(1)
2017-09-18 07:46:53 -04:00
Mrunal Patel
7e7a097395 Merge pull request #913 from runcom/v1.0.0-rc2-patches
V1.0.0 rc2 patches
2017-09-17 21:03:54 -07:00
Antonio Murdaca
a11b8cd8ec
sandbox, ctr: SELinux fixes
server: fix selinux labels for pod and containers

Signed-off-by: Antonio Murdaca <runcom@redhat.com>

sandbox: set selinux labels from request, not defaults

Signed-off-by: Antonio Murdaca <runcom@redhat.com>

container_create: use sandbox's selinux if container's nil

Signed-off-by: Antonio Murdaca <runcom@redhat.com>

sandbox: correctly init selinux labels

First, we weren't correctly initializing selinux labels. If any of
(level, user, role, type) was missing from kube selinux options, we
were erroring out. This is wrong as kube sends just `level=s0`
sometimes and docker itself allows `--security-opt label=level:s0`.
This patch directly initializes selinux labels, correctly, and adds a
test to verify it.

Signed-off-by: Antonio Murdaca <runcom@redhat.com>

test: testdata: use container_runtime_t selinux type

RHEL SELinux policy doesn't have `container_t` type but we're using it
in our fixtures. That means Fedora integration tests pass because
`container_t` is in Fedora's container policy but RHEL is broken.
Fix it by using `container_runtime_t` which is aliased in Fedora policy
to `container_t`.

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-17 22:40:17 +02:00
Antonio Murdaca
ec42a40936
server: use grpc getters
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-17 10:19:32 +02:00
Antonio Murdaca
c1d158bba4
Makefile: always use vfs to test in container
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-17 10:19:32 +02:00