Commit graph

1222 commits

Author SHA1 Message Date
Mike Brown
7ae5b5fe24 fixes issue with make install on ubuntu
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
2017-01-16 17:01:49 -06:00
Mrunal Patel
2421aba39a Merge pull request #310 from sameo/topic/cc-exec
Fix ExecSync support for runtimes other than runC
2017-01-16 11:41:12 -08:00
Jacek J. Łakis
b034072d6a sandbox_run: Do not run net plugin in host namespace
Signed-off-by: Jacek J. Łakis <jacek.lakis@intel.com>
2017-01-16 16:53:29 +01:00
Samuel Ortiz
ce54c1e5e9
test: Do not hardcode runc specific output
"executable file not found in" is part of a runc
specific output when 'runc exec' fails.
This prevents the execsync failure to pass when running
ocid with other runtimes than runc.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2017-01-14 02:02:45 +01:00
Samuel Ortiz
4c7583b467
oci: Do not call the container runtime from ExecSync
Some OCI container runtimes (in particular the hypervisor
based ones) will typically create a shim process between
the hypervisor and the runtime caller, in order to not
rely on the hypervisor process for e.g. forwarding the
output streams or getting a command exit code.

When executing a command inside a running container those
runtimes will create that shim process and terminate.
Therefore calling and monitoring them directly from
ExecSync() will fail. Instead we need to have a subreaper
calling the runtime and monitoring the shim process.
This change uses conmon as the subreaper from ExecSync(),
monitors the shim process and read the exec'ed command
exit code from the synchronization pipe.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2017-01-14 02:02:43 +01:00
Samuel Ortiz
d60d0ac0c3
conmon: Use conmon for exec'ing a command
Some OCI container runtimes (in particular the hypervisor
based ones) will typically create a shim process between
the hypervisor and the runtime caller, in order to not
rely on the hypervisor process for e.g. forwarding the
output streams or getting a command exit code.

With these runtimes we need to monitor a different process
than the runtime one when executing a command inside a
running container. The natural place to do so is conmon
and thus we add a new option to conmon for calling the
runtime exec command, monitor the PID and then return the
running command exit code through the sync pipe to the
parent.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2017-01-14 02:02:40 +01:00
Samuel Ortiz
468746aa28
conmon: Use the full PID file path
And not a hardcoded "pidfile".

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2017-01-14 02:02:37 +01:00
Samuel Ortiz
9a4a1092fe
conmon: Return the exit status code
waitpid fills its second argument with a value that
contains the process exit code in the 8 least significant
bits. Instead of returning the complete value and then
convert it from ocid, return the exit status directly
by using WEXITSTATUS from conmon.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2017-01-14 02:00:45 +01:00
Mrunal Patel
61e60bfe47 Merge pull request #304 from jawnsy/topics/install-to-usr-local
Install to /usr/local to avoid conflicts with vendor binaries
2017-01-05 15:41:10 -08:00
Pengfei Ni
b4e31a552a Merge pull request #308 from xlgao-zju/remove-sort-by-name
Remove byName in cmd/server/main.go, since urfave/cli#544 has been in.
2017-01-05 17:36:05 +08:00
Xianglin Gao
088c53579a Remove byName in cmd/server/main.go, since urfave/cli#544 has been in.
Signed-off-by: Xianglin Gao <xlgao@zju.edu.cn>
2017-01-05 15:42:22 +08:00
Jonathan Yu
8b63272908
Install to /usr/local to avoid conflicts with vendor binaries
Closes: #300

Signed-off-by: Jonathan Yu <jawnsy@redhat.com>
2017-01-04 21:39:22 -08:00
Pengfei Ni
295cc1ea1a Merge pull request #307 from xlgao-zju/fix-typo
Fix misspell to make go report more happy
2017-01-04 15:45:20 +08:00
Xianglin Gao
ab4a408b66 fix typo to make go report more happy
Signed-off-by: Xianglin Gao <xlgao@zju.edu.cn>
2017-01-04 14:24:11 +08:00
Mrunal Patel
c0e3c08a17 Merge pull request #305 from cyphar/runc-kill-arguments
oci: fix runc kill usage
2017-01-02 09:39:35 -08:00
Aleksa Sarai
da975261e7
oci: fix runc kill usage
In later versions of runC, `runc kill` *requires* the signal parameter
to know what signal needs to be sent.

Signed-off-by: Aleksa Sarai <asarai@suse.com>
2016-12-31 17:01:19 +11:00
Mrunal Patel
6133465e42 Merge pull request #292 from sameo/topic/network-bats
Additional networking tests
2016-12-21 11:20:08 -08:00
Samuel Ortiz
8e1af3668a
test: Fix networking helpers indentation
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2016-12-21 12:26:18 +01:00
Samuel Ortiz
b6455253c2
test: Add host pod ping test
We create a pod with host networking and we try to ping
it from the host.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2016-12-21 12:24:37 +01:00
Samuel Ortiz
5273bef5d2
test: Add a inter pod ping networking test
We create 2 pods in 2 different networking namespace and
we check if we can ping one from the other.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2016-12-21 11:28:33 +01:00
Antonio Murdaca
ac7943c707 Merge pull request #285 from sameo/topic/network-bats
Add Initial networking BATs
2016-12-20 16:49:04 +01:00
Antonio Murdaca
4cfbdb261e Merge pull request #291 from nalind/clearindex
Clear index entries when removing pods or ctrs
2016-12-20 15:22:45 +01:00
Antonio Murdaca
99590fa2eb Merge pull request #290 from nalind/clientsize
Fix client size reporting
2016-12-20 15:22:40 +01:00
Nalin Dahyabhai
d6225894af Clear index entries when removing pods or ctrs
When removing a pod sandbox or container, remove the ID of the item from
the corresponding ID index, so that we can correctly determine if it was
us or another actor that cleaned them up.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2016-12-20 09:06:39 -05:00
Nalin Dahyabhai
5e28e20213 Fix client size reporting
The client size field that we get back when we inspect an image is a
pointer to a number, not just a number, so we need to dereference it for
display.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2016-12-20 09:06:07 -05:00
Samuel Ortiz
b97a57c006
test: Skip networking tests if CNI plugins are missing
If the CNI binaries (bridge and host-local) are not installed,
we skip the tests.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2016-12-20 12:50:23 +01:00
Samuel Ortiz
4c702fb60c
test: Add 2 basic networking tests
We create temporary CNI networking configurations and run 2
functional tests:

- Verify that the networking namespace interface has a valid CIDR
- Ping the networking namespace interface from the host

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2016-12-20 12:50:20 +01:00
Samuel Ortiz
c525459000
main: Add CNI options
We add 2 ocid options for choosing the CNI configuration and plugin
binaries directories: --cni-config-dir and --cni-plugin-dir.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2016-12-20 12:50:17 +01:00
Antonio Murdaca
50a3958e5a Merge pull request #289 from mrunalp/cgroup_config
Add support cgroup config and systemd cgroups
2016-12-20 09:26:07 +01:00
Mrunal Patel
6df58df215 Add support for systemd cgroups
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2016-12-19 16:31:29 -08:00
Mrunal Patel
5eab56e002 Pass cgroup manager to oci runtime manager
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2016-12-19 15:05:32 -08:00
Mrunal Patel
edad8f866d Add configuration for specifying cgroup manager
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2016-12-19 15:04:34 -08:00
Antonio Murdaca
a7190853b6 Merge pull request #210 from nalind/metadata
[WIP] Add utility functions for managing containers and images using containers/storage
2016-12-19 19:12:51 +01:00
Nalin Dahyabhai
4ae8606edf Add storage utility functions
Add an intermediate API layer that uses containers/storage, and a
containers/image that has been patched to use it, to manage images and
containers, storing the data that we need to know about containers and
pods in the metadata fields provided by containers/storage.

While ocid manages pods and containers as different types of items, with
disjoint sets of IDs and names, it remains true that every pod includes
at least one container.  When a container's only purpose is to serve as
a home for namespaces that are shared with the other containers in the
pod, it is referred to as the pod's infrastructure container.

At the storage level, a pod is stored as its set of containers.  We keep
track of both pod IDs and container IDs in the metadata field of
Container objects that the storage library manages for us.  Containers
which bear the same pod ID are members of the pod which has that ID.
Other information about the pod, which ocid needs to remember in order
to answer requests for information about the pod, is also kept in the
metadata field of its member containers.

The container's runtime configuration should be stored in the
container's ContainerDirectory, and used as a template.  Each time the
container is about to be started, its layer should be mounted, that
configuration template should be read, the template's rootfs location
should be replaced with the mountpoint for the container's layer, and
the result should be saved to the container's ContainerRunDirectory,
for use as the configuration for the container.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2016-12-19 11:44:34 -05:00
Nalin Dahyabhai
d45ff58056 Initialize the reexec package
Any binary that will be managing storage needs to initialize the reexec
package in order to be able to apply or read image layers.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2016-12-19 11:44:34 -05:00
Nalin Dahyabhai
9b88295f69 Update containers/storage and containers/image
Update the versions of containers/storage and containers/image, and add
new dependencies that they pull in.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2016-12-19 11:44:34 -05:00
Nalin Dahyabhai
f893e38d6d Add build tags for integration tests
Add the necessary build tags and configuration so that integration tests
can properly build against device mapper and btrfs libraries.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2016-12-19 11:44:32 -05:00
Antonio Murdaca
7e3986e88f Merge pull request #286 from nhlfr/dockerfile-cleanup
Clean apt archives and source directories in Dockerfile
2016-12-19 10:00:40 +01:00
Michal Rostecki
6dc28dc766 Clean apt archives and source directories in Dockerfile
Signed-off-by: Michal Rostecki <michal@kinvolk.io>
2016-12-19 09:48:45 +01:00
Antonio Murdaca
ebc77fedde Merge pull request #284 from mrunalp/fix_cgroups_cfg
Fixup cgroup in test sandbox config
2016-12-16 22:48:57 +01:00
Mrunal Patel
a418ef8dc2 Fixup cgroup in test sandbox config
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2016-12-16 13:33:38 -08:00
Mrunal Patel
b2fbd828e1 Merge pull request #271 from resouer/pod-level-qos
Support pod level qos in cri-o
2016-12-16 13:32:22 -08:00
Mrunal Patel
5a769f72ca Merge pull request #274 from Crazykev/gofmt-check
Enable Gofmt check in CI
2016-12-15 16:57:16 -08:00
Mrunal Patel
6e323e8bc9 Merge pull request #281 from runcom/fix-nil-marshal-grpc
server: mock UpdateRuntimeConfig
2016-12-15 07:28:04 -08:00
Mrunal Patel
8bdf3ce91f Merge pull request #279 from runcom/add-sameo-to-owners
OWNERS: add @sameo
2016-12-15 07:21:25 -08:00
Antonio Murdaca
d157c1427c
server: mock UpdateRuntimeConfig
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-12-15 14:31:42 +01:00
Antonio Murdaca
0ec2d44394
OWNERS: add @sameo
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-12-15 12:18:47 +01:00
Harry Zhang
02dfe877e4 Add container to pod qos cgroup
Signed-off-by: Harry Zhang <harryz@hyper.sh>
2016-12-15 14:42:59 +08:00
Crazykev
eb3990ead9 fix gofmt problem in existing code
Signed-off-by: Crazykev <crazykev@zju.edu.cn>
2016-12-15 14:17:22 +08:00
Crazykev
3fa48e54ff add gofmt verify in CI
Signed-off-by: Crazykev <crazykev@zju.edu.cn>
2016-12-15 14:15:57 +08:00