In order to get systemd socket passing to work properly
the listen PID needs to match the process ID of the OCI runtime.
This match modifies the LISTEN_PID if it is set to the new runtime.
conmon will check that the LISTEN_PID the pid that conmon is running as and
will ignore it if they are different. But, if the caller specifies the
--replace-listen-pid flag, then the LISTEN_PID/LISTEN_FDS will always be used.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
and forward them to the watched process. A side effect is that we can
correctly invoke the exit command if conmon receives them.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
We've been seeing conflicts with other CNI consumers where
CRI-O's configuration files are causing the CNI plugins to fail
to start because their versions are too low. Upgrading the plugin
versions should resolve this conflict, and not cause any adverse
effect to a typical CRI-O install.
Signed-off-by: Matthew Heon <mheon@redhat.com>
Avoid:
$ make clean && make CFLAGS='-Wpedantic' cmsg.o 2>&1 | head -n5
rm -f conmon.o cmsg.o ../bin/conmon
cc -Wpedantic -std=c99 -Os -Wall -Wextra -I/usr/include/glib-2.0 -I/usr/lib64/glib-2.0/include -c -o cmsg.o cmsg.c
cmsg.c: In function ‘recvfd’:
cmsg.c:30:2: warning: ISO C forbids braced-groups within expressions [-Wpedantic]
({ \
^
Signed-off-by: W. Trevor King <wking@tremily.us>
Avoid:
$ make clean && make CFLAGS=-Wpedantic 2>&1 | head -n5
rm -f conmon.o cmsg.o ../bin/conmon
cc -Wpedantic -std=c99 -Os -Wall -Wextra -I/usr/include/glib-2.0 -I/usr/lib64/glib-2.0/include -c -o conmon.o conmon.c
conmon.c: In function ‘write_k8s_log’:
conmon.c:32:19: warning: ISO C does not support the ‘%m’ gnu_printf format [-Wformat=]
fprintf(stderr, "[conmon:e]: %s %m\n", s); \
^
from printf(3) [1]:
m (Glibc extension; supported by uClibc and musl.) Print output of
strerror(errno). No argument is required.
strerror, on the other hand, is in POSIX [2].
[1]: http://man7.org/linux/man-pages/man3/printf.3.html
[2]: http://pubs.opengroup.org/onlinepubs/9699919799/functions/strerror.html
Signed-off-by: W. Trevor King <wking@tremily.us>
Avoid:
$ make clean && make CFLAGS=-Wpedantic 2>&1 | head -n 5
rm -f conmon.o cmsg.o ../bin/conmon
cc -Wpedantic -std=c99 -Os -Wall -Wextra -I/usr/include/glib-2.0 -I/usr/lib64/glib-2.0/include -c -o conmon.o conmon.c
conmon.c: In function ‘write_k8s_log’:
conmon.c:342:33: warning: ISO C99 requires at least one argument for the "..." in a variadic macro
ninfo("Creating new log file");
^
by distinguishing between calls with and without user-supplied
formatting.
Also remove some user-supplied newlines from the following
* nwarn for "Could not find newline in entire buffer"
* ninfo for "Got ctl message..."
* ninfo for "container %d exited with status..."
* nexitf for "Failed to write %s to exit file..."
because the macros add their own trailing newlines.
Also drop some redundant user-specified strerror() arguments from the
following:
* pexit for "Failed to open log file..."
* pexit for "Runtime path %s is not valid..."
because the pexit* macros add strerror on their own.
Signed-off-by: W. Trevor King <wking@tremily.us>
CRI-O works well with runc when stopping a container because as soon
as the container process returns, it can consider every container
resources such as its rootfs as being freed, and it can proceed
further by unmounting it.
But in case of virtualized runtime such as Clear Containers or Kata
Containers, the same rootfs is being mounted into the VM, usually as
a device being hotplugged. This means the runtime will need to be
triggered after the container process has returned. Particularly,
such runtimes should expect a call into "state" in order to realize
the container process is not running anymore, and it would trigger
the container to be officially stopped, proceeding to the necessary
unmounts.
The way this can be done from CRI-O, without impacting the case of
runc, is to explicitly wait for the container status to be updated
into "stopped" after the container process has returned. This way
CRI-O will call into "state" as long as it cannot see the container
status being updated properly, generating an error after a timeout.
Both PollUpdateStatusStopped() and WaitContainerStateStopped() make
use of go routines in order to support a timeout definition. They
follow the waitContainerStop() approach with chControl.
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
Some steps are now being run with Go tip and not in all the different versions,
there were also moved to their own block so they will fail fast and in the mean
time the unit test for the different versions can start.
Also, "make docs" was removed because it's already being done by "make" without
any argument.
Fixes#1400.
Signed-off-by: Álex González <agonzalezro@gmail.com>
If the pid namespace mode is set to POD, then the container's namespace
should be set to the namespace of the pod infra container.
Signed-off-by: umohnani8 <umohnani@redhat.com>
When the image name is resolved with the registries from crio.conf only
the resolved name with the first registry is passed to create_container
eventhough there are more registries in the crio.conf file.
Fix this to try the resolved image names with all the registries given in the conf file.
Signed-off-by: umohnani8 <umohnani@redhat.com>
These changes allow for the container's pid namespace to be set to the same
as the pod infra container's namespace if the pid namespace mode is set to POD
Signed-off-by: umohnani8 <umohnani@redhat.com>
