Commit graph

1536 commits

Author SHA1 Message Date
Ryan Cole
3ddf2efae2 Refactor server sandbox
Make sandbox struct and it methods public, and add accessor methods
for the struct fields

Signed-off-by: Ryan Cole <rcyoalne@gmail.com>
2017-07-19 08:53:45 -04:00
Daniel J Walsh
23c66c7bdf We need to support the name cri-o and crio for rpm and systemd
Adding these aliases will make it easier for users who forget to
use crio or cri-o.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2017-07-19 07:29:36 -04:00
Antonio Murdaca
a82cc428a9 Merge pull request #664 from 14rcole/libkpod-containerserver
Decouple kubernetes-dependent and non-dependent parts of server
2017-07-19 13:29:26 +02:00
CuiHaozhi
8c3950ad6d kpod images --digests output align
Signed-off-by: CuiHaozhi <cuihz@wise2c.com>
2017-07-18 23:07:29 -04:00
Ryan Cole
64ad902480 Decouple kubernetes-dependent an non-dependent parts of server
Move non-kubernetes-dependent portions of server struct to libkpod.
So far, only the struct fields have been moved and not their dependent
functions

Signed-off-by: Ryan Cole <rcyoalne@gmail.com>
2017-07-18 14:23:50 -04:00
Mrunal Patel
2b18d58d60 Merge pull request #666 from tklauser/seccomp-x-sys-unix
Use Prctl() and associated constants from x/sys/unix
2017-07-18 09:58:40 -07:00
Antonio Murdaca
4d6ff0b414 Merge pull request #665 from 14rcole/imagespec-removal
Remove ImageSpec dependency from server
2017-07-18 16:54:11 +02:00
Tobias Klauser
92a51af7ba seccomp: use Prctl() from x/sys/unix
Use unix.Prctl() instead of manually reimplementing it using
unix.RawSyscall. Also use unix.SECCOMP_MODE_FILTER instead of locally
defining it.

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-07-18 15:34:23 +02:00
Tobias Klauser
642f2bb70e vendor: update golang.org/x/sys
Update golang.org/x/sys to get newly added functions and constants which
will be used in successive commits.

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-07-18 15:31:00 +02:00
Antonio Murdaca
e659280298 Merge pull request #652 from vbatts/kpod_info
kpod: info subcommand
2017-07-18 09:58:49 +02:00
Ryan Cole
f3efb850b7 Remove ImageSpec dependency from server
Signed-off-by: Ryan Cole <rcyoalne@gmail.com>
2017-07-17 16:21:56 -04:00
ab36ad50be
kpod: info subcommand
Design: The output of the `info` subcommand ought to be directly
consumable in a format like JSON or yaml.
The structure being a map of sorts.

Each subsection of information being an individual cluster under the
top-level, like platform info, debug, storage, etc.

Even if there are errors under the top level key, the value will be a
map with the key of "error" and the value as the message of the
`err.Error()`. In this way, the command always returns usable output.

Ideally there will be a means for anything that can register info to do
so independently from it being in the single info.go, so this approach
is having a typed signature for the function that gives info, but i'm
sure it could be better.

Current iteration of this outputs the following as a limited user:

```yaml
host:
  MemFree: 711307264
  MemTotal: 2096222208
  SwapFree: 2147479552
  SwapTotal: 2147479552
  arch: amd64
  cpus: 1
  os: linux
store:
  error: 'mkdir /var/run/containers/storage: permission denied'

```

and as root (`sudo kpod info -D`):

```yaml
debug:
  compiler: gc
  go version: go1.7.6
  goroutines: 3
host:
  MemFree: 717795328
  MemTotal: 2096222208
  SwapFree: 2147479552
  SwapTotal: 2147479552
  arch: amd64
  cpus: 1
  os: linux
store:
  ContainerStore:
    number: 1
  GraphDriverName: overlay2
  GraphRoot: /var/lib/containers/storage
  ImageStore:
    number: 1
```

And with the `--json --debug` flag:

```json
{
  "debug": {
    "compiler": "gc",
    "go version": "go1.7.6",
    "goroutines": 3
  },
  "host": {
    "MemFree": 709402624,
    "MemTotal": 2096222208,
    "SwapFree": 2147479552,
    "SwapTotal": 2147479552,
    "arch": "amd64",
    "cpus": 1,
    "os": "linux"
  },
  "store": {
    "ContainerStore": {
      "number": 1
    },
    "GraphDriverName": "overlay2",
    "GraphRoot": "/var/lib/containers/storage",
    "ImageStore": {
      "number": 1
    }
  }
}
```

Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>
2017-07-17 14:23:53 -04:00
Mrunal Patel
3f70873aab Merge pull request #662 from rhatdan/master
Make the README.md more useful in links to man page documentation
2017-07-17 11:03:34 -07:00
Mrunal Patel
2fcc6d574b Merge pull request #663 from runcom/fix-arch-goos
oci: fix type mismatch on some platform/arch
2017-07-17 09:55:22 -07:00
Daniel J Walsh
d43e67ad00 Make the README.md more useful in links to man page documentation
This patch will allow people who go to the github page to easily read
man pages.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2017-07-17 16:52:14 +00:00
Antonio Murdaca
47ea873253
oci: fix type mismatch on some platform/arch
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-07-17 15:31:19 +02:00
Mrunal Patel
db310e9641 Merge pull request #661 from rhatdan/launch
Remove kpod launch example code
2017-07-15 06:30:30 -07:00
Daniel J Walsh
0bd5f6cebc Remove kpod launch example code
We now have actual kpod code, so no reason to have a not implemented feature.
Especially when we don't intend to create kpod launch.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2017-07-15 06:54:41 -04:00
Antonio Murdaca
73c5285260 Merge pull request #658 from mheon/lock_to_interface
Replace sync.Mutex with sync.Locker to allow different locks
2017-07-15 10:48:12 +02:00
Antonio Murdaca
f16113a627 Merge pull request #660 from mrunalp/volumes_bind
Add ImagesVolumesBind option
2017-07-15 10:47:10 +02:00
Mrunal Patel
fa5a3a04e0 test: Add a test for image volumes bind mount option
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-07-14 16:57:38 -07:00
Mrunal Patel
d02828e8a6 Support ImageVolumesBind when container is created
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-07-14 16:51:52 -07:00
Mrunal Patel
7443263bd6 Add config for ImageVolumesBind option
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-07-14 15:31:50 -07:00
Matthew Heon
a3c95bf903 Change opLock mutex for containers to sync.Locker
Signed-off-by: Matthew Heon <mheon@redhat.com>
2017-07-14 17:09:08 -04:00
Matthew Heon
4086f2bc37 Replace sync.Mutex with sync.Locker to allow different locks
Signed-off-by: Matthew Heon <mheon@redhat.com>
2017-07-14 16:27:12 -04:00
Mrunal Patel
96ebf829c9 Merge pull request #656 from 14rcole/vendor-image
Update vendor for containers/image
2017-07-14 07:19:14 -07:00
Ryan Cole
f15c13efac Update vendor for containers/image
Update the vendored commit for containers/image, because the previous
version did not include the function ListNames() in transports

Signed-off-by: Ryan Cole <rcyoalne@gmail.com>
2017-07-14 09:39:13 -04:00
Antonio Murdaca
fa25b381b1 Merge pull request #649 from umohnani8/main
Remove repeated app.Flags in cmd/kpod/main.go
2017-07-12 20:28:51 +02:00
umohnani8
f9b9f92d3f Remove repeated app.Flags in cmd/kpod/main.go
Signed-off-by: umohnani8 <umohnani@redhat.com>
2017-07-12 11:59:45 -04:00
Antonio Murdaca
17584facf0 Merge pull request #641 from mrunalp/pids_limit
Pids limit
2017-07-12 12:39:54 +02:00
Antonio Murdaca
f7206aa86d Merge pull request #647 from mrunalp/rename_to_crio
Rename remnants of ocid to crio
2017-07-12 12:38:28 +02:00
Antonio Murdaca
dd53f5e6bb Merge pull request #635 from tklauser/syscall-to-x-sys-unix
all: Switch from package syscall to golang.org/x/sys/unix
2017-07-12 12:37:11 +02:00
Tobias Klauser
822172a892 all: Switch from package syscall to golang.org/x/sys/unix
The syscall package is locked down and the comment in [1] advises to
switch code to use the corresponding package from golang.org/x/sys. Do
so and replace usage of package syscall where possible (leave
syscall.SysProcAttr and syscall.Stat_t).

  [1] https://github.com/golang/go/blob/master/src/syscall/syscall.go#L21-L24

This will also allow to get updates and fixes just by re-vendoring
golang.org/x/sys/unix instead of having to update to a new go version.

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-07-12 08:18:55 +02:00
Mrunal Patel
288415d31d test: Add test for pids limit
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2017-07-11 19:17:48 -07:00
Mrunal Patel
ed9d49f247 container: Add cgroup mount for introspection
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2017-07-11 19:17:48 -07:00
Mrunal Patel
c58bcc4ccf docs: Document pids limit for crio
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2017-07-11 19:17:41 -07:00
Mrunal Patel
c9edee9af2 Merge pull request #606 from 14rcole/kpod-image
Add 'kpod images' and 'kpod rmi' commands
2017-07-11 16:21:02 -07:00
Mrunal Patel
6b543be50b Rename remnants of ocid to crio
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2017-07-11 16:19:18 -07:00
Mrunal Patel
e49dd34657 Add support for container pids limit
We add a daemon level setting and will add a container
override once it is supported in CRI.

Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2017-07-11 14:59:52 -07:00
Ryan Cole
a040f20a76 Add 'kpod images' and 'kpod rmi' commands
'kpod images' lists all images on a system.  'kpod rmi' removes
one or more images from a system.  The images will not be removed
if they are associated with a running container, unless the -f
option is used

Signed-off-by: Ryan Cole <rcyoalne@gmail.com>
2017-07-11 15:52:57 -04:00
Mrunal Patel
7fb772b7d1 Merge pull request #638 from umohnani8/kpod_pull
Add 'kpod pull' command
2017-07-11 12:23:01 -07:00
Mrunal Patel
d270de78c4 Merge pull request #645 from vbatts/kpod-version-failsafe
kpod: version should not fail
2017-07-11 07:30:15 -07:00
umohnani8
ac9b53266d Add 'kpod pull' command
Signed-off-by: umohnani8 <umohnani@redhat.com>
2017-07-11 09:05:17 -04:00
Mrunal Patel
e949508b17 Merge pull request #644 from umohnani8/man
Man pages were being created empty
2017-07-10 16:01:36 -07:00
Antonio Murdaca
6f75a27d96 Merge pull request #637 from mrunalp/image_volumes
Image volumes
2017-07-10 23:40:00 +02:00
umohnani8
26126085eb Man pages were being created empty
This patch causes the man pages to be created with the correct content.

Signed-off-by: umohnani8 <umohnani@redhat.com>
2017-07-10 17:20:42 -04:00
55d526e213
kpod: version should not fail
even when the variables are not provided at compile, the `kpod version`
command ought not fail.

Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>
2017-07-10 17:02:13 -04:00
Mrunal Patel
c85be90e1b docs: Document image volumes option in man pages
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2017-07-10 13:46:14 -07:00
Mrunal Patel
de1cb64ee8 test: Add a test for image volume ignore
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2017-07-10 13:46:14 -07:00
Mrunal Patel
d40883d88c container: Use ImageVolumes setting at container creation
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2017-07-10 13:46:14 -07:00