Use the same build tags for bin2img and copyimg that we use for ocid,
and improve detection of the case where we need to use the
"libdm_no_deferred_remove" tag.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
kubelet sends a request to create a container with an image ID (as
opposed as an image name). That ID comes from the ImageStatus response.
This patch fixes that by setting the image ID as well as the image name
and fix the login to lookup for image ID as well.
Found while running `make test-e2e-node`.
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
Document the alternate runtime selection when running integratiom
tests on the host, and at the same time rganize the file a little
better.
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
When running integration tests on the host, we can now specify
an alternate runtime by setting the RUNTIME variable. For example:
make localintegration RUNTIME=cc-oci-runtime
to use Clear Containers instead of runC.
Obviously, runC is still the default.
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
When calling copyimg to pull down an image in the integration tests,
don't forget to pass in the test signature policy.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
We usually specify MCS Labels as comma separated pair.
Finally if we run two different containers we want them on different
MCS labels.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Previously ocicni did not have support for setting the plugin directory.
Now that it has grown support for it, use it to actually respect the
setting a user has provided for ocid.network.* options.
Signed-off-by: Aleksa Sarai <asarai@suse.de>
In multiple places, we've been assuming that we can invoke binaries that
we install as $GOPATH/bin/$binary. This doesn't work in cases where
$GOPATH is a list.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
The CRI doesn't expect us to implicitly pull an image if it isn't
already present before we're asked to use it to create a container, and
the tests no longer depend on us doing so, either.
Limit the logic which attempts to pull an image, if it isn't present, to
only pulling the configured "pause" image, since our use of that image
for running pod sandboxes is an implementation detail that our clients
can't be expected to know or care about. Include the name of the image
that we didn't pull in the error we return when we don't pull one.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Add a basic tool for copying images from one location to another,
optionally adding a name if it's to local storage. Ideally we could use
skopeo for this, but we don't want to build it.
Use it to initially populate the test/testdata/redis-image directory, if
it's not been cleaned out, with a copy of "docker://redis:latest", and
to copy it in to the storage that ocid is using before we start up ocid.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Add tests which exercise image pulling, listing, and removal. When running
tests, prepopulate the store with an image with the default infrastructure
container's name, using the locally-built "pause" binary, so that tests won't
have to pull it down from the network.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Use containers/storage to store images, pod sandboxes, and containers.
A pod sandbox's infrastructure container has the same ID as the pod to
which it belongs, and all containers also keep track of their pod's ID.
The container configuration that we build using the data in a
CreateContainerRequest is stored in the container's ContainerDirectory
and ContainerRunDirectory.
We catch SIGTERM and SIGINT, and when we receive either, we gracefully
exit the grpc loop. If we also think that there aren't any container
filesystems in use, we attempt to do a clean shutdown of the storage
driver.
The test harness now waits for ocid to exit before attempting to delete
the storage root directory.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Vendor updated containers/image and containers/storage, along
with any new dependencies they drag in, and updated versions of other
dependencies that happen to get pulled in.
github.com/coreos/go-systemd/daemon/SdNotify() now takes a boolean to
control whether or not it unsets the NOTIFY_SOCKET variable from the
calling process's environment. Adapt.
github.com/opencontainers/runtime-tools/generate/Generator.AddProcessEnv()
now takes the environment variable name and value as two arguments, not
one. Adapt.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
