Commit graph

78 commits

Author SHA1 Message Date
umohnani8
d1aea31786 Follow up changes on secrets patch
Deleted mounts.conf file and moved the secrets mount paths
to a list (default-mounts) in crio.conf

Signed-off-by: umohnani8 <umohnani@redhat.com>
2017-10-12 15:10:07 -04:00
umohnani8
d5b5028cb9 Add secrets patch to crio
Allows the user to define secret paths in /etc/containers/mounts.conf
These are then volume mounted into the container

Signed-off-by: umohnani8 <umohnani@redhat.com>
2017-10-11 20:00:38 -04:00
Daniel J Walsh
680f3a09e1 Merge pull request from edsantiago/parameterize_cni_plugin
Parameterize CRIO_CNI_PLUGIN
2017-10-10 16:55:03 -04:00
Samuel Ortiz
a5e5ccb365 main: Replace -debug with -log-level
Running crio with -debug is very verbose. Having more granularity
on the log level can be useful when e.g. only looking for errors.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2017-10-05 22:53:20 +02:00
Nalin Dahyabhai
2491d38e03 Also refactor setting flags for running kpod
* Remove duplicate definitions of storage-related flags for kpod, since
  we set them in helpers.bash now, and the other locations that were
  also setting it were doing so after loading the definitions in
  helpers.
* Set kpod storage flags after checking if we need to force use of the
  "vfs" storage driver for cri-o, to make sure kpod also ends up with
  the same override if we're using one.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-09-29 16:37:07 -04:00
Daniel J Walsh
e16bb3feb3 Refactor kpod tests
Move kpod tests from kpod.bats to kpod_[commandname].bats
Also make sure all status checks have a echo $output before them.

Signed-off-by: Ryan Cole <rcyoalne@gmail.com>

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

Signed-off-by: umohnani8 <umohnani@redhat.com>
2017-09-29 16:37:07 -04:00
Ed Santiago
b2d347d8cd Parameterize CRIO_CNI_PLUGIN
Allow overriding CRIO_CNI_PLUGIN (default: /opt/cni/bin) and
make sure it gets written to our crio.conf file. This is
intended for running cri-o tests with containernetworking-cni
rpm which installs into /usr/libexec/cni

Signed-off-by: Ed Santiago <santiago@redhat.com>
2017-09-27 14:19:20 -06:00
Mrunal Patel
d47061ac57 test: Add a test for log size max
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-09-25 15:37:55 -07:00
baude
951a943d16 libkpod/image/copy.go: Add pull by short-name
If the user provides kpod pull a short name like 'debian', we
still want the pull to be sucessful.  As such, when a short
name is provided, we get the list of searchable registries via
the systemregistries code in containers-storage.  We then
append a tag of 'latest' (if not provided) and we formulate
a list of possible fully-qualified image names to try.

Vendor update for containers-storage to bring in the system_registries
code.

Also includes a patch from Nalin to fix compilation errors.

Signed-off-by: baude <bbaude@redhat.com>
2017-09-14 08:33:10 -05:00
Antonio Murdaca
b8a6d358e7 Merge pull request from rhatdan/hooks
Add support for running oci-hooks
2017-09-07 19:06:01 +02:00
Antonio Murdaca
5947698818
test: replace bash CNI plugin with a custom bridge
Because we need a working CNI plugin to setup a correct netns so
sandbox_run can grab a working IP address.

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-06 17:14:53 +02:00
Daniel J Walsh
139d0841e8 Add support for oci-hooks to libkpod
Add new directory /etc/crio/hooks.d, where packagers can drop a json config
file to specify a hook.

The json must specify a valid executable to run.
The json must also specify which stage(s) to run the hook:
prestart, poststart, poststop
The json must specify under which criteria the hook should be launched
If the container HasBindMounts
If the container cmd matches a list of regular expressions
If the containers annotations matches a list of regular expressions.
If any of these match the the hook will be launched.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2017-09-05 07:39:31 -04:00
Antonio Murdaca
59ba89d64d
*: fix crictl vendor
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-08-27 10:54:36 +02:00
Antonio Murdaca
49bdd59406
*: initial wire in of crictl from cri-tools
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-08-22 20:14:49 +02:00
Antonio Murdaca
d56bf090ce
*: update kube vendor to v1.7.4
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-08-22 17:32:14 +02:00
Antonio Murdaca
a35727c80b
*: implement additional pull registries
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-08-02 16:38:11 +02:00
Nalin Dahyabhai
4ebcd650e0 Force use of the "vfs" driver when testing on AUFS
Basically none of the clever storage drivers will work when we're on top
of AUFS, so if we find ourselves in that situation when running tests,
default to storage options of "--storage-driver vfs".

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-07-20 17:29:38 -04:00
Mrunal Patel
288415d31d test: Add test for pids limit
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2017-07-11 19:17:48 -07:00
Mrunal Patel
de1cb64ee8 test: Add a test for image volume ignore
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2017-07-10 13:46:14 -07:00
umohnani8
9595d7900e Add kpod version
Signed-off-by: umohnani8 <umohnani@redhat.com>
2017-06-27 16:48:24 -04:00
Andrew Pilloud
e4e982d78a test: hostport network test
Signed-off-by: Andrew Pilloud <andrewpilloud@igneoussystems.com>
2017-06-22 15:46:15 -07:00
Antonio Murdaca
9f68cb4507
server: adhere to CRI for sandbox stop/remove
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-06-15 23:08:30 +02:00
Antonio Murdaca
aa9abdfe40
test: pull just once in integration tests
w/o this patch we were always pulling redis:alpine by digest in each
test.

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-05-26 16:01:31 +02:00
Antonio Murdaca
b4251aebd8
execsync: rewrite to fix a bug in conmon
conmon has many flags that are parsed when it's executed, one of them
is "-c". During PR  where we vendor latest kube master code,
upstream has changed a test to call a "ctr execsync" with a command of
"sh -c commmand ...".
Turns out:

a) conmon has a "-c" flag which refers to the container name/id
b) the exec command has a "-c" flags but it's for "sh"

That leads to conmon parsing the second "-c" flags from the exec
command causing an error. The executed command looks like:

conmon -c [..other flags..] CONTAINERID -e sh -c echo hello world

This patch rewrites the exec sync code to not pass down to conmon the
exec command via command line. Rather, we're now creating an OCI runtime
process spec in a temp file, pass _the path_ down to conmon, and have
runc exec the command using "runc exec --process
/path/to/process-spec.json CONTAINERID". This is far better in which we
don't need to bother anymore about conflicts with flags in conmon.

Added and fixed some tests also.

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-05-25 22:36:33 +02:00
Mrunal Patel
f64032483e test: Ensure image for testing oom is present
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-05-25 11:30:58 -07:00
Antonio Murdaca
d099e3a988
server: container_status: we should return digested references in imageRef
currently blocked on
https://github.com/kubernetes-incubator/cri-o/issues/531

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-05-22 16:37:46 +02:00
Antonio Murdaca
4dcf33581c
test: add CGROUP_MANAGER env to switch to systemd
default is still cgroupfs

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-05-18 17:39:49 +02:00
Mrunal Patel
5e4809bdfe Fix remnants of ocid -> crio rename
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-05-15 15:05:58 -07:00
Dan Walsh
4493b6f176 Rename ocid to crio.
The ocid project was renamed to CRI-O, months ago, it is time that we moved
all of the code to the new name.  We want to elminate the name ocid from use.
Move fully to crio.

Also cric is being renamed to crioctl for the time being.

Signed-off-by: Dan Walsh <dwalsh@redhat.com>
2017-05-12 09:56:06 -04:00
Dan Williams
13f6e95685 sandbox: pass correct pod Namespace/Name to network plugins and fix id/name ordering
Two issues:
1) pod Namespace was always set to "", which prevents plugins from figuring out
what the actual pod is, and from getting more info about that pod from the
runtime via out-of-band mechanisms

2) the pod Name and ID arguments were switched, further preventing 

Signed-off-by: Dan Williams <dcbw@redhat.com>
2017-05-05 23:55:37 -05:00
Antonio Murdaca
715785950c
test: use redis:alpine
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-05-05 16:31:48 +02:00
Antonio Murdaca
5dd2e10028 Merge pull request from runcom/storage-tests
test: make storage configurable via env
2017-04-21 16:59:20 +02:00
Antonio Murdaca
7985f7ad81
test: fix bats dealing with std* streams
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-04-21 13:42:59 +02:00
Antonio Murdaca
83e1de71dd
test: make storage configurable via env
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-04-21 12:29:39 +02:00
Samuel Ortiz
07ccda3395 tests: Install CNI configuration files by default
Since we no longer fall back to the noop plugin when
CNI configuration files are missing, and since the default
sandbox_config.json test file is running without host
networking, we must install the bridge and loopback
configuration files by default for tests to pass.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2017-04-10 17:36:34 +02:00
Aleksa Sarai
65527da361
test: add logging tests
The main purpose of these tests is to make sure that the log actually
contains output from the container. We don't test the timestamps or the
stream that's stated at the moment.

Signed-off-by: Aleksa Sarai <asarai@suse.de>
2017-04-05 02:45:58 +10:00
Aleksa Sarai
0d7147ff5c
make: revert switch to 'go install'
go install acts incredibly weirdly and rarely does what you want, not to
mention that it's just bad for distribution build setups. Switch back to
go build, which works properly and doesn't have half as many issues.

Fixes: 6c9628cdb1 ("Build and install from GOPATH")
Signed-off-by: Aleksa Sarai <asarai@suse.de>
2017-02-17 03:22:12 +11:00
Nalin Dahyabhai
ff5c485e7f Make sure we don't read a host ocid.conf in tests
When generating an ocid.conf for use when running tests, make sure we
don't pick up any defaults from an installed copy of ocid by forcing our
copy to read /dev/null as its configuration file.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-02-03 17:19:29 -05:00
Nalin Dahyabhai
5a89d5381d Wait when restarting ocid during tests
When we restart ocid as part of a test, wait for the daemon to exit when
we send it a SIGTERM, just as we do when we try to stop it for good.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-02-03 17:18:26 -05:00
Antonio Murdaca
2202c1a460
storage: fix image retrieval by id
kubelet sends a request to create a container with an image ID (as
opposed as an image name). That ID comes from the ImageStatus response.
This patch fixes that by setting the image ID as well as the image name
and fix the login to lookup for image ID as well.

Found while running `make test-e2e-node`.

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-01-31 16:32:30 +01:00
Samuel Ortiz
5f0238032f
test: Specify alternate container runtime
When running integration tests on the host, we can now specify
an alternate runtime by setting the RUNTIME variable. For example:

make localintegration RUNTIME=cc-oci-runtime

to use Clear Containers instead of runC.

Obviously, runC is still the default.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2017-01-26 23:21:09 +01:00
Nalin Dahyabhai
ebe86effe2 Pass --signature-policy to copyimg
When calling copyimg to pull down an image in the integration tests,
don't forget to pass in the test signature policy.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-01-26 14:01:47 +01:00
Antonio Murdaca
25d40b6927
test: use checkseccomp to test if seccomp is supported
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-01-19 18:51:47 +01:00
Antonio Murdaca
f1f5c635d2
test: change location of the test image
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-01-19 18:51:47 +01:00
Nalin Dahyabhai
aeea656581 Limit implicit image pulling to the pause image
The CRI doesn't expect us to implicitly pull an image if it isn't
already present before we're asked to use it to create a container, and
the tests no longer depend on us doing so, either.

Limit the logic which attempts to pull an image, if it isn't present, to
only pulling the configured "pause" image, since our use of that image
for running pod sandboxes is an implementation detail that our clients
can't be expected to know or care about.  Include the name of the image
that we didn't pull in the error we return when we don't pull one.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-01-18 10:23:30 -05:00
Nalin Dahyabhai
925806b8fa Add and use copyimg for caching images for tests
Add a basic tool for copying images from one location to another,
optionally adding a name if it's to local storage.  Ideally we could use
skopeo for this, but we don't want to build it.

Use it to initially populate the test/testdata/redis-image directory, if
it's not been cleaned out, with a copy of "docker://redis:latest", and
to copy it in to the storage that ocid is using before we start up ocid.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-01-18 10:23:30 -05:00
Nalin Dahyabhai
636d5d8e9a Add and use bin2img for creating images for tests
Add tests which exercise image pulling, listing, and removal.  When running
tests, prepopulate the store with an image with the default infrastructure
container's name, using the locally-built "pause" binary, so that tests won't
have to pull it down from the network.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-01-18 10:23:30 -05:00
Nalin Dahyabhai
c0333b102b Integrate containers/storage
Use containers/storage to store images, pod sandboxes, and containers.
A pod sandbox's infrastructure container has the same ID as the pod to
which it belongs, and all containers also keep track of their pod's ID.

The container configuration that we build using the data in a
CreateContainerRequest is stored in the container's ContainerDirectory
and ContainerRunDirectory.

We catch SIGTERM and SIGINT, and when we receive either, we gracefully
exit the grpc loop.  If we also think that there aren't any container
filesystems in use, we attempt to do a clean shutdown of the storage
driver.

The test harness now waits for ocid to exit before attempting to delete
the storage root directory.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-01-18 10:23:30 -05:00
Antonio Murdaca
00e6832715 Merge pull request from jawnsy/build-with-go-install
Build with go install
2017-01-18 00:06:13 +01:00
Mrunal Patel
e785e3e07f Remove host ping test
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2017-01-17 13:43:23 -08:00