Commit graph

39 commits

Author SHA1 Message Date
Antonio Murdaca
2202c1a460
storage: fix image retrieval by id
kubelet sends a request to create a container with an image ID (as
opposed as an image name). That ID comes from the ImageStatus response.
This patch fixes that by setting the image ID as well as the image name
and fix the login to lookup for image ID as well.

Found while running `make test-e2e-node`.

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-01-31 16:32:30 +01:00
Samuel Ortiz
5f0238032f
test: Specify alternate container runtime
When running integration tests on the host, we can now specify
an alternate runtime by setting the RUNTIME variable. For example:

make localintegration RUNTIME=cc-oci-runtime

to use Clear Containers instead of runC.

Obviously, runC is still the default.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2017-01-26 23:21:09 +01:00
Nalin Dahyabhai
ebe86effe2 Pass --signature-policy to copyimg
When calling copyimg to pull down an image in the integration tests,
don't forget to pass in the test signature policy.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-01-26 14:01:47 +01:00
Antonio Murdaca
25d40b6927
test: use checkseccomp to test if seccomp is supported
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-01-19 18:51:47 +01:00
Antonio Murdaca
f1f5c635d2
test: change location of the test image
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-01-19 18:51:47 +01:00
Nalin Dahyabhai
aeea656581 Limit implicit image pulling to the pause image
The CRI doesn't expect us to implicitly pull an image if it isn't
already present before we're asked to use it to create a container, and
the tests no longer depend on us doing so, either.

Limit the logic which attempts to pull an image, if it isn't present, to
only pulling the configured "pause" image, since our use of that image
for running pod sandboxes is an implementation detail that our clients
can't be expected to know or care about.  Include the name of the image
that we didn't pull in the error we return when we don't pull one.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-01-18 10:23:30 -05:00
Nalin Dahyabhai
925806b8fa Add and use copyimg for caching images for tests
Add a basic tool for copying images from one location to another,
optionally adding a name if it's to local storage.  Ideally we could use
skopeo for this, but we don't want to build it.

Use it to initially populate the test/testdata/redis-image directory, if
it's not been cleaned out, with a copy of "docker://redis:latest", and
to copy it in to the storage that ocid is using before we start up ocid.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-01-18 10:23:30 -05:00
Nalin Dahyabhai
636d5d8e9a Add and use bin2img for creating images for tests
Add tests which exercise image pulling, listing, and removal.  When running
tests, prepopulate the store with an image with the default infrastructure
container's name, using the locally-built "pause" binary, so that tests won't
have to pull it down from the network.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-01-18 10:23:30 -05:00
Nalin Dahyabhai
c0333b102b Integrate containers/storage
Use containers/storage to store images, pod sandboxes, and containers.
A pod sandbox's infrastructure container has the same ID as the pod to
which it belongs, and all containers also keep track of their pod's ID.

The container configuration that we build using the data in a
CreateContainerRequest is stored in the container's ContainerDirectory
and ContainerRunDirectory.

We catch SIGTERM and SIGINT, and when we receive either, we gracefully
exit the grpc loop.  If we also think that there aren't any container
filesystems in use, we attempt to do a clean shutdown of the storage
driver.

The test harness now waits for ocid to exit before attempting to delete
the storage root directory.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-01-18 10:23:30 -05:00
Antonio Murdaca
00e6832715 Merge pull request #320 from jawnsy/build-with-go-install
Build with go install
2017-01-18 00:06:13 +01:00
Mrunal Patel
e785e3e07f Remove host ping test
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2017-01-17 13:43:23 -08:00
Jonathan Yu
6c9628cdb1
Build and install from GOPATH
* Rename 'vendor/src' -> 'vendor'
  * Ignore vendor/ instead of vendor/src/ for lint
* Rename 'cmd/client' -> 'cmd/ocic' to make it 'go install'able
* Rename 'cmd/server' -> 'cmd/ocid' to make it 'go install'able
* Update Makefile to build and install from GOPATH
* Update tests to locate ocid/ocic in GOPATH/bin
* Search for binaries in GOPATH/bin instead of PATH
* Install tools using `go get -u`, so they are updated on each run

Signed-off-by: Jonathan Yu <jawnsy@redhat.com>
2017-01-17 12:09:09 -08:00
Samuel Ortiz
8e1af3668a
test: Fix networking helpers indentation
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2016-12-21 12:26:18 +01:00
Samuel Ortiz
b6455253c2
test: Add host pod ping test
We create a pod with host networking and we try to ping
it from the host.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2016-12-21 12:24:37 +01:00
Samuel Ortiz
5273bef5d2
test: Add a inter pod ping networking test
We create 2 pods in 2 different networking namespace and
we check if we can ping one from the other.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2016-12-21 11:28:33 +01:00
Samuel Ortiz
b97a57c006
test: Skip networking tests if CNI plugins are missing
If the CNI binaries (bridge and host-local) are not installed,
we skip the tests.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2016-12-20 12:50:23 +01:00
Samuel Ortiz
4c702fb60c
test: Add 2 basic networking tests
We create temporary CNI networking configurations and run 2
functional tests:

- Verify that the networking namespace interface has a valid CIDR
- Ping the networking namespace interface from the host

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2016-12-20 12:50:20 +01:00
Antonio Murdaca
4bb0830c37 Merge pull request #239 from xlgao-zju/reload-apparmor-profile
reload default apparmor profile if it is unloaded
2016-12-13 11:10:26 +01:00
Antonio Murdaca
f22dc5244f
test: add restart ocid with pod stopped test
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-12-09 11:56:25 +01:00
Xianglin Gao
cb5ed1ce9d reload default apparmor profile if it is unloaded
Signed-off-by: Xianglin Gao <xlgao@zju.edu.cn>
2016-12-07 20:19:29 +08:00
Antonio Murdaca
15f23bc6ac
test: fix apparmor detection
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-12-06 12:10:32 +01:00
Xianglin Gao
4f323377ee add apparmor build tag and update readme
Signed-off-by: Xianglin Gao <xlgao@zju.edu.cn>
2016-12-06 11:51:15 +08:00
Xianglin Gao
bec3c3e2aa add test cases
Signed-off-by: Xianglin Gao <xlgao@zju.edu.cn>
2016-12-01 21:42:13 +08:00
Antonio Murdaca
78ee03a8fc
add seccomp support
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-11-28 22:05:34 +01:00
Dan Walsh
488216f57b Make sure selinuxenabled exists before executing it
Signed-off-by: Dan Walsh <dwalsh@redhat.com>
2016-10-17 08:48:14 -04:00
Dan Walsh
04807d586a Setup proper labeling for running test with selinux
The rootfs that gets created needs to have an SELinux label that containers
can write to.  Until they get native storage support, this patch will
force the entire storage pool to be labeled in such a way that confined
containers can read/write/execute the content.

Signed-off-by: Dan Walsh <dwalsh@redhat.com>
2016-10-14 17:29:20 -04:00
Aleksa Sarai
9fb23bf0dc
ocid: add config subcommand
This subcommand is so that users can get a nice commented version of the
ocid configuration file. This comes from the "current" version of the
configuration (allowing somone to get their custom configuration as a
file). It also has a --default option.

In addition, update the tests to use `ocid config` so that we test this
setup (the loading and saving of the options).

Signed-off-by: Aleksa Sarai <asarai@suse.de>
2016-10-11 21:21:58 +11:00
Aleksa Sarai
3f48986ea0
cmd: switch to --connect and --listen flags
Signed-off-by: Aleksa Sarai <asarai@suse.de>
2016-10-11 03:09:59 +11:00
Antonio Murdaca
9b72f29b72
fixups for tests
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-10-08 14:57:45 +02:00
Antonio Murdaca
e0364ec633
add containers restore test
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-10-08 14:46:39 +02:00
Aleksa Sarai
bac579a9e5
server: create pause rootfs manually without Docker
This lessens the Docker requirement for creating sandboxes (with the
requirement only existing for the actual image pulling that is done when
adding a container to a pod). The interface was chosen to match the
--conmon interface, so that the location of the pause binary can be
chosen by a user.

Signed-off-by: Aleksa Sarai <asarai@suse.de>
2016-10-02 20:11:07 +11:00
Dan Walsh
f51c98b057 Install conmon in /usr/libexec/ocid/conmon
Signed-off-by: Dan Walsh <dwalsh@redhat.com>
2016-09-29 08:55:12 -04:00
Mrunal Patel
189b642908 Remove unnecessary sleep from tests
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-09-28 12:16:10 -07:00
Antonio Murdaca
77c40487de
test: suggests sudo make localintegration
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-09-27 14:23:07 +02:00
Antonio Murdaca
ab8b65b09e
test: cleanup pods at test teardown
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-09-27 10:46:50 +02:00
Antonio Murdaca
3ddf3f21c1
test: fix and add tests
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-09-27 10:42:53 +02:00
Mrunal Patel
4606f2a61a Fix the build for ocid to cri-o rename
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-09-26 16:55:12 -07:00
Antonio Murdaca
aebd365cf4
test: tweak halpers
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-09-24 00:38:06 +02:00
Antonio Murdaca
5fb0252fd2
add tests skeleton
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-09-24 00:37:07 +02:00