Commit graph

2001 commits

Author SHA1 Message Date
Daniel J Walsh
51b2254742 Tell oci-umount where to remove mountpoints inside container
This patch set add crio-umount.conf file which tells oci-umount plugin
to look for leaked mount points in /var/lib/containers/storage/* and
/var/run/containers/*

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2017-09-25 15:21:17 -04:00
Antonio Murdaca
3dd043c581
sandbox_network: pass sandbox to newPodNetwork
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-25 21:08:11 +02:00
Antonio Murdaca
6c871769b4
server: more fixes for selinux and privileged mode
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-25 21:08:11 +02:00
Antonio Murdaca
7b0bde4362
container_create: fix seccomp annotations
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-25 21:08:11 +02:00
Antonio Murdaca
59c0218a9c
container_create: follow symlink for mount host path
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-25 21:08:11 +02:00
Antonio Murdaca
5e7c932771
vendor: update kube to v1.7.6
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-25 21:08:11 +02:00
Antonio Murdaca
e8cfe3b867
container_create: support seccomp docker/default annotation
Fixes the following Origin/Kube test:

```
• Failure [10.323 seconds]
[k8s.io] Security Context [Feature:SecurityContext]
/go/src/github.com/openshift/origin/vendor/k8s.io/kubernetes/test/e2e/framework/framework.go:619
  should support seccomp alpha docker/default annotation
[Feature:Seccomp] [It]
  /go/src/github.com/openshift/origin/vendor/k8s.io/kubernetes/test/e2e/security_context.go:133

  Expected error:
      <*errors.errorString | 0xc420cbacf0>: {
          s: "expected \"2\" in container output: Expected\n
<string>: Seccomp:\t0\n    \nto contain substring\n    <string>: 2",
      }
      expected "2" in container output: Expected
          <string>: Seccomp:	0

      to contain substring
          <string>: 2
  not to have occurred
}
```

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-25 21:08:11 +02:00
Mrunal Patel
1beb75d839 test: Add steps for testing crio client
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-09-25 11:59:40 -07:00
Mrunal Patel
50baca10e9 Add crio annotations to container endpoint
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-09-25 11:59:40 -07:00
Mrunal Patel
2e3d5240c2 client: Add crio client package
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-09-25 11:59:40 -07:00
Mrunal Patel
4fadbea75d Merge pull request #927 from stevekuznetsov/skuznets/dont-pull-code-in-test
Refactor integration test playbooks
2017-09-25 11:58:11 -07:00
Steve Kuznetsov
e160796d4e
Refactor the CRI-O test playbook to be more modular
Signed-off-by: Steve Kuznetsov <skuznets@redhat.com>
2017-09-25 10:02:04 -07:00
Mrunal Patel
89f18fa7b5 Merge pull request #928 from cevich/fix_missing_fedora_dep
integration-playbook: Add hidden dependencies
2017-09-22 10:19:05 -07:00
Chris Evich
bedf75dcfc integration-playbook: Require RHEL repos.
Both the base and extras repos are required.  Rather than try to fuss
around with subscription manager, require two variables be defined
pointing to the baseurl's to use.  Assert that these variables are set
and non-empty.

Signed-off-by: Chris Evich <cevich@redhat.com>
2017-09-21 13:01:08 -04:00
Chris Evich
78c400ccd3 integration-playbook: Increase test timeout
Depending on circumstances out of our control, the 'integration tests'
may take longer than an hour (3600 seconds).  Since the maximum time
is referenced in several places, define a variable with a larger value
then reference it from the affected tasks.

Signed-off-by: Chris Evich <cevich@redhat.com>
2017-09-21 13:01:08 -04:00
Chris Evich
e6b5fc7d53 integration-playbook: Add hidden dependencies
Previously, an internal playbook installed many extra
necessary/unnecessary packages before this playbook even started.  Since
this is a terrible design, move all dependencies here so that nothing is
unwritten.  This includes installing some deps. for ansible itself
(which must be done as a raw command).

Signed-off-by: Chris Evich <cevich@redhat.com>
2017-09-21 13:01:08 -04:00
Chris Evich
29c4d890c8 Faster venv-ansible-playbook.sh
If running a playbook more than once, there's no need to re-bootstrap
the virtual environment.  Assume if the verified crio directory already
exists, it should be used (after re-asserting hashes of requirements).

Signed-off-by: Chris Evich <cevich@redhat.com>
2017-09-21 12:59:33 -04:00
Daniel J Walsh
d153815f74 Merge pull request #936 from rhatdan/readme
Describe in readme `kpod cp` man page
2017-09-21 10:02:07 -04:00
Daniel J Walsh
fd6446ade5 Describe in readme kpod cp man page
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2017-09-21 12:20:26 +00:00
Antonio Murdaca
0fc411d4fe Merge pull request #905 from mrunalp/bump_rc2
version: Release 1.0.0-rc2
2017-09-20 15:20:31 +02:00
Daniel J Walsh
2282b5339f Merge pull request #922 from ashcrow/add-libkpod-config-unit-test
test: Add libkpod config tests
2017-09-19 15:14:41 -04:00
Steve Milner
65faae6782 test: Add libkpod config tests
- config_test.go for testing libkpod/config.go
- testdata/config.toml as a fixture for config_test.go

Signed-off-by: Steve Milner <smilner@redhat.com>
2017-09-19 09:32:57 -04:00
Daniel J Walsh
5e3c53c172 Merge pull request #909 from rhatdan/lastError
We should not be exiting with exit(1)
2017-09-18 07:46:53 -04:00
Mrunal Patel
7e7a097395 Merge pull request #913 from runcom/v1.0.0-rc2-patches
V1.0.0 rc2 patches
2017-09-17 21:03:54 -07:00
Antonio Murdaca
a11b8cd8ec
sandbox, ctr: SELinux fixes
server: fix selinux labels for pod and containers

Signed-off-by: Antonio Murdaca <runcom@redhat.com>

sandbox: set selinux labels from request, not defaults

Signed-off-by: Antonio Murdaca <runcom@redhat.com>

container_create: use sandbox's selinux if container's nil

Signed-off-by: Antonio Murdaca <runcom@redhat.com>

sandbox: correctly init selinux labels

First, we weren't correctly initializing selinux labels. If any of
(level, user, role, type) was missing from kube selinux options, we
were erroring out. This is wrong as kube sends just `level=s0`
sometimes and docker itself allows `--security-opt label=level:s0`.
This patch directly initializes selinux labels, correctly, and adds a
test to verify it.

Signed-off-by: Antonio Murdaca <runcom@redhat.com>

test: testdata: use container_runtime_t selinux type

RHEL SELinux policy doesn't have `container_t` type but we're using it
in our fixtures. That means Fedora integration tests pass because
`container_t` is in Fedora's container policy but RHEL is broken.
Fix it by using `container_runtime_t` which is aliased in Fedora policy
to `container_t`.

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-17 22:40:17 +02:00
Antonio Murdaca
ec42a40936
server: use grpc getters
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-17 10:19:32 +02:00
Antonio Murdaca
c1d158bba4
Makefile: always use vfs to test in container
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-17 10:19:32 +02:00
Antonio Murdaca
d93f86c26c
Dockerfile: remove not needed image copy
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-17 10:19:31 +02:00
Antonio Murdaca
9ec518491f
server: correctly set hostname
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-17 10:19:31 +02:00
Antonio Murdaca
0c1383fd30
test: add inspect integration tests
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-17 10:19:31 +02:00
Antonio Murdaca
e26e48ec87
server: add inspect unit test
The inspect endpoint is used mainly in the CRI-O cAdvisor handler.
Let's make sure we don't break it by adding some trivial unit tests.

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-17 10:19:29 +02:00
Daniel J Walsh
33fc0231f7 Merge branch 'master' of github.com:kubernetes-incubator/cri-o into lastError
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2017-09-16 06:10:01 -04:00
Daniel J Walsh
dbc2b404a3 Merge pull request #841 from baude/kpod_pull_name
libkpod/image/copy.go: Add pull by short-name
2017-09-16 05:12:47 -04:00
Daniel J Walsh
d03ea10be2 Merge pull request #890 from mrunalp/bind_docs
docs: Add missing bind option in docs and command help
2017-09-16 05:11:17 -04:00
Daniel J Walsh
dacfddc42c Merge pull request #899 from umohnani8/vendor_containers/image
Vendor in latest containers/storage
2017-09-16 05:09:29 -04:00
Daniel J Walsh
8320d65581 Merge pull request #915 from umohnani8/kpod_ps
Modified namespace field in json struct
2017-09-16 05:02:32 -04:00
Mrunal Patel
f59e9dae1c docs: Add missing bind option in docs and command help
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2017-09-15 16:12:13 -07:00
Daniel J Walsh
a001b177d6 We should not be exiting with exit(1)
There is cleanup code that will never get run.
This code will print out all errors and then return the last error.
This should allow for proper cleanup.

Also cleanup help to switch usage and description.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2017-09-15 17:51:34 -04:00
umohnani8
036658b844 Modified namespace field in json struct
The namespace field was not being omitted when empty

Signed-off-by: umohnani8 <umohnani@redhat.com>
2017-09-15 17:30:25 -04:00
Daniel J Walsh
b82bf55404 Merge pull request #900 from TomSweeneyRedHat/dev/tsweeney/docfix5
Add a few build dependencies to README.md
2017-09-15 16:47:52 -04:00
Mrunal Patel
9f663c9b66 Merge pull request #912 from TomSweeneyRedHat/dev/tsweeney/clifix
Update urfave/cli to v1.20.0
2017-09-15 12:56:47 -07:00
TomSweeneyRedHat
a29bb63613 Add a few build dependencies to README.md
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
2017-09-15 07:56:30 -04:00
TomSweeneyRedHat
359def92f1 Update urfave/cli to v1.20.0
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
2017-09-14 23:39:15 -04:00
umohnani8
cfc2393d58 Vendor in latest containers/storage
Fixes store.lock issue comming up when using store.Names

Signed-off-by: umohnani8 <umohnani@redhat.com>
2017-09-14 09:54:39 -04:00
baude
951a943d16 libkpod/image/copy.go: Add pull by short-name
If the user provides kpod pull a short name like 'debian', we
still want the pull to be sucessful.  As such, when a short
name is provided, we get the list of searchable registries via
the systemregistries code in containers-storage.  We then
append a tag of 'latest' (if not provided) and we formulate
a list of possible fully-qualified image names to try.

Vendor update for containers-storage to bring in the system_registries
code.

Also includes a patch from Nalin to fix compilation errors.

Signed-off-by: baude <bbaude@redhat.com>
2017-09-14 08:33:10 -05:00
Mrunal Patel
9dcd8c47e7 version: Switch to 1.0.0-rc3-dev
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-09-13 12:47:35 -07:00
Mrunal Patel
6784a66f2d version: Release 1.0.0-rc2
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-09-13 12:43:40 -07:00
Mrunal Patel
400713a58b Merge pull request #904 from runcom/fix-manifest-list
fix issue with official images and manifest lits
2017-09-13 12:42:18 -07:00
Antonio Murdaca
22f96b1806
fix issue with official images and manifest lits
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-13 19:01:06 +02:00
Daniel J Walsh
05713958f2 Merge pull request #894 from TomSweeneyRedHat/dev/tsweeney/docfix4
Add golang version note to README.md
2017-09-12 17:48:30 -04:00