Commit graph

96 commits

Author SHA1 Message Date
Nalin Dahyabhai
ff7bbb4f0d Switch to ImageServer.UntagImage in RemoveImage handler
Add an UntagImage() method to pkg/storage/ImageServer, which will check
if the passed-in NameOrID is a name.  If so, it merely removes that name
from the image, removing the image only if it was the last name that the
image had.  If the NameOrID is an image ID, the image is removed, as
RemoveImage() does.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-12-14 14:23:53 -05:00
Nalin Dahyabhai
f3b7065bd8 Return image references from the storage package
The image's canonical reference is a name with a digest of the image's
manifest, so in imageService.ImageStatus() and
imageService.ListImages(), divide the image's name list into tagged and
digested values, and if we have names, add canonical versions.

In Server.ContainerStatus(), return the image name as it was given to us
as the image, and the image digested reference as the image reference.

In Server.ListImages(), be sure to only return tagged names in the
RepoTags field.  In Server.ImageStatus(), also return canonical
references in the RepoDigests field.

In Server.PullImage(), be sure that we consistently return the same
image reference for an image, whether we ended up pulling it or not.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-12-14 14:23:52 -05:00
Antonio Murdaca
b3f59f31ad
Merge pull request #1159 from weiwei04/replace_crioctl_with_crictl_wip
Replace crioctl with crictl
2017-11-20 15:27:30 +01:00
Wei Wei
25dfde9044 replace crioctl with crictl
Signed-off-by: Wei Wei <weiwei.inf@gmail.com>
2017-11-20 13:46:52 +08:00
Mrunal Patel
946307e5c2 Make pid namespace sharing optional and disabled by default
We reverse the logic so that pid ns sharing is disabled by default.

Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-11-18 06:47:06 -08:00
Wei Wei
702ab3ee3a share pid namespace for Pod container
Signed-off-by: Wei Wei <weiwei.inf@gmail.com>
2017-11-17 09:56:33 +08:00
Antonio Murdaca
e99a78edff
*: add crictl.yaml
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-11-12 01:54:19 +01:00
Antonio Murdaca
befd719812
Revert "Merge pull request #654 from nalind/storage-update"
This reverts commit 4c06116c18, reversing
changes made to c5e73ba65f.

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-11-12 01:54:19 +01:00
Daniel J Walsh
e9200aacba
Merge pull request #1110 from edsantiago/more_testing_fixes
Various test-scaffolding fixes
2017-11-10 08:22:06 -05:00
Ed Santiago
b7697672f0 Various test-scaffolding fixes
* Skip some tests if the bridge-custom plugin is
  unavailable. This CNI plugin is not distributed in
  any RPM, it is only available by compiling from a
  side branch in runcom's private github. We can't
  use it in a real integration-test setting.

* Don't use `run()` inside cleanup handlers. It will
  override $status, which is a double whammy:
   - successful cleanup will mask a test failure
   - when a test is `skip()`ed, crictl may fail,
     and $status will indicate failure.

* seccomp test: use existing $SECCOMP_PROFILE instead of
  assuming a path under $CRIO_ROOT

Signed-off-by: Ed Santiago <santiago@redhat.com>
2017-11-06 07:14:33 -07:00
Matthew Heon
1bf6d20309 Remove kpod code after repository move
Signed-off-by: Matthew Heon <mheon@redhat.com>
2017-11-03 14:37:42 -04:00
Daniel J Walsh
fe69289566
Merge pull request #1080 from baude/kpod_create.pr
Kpod create.pr
2017-11-01 13:44:28 -04:00
baude
b85fe5ab90 Fix conmon and runc paths for kpod tests
Tests for kpod create and run were failing because the conmon
binary was being hardcoded.  We added a  --conmon global optioni
for kpod so we could pass in the conmon path from the helpers
file during tests

Signed-off-by: baude <bbaude@redhat.com>
2017-11-01 10:53:52 -05:00
Nalin Dahyabhai
2e5e92730a Switch to ImageServer.UntagImage in RemoveImage handler
Add an UntagImage() method to pkg/storage/ImageServer, which will check
if the passed-in NameOrID is a name.  If so, it merely removes that name
from the image, removing the image only if it was the last name that the
image had.  If the NameOrID is an image ID, the image is removed, as
RemoveImage() does.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-10-31 10:30:18 -04:00
Nalin Dahyabhai
3f2bc09231 Return image references in ImageStatus()
The image's canonical reference is a name with a digest of the image's
manifest, so compute and return that value as the image's reference in
ImageStatus() and in ContainerStatus().

We don't auto-store a name based on the image digest when we pull one by
tag, but then CRI doesn't need us to do that.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-10-31 10:29:06 -04:00
Antonio Murdaca
63b1706de8
Makefile: output binaries under bin/
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-10-30 17:48:29 +01:00
Nalin Dahyabhai
9d0d48b2ce Rename $STORAGE_OPTS to $STORAGE_OPTIONS
Rename our $STORAGE_OPTS variable to $STORAGE_OPTIONS, so that the
storage library doesn't try to use its contents as default driver
options.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-10-24 21:52:16 -04:00
Ed Santiago
c476706271 restore lost cni-plugin option
Commit d5b5028c undid part of my pr#953 (cni plugin path). Restore it.

Signed-off-by: Ed Santiago <santiago@redhat.com>
2017-10-17 09:02:20 -06:00
umohnani8
d1aea31786 Follow up changes on secrets patch
Deleted mounts.conf file and moved the secrets mount paths
to a list (default-mounts) in crio.conf

Signed-off-by: umohnani8 <umohnani@redhat.com>
2017-10-12 15:10:07 -04:00
umohnani8
d5b5028cb9 Add secrets patch to crio
Allows the user to define secret paths in /etc/containers/mounts.conf
These are then volume mounted into the container

Signed-off-by: umohnani8 <umohnani@redhat.com>
2017-10-11 20:00:38 -04:00
Daniel J Walsh
680f3a09e1 Merge pull request #953 from edsantiago/parameterize_cni_plugin
Parameterize CRIO_CNI_PLUGIN
2017-10-10 16:55:03 -04:00
Samuel Ortiz
a5e5ccb365 main: Replace -debug with -log-level
Running crio with -debug is very verbose. Having more granularity
on the log level can be useful when e.g. only looking for errors.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2017-10-05 22:53:20 +02:00
Nalin Dahyabhai
2491d38e03 Also refactor setting flags for running kpod
* Remove duplicate definitions of storage-related flags for kpod, since
  we set them in helpers.bash now, and the other locations that were
  also setting it were doing so after loading the definitions in
  helpers.
* Set kpod storage flags after checking if we need to force use of the
  "vfs" storage driver for cri-o, to make sure kpod also ends up with
  the same override if we're using one.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-09-29 16:37:07 -04:00
Daniel J Walsh
e16bb3feb3 Refactor kpod tests
Move kpod tests from kpod.bats to kpod_[commandname].bats
Also make sure all status checks have a echo $output before them.

Signed-off-by: Ryan Cole <rcyoalne@gmail.com>

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

Signed-off-by: umohnani8 <umohnani@redhat.com>
2017-09-29 16:37:07 -04:00
Ed Santiago
b2d347d8cd Parameterize CRIO_CNI_PLUGIN
Allow overriding CRIO_CNI_PLUGIN (default: /opt/cni/bin) and
make sure it gets written to our crio.conf file. This is
intended for running cri-o tests with containernetworking-cni
rpm which installs into /usr/libexec/cni

Signed-off-by: Ed Santiago <santiago@redhat.com>
2017-09-27 14:19:20 -06:00
Mrunal Patel
d47061ac57 test: Add a test for log size max
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-09-25 15:37:55 -07:00
baude
951a943d16 libkpod/image/copy.go: Add pull by short-name
If the user provides kpod pull a short name like 'debian', we
still want the pull to be sucessful.  As such, when a short
name is provided, we get the list of searchable registries via
the systemregistries code in containers-storage.  We then
append a tag of 'latest' (if not provided) and we formulate
a list of possible fully-qualified image names to try.

Vendor update for containers-storage to bring in the system_registries
code.

Also includes a patch from Nalin to fix compilation errors.

Signed-off-by: baude <bbaude@redhat.com>
2017-09-14 08:33:10 -05:00
Antonio Murdaca
b8a6d358e7 Merge pull request #562 from rhatdan/hooks
Add support for running oci-hooks
2017-09-07 19:06:01 +02:00
Antonio Murdaca
5947698818
test: replace bash CNI plugin with a custom bridge
Because we need a working CNI plugin to setup a correct netns so
sandbox_run can grab a working IP address.

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-06 17:14:53 +02:00
Daniel J Walsh
139d0841e8 Add support for oci-hooks to libkpod
Add new directory /etc/crio/hooks.d, where packagers can drop a json config
file to specify a hook.

The json must specify a valid executable to run.
The json must also specify which stage(s) to run the hook:
prestart, poststart, poststop
The json must specify under which criteria the hook should be launched
If the container HasBindMounts
If the container cmd matches a list of regular expressions
If the containers annotations matches a list of regular expressions.
If any of these match the the hook will be launched.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2017-09-05 07:39:31 -04:00
Antonio Murdaca
59ba89d64d
*: fix crictl vendor
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-08-27 10:54:36 +02:00
Antonio Murdaca
49bdd59406
*: initial wire in of crictl from cri-tools
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-08-22 20:14:49 +02:00
Antonio Murdaca
d56bf090ce
*: update kube vendor to v1.7.4
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-08-22 17:32:14 +02:00
Antonio Murdaca
a35727c80b
*: implement additional pull registries
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-08-02 16:38:11 +02:00
Nalin Dahyabhai
4ebcd650e0 Force use of the "vfs" driver when testing on AUFS
Basically none of the clever storage drivers will work when we're on top
of AUFS, so if we find ourselves in that situation when running tests,
default to storage options of "--storage-driver vfs".

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-07-20 17:29:38 -04:00
Mrunal Patel
288415d31d test: Add test for pids limit
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2017-07-11 19:17:48 -07:00
Mrunal Patel
de1cb64ee8 test: Add a test for image volume ignore
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2017-07-10 13:46:14 -07:00
umohnani8
9595d7900e Add kpod version
Signed-off-by: umohnani8 <umohnani@redhat.com>
2017-06-27 16:48:24 -04:00
Andrew Pilloud
e4e982d78a test: hostport network test
Signed-off-by: Andrew Pilloud <andrewpilloud@igneoussystems.com>
2017-06-22 15:46:15 -07:00
Antonio Murdaca
9f68cb4507
server: adhere to CRI for sandbox stop/remove
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-06-15 23:08:30 +02:00
Antonio Murdaca
aa9abdfe40
test: pull just once in integration tests
w/o this patch we were always pulling redis:alpine by digest in each
test.

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-05-26 16:01:31 +02:00
Antonio Murdaca
b4251aebd8
execsync: rewrite to fix a bug in conmon
conmon has many flags that are parsed when it's executed, one of them
is "-c". During PR #510 where we vendor latest kube master code,
upstream has changed a test to call a "ctr execsync" with a command of
"sh -c commmand ...".
Turns out:

a) conmon has a "-c" flag which refers to the container name/id
b) the exec command has a "-c" flags but it's for "sh"

That leads to conmon parsing the second "-c" flags from the exec
command causing an error. The executed command looks like:

conmon -c [..other flags..] CONTAINERID -e sh -c echo hello world

This patch rewrites the exec sync code to not pass down to conmon the
exec command via command line. Rather, we're now creating an OCI runtime
process spec in a temp file, pass _the path_ down to conmon, and have
runc exec the command using "runc exec --process
/path/to/process-spec.json CONTAINERID". This is far better in which we
don't need to bother anymore about conflicts with flags in conmon.

Added and fixed some tests also.

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-05-25 22:36:33 +02:00
Mrunal Patel
f64032483e test: Ensure image for testing oom is present
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-05-25 11:30:58 -07:00
Antonio Murdaca
d099e3a988
server: container_status: we should return digested references in imageRef
currently blocked on
https://github.com/kubernetes-incubator/cri-o/issues/531

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-05-22 16:37:46 +02:00
Antonio Murdaca
4dcf33581c
test: add CGROUP_MANAGER env to switch to systemd
default is still cgroupfs

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-05-18 17:39:49 +02:00
Mrunal Patel
5e4809bdfe Fix remnants of ocid -> crio rename
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-05-15 15:05:58 -07:00
Dan Walsh
4493b6f176 Rename ocid to crio.
The ocid project was renamed to CRI-O, months ago, it is time that we moved
all of the code to the new name.  We want to elminate the name ocid from use.
Move fully to crio.

Also cric is being renamed to crioctl for the time being.

Signed-off-by: Dan Walsh <dwalsh@redhat.com>
2017-05-12 09:56:06 -04:00
Dan Williams
13f6e95685 sandbox: pass correct pod Namespace/Name to network plugins and fix id/name ordering
Two issues:
1) pod Namespace was always set to "", which prevents plugins from figuring out
what the actual pod is, and from getting more info about that pod from the
runtime via out-of-band mechanisms

2) the pod Name and ID arguments were switched, further preventing #1

Signed-off-by: Dan Williams <dcbw@redhat.com>
2017-05-05 23:55:37 -05:00
Antonio Murdaca
715785950c
test: use redis:alpine
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-05-05 16:31:48 +02:00
Antonio Murdaca
5dd2e10028 Merge pull request #462 from runcom/storage-tests
test: make storage configurable via env
2017-04-21 16:59:20 +02:00