Commit graph

88 commits

Author SHA1 Message Date
Daniel J Walsh
6f81ec8c67 Default all container storage to /var/lib/containers/storage
containers/storage is defaulting to /var/lib/containers/storage
for image and containers storage.  It is also defaulting to
/var/run/containers/storage for all runtime.  The defaults
for CRI-O should match so that lots of other tools that use
containers/storage can share the same storage.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2017-03-24 08:19:08 -04:00
Andrew Pilloud
54c176e336 storage: Support latest containers/image
Signed-off-by: Andrew Pilloud <andrewpilloud@igneoussystems.com>
2017-03-13 08:51:02 -07:00
Daniel J Walsh
cf5b0ae57f Deprecate --storage-option for --storage-opt
container-storage-setup (Formerly docker-storage-setup) is being converted to
run with container runtimes outside of docker.  Specifically we want to use it
with CRI-O/ocid.  It does not know anything about the container runtimes it
is generating options for, so it generates them based on the storage CLI of
docker.  I see no reason to have the storage option for ocid to be different
and we can just depracate the option for now.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2017-02-25 09:09:50 -05:00
Aleksa Sarai
0d7147ff5c
make: revert switch to 'go install'
go install acts incredibly weirdly and rarely does what you want, not to
mention that it's just bad for distribution build setups. Switch back to
go build, which works properly and doesn't have half as many issues.

Fixes: 6c9628cdb1 ("Build and install from GOPATH")
Signed-off-by: Aleksa Sarai <asarai@suse.de>
2017-02-17 03:22:12 +11:00
Antonio Murdaca
9d085aef0a Merge pull request #356 from nalind/helpers
Minor tweaks to test helpers
2017-02-04 15:18:27 +01:00
Nalin Dahyabhai
ff5c485e7f Make sure we don't read a host ocid.conf in tests
When generating an ocid.conf for use when running tests, make sure we
don't pick up any defaults from an installed copy of ocid by forcing our
copy to read /dev/null as its configuration file.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-02-03 17:19:29 -05:00
Nalin Dahyabhai
5a89d5381d Wait when restarting ocid during tests
When we restart ocid as part of a test, wait for the daemon to exit when
we send it a SIGTERM, just as we do when we try to stop it for good.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-02-03 17:18:26 -05:00
Antonio Murdaca
dfa93414c5 Merge pull request #352 from mrunalp/deps
Switch to github.com/golang/dep for vendoring
2017-02-02 18:32:44 +01:00
Mrunal Patel
d0464b11e2 Merge pull request #348 from runcom/fix-imageid-lookup
storage: fix image retrieval by id
2017-02-01 09:05:36 -08:00
Mrunal Patel
8e5b17cf13 Switch to github.com/golang/dep for vendoring
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-01-31 16:45:59 -08:00
Nalin Dahyabhai
893593272f Use build tags for bin2img and copyimg
Use the same build tags for bin2img and copyimg that we use for ocid,
and improve detection of the case where we need to use the
"libdm_no_deferred_remove" tag.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-01-31 11:57:19 -05:00
Antonio Murdaca
2202c1a460
storage: fix image retrieval by id
kubelet sends a request to create a container with an image ID (as
opposed as an image name). That ID comes from the ImageStatus response.
This patch fixes that by setting the image ID as well as the image name
and fix the login to lookup for image ID as well.

Found while running `make test-e2e-node`.

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-01-31 16:32:30 +01:00
Samuel Ortiz
5569f8b2e1
test: Update and organize README
Document the alternate runtime selection when running integratiom
tests on the host, and at the same time rganize the file a little
better.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2017-01-26 23:21:12 +01:00
Samuel Ortiz
5f0238032f
test: Specify alternate container runtime
When running integration tests on the host, we can now specify
an alternate runtime by setting the RUNTIME variable. For example:

make localintegration RUNTIME=cc-oci-runtime

to use Clear Containers instead of runC.

Obviously, runC is still the default.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2017-01-26 23:21:09 +01:00
Nalin Dahyabhai
ebe86effe2 Pass --signature-policy to copyimg
When calling copyimg to pull down an image in the integration tests,
don't forget to pass in the test signature policy.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-01-26 14:01:47 +01:00
Daniel J Walsh
9c61688098 Default type for containers is not container_t
We usually specify MCS Labels as comma separated pair.
Finally if we run two different containers we want them on different
MCS labels.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2017-01-25 22:11:30 +01:00
Antonio Murdaca
5d86f1f110
test: enable tests in Travis
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-01-19 19:14:46 +01:00
Antonio Murdaca
25d40b6927
test: use checkseccomp to test if seccomp is supported
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-01-19 18:51:47 +01:00
Antonio Murdaca
0d37c41521
test: add a custom binary to reliable check seccomp support
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-01-19 18:51:47 +01:00
Antonio Murdaca
f1f5c635d2
test: change location of the test image
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-01-19 18:51:47 +01:00
Nalin Dahyabhai
aeea656581 Limit implicit image pulling to the pause image
The CRI doesn't expect us to implicitly pull an image if it isn't
already present before we're asked to use it to create a container, and
the tests no longer depend on us doing so, either.

Limit the logic which attempts to pull an image, if it isn't present, to
only pulling the configured "pause" image, since our use of that image
for running pod sandboxes is an implementation detail that our clients
can't be expected to know or care about.  Include the name of the image
that we didn't pull in the error we return when we don't pull one.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-01-18 10:23:30 -05:00
Nalin Dahyabhai
925806b8fa Add and use copyimg for caching images for tests
Add a basic tool for copying images from one location to another,
optionally adding a name if it's to local storage.  Ideally we could use
skopeo for this, but we don't want to build it.

Use it to initially populate the test/testdata/redis-image directory, if
it's not been cleaned out, with a copy of "docker://redis:latest", and
to copy it in to the storage that ocid is using before we start up ocid.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-01-18 10:23:30 -05:00
Nalin Dahyabhai
636d5d8e9a Add and use bin2img for creating images for tests
Add tests which exercise image pulling, listing, and removal.  When running
tests, prepopulate the store with an image with the default infrastructure
container's name, using the locally-built "pause" binary, so that tests won't
have to pull it down from the network.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-01-18 10:23:30 -05:00
Nalin Dahyabhai
c0333b102b Integrate containers/storage
Use containers/storage to store images, pod sandboxes, and containers.
A pod sandbox's infrastructure container has the same ID as the pod to
which it belongs, and all containers also keep track of their pod's ID.

The container configuration that we build using the data in a
CreateContainerRequest is stored in the container's ContainerDirectory
and ContainerRunDirectory.

We catch SIGTERM and SIGINT, and when we receive either, we gracefully
exit the grpc loop.  If we also think that there aren't any container
filesystems in use, we attempt to do a clean shutdown of the storage
driver.

The test harness now waits for ocid to exit before attempting to delete
the storage root directory.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-01-18 10:23:30 -05:00
Antonio Murdaca
00e6832715 Merge pull request #320 from jawnsy/build-with-go-install
Build with go install
2017-01-18 00:06:13 +01:00
Mrunal Patel
e785e3e07f Remove host ping test
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2017-01-17 13:43:23 -08:00
Jonathan Yu
6c9628cdb1
Build and install from GOPATH
* Rename 'vendor/src' -> 'vendor'
  * Ignore vendor/ instead of vendor/src/ for lint
* Rename 'cmd/client' -> 'cmd/ocic' to make it 'go install'able
* Rename 'cmd/server' -> 'cmd/ocid' to make it 'go install'able
* Update Makefile to build and install from GOPATH
* Update tests to locate ocid/ocic in GOPATH/bin
* Search for binaries in GOPATH/bin instead of PATH
* Install tools using `go get -u`, so they are updated on each run

Signed-off-by: Jonathan Yu <jawnsy@redhat.com>
2017-01-17 12:09:09 -08:00
Samuel Ortiz
ce54c1e5e9
test: Do not hardcode runc specific output
"executable file not found in" is part of a runc
specific output when 'runc exec' fails.
This prevents the execsync failure to pass when running
ocid with other runtimes than runc.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2017-01-14 02:02:45 +01:00
Samuel Ortiz
8e1af3668a
test: Fix networking helpers indentation
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2016-12-21 12:26:18 +01:00
Samuel Ortiz
b6455253c2
test: Add host pod ping test
We create a pod with host networking and we try to ping
it from the host.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2016-12-21 12:24:37 +01:00
Samuel Ortiz
5273bef5d2
test: Add a inter pod ping networking test
We create 2 pods in 2 different networking namespace and
we check if we can ping one from the other.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2016-12-21 11:28:33 +01:00
Samuel Ortiz
b97a57c006
test: Skip networking tests if CNI plugins are missing
If the CNI binaries (bridge and host-local) are not installed,
we skip the tests.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2016-12-20 12:50:23 +01:00
Samuel Ortiz
4c702fb60c
test: Add 2 basic networking tests
We create temporary CNI networking configurations and run 2
functional tests:

- Verify that the networking namespace interface has a valid CIDR
- Ping the networking namespace interface from the host

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2016-12-20 12:50:20 +01:00
Mrunal Patel
a418ef8dc2 Fixup cgroup in test sandbox config
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2016-12-16 13:33:38 -08:00
Antonio Murdaca
e1054cf28e
cmd/client: move pod create to pod run
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-12-14 18:15:37 +01:00
Antonio Murdaca
4bb0830c37 Merge pull request #239 from xlgao-zju/reload-apparmor-profile
reload default apparmor profile if it is unloaded
2016-12-13 11:10:26 +01:00
Antonio Murdaca
f22dc5244f
test: add restart ocid with pod stopped test
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-12-09 11:56:25 +01:00
Mrunal Patel
0e1db291b6 Merge pull request #251 from sameo/topic/bats
test: Add a pod remove idempotent test
2016-12-08 16:20:41 -08:00
Mrunal Patel
7a6213c3ef Merge pull request #248 from sameo/topic/config.json
testdata: Add missing closed curly
2016-12-08 16:12:02 -08:00
Samuel Ortiz
d701009264
test: Add a pod remove idempotent test
Test if we can remove a pod several times without
generating an error.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2016-12-09 00:43:25 +01:00
Samuel Ortiz
c55d9a5da6
testdata: Add missing closed curly
Typo introduced by PR #244.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2016-12-09 00:11:16 +01:00
fd7a052023
testdata: fix invalid json doc
Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>
2016-12-08 15:23:24 -05:00
Samuel Ortiz
5d8537f270
testdata: sandbox ns options should be under security_context
And not directly under linux.

Fixes #243

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2016-12-08 18:09:28 +01:00
Xianglin Gao
cb5ed1ce9d reload default apparmor profile if it is unloaded
Signed-off-by: Xianglin Gao <xlgao@zju.edu.cn>
2016-12-07 20:19:29 +08:00
Mrunal Patel
a4021ba179 Merge pull request #235 from runcom/fix-state
server: sync ctr state before checking it
2016-12-06 09:42:43 -08:00
Antonio Murdaca
1b2d4f3d60
server: sync ctr state before checking it
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-12-06 12:39:38 +01:00
Antonio Murdaca
f2b4fda554
server: fix ctr filter by truncated id
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-12-06 12:16:34 +01:00
Antonio Murdaca
e7492ca12f
server: fix pod filter by truncated id
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-12-06 12:16:30 +01:00
Antonio Murdaca
15f23bc6ac
test: fix apparmor detection
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-12-06 12:10:32 +01:00
Xianglin Gao
4f323377ee add apparmor build tag and update readme
Signed-off-by: Xianglin Gao <xlgao@zju.edu.cn>
2016-12-06 11:51:15 +08:00