Jonathan Yu
d5d297d50b
Promote DefaultConfig() to server package
...
The default configuration can only be accessed from the cmd/server
package, which cannot be imported (since it's a "package main").
This change promotes DefaultConfig() to the "server" package.
Closes : #315
Signed-off-by: Jonathan Yu <jawnsy@redhat.com>
2017-01-16 16:22:35 -08:00
Jacek J. Łakis
b034072d6a
sandbox_run: Do not run net plugin in host namespace
...
Signed-off-by: Jacek J. Łakis <jacek.lakis@intel.com>
2017-01-16 16:53:29 +01:00
Antonio Murdaca
ac7943c707
Merge pull request #285 from sameo/topic/network-bats
...
Add Initial networking BATs
2016-12-20 16:49:04 +01:00
Nalin Dahyabhai
d6225894af
Clear index entries when removing pods or ctrs
...
When removing a pod sandbox or container, remove the ID of the item from
the corresponding ID index, so that we can correctly determine if it was
us or another actor that cleaned them up.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2016-12-20 09:06:39 -05:00
Samuel Ortiz
c525459000
main: Add CNI options
...
We add 2 ocid options for choosing the CNI configuration and plugin
binaries directories: --cni-config-dir and --cni-plugin-dir.
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2016-12-20 12:50:17 +01:00
Mrunal Patel
6df58df215
Add support for systemd cgroups
...
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2016-12-19 16:31:29 -08:00
Mrunal Patel
5eab56e002
Pass cgroup manager to oci runtime manager
...
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2016-12-19 15:05:32 -08:00
Mrunal Patel
edad8f866d
Add configuration for specifying cgroup manager
...
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2016-12-19 15:04:34 -08:00
Nalin Dahyabhai
9b88295f69
Update containers/storage and containers/image
...
Update the versions of containers/storage and containers/image, and add
new dependencies that they pull in.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2016-12-19 11:44:34 -05:00
Mrunal Patel
b2fbd828e1
Merge pull request #271 from resouer/pod-level-qos
...
Support pod level qos in cri-o
2016-12-16 13:32:22 -08:00
Mrunal Patel
5a769f72ca
Merge pull request #274 from Crazykev/gofmt-check
...
Enable Gofmt check in CI
2016-12-15 16:57:16 -08:00
Antonio Murdaca
d157c1427c
server: mock UpdateRuntimeConfig
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-12-15 14:31:42 +01:00
Harry Zhang
02dfe877e4
Add container to pod qos cgroup
...
Signed-off-by: Harry Zhang <harryz@hyper.sh>
2016-12-15 14:42:59 +08:00
Crazykev
eb3990ead9
fix gofmt problem in existing code
...
Signed-off-by: Crazykev <crazykev@zju.edu.cn>
2016-12-15 14:17:22 +08:00
Samuel Ortiz
ad6ac9391c
sandbox: Force netns unmount and removal when restoring
...
ns.Close() will not remove and unmount the networking namespace
if it's not currently marked as mounted.
When we restore a sandbox, we generate the sandbox netns from
ns.GetNS() which does not mark the sandbox as mounted.
There currently is a PR open to fix that in the ns package:
https://github.com/containernetworking/cni/pull/342
but meanwhile this patch fixes a netns leak when restoring a pod.
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2016-12-14 19:47:05 +01:00
Antonio Murdaca
d2f6a4c0e2
server: remove reaper, let runc take care of reaping
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-12-14 12:15:20 +01:00
Mrunal Patel
4cb5af00f6
Merge pull request #262 from runcom/fix-commands
...
Read command from ContainerCreateRequest
2016-12-13 10:13:38 -08:00
Antonio Murdaca
f99c0a089c
Read command from ContainerCreateRequest
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-12-13 16:59:16 +01:00
Antonio Murdaca
4bb0830c37
Merge pull request #239 from xlgao-zju/reload-apparmor-profile
...
reload default apparmor profile if it is unloaded
2016-12-13 11:10:26 +01:00
Samuel Ortiz
0df8200e12
sandbox: Create a symbolic link to the networking namespace
...
In order to workaround a bug introduced with runc commit bc84f833,
we create a symbolic link to our permanent networking namespace so
that runC realizes that this is not the host namespace.
Although this bug is now fixed upstream (See commit f33de5ab4), this
patch works with pre rc3 runC versions.
We may want to revert that patch once runC 1.0.0 is released.
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2016-12-12 19:48:23 +01:00
Samuel Ortiz
a9724c2c9c
sandbox: Fix gocyclo complexity
...
With the networking namespace code added, we were reaching a
gocyclo complexitiy of 52. By moving the container creation and
starting code path out, we're back to reasonable levels.
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2016-12-12 19:48:23 +01:00
Samuel Ortiz
482eb460d6
sandbox: Setup networking namespace before sandbox creation
...
In order for hypervisor based container runtimes to be able to
fully prepare their pod virtual machines networking interfaces,
this patch sets the pod networking namespace before creating the
sandbox container.
Once the sandbox networking namespace is prepared, the runtime
can scan the networking namespace interfaces and build the pod VM
matching interfaces (typically TAP interfaces) at pod sandbox
creation time. Not doing so means those runtimes would have to
rely on all hypervisors to support networking interfaces hotplug.
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2016-12-12 19:48:23 +01:00
Samuel Ortiz
4cab8ed06a
sandbox: Use persistent networking namespace
...
Because they need to prepare the hypervisor networking interfaces
and have them match the ones created in the pod networking
namespace (typically to bridge TAP and veth interfaces), hypervisor
based container runtimes need the sandbox pod networking namespace
to be set up before it's created. They can then prepare and start
the hypervisor interfaces when creating the pod virtual machine.
In order to do so, we need to create per pod persitent networking
namespaces that we pass to the CNI plugin. This patch leverages
the CNI ns package to create such namespaces under /var/run/netns,
and assign them to all pod containers.
The persitent namespace is removed when either the pod is stopped
or removed.
Since the StopPodSandbox() API can be called multiple times from
kubelet, we track the pod networking namespace state (closed or
not) so that we don't get a containernetworking/ns package error
when calling its Close() routine multiple times as well.
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2016-12-12 19:48:23 +01:00
Samuel Ortiz
70ede1a5fe
container: Store annotations under ocid/annotations
...
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2016-12-12 19:16:05 +01:00
Antonio Murdaca
430297dd81
store annotations and image for a container
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-12-12 11:12:03 +01:00
Xianglin Gao
ca7d5c77c2
Do not load ocid-default if configured apparmor profile is set up.
...
Signed-off-by: Xianglin Gao <xlgao@zju.edu.cn>
2016-12-12 15:55:17 +08:00
Antonio Murdaca
5a1605bad5
server: fix calls to logrus again
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-12-11 18:29:59 +01:00
Antonio Murdaca
67055e20bc
server: fix call to logrus.Warnf
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-12-10 19:21:52 +01:00
Mrunal Patel
a0177ced09
Remove unnecessary check for mount label for /dev/shm
...
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2016-12-09 09:37:47 -08:00
Antonio Murdaca
d9edbe6817
Merge pull request #249 from mrunalp/dev_shm
...
Add support for pod /dev/shm that is shared by the pod ctrs
2016-12-09 09:46:27 +01:00
Mrunal Patel
868e18614a
Fix couple of lint issues
...
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2016-12-08 15:40:59 -08:00
Mrunal Patel
be29524ba4
Add support for pod /dev/shm that is shared by the pod ctrs
...
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2016-12-08 15:32:17 -08:00
Samuel Ortiz
365c291f1a
server: Make RemovePodSandbox idempotent
...
And in particular make it not fail when removing an already removed
sandbox pod. According to the CRI spec:
[RemovePodSandbox] is idempotent, and must not return an error if
the sandbox has already been removed.
We now only print a warning instead of returning an error.
We still return an error when the passed pod ID is empty.
Fixes #240
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2016-12-08 10:40:14 +01:00
Xianglin Gao
6977b3e88d
move duplicated consts to apparmor_common.go
...
Signed-off-by: Xianglin Gao <xlgao@zju.edu.cn>
2016-12-07 20:46:38 +08:00
Xianglin Gao
cb5ed1ce9d
reload default apparmor profile if it is unloaded
...
Signed-off-by: Xianglin Gao <xlgao@zju.edu.cn>
2016-12-07 20:19:29 +08:00
Mrunal Patel
8547c0dbd9
Merge pull request #236 from runcom/check-netns-on-stop
...
server: check netns path on pod stop
2016-12-06 10:06:46 -08:00
Mrunal Patel
a4021ba179
Merge pull request #235 from runcom/fix-state
...
server: sync ctr state before checking it
2016-12-06 09:42:43 -08:00
Antonio Murdaca
46dc2b4347
server: check netns path on pod stop
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-12-06 15:36:05 +01:00
Antonio Murdaca
1b2d4f3d60
server: sync ctr state before checking it
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-12-06 12:39:38 +01:00
Antonio Murdaca
f2b4fda554
server: fix ctr filter by truncated id
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-12-06 12:16:34 +01:00
Antonio Murdaca
e7492ca12f
server: fix pod filter by truncated id
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-12-06 12:16:30 +01:00
Xianglin Gao
4f323377ee
add apparmor build tag and update readme
...
Signed-off-by: Xianglin Gao <xlgao@zju.edu.cn>
2016-12-06 11:51:15 +08:00
Xianglin Gao
06cc0ba6ba
Add docs about apparmor profile setting
...
Signed-off-by: Xianglin Gao <xlgao@zju.edu.cn>
2016-12-01 13:26:59 +08:00
Xianglin Gao
26645c90ac
Make the profile configurable
...
Signed-off-by: Xianglin Gao <xlgao@zju.edu.cn>
2016-12-01 13:26:59 +08:00
Xianglin Gao
1f863846f5
add default apparmor profile
...
Signed-off-by: Xianglin Gao <xlgao@zju.edu.cn>
2016-12-01 13:26:59 +08:00
Xianglin Gao
71b80591e3
support apparmor
...
Signed-off-by: Xianglin Gao <xlgao@zju.edu.cn>
2016-12-01 13:26:59 +08:00
Antonio Murdaca
0e4af6d69d
*: add seccomp buildtag
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-11-29 17:01:45 +01:00
Samuel Ortiz
60123a77ce
server: Export more container metadata for VM containers
...
VM base container runtimes (e.g. Clear Containers) will run each pod
in a VM and will create containers within that pod VM. Unfortunately
those runtimes will get called by ocid with the same commands
(create and start) for both the pause containers and subsequent
containers to be added to the pod namespace. Unless they work around
that by e.g. infering that a container which rootfs is under
"/pause" would represent a pod, they have no way to decide if they
need to create/start a VM or if they need to add a container to an
already running VM pod.
This patch tries to formalize this difference through pod
annotations. When starting a container or a sandbox, we now add 2
annotations for the container type (Infrastructure or not) and the
sandbox name. This will allow VM based container runtimes to handle
2 things:
- Decide if they need to create a pod VM or not.
- Keep track of which pod ID runs in a given VM, so that they
know to which sandbox they have to add containers.
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2016-11-29 10:24:33 +01:00
Antonio Murdaca
78ee03a8fc
add seccomp support
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-11-28 22:05:34 +01:00
Mrunal Patel
b6f1b027eb
Merge pull request #213 from runcom/bump-runtime-tools
...
*: bump opencontainers/runtime-tools
2016-11-24 08:29:43 -08:00
Mrunal Patel
d12c4b68ac
Merge pull request #212 from runcom/execsync-fix
...
execsync: return proper error description
2016-11-24 08:28:45 -08:00
Antonio Murdaca
70481bc5af
*: bump opencontainers/runtime-tools
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-11-24 12:26:18 +01:00
Antonio Murdaca
cbe2a68ce5
execsync: return proper error description
...
The gprc execsync client call doesn't populate `ExecSyncResponse` on
error at all. You just get an error.
This patch modifies the code to include command's streams, exit code
and error direcly into the error. `ocic` will then print useful
infomation in the cli, otherwise it won't.
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-11-24 12:11:04 +01:00
HaoZhang
d1e1b7c183
pass sysctls down to oci runtime
...
Signed-off-by: HaoZhang <crazykev@zju.edu.cn>
2016-11-24 16:29:37 +08:00
Antonio Murdaca
ebe2ea0dba
server: split sandboxes actions
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-11-22 23:23:01 +01:00
Antonio Murdaca
4447207cf1
server: split images actions
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-11-22 23:05:37 +01:00
Antonio Murdaca
61bb04c87c
server: split containers actions
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-11-22 18:38:05 +01:00
Antonio Murdaca
5c94544fb8
Merge pull request #203 from mrunalp/exec_sync
...
Exec sync
2016-11-21 23:22:20 +01:00
Mrunal Patel
78ecdcd298
Add support for timeout
...
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2016-11-21 13:16:32 -08:00
Jacek J. Łakis
0289858d21
Add runtime status commpliant with CRI
...
Signed-off-by: Jacek J. Łakis <jacek.lakis@intel.com>
2016-11-21 10:19:03 +01:00
Mrunal Patel
52e789c44b
Add server implementation for exec sync
...
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2016-11-17 16:41:44 -08:00
Mrunal Patel
b62a150151
Update to the latest upstream API
...
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2016-11-16 17:20:37 -08:00
Jacek J. Łakis
85f7ebfb48
version: Fix parsing for gRPC version
...
Signed-off-by: Jacek J. Łakis <jacek.lakis@intel.com>
2016-11-15 09:26:11 +01:00
Pengfei Ni
bbfcf62a0f
Set timestamps to nanosecond.
...
CRI requires all timestamps in nanosends instead of seconds.
Signed-off-by: Pengfei Ni <feiskyer@gmail.com>
2016-11-14 14:26:06 +08:00
Antonio Murdaca
02ec8754f5
Merge pull request #169 from cyphar/make-configurable
...
server: make more things configurable
2016-11-10 14:55:29 +01:00
Mrunal Patel
5d62a9fbb9
Merge pull request #179 from Crazykev/add-metadata
...
Return pod metadata in container list and status APIs
2016-11-04 10:00:58 -06:00
Nalin Dahyabhai
ec1bc4d6a8
Handle PodSandboxConfig.DNSConfig.Options
...
DNSConfig can pass "options" settings in now, so add them to the
resolv.conf that we're generating, too.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2016-11-03 11:57:25 -04:00
Crazykev
87a83e14b0
return pod metadata in container list and status APIs
...
Signed-off-by: Crazykev <crazykev@zju.edu.cn>
2016-11-02 00:37:40 +08:00
Crazykev
54a022defb
restore pod annotations when restart ocid
...
Signed-off-by: Crazykev <crazykev@zju.edu.cn>
2016-11-01 13:49:21 +08:00
Aleksa Sarai
96c0966ce9
server: make logDir configurable
...
While logDir isn't currently used (until the conmon implementation
lands) it's probably not a great idea to hardcode our defaults. The main
issue with this setting is that the kubelet can override it at will.
Signed-off-by: Aleksa Sarai <asarai@suse.de>
2016-10-31 23:26:42 +11:00
Aleksa Sarai
33f47d6a6b
server: make ImageStore configurable
...
It's a bit odd to have ImageStore be part of the config and yet we don't
allow people to modify it. However, leave it out of the commented
version because it's currently unused.
Signed-off-by: Aleksa Sarai <asarai@suse.de>
2016-10-31 23:26:42 +11:00
Mrunal Patel
7b60703634
Add logging for all container/sandbox responses
...
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2016-10-28 11:35:14 -04:00
Mrunal Patel
c89157e45c
Merge pull request #176 from gao-feng/hidden-infra-container
...
store infra container in sandbox
2016-10-25 03:25:17 +00:00
Gao feng
78528d9bd1
store infra container in sandbox
...
infra container is used to implement the pod
sandbox, it should not be exported to user.
this patch stores infra container in sandbox
immediately, only the containers created by user
are stored into container store, this prevents user
from removing/stopping infra container incorrectly.
Signed-off-by: Gao feng <omarapazanadi@gmail.com>
2016-10-24 20:18:19 +08:00
HaoZhang
9c11cc7dba
make conmon inherit env from ocid
...
Signed-off-by: HaoZhang <crazykev@zju.edu.cn>
2016-10-23 19:22:27 +08:00
Antonio Murdaca
af55785b53
Merge pull request #167 from mrunalp/update_api
...
Update to latest version of kubernetes CRI API
2016-10-22 09:17:59 +02:00
Mrunal Patel
7f726b704a
Add more debugs
...
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2016-10-21 11:14:22 -04:00
Mrunal Patel
b117dd863c
Update to latest version of kubernetes CRI API
...
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2016-10-21 11:06:30 -04:00
Antonio Murdaca
5290ca593a
Merge pull request #166 from mrunalp/image_no_nil
...
Make image APIs return empty struct instead of nil
2016-10-21 08:10:09 +02:00
Mrunal Patel
cc9ce68463
Make image APIs return empty struct instead of nil
...
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2016-10-20 16:13:41 -04:00
Mrunal Patel
0b76a65033
Set the version to what kubelet expects
...
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2016-10-20 14:51:38 -04:00
Mrunal Patel
4a7ea899b0
Don't share container UTS namespace with pod
...
kubernetes doesn't share the UTS namespace
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2016-10-18 14:17:57 -07:00
Mrunal Patel
5e7d96bd6a
Add server side pod filtering support
...
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2016-10-17 12:24:57 -07:00
Mrunal Patel
01c8785ea4
Use Set instead of map for storing pod labels
...
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2016-10-17 11:28:48 -07:00
Mrunal Patel
d2cae34243
Add server side container label filtering
...
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2016-10-13 17:01:31 -07:00
Mrunal Patel
09049fc357
Filter containers by id, pod id and state in container list
...
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2016-10-13 12:40:02 -07:00
Antonio Murdaca
8a9395964e
server/sandbox: fix add/release pod/ctr ids and names
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-10-13 18:48:23 +02:00
Mrunal Patel
e999610fd6
Merge pull request #115 from cyphar/toml-config
...
cmd: server: use TOML configuration file
2016-10-11 16:07:25 -07:00
Antonio Murdaca
be2b0cfa50
server/server: skip f no sandbox when restoring containers
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-10-12 00:36:34 +02:00
Crazykev
f6536bf30e
pod/container name should be released when create failed
...
Signed-off-by: Crazykev <crazykev@zju.edu.cn>
2016-10-11 20:19:51 +08:00
Aleksa Sarai
7bf5110b76
server: refactor to use Config struct
...
This paves the way for having a configuration file that is loaded rather
than everything being set via the command-line.
Signed-off-by: Aleksa Sarai <asarai@suse.de>
2016-10-11 03:10:32 +11:00
Antonio Murdaca
cfa4a341a6
server/container: fix bug when listing container IDs
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-10-08 14:55:25 +02:00
Antonio Murdaca
217d278623
server/server: check pods/ctrs directories before restore
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-10-08 14:46:39 +02:00
Antonio Murdaca
54d6ddb5af
server: containers restore
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-10-08 14:46:39 +02:00
Antonio Murdaca
7c6eb77224
Merge pull request #110 from mrunalp/pod_meta
...
Return pod metadata in pod list and status APIs
2016-10-07 20:44:40 +02:00
Dan Walsh
cd12a4acfe
Can't use SELinux separation when sharing the host pid/ipc namespace
...
SELinux will cause breakage when sharing these namespaces. For example it
will block processes inside of the container from looking at the hosts /proc
in hosts Pid Namespace. It will also block all access to semaphores and
shared memory defined outside of the pod.
Signed-off-by: Dan Walsh <dwalsh@redhat.com>
2016-10-07 07:28:12 -04:00
Antonio Murdaca
fbcd609644
Merge pull request #109 from mrunalp/get_sb
...
Refactor to use helper method to get sandbox from request
2016-10-07 09:44:00 +02:00
Mrunal Patel
d1198fc75b
Populate pod metadata in pod list and status APIs
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-10-06 16:51:13 -07:00
Mrunal Patel
d7e72cb3a2
Refactor to use helper method get sandbox object
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-10-06 15:34:05 -07:00
Mrunal Patel
ec0b27fffc
Add a helper method to get sandbox from request
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-10-06 15:34:05 -07:00
Mrunal Patel
77afd34a27
Container state fixes
...
Move Container State constants to oci package
and fixup where strings were used instead of
the status constants
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-10-06 15:16:21 -07:00
Mrunal Patel
f6a12b865c
Refactor to use new helper method to get Container
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-10-06 12:49:59 -07:00
Mrunal Patel
a56cbb4117
Add a helper to get container from request
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-10-06 12:49:04 -07:00
Mrunal Patel
027aaf15b7
Merge pull request #100 from rhatdan/selinux
...
Selinux
2016-10-06 12:28:12 -07:00
Dan Walsh
be77b841fa
Add SELinux support to OCID
...
Signed-off-by: Dan Walsh <dwalsh@redhat.com>
2016-10-06 14:13:06 -04:00
Mrunal Patel
0321870568
Cleanup container directory and state on creation failure
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-10-06 11:12:39 -07:00
Antonio Murdaca
a5da8a4d1e
Merge pull request #97 from mrunalp/ctr_dir_id
...
Use container ID as the directory name
2016-10-05 23:02:25 +02:00
Mrunal Patel
e82426fa8f
Use container ID as the directory name
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-10-05 12:18:56 -07:00
Mrunal Patel
869f85e4bb
Add support for specifying container short IDs
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-10-05 11:55:45 -07:00
Mrunal Patel
edba913f67
Track container IDs in index
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-10-05 11:31:41 -07:00
Mrunal Patel
0482a4281a
Separate container IDs from container names
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-10-04 16:57:12 -07:00
Mrunal Patel
484719c8fe
Add a function to generate container id and name
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-10-04 16:15:23 -07:00
Mrunal Patel
3e19549232
Add name and id indexes for containers
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-10-04 16:00:04 -07:00
Aleksa Sarai
bac579a9e5
server: create pause rootfs manually without Docker
...
This lessens the Docker requirement for creating sandboxes (with the
requirement only existing for the actual image pulling that is done when
adding a container to a pod). The interface was chosen to match the
--conmon interface, so that the location of the pause binary can be
chosen by a user.
Signed-off-by: Aleksa Sarai <asarai@suse.de>
2016-10-02 20:11:07 +11:00
Antonio Murdaca
3697a61db9
Merge pull request #84 from mrunalp/pod_attempt
...
Include attempt in the pod name
2016-10-01 01:06:00 +02:00
Mrunal Patel
d5a8d1bae3
Add annotations for pods
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-09-30 15:48:31 -07:00
Mrunal Patel
581c17169c
Include attempt in the pod name
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-09-30 15:23:38 -07:00
Mrunal Patel
50bea08c50
Remove containers from state on pod remove
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-09-30 12:23:48 -07:00
Dan Walsh
f51c98b057
Install conmon in /usr/libexec/ocid/conmon
...
Signed-off-by: Dan Walsh <dwalsh@redhat.com>
2016-09-29 08:55:12 -04:00
Mrunal Patel
1b3d172377
Ensure containers are stopped on RemovePod
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-09-28 13:12:38 -07:00
Mrunal Patel
72ac4fe33e
Stop container first if it is running on RemoveContainer
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-09-28 12:24:12 -07:00
Mrunal Patel
e47189c148
Add server impl for listing containers
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-09-27 15:17:41 -07:00
Antonio Murdaca
4578cc93d1
server: fix panic when listing sandboxes
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-09-27 10:46:45 +02:00
Antonio Murdaca
f7d3f7a69a
Merge pull request #59 from mrunalp/pod_create_bug
...
Pod create bug
2016-09-27 09:13:40 +02:00
Antonio Murdaca
df2eebbbcd
Merge pull request #58 from mrunalp/sb_short_id
...
Pod short ID
2016-09-27 07:51:54 +02:00
Mrunal Patel
4606f2a61a
Fix the build for ocid to cri-o rename
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-09-26 16:55:12 -07:00
Mrunal Patel
3245810bd6
Release pod name when pod is removed
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-09-26 15:42:08 -07:00
Mrunal Patel
78aae688e2
Add API to release Pod name when not required
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-09-26 15:41:58 -07:00
Mrunal Patel
e1b8802848
Fix typo
2016-09-26 15:31:06 -07:00
Mrunal Patel
833333538e
Allow specifying short pod IDs for container create
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-09-26 15:24:33 -07:00
Mrunal Patel
2e387072ac
Allow specifying pod IDs by unique prefixes
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-09-26 15:24:23 -07:00
Mrunal Patel
ecda01c284
Add server impl of list pod sandboxes
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-09-26 12:45:53 -07:00
Mrunal Patel
7c9aaf34cd
Introduce consts for containers states
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-09-26 12:44:24 -07:00
Mrunal Patel
204b2a645b
Populate state in pod status
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-09-26 11:18:35 -07:00
Antonio Murdaca
ab05a4526b
vendor: bump k8s@5fe2495588425a6613e28a048d8cc7bcb7513c7f
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-09-26 10:07:46 +02:00
Antonio Murdaca
857aaa7816
cmd/server: provide a flag to set ocid root dir
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-09-24 00:38:06 +02:00
Mrunal Patel
5475f6b32b
Fix lint error
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-09-23 15:06:12 -07:00
Mrunal Patel
99a7a53309
Cleanup comments
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-09-23 15:05:23 -07:00
Mrunal Patel
b839ff1093
Fixup pod sandbox status
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-09-23 15:05:18 -07:00
Mrunal Patel
6eab35c6b5
Fixup remove sandbox logic
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-09-23 15:04:45 -07:00
Mrunal Patel
2066b68791
Fixup stop sandbox logic
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-09-23 15:04:07 -07:00
Mrunal Patel
688f689736
Include pod namespace in the pod name
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-09-23 11:42:45 -07:00
Antonio Murdaca
97f5f809a4
server/sandbox: return id after creation
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-09-22 18:18:58 +02:00
Antonio Murdaca
569183030f
fix vendored deps
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-09-22 18:17:45 +02:00
Antonio Murdaca
e269cb8b7e
new vendoring
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-09-22 18:17:45 +02:00
Antonio Murdaca
32029aaba6
id and name indexes for pods
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-09-22 18:17:45 +02:00
Mrunal Patel
0ba5dfc15a
Automate the creation of the pod sandbox rootfs
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-09-20 15:45:46 -07:00
Mrunal Patel
19926bc905
Check if container in a pod is already stopped before stopping it
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-09-19 14:01:48 -07:00
Mrunal Patel
8d3b9971e7
Increase the deadline to 30 seconds in lint and fix lint errors
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-09-19 13:13:53 -07:00
Antonio Murdaca
b053e63995
restore server rewrite
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-09-19 19:57:50 +02:00
Antonio Murdaca
22d434c1e6
restructure and make lint
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-09-19 19:56:13 +02:00
Antonio Murdaca
53e76cc752
warn when cannot update container status on server init
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-09-19 19:51:03 +02:00
Antonio Murdaca
260a7adb83
server/runtime: store sandbox id in container's annotations
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-09-19 19:51:03 +02:00
Antonio Murdaca
caae4b298a
create sandboxdir on server startup
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-09-19 19:51:03 +02:00
Antonio Murdaca
4fd1c583ad
sandboxes restore on server start
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-09-19 19:51:03 +02:00
Antonio Murdaca
35ef46f805
use an in memory store for containers
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-09-19 13:11:36 +02:00
Antonio Murdaca
59aae8cdb5
*: Failed -> failed in errors
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-09-18 11:38:14 +02:00
Antonio Murdaca
4bc8701fc0
*: switch from godep to glide
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-09-17 17:06:30 +02:00
Mrunal Patel
0d7b500cee
Merge pull request #20 from runcom/locks
...
server: locking around server components
2016-09-17 08:04:02 -07:00
Antonio Murdaca
158dfdfbda
server: locking around server components
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-09-17 16:10:35 +02:00
Antonio Murdaca
2d8691cb0a
server: remove podsandbox on failure
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-09-17 11:37:20 +02:00
Mrunal Patel
f7f02009c2
Report exit code and finish time on container status
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-09-16 16:33:33 -07:00
Mrunal Patel
6e05f772ed
Add a property to track whether a container needs terminal
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-09-15 15:01:39 -07:00
Mrunal Patel
61ae296fe9
Update state after creating container
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-09-13 13:51:29 -07:00
Mrunal Patel
819db7d8cc
Return the started time and ctr state with ctr status
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-09-12 15:43:30 -07:00
Mrunal Patel
76225afe5f
Add server support for basic container status
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-09-12 15:03:03 -07:00
Mrunal Patel
30b526376a
Fix error message
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-09-12 14:43:16 -07:00
Mrunal Patel
bbe5325afc
Fix the build to account for the change in repository
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-09-09 14:48:39 -07:00
Rajat Chopra
4cf737bb7d
add cni networking with noop plugin as default
...
Signed-off-by: Rajat Chopra <rchopra@redhat.com>
2016-09-09 14:41:03 -07:00
Mrunal Patel
9cb0813d1e
Server changes for supporting pod status
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-09-09 14:41:03 -07:00
Mrunal Patel
303a3929b2
Update the kubernetes api to latest
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-09-09 14:41:03 -07:00
Mrunal Patel
219fb703dc
Remove container directories on pod sandbox removal
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-09-09 14:41:03 -07:00
Mrunal Patel
2eafad8a36
Refactor namespace joining
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-09-09 14:41:03 -07:00
Mrunal Patel
3e1bb97053
Join the namespaces of pod infra container
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-09-09 14:41:03 -07:00
Mrunal Patel
4ee041a1c1
Fix container removal state tracking
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-09-09 14:41:03 -07:00
Mrunal Patel
0c386f74f9
Track container removal in state
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-09-09 14:41:03 -07:00
Mrunal Patel
6bbdbdeed8
Remove container directory
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-09-09 14:41:03 -07:00
Mrunal Patel
25a73811ee
Add server impl for RemoveContainer
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-09-09 14:41:03 -07:00
Mrunal Patel
f1e4ee3c95
Add server impl for StopContainer
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-09-09 14:41:03 -07:00
Mrunal Patel
9a034d8993
Add implementation for starting container
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-09-09 14:41:03 -07:00
Mrunal Patel
b494574b6a
Add implementation for removing pod sandbox
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-09-09 14:41:03 -07:00
Mrunal Patel
c0048118a0
Add implementation for Stop Pod Sandbox
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-09-09 14:41:03 -07:00
Mrunal Patel
b01d9dcc10
Make the server process a reaper
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-09-09 14:41:03 -07:00
Mrunal Patel
eb00fa71c1
Start the pod infra container
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-09-09 14:41:03 -07:00
Mrunal Patel
a26c0eb992
Create pod infra container
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-09-09 14:41:03 -07:00
Mrunal Patel
8296898937
Fix logic for using host namespaces
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-09-09 14:41:03 -07:00
Mrunal Patel
18cd2bc87b
Setup defaults for the pod sandbox container
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-09-09 14:41:03 -07:00
Haiyan Meng
c2ee13d187
Implement CreateContainer
...
Signed-off-by: Haiyan Meng <hmeng@redhat.com>
2016-09-09 14:41:03 -07:00
Mrunal Patel
f569f04154
godep: Update kubernetes dependency to get latest API
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-09-09 14:41:03 -07:00
Antonio Murdaca
c5d0f23e5a
server: ensure /var/lib/ocid/images exists
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-09-09 14:41:03 -07:00
Mrunal Patel
fc3b7b5aae
Setup the server as subreaper for child processes
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-09-09 14:41:03 -07:00
Mrunal Patel
c13dbaf6ab
Further refactoring
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-09-09 14:41:03 -07:00
Haiyan Meng
0bb2fb04d9
update generate functions
...
Signed-off-by: Haiyan Meng <hmeng@redhat.com>
2016-09-09 14:41:03 -07:00
Mrunal Patel
764f02ca11
Add container dir to oci
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-09-09 14:41:03 -07:00
Mrunal Patel
ac1340488d
Refactor to add oci and util packages
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
Change the sandbox directory path
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-09-09 14:41:03 -07:00
Haiyan Meng
839463d837
set up CPU and Memory resources
...
Signed-off-by: Haiyan Meng <hmeng@redhat.com>
2016-09-09 14:41:03 -07:00
Haiyan Meng
b98900eb55
parse DNSOptions
...
Signed-off-by: Haiyan Meng <hmeng@redhat.com>
2016-09-09 14:41:03 -07:00
Haiyan Meng
c0a267bf56
Fixes
...
Signed-off-by: Haiyan Meng <hmeng@redhat.com>
2016-09-09 14:41:03 -07:00
Haiyan Meng
819d76b6fd
Add first version of createPodSandbox
...
Signed-off-by: Haiyan Meng <hmeng@redhat.com>
2016-09-09 14:41:03 -07:00
Antonio Murdaca
05f679f643
implement raw pullimage functionality
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-09-09 14:41:03 -07:00