We use the k8s remotecommand client API to create a
streaming executor, and then stream the executed process
into stdout/stderr.
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
`image` as a variable/field name becomes too redundant and difficult to
grep for. Switching to `imageServer` makes for more readable code.
Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>
When powering off the system, we want the ocid service, to shutdown
all containers running on the system so they can cleanup properly
This patch will cleanup all pods on poweroff.
The ocid-shutdown.service drops a file /var/run/ocid.shutdown when the system
is shutting down. The ocid-shutdown.service should only be executed at system
shutdown.
On bootup sequence should be
start ocid.service
start ocid-shutdown.service (This is a NO-OP)
On system shutdown
stop ocid-shutdown.service (Creates /var/run/ocid.shutdown)
stop ocid.service (Notices /var/run/ocid.service and stops all pods before exiting.)
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Now that we have support for split std{out,err}, make sure that execsync
will correctly handle the split stdio properly. In addition, extend the
ctr logging test to make sure that the regular container logging is also
split correctly. We can't test !terminal containers because we only have
a single console for both std{out,err}.
Signed-off-by: Aleksa Sarai <asarai@suse.de>
Now that conmon splits std{out,err} for !terminal containers, ExecSync
can parse that output to return the correct std{out,err} split to the
kubelet. Invalid log lines are ignored but complained about.
Signed-off-by: Aleksa Sarai <asarai@suse.de>
While it's not currently possible to do this for terminal=true
containers, for !terminal containers we can create separate pipes for
stdout and stderr, and then log them separately. This is required for
k8s's conformance tests.
Signed-off-by: Aleksa Sarai <asarai@suse.de>
It's 2017, let's not stick with C89 (also for some reason the Travis
environment has a different -std= default value than my local machine).
Signed-off-by: Aleksa Sarai <asarai@suse.de>
The CRI requires us to prepend (timestamp, stream) to every line of the
output, and it's quite likely (especially in the !terminal case) that we
will read more than one line of output in the read loop.
So, we need to write out each line separately with the prepended
timestamps. Doing this the simple way (the final part of the buffer is
written partially if it doesn't end in a newline) makes the code much
simpler, with the downside that if we ever switch to multiple streams
for output we'll have to rewrite parts of this.
In addition, drop the debugging output of cri-o for each chunk read so
we stop spamming stderr. We can do this now because 8a928d06e7
("oci: make ExecSync with ExitCode != 0 act properly") actually fixed
how ExecSync was being handled (especially in regards to this patch).
Fixes: 1dc4c87c93 ("conmon: add timestamps to logs")
Signed-off-by: Aleksa Sarai <asarai@suse.de>
Previously we returned an internal error result when a program had a
non-zero exit code, which was incorrect. Fix this as well as change the
tests to actually check the "ExitCode" response from ExecSync (rather
than expecting ocic-ctr to return an internal error).
Signed-off-by: Aleksa Sarai <asarai@suse.de>
Since we no longer fall back to the noop plugin when
CNI configuration files are missing, and since the default
sandbox_config.json test file is running without host
networking, we must install the bridge and loopback
configuration files by default for tests to pass.
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
We need to support cases where InitCNI() is called before
any CNI configuration files have been installed. This is
for example happening when deploying a k8s cluster with kubeadm.
kubeadm will start the DNS pod and it is left to the caller to
pick a network overlay and create the corresponding pods, that
will typically install a CNI configuration file first.
Here we address that issue by doing 2 things:
- Not returning an error when the default CNI config files
directory is empty.
- If it is empty, we start a monitoring thread (fsnotify based)
that will synchronize the network configuration when a CNI
file is installed there.
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Fix the following upstream k8s's e2e-node test:
```
should be able to pull from private registry with secret [Conformance]
```
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
fsnotify is needed by the new ocicni monitoring implementation.
As ocicni switched to logrus, glog is no longer needed.
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>