Commit graph

40 commits

Author SHA1 Message Date
umohnani8
e35204c5e0 Fix create container failure due to wrong image reference
When the image name is resolved with the registries from crio.conf only
the resolved name with the first registry is passed to create_container
eventhough there are more registries in the crio.conf file.
Fix this to try the resolved image names with all the registries given in the conf file.

Signed-off-by: umohnani8 <umohnani@redhat.com>
2018-03-02 11:13:51 -05:00
Mrunal Patel
125ec8a7bd image: Add lock around image cache access
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2018-02-15 10:27:39 -05:00
Nalin Dahyabhai
c53211eacd imageService: cache information about images
Cache information about images that isn't trivially read from them, so
that ImageStatus and particularly ListImages don't have to do
potentially-expensive things for every image that they report.

The cache is an in-memory map, and we prune it after ListImages has
assembled its result set.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2018-02-14 14:41:03 -05:00
Antonio Murdaca
96fb47213e
container_create: correctly set user
We had a bug in ImageStatus where we weren't returning the default
image user if set, thus running all containers as root despite a user
being set in the image config. We weren't populating the Username field
of ImageStatus.
This patch fixes that along with the handling of multiple images based
on the registry patch for multiple images.
It also fixes ListImages to return Username as well.

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2018-02-14 13:17:20 +01:00
Nalin Dahyabhai
5ea050fc12 Handle truncated IDs in imageService.ResolveNames()
Have ResolveNames() check if the value that it's been given is a
truncated version of the ID of a locally-available image, and if it is,
return the value as it was given.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-12-14 14:23:53 -05:00
Nalin Dahyabhai
ff7bbb4f0d Switch to ImageServer.UntagImage in RemoveImage handler
Add an UntagImage() method to pkg/storage/ImageServer, which will check
if the passed-in NameOrID is a name.  If so, it merely removes that name
from the image, removing the image only if it was the last name that the
image had.  If the NameOrID is an image ID, the image is removed, as
RemoveImage() does.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-12-14 14:23:53 -05:00
Nalin Dahyabhai
f3b7065bd8 Return image references from the storage package
The image's canonical reference is a name with a digest of the image's
manifest, so in imageService.ImageStatus() and
imageService.ListImages(), divide the image's name list into tagged and
digested values, and if we have names, add canonical versions.

In Server.ContainerStatus(), return the image name as it was given to us
as the image, and the image digested reference as the image reference.

In Server.ListImages(), be sure to only return tagged names in the
RepoTags field.  In Server.ImageStatus(), also return canonical
references in the RepoDigests field.

In Server.PullImage(), be sure that we consistently return the same
image reference for an image, whether we ended up pulling it or not.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-12-14 14:23:52 -05:00
Nalin Dahyabhai
553979e1fc storage: API fixups
github.com/containers/image/types.ImageReference.NewImage() can take a
*github.com/containers/image/types.SystemContext now, so pass it one if
pkg/storage/imageService.CanPull() has one to give it.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-12-14 11:06:55 -05:00
Antonio Murdaca
87f1ae214f
image_pull: fix image resolver
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-11-28 23:53:18 +01:00
Antonio Murdaca
befd719812
Revert "Merge pull request #654 from nalind/storage-update"
This reverts commit 4c06116c18, reversing
changes made to c5e73ba65f.

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-11-12 01:54:19 +01:00
Antonio Murdaca
4f4e228274
pkg: storage: image: close image after using it
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-11-10 14:21:22 +01:00
Antonio Murdaca
8611c2dfef
image_pull: repull when image ID (config digest) changed
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-11-09 19:46:55 +01:00
Nalin Dahyabhai
2e5e92730a Switch to ImageServer.UntagImage in RemoveImage handler
Add an UntagImage() method to pkg/storage/ImageServer, which will check
if the passed-in NameOrID is a name.  If so, it merely removes that name
from the image, removing the image only if it was the last name that the
image had.  If the NameOrID is an image ID, the image is removed, as
RemoveImage() does.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-10-31 10:30:18 -04:00
Nalin Dahyabhai
3f2bc09231 Return image references in ImageStatus()
The image's canonical reference is a name with a digest of the image's
manifest, so compute and return that value as the image's reference in
ImageStatus() and in ContainerStatus().

We don't auto-store a name based on the image digest when we pull one by
tag, but then CRI doesn't need us to do that.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-10-31 10:29:06 -04:00
Antonio Murdaca
22f96b1806
fix issue with official images and manifest lits
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-13 19:01:06 +02:00
Antonio Murdaca
836919876a pkg: storage: image: get size from image ID
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-08 07:27:48 -07:00
Antonio Murdaca
1f908f0890
pkg: storage: fix additional registries
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-07 11:57:16 +02:00
Antonio Murdaca
b29c6108e2
pkg: storage: fix panic when no image names
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-06 11:32:53 +02:00
Antonio Murdaca
b16d73ab2f
server: image_list: report image size
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-08-31 17:50:25 +02:00
Antonio Murdaca
8088d7a1e2
*: fix lint issues
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-08-22 17:32:18 +02:00
Daniel J Walsh
63a218a458 Move to new github.com/sirupsen/logrus.
Need to mv to latest released and supported version of logrus
switch github.com/Sirupsen/logrus github.com/sirupsen/logrus

Also vendor in latest containers/storage and containers/image

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2017-08-07 11:50:04 -04:00
Nalin Dahyabhai
0b7348b35c Use errors.Cause() when looking at storage errors
The storage library uses github.com/pkg/errors to wrap errors that it
returns from many of its functions, so when passing them to
os.IsNotExist() or comparing them to specific errors defined in the
storage library, unwrap them using errors.Cause().

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-08-03 15:40:54 -04:00
Antonio Murdaca
a35727c80b
*: implement additional pull registries
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-08-02 16:38:11 +02:00
Nalin Dahyabhai
82c90747c2 Don't double-free an UnparsedSource
github.com/containers/image.FromUnparsedImage() "takes ownership" of the
UnparsedImage that we pass to it, so we shouldn't also Close() the
UnparsedImage ourselves after we've wrapped it up in an Image object.

Since creating an Image is the only thing we do with the UnparsedImage
after creating it from a SourceImage, just use the FromSource() function
to handle both steps at once.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-07-26 15:52:51 -04:00
Antonio Murdaca
8b53fabcbd
*: support insecure registries
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-06-09 01:04:29 +02:00
Antonio Murdaca
3b545abf12
image_pull: check image already pulled
This is an optimization of our image pull code path. It's basically
how docker handles pulls as well. Let's be smart and check the image in
pull code path as well.
This also matches docker behavior which first checks whether we're
allowed to actually pull an image before looking into local storage.

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-06-08 15:03:27 +02:00
Antonio Murdaca
a37dd46654
*: stability fixes
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-06-01 15:42:01 +02:00
Antonio Murdaca
ecd0006e80
vendor: upgrade containers/storage
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-05-17 22:18:07 +02:00
Dan Walsh
4493b6f176 Rename ocid to crio.
The ocid project was renamed to CRI-O, months ago, it is time that we moved
all of the code to the new name.  We want to elminate the name ocid from use.
Move fully to crio.

Also cric is being renamed to crioctl for the time being.

Signed-off-by: Dan Walsh <dwalsh@redhat.com>
2017-05-12 09:56:06 -04:00
Nalin Dahyabhai
b75a1ba44d Remove some redundant target image namesetting
Remove some logic that messed with the names we assigned to just-pulled
images in the storage layer, since the image and storage libraries now
take care of that for us.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-04-27 14:13:02 -04:00
Nalin Dahyabhai
a0b1da15a3 Expand image refs and handle refs with digests
If an image that we're pulling from a registry has a digest in its
reference, use that to construct the destination image's reference.
This should help us detect cases where the image has previously been
pulled.

When we have a filter to use when listing images, expand it into a
reference so that we can properly match against names of images that
we've previously stored using fully expanded references.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-04-27 14:13:02 -04:00
f401adffa9
server: readable fields
`git grep -w images` or `git grep -w storage` needs to be more useful.

Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>
2017-04-20 08:22:50 -04:00
aa24e0554d
pkg/storage: switch to searchable fieldname
`image` as a variable/field name becomes too redundant and difficult to
grep for. Switching to `imageServer` makes for more readable code.

Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>
2017-04-18 07:53:53 -04:00
Antonio Murdaca
a0071de607
read image config from docker v2s1 manifests
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-04-04 17:52:37 +02:00
Nalin Dahyabhai
e7748cba6e Preserve the tag of the pulled image's name
When we pull an image, preserve the tag portion of the name that we were
asked to use for pulling it, instead of unconditionally replacing it
with "latest".

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-03-24 11:54:56 -04:00
Andrew Pilloud
54c176e336 storage: Support latest containers/image
Signed-off-by: Andrew Pilloud <andrewpilloud@igneoussystems.com>
2017-03-13 08:51:02 -07:00
Nalin Dahyabhai
3eca785331 Don't try to parse an image ID a second time
When looking for the image to use for creating a container, there's no
need to attempt parsing the ID a second time, and doing so can create
confusing error messages.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-02-08 10:58:00 -05:00
Antonio Murdaca
2202c1a460
storage: fix image retrieval by id
kubelet sends a request to create a container with an image ID (as
opposed as an image name). That ID comes from the ImageStatus response.
This patch fixes that by setting the image ID as well as the image name
and fix the login to lookup for image ID as well.

Found while running `make test-e2e-node`.

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-01-31 16:32:30 +01:00
Nalin Dahyabhai
aeea656581 Limit implicit image pulling to the pause image
The CRI doesn't expect us to implicitly pull an image if it isn't
already present before we're asked to use it to create a container, and
the tests no longer depend on us doing so, either.

Limit the logic which attempts to pull an image, if it isn't present, to
only pulling the configured "pause" image, since our use of that image
for running pod sandboxes is an implementation detail that our clients
can't be expected to know or care about.  Include the name of the image
that we didn't pull in the error we return when we don't pull one.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-01-18 10:23:30 -05:00
Nalin Dahyabhai
4ae8606edf Add storage utility functions
Add an intermediate API layer that uses containers/storage, and a
containers/image that has been patched to use it, to manage images and
containers, storing the data that we need to know about containers and
pods in the metadata fields provided by containers/storage.

While ocid manages pods and containers as different types of items, with
disjoint sets of IDs and names, it remains true that every pod includes
at least one container.  When a container's only purpose is to serve as
a home for namespaces that are shared with the other containers in the
pod, it is referred to as the pod's infrastructure container.

At the storage level, a pod is stored as its set of containers.  We keep
track of both pod IDs and container IDs in the metadata field of
Container objects that the storage library manages for us.  Containers
which bear the same pod ID are members of the pod which has that ID.
Other information about the pod, which ocid needs to remember in order
to answer requests for information about the pod, is also kept in the
metadata field of its member containers.

The container's runtime configuration should be stored in the
container's ContainerDirectory, and used as a template.  Each time the
container is about to be started, its layer should be mounted, that
configuration template should be read, the template's rootfs location
should be replaced with the mountpoint for the container's layer, and
the result should be saved to the container's ContainerRunDirectory,
for use as the configuration for the container.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2016-12-19 11:44:34 -05:00