Commit graph

135 commits

Author SHA1 Message Date
Antonio Murdaca
65d4ac8fc2
container_create: fix OCI processArgs assemblement
This patch fixes the following command:

kubectl run -i --tty centos --image=centos -- sh

The command above use to fail with:

/usr/bin/sh: /usr/bin/sh: cannot execute binary file

That's because we were wrongly assembling the OCI processArgs.

Thanks @alexlarsson for spotting this.

This patch basically replicates what docker does when merging container
config and image config. It also replicates how docker sets processArgs
for the OCI runtime.

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-06-08 11:48:11 +02:00
Mrunal Patel
90e3e7a632 Merge pull request #529 from runcom/k8s-node-e2e-RHEL
enable RHEL k8s node-e2e tests
2017-05-30 07:42:09 -07:00
Antonio Murdaca
ad3a3fcd5a
server: properly format error
`containerdID` is overridden in `s.ctrIDIndex.Get()`, if the ctr is not
found it's overridden by an empty string making the error return
totally unusable.

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-05-28 20:43:01 +02:00
Antonio Murdaca
bc8570d1de
test: use nginx:alpine when testing pull-by-digest
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-05-28 20:33:55 +02:00
Antonio Murdaca
b9336c74a3
server: correctly fill ctr termination reason
This patch fixes all port forwarding e2e tests. Those tests were
specifically looking for a termination reason to say that a given
container has finished running. CRI-O wasn't actually returning any
reason field for an exited container.

-> https://github.com/kubernetes/kubernetes/blob/master/test/e2e/portforward.go#L116
   -> https://github.com/kubernetes/kubernetes/blob/master/test/utils/conditions.go#L97

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-05-28 20:14:45 +02:00
Antonio Murdaca
b4f1cee2a2
server: store and use image's stop signal to stop containers
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-05-27 10:21:04 +02:00
Antonio Murdaca
aa9abdfe40
test: pull just once in integration tests
w/o this patch we were always pulling redis:alpine by digest in each
test.

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-05-26 16:01:31 +02:00
Antonio Murdaca
b4251aebd8
execsync: rewrite to fix a bug in conmon
conmon has many flags that are parsed when it's executed, one of them
is "-c". During PR #510 where we vendor latest kube master code,
upstream has changed a test to call a "ctr execsync" with a command of
"sh -c commmand ...".
Turns out:

a) conmon has a "-c" flag which refers to the container name/id
b) the exec command has a "-c" flags but it's for "sh"

That leads to conmon parsing the second "-c" flags from the exec
command causing an error. The executed command looks like:

conmon -c [..other flags..] CONTAINERID -e sh -c echo hello world

This patch rewrites the exec sync code to not pass down to conmon the
exec command via command line. Rather, we're now creating an OCI runtime
process spec in a temp file, pass _the path_ down to conmon, and have
runc exec the command using "runc exec --process
/path/to/process-spec.json CONTAINERID". This is far better in which we
don't need to bother anymore about conflicts with flags in conmon.

Added and fixed some tests also.

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-05-25 22:36:33 +02:00
Mrunal Patel
d06b2ff20f test: Add a test for container OOM
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-05-25 11:30:58 -07:00
Mrunal Patel
f64032483e test: Ensure image for testing oom is present
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-05-25 11:30:58 -07:00
Mrunal Patel
bd6e8a5a20 Merge pull request #534 from runcom/volumes-workaround
server: workaround images with Config.Volumes
2017-05-22 10:59:44 -07:00
Antonio Murdaca
02f3828283
server: workaround images with Config.Volumes
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-05-22 18:01:06 +02:00
Antonio Murdaca
d099e3a988
server: container_status: we should return digested references in imageRef
currently blocked on
https://github.com/kubernetes-incubator/cri-o/issues/531

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-05-22 16:37:46 +02:00
Antonio Murdaca
22d055869d
server: container_status: return image name if available
If we create a container using the image ID like
771cd5947d5ea4bf8e8f4900dd357dbb67e7b16486c270f8274087d182d457c6, then
a call to container_status will return that same ID for the "Image"
field in ContainerStatusResponse.

This patch matches dockershim behavior and return the first tagged name
if available from the image store.

This is also needed to fix a failure in k8s e2d tests.

Reference:
https://github.com/kubernetes/kubernetes/pull/39298/files#diff-c7dd39479fd733354254e70845075db5R369
Reference:
67a5bf8454/test/e2e/framework/util.go (L1941)

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-05-22 16:37:46 +02:00
Antonio Murdaca
a0916b1044
server: sandbox_stop: ignore not found sandboxes
This patch matches dockershim behavior

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-05-22 16:37:39 +02:00
Mrunal Patel
fb83c7e619 Merge pull request #505 from runcom/restore-2
Fix restore
2017-05-19 08:39:28 -07:00
Antonio Murdaca
3318dac64b
test: exercise systemd cgroup_parent
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-05-19 00:18:40 +02:00
Antonio Murdaca
9b74e546ca
test: fix restore test
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-05-18 21:19:53 +02:00
Antonio Murdaca
22b922727b
test: add bad state restore test
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-05-18 21:19:53 +02:00
Antonio Murdaca
dac6b7ceb5
test: fix typo
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-05-18 17:47:43 +02:00
Antonio Murdaca
4dcf33581c
test: add CGROUP_MANAGER env to switch to systemd
default is still cgroupfs

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-05-18 17:39:49 +02:00
Antonio Murdaca
ecd0006e80
vendor: upgrade containers/storage
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-05-17 22:18:07 +02:00
Antonio Murdaca
725c159bea
test: testdata: get rid of memory limits
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-05-17 17:30:11 +02:00
Mrunal Patel
5e4809bdfe Fix remnants of ocid -> crio rename
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-05-15 15:05:58 -07:00
Matthew Heon
d60d3b78ad Fix unit test to use crio/crioctl
The rename to crio missed this test, update it so tests pass

Signed-off-by: Matthew Heon <mheon@redhat.com>
2017-05-15 16:03:05 -04:00
Mrunal Patel
7ea255fcea Merge pull request #495 from rhatdan/rename
Rename ocid to crio
2017-05-15 11:27:28 -07:00
Antonio Murdaca
9b48e83027
test: add caps drop test
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-05-12 18:20:34 +02:00
Dan Walsh
4493b6f176 Rename ocid to crio.
The ocid project was renamed to CRI-O, months ago, it is time that we moved
all of the code to the new name.  We want to elminate the name ocid from use.
Move fully to crio.

Also cric is being renamed to crioctl for the time being.

Signed-off-by: Dan Walsh <dwalsh@redhat.com>
2017-05-12 09:56:06 -04:00
Mrunal Patel
d3c7a24896 bats: Add a test for adding device to a container
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2017-05-10 13:36:51 -07:00
Mrunal Patel
4a02418c82 Add a test config for device
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2017-05-10 13:36:33 -07:00
Dan Williams
13f6e95685 sandbox: pass correct pod Namespace/Name to network plugins and fix id/name ordering
Two issues:
1) pod Namespace was always set to "", which prevents plugins from figuring out
what the actual pod is, and from getting more info about that pod from the
runtime via out-of-band mechanisms

2) the pod Name and ID arguments were switched, further preventing #1

Signed-off-by: Dan Williams <dcbw@redhat.com>
2017-05-05 23:55:37 -05:00
Antonio Murdaca
139b16bac2
server: fix set caps on container create
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-05-05 16:31:52 +02:00
Antonio Murdaca
715785950c
test: use redis:alpine
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-05-05 16:31:48 +02:00
Nalin Dahyabhai
a0b1da15a3 Expand image refs and handle refs with digests
If an image that we're pulling from a registry has a digest in its
reference, use that to construct the destination image's reference.
This should help us detect cases where the image has previously been
pulled.

When we have a filter to use when listing images, expand it into a
reference so that we can properly match against names of images that
we've previously stored using fully expanded references.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-04-27 14:13:02 -04:00
Antonio Murdaca
5dd2e10028 Merge pull request #462 from runcom/storage-tests
test: make storage configurable via env
2017-04-21 16:59:20 +02:00
Antonio Murdaca
7985f7ad81
test: fix bats dealing with std* streams
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-04-21 13:42:59 +02:00
Antonio Murdaca
83e1de71dd
test: make storage configurable via env
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-04-21 12:29:39 +02:00
Mrunal Patel
0801a68990 Merge pull request #410 from dcbw/default-gopath
build: create a local GOPATH if none specified
2017-04-20 12:03:54 -07:00
Mrunal Patel
b6c022caae Merge pull request #434 from sameo/topic/ocicni-fixes
ocicni: support for asynchronous CNI config changes
2017-04-12 14:02:26 -07:00
Aleksa Sarai
6940313691
test: add tests for split std{err,out}
Now that we have support for split std{out,err}, make sure that execsync
will correctly handle the split stdio properly. In addition, extend the
ctr logging test to make sure that the regular container logging is also
split correctly. We can't test !terminal containers because we only have
a single console for both std{out,err}.

Signed-off-by: Aleksa Sarai <asarai@suse.de>
2017-04-12 21:59:25 +10:00
Aleksa Sarai
8a928d06e7
oci: make ExecSync with ExitCode != 0 act properly
Previously we returned an internal error result when a program had a
non-zero exit code, which was incorrect. Fix this as well as change the
tests to actually check the "ExitCode" response from ExecSync (rather
than expecting ocic-ctr to return an internal error).

Signed-off-by: Aleksa Sarai <asarai@suse.de>
2017-04-11 20:32:18 +10:00
Samuel Ortiz
07ccda3395 tests: Install CNI configuration files by default
Since we no longer fall back to the noop plugin when
CNI configuration files are missing, and since the default
sandbox_config.json test file is running without host
networking, we must install the bridge and loopback
configuration files by default for tests to pass.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2017-04-10 17:36:34 +02:00
Aleksa Sarai
65527da361
test: add logging tests
The main purpose of these tests is to make sure that the log actually
contains output from the container. We don't test the timestamps or the
stream that's stated at the moment.

Signed-off-by: Aleksa Sarai <asarai@suse.de>
2017-04-05 02:45:58 +10:00
Aleksa Sarai
c31f2cf0ee
test: unset log_* in configurations
This is necessary, as otherwise ocid will use its own current directory
as a log_directory, which is not the best idea in the world. The same
applies for log_path.

Signed-off-by: Aleksa Sarai <asarai@suse.de>
2017-04-05 02:45:58 +10:00
Aleksa Sarai
00589b3682
test: fix runtimeversion test
The runtimeversion test was incorrectly written and would fail for no
good reason if setup_ocid happened to run a command that failed (even if
it was handled).

Signed-off-by: Aleksa Sarai <asarai@suse.de>
2017-04-05 02:45:56 +10:00
Dan Williams
9c44933b58 build: create a local GOPATH if none specified
Instead of requiring the developer to set up their own GOPATH somewhere,
do like Kubernetes and OpenShift Origin do:

git clone xxxxx
cd xxxxx
make

by creating an _output/ directory and linking the local source tree
into it, and setting that to be the GOPATH.

Signed-off-by: Dan Williams <dcbw@redhat.com>
2017-03-30 15:01:22 -05:00
Mrunal Patel
d69ad9b5a3 Fix lint issues
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-03-27 10:21:30 -07:00
Daniel J Walsh
6f81ec8c67 Default all container storage to /var/lib/containers/storage
containers/storage is defaulting to /var/lib/containers/storage
for image and containers storage.  It is also defaulting to
/var/run/containers/storage for all runtime.  The defaults
for CRI-O should match so that lots of other tools that use
containers/storage can share the same storage.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2017-03-24 08:19:08 -04:00
Andrew Pilloud
54c176e336 storage: Support latest containers/image
Signed-off-by: Andrew Pilloud <andrewpilloud@igneoussystems.com>
2017-03-13 08:51:02 -07:00
Daniel J Walsh
cf5b0ae57f Deprecate --storage-option for --storage-opt
container-storage-setup (Formerly docker-storage-setup) is being converted to
run with container runtimes outside of docker.  Specifically we want to use it
with CRI-O/ocid.  It does not know anything about the container runtimes it
is generating options for, so it generates them based on the storage CLI of
docker.  I see no reason to have the storage option for ocid to be different
and we can just depracate the option for now.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2017-02-25 09:09:50 -05:00